package org.openmetadata.service.util;

import java.io.IOException;
import java.io.InputStream;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import javax.net.ssl.SSLContext;
import org.apache.commons.lang3.StringUtils;
import org.apache.http.HttpHost;
import org.apache.http.auth.AuthScope;
import org.apache.http.auth.UsernamePasswordCredentials;
import org.apache.http.impl.client.BasicCredentialsProvider;
import org.apache.http.ssl.SSLContexts;
import org.apache.http.ssl.TrustStrategy;
import org.elasticsearch.client.RestClient;
import org.elasticsearch.client.RestClientBuilder;
import org.elasticsearch.client.RestHighLevelClient;
import org.openmetadata.schema.api.configuration.elasticsearch.ElasticSearchConfiguration;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/openmetadata/service/util/ElasticSearchClientUtils.class */
public final class ElasticSearchClientUtils {
    private static final Logger LOG = LoggerFactory.getLogger(ElasticSearchClientUtils.class);

    private ElasticSearchClientUtils() {
    }

    public static RestHighLevelClient createElasticSearchClient(ElasticSearchConfiguration elasticSearchConfiguration) {
        try {
            RestClientBuilder builder = RestClient.builder(new HttpHost[]{new HttpHost(elasticSearchConfiguration.getHost(), elasticSearchConfiguration.getPort().intValue(), elasticSearchConfiguration.getScheme())});
            if (StringUtils.isNotEmpty(elasticSearchConfiguration.getUsername()) && StringUtils.isNotEmpty(elasticSearchConfiguration.getPassword())) {
                BasicCredentialsProvider basicCredentialsProvider = new BasicCredentialsProvider();
                basicCredentialsProvider.setCredentials(AuthScope.ANY, new UsernamePasswordCredentials(elasticSearchConfiguration.getUsername(), elasticSearchConfiguration.getPassword()));
                SSLContext createSSLContext = createSSLContext(elasticSearchConfiguration);
                builder.setHttpClientConfigCallback(httpAsyncClientBuilder -> {
                    httpAsyncClientBuilder.setDefaultCredentialsProvider(basicCredentialsProvider);
                    if (createSSLContext != null) {
                        httpAsyncClientBuilder.setSSLContext(createSSLContext);
                    }
                    return httpAsyncClientBuilder;
                });
            }
            builder.setRequestConfigCallback(builder2 -> {
                return builder2.setConnectTimeout(elasticSearchConfiguration.getConnectionTimeoutSecs().intValue() * 1000).setSocketTimeout(elasticSearchConfiguration.getSocketTimeoutSecs().intValue() * 1000);
            });
            return new RestHighLevelClient(builder);
        } catch (Exception e) {
            throw new RuntimeException("Failed to create elastic search client ", e);
        }
    }

    private static SSLContext createSSLContext(ElasticSearchConfiguration elasticSearchConfiguration) throws KeyStoreException {
        if (!elasticSearchConfiguration.getScheme().equals("https") || elasticSearchConfiguration.getTruststorePath() == null || elasticSearchConfiguration.getTruststorePath().isEmpty()) {
            return null;
        }
        Path path = Paths.get(elasticSearchConfiguration.getTruststorePath(), new String[0]);
        KeyStore keyStore = KeyStore.getInstance("jks");
        try {
            InputStream newInputStream = Files.newInputStream(path, new OpenOption[0]);
            try {
                keyStore.load(newInputStream, elasticSearchConfiguration.getTruststorePassword().toCharArray());
                SSLContext build = SSLContexts.custom().loadTrustMaterial(keyStore, (TrustStrategy) null).build();
                if (newInputStream != null) {
                    newInputStream.close();
                }
                return build;
            } catch (Throwable th) {
                if (newInputStream != null) {
                    try {
                        newInputStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
                throw th;
            }
        } catch (IOException | KeyManagementException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            throw new RuntimeException("Failed to crete SSLContext to for ElasticSearch Client", e);
        }
    }
}
