package org.elasticsearch.common.ssl;

import java.io.IOException;
import java.nio.file.Path;
import java.security.GeneralSecurityException;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import java.util.Objects;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509ExtendedTrustManager;

/* loaded from: input_file:org/elasticsearch/common/ssl/PemTrustConfig.class */
public final class PemTrustConfig implements SslTrustConfig {
    private static final String CA_FILE_TYPE = "PEM certificate_authorities";
    private final List<String> certificateAuthorities;
    private final Path basePath;

    public PemTrustConfig(List<String> list, Path path) {
        this.certificateAuthorities = Collections.unmodifiableList(list);
        this.basePath = path;
    }

    @Override // org.elasticsearch.common.ssl.SslTrustConfig
    public Collection<Path> getDependentFiles() {
        return resolveFiles();
    }

    @Override // org.elasticsearch.common.ssl.SslTrustConfig
    public Collection<? extends StoredCertificate> getConfiguredCertificates() {
        ArrayList arrayList = new ArrayList(this.certificateAuthorities.size());
        for (String str : this.certificateAuthorities) {
            for (Certificate certificate : readCertificates(List.of(resolveFile(str)))) {
                if (certificate instanceof X509Certificate) {
                    arrayList.add(new StoredCertificate((X509Certificate) certificate, str, "PEM", null, false));
                }
            }
        }
        return arrayList;
    }

    @Override // org.elasticsearch.common.ssl.SslTrustConfig
    public X509ExtendedTrustManager createTrustManager() {
        List<Path> resolveFiles = resolveFiles();
        try {
            return KeyStoreUtil.createTrustManager(KeyStoreUtil.buildTrustStore(readCertificates(resolveFiles)), TrustManagerFactory.getDefaultAlgorithm());
        } catch (GeneralSecurityException e) {
            throw new SslConfigException("cannot create trust using PEM certificates [" + SslFileUtil.pathsToString(resolveFiles) + "]", e);
        }
    }

    private List<Path> resolveFiles() {
        return this.certificateAuthorities.stream().map(this::resolveFile).toList();
    }

    private Path resolveFile(String str) {
        return this.basePath.resolve(str);
    }

    private List<Certificate> readCertificates(List<Path> list) {
        try {
            return PemUtils.readCertificates(list);
        } catch (IOException e) {
            throw SslFileUtil.ioException(CA_FILE_TYPE, list, e);
        } catch (SecurityException e2) {
            throw SslFileUtil.accessControlFailure(CA_FILE_TYPE, list, e2, this.basePath);
        } catch (GeneralSecurityException e3) {
            throw SslFileUtil.securityException(CA_FILE_TYPE, list, e3);
        } catch (SslConfigException e4) {
            throw SslFileUtil.configException(CA_FILE_TYPE, list, e4);
        }
    }

    public String toString() {
        return "PEM-trust{" + SslFileUtil.pathsToString(resolveFiles()) + "}";
    }

    public boolean equals(Object obj) {
        if (this == obj) {
            return true;
        }
        if (obj == null || getClass() != obj.getClass()) {
            return false;
        }
        return Objects.equals(this.certificateAuthorities, ((PemTrustConfig) obj).certificateAuthorities);
    }

    public int hashCode() {
        return Objects.hash(this.certificateAuthorities);
    }
}
