package org.elasticsearch.xpack.core.security.action;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Base64;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import org.elasticsearch.action.ActionRequest;
import org.elasticsearch.action.ActionRequestValidationException;
import org.elasticsearch.action.ValidateActions;
import org.elasticsearch.common.io.stream.StreamInput;
import org.elasticsearch.common.io.stream.StreamOutput;
import org.elasticsearch.xcontent.ConstructingObjectParser;
import org.elasticsearch.xcontent.ObjectParser;
import org.elasticsearch.xcontent.ParseField;
import org.elasticsearch.xcontent.ToXContent;
import org.elasticsearch.xcontent.ToXContentObject;
import org.elasticsearch.xcontent.XContentBuilder;
import org.elasticsearch.xcontent.XContentParser;
import org.elasticsearch.xpack.core.ssl.CertParsingUtils;

/* loaded from: input_file:org/elasticsearch/xpack/core/security/action/DelegatePkiAuthenticationRequest.class */
public final class DelegatePkiAuthenticationRequest extends ActionRequest implements ToXContentObject {
    private static final ParseField X509_CERTIFICATE_CHAIN_FIELD = new ParseField("x509_certificate_chain", new String[0]);
    public static final ConstructingObjectParser<DelegatePkiAuthenticationRequest, Void> PARSER = new ConstructingObjectParser<>("delegate_pki_request", false, objArr -> {
        return new DelegatePkiAuthenticationRequest((List<X509Certificate>) objArr[0]);
    });
    private final List<X509Certificate> certificateChain;

    public static DelegatePkiAuthenticationRequest fromXContent(XContentParser xContentParser) throws IOException {
        return (DelegatePkiAuthenticationRequest) PARSER.apply(xContentParser, (Object) null);
    }

    public DelegatePkiAuthenticationRequest(List<X509Certificate> list) {
        this.certificateChain = List.copyOf(list);
    }

    public DelegatePkiAuthenticationRequest(StreamInput streamInput) throws IOException {
        super(streamInput);
        try {
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            this.certificateChain = streamInput.readCollectionAsImmutableList(streamInput2 -> {
                try {
                    ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(streamInput2.readByteArray());
                    try {
                        X509Certificate x509Certificate = (X509Certificate) certificateFactory.generateCertificate(byteArrayInputStream);
                        byteArrayInputStream.close();
                        return x509Certificate;
                    } finally {
                    }
                } catch (CertificateException e) {
                    throw new IOException(e);
                }
            });
        } catch (CertificateException e) {
            throw new IOException(e);
        }
    }

    public ActionRequestValidationException validate() {
        ActionRequestValidationException actionRequestValidationException = null;
        if (this.certificateChain.isEmpty()) {
            actionRequestValidationException = ValidateActions.addValidationError("certificates chain must not be empty", (ActionRequestValidationException) null);
        } else if (false == CertParsingUtils.isOrderedCertificateChain(this.certificateChain)) {
            actionRequestValidationException = ValidateActions.addValidationError("certificates chain must be an ordered chain", (ActionRequestValidationException) null);
        }
        return actionRequestValidationException;
    }

    public List<X509Certificate> getCertificateChain() {
        return this.certificateChain;
    }

    public void writeTo(StreamOutput streamOutput) throws IOException {
        super.writeTo(streamOutput);
        streamOutput.writeCollection(this.certificateChain, (streamOutput2, x509Certificate) -> {
            try {
                streamOutput2.writeByteArray(x509Certificate.getEncoded());
            } catch (CertificateEncodingException e) {
                throw new IOException(e);
            }
        });
    }

    public boolean equals(Object obj) {
        if (this == obj) {
            return true;
        }
        if (obj == null || getClass() != obj.getClass()) {
            return false;
        }
        return Objects.equals(this.certificateChain, ((DelegatePkiAuthenticationRequest) obj).certificateChain);
    }

    public int hashCode() {
        return Objects.hashCode(this.certificateChain);
    }

    public XContentBuilder toXContent(XContentBuilder xContentBuilder, ToXContent.Params params) throws IOException {
        xContentBuilder.startObject().startArray(X509_CERTIFICATE_CHAIN_FIELD.getPreferredName());
        try {
            Iterator<X509Certificate> it = this.certificateChain.iterator();
            while (it.hasNext()) {
                xContentBuilder.value(Base64.getEncoder().encodeToString(it.next().getEncoded()));
            }
            return xContentBuilder.endArray().endObject();
        } catch (CertificateEncodingException e) {
            throw new IOException(e);
        }
    }

    static {
        PARSER.declareFieldArray(ConstructingObjectParser.optionalConstructorArg(), (xContentParser, r6) -> {
            try {
                ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(Base64.getDecoder().decode(xContentParser.text()));
                try {
                    X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(byteArrayInputStream);
                    byteArrayInputStream.close();
                    return x509Certificate;
                } catch (Throwable th) {
                    try {
                        byteArrayInputStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                    throw th;
                }
            } catch (IOException | CertificateException e) {
                throw new RuntimeException(e);
            }
        }, X509_CERTIFICATE_CHAIN_FIELD, ObjectParser.ValueType.STRING_ARRAY);
    }
}
