package org.elasticsearch.common.ssl;

import java.nio.file.Path;
import java.security.GeneralSecurityException;
import java.security.NoSuchAlgorithmException;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import javax.net.ssl.SSLContext;
import javax.net.ssl.X509ExtendedKeyManager;
import javax.net.ssl.X509ExtendedTrustManager;

/* loaded from: input_file:ingrid-ibus-6.2.0/lib/elasticsearch-ssl-config-7.17.6.jar:org/elasticsearch/common/ssl/SslConfiguration.class */
public class SslConfiguration {
    static final Map<String, String> ORDERED_PROTOCOL_ALGORITHM_MAP;
    private final SslTrustConfig trustConfig;
    private final SslKeyConfig keyConfig;
    private final SslVerificationMode verificationMode;
    private final SslClientAuthenticationMode clientAuth;
    private final List<String> ciphers;
    private final List<String> supportedProtocols;

    public SslConfiguration(SslTrustConfig sslTrustConfig, SslKeyConfig sslKeyConfig, SslVerificationMode sslVerificationMode, SslClientAuthenticationMode sslClientAuthenticationMode, List<String> list, List<String> list2) {
        if (list == null || list.isEmpty()) {
            throw new SslConfigException("cannot configure SSL/TLS without any supported cipher suites");
        }
        if (list2 == null || list2.isEmpty()) {
            throw new SslConfigException("cannot configure SSL/TLS without any supported protocols");
        }
        this.trustConfig = (SslTrustConfig) Objects.requireNonNull(sslTrustConfig, "trust config cannot be null");
        this.keyConfig = (SslKeyConfig) Objects.requireNonNull(sslKeyConfig, "key config cannot be null");
        this.verificationMode = (SslVerificationMode) Objects.requireNonNull(sslVerificationMode, "verification mode cannot be null");
        this.clientAuth = (SslClientAuthenticationMode) Objects.requireNonNull(sslClientAuthenticationMode, "client authentication cannot be null");
        this.ciphers = Collections.unmodifiableList(list);
        this.supportedProtocols = Collections.unmodifiableList(list2);
    }

    public SslTrustConfig getTrustConfig() {
        return this.trustConfig;
    }

    public SslKeyConfig getKeyConfig() {
        return this.keyConfig;
    }

    public SslVerificationMode getVerificationMode() {
        return this.verificationMode;
    }

    public SslClientAuthenticationMode getClientAuth() {
        return this.clientAuth;
    }

    public List<String> getCipherSuites() {
        return this.ciphers;
    }

    public List<String> getSupportedProtocols() {
        return this.supportedProtocols;
    }

    public Collection<Path> getDependentFiles() {
        HashSet hashSet = new HashSet(this.keyConfig.getDependentFiles());
        hashSet.addAll(this.trustConfig.getDependentFiles());
        return hashSet;
    }

    public SSLContext createSslContext() {
        X509ExtendedKeyManager createKeyManager = this.keyConfig.createKeyManager();
        X509ExtendedTrustManager createTrustManager = this.trustConfig.createTrustManager();
        try {
            SSLContext sSLContext = SSLContext.getInstance(contextProtocol());
            sSLContext.init(new X509ExtendedKeyManager[]{createKeyManager}, new X509ExtendedTrustManager[]{createTrustManager}, null);
            return sSLContext;
        } catch (GeneralSecurityException e) {
            throw new SslConfigException("cannot create ssl context", e);
        }
    }

    private String contextProtocol() {
        if (this.supportedProtocols.isEmpty()) {
            throw new SslConfigException("no SSL/TLS protocols have been configured");
        }
        for (Map.Entry<String, String> entry : ORDERED_PROTOCOL_ALGORITHM_MAP.entrySet()) {
            if (this.supportedProtocols.contains(entry.getKey())) {
                return entry.getValue();
            }
        }
        throw new SslConfigException("no supported SSL/TLS protocol was found in the configured supported protocols: " + this.supportedProtocols);
    }

    public String toString() {
        return getClass().getSimpleName() + "{trustConfig=" + this.trustConfig + ", keyConfig=" + this.keyConfig + ", verificationMode=" + this.verificationMode + ", clientAuth=" + this.clientAuth + ", ciphers=" + this.ciphers + ", supportedProtocols=" + this.supportedProtocols + '}';
    }

    public boolean equals(Object obj) {
        if (this == obj) {
            return true;
        }
        if (obj == null || getClass() != obj.getClass()) {
            return false;
        }
        SslConfiguration sslConfiguration = (SslConfiguration) obj;
        return Objects.equals(this.trustConfig, sslConfiguration.trustConfig) && Objects.equals(this.keyConfig, sslConfiguration.keyConfig) && this.verificationMode == sslConfiguration.verificationMode && this.clientAuth == sslConfiguration.clientAuth && Objects.equals(this.ciphers, sslConfiguration.ciphers) && Objects.equals(this.supportedProtocols, sslConfiguration.supportedProtocols);
    }

    public int hashCode() {
        return Objects.hash(this.trustConfig, this.keyConfig, this.verificationMode, this.clientAuth, this.ciphers, this.supportedProtocols);
    }

    static {
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        try {
            SSLContext.getInstance("TLSv1.3");
            linkedHashMap.put("TLSv1.3", "TLSv1.3");
        } catch (NoSuchAlgorithmException e) {
        }
        linkedHashMap.put("TLSv1.2", "TLSv1.2");
        linkedHashMap.put("TLSv1.1", "TLSv1.1");
        linkedHashMap.put("TLSv1", "TLSv1");
        linkedHashMap.put("SSLv3", "SSLv3");
        linkedHashMap.put("SSLv2", "SSL");
        linkedHashMap.put("SSLv2Hello", "SSL");
        ORDERED_PROTOCOL_ALGORITHM_MAP = Collections.unmodifiableMap(linkedHashMap);
    }
}
