package org.elasticsearch.xpack.core.ssl;

import java.io.IOException;
import java.nio.file.AccessDeniedException;
import java.nio.file.NoSuchFileException;
import java.nio.file.Path;
import java.security.AccessControlException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import javax.net.ssl.X509ExtendedTrustManager;
import org.elasticsearch.ElasticsearchException;
import org.elasticsearch.common.Strings;
import org.elasticsearch.core.Nullable;
import org.elasticsearch.env.Environment;
import org.elasticsearch.xpack.core.ssl.cert.CertificateInfo;

/* loaded from: input_file:ingrid-ibus-7.1.0/lib/x-pack-core-7.17.15.jar:org/elasticsearch/xpack/core/ssl/PEMTrustConfig.class */
class PEMTrustConfig extends TrustConfig {
    private static final String CA_FILE = "certificate_authorities";
    private final List<String> caPaths;

    /* JADX INFO: Access modifiers changed from: package-private */
    public PEMTrustConfig(List<String> list) {
        this.caPaths = (List) Objects.requireNonNull(list, "ca paths must be specified");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // org.elasticsearch.xpack.core.ssl.TrustConfig
    public X509ExtendedTrustManager createTrustManager(@Nullable Environment environment) {
        try {
            return CertParsingUtils.trustManager(CertParsingUtils.readCertificates(this.caPaths, environment));
        } catch (AccessDeniedException e) {
            throw unreadableTrustConfigFile(e, "certificate_authorities", CertParsingUtils.resolvePath(e.getFile(), environment));
        } catch (NoSuchFileException e2) {
            throw missingTrustConfigFile(e2, "certificate_authorities", CertParsingUtils.resolvePath(e2.getFile(), environment));
        } catch (AccessControlException e3) {
            throw blockedTrustConfigFile(e3, environment, "certificate_authorities", CertParsingUtils.resolvePaths(this.caPaths, environment));
        } catch (Exception e4) {
            throw new ElasticsearchException("failed to initialize SSL TrustManager", e4, new Object[0]);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // org.elasticsearch.xpack.core.ssl.TrustConfig
    public Collection<CertificateInfo> certificates(Environment environment) throws CertificateException, IOException {
        ArrayList arrayList = new ArrayList(this.caPaths.size());
        for (String str : this.caPaths) {
            for (Certificate certificate : CertParsingUtils.readCertificates(Collections.singletonList(str), environment)) {
                if (certificate instanceof X509Certificate) {
                    arrayList.add(new CertificateInfo(str, "PEM", null, false, (X509Certificate) certificate));
                }
            }
        }
        return arrayList;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // org.elasticsearch.xpack.core.ssl.TrustConfig
    public List<Path> filesToMonitor(@Nullable Environment environment) {
        ArrayList arrayList = new ArrayList(this.caPaths.size());
        Iterator<String> it = this.caPaths.iterator();
        while (it.hasNext()) {
            arrayList.add(CertParsingUtils.resolvePath(it.next(), environment));
        }
        return arrayList;
    }

    @Override // org.elasticsearch.xpack.core.ssl.TrustConfig
    public boolean equals(Object obj) {
        if (this == obj) {
            return true;
        }
        if (obj == null || getClass() != obj.getClass()) {
            return false;
        }
        PEMTrustConfig pEMTrustConfig = (PEMTrustConfig) obj;
        return this.caPaths != null ? this.caPaths.equals(pEMTrustConfig.caPaths) : pEMTrustConfig.caPaths == null;
    }

    @Override // org.elasticsearch.xpack.core.ssl.TrustConfig
    public int hashCode() {
        if (this.caPaths != null) {
            return this.caPaths.hashCode();
        }
        return 0;
    }

    @Override // org.elasticsearch.xpack.core.ssl.TrustConfig
    public String toString() {
        return "ca=[" + Strings.collectionToCommaDelimitedString(this.caPaths) + "]";
    }
}
