package org.elasticsearch.xpack.security.authc.esnative.tool;

import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.HttpURLConnection;
import java.net.InetAddress;
import java.net.URL;
import java.nio.charset.StandardCharsets;
import java.security.AccessController;
import java.util.Collections;
import java.util.List;
import java.util.Objects;
import javax.net.ssl.HttpsURLConnection;
import org.elasticsearch.common.CheckedSupplier;
import org.elasticsearch.common.Strings;
import org.elasticsearch.common.network.InetAddresses;
import org.elasticsearch.common.network.NetworkService;
import org.elasticsearch.common.settings.SecureString;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.transport.PortsRange;
import org.elasticsearch.core.CheckedFunction;
import org.elasticsearch.core.Releasable;
import org.elasticsearch.core.Releasables;
import org.elasticsearch.core.SuppressForbidden;
import org.elasticsearch.env.Environment;
import org.elasticsearch.http.HttpTransportSettings;
import org.elasticsearch.xcontent.XContentType;
import org.elasticsearch.xpack.core.XPackSettings;
import org.elasticsearch.xpack.core.common.socket.SocketAccess;
import org.elasticsearch.xpack.core.security.authc.support.UsernamePasswordToken;
import org.elasticsearch.xpack.core.ssl.SSLConfiguration;
import org.elasticsearch.xpack.core.ssl.SSLService;
import org.elasticsearch.xpack.security.authc.esnative.tool.HttpResponse;
import org.elasticsearch.xpack.security.authc.kerberos.KerberosAuthenticationToken;

/* loaded from: input_file:org/elasticsearch/xpack/security/authc/esnative/tool/CommandLineHttpClient.class */
public class CommandLineHttpClient {
    private static final int READ_TIMEOUT = 35000;
    private final Settings settings;
    private final Environment env;

    public CommandLineHttpClient(Settings settings, Environment environment) {
        this.settings = settings;
        this.env = environment;
    }

    @SuppressForbidden(reason = "We call connect in doPrivileged and provide SocketPermission")
    public HttpResponse execute(String str, URL url, String str2, SecureString secureString, CheckedSupplier<String, Exception> checkedSupplier, CheckedFunction<InputStream, HttpResponse.HttpResponseBuilder, Exception> checkedFunction) throws Exception {
        HttpURLConnection httpURLConnection;
        HttpResponse.HttpResponseBuilder httpResponseBuilder;
        InputStream inputStream;
        if ("https".equalsIgnoreCase(url.getProtocol())) {
            SSLService sSLService = new SSLService(this.settings, this.env);
            HttpsURLConnection httpsURLConnection = (HttpsURLConnection) url.openConnection();
            AccessController.doPrivileged(() -> {
                SSLConfiguration httpTransportSSLConfiguration = sSLService.getHttpTransportSSLConfiguration();
                httpsURLConnection.setSSLSocketFactory(sSLService.sslSocketFactory(httpTransportSSLConfiguration));
                if (httpTransportSSLConfiguration.verificationMode().isHostnameVerificationEnabled()) {
                    return null;
                }
                httpsURLConnection.setHostnameVerifier((str3, sSLSession) -> {
                    return true;
                });
                return null;
            });
            httpURLConnection = httpsURLConnection;
        } else {
            httpURLConnection = (HttpURLConnection) url.openConnection();
        }
        httpURLConnection.setRequestMethod(str);
        httpURLConnection.setReadTimeout(READ_TIMEOUT);
        httpURLConnection.setRequestProperty(KerberosAuthenticationToken.AUTH_HEADER, UsernamePasswordToken.basicAuthHeaderValue(str2, secureString));
        httpURLConnection.setRequestProperty("Content-Type", XContentType.JSON.mediaType());
        String str3 = (String) checkedSupplier.get();
        httpURLConnection.setDoOutput(str3 != null);
        HttpURLConnection httpURLConnection2 = httpURLConnection;
        Objects.requireNonNull(httpURLConnection2);
        SocketAccess.doPrivileged(httpURLConnection2::connect);
        if (str3 != null) {
            try {
                OutputStream outputStream = httpURLConnection.getOutputStream();
                try {
                    outputStream.write(str3.getBytes(StandardCharsets.UTF_8));
                    if (outputStream != null) {
                        outputStream.close();
                    }
                } finally {
                }
            } catch (Exception e) {
                HttpURLConnection httpURLConnection3 = httpURLConnection;
                Objects.requireNonNull(httpURLConnection3);
                Releasables.closeWhileHandlingException(new Releasable[]{httpURLConnection3::disconnect});
                throw e;
            }
        }
        int responseCode = httpURLConnection.getResponseCode();
        try {
            try {
                inputStream = httpURLConnection.getInputStream();
            } catch (IOException e2) {
                InputStream errorStream = httpURLConnection.getErrorStream();
                try {
                    httpResponseBuilder = (HttpResponse.HttpResponseBuilder) checkedFunction.apply(errorStream);
                    if (errorStream != null) {
                        errorStream.close();
                    }
                    HttpURLConnection httpURLConnection4 = httpURLConnection;
                    Objects.requireNonNull(httpURLConnection4);
                    Releasables.closeWhileHandlingException(new Releasable[]{httpURLConnection4::disconnect});
                } finally {
                }
            }
            try {
                httpResponseBuilder = (HttpResponse.HttpResponseBuilder) checkedFunction.apply(inputStream);
                if (inputStream != null) {
                    inputStream.close();
                }
                HttpURLConnection httpURLConnection5 = httpURLConnection;
                Objects.requireNonNull(httpURLConnection5);
                Releasables.closeWhileHandlingException(new Releasable[]{httpURLConnection5::disconnect});
                httpResponseBuilder.withHttpStatus(responseCode);
                return httpResponseBuilder.build();
            } catch (Throwable th) {
                if (inputStream != null) {
                    try {
                        inputStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
                throw th;
            }
        } catch (Throwable th3) {
            HttpURLConnection httpURLConnection6 = httpURLConnection;
            Objects.requireNonNull(httpURLConnection6);
            Releasables.closeWhileHandlingException(new Releasable[]{httpURLConnection6::disconnect});
            throw th3;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String getDefaultURL() {
        String str = ((Boolean) XPackSettings.HTTP_SSL_ENABLED.get(this.settings)).booleanValue() ? "https" : "http";
        List list = (List) HttpTransportSettings.SETTING_HTTP_PUBLISH_HOST.get(this.settings);
        if (list.isEmpty()) {
            list = (List) NetworkService.GLOBAL_NETWORK_PUBLISH_HOST_SETTING.get(this.settings);
        }
        try {
            InetAddress resolvePublishHostAddresses = new NetworkService(Collections.emptyList()).resolvePublishHostAddresses((String[]) list.toArray(Strings.EMPTY_ARRAY));
            int intValue = ((Integer) HttpTransportSettings.SETTING_HTTP_PUBLISH_PORT.get(this.settings)).intValue();
            if (intValue <= 0) {
                int[] ports = ((PortsRange) HttpTransportSettings.SETTING_HTTP_PORT.get(this.settings)).ports();
                if (ports.length > 0) {
                    intValue = ports[0];
                }
                if (intValue <= 0) {
                    throw new IllegalStateException("unable to determine http port from settings");
                }
            }
            return str + "://" + InetAddresses.toUriString(resolvePublishHostAddresses) + ":" + intValue;
        } catch (Exception e) {
            throw new IllegalStateException("unable to determine default URL from settings, please use the -u option to explicitly provide the url", e);
        }
    }
}
