package gr.cite.tools.elastic.configuration;

import gr.cite.tools.logging.LoggerService;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.List;
import org.apache.http.conn.ssl.DefaultHostnameVerifier;
import org.apache.http.conn.ssl.NoopHostnameVerifier;
import org.apache.http.ssl.SSLContexts;
import org.elasticsearch.client.RestHighLevelClient;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.context.annotation.Bean;
import org.springframework.data.elasticsearch.client.ClientConfiguration;
import org.springframework.data.elasticsearch.client.RestClients;
import org.springframework.data.elasticsearch.config.AbstractElasticsearchConfiguration;
import org.springframework.data.elasticsearch.core.ElasticsearchRestTemplate;
import org.springframework.data.elasticsearch.core.convert.ElasticsearchConverter;

/* loaded from: input_file:gr/cite/tools/elastic/configuration/AbstractElasticConfiguration.class */
public abstract class AbstractElasticConfiguration extends AbstractElasticsearchConfiguration {
    private static final Logger logger = new LoggerService(LoggerFactory.getLogger(AbstractElasticConfiguration.class));
    private final ElasticProperties elasticProperties;
    private final ElasticCertificateProvider elasticCertificateProvider;

    public AbstractElasticConfiguration(ElasticProperties elasticProperties, ElasticCertificateProvider elasticCertificateProvider) {
        this.elasticProperties = elasticProperties;
        this.elasticCertificateProvider = elasticCertificateProvider;
    }

    @Bean
    public RestHighLevelClient elasticsearchClient() {
        try {
            ClientConfiguration.MaybeSecureClientConfigurationBuilder connectedTo = ClientConfiguration.builder().connectedTo((String[]) this.elasticProperties.getHosts().toArray(i -> {
                return new String[i];
            }));
            if (this.elasticProperties.isUseSSL()) {
                if (this.elasticProperties.getServerCertificatePaths() == null || this.elasticProperties.getServerCertificatePaths().isEmpty()) {
                    connectedTo.usingSsl();
                } else {
                    connectedTo.usingSsl(SSLContexts.custom().loadTrustMaterial((KeyStore) null, (x509CertificateArr, str) -> {
                        return isTrusted(x509CertificateArr, str);
                    }).build(), this.elasticProperties.isDisableHostnameVerifier() ? NoopHostnameVerifier.INSTANCE : new DefaultHostnameVerifier());
                }
            }
            if (this.elasticProperties.getUsername() != null && this.elasticProperties.getPassword() != null && !this.elasticProperties.getUsername().isBlank() && !this.elasticProperties.getPassword().isBlank()) {
                connectedTo.withBasicAuth(this.elasticProperties.getUsername(), this.elasticProperties.getPassword());
            }
            if (this.elasticProperties.getSocketTimeoutMillis() > 0) {
                connectedTo.withSocketTimeout(this.elasticProperties.getSocketTimeoutMillis());
            }
            if (this.elasticProperties.getConnectTimeoutMillis() > 0) {
                connectedTo.withConnectTimeout(this.elasticProperties.getConnectTimeoutMillis());
            }
            return RestClients.create(connectedTo.build()).rest();
        } catch (KeyManagementException | KeyStoreException | NoSuchAlgorithmException e) {
            logger.error(e.getLocalizedMessage(), e);
            return null;
        }
    }

    private boolean isTrusted(X509Certificate[] x509CertificateArr, String str) {
        for (X509Certificate x509Certificate : x509CertificateArr) {
            List<X509Certificate> certificate = this.elasticCertificateProvider.getCertificate(x509Certificate.getIssuerDN().getName());
            if (certificate != null) {
                for (X509Certificate x509Certificate2 : certificate) {
                    boolean equals = Arrays.equals(((X509Certificate) Arrays.stream(x509CertificateArr).findFirst().orElse(null)).getSignature(), x509Certificate2.getSignature());
                    boolean equals2 = ((X509Certificate) Arrays.stream(x509CertificateArr).findFirst().orElse(null)).getSerialNumber().equals(x509Certificate2.getSerialNumber());
                    boolean equals3 = ((X509Certificate) Arrays.stream(x509CertificateArr).findFirst().orElse(null)).getIssuerDN().getName().equals(x509Certificate2.getIssuerDN().getName());
                    if (equals && equals2 && equals3) {
                        return true;
                    }
                }
            }
        }
        return false;
    }

    @Bean
    public ElasticsearchRestTemplate elasticsearchRestTemplate(ElasticsearchConverter elasticsearchConverter, RestHighLevelClient restHighLevelClient) {
        return new ElasticsearchRestTemplate(restHighLevelClient, elasticsearchConverter);
    }
}
