package com.huawei.fusioninsight.elasticsearch.transport.client;

import com.huawei.fusioninsight.elasticsearch.auth.LoginUtil;
import com.huawei.fusioninsight.elasticsearch.transport.actions.AuthenticateAction;
import com.huawei.fusioninsight.elasticsearch.transport.actions.AuthenticateBuilder;
import com.huawei.fusioninsight.elasticsearch.transport.actions.ServerRealmAction;
import com.huawei.fusioninsight.elasticsearch.transport.actions.ServerRealmBuilder;
import com.huawei.fusioninsight.elasticsearch.transport.common.Configuration;
import com.huawei.fusioninsight.elasticsearch.transport.common.KerberosAuthentication;
import com.huawei.fusioninsight.elasticsearch.transport.common.SecurityConstant;
import com.huawei.fusioninsight.elasticsearch.transport.plugin.HwTransportPlugin;
import java.io.IOException;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.elasticsearch.client.transport.TransportClient;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.transport.TransportAddress;
import org.elasticsearch.plugins.Plugin;
import org.elasticsearch.transport.client.PreBuiltTransportClient;

/* loaded from: input_file:com/huawei/fusioninsight/elasticsearch/transport/client/PreBuiltHWTransportClient.class */
public class PreBuiltHWTransportClient extends PreBuiltTransportClient {
    private static long tokenValidityPeriod;
    private static long tokenWillExpireAt;
    private static final String CLIENT_TRANSPORT_SNIFF = "client.transport.sniff";
    private static final String DOMAIN_NAME_SEPARATOR = "@";
    private static String cookie = null;
    private static final Logger LOG = LogManager.getLogger(PreBuiltHWTransportClient.class);
    private static Configuration esConfiguration;
    private static volatile PreBuiltHWTransportClient client;

    public static long getTokenValidityPeriod() {
        return tokenValidityPeriod;
    }

    public static long getTokenWillExpireAt() {
        return tokenWillExpireAt;
    }

    @SafeVarargs
    private PreBuiltHWTransportClient(Settings settings, Class<? extends Plugin>... clsArr) {
        this(settings, Arrays.asList(clsArr));
    }

    private PreBuiltHWTransportClient(Settings settings, Collection<Class<? extends Plugin>> collection) {
        this(settings, collection, null);
    }

    private PreBuiltHWTransportClient(Settings settings, Collection<Class<? extends Plugin>> collection, TransportClient.HostFailureListener hostFailureListener) {
        super(addSettings(settings), addPlugins(collection, Collections.singletonList(HwTransportPlugin.class)), hostFailureListener);
    }

    private PreBuiltHWTransportClient(Settings settings, boolean z) {
        super(settings, new Class[0]);
    }

    private static Settings addSettings(Settings settings) {
        Settings.Builder put = Settings.builder().put(settings).put("transport.type.default", SecurityConstant.NETTY_CLIENT_TRANSPORT_NAME).put(SecurityConstant.ELASTICSEARCH_SECURITY_ENABLE, ClientFactory.isIsSecureMode()).put(SecurityConstant.HW_TRANSPORT_SECURITY_SSL_ENABLED, ClientFactory.isSslEnabled());
        if (ClientFactory.isIsSniff()) {
            put.put(CLIENT_TRANSPORT_SNIFF, true);
        }
        return put.build();
    }

    public static PreBuiltHWTransportClient getClientWithOutPrepare(Configuration configuration) {
        if (client != null) {
            return client;
        }
        synchronized (PreBuiltHWTransportClient.class) {
            if (client == null) {
                createTransportClient(configuration);
            }
        }
        if (ClientFactory.isIsSecureMode()) {
            KerberosAuthentication.startDaemonThread();
        }
        return client;
    }

    private static PreBuiltHWTransportClient createTransportClient(Configuration configuration) {
        esConfiguration = configuration;
        Settings build = Settings.builder().put("cluster.name", configuration.getClusterName()).build();
        if (configuration.isSecureMode()) {
            client = new PreBuiltHWTransportClient(build, (Class<? extends Plugin>[]) new Class[0]);
        } else {
            client = new PreBuiltHWTransportClient(build, configuration.isSecureMode());
        }
        Iterator<TransportAddress> it = configuration.getTransportAddress().iterator();
        while (it.hasNext()) {
            client.addTransportAddress(it.next());
        }
        if (configuration.isSecureMode()) {
            setSecurityConfig();
        }
        return client;
    }

    public static synchronized String getCookie() {
        return cookie;
    }

    public static synchronized void setCookie(String str) {
        cookie = str;
        tokenWillExpireAt = KerberosAuthentication.tokenWillExpireAt(str);
        tokenValidityPeriod = tokenWillExpireAt - System.currentTimeMillis();
    }

    public PreBuiltHWTransportClient prepare() {
        if (ClientFactory.isIsSecureMode()) {
            threadPool().getThreadContext().stashContext();
            threadPool().getThreadContext().putHeader(SecurityConstant.CUSTOMISED_MODE, SecurityConstant.CLIENT);
            if (KerberosAuthentication.isTokenExpire() || null == cookie) {
                cookie = null;
                for (int i = 0; null == cookie && i < 3; i++) {
                    KerberosAuthentication.getNewToken(this);
                }
            }
            threadPool().getThreadContext().putHeader(SecurityConstant.CUSTOMISED_COOKIE, cookie);
        }
        return this;
    }

    public ServerRealmBuilder prepareServerRealm() {
        return new ServerRealmBuilder(this, ServerRealmAction.INSTANCE);
    }

    public AuthenticateBuilder prepareAuthenticate() {
        return new AuthenticateBuilder(this, AuthenticateAction.INSTANCE);
    }

    private static void setSecurityConfig() {
        String queryServerRealmWithRetry = ClientFactory.queryServerRealmWithRetry(client);
        if (queryServerRealmWithRetry == null) {
            throw new IllegalArgumentException("Get serverRealm failed.");
        }
        try {
            setSecurityConfig(queryServerRealmWithRetry);
        } catch (IOException e) {
            LOG.error("Prepare transport client error when set security config.");
        }
    }

    private static void setSecurityConfig(String str) throws IOException {
        setPrincipal(str, esConfiguration.getPrincipal());
        LoginUtil.setJaasFile(esConfiguration.getPrincipal(), esConfiguration.getKeyTabPath() == null ? null : esConfiguration.getKeyTabPath() + "user.keytab", esConfiguration.getCustomJaasPath());
        KerberosAuthentication.setEsJaasConfFile(LoginUtil.getJaasConfFilePath());
        System.setProperty("es.security.indication", "true");
        LoginUtil.setKrb5Config(esConfiguration.getKrb5Path() == null ? null : esConfiguration.getKrb5Path() + "krb5.conf");
    }

    private static void setPrincipal(String str, String str2) {
        if (str2 == null || str2.isEmpty()) {
            LOG.warn("The principal is null.");
        } else if (str2.contains(DOMAIN_NAME_SEPARATOR)) {
            esConfiguration.setPrincipal(str2.substring(0, str2.indexOf(DOMAIN_NAME_SEPARATOR)) + str.substring(str.indexOf(DOMAIN_NAME_SEPARATOR)));
        }
    }
}
