package org.elasticsearch.xpack.core.ssl;

import java.io.IOException;
import java.io.InputStream;
import java.nio.file.AccessDeniedException;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.security.AccessControlException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.net.ssl.X509ExtendedTrustManager;
import org.elasticsearch.ElasticsearchException;
import org.elasticsearch.common.settings.SecureString;
import org.elasticsearch.core.Nullable;
import org.elasticsearch.env.Environment;
import org.elasticsearch.xpack.core.ssl.cert.CertificateInfo;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:org/elasticsearch/xpack/core/ssl/TrustConfig.class */
public abstract class TrustConfig {

    /* loaded from: input_file:org/elasticsearch/xpack/core/ssl/TrustConfig$CombiningTrustConfig.class */
    static class CombiningTrustConfig extends TrustConfig {
        private final List<TrustConfig> trustConfigs;

        /* JADX INFO: Access modifiers changed from: package-private */
        public CombiningTrustConfig(List<TrustConfig> list) {
            this.trustConfigs = Collections.unmodifiableList(list);
        }

        @Override // org.elasticsearch.xpack.core.ssl.TrustConfig
        X509ExtendedTrustManager createTrustManager(@Nullable Environment environment) {
            Stream<TrustConfig> stream = this.trustConfigs.stream();
            TrustAllConfig trustAllConfig = TrustAllConfig.INSTANCE;
            Objects.requireNonNull(trustAllConfig);
            Optional<TrustConfig> findAny = stream.filter((v1) -> {
                return r1.equals(v1);
            }).findAny();
            if (findAny.isPresent()) {
                return findAny.get().createTrustManager(environment);
            }
            try {
                return CertParsingUtils.trustManager((Certificate[]) ((List) this.trustConfigs.stream().flatMap(trustConfig -> {
                    return Arrays.stream(trustConfig.createTrustManager(environment).getAcceptedIssuers());
                }).collect(Collectors.toList())).toArray(new X509Certificate[0]));
            } catch (Exception e) {
                throw new ElasticsearchException("failed to create trust manager", e, new Object[0]);
            }
        }

        @Override // org.elasticsearch.xpack.core.ssl.TrustConfig
        Collection<CertificateInfo> certificates(Environment environment) throws GeneralSecurityException, IOException {
            ArrayList arrayList = new ArrayList();
            Iterator<TrustConfig> it = this.trustConfigs.iterator();
            while (it.hasNext()) {
                arrayList.addAll(it.next().certificates(environment));
            }
            return arrayList;
        }

        @Override // org.elasticsearch.xpack.core.ssl.TrustConfig
        List<Path> filesToMonitor(@Nullable Environment environment) {
            return (List) this.trustConfigs.stream().flatMap(trustConfig -> {
                return trustConfig.filesToMonitor(environment).stream();
            }).collect(Collectors.toList());
        }

        @Override // org.elasticsearch.xpack.core.ssl.TrustConfig
        public String toString() {
            return "Combining Trust Config{" + ((String) this.trustConfigs.stream().map((v0) -> {
                return v0.toString();
            }).collect(Collectors.joining(", "))) + "}";
        }

        @Override // org.elasticsearch.xpack.core.ssl.TrustConfig
        public boolean equals(Object obj) {
            if (this == obj) {
                return true;
            }
            if (obj instanceof CombiningTrustConfig) {
                return this.trustConfigs.equals(((CombiningTrustConfig) obj).trustConfigs);
            }
            return false;
        }

        @Override // org.elasticsearch.xpack.core.ssl.TrustConfig
        public int hashCode() {
            return this.trustConfigs.hashCode();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public abstract X509ExtendedTrustManager createTrustManager(@Nullable Environment environment);

    /* JADX INFO: Access modifiers changed from: package-private */
    public abstract Collection<CertificateInfo> certificates(@Nullable Environment environment) throws GeneralSecurityException, IOException;

    /* JADX INFO: Access modifiers changed from: package-private */
    public abstract List<Path> filesToMonitor(@Nullable Environment environment);

    public abstract String toString();

    public abstract boolean equals(Object obj);

    public abstract int hashCode();

    /* JADX INFO: Access modifiers changed from: package-private */
    @Deprecated
    public KeyStore getStore(@Nullable Environment environment, @Nullable String str, String str2, SecureString secureString) throws GeneralSecurityException, IOException {
        return getStore(CertParsingUtils.resolvePath(str, environment), str2, secureString);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public KeyStore getStore(@Nullable Path path, String str, SecureString secureString) throws IOException, GeneralSecurityException {
        if (null == path) {
            if (!str.equalsIgnoreCase("pkcs11")) {
                throw new IllegalArgumentException("keystore.path or truststore.path can only be empty when using a PKCS#11 token");
            }
            KeyStore keyStore = KeyStore.getInstance(str);
            keyStore.load(null, secureString.getChars());
            return keyStore;
        }
        InputStream newInputStream = Files.newInputStream(path, new OpenOption[0]);
        try {
            KeyStore keyStore2 = KeyStore.getInstance(str);
            keyStore2.load(newInputStream, secureString.getChars());
            if (newInputStream != null) {
                newInputStream.close();
            }
            return keyStore2;
        } catch (Throwable th) {
            if (newInputStream != null) {
                try {
                    newInputStream.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public ElasticsearchException missingTrustConfigFile(IOException iOException, String str, Path path) {
        return new ElasticsearchException("failed to initialize SSL TrustManager - " + str + " file [{}] does not exist", iOException, new Object[]{path.toAbsolutePath()});
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public ElasticsearchException unreadableTrustConfigFile(AccessDeniedException accessDeniedException, String str, Path path) {
        return new ElasticsearchException("failed to initialize SSL TrustManager - not permitted to read " + str + " file [{}]", accessDeniedException, new Object[]{path.toAbsolutePath()});
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public ElasticsearchException blockedTrustConfigFile(AccessControlException accessControlException, Environment environment, String str, List<Path> list) {
        return list.size() == 1 ? new ElasticsearchException("failed to initialize SSL TrustManager - access to read {} file [{}] is blocked; SSL resources should be placed in the [{}] directory", accessControlException, new Object[]{str, list.get(0).toAbsolutePath(), environment.configFile()}) : new ElasticsearchException("failed to initialize SSL TrustManager - access to read one or more of the {} files [{}] is blocked; SSL resources should be placed in the [{}] directory", accessControlException, new Object[]{str, (String) list.stream().map((v0) -> {
            return v0.toAbsolutePath();
        }).map((v0) -> {
            return v0.toString();
        }).collect(Collectors.joining(", ")), environment.configFile()});
    }
}
