package dev.langchain4j.store.embedding.elasticsearch.spring;

import dev.langchain4j.internal.Utils;
import java.io.ByteArrayInputStream;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import org.apache.http.Header;
import org.apache.http.HttpHost;
import org.apache.http.auth.AuthScope;
import org.apache.http.auth.UsernamePasswordCredentials;
import org.apache.http.impl.client.BasicCredentialsProvider;
import org.apache.http.message.BasicHeader;
import org.apache.http.ssl.SSLContexts;
import org.apache.http.ssl.TrustStrategy;
import org.elasticsearch.client.RestClient;
import org.elasticsearch.client.RestClientBuilder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:dev/langchain4j/store/embedding/elasticsearch/spring/ElasticsearchClientHelper.class */
class ElasticsearchClientHelper {
    private static final Logger log = LoggerFactory.getLogger(ElasticsearchClientHelper.class);
    private static final TrustManager[] trustAllCerts = {new X509TrustManager() { // from class: dev.langchain4j.store.embedding.elasticsearch.spring.ElasticsearchClientHelper.1
        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return null;
        }
    }};

    ElasticsearchClientHelper() {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static RestClient getClient(String str, String str2, String str3, String str4, boolean z, byte[] bArr) {
        log.debug("Trying to connect to {}.", str);
        RestClientBuilder builder = RestClient.builder(new HttpHost[]{HttpHost.create(str)});
        if (Utils.isNullOrBlank(str2)) {
            BasicCredentialsProvider basicCredentialsProvider = new BasicCredentialsProvider();
            basicCredentialsProvider.setCredentials(AuthScope.ANY, new UsernamePasswordCredentials(str3, str4));
            builder.setHttpClientConfigCallback(httpAsyncClientBuilder -> {
                return httpAsyncClientBuilder.setDefaultCredentialsProvider(basicCredentialsProvider).setSSLContext(getSSLContext(z, bArr));
            });
        } else {
            builder.setDefaultHeaders(new Header[]{new BasicHeader("Authorization", "Apikey " + str2)});
        }
        return builder.build();
    }

    private static SSLContext getSSLContext(boolean z, byte[] bArr) {
        if (!z) {
            return createTrustAllCertsContext();
        }
        if (bArr == null) {
            return null;
        }
        return createContextFromCaCert(bArr);
    }

    private static SSLContext createContextFromCaCert(byte[] bArr) {
        try {
            Certificate generateCertificate = CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(bArr));
            KeyStore keyStore = KeyStore.getInstance("pkcs12");
            keyStore.load(null, null);
            keyStore.setCertificateEntry("ca", generateCertificate);
            return SSLContexts.custom().loadTrustMaterial(keyStore, (TrustStrategy) null).build();
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    private static SSLContext createTrustAllCertsContext() {
        try {
            SSLContext sSLContext = SSLContext.getInstance("SSL");
            sSLContext.init(null, trustAllCerts, new SecureRandom());
            return sSLContext;
        } catch (KeyManagementException | NoSuchAlgorithmException e) {
            throw new RuntimeException("Can not create the SSLContext", e);
        }
    }
}
