package io.thundra.swark.es.client;

import com.amazonaws.auth.AWS4Signer;
import com.amazonaws.auth.AWSCredentialsProvider;
import com.amazonaws.auth.DefaultAWSCredentialsProviderChain;
import com.amazonaws.auth.STSAssumeRoleSessionCredentialsProvider;
import com.amazonaws.util.StringUtils;
import io.thundra.swark.es.client.monitoring.MonitoredHttpRequestResponseInterceptor;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import org.apache.http.Header;
import org.apache.http.HttpHost;
import org.apache.http.auth.AuthScope;
import org.apache.http.auth.UsernamePasswordCredentials;
import org.apache.http.impl.client.BasicCredentialsProvider;
import org.apache.http.message.BasicHeader;
import org.elasticsearch.client.RestClient;
import org.elasticsearch.client.RestClientBuilder;
import org.elasticsearch.client.RestHighLevelClient;

/* loaded from: input_file:io/thundra/swark/es/client/ElasticsearchClientFactory.class */
public class ElasticsearchClientFactory {
    private static final String AWS_ES_URL_SUFFIX = ".es.amazonaws.com";
    private static final String ES_SERVICE_NAME = "es";
    private static final String DEFAULT_ROLE_SESSION_NAME = "thundra-es-access-role-session";
    private static final AWSCredentialsProvider DEFAULT_CREDENTIALS_PROVIDER = new DefaultAWSCredentialsProviderChain();
    private final EsClientConfiguration esConf;

    public ElasticsearchClientFactory(EsClientConfiguration esClientConfiguration) {
        this.esConf = esClientConfiguration;
    }

    private AWSCredentialsProvider getAWSCredentialsProvider() {
        String str;
        if (!StringUtils.hasValue(this.esConf.getAssumeRoleArn())) {
            return this.esConf.getAwsCredentialsProvider() != null ? this.esConf.getAwsCredentialsProvider() : DEFAULT_CREDENTIALS_PROVIDER;
        }
        String assumeRoleArn = this.esConf.getAssumeRoleArn();
        int indexOf = assumeRoleArn.indexOf("/");
        if (indexOf > 0) {
            str = assumeRoleArn.substring(indexOf + 1);
        } else {
            String profile = this.esConf.getProfile();
            str = profile == null ? DEFAULT_ROLE_SESSION_NAME : "thundra-es-access-role-session-" + profile;
        }
        STSAssumeRoleSessionCredentialsProvider.Builder builder = new STSAssumeRoleSessionCredentialsProvider.Builder(this.esConf.getAssumeRoleArn(), str + "@" + System.currentTimeMillis());
        if (this.esConf.getAwsCredentialsProvider() != null) {
            builder.withLongLivedCredentialsProvider(this.esConf.getAwsCredentialsProvider());
        } else {
            builder.withLongLivedCredentialsProvider(DEFAULT_CREDENTIALS_PROVIDER);
        }
        if (StringUtils.hasValue(this.esConf.getAssumeRoleExternalId())) {
            builder.withExternalId(this.esConf.getAssumeRoleExternalId());
        }
        return builder.build();
    }

    public RestHighLevelClient createClient() throws NoSuchAlgorithmException, KeyManagementException {
        RestClientBuilder.RequestConfigCallback requestConfigCallback = builder -> {
            builder.setConnectTimeout(this.esConf.getConnectTimeout());
            builder.setSocketTimeout(this.esConf.getSocketTimeout());
            builder.setConnectionRequestTimeout(this.esConf.getConnectionRequestTimeout());
            builder.setStaleConnectionCheckEnabled(true);
            return builder;
        };
        String username = this.esConf.getUsername();
        String password = this.esConf.getPassword();
        String esHost = this.esConf.getEsHost();
        int esPort = this.esConf.getEsPort();
        AWSRequestSigningApacheInterceptor aWSRequestSigningApacheInterceptor = null;
        if (esHost.endsWith(AWS_ES_URL_SUFFIX)) {
            String substring = esHost.substring(0, esHost.length() - AWS_ES_URL_SUFFIX.length());
            String substring2 = substring.substring(substring.lastIndexOf(".") + 1);
            AWS4Signer aWS4Signer = new AWS4Signer();
            aWS4Signer.setServiceName("es");
            aWS4Signer.setRegionName(substring2);
            aWSRequestSigningApacheInterceptor = new AWSRequestSigningApacheInterceptor("es", aWS4Signer, getAWSCredentialsProvider());
        }
        AWSRequestSigningApacheInterceptor aWSRequestSigningApacheInterceptor2 = aWSRequestSigningApacheInterceptor;
        MonitoredHttpRequestResponseInterceptor monitoredHttpRequestResponseInterceptor = new MonitoredHttpRequestResponseInterceptor(this.esConf.isEnableDebug());
        if (!this.esConf.isUseSSL()) {
            RestClientBuilder.HttpClientConfigCallback httpClientConfigCallback = httpAsyncClientBuilder -> {
                if (!isEmpty(username) && !isEmpty(password)) {
                    BasicCredentialsProvider basicCredentialsProvider = new BasicCredentialsProvider();
                    basicCredentialsProvider.setCredentials(AuthScope.ANY, new UsernamePasswordCredentials(username, password));
                    httpAsyncClientBuilder.setDefaultCredentialsProvider(basicCredentialsProvider);
                }
                if (aWSRequestSigningApacheInterceptor2 != null) {
                    httpAsyncClientBuilder.addInterceptorLast(aWSRequestSigningApacheInterceptor2);
                }
                httpAsyncClientBuilder.addInterceptorLast(monitoredHttpRequestResponseInterceptor);
                httpAsyncClientBuilder.addInterceptorLast(monitoredHttpRequestResponseInterceptor);
                return httpAsyncClientBuilder;
            };
            RestClientBuilder builder2 = RestClient.builder(new HttpHost[]{new HttpHost(esHost, esPort, "http")});
            builder2.setRequestConfigCallback(requestConfigCallback);
            builder2.setHttpClientConfigCallback(httpClientConfigCallback);
            if (this.esConf.isEnableGzip()) {
                builder2.setDefaultHeaders(new Header[]{new BasicHeader("Accept-Encoding", "gzip")});
            }
            return new RestHighLevelClient(builder2);
        }
        TrustManager[] trustManagerArr = {new X509TrustManager() { // from class: io.thundra.swark.es.client.ElasticsearchClientFactory.1
            @Override // javax.net.ssl.X509TrustManager
            public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
            }

            @Override // javax.net.ssl.X509TrustManager
            public X509Certificate[] getAcceptedIssuers() {
                return new X509Certificate[0];
            }
        }};
        SSLContext sSLContext = SSLContext.getInstance("SSL");
        sSLContext.init(null, trustManagerArr, new SecureRandom());
        RestClientBuilder.HttpClientConfigCallback httpClientConfigCallback2 = httpAsyncClientBuilder2 -> {
            if (!isEmpty(username) && !isEmpty(password)) {
                BasicCredentialsProvider basicCredentialsProvider = new BasicCredentialsProvider();
                basicCredentialsProvider.setCredentials(AuthScope.ANY, new UsernamePasswordCredentials(username, password));
                httpAsyncClientBuilder2.setDefaultCredentialsProvider(basicCredentialsProvider);
            }
            httpAsyncClientBuilder2.setSSLContext(sSLContext);
            httpAsyncClientBuilder2.setSSLHostnameVerifier((str, sSLSession) -> {
                return true;
            });
            if (aWSRequestSigningApacheInterceptor2 != null) {
                httpAsyncClientBuilder2.addInterceptorLast(aWSRequestSigningApacheInterceptor2);
            }
            httpAsyncClientBuilder2.addInterceptorLast(monitoredHttpRequestResponseInterceptor);
            httpAsyncClientBuilder2.addInterceptorLast(monitoredHttpRequestResponseInterceptor);
            return httpAsyncClientBuilder2;
        };
        RestClientBuilder builder3 = RestClient.builder(new HttpHost[]{new HttpHost(esHost, esPort, "https")});
        builder3.setRequestConfigCallback(requestConfigCallback);
        builder3.setHttpClientConfigCallback(httpClientConfigCallback2);
        if (this.esConf.isEnableGzip()) {
            builder3.setDefaultHeaders(new Header[]{new BasicHeader("Accept-Encoding", "gzip")});
        }
        return new RestHighLevelClient(builder3);
    }

    public static boolean isEmpty(CharSequence charSequence) {
        return charSequence == null || charSequence.length() == 0;
    }
}
