package io.camunda.search.connect.os;

import com.amazonaws.regions.DefaultAwsRegionProviderChain;
import com.fasterxml.jackson.databind.ObjectMapper;
import io.camunda.search.connect.SearchClientConnectException;
import io.camunda.search.connect.configuration.ConnectConfiguration;
import io.camunda.search.connect.configuration.SecurityConfiguration;
import io.camunda.search.connect.jackson.JacksonConfiguration;
import io.camunda.search.connect.os.json.SearchRequestJacksonJsonpMapperWrapper;
import io.camunda.search.connect.util.SecurityUtil;
import java.net.URI;
import java.net.URISyntaxException;
import org.apache.hc.client5.http.auth.AuthScope;
import org.apache.hc.client5.http.auth.UsernamePasswordCredentials;
import org.apache.hc.client5.http.config.RequestConfig;
import org.apache.hc.client5.http.impl.async.HttpAsyncClientBuilder;
import org.apache.hc.client5.http.impl.auth.BasicCredentialsProvider;
import org.apache.hc.client5.http.impl.nio.PoolingAsyncClientConnectionManagerBuilder;
import org.apache.hc.client5.http.ssl.ClientTlsStrategyBuilder;
import org.apache.hc.client5.http.ssl.NoopHostnameVerifier;
import org.apache.hc.core5.http.HttpHost;
import org.apache.hc.core5.util.Timeout;
import org.opensearch.client.opensearch.OpenSearchAsyncClient;
import org.opensearch.client.opensearch.OpenSearchClient;
import org.opensearch.client.transport.OpenSearchTransport;
import org.opensearch.client.transport.aws.AwsSdk2Transport;
import org.opensearch.client.transport.aws.AwsSdk2TransportOptions;
import org.opensearch.client.transport.httpclient5.ApacheHttpClient5TransportBuilder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import software.amazon.awssdk.auth.credentials.DefaultCredentialsProvider;
import software.amazon.awssdk.http.crt.AwsCrtHttpClient;
import software.amazon.awssdk.regions.Region;

/* loaded from: input_file:io/camunda/search/connect/os/OpensearchConnector.class */
public final class OpensearchConnector {
    private static final Logger LOGGER = LoggerFactory.getLogger(OpensearchConnector.class);
    private final ConnectConfiguration configuration;
    private final ObjectMapper objectMapper;

    public OpensearchConnector(ConnectConfiguration connectConfiguration) {
        this(connectConfiguration, new JacksonConfiguration(connectConfiguration).createObjectMapper());
    }

    public OpensearchConnector(ConnectConfiguration connectConfiguration, ObjectMapper objectMapper) {
        this.configuration = connectConfiguration;
        this.objectMapper = objectMapper;
    }

    public OpenSearchClient createClient() {
        return new OpenSearchClient(createTransport(this.configuration));
    }

    public OpenSearchAsyncClient createAsyncClient() {
        return new OpenSearchAsyncClient(createTransport(this.configuration));
    }

    private OpenSearchTransport createTransport(ConnectConfiguration connectConfiguration) {
        return shouldCreateAWSBasedTransport() ? createAWSBasedTransport(connectConfiguration) : createDefaultTransport(connectConfiguration);
    }

    private OpenSearchTransport createAWSBasedTransport(ConnectConfiguration connectConfiguration) {
        return new AwsSdk2Transport(AwsCrtHttpClient.builder().build(), getHttpHost(connectConfiguration).getHostName(), Region.of(new DefaultAwsRegionProviderChain().getRegion()), AwsSdk2TransportOptions.builder().setMapper(new SearchRequestJacksonJsonpMapperWrapper(this.objectMapper)).build());
    }

    private OpenSearchTransport createDefaultTransport(ConnectConfiguration connectConfiguration) {
        ApacheHttpClient5TransportBuilder builder = ApacheHttpClient5TransportBuilder.builder(new HttpHost[]{getHttpHost(connectConfiguration)});
        builder.setHttpClientConfigCallback(httpAsyncClientBuilder -> {
            configureHttpClient(httpAsyncClientBuilder, connectConfiguration);
            return httpAsyncClientBuilder;
        });
        builder.setRequestConfigCallback(builder2 -> {
            setTimeouts(builder2, connectConfiguration);
            return builder2;
        });
        builder.setMapper(new SearchRequestJacksonJsonpMapperWrapper(this.objectMapper));
        return builder.build();
    }

    private boolean shouldCreateAWSBasedTransport() {
        try {
            DefaultCredentialsProvider.create().resolveCredentials();
            LOGGER.info("AWS Credentials can be resolved. Use AWS Opensearch");
            return true;
        } catch (Exception e) {
            LOGGER.warn("AWS not configured due to: {} ", e.getMessage());
            return false;
        }
    }

    private HttpHost getHttpHost(ConnectConfiguration connectConfiguration) {
        try {
            URI uri = new URI(connectConfiguration.getUrl());
            return new HttpHost(uri.getScheme(), uri.getHost(), uri.getPort());
        } catch (URISyntaxException e) {
            throw new SearchClientConnectException("Error in url: " + connectConfiguration.getUrl(), e);
        }
    }

    protected HttpAsyncClientBuilder configureHttpClient(HttpAsyncClientBuilder httpAsyncClientBuilder, ConnectConfiguration connectConfiguration) {
        setupAuthentication(httpAsyncClientBuilder, connectConfiguration);
        if (connectConfiguration.getSecurity() != null && connectConfiguration.getSecurity().isEnabled()) {
            setupSSLContext(httpAsyncClientBuilder, connectConfiguration.getSecurity());
        }
        return httpAsyncClientBuilder;
    }

    private RequestConfig.Builder setTimeouts(RequestConfig.Builder builder, ConnectConfiguration connectConfiguration) {
        if (connectConfiguration.getSocketTimeout() != null) {
            builder.setResponseTimeout(Timeout.ofMilliseconds(connectConfiguration.getSocketTimeout().intValue()));
        }
        if (connectConfiguration.getConnectTimeout() != null) {
            builder.setConnectTimeout(Timeout.ofMilliseconds(connectConfiguration.getConnectTimeout().intValue()));
        }
        return builder;
    }

    private HttpAsyncClientBuilder setupAuthentication(HttpAsyncClientBuilder httpAsyncClientBuilder, ConnectConfiguration connectConfiguration) {
        String username = connectConfiguration.getUsername();
        String password = connectConfiguration.getPassword();
        if (username == null || password == null || username.isEmpty() || password.isEmpty()) {
            LOGGER.warn("Username and/or password for are empty. Basic authentication for OpenSearch is not used.");
            return httpAsyncClientBuilder;
        }
        BasicCredentialsProvider basicCredentialsProvider = new BasicCredentialsProvider();
        basicCredentialsProvider.setCredentials(new AuthScope(getHttpHost(connectConfiguration)), new UsernamePasswordCredentials(connectConfiguration.getUsername(), connectConfiguration.getPassword().toCharArray()));
        httpAsyncClientBuilder.setDefaultCredentialsProvider(basicCredentialsProvider);
        return httpAsyncClientBuilder;
    }

    private void setupSSLContext(HttpAsyncClientBuilder httpAsyncClientBuilder, SecurityConfiguration securityConfiguration) {
        try {
            ClientTlsStrategyBuilder create = ClientTlsStrategyBuilder.create();
            create.setSslContext(SecurityUtil.getSSLContext(securityConfiguration, "opensearch-host"));
            if (!securityConfiguration.isVerifyHostname()) {
                create.setHostnameVerifier(NoopHostnameVerifier.INSTANCE);
            }
            httpAsyncClientBuilder.setConnectionManager(PoolingAsyncClientConnectionManagerBuilder.create().setTlsStrategy(create.build()).build());
        } catch (Exception e) {
            LOGGER.error("Error in setting up SSLContext", e);
        }
    }
}
