package org.elasticsearch.xpack.core.ssl;

import java.io.IOException;
import java.nio.file.Path;
import java.security.GeneralSecurityException;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Enumeration;
import java.util.List;
import java.util.Objects;
import javax.net.ssl.X509ExtendedKeyManager;
import javax.net.ssl.X509ExtendedTrustManager;
import org.elasticsearch.ElasticsearchException;
import org.elasticsearch.common.Nullable;
import org.elasticsearch.common.settings.SecureString;
import org.elasticsearch.env.Environment;
import org.elasticsearch.xpack.core.ssl.cert.CertificateInfo;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:lib/org.elasticsearch.xpack.core-6.8.6.jar:org/elasticsearch/xpack/core/ssl/StoreKeyConfig.class */
public class StoreKeyConfig extends KeyConfig {
    final String keyStorePath;
    final String keyStoreType;
    final SecureString keyStorePassword;
    final String keyStoreAlgorithm;
    final SecureString keyPassword;
    final String trustStoreAlgorithm;

    /* JADX INFO: Access modifiers changed from: package-private */
    public StoreKeyConfig(String str, String str2, SecureString secureString, SecureString secureString2, String str3, String str4) {
        this.keyStorePath = str;
        this.keyStoreType = (String) Objects.requireNonNull(str2, "keystore type must be specified");
        this.keyStorePassword = ((SecureString) Objects.requireNonNull(secureString, "keystore password must be specified")).m4993clone();
        this.keyPassword = ((SecureString) Objects.requireNonNull(secureString2)).m4993clone();
        this.keyStoreAlgorithm = str3;
        this.trustStoreAlgorithm = str4;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // org.elasticsearch.xpack.core.ssl.KeyConfig
    public X509ExtendedKeyManager createKeyManager(@Nullable Environment environment) {
        try {
            KeyStore store = getStore(environment, this.keyStorePath, this.keyStoreType, this.keyStorePassword);
            checkKeyStore(store);
            return CertParsingUtils.keyManager(store, this.keyPassword.getChars(), this.keyStoreAlgorithm);
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException | CertificateException e) {
            throw new ElasticsearchException("failed to initialize a KeyManagerFactory", e, new Object[0]);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // org.elasticsearch.xpack.core.ssl.TrustConfig
    public X509ExtendedTrustManager createTrustManager(@Nullable Environment environment) {
        try {
            return CertParsingUtils.trustManager(getStore(environment, this.keyStorePath, this.keyStoreType, this.keyStorePassword), this.trustStoreAlgorithm);
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            throw new ElasticsearchException("failed to initialize a TrustManagerFactory", e, new Object[0]);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // org.elasticsearch.xpack.core.ssl.TrustConfig
    public Collection<CertificateInfo> certificates(Environment environment) throws GeneralSecurityException, IOException {
        KeyStore store = getStore(environment, this.keyStorePath, this.keyStoreType, this.keyStorePassword);
        ArrayList arrayList = new ArrayList();
        Enumeration<String> aliases = store.aliases();
        while (aliases.hasMoreElements()) {
            String nextElement = aliases.nextElement();
            Certificate[] certificateChain = store.getCertificateChain(nextElement);
            if (certificateChain != null) {
                int i = 0;
                while (i < certificateChain.length) {
                    Certificate certificate = certificateChain[i];
                    if (certificate instanceof X509Certificate) {
                        arrayList.add(new CertificateInfo(this.keyStorePath, this.keyStoreType, nextElement, i == 0, (X509Certificate) certificate));
                    }
                    i++;
                }
            }
        }
        return arrayList;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // org.elasticsearch.xpack.core.ssl.TrustConfig
    public List<Path> filesToMonitor(@Nullable Environment environment) {
        return this.keyStorePath == null ? Collections.emptyList() : Collections.singletonList(CertParsingUtils.resolvePath(this.keyStorePath, environment));
    }

    @Override // org.elasticsearch.xpack.core.ssl.KeyConfig
    List<PrivateKey> privateKeys(@Nullable Environment environment) {
        try {
            KeyStore store = getStore(environment, this.keyStorePath, this.keyStoreType, this.keyStorePassword);
            ArrayList arrayList = new ArrayList();
            Enumeration<String> aliases = store.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                if (store.isKeyEntry(nextElement)) {
                    Key key = store.getKey(nextElement, this.keyPassword.getChars());
                    if (key instanceof PrivateKey) {
                        arrayList.add((PrivateKey) key);
                    }
                }
            }
            return arrayList;
        } catch (Exception e) {
            throw new ElasticsearchException("failed to list keys", e, new Object[0]);
        }
    }

    private void checkKeyStore(KeyStore keyStore) throws KeyStoreException {
        Enumeration<String> aliases = keyStore.aliases();
        while (aliases.hasMoreElements()) {
            if (keyStore.isKeyEntry(aliases.nextElement())) {
                return;
            }
        }
        throw new IllegalArgumentException(null != this.keyStorePath ? "the keystore [" + this.keyStorePath + "] does not contain a private key entry" : "the configured PKCS#11 token does not contain a private key entry");
    }

    @Override // org.elasticsearch.xpack.core.ssl.TrustConfig
    public boolean equals(Object obj) {
        if (this == obj) {
            return true;
        }
        if (obj == null || getClass() != obj.getClass()) {
            return false;
        }
        StoreKeyConfig storeKeyConfig = (StoreKeyConfig) obj;
        if (this.keyStorePath != null) {
            if (!this.keyStorePath.equals(storeKeyConfig.keyStorePath)) {
                return false;
            }
        } else if (storeKeyConfig.keyStorePath != null) {
            return false;
        }
        if (this.keyStorePassword != null) {
            if (!this.keyStorePassword.equals(storeKeyConfig.keyStorePassword)) {
                return false;
            }
        } else if (storeKeyConfig.keyStorePassword != null) {
            return false;
        }
        if (this.keyStoreAlgorithm != null) {
            if (!this.keyStoreAlgorithm.equals(storeKeyConfig.keyStoreAlgorithm)) {
                return false;
            }
        } else if (storeKeyConfig.keyStoreAlgorithm != null) {
            return false;
        }
        if (this.keyPassword != null) {
            if (!this.keyPassword.equals(storeKeyConfig.keyPassword)) {
                return false;
            }
        } else if (storeKeyConfig.keyPassword != null) {
            return false;
        }
        return this.trustStoreAlgorithm != null ? this.trustStoreAlgorithm.equals(storeKeyConfig.trustStoreAlgorithm) : storeKeyConfig.trustStoreAlgorithm == null;
    }

    @Override // org.elasticsearch.xpack.core.ssl.TrustConfig
    public int hashCode() {
        return (31 * ((31 * ((31 * ((31 * (this.keyStorePath != null ? this.keyStorePath.hashCode() : 0)) + (this.keyStorePassword != null ? this.keyStorePassword.hashCode() : 0))) + (this.keyStoreAlgorithm != null ? this.keyStoreAlgorithm.hashCode() : 0))) + (this.keyPassword != null ? this.keyPassword.hashCode() : 0))) + (this.trustStoreAlgorithm != null ? this.trustStoreAlgorithm.hashCode() : 0);
    }

    @Override // org.elasticsearch.xpack.core.ssl.TrustConfig
    public String toString() {
        return "keyStorePath=[" + this.keyStorePath + "], keyStoreType=[" + this.keyStoreType + "], keyStoreAlgorithm=[" + this.keyStoreAlgorithm + "], trustStoreAlgorithm=[" + this.trustStoreAlgorithm + "]";
    }
}
