package org.elasticsearch.common.ssl;

import java.io.IOException;
import java.io.InputStream;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.security.GeneralSecurityException;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import java.util.Objects;
import java.util.function.Function;
import java.util.function.Predicate;
import java.util.stream.Stream;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509ExtendedKeyManager;
import javax.net.ssl.X509ExtendedTrustManager;
import org.elasticsearch.core.Nullable;

/* loaded from: input_file:org/elasticsearch/common/ssl/KeyStoreUtil.class */
public final class KeyStoreUtil {
    static final /* synthetic */ boolean $assertionsDisabled;

    /* loaded from: input_file:org/elasticsearch/common/ssl/KeyStoreUtil$KeyStoreEntry.class */
    public static class KeyStoreEntry {
        private final KeyStore store;
        private final String alias;
        private final Function<GeneralSecurityException, ? extends RuntimeException> exceptionHandler;

        KeyStoreEntry(KeyStore keyStore, String str, Function<GeneralSecurityException, ? extends RuntimeException> function) {
            this.store = keyStore;
            this.alias = str;
            this.exceptionHandler = function;
        }

        public String getAlias() {
            return this.alias;
        }

        public X509Certificate getX509Certificate() {
            try {
                Certificate certificate = this.store.getCertificate(this.alias);
                if (certificate instanceof X509Certificate) {
                    return (X509Certificate) certificate;
                }
                return null;
            } catch (KeyStoreException e) {
                throw this.exceptionHandler.apply(e);
            }
        }

        public boolean isKeyEntry() {
            try {
                return this.store.isKeyEntry(this.alias);
            } catch (KeyStoreException e) {
                throw this.exceptionHandler.apply(e);
            }
        }

        public PrivateKey getKey(char[] cArr) {
            try {
                Key key = this.store.getKey(this.alias, cArr);
                if (key instanceof PrivateKey) {
                    return (PrivateKey) key;
                }
                return null;
            } catch (GeneralSecurityException e) {
                throw this.exceptionHandler.apply(e);
            }
        }

        public List<? extends X509Certificate> getX509CertificateChain() {
            try {
                Certificate[] certificateChain = this.store.getCertificateChain(this.alias);
                if (certificateChain == null || certificateChain.length == 0) {
                    return List.of();
                }
                Stream filter = Stream.of((Object[]) certificateChain).filter(certificate -> {
                    return certificate instanceof X509Certificate;
                });
                Class<X509Certificate> cls = X509Certificate.class;
                Objects.requireNonNull(X509Certificate.class);
                return filter.map((v1) -> {
                    return r1.cast(v1);
                }).toList();
            } catch (KeyStoreException e) {
                throw this.exceptionHandler.apply(e);
            }
        }

        public void delete() {
            try {
                this.store.deleteEntry(this.alias);
            } catch (KeyStoreException e) {
                throw this.exceptionHandler.apply(e);
            }
        }
    }

    private KeyStoreUtil() {
        throw new IllegalStateException("Utility class should not be instantiated");
    }

    public static String inferKeyStoreType(String str) {
        String lowerCase = str == null ? "" : str.toLowerCase(Locale.ROOT);
        return (lowerCase.endsWith(".p12") || lowerCase.endsWith(".pfx") || lowerCase.endsWith(".pkcs12")) ? "PKCS12" : "jks";
    }

    public static KeyStore readKeyStore(Path path, String str, char[] cArr) throws GeneralSecurityException, IOException {
        KeyStore keyStore = KeyStore.getInstance(str);
        if (path != null) {
            InputStream newInputStream = Files.newInputStream(path, new OpenOption[0]);
            try {
                keyStore.load(newInputStream, cArr);
                if (newInputStream != null) {
                    newInputStream.close();
                }
            } catch (Throwable th) {
                if (newInputStream != null) {
                    try {
                        newInputStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
                throw th;
            }
        }
        return keyStore;
    }

    public static KeyStore buildKeyStore(Collection<Certificate> collection, PrivateKey privateKey, char[] cArr) throws GeneralSecurityException {
        KeyStore buildNewKeyStore = buildNewKeyStore();
        buildNewKeyStore.setKeyEntry(SslConfigurationKeys.KEY, privateKey, cArr, (Certificate[]) collection.toArray(new Certificate[0]));
        return buildNewKeyStore;
    }

    public static KeyStore filter(KeyStore keyStore, Predicate<KeyStoreEntry> predicate) {
        stream(keyStore, generalSecurityException -> {
            return new SslConfigException("Failed to apply filter to existing keystore", generalSecurityException);
        }).filter(predicate.negate()).forEach(keyStoreEntry -> {
            keyStoreEntry.delete();
        });
        return keyStore;
    }

    public static KeyStore buildTrustStore(Iterable<Certificate> iterable) throws GeneralSecurityException {
        return buildTrustStore(iterable, KeyStore.getDefaultType());
    }

    public static KeyStore buildTrustStore(Iterable<Certificate> iterable, String str) throws GeneralSecurityException {
        if (!$assertionsDisabled && iterable == null) {
            throw new AssertionError("Cannot create keystore with null certificates");
        }
        KeyStore buildNewKeyStore = buildNewKeyStore(str);
        int i = 0;
        Iterator<Certificate> it = iterable.iterator();
        while (it.hasNext()) {
            buildNewKeyStore.setCertificateEntry("cert-" + i, it.next());
            i++;
        }
        return buildNewKeyStore;
    }

    private static KeyStore buildNewKeyStore() throws GeneralSecurityException {
        return buildNewKeyStore(KeyStore.getDefaultType());
    }

    private static KeyStore buildNewKeyStore(String str) throws GeneralSecurityException {
        KeyStore keyStore = KeyStore.getInstance(str);
        try {
            keyStore.load(null, null);
            return keyStore;
        } catch (IOException e) {
            throw new SslConfigException("Unexpected error initializing a new in-memory keystore", e);
        }
    }

    public static X509ExtendedKeyManager createKeyManager(Certificate[] certificateArr, PrivateKey privateKey, char[] cArr) throws GeneralSecurityException, IOException {
        return createKeyManager(buildKeyStore(List.of((Object[]) certificateArr), privateKey, cArr), cArr, KeyManagerFactory.getDefaultAlgorithm());
    }

    public static X509ExtendedKeyManager createKeyManager(KeyStore keyStore, char[] cArr, String str) throws GeneralSecurityException {
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(str);
        keyManagerFactory.init(keyStore, cArr);
        for (KeyManager keyManager : keyManagerFactory.getKeyManagers()) {
            if (keyManager instanceof X509ExtendedKeyManager) {
                return (X509ExtendedKeyManager) keyManager;
            }
        }
        throw new SslConfigException("failed to find a X509ExtendedKeyManager in the key manager factory for [" + str + "] and keystore [" + keyStore + "]");
    }

    public static X509ExtendedTrustManager createTrustManager(@Nullable KeyStore keyStore, String str) throws NoSuchAlgorithmException, KeyStoreException {
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(str);
        trustManagerFactory.init(keyStore);
        for (TrustManager trustManager : trustManagerFactory.getTrustManagers()) {
            if (trustManager instanceof X509ExtendedTrustManager) {
                return (X509ExtendedTrustManager) trustManager;
            }
        }
        throw new SslConfigException("failed to find a X509ExtendedTrustManager in the trust manager factory for [" + str + "] and truststore [" + keyStore + "]");
    }

    public static X509ExtendedTrustManager createTrustManager(Collection<Certificate> collection) throws GeneralSecurityException {
        return createTrustManager(buildTrustStore(collection), TrustManagerFactory.getDefaultAlgorithm());
    }

    public static Stream<KeyStoreEntry> stream(KeyStore keyStore, Function<GeneralSecurityException, ? extends RuntimeException> function) {
        try {
            return Collections.list(keyStore.aliases()).stream().map(str -> {
                return new KeyStoreEntry(keyStore, str, function);
            });
        } catch (KeyStoreException e) {
            throw function.apply(e);
        }
    }

    static {
        $assertionsDisabled = !KeyStoreUtil.class.desiredAssertionStatus();
    }
}
