package org.elasticsearch.xpack.core.ssl;

import java.nio.file.Path;
import java.security.KeyStore;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.function.Function;
import java.util.stream.Collectors;
import org.elasticsearch.common.Strings;
import org.elasticsearch.common.settings.SecureString;
import org.elasticsearch.common.settings.Setting;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.ssl.SslClientAuthenticationMode;
import org.elasticsearch.common.ssl.SslConfigException;
import org.elasticsearch.common.ssl.SslConfiguration;
import org.elasticsearch.common.ssl.SslConfigurationLoader;
import org.elasticsearch.common.ssl.SslKeyConfig;
import org.elasticsearch.common.ssl.SslTrustConfig;
import org.elasticsearch.common.ssl.SslVerificationMode;
import org.elasticsearch.common.ssl.X509Field;
import org.elasticsearch.core.Nullable;
import org.elasticsearch.env.Environment;
import org.elasticsearch.xpack.core.common.notifications.AbstractAuditor;
import org.elasticsearch.xpack.core.ml.process.writer.RecordWriter;

/* loaded from: input_file:org/elasticsearch/xpack/core/ssl/SslSettingsLoader.class */
public final class SslSettingsLoader extends SslConfigurationLoader {
    private final Settings settings;
    private final Map<String, Setting<? extends SecureString>> secureSettings;
    private final Map<String, Setting<?>> standardSettings;
    private final Map<String, Setting<?>> disabledSettings;

    public SslSettingsLoader(Settings settings, String str, boolean z) {
        super(str);
        this.settings = settings;
        SSLConfigurationSettings withoutPrefix = str == null ? SSLConfigurationSettings.withoutPrefix(z) : SSLConfigurationSettings.withPrefix(str, z);
        this.secureSettings = mapOf(withoutPrefix.getSecureSettings());
        this.standardSettings = mapOf(withoutPrefix.getEnabledSettings());
        this.disabledSettings = mapOf(withoutPrefix.getDisabledSettings());
        setDefaultClientAuth(SslClientAuthenticationMode.REQUIRED);
    }

    private static <T> Map<String, Setting<? extends T>> mapOf(List<Setting<? extends T>> list) {
        return (Map) list.stream().collect(Collectors.toMap((v0) -> {
            return v0.getKey();
        }, Function.identity()));
    }

    protected boolean hasSettings(String str) {
        Settings settings = this.settings;
        if (Strings.hasLength(str)) {
            if (str.endsWith(RecordWriter.CONTROL_FIELD_NAME)) {
                str = str.substring(0, str.length() - 1);
            }
            settings = this.settings.getAsSettings(str);
        }
        return !settings.isEmpty();
    }

    protected String getSettingAsString(String str) {
        checkSetting(str);
        String str2 = this.settings.get(str);
        return str2 == null ? AbstractAuditor.All_RESOURCES_ID : str2;
    }

    protected List<String> getSettingAsList(String str) throws Exception {
        checkSetting(str);
        return this.settings.getAsList(str);
    }

    private void checkSetting(String str) {
        Setting<?> setting = this.standardSettings.get(str);
        if (setting != null) {
            setting.get(this.settings);
        } else if (!this.disabledSettings.containsKey(str)) {
            throw new SslConfigException("The setting [" + str + "] is not supported, valid SSL settings are: [" + Strings.collectionToCommaDelimitedString(this.standardSettings.keySet()) + "]");
        }
    }

    protected char[] getSecureSetting(String str) {
        Setting<? extends SecureString> setting = this.secureSettings.get(str);
        if (setting == null) {
            throw new SslConfigException("The secure setting [" + str + "] is not supported, valid secure SSL settings are: [" + Strings.collectionToCommaDelimitedString(this.secureSettings.keySet()) + "]");
        }
        if (setting.exists(this.settings)) {
            return ((SecureString) setting.get(this.settings)).getChars();
        }
        return null;
    }

    protected SslTrustConfig buildTrustConfig(Path path, SslVerificationMode sslVerificationMode, SslKeyConfig sslKeyConfig, Set<X509Field> set) {
        SslTrustConfig buildTrustConfig = super.buildTrustConfig(path, sslVerificationMode, sslKeyConfig, (Set) null);
        Path resolvePath = super.resolvePath("trust_restrictions.path", path);
        return resolvePath == null ? buildTrustConfig : new RestrictedTrustConfig(resolvePath, set, buildTrustConfig);
    }

    public SslConfiguration load(Environment environment) {
        return load(environment.configDir());
    }

    public static SslConfiguration load(Settings settings, String str, Environment environment) {
        return load(settings, str, environment, null);
    }

    public static SslConfiguration load(Settings settings, String str, Environment environment, @Nullable Function<KeyStore, KeyStore> function) {
        SslSettingsLoader sslSettingsLoader = new SslSettingsLoader(settings, str, true);
        sslSettingsLoader.setKeyStoreFilter(function);
        return sslSettingsLoader.load(environment);
    }
}
