package org.elasticsearch.xpack.core.ssl;

import java.io.IOException;
import java.io.InputStream;
import java.nio.file.Path;
import java.security.GeneralSecurityException;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.function.Function;
import java.util.stream.Stream;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.X509ExtendedKeyManager;
import javax.net.ssl.X509ExtendedTrustManager;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.ssl.KeyStoreUtil;
import org.elasticsearch.common.ssl.PemUtils;
import org.elasticsearch.common.ssl.SslKeyConfig;
import org.elasticsearch.common.util.Maps;
import org.elasticsearch.env.Environment;

/* loaded from: input_file:org/elasticsearch/xpack/core/ssl/CertParsingUtils.class */
public class CertParsingUtils {
    private CertParsingUtils() {
        throw new IllegalStateException("Utility class should not be instantiated");
    }

    public static X509Certificate readX509Certificate(Path path) throws CertificateException, IOException {
        List readCertificates = PemUtils.readCertificates(List.of(path));
        if (readCertificates.size() != 1) {
            throw new IllegalArgumentException("expected a single certificate in file [" + path.toAbsolutePath() + "] but found [" + readCertificates.size() + "]");
        }
        Certificate certificate = (Certificate) readCertificates.get(0);
        if (certificate instanceof X509Certificate) {
            return (X509Certificate) certificate;
        }
        throw new IllegalArgumentException("the certificate in " + path.toAbsolutePath() + " is not an X.509 certificate (" + certificate.getType() + " : " + certificate.getClass() + ")");
    }

    public static X509Certificate[] readX509Certificates(List<Path> list) throws CertificateException, IOException {
        Stream stream = PemUtils.readCertificates(list).stream();
        Class<X509Certificate> cls = X509Certificate.class;
        Objects.requireNonNull(X509Certificate.class);
        return (X509Certificate[]) stream.map((v1) -> {
            return r1.cast(v1);
        }).toArray(i -> {
            return new X509Certificate[i];
        });
    }

    public static List<Certificate> readCertificates(InputStream inputStream) throws CertificateException, IOException {
        return new ArrayList(CertificateFactory.getInstance("X.509").generateCertificates(inputStream));
    }

    public static Map<Certificate, Key> readPkcs12KeyPairs(Path path, char[] cArr, Function<String, char[]> function) throws GeneralSecurityException, IOException {
        return readKeyPairsFromKeystore(path, "PKCS12", cArr, function);
    }

    public static Map<Certificate, Key> readKeyPairsFromKeystore(Path path, String str, char[] cArr, Function<String, char[]> function) throws IOException, GeneralSecurityException {
        return readKeyPairsFromKeystore(KeyStoreUtil.readKeyStore(path, str, cArr), function);
    }

    private static Map<Certificate, Key> readKeyPairsFromKeystore(KeyStore keyStore, Function<String, char[]> function) throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableKeyException {
        Enumeration<String> aliases = keyStore.aliases();
        Map<Certificate, Key> newMapWithExpectedSize = Maps.newMapWithExpectedSize(keyStore.size());
        while (aliases.hasMoreElements()) {
            String nextElement = aliases.nextElement();
            if (keyStore.isKeyEntry(nextElement)) {
                newMapWithExpectedSize.put(keyStore.getCertificate(nextElement), keyStore.getKey(nextElement, function.apply(nextElement)));
            }
        }
        return newMapWithExpectedSize;
    }

    public static KeyStore getKeyStoreFromPEM(Path path, Path path2, char[] cArr) throws IOException, GeneralSecurityException {
        return KeyStoreUtil.buildKeyStore(PemUtils.readCertificates(List.of(path)), PemUtils.readPrivateKey(path2, () -> {
            return cArr;
        }), cArr);
    }

    public static X509ExtendedKeyManager getKeyManagerFromPEM(Path path, Path path2, char[] cArr) throws IOException, GeneralSecurityException {
        return KeyStoreUtil.createKeyManager(getKeyStoreFromPEM(path, path2, cArr), cArr, KeyManagerFactory.getDefaultAlgorithm());
    }

    public static SslKeyConfig createKeyConfig(Settings settings, String str, Environment environment, boolean z) {
        return new SslSettingsLoader(settings, str, z).buildKeyConfig(environment.configFile());
    }

    public static X509ExtendedTrustManager getTrustManagerFromPEM(List<Path> list) throws GeneralSecurityException, IOException {
        return KeyStoreUtil.createTrustManager(PemUtils.readCertificates(list));
    }

    public static boolean isOrderedCertificateChain(List<X509Certificate> list) {
        for (int i = 1; i < list.size(); i++) {
            if (false == list.get(i - 1).getIssuerX500Principal().equals(list.get(i).getSubjectX500Principal())) {
                return false;
            }
        }
        return true;
    }
}
