package org.elasticsearch.xpack.ssl;

import java.io.IOException;
import java.io.InputStream;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Enumeration;
import java.util.List;
import java.util.Objects;
import javax.net.ssl.X509ExtendedKeyManager;
import javax.net.ssl.X509ExtendedTrustManager;
import org.elasticsearch.ElasticsearchException;
import org.elasticsearch.common.Nullable;
import org.elasticsearch.common.settings.SecureString;
import org.elasticsearch.env.Environment;

/* loaded from: input_file:org/elasticsearch/xpack/ssl/StoreKeyConfig.class */
class StoreKeyConfig extends KeyConfig {
    final String keyStorePath;
    final String keyStorePassword;
    final String keyStoreAlgorithm;
    final String keyPassword;
    final String trustStoreAlgorithm;

    /* JADX INFO: Access modifiers changed from: package-private */
    public StoreKeyConfig(String str, String str2, String str3, String str4, String str5) {
        this.keyStorePath = (String) Objects.requireNonNull(str, "keystore path must be specified");
        this.keyStorePassword = (String) Objects.requireNonNull(str2, "keystore password must be specified");
        this.keyPassword = str3;
        this.keyStoreAlgorithm = str4;
        this.trustStoreAlgorithm = str5;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // org.elasticsearch.xpack.ssl.KeyConfig
    public X509ExtendedKeyManager createKeyManager(@Nullable Environment environment) {
        try {
            KeyStore keyStore = getKeyStore(environment);
            checkKeyStore(keyStore);
            SecureString secureString = new SecureString(this.keyPassword.toCharArray());
            Throwable th = null;
            try {
                try {
                    X509ExtendedKeyManager keyManager = CertUtils.keyManager(keyStore, secureString.getChars(), this.keyStoreAlgorithm);
                    if (secureString != null) {
                        if (0 != 0) {
                            try {
                                secureString.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            secureString.close();
                        }
                    }
                    return keyManager;
                } finally {
                }
            } finally {
            }
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException | CertificateException e) {
            throw new ElasticsearchException("failed to initialize a KeyManagerFactory", e, new Object[0]);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // org.elasticsearch.xpack.ssl.TrustConfig
    public X509ExtendedTrustManager createTrustManager(@Nullable Environment environment) {
        try {
            return CertUtils.trustManager(this.keyStorePath, this.keyStorePassword, this.trustStoreAlgorithm, environment);
        } catch (Exception e) {
            throw new ElasticsearchException("failed to initialize a TrustManagerFactory", e, new Object[0]);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // org.elasticsearch.xpack.ssl.TrustConfig
    public List<Path> filesToMonitor(@Nullable Environment environment) {
        return Collections.singletonList(CertUtils.resolvePath(this.keyStorePath, environment));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // org.elasticsearch.xpack.ssl.KeyConfig
    public List<PrivateKey> privateKeys(@Nullable Environment environment) {
        try {
            KeyStore keyStore = getKeyStore(environment);
            SecureString secureString = new SecureString(this.keyPassword.toCharArray());
            Throwable th = null;
            try {
                try {
                    ArrayList arrayList = new ArrayList();
                    Enumeration<String> aliases = keyStore.aliases();
                    while (aliases.hasMoreElements()) {
                        String nextElement = aliases.nextElement();
                        if (keyStore.isKeyEntry(nextElement)) {
                            Key key = keyStore.getKey(nextElement, secureString.getChars());
                            if (key instanceof PrivateKey) {
                                arrayList.add((PrivateKey) key);
                            }
                        }
                    }
                    if (secureString != null) {
                        if (0 != 0) {
                            try {
                                secureString.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            secureString.close();
                        }
                    }
                    return arrayList;
                } finally {
                }
            } finally {
            }
        } catch (Exception e) {
            throw new ElasticsearchException("failed to list keys", e, new Object[0]);
        }
    }

    private KeyStore getKeyStore(@Nullable Environment environment) throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException {
        InputStream newInputStream = Files.newInputStream(CertUtils.resolvePath(this.keyStorePath, environment), new OpenOption[0]);
        Throwable th = null;
        try {
            KeyStore keyStore = KeyStore.getInstance("jks");
            if (this.keyStorePassword == null) {
                throw new IllegalArgumentException("keystore password may not be null");
            }
            SecureString secureString = new SecureString(this.keyStorePassword.toCharArray());
            Throwable th2 = null;
            try {
                try {
                    keyStore.load(newInputStream, secureString.getChars());
                    if (secureString != null) {
                        if (0 != 0) {
                            try {
                                secureString.close();
                            } catch (Throwable th3) {
                                th2.addSuppressed(th3);
                            }
                        } else {
                            secureString.close();
                        }
                    }
                    return keyStore;
                } finally {
                }
            } catch (Throwable th4) {
                if (secureString != null) {
                    if (th2 != null) {
                        try {
                            secureString.close();
                        } catch (Throwable th5) {
                            th2.addSuppressed(th5);
                        }
                    } else {
                        secureString.close();
                    }
                }
                throw th4;
            }
        } finally {
            if (newInputStream != null) {
                if (0 != 0) {
                    try {
                        newInputStream.close();
                    } catch (Throwable th6) {
                        th.addSuppressed(th6);
                    }
                } else {
                    newInputStream.close();
                }
            }
        }
    }

    private void checkKeyStore(KeyStore keyStore) throws KeyStoreException {
        Enumeration<String> aliases = keyStore.aliases();
        while (aliases.hasMoreElements()) {
            if (keyStore.isKeyEntry(aliases.nextElement())) {
                return;
            }
        }
        throw new IllegalArgumentException("the keystore [" + this.keyStorePath + "] does not contain a private key entry");
    }

    @Override // org.elasticsearch.xpack.ssl.TrustConfig
    public boolean equals(Object obj) {
        if (this == obj) {
            return true;
        }
        if (obj == null || getClass() != obj.getClass()) {
            return false;
        }
        StoreKeyConfig storeKeyConfig = (StoreKeyConfig) obj;
        if (this.keyStorePath != null) {
            if (!this.keyStorePath.equals(storeKeyConfig.keyStorePath)) {
                return false;
            }
        } else if (storeKeyConfig.keyStorePath != null) {
            return false;
        }
        if (this.keyStorePassword != null) {
            if (!this.keyStorePassword.equals(storeKeyConfig.keyStorePassword)) {
                return false;
            }
        } else if (storeKeyConfig.keyStorePassword != null) {
            return false;
        }
        if (this.keyStoreAlgorithm != null) {
            if (!this.keyStoreAlgorithm.equals(storeKeyConfig.keyStoreAlgorithm)) {
                return false;
            }
        } else if (storeKeyConfig.keyStoreAlgorithm != null) {
            return false;
        }
        if (this.keyPassword != null) {
            if (!this.keyPassword.equals(storeKeyConfig.keyPassword)) {
                return false;
            }
        } else if (storeKeyConfig.keyPassword != null) {
            return false;
        }
        return this.trustStoreAlgorithm != null ? this.trustStoreAlgorithm.equals(storeKeyConfig.trustStoreAlgorithm) : storeKeyConfig.trustStoreAlgorithm == null;
    }

    @Override // org.elasticsearch.xpack.ssl.TrustConfig
    public int hashCode() {
        return (31 * ((31 * ((31 * ((31 * (this.keyStorePath != null ? this.keyStorePath.hashCode() : 0)) + (this.keyStorePassword != null ? this.keyStorePassword.hashCode() : 0))) + (this.keyStoreAlgorithm != null ? this.keyStoreAlgorithm.hashCode() : 0))) + (this.keyPassword != null ? this.keyPassword.hashCode() : 0))) + (this.trustStoreAlgorithm != null ? this.trustStoreAlgorithm.hashCode() : 0);
    }

    @Override // org.elasticsearch.xpack.ssl.TrustConfig
    public String toString() {
        return "keyStorePath=[" + this.keyStorePath + "], keyStoreAlgorithm=[" + this.keyStoreAlgorithm + "], trustStoreAlgorithm=[" + this.trustStoreAlgorithm + "]";
    }
}
