package org.camunda.optimize.upgrade.es;

import java.io.BufferedInputStream;
import java.io.FileInputStream;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import javax.net.ssl.SSLContext;
import org.apache.http.HttpHost;
import org.apache.http.auth.AuthScope;
import org.apache.http.auth.UsernamePasswordCredentials;
import org.apache.http.impl.client.BasicCredentialsProvider;
import org.apache.http.ssl.SSLContexts;
import org.apache.http.ssl.TrustStrategy;
import org.camunda.optimize.service.util.configuration.ConfigurationService;
import org.camunda.optimize.upgrade.exception.UpgradeRuntimeException;
import org.elasticsearch.client.RestClient;
import org.elasticsearch.client.RestClientBuilder;

/* loaded from: input_file:org/camunda/optimize/upgrade/es/ElasticsearchRestClientBuilder.class */
public class ElasticsearchRestClientBuilder {
    private static final String HTTP = "http";
    private static final String HTTPS = "https";

    public static RestClient build(ConfigurationService configurationService) {
        return configurationService.getElasticsearchSecuritySSLEnabled().booleanValue() ? buildSecuredRestClient(configurationService) : buildDefaultRestClient(configurationService);
    }

    private static RestClient buildDefaultRestClient(ConfigurationService configurationService) {
        return RestClient.builder(new HttpHost(configurationService.getElasticSearchHost(), configurationService.getElasticSearchHttpPort().intValue(), "http")).build();
    }

    private static RestClient buildSecuredRestClient(ConfigurationService configurationService) {
        try {
            RestClientBuilder builder = RestClient.builder(new HttpHost(configurationService.getElasticSearchHost(), configurationService.getElasticSearchHttpPort().intValue(), "https"));
            SSLContext build = SSLContexts.custom().loadTrustMaterial(loadKeystore(configurationService), (TrustStrategy) null).build();
            BasicCredentialsProvider basicCredentialsProvider = new BasicCredentialsProvider();
            basicCredentialsProvider.setCredentials(AuthScope.ANY, new UsernamePasswordCredentials(configurationService.getElasticsearchSecurityUsername(), configurationService.getElasticsearchSecurityPassword()));
            builder.setHttpClientConfigCallback(httpAsyncClientBuilder -> {
                httpAsyncClientBuilder.setDefaultCredentialsProvider(basicCredentialsProvider);
                httpAsyncClientBuilder.setSSLContext(build);
                return httpAsyncClientBuilder;
            });
            return builder.build();
        } catch (Exception e) {
            throw new UpgradeRuntimeException("Could not build ", e);
        }
    }

    private static KeyStore loadKeystore(ConfigurationService configurationService) {
        try {
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore.load(null);
            BufferedInputStream bufferedInputStream = new BufferedInputStream(new FileInputStream(configurationService.getElasticsearchSecuritySSLCertificate()));
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            while (bufferedInputStream.available() > 0) {
                Certificate generateCertificate = certificateFactory.generateCertificate(bufferedInputStream);
                System.out.println("Certificate: " + generateCertificate);
                keyStore.setCertificateEntry("fiddler" + bufferedInputStream.available(), generateCertificate);
            }
            bufferedInputStream.close();
            return keyStore;
        } catch (Exception e) {
            throw new UpgradeRuntimeException("Could not load certificate to connect against secured Elasticsearch!", e);
        }
    }
}
