package org.apache.james.backends.opensearch;

import java.io.IOException;
import java.security.KeyManagementException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.time.Duration;
import java.time.LocalDateTime;
import java.util.Objects;
import java.util.Optional;
import javax.annotation.PreDestroy;
import javax.inject.Inject;
import javax.inject.Provider;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLContext;
import org.apache.commons.lang3.NotImplementedException;
import org.apache.commons.lang3.time.DurationFormatUtils;
import org.apache.http.HttpHost;
import org.apache.http.auth.AuthScope;
import org.apache.http.auth.UsernamePasswordCredentials;
import org.apache.http.client.config.RequestConfig;
import org.apache.http.conn.ssl.DefaultHostnameVerifier;
import org.apache.http.impl.client.BasicCredentialsProvider;
import org.apache.http.impl.nio.client.HttpAsyncClientBuilder;
import org.apache.http.ssl.SSLContextBuilder;
import org.apache.http.ssl.TrustStrategy;
import org.apache.james.backends.opensearch.OpenSearchConfiguration;
import org.apache.james.backends.opensearch.json.jackson.JacksonJsonpMapper;
import org.apache.james.util.concurrent.NamedThreadFactory;
import org.opensearch.client.RestClient;
import org.opensearch.client.RestClientBuilder;
import org.opensearch.client.opensearch.OpenSearchAsyncClient;
import org.opensearch.client.transport.rest_client.RestClientTransport;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import reactor.core.publisher.Mono;
import reactor.core.scheduler.Schedulers;
import reactor.util.retry.Retry;

/* loaded from: input_file:org/apache/james/backends/opensearch/ClientProvider.class */
public class ClientProvider implements Provider<ReactorOpenSearchClient> {
    private static final Logger LOGGER = LoggerFactory.getLogger(ClientProvider.class);
    private final OpenSearchConfiguration configuration;
    private final HttpAsyncClientConfigurer httpAsyncClientConfigurer;
    private final RestClient lowLevelRestClient = buildRestClient();
    private final OpenSearchAsyncClient openSearchClient = connect();
    private final ReactorOpenSearchClient client = new ReactorOpenSearchClient(this.openSearchClient, this.lowLevelRestClient);

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/james/backends/opensearch/ClientProvider$HttpAsyncClientConfigurer.class */
    public static class HttpAsyncClientConfigurer {
        private static final TrustStrategy TRUST_ALL = (x509CertificateArr, str) -> {
            return true;
        };
        private static final HostnameVerifier ACCEPT_ANY_HOSTNAME = (str, sSLSession) -> {
            return true;
        };
        private final OpenSearchConfiguration configuration;

        private HttpAsyncClientConfigurer(OpenSearchConfiguration openSearchConfiguration) {
            this.configuration = openSearchConfiguration;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public HttpAsyncClientBuilder configure(HttpAsyncClientBuilder httpAsyncClientBuilder) {
            configureAuthentication(httpAsyncClientBuilder);
            configureHostScheme(httpAsyncClientBuilder);
            configureTimeout(httpAsyncClientBuilder);
            Optional<Integer> maxConnections = this.configuration.getMaxConnections();
            Objects.requireNonNull(httpAsyncClientBuilder);
            maxConnections.ifPresent((v1) -> {
                r1.setMaxConnTotal(v1);
            });
            Optional<Integer> maxConnectionsPerHost = this.configuration.getMaxConnectionsPerHost();
            Objects.requireNonNull(httpAsyncClientBuilder);
            maxConnectionsPerHost.ifPresent((v1) -> {
                r1.setMaxConnPerRoute(v1);
            });
            httpAsyncClientBuilder.setThreadFactory(NamedThreadFactory.withName("OpenSearch-driver"));
            return httpAsyncClientBuilder;
        }

        private void configureHostScheme(HttpAsyncClientBuilder httpAsyncClientBuilder) {
            OpenSearchConfiguration.HostScheme hostScheme = this.configuration.getHostScheme();
            switch (hostScheme) {
                case HTTP:
                    return;
                case HTTPS:
                    configureSSLOptions(httpAsyncClientBuilder);
                    return;
                default:
                    throw new NotImplementedException(String.format("unrecognized hostScheme '%s'", hostScheme.name()));
            }
        }

        private void configureSSLOptions(HttpAsyncClientBuilder httpAsyncClientBuilder) {
            try {
                httpAsyncClientBuilder.setSSLContext(sslContext()).setSSLHostnameVerifier(hostnameVerifier());
            } catch (IOException | KeyManagementException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
                throw new RuntimeException("Cannot set SSL options to the builder", e);
            }
        }

        private void configureTimeout(HttpAsyncClientBuilder httpAsyncClientBuilder) {
            httpAsyncClientBuilder.setDefaultRequestConfig(requestConfig());
        }

        private SSLContext sslContext() throws KeyStoreException, NoSuchAlgorithmException, KeyManagementException, CertificateException, IOException {
            SSLContextBuilder sSLContextBuilder = new SSLContextBuilder();
            OpenSearchConfiguration.SSLConfiguration.SSLValidationStrategy strategy = this.configuration.getSslConfiguration().getStrategy();
            switch (strategy) {
                case DEFAULT:
                    return sSLContextBuilder.build();
                case IGNORE:
                    return sSLContextBuilder.loadTrustMaterial(TRUST_ALL).build();
                case OVERRIDE:
                    return applyTrustStore(sSLContextBuilder).build();
                default:
                    throw new NotImplementedException(String.format("unrecognized strategy '%s'", strategy.name()));
            }
        }

        private HostnameVerifier hostnameVerifier() {
            OpenSearchConfiguration.SSLConfiguration.HostNameVerifier hostNameVerifier = this.configuration.getSslConfiguration().getHostNameVerifier();
            switch (hostNameVerifier) {
                case DEFAULT:
                    return new DefaultHostnameVerifier();
                case ACCEPT_ANY_HOSTNAME:
                    return ACCEPT_ANY_HOSTNAME;
                default:
                    throw new NotImplementedException(String.format("unrecognized HostNameVerifier '%s'", hostNameVerifier.name()));
            }
        }

        private RequestConfig requestConfig() {
            return RequestConfig.custom().setConnectTimeout(Math.toIntExact(this.configuration.getRequestTimeout().toMillis())).setConnectionRequestTimeout(Math.toIntExact(this.configuration.getRequestTimeout().toMillis())).setSocketTimeout(Math.toIntExact(this.configuration.getRequestTimeout().toMillis())).build();
        }

        private SSLContextBuilder applyTrustStore(SSLContextBuilder sSLContextBuilder) throws CertificateException, NoSuchAlgorithmException, KeyStoreException, IOException {
            OpenSearchConfiguration.SSLConfiguration.SSLTrustStore orElseThrow = this.configuration.getSslConfiguration().getTrustStore().orElseThrow(() -> {
                return new IllegalStateException("SSLTrustStore cannot to be empty");
            });
            return sSLContextBuilder.loadTrustMaterial(orElseThrow.getFile(), orElseThrow.getPassword());
        }

        private void configureAuthentication(HttpAsyncClientBuilder httpAsyncClientBuilder) {
            this.configuration.getCredential().ifPresent(credential -> {
                BasicCredentialsProvider basicCredentialsProvider = new BasicCredentialsProvider();
                basicCredentialsProvider.setCredentials(AuthScope.ANY, new UsernamePasswordCredentials(credential.getUsername(), String.valueOf(credential.getPassword())));
                httpAsyncClientBuilder.setDefaultCredentialsProvider(basicCredentialsProvider);
            });
        }
    }

    @Inject
    public ClientProvider(OpenSearchConfiguration openSearchConfiguration) {
        this.httpAsyncClientConfigurer = new HttpAsyncClientConfigurer(openSearchConfiguration);
        this.configuration = openSearchConfiguration;
    }

    private RestClient buildRestClient() {
        RestClientBuilder builder = RestClient.builder(hostsToHttpHosts());
        HttpAsyncClientConfigurer httpAsyncClientConfigurer = this.httpAsyncClientConfigurer;
        Objects.requireNonNull(httpAsyncClientConfigurer);
        return builder.setHttpClientConfigCallback(httpAsyncClientBuilder -> {
            return httpAsyncClientConfigurer.configure(httpAsyncClientBuilder);
        }).build();
    }

    private OpenSearchAsyncClient connect() {
        Duration ofMillis = Duration.ofMillis(this.configuration.getMinDelay());
        boolean z = true;
        boolean z2 = true;
        return (OpenSearchAsyncClient) Mono.fromCallable(this::connectToCluster).doOnError(th -> {
            LOGGER.warn("Error establishing OpenSearch connection. Next retry scheduled in {}", DurationFormatUtils.formatDurationWords(ofMillis.toMillis(), z, z2), th);
        }).retryWhen(Retry.backoff(this.configuration.getMaxRetries(), ofMillis).scheduler(Schedulers.boundedElastic())).publishOn(Schedulers.boundedElastic()).block();
    }

    private OpenSearchAsyncClient connectToCluster() {
        LOGGER.info("Trying to connect to OpenSearch service at {}", LocalDateTime.now());
        return new OpenSearchAsyncClient(new RestClientTransport(this.lowLevelRestClient, new JacksonJsonpMapper()));
    }

    private HttpHost[] hostsToHttpHosts() {
        return (HttpHost[]) this.configuration.getHosts().stream().map(host -> {
            return new HttpHost(host.getHostName(), host.getPort(), this.configuration.getHostScheme().name());
        }).toArray(i -> {
            return new HttpHost[i];
        });
    }

    /* renamed from: get, reason: merged with bridge method [inline-methods] */
    public ReactorOpenSearchClient m1get() {
        return this.client;
    }

    @PreDestroy
    public void close() throws IOException {
        this.lowLevelRestClient.close();
    }
}
