package org.elasticsearch.xpack.core.ssl;

import java.io.FileNotFoundException;
import java.io.IOException;
import java.nio.file.AccessDeniedException;
import java.nio.file.NoSuchFileException;
import java.nio.file.Path;
import java.security.AccessControlException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Enumeration;
import java.util.List;
import java.util.Objects;
import javax.net.ssl.X509ExtendedTrustManager;
import org.elasticsearch.ElasticsearchException;
import org.elasticsearch.common.Nullable;
import org.elasticsearch.common.settings.SecureString;
import org.elasticsearch.env.Environment;
import org.elasticsearch.xpack.core.ssl.cert.CertificateInfo;

/* loaded from: input_file:lib/x-pack-core-7.9.0.jar:org/elasticsearch/xpack/core/ssl/StoreTrustConfig.class */
class StoreTrustConfig extends TrustConfig {
    private static final String TRUSTSTORE_FILE = "truststore";
    final String trustStorePath;
    final String trustStoreType;
    final SecureString trustStorePassword;
    final String trustStoreAlgorithm;

    /* JADX INFO: Access modifiers changed from: package-private */
    public StoreTrustConfig(String str, String str2, SecureString secureString, String str3) {
        this.trustStorePath = str;
        this.trustStoreType = str2;
        this.trustStorePassword = ((SecureString) Objects.requireNonNull(secureString, "truststore password must be specified")).m6086clone();
        this.trustStoreAlgorithm = str3;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // org.elasticsearch.xpack.core.ssl.TrustConfig
    public X509ExtendedTrustManager createTrustManager(@Nullable Environment environment) {
        Path resolvePath = CertParsingUtils.resolvePath(this.trustStorePath, environment);
        try {
            return CertParsingUtils.trustManager(getStore(resolvePath, this.trustStoreType, this.trustStorePassword), this.trustStoreAlgorithm);
        } catch (FileNotFoundException | NoSuchFileException e) {
            throw missingTrustConfigFile(e, TRUSTSTORE_FILE, resolvePath);
        } catch (AccessDeniedException e2) {
            throw unreadableTrustConfigFile(e2, TRUSTSTORE_FILE, resolvePath);
        } catch (AccessControlException e3) {
            throw blockedTrustConfigFile(e3, environment, TRUSTSTORE_FILE, Collections.singletonList(resolvePath));
        } catch (Exception e4) {
            throw new ElasticsearchException("failed to initialize SSL TrustManager", e4, new Object[0]);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // org.elasticsearch.xpack.core.ssl.TrustConfig
    public Collection<CertificateInfo> certificates(Environment environment) throws GeneralSecurityException, IOException {
        KeyStore store = getStore(environment, this.trustStorePath, this.trustStoreType, this.trustStorePassword);
        ArrayList arrayList = new ArrayList();
        Enumeration<String> aliases = store.aliases();
        while (aliases.hasMoreElements()) {
            String nextElement = aliases.nextElement();
            Certificate certificate = store.getCertificate(nextElement);
            if (certificate instanceof X509Certificate) {
                arrayList.add(new CertificateInfo(this.trustStorePath, this.trustStoreType, nextElement, store.isKeyEntry(nextElement), (X509Certificate) certificate));
            }
        }
        return arrayList;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // org.elasticsearch.xpack.core.ssl.TrustConfig
    public List<Path> filesToMonitor(@Nullable Environment environment) {
        return this.trustStorePath == null ? Collections.emptyList() : Collections.singletonList(CertParsingUtils.resolvePath(this.trustStorePath, environment));
    }

    @Override // org.elasticsearch.xpack.core.ssl.TrustConfig
    public boolean equals(Object obj) {
        if (this == obj) {
            return true;
        }
        if (obj == null || getClass() != obj.getClass()) {
            return false;
        }
        StoreTrustConfig storeTrustConfig = (StoreTrustConfig) obj;
        if (this.trustStorePath != null) {
            if (!this.trustStorePath.equals(storeTrustConfig.trustStorePath)) {
                return false;
            }
        } else if (storeTrustConfig.trustStorePath != null) {
            return false;
        }
        if (this.trustStorePassword != null) {
            if (!this.trustStorePassword.equals(storeTrustConfig.trustStorePassword)) {
                return false;
            }
        } else if (storeTrustConfig.trustStorePassword != null) {
            return false;
        }
        return this.trustStoreAlgorithm != null ? this.trustStoreAlgorithm.equals(storeTrustConfig.trustStoreAlgorithm) : storeTrustConfig.trustStoreAlgorithm == null;
    }

    @Override // org.elasticsearch.xpack.core.ssl.TrustConfig
    public int hashCode() {
        return (31 * ((31 * (this.trustStorePath != null ? this.trustStorePath.hashCode() : 0)) + (this.trustStorePassword != null ? this.trustStorePassword.hashCode() : 0))) + (this.trustStoreAlgorithm != null ? this.trustStoreAlgorithm.hashCode() : 0);
    }

    @Override // org.elasticsearch.xpack.core.ssl.TrustConfig
    public String toString() {
        return "trustStorePath=[" + this.trustStorePath + "], trustStoreAlgorithm=[" + this.trustStoreAlgorithm + "]";
    }
}
