package org.elasticsearch.xpack.watcher.common.http;

import java.io.ByteArrayOutputStream;
import java.io.Closeable;
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URLDecoder;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicReference;
import org.apache.http.Header;
import org.apache.http.HttpHost;
import org.apache.http.ProtocolException;
import org.apache.http.auth.AuthScope;
import org.apache.http.auth.UsernamePasswordCredentials;
import org.apache.http.client.config.RequestConfig;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpEntityEnclosingRequestBase;
import org.apache.http.client.methods.HttpHead;
import org.apache.http.client.methods.HttpRequestWrapper;
import org.apache.http.client.protocol.HttpClientContext;
import org.apache.http.client.utils.URIBuilder;
import org.apache.http.client.utils.URIUtils;
import org.apache.http.config.SocketConfig;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.entity.ByteArrayEntity;
import org.apache.http.entity.ContentType;
import org.apache.http.impl.auth.BasicScheme;
import org.apache.http.impl.client.BasicAuthCache;
import org.apache.http.impl.client.BasicCredentialsProvider;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.DefaultRedirectStrategy;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.message.BasicNameValuePair;
import org.apache.http.protocol.HttpContext;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.apache.lucene.util.automaton.CharacterRunAutomaton;
import org.apache.lucene.util.automaton.MinimizationOperations;
import org.elasticsearch.ElasticsearchException;
import org.elasticsearch.cluster.service.ClusterService;
import org.elasticsearch.common.Strings;
import org.elasticsearch.common.regex.Regex;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.ssl.SslConfiguration;
import org.elasticsearch.common.unit.ByteSizeValue;
import org.elasticsearch.common.util.Maps;
import org.elasticsearch.core.Streams;
import org.elasticsearch.core.TimeValue;
import org.elasticsearch.core.Tuple;
import org.elasticsearch.xcontent.XContentFactory;
import org.elasticsearch.xcontent.XContentType;
import org.elasticsearch.xpack.core.common.socket.SocketAccess;
import org.elasticsearch.xpack.core.ssl.SSLService;
import org.elasticsearch.xpack.core.watcher.crypto.CryptoService;

/* loaded from: input_file:org/elasticsearch/xpack/watcher/common/http/HttpClient.class */
public class HttpClient implements Closeable {
    private static final String SETTINGS_SSL_PREFIX = "xpack.http.ssl.";
    private static final int MAX_CONNECTIONS = 500;
    private final AtomicReference<CharacterRunAutomaton> whitelistAutomaton = new AtomicReference<>();
    private final CloseableHttpClient client;
    private final HttpProxy settingsProxy;
    private final TimeValue defaultConnectionTimeout;
    private final TimeValue defaultReadTimeout;
    private final boolean tcpKeepaliveEnabled;
    private final TimeValue connectionPoolTtl;
    private final ByteSizeValue maxResponseSize;
    private final CryptoService cryptoService;
    private final SSLService sslService;
    private static final Logger logger = LogManager.getLogger(HttpClient.class);
    private static final CharacterRunAutomaton MATCH_ALL_AUTOMATON = new CharacterRunAutomaton(Regex.simpleMatchToAutomaton("*"));

    /* loaded from: input_file:org/elasticsearch/xpack/watcher/common/http/HttpClient$HttpMethodWithEntity.class */
    static final class HttpMethodWithEntity extends HttpEntityEnclosingRequestBase {
        private final String methodName;

        HttpMethodWithEntity(URI uri, String str) {
            this.methodName = str;
            setURI(uri);
        }

        @Override // org.apache.http.client.methods.HttpRequestBase, org.apache.http.client.methods.HttpUriRequest
        public String getMethod() {
            return this.methodName;
        }
    }

    public HttpClient(Settings settings, SSLService sSLService, CryptoService cryptoService, ClusterService clusterService) {
        this.defaultConnectionTimeout = (TimeValue) HttpSettings.CONNECTION_TIMEOUT.get(settings);
        this.defaultReadTimeout = (TimeValue) HttpSettings.READ_TIMEOUT.get(settings);
        this.tcpKeepaliveEnabled = ((Boolean) HttpSettings.TCP_KEEPALIVE.get(settings)).booleanValue();
        this.connectionPoolTtl = (TimeValue) HttpSettings.CONNECTION_POOL_TTL.get(settings);
        this.maxResponseSize = (ByteSizeValue) HttpSettings.MAX_HTTP_RESPONSE_SIZE.get(settings);
        this.settingsProxy = getProxyFromSettings(settings);
        this.cryptoService = cryptoService;
        this.sslService = sSLService;
        setWhitelistAutomaton((List) HttpSettings.HOSTS_WHITELIST.get(settings));
        clusterService.getClusterSettings().addSettingsUpdateConsumer(HttpSettings.HOSTS_WHITELIST, this::setWhitelistAutomaton);
        this.client = createHttpClient();
    }

    private CloseableHttpClient createHttpClient() {
        HttpClientBuilder create = HttpClientBuilder.create();
        SslConfiguration sSLConfiguration = this.sslService.getSSLConfiguration(SETTINGS_SSL_PREFIX);
        create.setSSLSocketFactory(new SSLConnectionSocketFactory(this.sslService.sslSocketFactory(sSLConfiguration), SSLService.getHostnameVerifier(sSLConfiguration)));
        SocketConfig.Builder custom = SocketConfig.custom();
        if (this.tcpKeepaliveEnabled) {
            custom.setSoKeepAlive(true);
        }
        create.setDefaultSocketConfig(custom.build());
        if (this.connectionPoolTtl.millis() > 0) {
            create.setConnectionTimeToLive(this.connectionPoolTtl.millis(), TimeUnit.MILLISECONDS);
        }
        create.evictExpiredConnections();
        create.setMaxConnPerRoute(MAX_CONNECTIONS);
        create.setMaxConnTotal(MAX_CONNECTIONS);
        create.disableCookieManagement();
        create.setRedirectStrategy(new DefaultRedirectStrategy() { // from class: org.elasticsearch.xpack.watcher.common.http.HttpClient.1
            public boolean isRedirected(org.apache.http.HttpRequest httpRequest, org.apache.http.HttpResponse httpResponse, HttpContext httpContext) throws ProtocolException {
                boolean isRedirected = super.isRedirected(httpRequest, httpResponse, httpContext);
                if (isRedirected) {
                    String value = httpResponse.getHeaders("Location")[0].getValue();
                    if (!HttpClient.this.isWhitelisted(value)) {
                        throw new ElasticsearchException("host [" + value + "] is not whitelisted in setting [" + HttpSettings.HOSTS_WHITELIST.getKey() + "], will not redirect", new Object[0]);
                    }
                }
                return isRedirected;
            }
        });
        create.addInterceptorFirst((httpRequest, httpContext) -> {
            if (!(httpRequest instanceof HttpRequestWrapper)) {
                throw new ElasticsearchException("unable to check request [{}/{}] for white listing", new Object[]{httpRequest, httpRequest.getClass().getName()});
            }
            HttpRequestWrapper httpRequestWrapper = (HttpRequestWrapper) httpRequest;
            String uri = httpRequestWrapper.getTarget() != null ? httpRequestWrapper.getTarget().toURI() : httpRequestWrapper.getOriginal().getRequestLine().getUri();
            if (!isWhitelisted(uri)) {
                throw new ElasticsearchException("host [" + uri + "] is not whitelisted in setting [" + HttpSettings.HOSTS_WHITELIST.getKey() + "], will not connect", new Object[0]);
            }
        });
        return create.build();
    }

    private void setWhitelistAutomaton(List<String> list) {
        this.whitelistAutomaton.set(createAutomaton(list));
    }

    /* JADX WARN: Multi-variable type inference failed */
    public HttpResponse execute(HttpRequest httpRequest) throws IOException {
        HttpHead httpHead;
        byte[] byteArray;
        XContentType xContentType;
        Tuple<HttpHost, URI> createURI = createURI(httpRequest);
        URI uri = (URI) createURI.v2();
        HttpHost httpHost = (HttpHost) createURI.v1();
        if (httpRequest.method == HttpMethod.HEAD) {
            httpHead = new HttpHead(uri);
        } else {
            HttpMethodWithEntity httpMethodWithEntity = new HttpMethodWithEntity(uri, httpRequest.method.name());
            if (httpRequest.hasBody()) {
                ByteArrayEntity byteArrayEntity = new ByteArrayEntity(httpRequest.body.getBytes(StandardCharsets.UTF_8));
                String str = httpRequest.headers().get("Content-Type");
                if (Strings.hasLength(str)) {
                    byteArrayEntity.setContentType(str);
                } else {
                    byteArrayEntity.setContentType(ContentType.TEXT_PLAIN.toString());
                }
                httpMethodWithEntity.setEntity(byteArrayEntity);
            }
            httpHead = httpMethodWithEntity;
        }
        httpHead.setHeader("Accept-Charset", StandardCharsets.UTF_8.name());
        if (!httpRequest.headers().isEmpty()) {
            for (Map.Entry<String, String> entry : httpRequest.headers.entrySet()) {
                httpHead.setHeader(entry.getKey(), entry.getValue());
            }
        }
        if (httpRequest.hasBody() && !httpHead.containsHeader("Content-Type") && (xContentType = XContentFactory.xContentType(httpRequest.body())) != null) {
            httpHead.setHeader("Content-Type", xContentType.mediaType());
        }
        RequestConfig.Builder custom = RequestConfig.custom();
        setProxy(custom, httpRequest, this.settingsProxy);
        HttpClientContext create = HttpClientContext.create();
        if (httpRequest.auth() != null) {
            BasicCredentialsProvider basicCredentialsProvider = new BasicCredentialsProvider();
            basicCredentialsProvider.setCredentials(new AuthScope(httpRequest.host, httpRequest.port), new UsernamePasswordCredentials(httpRequest.auth().username, new String(httpRequest.auth().password.text(this.cryptoService))));
            create.setCredentialsProvider(basicCredentialsProvider);
            BasicAuthCache basicAuthCache = new BasicAuthCache();
            basicAuthCache.put(httpHost, new BasicScheme());
            create.setAuthCache(basicAuthCache);
        }
        if (httpRequest.connectionTimeout() != null) {
            custom.setConnectTimeout(Math.toIntExact(httpRequest.connectionTimeout.millis()));
        } else {
            custom.setConnectTimeout(Math.toIntExact(this.defaultConnectionTimeout.millis()));
        }
        if (httpRequest.readTimeout() != null) {
            custom.setSocketTimeout(Math.toIntExact(httpRequest.readTimeout.millis()));
            custom.setConnectionRequestTimeout(Math.toIntExact(httpRequest.readTimeout.millis()));
        } else {
            custom.setSocketTimeout(Math.toIntExact(this.defaultReadTimeout.millis()));
            custom.setConnectionRequestTimeout(Math.toIntExact(this.defaultReadTimeout.millis()));
        }
        httpHead.setConfig(custom.build());
        HttpHead httpHead2 = httpHead;
        CloseableHttpResponse closeableHttpResponse = (CloseableHttpResponse) SocketAccess.doPrivileged(() -> {
            return this.client.execute(httpHost, httpHead2, create);
        });
        try {
            Header[] allHeaders = closeableHttpResponse.getAllHeaders();
            Map newMapWithExpectedSize = Maps.newMapWithExpectedSize(allHeaders.length);
            for (Header header : allHeaders) {
                String lowerCase = header.getName().toLowerCase(Locale.ROOT);
                if (newMapWithExpectedSize.containsKey(lowerCase)) {
                    String[] strArr = (String[]) newMapWithExpectedSize.get(lowerCase);
                    String[] strArr2 = new String[strArr.length + 1];
                    System.arraycopy(strArr, 0, strArr2, 0, strArr.length);
                    strArr2[strArr2.length - 1] = header.getValue();
                    newMapWithExpectedSize.put(lowerCase, strArr2);
                } else {
                    newMapWithExpectedSize.put(lowerCase, new String[]{header.getValue()});
                }
            }
            if (closeableHttpResponse.getEntity() == null) {
                byteArray = new byte[0];
            } else {
                ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                try {
                    SizeLimitInputStream sizeLimitInputStream = new SizeLimitInputStream(this.maxResponseSize, closeableHttpResponse.getEntity().getContent());
                    try {
                        Streams.copy(sizeLimitInputStream, byteArrayOutputStream);
                        sizeLimitInputStream.close();
                        byteArray = byteArrayOutputStream.toByteArray();
                        byteArrayOutputStream.close();
                    } catch (Throwable th) {
                        try {
                            sizeLimitInputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                        throw th;
                    }
                } finally {
                }
            }
            HttpResponse httpResponse = new HttpResponse(closeableHttpResponse.getStatusLine().getStatusCode(), byteArray, (Map<String, String[]>) newMapWithExpectedSize);
            if (closeableHttpResponse != null) {
                closeableHttpResponse.close();
            }
            return httpResponse;
        } catch (Throwable th3) {
            if (closeableHttpResponse != null) {
                try {
                    closeableHttpResponse.close();
                } catch (Throwable th4) {
                    th3.addSuppressed(th4);
                }
            }
            throw th3;
        }
    }

    static void setProxy(RequestConfig.Builder builder, HttpRequest httpRequest, HttpProxy httpProxy) {
        if (httpRequest.proxy != null && !httpRequest.proxy.equals(HttpProxy.NO_PROXY)) {
            builder.setProxy(new HttpHost(httpRequest.proxy.getHost(), httpRequest.proxy.getPort().intValue(), httpRequest.proxy.getScheme() != null ? httpRequest.proxy.getScheme().scheme() : Scheme.HTTP.scheme()));
        } else {
            if (HttpProxy.NO_PROXY.equals(httpProxy)) {
                return;
            }
            builder.setProxy(new HttpHost(httpProxy.getHost(), httpProxy.getPort().intValue(), httpProxy.getScheme().scheme()));
        }
    }

    private static HttpProxy getProxyFromSettings(Settings settings) {
        String str = (String) HttpSettings.PROXY_HOST.get(settings);
        Scheme parse = HttpSettings.PROXY_SCHEME.exists(settings) ? Scheme.parse((String) HttpSettings.PROXY_SCHEME.get(settings)) : Scheme.HTTP;
        int intValue = ((Integer) HttpSettings.PROXY_PORT.get(settings)).intValue();
        if (intValue == 0 || !Strings.hasText(str)) {
            if ((intValue != 0) ^ Strings.hasText(str)) {
                throw new IllegalArgumentException("HTTP proxy requires both settings: [" + HttpSettings.PROXY_HOST.getKey() + "] and [" + HttpSettings.PROXY_PORT.getKey() + "]");
            }
        } else {
            logger.info("Using default proxy for http input and slack/pagerduty/webhook actions [{}:{}]", str, Integer.valueOf(intValue));
        }
        return (intValue <= 0 || !Strings.hasText(str)) ? HttpProxy.NO_PROXY : new HttpProxy(str, Integer.valueOf(intValue), parse);
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v44, types: [java.util.List] */
    static Tuple<HttpHost, URI> createURI(HttpRequest httpRequest) {
        ArrayList arrayList;
        try {
            ArrayList arrayList2 = new ArrayList(httpRequest.params.size());
            httpRequest.params.forEach((str, str2) -> {
                arrayList2.add(new BasicNameValuePair(str, str2));
            });
            if (Strings.isEmpty(httpRequest.path)) {
                arrayList = Collections.emptyList();
            } else {
                String[] split = httpRequest.path.split("/");
                boolean endsWith = httpRequest.path.endsWith("/");
                arrayList = new ArrayList(split.length);
                int i = 0;
                while (i < split.length) {
                    String str3 = split[i];
                    boolean z = i == split.length - 1;
                    if (!Strings.isEmpty(str3)) {
                        arrayList.add(URLDecoder.decode(str3, StandardCharsets.UTF_8));
                        if (endsWith && z) {
                            arrayList.add("");
                        }
                    }
                    i++;
                }
            }
            URI build = new URIBuilder().setScheme(httpRequest.scheme().scheme()).setHost(httpRequest.host).setPort(httpRequest.port).setPathSegments(arrayList).setParameters(arrayList2).build();
            return new Tuple<>(URIUtils.extractHost(build), build);
        } catch (URISyntaxException e) {
            throw new IllegalArgumentException(e);
        }
    }

    @Override // java.io.Closeable, java.lang.AutoCloseable
    public void close() throws IOException {
        this.client.close();
    }

    private boolean isWhitelisted(String str) {
        return this.whitelistAutomaton.get().run(str);
    }

    static CharacterRunAutomaton createAutomaton(List<String> list) {
        return list.isEmpty() ? MATCH_ALL_AUTOMATON : new CharacterRunAutomaton(MinimizationOperations.minimize(Regex.simpleMatchToAutomaton((String[]) list.toArray(Strings.EMPTY_ARRAY)), 10000));
    }
}
