package org.elasticsearch.common.ssl;

import java.io.IOException;
import java.io.InputStream;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.util.Collection;
import java.util.Iterator;
import java.util.Locale;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509ExtendedKeyManager;
import javax.net.ssl.X509ExtendedTrustManager;
import org.elasticsearch.common.Nullable;

/* loaded from: input_file:ingrid-iplug-excel-5.12.0/lib/elasticsearch-ssl-config-6.8.17.jar:org/elasticsearch/common/ssl/KeyStoreUtil.class */
final class KeyStoreUtil {
    static final /* synthetic */ boolean $assertionsDisabled;

    private KeyStoreUtil() {
        throw new IllegalStateException("Utility class should not be instantiated");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String inferKeyStoreType(Path path) {
        String lowerCase = path == null ? "" : path.toString().toLowerCase(Locale.ROOT);
        return (lowerCase.endsWith(".p12") || lowerCase.endsWith(".pfx") || lowerCase.endsWith(".pkcs12")) ? "PKCS12" : "jks";
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static KeyStore readKeyStore(Path path, String str, char[] cArr) throws GeneralSecurityException {
        if (Files.notExists(path, new LinkOption[0])) {
            throw new SslConfigException("cannot read a [" + str + "] keystore from [" + path.toAbsolutePath() + "] because the file does not exist");
        }
        try {
            KeyStore keyStore = KeyStore.getInstance(str);
            InputStream newInputStream = Files.newInputStream(path, new OpenOption[0]);
            try {
                keyStore.load(newInputStream, cArr);
                if (newInputStream != null) {
                    newInputStream.close();
                }
                return keyStore;
            } finally {
            }
        } catch (IOException e) {
            throw new SslConfigException("cannot read a [" + str + "] keystore from [" + path.toAbsolutePath() + "] - " + e.getMessage(), e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static KeyStore buildKeyStore(Collection<Certificate> collection, PrivateKey privateKey, char[] cArr) throws GeneralSecurityException {
        KeyStore buildNewKeyStore = buildNewKeyStore();
        buildNewKeyStore.setKeyEntry("key", privateKey, cArr, (Certificate[]) collection.toArray(new Certificate[0]));
        return buildNewKeyStore;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static KeyStore buildTrustStore(Iterable<Certificate> iterable) throws GeneralSecurityException {
        if (!$assertionsDisabled && iterable == null) {
            throw new AssertionError("Cannot create keystore with null certificates");
        }
        KeyStore buildNewKeyStore = buildNewKeyStore();
        int i = 0;
        Iterator<Certificate> it2 = iterable.iterator();
        while (it2.hasNext()) {
            buildNewKeyStore.setCertificateEntry("cert-" + i, it2.next());
            i++;
        }
        return buildNewKeyStore;
    }

    private static KeyStore buildNewKeyStore() throws GeneralSecurityException {
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        try {
            keyStore.load(null, null);
            return keyStore;
        } catch (IOException e) {
            throw new SslConfigException("Unexpected error initializing a new in-memory keystore", e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static X509ExtendedKeyManager createKeyManager(KeyStore keyStore, char[] cArr, String str) throws GeneralSecurityException {
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(str);
        keyManagerFactory.init(keyStore, cArr);
        for (KeyManager keyManager : keyManagerFactory.getKeyManagers()) {
            if (keyManager instanceof X509ExtendedKeyManager) {
                return (X509ExtendedKeyManager) keyManager;
            }
        }
        throw new SslConfigException("failed to find a X509ExtendedKeyManager in the key manager factory for [" + str + "] and keystore [" + keyStore + "]");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static X509ExtendedTrustManager createTrustManager(@Nullable KeyStore keyStore, String str) throws NoSuchAlgorithmException, KeyStoreException {
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(str);
        trustManagerFactory.init(keyStore);
        for (TrustManager trustManager : trustManagerFactory.getTrustManagers()) {
            if (trustManager instanceof X509ExtendedTrustManager) {
                return (X509ExtendedTrustManager) trustManager;
            }
        }
        throw new SslConfigException("failed to find a X509ExtendedTrustManager in the trust manager factory for [" + str + "] and truststore [" + keyStore + "]");
    }

    static {
        $assertionsDisabled = !KeyStoreUtil.class.desiredAssertionStatus();
    }
}
