package com.floragunn.searchguard.ssl.rest;

import com.floragunn.searchguard.ssl.SearchGuardKeyStore;
import io.netty.handler.ssl.OpenSsl;
import java.security.cert.X509Certificate;
import org.elasticsearch.client.Client;
import org.elasticsearch.common.inject.Inject;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.xcontent.XContentBuilder;
import org.elasticsearch.rest.BaseRestHandler;
import org.elasticsearch.rest.BytesRestResponse;
import org.elasticsearch.rest.RestChannel;
import org.elasticsearch.rest.RestController;
import org.elasticsearch.rest.RestRequest;
import org.elasticsearch.rest.RestStatus;

/* loaded from: input_file:com/floragunn/searchguard/ssl/rest/SearchGuardSSLInfoAction.class */
public class SearchGuardSSLInfoAction extends BaseRestHandler {
    private final SearchGuardKeyStore sgks;

    @Inject
    public SearchGuardSSLInfoAction(Settings settings, RestController restController, Client client, SearchGuardKeyStore searchGuardKeyStore) {
        super(settings, restController, client);
        this.sgks = searchGuardKeyStore;
        restController.registerHandler(RestRequest.Method.GET, "/_searchguard/sslinfo", this);
    }

    protected void handleRequest(RestRequest restRequest, RestChannel restChannel, Client client) throws Exception {
        BytesRestResponse bytesRestResponse;
        XContentBuilder newBuilder = restChannel.newBuilder();
        try {
            X509Certificate[] x509CertificateArr = (X509Certificate[]) restRequest.getFromContext("_sg_ssl_peer_certificates");
            newBuilder.startObject();
            newBuilder.field("principal", (String) restRequest.getFromContext("_sg_ssl_principal"));
            newBuilder.field("peer_certificates", (x509CertificateArr == null || x509CertificateArr.length <= 0) ? "0" : x509CertificateArr.length + "");
            newBuilder.field("ssl_protocol", (String) restRequest.getFromContext("_sg_ssl_protocol"));
            newBuilder.field("ssl_cipher", (String) restRequest.getFromContext("_sg_ssl_cipher"));
            newBuilder.field("ssl_openssl_available", OpenSsl.isAvailable());
            newBuilder.field("ssl_openssl_version", OpenSsl.version());
            newBuilder.field("ssl_openssl_version_string", OpenSsl.versionString());
            Throwable unavailabilityCause = OpenSsl.unavailabilityCause();
            newBuilder.field("ssl_openssl_non_available_cause", unavailabilityCause == null ? "" : unavailabilityCause.toString());
            newBuilder.field("ssl_provider_http", this.sgks.sslHTTPProvider);
            newBuilder.field("ssl_provider_transport_server", this.sgks.sslTransportServerProvider);
            newBuilder.field("ssl_provider_transport_client", this.sgks.sslTransportClientProvider);
            newBuilder.endObject();
            bytesRestResponse = new BytesRestResponse(RestStatus.OK, newBuilder);
        } catch (Exception e) {
            this.logger.error("Error handle request " + e, e, new Object[0]);
            XContentBuilder newBuilder2 = restChannel.newBuilder();
            newBuilder2.startObject();
            newBuilder2.field("error", e.toString());
            newBuilder2.endObject();
            bytesRestResponse = new BytesRestResponse(RestStatus.INTERNAL_SERVER_ERROR, newBuilder2);
        }
        restChannel.sendResponse(bytesRestResponse);
    }
}
