package org.opensearch.hadoop.rest.commonshttp;

import java.io.IOException;
import java.io.InputStream;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.net.Socket;
import java.net.UnknownHostException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.opensearch.hadoop.OpenSearchHadoopIllegalArgumentException;
import org.opensearch.hadoop.OpenSearchHadoopIllegalStateException;
import org.opensearch.hadoop.cfg.ConfigurationOptions;
import org.opensearch.hadoop.cfg.Settings;
import org.opensearch.hadoop.security.SecureSettings;
import org.opensearch.hadoop.thirdparty.apache.commons.httpclient.ConnectTimeoutException;
import org.opensearch.hadoop.thirdparty.apache.commons.httpclient.params.HttpConnectionParams;
import org.opensearch.hadoop.thirdparty.apache.commons.httpclient.protocol.SecureProtocolSocketFactory;
import org.opensearch.hadoop.util.IOUtils;
import org.opensearch.hadoop.util.StringUtils;

/* loaded from: input_file:org/opensearch/hadoop/rest/commonshttp/SSLSocketFactory.class */
class SSLSocketFactory implements SecureProtocolSocketFactory {
    private static final Log LOG = LogFactory.getLog(SSLSocketFactory.class);
    private SSLContext sslContext = null;
    private final String sslProtocol;
    private final String keyStoreLocation;
    private final String keyStorePass;
    private final String keyStoreType;
    private final String trustStoreLocation;
    private final String trustStorePass;
    private final TrustStrategy trust;

    /* loaded from: input_file:org/opensearch/hadoop/rest/commonshttp/SSLSocketFactory$SelfSignedStrategy.class */
    private static class SelfSignedStrategy implements TrustStrategy {
        private SelfSignedStrategy() {
        }

        @Override // org.opensearch.hadoop.rest.commonshttp.SSLSocketFactory.TrustStrategy
        public boolean isTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            return x509CertificateArr.length == 1;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/opensearch/hadoop/rest/commonshttp/SSLSocketFactory$TrustManagerDelegate.class */
    public static class TrustManagerDelegate implements X509TrustManager {
        private final X509TrustManager trustManager;
        private final TrustStrategy trustStrategy;

        TrustManagerDelegate(X509TrustManager x509TrustManager, TrustStrategy trustStrategy) {
            this.trustManager = x509TrustManager;
            this.trustStrategy = trustStrategy;
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            this.trustManager.checkClientTrusted(x509CertificateArr, str);
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            if (this.trustStrategy.isTrusted(x509CertificateArr, str)) {
                return;
            }
            this.trustManager.checkServerTrusted(x509CertificateArr, str);
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return this.trustManager.getAcceptedIssuers();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/opensearch/hadoop/rest/commonshttp/SSLSocketFactory$TrustStrategy.class */
    public interface TrustStrategy {
        boolean isTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SSLSocketFactory(Settings settings, SecureSettings secureSettings) {
        this.sslProtocol = settings.getNetworkSSLProtocol();
        this.keyStoreLocation = settings.getNetworkSSLKeyStoreLocation();
        this.keyStorePass = secureSettings.getSecureProperty(ConfigurationOptions.OPENSEARCH_NET_SSL_KEYSTORE_PASS);
        this.keyStoreType = settings.getNetworkSSLKeyStoreType();
        this.trustStoreLocation = settings.getNetworkSSLTrustStoreLocation();
        this.trustStorePass = secureSettings.getSecureProperty(ConfigurationOptions.OPENSEARCH_NET_SSL_TRUST_STORE_PASS);
        this.trust = settings.getNetworkSSLAcceptSelfSignedCert() ? new SelfSignedStrategy() : null;
    }

    @Override // org.opensearch.hadoop.thirdparty.apache.commons.httpclient.protocol.ProtocolSocketFactory
    public Socket createSocket(String str, int i, InetAddress inetAddress, int i2, HttpConnectionParams httpConnectionParams) throws IOException, UnknownHostException, ConnectTimeoutException {
        if (httpConnectionParams == null) {
            throw new IllegalArgumentException("Parameters may not be null");
        }
        int connectionTimeout = httpConnectionParams.getConnectionTimeout();
        javax.net.ssl.SSLSocketFactory socketFactory = getSSLContext().getSocketFactory();
        if (connectionTimeout == 0) {
            return socketFactory.createSocket(str, i, inetAddress, i2);
        }
        Socket createSocket = socketFactory.createSocket();
        InetSocketAddress inetSocketAddress = new InetSocketAddress(inetAddress, i2);
        InetSocketAddress inetSocketAddress2 = new InetSocketAddress(str, i);
        createSocket.bind(inetSocketAddress);
        createSocket.connect(inetSocketAddress2, connectionTimeout);
        return createSocket;
    }

    @Override // org.opensearch.hadoop.thirdparty.apache.commons.httpclient.protocol.ProtocolSocketFactory
    public Socket createSocket(String str, int i) throws IOException, UnknownHostException {
        return getSSLContext().getSocketFactory().createSocket(str, i);
    }

    @Override // org.opensearch.hadoop.thirdparty.apache.commons.httpclient.protocol.SecureProtocolSocketFactory
    public Socket createSocket(Socket socket, String str, int i, boolean z) throws IOException, UnknownHostException {
        return getSSLContext().getSocketFactory().createSocket(socket, str, i, z);
    }

    @Override // org.opensearch.hadoop.thirdparty.apache.commons.httpclient.protocol.ProtocolSocketFactory
    public Socket createSocket(String str, int i, InetAddress inetAddress, int i2) throws IOException, UnknownHostException {
        return getSSLContext().getSocketFactory().createSocket(str, i, inetAddress, i2);
    }

    private SSLContext getSSLContext() {
        if (this.sslContext == null) {
            this.sslContext = createSSLContext();
        }
        return this.sslContext;
    }

    private SSLContext createSSLContext() {
        try {
            SSLContext sSLContext = SSLContext.getInstance(this.sslProtocol);
            try {
                sSLContext.init(loadKeyManagers(), loadTrustManagers(), null);
                return sSLContext;
            } catch (Exception e) {
                throw new OpenSearchHadoopIllegalStateException("Cannot initialize SSL - " + e.getMessage(), e);
            }
        } catch (NoSuchAlgorithmException e2) {
            throw new OpenSearchHadoopIllegalStateException("Cannot instantiate SSL - " + e2.getMessage(), e2);
        }
    }

    private KeyStore loadKeyStore(String str, char[] cArr) throws GeneralSecurityException, IOException {
        KeyStore keyStore = KeyStore.getInstance(this.keyStoreType);
        InputStream inputStream = null;
        try {
            if (LOG.isDebugEnabled()) {
                LOG.debug("Loading keystore located at [" + str + "]");
            }
            try {
                inputStream = IOUtils.open(str);
                if (inputStream == null) {
                    throw new OpenSearchHadoopIllegalArgumentException(String.format("Could not locate [%s] on classpath", str));
                }
                keyStore.load(inputStream, cArr);
                IOUtils.close(inputStream);
                return keyStore;
            } catch (Exception e) {
                throw new OpenSearchHadoopIllegalArgumentException(String.format("Expected to find keystore file at [%s] but was unable to. Make sure that it is available on the classpath, or if not, that you have specified a valid URI.", str));
            }
        } catch (Throwable th) {
            IOUtils.close(inputStream);
            throw th;
        }
    }

    private KeyManager[] loadKeyManagers() throws GeneralSecurityException, IOException {
        if (!StringUtils.hasText(this.keyStoreLocation)) {
            LOG.debug("No keystore location specified! SSL is continuing with no keystore.");
            return null;
        }
        char[] charArray = StringUtils.hasText(this.keyStorePass) ? this.keyStorePass.trim().toCharArray() : null;
        KeyStore loadKeyStore = loadKeyStore(this.keyStoreLocation, charArray);
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        keyManagerFactory.init(loadKeyStore, charArray);
        return keyManagerFactory.getKeyManagers();
    }

    private TrustManager[] loadTrustManagers() throws GeneralSecurityException, IOException {
        KeyStore keyStore = null;
        if (StringUtils.hasText(this.trustStoreLocation)) {
            keyStore = loadKeyStore(this.trustStoreLocation, StringUtils.hasText(this.trustStorePass) ? this.trustStorePass.trim().toCharArray() : null);
        } else {
            LOG.debug("No truststore location specified! SSL is continuing with no truststore.");
        }
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(keyStore);
        TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
        if (trustManagers != null && this.trust != null) {
            TrustManager[] trustManagerArr = new TrustManager[trustManagers.length];
            for (int i = 0; i < trustManagers.length; i++) {
                TrustManager trustManager = trustManagers[i];
                if (trustManager instanceof X509TrustManager) {
                    trustManager = new TrustManagerDelegate((X509TrustManager) trustManager, this.trust);
                }
                trustManagerArr[i] = trustManager;
            }
            trustManagers = trustManagerArr;
        }
        return trustManagers;
    }

    public boolean equals(Object obj) {
        return obj != null && obj.getClass().equals(SSLSocketFactory.class);
    }

    public int hashCode() {
        return getClass().hashCode();
    }
}
