package org.janusgraph.diskstorage.es.rest.util;

import java.io.File;
import java.io.IOException;
import java.security.KeyManagementException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import org.apache.commons.lang3.StringUtils;
import org.apache.http.conn.ssl.NoopHostnameVerifier;
import org.apache.http.conn.ssl.TrustSelfSignedStrategy;
import org.apache.http.impl.nio.client.HttpAsyncClientBuilder;
import org.apache.http.ssl.SSLContextBuilder;
import org.apache.http.ssl.SSLContexts;
import org.elasticsearch.client.RestClientBuilder;

/* loaded from: input_file:WEB-INF/lib/janusgraph-es-0.3.1.jar:org/janusgraph/diskstorage/es/rest/util/SSLConfigurationCallback.class */
public class SSLConfigurationCallback implements RestClientBuilder.HttpClientConfigCallback {
    private final String trustStoreFile;
    private final String trustStorePassword;
    private final String keyStoreFile;
    private final String keyStorePassword;
    private final String keyPassword;
    private final SSLContextBuilder sslContextBuilder;
    private final boolean disableHostNameVerification;
    private final boolean allowSelfSignedCertificates;

    /* loaded from: input_file:WEB-INF/lib/janusgraph-es-0.3.1.jar:org/janusgraph/diskstorage/es/rest/util/SSLConfigurationCallback$Builder.class */
    public static class Builder {
        private final SSLContextBuilder sslContextBuilder;
        private String trustStoreFile;
        private String trustStorePassword;
        private String keyStoreFile;
        private String keyStorePassword;
        private String keyPassword;
        private boolean disableHostNameVerification;
        private boolean allowSelfSignedCertificates;

        private Builder(SSLContextBuilder sSLContextBuilder) {
            this.sslContextBuilder = sSLContextBuilder;
        }

        public static Builder createCustom(SSLContextBuilder sSLContextBuilder) {
            return new Builder(sSLContextBuilder);
        }

        public static Builder create() {
            return new Builder(SSLContexts.custom());
        }

        public Builder withTrustStore(String str, String str2) {
            this.trustStoreFile = str;
            this.trustStorePassword = str2;
            return this;
        }

        public Builder withKeyStore(String str, String str2, String str3) {
            this.keyStoreFile = str;
            this.keyStorePassword = str2;
            this.keyPassword = str3;
            return this;
        }

        public Builder disableHostNameVerification() {
            this.disableHostNameVerification = true;
            return this;
        }

        public Builder allowSelfSignedCertificates() {
            this.allowSelfSignedCertificates = true;
            return this;
        }

        public SSLConfigurationCallback build() {
            return new SSLConfigurationCallback(this.sslContextBuilder, this.trustStoreFile, this.trustStorePassword, this.keyStoreFile, this.keyStorePassword, this.keyPassword, this.disableHostNameVerification, this.allowSelfSignedCertificates);
        }
    }

    private SSLConfigurationCallback(SSLContextBuilder sSLContextBuilder, String str, String str2, String str3, String str4, String str5, boolean z, boolean z2) {
        this.sslContextBuilder = sSLContextBuilder;
        this.trustStoreFile = str;
        this.trustStorePassword = str2;
        this.keyStoreFile = str3;
        this.keyStorePassword = str4;
        this.keyPassword = str5;
        this.disableHostNameVerification = z;
        this.allowSelfSignedCertificates = z2;
    }

    @Override // org.elasticsearch.client.RestClientBuilder.HttpClientConfigCallback
    public HttpAsyncClientBuilder customizeHttpClient(HttpAsyncClientBuilder httpAsyncClientBuilder) {
        TrustSelfSignedStrategy trustSelfSignedStrategy = this.allowSelfSignedCertificates ? new TrustSelfSignedStrategy() : null;
        try {
            if (StringUtils.isNotEmpty(this.trustStoreFile)) {
                this.sslContextBuilder.loadTrustMaterial(new File(this.trustStoreFile), this.trustStorePassword.toCharArray(), trustSelfSignedStrategy);
            } else {
                this.sslContextBuilder.loadTrustMaterial(trustSelfSignedStrategy);
            }
            try {
                if (StringUtils.isNotEmpty(this.keyStoreFile)) {
                    this.sslContextBuilder.loadKeyMaterial(new File(this.keyStoreFile), this.keyStorePassword.toCharArray(), this.keyPassword.toCharArray());
                }
                try {
                    httpAsyncClientBuilder.setSSLContext(this.sslContextBuilder.build());
                    if (this.disableHostNameVerification) {
                        httpAsyncClientBuilder.setSSLHostnameVerifier(new NoopHostnameVerifier());
                    }
                    return httpAsyncClientBuilder;
                } catch (KeyManagementException | NoSuchAlgorithmException e) {
                    throw new RuntimeException("SSL context initialization failed", e);
                }
            } catch (IOException e2) {
                throw new RuntimeException("Unable to load key store data from " + this.keyStoreFile, e2);
            } catch (KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException | CertificateException e3) {
                throw new RuntimeException("Invalid key store file " + this.keyStoreFile, e3);
            }
        } catch (IOException e4) {
            throw new RuntimeException("Unable to load trust store data from " + this.trustStoreFile, e4);
        } catch (KeyStoreException | NoSuchAlgorithmException | CertificateException e5) {
            throw new RuntimeException("Invalid trust store file " + this.trustStoreFile, e5);
        }
    }
}
