package org.elasticsearch.xpack.security.enrollment;

import java.net.Inet4Address;
import java.net.Inet6Address;
import java.net.InetAddress;
import java.net.URI;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Comparator;
import java.util.List;
import java.util.stream.Collectors;
import org.elasticsearch.common.ssl.SslUtil;
import org.elasticsearch.common.ssl.StoreKeyConfig;
import org.elasticsearch.core.Tuple;
import org.elasticsearch.xpack.core.ssl.SSLService;

/* loaded from: input_file:org/elasticsearch/xpack/security/enrollment/BaseEnrollmentTokenGenerator.class */
public class BaseEnrollmentTokenGenerator {
    public static final long ENROLL_API_KEY_EXPIRATION_MINUTES = 30;

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String getHttpsCaFingerprint(SSLService sSLService) throws Exception {
        StoreKeyConfig keyConfig = sSLService.getHttpTransportSSLConfiguration().keyConfig();
        if (!(keyConfig instanceof StoreKeyConfig)) {
            throw new IllegalStateException("Unable to create an enrollment token. Elasticsearch node HTTP layer SSL configuration is not configured with a keystore");
        }
        List list = (List) keyConfig.getKeys().stream().filter(tuple -> {
            return ((X509Certificate) tuple.v2()).getBasicConstraints() != -1;
        }).collect(Collectors.toList());
        if (list.isEmpty()) {
            throw new IllegalStateException("Unable to create an enrollment token. Elasticsearch node HTTP layer SSL configuration Keystore doesn't contain any PrivateKey entries where the associated certificate is a CA certificate");
        }
        if (list.size() > 1) {
            throw new IllegalStateException("Unable to create an enrollment token. Elasticsearch node HTTP layer SSL configuration Keystore contains multiple PrivateKey entries where the associated certificate is a CA certificate");
        }
        return SslUtil.calculateFingerprint((X509Certificate) ((Tuple) list.get(0)).v2(), "SHA-256");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Tuple<List<String>, List<String>> splitAddresses(List<String> list) throws Exception {
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        for (String str : list) {
            InetAddress inetAddressFromString = getInetAddressFromString(str);
            if (inetAddressFromString.isLoopbackAddress()) {
                arrayList2.add(str);
            } else if (!inetAddressFromString.isAnyLocalAddress()) {
                arrayList.add(str);
            }
        }
        Comparator comparator = (str2, str3) -> {
            try {
                InetAddress inetAddressFromString2 = getInetAddressFromString(str2);
                InetAddress inetAddressFromString3 = getInetAddressFromString(str3);
                if ((inetAddressFromString2 instanceof Inet4Address) && (inetAddressFromString3 instanceof Inet6Address)) {
                    return -1;
                }
                if (inetAddressFromString2 instanceof Inet6Address) {
                    return inetAddressFromString3 instanceof Inet4Address ? 1 : 0;
                }
                return 0;
            } catch (Exception e) {
                return 0;
            }
        };
        arrayList2.sort(comparator);
        arrayList.sort(comparator);
        return new Tuple<>((List) arrayList2.stream().distinct().collect(Collectors.toUnmodifiableList()), (List) arrayList.stream().distinct().collect(Collectors.toUnmodifiableList()));
    }

    static List<String> getFilteredAddresses(Tuple<List<String>, List<String>> tuple) {
        return ((List) tuple.v2()).isEmpty() ? (List) tuple.v1() : (List) tuple.v2();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static List<String> getFilteredAddresses(List<String> list) throws Exception {
        return getFilteredAddresses(splitAddresses(list));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String getIpFromPublishAddress(String str) {
        return str.contains("/") ? str.split("/")[1] : str;
    }

    private static InetAddress getInetAddressFromString(String str) throws Exception {
        return InetAddress.getByName(new URI("http://" + str).getHost());
    }
}
