package org.elasticsearch.watcher.support.http;

import com.google.common.collect.ImmutableMap;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.net.HttpURLConnection;
import java.net.SocketTimeoutException;
import java.net.URL;
import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.security.AccessController;
import java.security.KeyStore;
import java.security.PrivilegedAction;
import java.security.SecureRandom;
import java.util.List;
import java.util.Map;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import org.elasticsearch.ElasticsearchException;
import org.elasticsearch.ElasticsearchTimeoutException;
import org.elasticsearch.SpecialPermission;
import org.elasticsearch.common.Strings;
import org.elasticsearch.common.component.AbstractLifecycleComponent;
import org.elasticsearch.common.inject.Inject;
import org.elasticsearch.common.io.Streams;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.unit.TimeValue;
import org.elasticsearch.env.Environment;
import org.elasticsearch.watcher.support.http.auth.HttpAuthRegistry;

/* loaded from: input_file:org/elasticsearch/watcher/support/http/HttpClient.class */
public class HttpClient extends AbstractLifecycleComponent<HttpClient> {
    static final String SETTINGS_SSL_PREFIX = "watcher.http.ssl.";
    static final String SETTINGS_PROXY_PREFIX = "watcher.http.proxy.";
    static final String SETTINGS_SSL_SHIELD_PREFIX = "shield.ssl.";
    public static final String SETTINGS_SSL_PROTOCOL = "watcher.http.ssl.protocol";
    static final String SETTINGS_SSL_SHIELD_PROTOCOL = "shield.ssl.protocol";
    public static final String SETTINGS_SSL_KEYSTORE = "watcher.http.ssl.keystore.path";
    static final String SETTINGS_SSL_SHIELD_KEYSTORE = "shield.ssl.keystore.path";
    public static final String SETTINGS_SSL_KEYSTORE_PASSWORD = "watcher.http.ssl.keystore.password";
    static final String SETTINGS_SSL_SHIELD_KEYSTORE_PASSWORD = "shield.ssl.keystore.password";
    public static final String SETTINGS_SSL_KEYSTORE_KEY_PASSWORD = "watcher.http.ssl.keystore.key_password";
    static final String SETTINGS_SSL_SHIELD_KEYSTORE_KEY_PASSWORD = "shield.ssl.keystore.key_password";
    public static final String SETTINGS_SSL_KEYSTORE_ALGORITHM = "watcher.http.ssl.keystore.algorithm";
    static final String SETTINGS_SSL_SHIELD_KEYSTORE_ALGORITHM = "shield.ssl.keystore.algorithm";
    public static final String SETTINGS_SSL_TRUSTSTORE = "watcher.http.ssl.truststore.path";
    static final String SETTINGS_SSL_SHIELD_TRUSTSTORE = "shield.ssl.truststore.path";
    public static final String SETTINGS_SSL_TRUSTSTORE_PASSWORD = "watcher.http.ssl.truststore.password";
    static final String SETTINGS_SSL_SHIELD_TRUSTSTORE_PASSWORD = "shield.ssl.truststore.password";
    public static final String SETTINGS_SSL_TRUSTSTORE_ALGORITHM = "watcher.http.ssl.truststore.algorithm";
    static final String SETTINGS_SSL_SHIELD_TRUSTSTORE_ALGORITHM = "shield.ssl.truststore.algorithm";
    public static final String SETTINGS_PROXY_HOST = "watcher.http.proxy.host";
    public static final String SETTINGS_PROXY_PORT = "watcher.http.proxy.port";
    private final HttpAuthRegistry httpAuthRegistry;
    private final Environment env;
    private final TimeValue defaultConnectionTimeout;
    private final TimeValue defaultReadTimeout;
    private SSLSocketFactory sslSocketFactory;
    private HttpProxy proxy;
    static final /* synthetic */ boolean $assertionsDisabled;

    @Inject
    public HttpClient(Settings settings, HttpAuthRegistry httpAuthRegistry, Environment environment) {
        super(settings);
        this.proxy = HttpProxy.NO_PROXY;
        this.httpAuthRegistry = httpAuthRegistry;
        this.env = environment;
        this.defaultConnectionTimeout = settings.getAsTime("watcher.http.default_connection_timeout", TimeValue.timeValueSeconds(10L));
        this.defaultReadTimeout = settings.getAsTime("watcher.http.default_read_timeout", TimeValue.timeValueSeconds(10L));
    }

    protected void doStart() throws ElasticsearchException {
        Integer asInt = this.settings.getAsInt(SETTINGS_PROXY_PORT, (Integer) null);
        String str = this.settings.get(SETTINGS_PROXY_HOST, (String) null);
        if (asInt != null && Strings.hasText(str)) {
            this.proxy = new HttpProxy(str, asInt);
            this.logger.info("Using default proxy for http input and slack/hipchat/pagerduty/webhook actions [{}:{}]", new Object[]{str, asInt});
        } else if ((asInt == null && Strings.hasText(str)) || (asInt != null && !Strings.hasText(str))) {
            this.logger.error("disabling proxy. Watcher HTTP HttpProxy requires both settings: [{}] and [{}]", new Object[]{SETTINGS_PROXY_HOST, SETTINGS_PROXY_PORT});
        }
        if (!this.settings.getByPrefix(SETTINGS_SSL_PREFIX).getAsMap().isEmpty() || !this.settings.getByPrefix(SETTINGS_SSL_SHIELD_PREFIX).getAsMap().isEmpty()) {
            this.sslSocketFactory = createSSLSocketFactory(this.settings);
        } else {
            this.logger.trace("no ssl context configured", new Object[0]);
            this.sslSocketFactory = null;
        }
    }

    protected void doStop() throws ElasticsearchException {
    }

    protected void doClose() throws ElasticsearchException {
    }

    public HttpResponse execute(HttpRequest httpRequest) throws IOException {
        try {
            return doExecute(httpRequest);
        } catch (SocketTimeoutException e) {
            throw new ElasticsearchTimeoutException("failed to execute http request. timeout expired", e, new Object[0]);
        }
    }

    public HttpResponse doExecute(HttpRequest httpRequest) throws IOException {
        InputStream inputStream;
        Throwable th;
        String str = null;
        if (httpRequest.params() != null && !httpRequest.params().isEmpty()) {
            StringBuilder sb = new StringBuilder();
            for (Map.Entry<String, String> entry : httpRequest.params().entrySet()) {
                if (sb.length() != 0) {
                    sb.append('&');
                }
                sb.append(URLEncoder.encode(entry.getKey(), "UTF-8")).append('=').append(URLEncoder.encode(entry.getValue(), "UTF-8"));
            }
            str = sb.toString();
        }
        String str2 = Strings.hasLength(httpRequest.path) ? httpRequest.path : "";
        if (Strings.hasLength(str)) {
            str2 = str2 + "?" + str;
        }
        URL url = new URL(httpRequest.scheme.scheme(), httpRequest.host, httpRequest.port, str2);
        this.logger.debug("making [{}] request to [{}]", new Object[]{httpRequest.method().method(), url});
        this.logger.trace("sending [{}] as body of request", new Object[]{httpRequest.body()});
        HttpURLConnection httpURLConnection = (HttpURLConnection) url.openConnection((httpRequest.proxy != null ? httpRequest.proxy : this.proxy).proxy());
        if ((httpURLConnection instanceof HttpsURLConnection) && this.sslSocketFactory != null) {
            final HttpsURLConnection httpsURLConnection = (HttpsURLConnection) httpURLConnection;
            final SSLSocketFactory sSLSocketFactory = this.sslSocketFactory;
            SecurityManager securityManager = System.getSecurityManager();
            if (securityManager != null) {
                securityManager.checkPermission(new SpecialPermission());
            }
            AccessController.doPrivileged(new PrivilegedAction<Void>() { // from class: org.elasticsearch.watcher.support.http.HttpClient.1
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedAction
                public Void run() {
                    httpsURLConnection.setSSLSocketFactory(sSLSocketFactory);
                    return null;
                }
            });
        }
        httpURLConnection.setRequestMethod(httpRequest.method().method());
        if (httpRequest.headers() != null) {
            for (Map.Entry<String, String> entry2 : httpRequest.headers().entrySet()) {
                httpURLConnection.setRequestProperty(entry2.getKey(), entry2.getValue());
            }
        }
        if (httpRequest.auth() != null) {
            this.logger.trace("applying auth headers", new Object[0]);
            this.httpAuthRegistry.createApplicable(httpRequest.auth).apply(httpURLConnection);
        }
        httpURLConnection.setUseCaches(false);
        httpURLConnection.setRequestProperty("Accept-Charset", StandardCharsets.UTF_8.name());
        if (httpRequest.body() != null) {
            httpURLConnection.setDoOutput(true);
            byte[] bytes = httpRequest.body().getBytes(StandardCharsets.UTF_8.name());
            httpURLConnection.setRequestProperty("Content-Length", String.valueOf(bytes.length));
            httpURLConnection.getOutputStream().write(bytes);
            httpURLConnection.getOutputStream().close();
        }
        httpURLConnection.setConnectTimeout((int) (httpRequest.connectionTimeout != null ? httpRequest.connectionTimeout : this.defaultConnectionTimeout).millis());
        httpURLConnection.setReadTimeout((int) (httpRequest.readTimeout != null ? httpRequest.readTimeout : this.defaultReadTimeout).millis());
        httpURLConnection.connect();
        int responseCode = httpURLConnection.getResponseCode();
        ImmutableMap.Builder builder = ImmutableMap.builder();
        for (Map.Entry<String, List<String>> entry3 : httpURLConnection.getHeaderFields().entrySet()) {
            if (entry3.getKey() != null) {
                builder.put(entry3.getKey(), entry3.getValue().toArray(new String[entry3.getValue().size()]));
            }
        }
        this.logger.debug("http status code [{}]", new Object[]{Integer.valueOf(responseCode)});
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        Throwable th2 = null;
        try {
            try {
                inputStream = httpURLConnection.getInputStream();
                th = null;
            } catch (Exception e) {
                if (httpURLConnection.getErrorStream() != null) {
                    InputStream errorStream = httpURLConnection.getErrorStream();
                    Throwable th3 = null;
                    try {
                        Streams.copy(errorStream, byteArrayOutputStream);
                        if (errorStream != null) {
                            if (0 != 0) {
                                try {
                                    errorStream.close();
                                } catch (Throwable th4) {
                                    th3.addSuppressed(th4);
                                }
                            } else {
                                errorStream.close();
                            }
                        }
                    } catch (Throwable th5) {
                        if (errorStream != null) {
                            if (0 != 0) {
                                try {
                                    errorStream.close();
                                } catch (Throwable th6) {
                                    th3.addSuppressed(th6);
                                }
                            } else {
                                errorStream.close();
                            }
                        }
                        throw th5;
                    }
                }
            }
            try {
                try {
                    Streams.copy(inputStream, byteArrayOutputStream);
                    if (inputStream != null) {
                        if (0 != 0) {
                            try {
                                inputStream.close();
                            } catch (Throwable th7) {
                                th.addSuppressed(th7);
                            }
                        } else {
                            inputStream.close();
                        }
                    }
                    byte[] byteArray = byteArrayOutputStream.toByteArray();
                    if (byteArrayOutputStream != null) {
                        if (0 != 0) {
                            try {
                                byteArrayOutputStream.close();
                            } catch (Throwable th8) {
                                th2.addSuppressed(th8);
                            }
                        } else {
                            byteArrayOutputStream.close();
                        }
                    }
                    return new HttpResponse(responseCode, byteArray, (ImmutableMap<String, String[]>) builder.build());
                } finally {
                }
            } catch (Throwable th9) {
                if (inputStream != null) {
                    if (th != null) {
                        try {
                            inputStream.close();
                        } catch (Throwable th10) {
                            th.addSuppressed(th10);
                        }
                    } else {
                        inputStream.close();
                    }
                }
                throw th9;
            }
        } catch (Throwable th11) {
            if (byteArrayOutputStream != null) {
                if (0 != 0) {
                    try {
                        byteArrayOutputStream.close();
                    } catch (Throwable th12) {
                        th2.addSuppressed(th12);
                    }
                } else {
                    byteArrayOutputStream.close();
                }
            }
            throw th11;
        }
    }

    private SSLSocketFactory createSSLSocketFactory(Settings settings) {
        try {
            String str = settings.get(SETTINGS_SSL_PROTOCOL, settings.get(SETTINGS_SSL_SHIELD_PROTOCOL, "TLS"));
            String str2 = settings.get(SETTINGS_SSL_KEYSTORE, settings.get(SETTINGS_SSL_SHIELD_KEYSTORE, System.getProperty("javax.net.ssl.keyStore")));
            String str3 = settings.get(SETTINGS_SSL_KEYSTORE_PASSWORD, settings.get(SETTINGS_SSL_SHIELD_KEYSTORE_PASSWORD, System.getProperty("javax.net.ssl.keyStorePassword")));
            String str4 = settings.get(SETTINGS_SSL_KEYSTORE_KEY_PASSWORD, settings.get(SETTINGS_SSL_SHIELD_KEYSTORE_KEY_PASSWORD, str3));
            String str5 = settings.get(SETTINGS_SSL_KEYSTORE_ALGORITHM, settings.get(SETTINGS_SSL_SHIELD_KEYSTORE_ALGORITHM, System.getProperty("ssl.KeyManagerFactory.algorithm", KeyManagerFactory.getDefaultAlgorithm())));
            String str6 = settings.get(SETTINGS_SSL_TRUSTSTORE, settings.get(SETTINGS_SSL_SHIELD_TRUSTSTORE, System.getProperty("javax.net.ssl.trustStore")));
            String str7 = settings.get(SETTINGS_SSL_TRUSTSTORE_PASSWORD, settings.get(SETTINGS_SSL_SHIELD_TRUSTSTORE_PASSWORD, System.getProperty("javax.net.ssl.trustStorePassword")));
            String str8 = settings.get(SETTINGS_SSL_TRUSTSTORE_ALGORITHM, settings.get(SETTINGS_SSL_SHIELD_TRUSTSTORE_ALGORITHM, System.getProperty("ssl.TrustManagerFactory.algorithm", TrustManagerFactory.getDefaultAlgorithm())));
            if (str2 != null) {
                if (str6 == null) {
                    this.logger.debug("keystore defined with no truststore defined, using keystore as truststore", new Object[0]);
                    str6 = str2;
                    str7 = str3;
                    str8 = str5;
                }
            } else if (str6 == null) {
                this.logger.debug("no truststore defined, using system default", new Object[0]);
            }
            if (str8 == null) {
                str8 = TrustManagerFactory.getDefaultAlgorithm();
            }
            this.logger.debug("using protocol [{}], keyStore [{}], keyStoreAlgorithm [{}], trustStore [{}] and trustAlgorithm [{}]", new Object[]{str, str2, str5, str6, str8});
            SSLContext sSLContext = SSLContext.getInstance(str);
            sSLContext.init(keyManagers(this.env, str2, str3, str5, str4), trustManagers(this.env, str6, str7, str8), new SecureRandom());
            return sSLContext.getSocketFactory();
        } catch (Exception e) {
            throw new RuntimeException("http client failed to initialize the SSLContext", e);
        }
    }

    public SSLSocketFactory getSslSocketFactory() {
        return this.sslSocketFactory;
    }

    private static KeyManager[] keyManagers(Environment environment, String str, String str2, String str3, String str4) {
        if (str == null) {
            return null;
        }
        Path resolve = environment.binFile().getParent().resolve(str);
        if (Files.notExists(resolve, new LinkOption[0])) {
            return null;
        }
        try {
            KeyStore readKeystore = readKeystore(resolve, str2);
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(str3);
            keyManagerFactory.init(readKeystore, str4.toCharArray());
            return keyManagerFactory.getKeyManagers();
        } catch (Exception e) {
            throw new RuntimeException("http client failed to initialize a KeyManagerFactory", e);
        }
    }

    private static TrustManager[] trustManagers(Environment environment, String str, String str2, String str3) {
        KeyStore keyStore = null;
        if (str != null) {
            try {
                Path resolve = environment.binFile().getParent().resolve(str);
                if (Files.exists(resolve, new LinkOption[0])) {
                    keyStore = readKeystore(resolve, str2);
                }
            } catch (Exception e) {
                throw new RuntimeException("http client failed to initialize a TrustManagerFactory", e);
            }
        }
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(str3);
        trustManagerFactory.init(keyStore);
        return trustManagerFactory.getTrustManagers();
    }

    private static KeyStore readKeystore(Path path, String str) throws Exception {
        InputStream newInputStream = Files.newInputStream(path, new OpenOption[0]);
        Throwable th = null;
        try {
            KeyStore keyStore = KeyStore.getInstance("jks");
            if (!$assertionsDisabled && str == null) {
                throw new AssertionError();
            }
            keyStore.load(newInputStream, str.toCharArray());
            if (newInputStream != null) {
                if (0 != 0) {
                    try {
                        newInputStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                } else {
                    newInputStream.close();
                }
            }
            return keyStore;
        } catch (Throwable th3) {
            if (newInputStream != null) {
                if (0 != 0) {
                    try {
                        newInputStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    newInputStream.close();
                }
            }
            throw th3;
        }
    }

    static {
        $assertionsDisabled = !HttpClient.class.desiredAssertionStatus();
    }
}
