package org.camunda.optimize.upgrade.es;

import java.io.BufferedInputStream;
import java.io.FileInputStream;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import javax.net.ssl.SSLContext;
import org.apache.http.HttpHost;
import org.apache.http.auth.AuthScope;
import org.apache.http.auth.UsernamePasswordCredentials;
import org.apache.http.impl.client.BasicCredentialsProvider;
import org.apache.http.ssl.SSLContexts;
import org.apache.http.ssl.TrustStrategy;
import org.camunda.optimize.service.exceptions.OptimizeRuntimeException;
import org.camunda.optimize.service.util.configuration.ConfigurationService;
import org.elasticsearch.client.RestClient;
import org.elasticsearch.client.RestClientBuilder;
import org.elasticsearch.client.RestHighLevelClient;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/camunda/optimize/upgrade/es/ElasticsearchHighLevelRestClientBuilder.class */
public class ElasticsearchHighLevelRestClientBuilder {
    private static final String HTTP = "http";
    private static final String HTTPS = "https";
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) ElasticsearchHighLevelRestClientBuilder.class);

    public static RestHighLevelClient build(ConfigurationService configurationService) {
        return configurationService.getElasticsearchSecuritySSLEnabled().booleanValue() ? buildSecuredRestClient(configurationService) : new RestHighLevelClient(buildDefaultRestClient(configurationService, "http"));
    }

    private static RestClientBuilder buildDefaultRestClient(ConfigurationService configurationService, String str) {
        return RestClient.builder(buildElasticsearchConnectionNodes(configurationService, str)).setRequestConfigCallback(builder -> {
            return builder.setConnectTimeout(5000).setSocketTimeout(0);
        }).setMaxRetryTimeoutMillis(Integer.MAX_VALUE);
    }

    private static HttpHost[] buildElasticsearchConnectionNodes(ConfigurationService configurationService, String str) {
        return (HttpHost[]) configurationService.getElasticsearchConnectionNodes().stream().map(elasticsearchConnectionNodeConfiguration -> {
            return new HttpHost(elasticsearchConnectionNodeConfiguration.getHost(), elasticsearchConnectionNodeConfiguration.getHttpPort().intValue(), str);
        }).toArray(i -> {
            return new HttpHost[i];
        });
    }

    private static RestHighLevelClient buildSecuredRestClient(ConfigurationService configurationService) {
        try {
            RestClientBuilder buildDefaultRestClient = buildDefaultRestClient(configurationService, HTTPS);
            SSLContext build = SSLContexts.custom().loadTrustMaterial(loadKeystore(configurationService), (TrustStrategy) null).build();
            BasicCredentialsProvider basicCredentialsProvider = new BasicCredentialsProvider();
            basicCredentialsProvider.setCredentials(AuthScope.ANY, new UsernamePasswordCredentials(configurationService.getElasticsearchSecurityUsername(), configurationService.getElasticsearchSecurityPassword()));
            buildDefaultRestClient.setHttpClientConfigCallback(httpAsyncClientBuilder -> {
                httpAsyncClientBuilder.setDefaultCredentialsProvider(basicCredentialsProvider);
                httpAsyncClientBuilder.setSSLContext(build);
                return httpAsyncClientBuilder;
            });
            return new RestHighLevelClient(buildDefaultRestClient);
        } catch (Exception e) {
            throw new OptimizeRuntimeException("Could not build ", e);
        }
    }

    private static KeyStore loadKeystore(ConfigurationService configurationService) {
        try {
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore.load(null);
            BufferedInputStream bufferedInputStream = new BufferedInputStream(new FileInputStream(configurationService.getElasticsearchSecuritySSLCertificate()));
            Throwable th = null;
            try {
                CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
                if (bufferedInputStream.available() > 0) {
                    Certificate generateCertificate = certificateFactory.generateCertificate(bufferedInputStream);
                    logger.debug("Found certificate: {}", generateCertificate);
                    keyStore.setCertificateEntry("elasticsearch-" + bufferedInputStream.available(), generateCertificate);
                }
                return keyStore;
            } finally {
                if (bufferedInputStream != null) {
                    if (0 != 0) {
                        try {
                            bufferedInputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        bufferedInputStream.close();
                    }
                }
            }
        } catch (Exception e) {
            throw new OptimizeRuntimeException("Could not load certificate to connect against secured Elasticsearch!", e);
        }
    }
}
