package org.opensearch.migrations.bulkload.common.http;

import com.beust.jcommander.Parameter;
import com.beust.jcommander.ParametersDelegate;
import com.beust.jcommander.converters.PathConverter;
import java.net.URI;
import java.net.URISyntaxException;
import java.nio.file.Path;
import java.time.Clock;
import lombok.Generated;
import software.amazon.awssdk.auth.credentials.DefaultCredentialsProvider;

/* loaded from: input_file:org/opensearch/migrations/bulkload/common/http/ConnectionContext.class */
public class ConnectionContext {
    private final URI uri;
    private final Protocol protocol;
    private final boolean insecure;
    private final RequestTransformer requestTransformer;
    private final boolean compressionSupported;
    private final boolean awsSpecificAuthentication;
    private TlsCredentialsProvider tlsCredentialsProvider;
    static final /* synthetic */ boolean $assertionsDisabled;

    /* loaded from: input_file:org/opensearch/migrations/bulkload/common/http/ConnectionContext$IParams.class */
    public interface IParams {
        String getHost();

        String getUsername();

        String getPassword();

        String getAwsRegion();

        String getAwsServiceSigningName();

        Path getCaCert();

        Path getClientCert();

        Path getClientCertKey();

        boolean isCompressionEnabled();

        boolean isInsecure();

        default ConnectionContext toConnectionContext() {
            return new ConnectionContext(this);
        }
    }

    /* loaded from: input_file:org/opensearch/migrations/bulkload/common/http/ConnectionContext$Protocol.class */
    public enum Protocol {
        HTTP,
        HTTPS
    }

    /* loaded from: input_file:org/opensearch/migrations/bulkload/common/http/ConnectionContext$SourceArgs.class */
    public static class SourceArgs implements IParams {

        @Parameter(names = {"--source-host", "--sourceHost"}, description = "The source host and port (e.g. http://localhost:9200)", required = false)
        public String host = null;

        @Parameter(names = {"--source-username", "--sourceUsername"}, description = "The source username; if not provided, will assume no auth on source", required = false)
        public String username = null;

        @Parameter(names = {"--source-password", "--sourcePassword"}, description = "The source password; if not provided, will assume no auth on source", required = false)
        public String password = null;

        @Parameter(names = {"--source-cacert", "--sourceCaCert"}, description = "Optional. The source CA certificate", required = false, converter = PathConverter.class)
        public Path caCert = null;

        @Parameter(names = {"--source-client-cert", "--sourceClientCert"}, description = "Optional. The source client TLS certificate", required = false, converter = PathConverter.class)
        public Path clientCert = null;

        @Parameter(names = {"--source-client-cert-key", "--sourceClientCertKey"}, description = "Optional. The source client TLS certificate key", required = false, converter = PathConverter.class)
        public Path clientCertKey = null;

        @Parameter(names = {"--source-aws-region", "--sourceAwsRegion"}, description = "Optional. The source aws region, e.g. 'us-east-1'. Required if sigv4 auth is used", required = false)
        public String awsRegion = null;

        @Parameter(names = {"--source-aws-service-signing-name", "--sourceAwsServiceSigningName"}, description = "Optional. The source aws service signing name, e.g 'es' for Amazon OpenSearch Service and 'aoss' for Amazon OpenSearch Serverless. Required if sigv4 auth is used.", required = false)
        public String awsServiceSigningName = null;

        @Parameter(names = {"--source-insecure", "--sourceInsecure"}, description = "Allow untrusted SSL certificates for source", required = false)
        public boolean insecure = false;

        @Override // org.opensearch.migrations.bulkload.common.http.ConnectionContext.IParams
        public boolean isCompressionEnabled() {
            return false;
        }

        @Override // org.opensearch.migrations.bulkload.common.http.ConnectionContext.IParams
        @Generated
        public String getHost() {
            return this.host;
        }

        @Override // org.opensearch.migrations.bulkload.common.http.ConnectionContext.IParams
        @Generated
        public String getUsername() {
            return this.username;
        }

        @Override // org.opensearch.migrations.bulkload.common.http.ConnectionContext.IParams
        @Generated
        public String getPassword() {
            return this.password;
        }

        @Override // org.opensearch.migrations.bulkload.common.http.ConnectionContext.IParams
        @Generated
        public Path getCaCert() {
            return this.caCert;
        }

        @Override // org.opensearch.migrations.bulkload.common.http.ConnectionContext.IParams
        @Generated
        public Path getClientCert() {
            return this.clientCert;
        }

        @Override // org.opensearch.migrations.bulkload.common.http.ConnectionContext.IParams
        @Generated
        public Path getClientCertKey() {
            return this.clientCertKey;
        }

        @Override // org.opensearch.migrations.bulkload.common.http.ConnectionContext.IParams
        @Generated
        public String getAwsRegion() {
            return this.awsRegion;
        }

        @Override // org.opensearch.migrations.bulkload.common.http.ConnectionContext.IParams
        @Generated
        public String getAwsServiceSigningName() {
            return this.awsServiceSigningName;
        }

        @Override // org.opensearch.migrations.bulkload.common.http.ConnectionContext.IParams
        @Generated
        public boolean isInsecure() {
            return this.insecure;
        }
    }

    /* loaded from: input_file:org/opensearch/migrations/bulkload/common/http/ConnectionContext$TargetAdvancedArgs.class */
    public static class TargetAdvancedArgs {

        @Parameter(names = {"--target-compression", "--targetCompression"}, description = "**Advanced**. Allow request compression to target", required = false)
        public boolean compressionEnabled = false;

        @Generated
        public boolean isCompressionEnabled() {
            return this.compressionEnabled;
        }
    }

    /* loaded from: input_file:org/opensearch/migrations/bulkload/common/http/ConnectionContext$TargetArgs.class */
    public static class TargetArgs implements IParams {

        @Parameter(names = {"--target-host", "--targetHost"}, description = "The target host and port (e.g. http://localhost:9200)", required = true)
        public String host;

        @Parameter(names = {"--target-username", "--targetUsername"}, description = "Optional.  The target username; if not provided, will assume no auth on target", required = false)
        public String username = null;

        @Parameter(names = {"--target-password", "--targetPassword"}, description = "Optional.  The target password; if not provided, will assume no auth on target", required = false)
        public String password = null;

        @Parameter(names = {"--target-cacert", "--targetCaCert"}, description = "Optional. The target CA certificate", required = false, converter = PathConverter.class)
        public Path caCert = null;

        @Parameter(names = {"--target-client-cert", "--targetClientCert"}, description = "Optional. The target client TLS certificate", required = false, converter = PathConverter.class)
        public Path clientCert = null;

        @Parameter(names = {"--target-client-cert-key", "--targetClientCertKey"}, description = "Optional. The target client TLS certificate key", required = false, converter = PathConverter.class)
        public Path clientCertKey = null;

        @Parameter(names = {"--target-aws-region", "--targetAwsRegion"}, description = "Optional. The target aws region. Required only if sigv4 auth is used", required = false)
        public String awsRegion = null;

        @Parameter(names = {"--target-aws-service-signing-name", "--targetAwsServiceSigningName"}, description = "Optional. The target aws service signing name, e.g 'es' for Amazon OpenSearch Service and 'aoss' for Amazon OpenSearch Serverless. Required if sigv4 auth is used.", required = false)
        public String awsServiceSigningName = null;

        @Parameter(names = {"--target-insecure", "--targetInsecure"}, description = "Allow untrusted SSL certificates for target", required = false)
        public boolean insecure = false;

        @ParametersDelegate
        TargetAdvancedArgs advancedArgs = new TargetAdvancedArgs();

        @Override // org.opensearch.migrations.bulkload.common.http.ConnectionContext.IParams
        public boolean isCompressionEnabled() {
            return this.advancedArgs.isCompressionEnabled();
        }

        @Override // org.opensearch.migrations.bulkload.common.http.ConnectionContext.IParams
        @Generated
        public String getHost() {
            return this.host;
        }

        @Override // org.opensearch.migrations.bulkload.common.http.ConnectionContext.IParams
        @Generated
        public String getUsername() {
            return this.username;
        }

        @Override // org.opensearch.migrations.bulkload.common.http.ConnectionContext.IParams
        @Generated
        public String getPassword() {
            return this.password;
        }

        @Override // org.opensearch.migrations.bulkload.common.http.ConnectionContext.IParams
        @Generated
        public Path getCaCert() {
            return this.caCert;
        }

        @Override // org.opensearch.migrations.bulkload.common.http.ConnectionContext.IParams
        @Generated
        public Path getClientCert() {
            return this.clientCert;
        }

        @Override // org.opensearch.migrations.bulkload.common.http.ConnectionContext.IParams
        @Generated
        public Path getClientCertKey() {
            return this.clientCertKey;
        }

        @Override // org.opensearch.migrations.bulkload.common.http.ConnectionContext.IParams
        @Generated
        public String getAwsRegion() {
            return this.awsRegion;
        }

        @Override // org.opensearch.migrations.bulkload.common.http.ConnectionContext.IParams
        @Generated
        public String getAwsServiceSigningName() {
            return this.awsServiceSigningName;
        }

        @Override // org.opensearch.migrations.bulkload.common.http.ConnectionContext.IParams
        @Generated
        public boolean isInsecure() {
            return this.insecure;
        }

        @Generated
        public TargetAdvancedArgs getAdvancedArgs() {
            return this.advancedArgs;
        }
    }

    private ConnectionContext(IParams iParams) {
        if (!$assertionsDisabled && iParams.getHost() == null) {
            throw new AssertionError("host is null");
        }
        this.insecure = iParams.isInsecure();
        try {
            this.uri = new URI(iParams.getHost());
            if (this.uri.getScheme().equals("http")) {
                this.protocol = Protocol.HTTP;
            } else {
                if (!this.uri.getScheme().equals("https")) {
                    throw new IllegalArgumentException("Invalid protocol");
                }
                this.protocol = Protocol.HTTPS;
            }
            if ((iParams.getUsername() != null) ^ (iParams.getPassword() != null)) {
                throw new IllegalArgumentException("Both username and password must be provided, or neither");
            }
            if ((iParams.getAwsRegion() != null) ^ (iParams.getAwsServiceSigningName() != null)) {
                throw new IllegalArgumentException("Both aws region and aws service signing name must be provided, or neither");
            }
            boolean z = (iParams.getUsername() == null || iParams.getPassword() == null) ? false : true;
            boolean z2 = (iParams.getAwsRegion() == null || iParams.getAwsServiceSigningName() == null) ? false : true;
            if (z && z2) {
                throw new IllegalArgumentException("Cannot have both Basic Auth and SigV4 Auth enabled.");
            }
            this.awsSpecificAuthentication = z2;
            if (z) {
                this.requestTransformer = new BasicAuthTransformer(iParams.getUsername(), iParams.getPassword());
            } else if (z2) {
                this.requestTransformer = new SigV4AuthTransformer(DefaultCredentialsProvider.create(), iParams.getAwsServiceSigningName(), iParams.getAwsRegion(), this.protocol.name(), Clock::systemUTC);
            } else {
                this.requestTransformer = new NoAuthTransformer();
            }
            this.compressionSupported = iParams.isCompressionEnabled();
            validateClientCertPairPresence(iParams);
            if (isTlsCredentialsEnabled(iParams)) {
                this.tlsCredentialsProvider = new FileTlsCredentialsProvider(iParams.getCaCert(), iParams.getClientCert(), iParams.getClientCertKey());
            }
        } catch (URISyntaxException e) {
            throw new IllegalArgumentException("Invalid URL format", e);
        }
    }

    public void setTlsCredentialsProvider(TlsCredentialsProvider tlsCredentialsProvider) {
        this.tlsCredentialsProvider = tlsCredentialsProvider;
    }

    private static void validateClientCertPairPresence(IParams iParams) {
        if ((iParams.getClientCert() != null) ^ (iParams.getClientCertKey() != null)) {
            throw new IllegalArgumentException("Both clientCert and clientCertKey must be provided together, or neither.");
        }
    }

    private static boolean isTlsCredentialsEnabled(IParams iParams) {
        return (iParams.getCaCert() == null && (iParams.getClientCert() == null || iParams.getClientCertKey() == null)) ? false : true;
    }

    @Generated
    public URI getUri() {
        return this.uri;
    }

    @Generated
    public Protocol getProtocol() {
        return this.protocol;
    }

    @Generated
    public boolean isInsecure() {
        return this.insecure;
    }

    @Generated
    public RequestTransformer getRequestTransformer() {
        return this.requestTransformer;
    }

    @Generated
    public boolean isCompressionSupported() {
        return this.compressionSupported;
    }

    @Generated
    public boolean isAwsSpecificAuthentication() {
        return this.awsSpecificAuthentication;
    }

    @Generated
    public TlsCredentialsProvider getTlsCredentialsProvider() {
        return this.tlsCredentialsProvider;
    }

    @Generated
    public boolean equals(Object obj) {
        if (obj == this) {
            return true;
        }
        if (!(obj instanceof ConnectionContext)) {
            return false;
        }
        ConnectionContext connectionContext = (ConnectionContext) obj;
        if (!connectionContext.canEqual(this) || isInsecure() != connectionContext.isInsecure() || isCompressionSupported() != connectionContext.isCompressionSupported() || isAwsSpecificAuthentication() != connectionContext.isAwsSpecificAuthentication()) {
            return false;
        }
        URI uri = getUri();
        URI uri2 = connectionContext.getUri();
        if (uri == null) {
            if (uri2 != null) {
                return false;
            }
        } else if (!uri.equals(uri2)) {
            return false;
        }
        Protocol protocol = getProtocol();
        Protocol protocol2 = connectionContext.getProtocol();
        if (protocol == null) {
            if (protocol2 != null) {
                return false;
            }
        } else if (!protocol.equals(protocol2)) {
            return false;
        }
        TlsCredentialsProvider tlsCredentialsProvider = getTlsCredentialsProvider();
        TlsCredentialsProvider tlsCredentialsProvider2 = connectionContext.getTlsCredentialsProvider();
        return tlsCredentialsProvider == null ? tlsCredentialsProvider2 == null : tlsCredentialsProvider.equals(tlsCredentialsProvider2);
    }

    @Generated
    protected boolean canEqual(Object obj) {
        return obj instanceof ConnectionContext;
    }

    @Generated
    public int hashCode() {
        int i = (((((1 * 59) + (isInsecure() ? 79 : 97)) * 59) + (isCompressionSupported() ? 79 : 97)) * 59) + (isAwsSpecificAuthentication() ? 79 : 97);
        URI uri = getUri();
        int hashCode = (i * 59) + (uri == null ? 43 : uri.hashCode());
        Protocol protocol = getProtocol();
        int hashCode2 = (hashCode * 59) + (protocol == null ? 43 : protocol.hashCode());
        TlsCredentialsProvider tlsCredentialsProvider = getTlsCredentialsProvider();
        return (hashCode2 * 59) + (tlsCredentialsProvider == null ? 43 : tlsCredentialsProvider.hashCode());
    }

    @Generated
    public String toString() {
        return "ConnectionContext(uri=" + String.valueOf(getUri()) + ", protocol=" + String.valueOf(getProtocol()) + ", insecure=" + isInsecure() + ", compressionSupported=" + isCompressionSupported() + ", awsSpecificAuthentication=" + isAwsSpecificAuthentication() + ", tlsCredentialsProvider=" + String.valueOf(getTlsCredentialsProvider()) + ")";
    }

    static {
        $assertionsDisabled = !ConnectionContext.class.desiredAssertionStatus();
    }
}
