package org.elasticsearch.xpack.core.ssl;

import java.io.IOException;
import java.nio.file.Path;
import java.security.AccessControlException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.concurrent.CompletableFuture;
import java.util.concurrent.ExecutionException;
import java.util.function.Consumer;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.elasticsearch.ElasticsearchException;
import org.elasticsearch.common.ssl.SslConfiguration;
import org.elasticsearch.core.TimeValue;
import org.elasticsearch.watcher.FileChangesListener;
import org.elasticsearch.watcher.FileWatcher;
import org.elasticsearch.watcher.ResourceWatcherService;

/* loaded from: input_file:org/elasticsearch/xpack/core/ssl/SSLConfigurationReloader.class */
public final class SSLConfigurationReloader {
    private static final Logger logger = LogManager.getLogger(SSLConfigurationReloader.class);
    private final CompletableFuture<SSLService> sslServiceFuture = new CompletableFuture<>();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/elasticsearch/xpack/core/ssl/SSLConfigurationReloader$ChangeListener.class */
    public static class ChangeListener implements FileChangesListener {
        private final List<SslConfiguration> sslConfigurations;
        private final Consumer<SslConfiguration> reloadConsumer;

        private ChangeListener(List<SslConfiguration> list, Consumer<SslConfiguration> consumer) {
            this.sslConfigurations = list;
            this.reloadConsumer = consumer;
        }

        public void onFileCreated(Path path) {
            onFileChanged(path);
        }

        public void onFileDeleted(Path path) {
            onFileChanged(path);
        }

        public void onFileChanged(Path path) {
            long nanoTime = System.nanoTime();
            ArrayList arrayList = new ArrayList(this.sslConfigurations.size());
            for (SslConfiguration sslConfiguration : this.sslConfigurations) {
                if (sslConfiguration.getDependentFiles().contains(path)) {
                    this.reloadConsumer.accept(sslConfiguration);
                    arrayList.add(sslConfiguration.settingPrefix());
                }
            }
            if (arrayList.isEmpty()) {
                return;
            }
            SSLConfigurationReloader.logger.info("updated {} ssl contexts in {}ms for prefix names {} using file [{}]", Integer.valueOf(arrayList.size()), Double.valueOf(TimeValue.timeValueNanos(System.nanoTime() - nanoTime).millisFrac()), arrayList, path);
        }
    }

    public SSLConfigurationReloader(ResourceWatcherService resourceWatcherService, Collection<SslConfiguration> collection) {
        startWatching(reloadConsumer(this.sslServiceFuture), resourceWatcherService, collection);
    }

    SSLConfigurationReloader(Consumer<SslConfiguration> consumer, ResourceWatcherService resourceWatcherService, Collection<SslConfiguration> collection) {
        startWatching(consumer, resourceWatcherService, collection);
    }

    public void setSSLService(SSLService sSLService) {
        if (!this.sslServiceFuture.complete(sSLService)) {
            throw new IllegalStateException("ssl service future was already completed!");
        }
    }

    private static Consumer<SslConfiguration> reloadConsumer(CompletableFuture<SSLService> completableFuture) {
        return sslConfiguration -> {
            try {
                SSLService sSLService = (SSLService) completableFuture.get();
                logger.debug("reloading ssl configuration [{}]", sslConfiguration);
                sSLService.reloadSSLContext(sslConfiguration);
            } catch (InterruptedException e) {
                Thread.currentThread().interrupt();
            } catch (ExecutionException e2) {
                throw new ElasticsearchException("failed to obtain ssl service", e2, new Object[0]);
            }
        };
    }

    private static void startWatching(Consumer<SslConfiguration> consumer, ResourceWatcherService resourceWatcherService, Collection<SslConfiguration> collection) {
        HashMap hashMap = new HashMap();
        for (SslConfiguration sslConfiguration : collection) {
            Iterator<Path> it = directoriesToMonitor(sslConfiguration.getDependentFiles()).iterator();
            while (it.hasNext()) {
                hashMap.compute(it.next(), (path, list) -> {
                    if (list == null) {
                        list = new ArrayList();
                    }
                    list.add(sslConfiguration);
                    return list;
                });
            }
        }
        hashMap.forEach((path2, list2) -> {
            ChangeListener changeListener = new ChangeListener(List.copyOf(list2), consumer);
            FileWatcher fileWatcher = new FileWatcher(path2);
            fileWatcher.addListener(changeListener);
            try {
                resourceWatcherService.add(fileWatcher, ResourceWatcherService.Frequency.HIGH);
            } catch (IOException | AccessControlException e) {
                logger.error("failed to start watching directory [{}] for ssl configurations [{}] - {}", path2, list2, e);
            }
        });
    }

    private static Set<Path> directoriesToMonitor(Iterable<Path> iterable) {
        HashSet hashSet = new HashSet();
        Iterator<Path> it = iterable.iterator();
        while (it.hasNext()) {
            hashSet.add(it.next().getParent());
        }
        return hashSet;
    }
}
