package org.opensearch.gradle.http;

import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.net.HttpURLConnection;
import java.net.MalformedURLException;
import java.net.URL;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.util.Arrays;
import java.util.Base64;
import java.util.Collections;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import java.util.concurrent.TimeUnit;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManagerFactory;
import org.gradle.api.logging.Logger;
import org.gradle.api.logging.Logging;

/* loaded from: input_file:org/opensearch/gradle/http/WaitForHttpResource.class */
public class WaitForHttpResource {
    private static final Logger logger = Logging.getLogger(WaitForHttpResource.class);
    private Set<Integer> validResponseCodes;
    private URL url;
    private Set<File> certificateAuthorities;
    private File trustStoreFile;
    private String trustStorePassword;
    private String username;
    private String password;

    public WaitForHttpResource(String str, String str2, int i) throws MalformedURLException {
        this(new URL(str + "://" + str2 + "/_cluster/health?wait_for_nodes=>=" + i + "&wait_for_status=yellow"));
    }

    public WaitForHttpResource(String str, String str2, String str3, String str4, int i) throws MalformedURLException {
        this(new URL(str + "://" + str3 + ":" + str4 + "@" + str2 + "/_cluster/health?wait_for_nodes=>=" + i + "&wait_for_status=yellow"));
    }

    public WaitForHttpResource(URL url) {
        this.validResponseCodes = Collections.singleton(200);
        this.url = url;
    }

    public void setValidResponseCodes(int... iArr) {
        this.validResponseCodes = new HashSet(iArr.length);
        for (int i : iArr) {
            this.validResponseCodes.add(Integer.valueOf(i));
        }
    }

    public void setCertificateAuthorities(File... fileArr) {
        this.certificateAuthorities = new HashSet(Arrays.asList(fileArr));
    }

    public void setTrustStoreFile(File file) {
        this.trustStoreFile = file;
    }

    public void setTrustStorePassword(String str) {
        this.trustStorePassword = str;
    }

    public void setUsername(String str) {
        this.username = str;
    }

    public void setPassword(String str) {
        this.password = str;
    }

    public boolean wait(int i) throws GeneralSecurityException, InterruptedException, IOException {
        long nanoTime = System.nanoTime() + TimeUnit.MILLISECONDS.toNanos(i);
        long max = Long.max(i / 10, 100L);
        KeyStore buildTrustStore = buildTrustStore();
        SSLContext createSslContext = buildTrustStore != null ? createSslContext(buildTrustStore) : null;
        while (true) {
            try {
                checkResource(createSslContext);
                return true;
            } catch (IOException e) {
                logger.debug("Failed to access resource [{}]", this.url, e);
                if (System.nanoTime() >= nanoTime) {
                    throw e;
                }
                Thread.sleep(max);
            }
        }
    }

    protected void checkResource(SSLContext sSLContext) throws IOException {
        HttpURLConnection buildConnection = buildConnection(sSLContext);
        buildConnection.connect();
        Integer valueOf = Integer.valueOf(buildConnection.getResponseCode());
        if (!this.validResponseCodes.contains(valueOf)) {
            throw new IOException(valueOf + " " + buildConnection.getResponseMessage());
        }
        logger.info("Got successful response [{}] from URL [{}]", valueOf, this.url);
    }

    HttpURLConnection buildConnection(SSLContext sSLContext) throws IOException {
        HttpURLConnection httpURLConnection = (HttpURLConnection) this.url.openConnection();
        configureSslContext(httpURLConnection, sSLContext);
        configureBasicAuth(httpURLConnection);
        httpURLConnection.setRequestMethod("GET");
        return httpURLConnection;
    }

    private void configureSslContext(HttpURLConnection httpURLConnection, SSLContext sSLContext) {
        if (sSLContext != null) {
            if (!(httpURLConnection instanceof HttpsURLConnection)) {
                throw new IllegalStateException("SSL trust has been configured, but [" + String.valueOf(this.url) + "] is not a 'https' URL");
            }
            ((HttpsURLConnection) httpURLConnection).setSSLSocketFactory(sSLContext.getSocketFactory());
        }
    }

    private void configureBasicAuth(HttpURLConnection httpURLConnection) {
        if (this.username != null) {
            if (this.password == null) {
                throw new IllegalStateException("Basic Auth user [" + this.username + "] has been set, but no password has been configured");
            }
            httpURLConnection.setRequestProperty("Authorization", "Basic " + Base64.getEncoder().encodeToString((this.username + ":" + this.password).getBytes(StandardCharsets.UTF_8)));
        }
    }

    KeyStore buildTrustStore() throws GeneralSecurityException, IOException {
        if (this.certificateAuthorities != null) {
            if (this.trustStoreFile != null) {
                throw new IllegalStateException("Cannot specify both truststore and CAs");
            }
            return buildTrustStoreFromCA();
        }
        if (this.trustStoreFile != null) {
            return buildTrustStoreFromFile();
        }
        return null;
    }

    private KeyStore buildTrustStoreFromFile() throws GeneralSecurityException, IOException {
        KeyStore keyStore = KeyStore.getInstance(this.trustStoreFile.getName().endsWith(".jks") ? "JKS" : "PKCS12");
        FileInputStream fileInputStream = new FileInputStream(this.trustStoreFile);
        try {
            keyStore.load(fileInputStream, this.trustStorePassword == null ? null : this.trustStorePassword.toCharArray());
            fileInputStream.close();
            return keyStore;
        } catch (Throwable th) {
            try {
                fileInputStream.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    private KeyStore buildTrustStoreFromCA() throws GeneralSecurityException, IOException {
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(null, null);
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        int i = 0;
        Iterator<File> it = this.certificateAuthorities.iterator();
        while (it.hasNext()) {
            FileInputStream fileInputStream = new FileInputStream(it.next());
            try {
                Iterator<? extends Certificate> it2 = certificateFactory.generateCertificates(fileInputStream).iterator();
                while (it2.hasNext()) {
                    keyStore.setCertificateEntry("cert-" + i, it2.next());
                    i++;
                }
                fileInputStream.close();
            } catch (Throwable th) {
                try {
                    fileInputStream.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
                throw th;
            }
        }
        return keyStore;
    }

    private SSLContext createSslContext(KeyStore keyStore) throws GeneralSecurityException {
        checkForTrustEntry(keyStore);
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(keyStore);
        SSLContext sSLContext = SSLContext.getInstance("TLSv1.2");
        sSLContext.init(new KeyManager[0], trustManagerFactory.getTrustManagers(), new SecureRandom());
        return sSLContext;
    }

    private void checkForTrustEntry(KeyStore keyStore) throws KeyStoreException {
        Enumeration<String> aliases = keyStore.aliases();
        while (aliases.hasMoreElements()) {
            if (keyStore.isCertificateEntry(aliases.nextElement())) {
                return;
            }
        }
        throw new IllegalStateException("Trust-store does not contain any trusted certificate entries");
    }
}
