package org.elasticsearch.common.ssl;

import java.io.FileNotFoundException;
import java.io.IOException;
import java.nio.file.NoSuchFileException;
import java.nio.file.Path;
import java.security.GeneralSecurityException;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import java.util.Objects;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.X509ExtendedKeyManager;

/* loaded from: input_file:ingrid-iplug-opensearch-6.2.0/lib/elasticsearch-ssl-config-7.17.9.jar:org/elasticsearch/common/ssl/PemKeyConfig.class */
public final class PemKeyConfig implements SslKeyConfig {
    private final Path certificate;
    private final Path key;
    private final char[] keyPassword;

    public PemKeyConfig(Path path, Path path2, char[] cArr) {
        this.certificate = (Path) Objects.requireNonNull(path, "Certificate cannot be null");
        this.key = (Path) Objects.requireNonNull(path2, "Key cannot be null");
        this.keyPassword = (char[]) Objects.requireNonNull(cArr, "Key password cannot be null (but may be empty)");
    }

    @Override // org.elasticsearch.common.ssl.SslKeyConfig
    public Collection<Path> getDependentFiles() {
        return Arrays.asList(this.certificate, this.key);
    }

    @Override // org.elasticsearch.common.ssl.SslKeyConfig
    public X509ExtendedKeyManager createKeyManager() {
        try {
            return KeyStoreUtil.createKeyManager(KeyStoreUtil.buildKeyStore(getCertificates(), getPrivateKey(), this.keyPassword), this.keyPassword, KeyManagerFactory.getDefaultAlgorithm());
        } catch (GeneralSecurityException e) {
            throw new SslConfigException("failed to load a KeyManager for certificate/key pair [" + this.certificate + "], [" + this.key + "]", e);
        }
    }

    private PrivateKey getPrivateKey() {
        try {
            PrivateKey readPrivateKey = PemUtils.readPrivateKey(this.key, () -> {
                return this.keyPassword;
            });
            if (readPrivateKey == null) {
                throw new SslConfigException("could not load ssl private key file [" + this.key + "]");
            }
            return readPrivateKey;
        } catch (FileNotFoundException | NoSuchFileException e) {
            throw new SslConfigException("the configured ssl private key file [" + this.key.toAbsolutePath() + "] does not exist", e);
        } catch (IOException e2) {
            throw new SslConfigException("the configured ssl private key file [" + this.key.toAbsolutePath() + "] cannot be read", e2);
        } catch (GeneralSecurityException e3) {
            throw new SslConfigException("cannot load ssl private key file [" + this.key.toAbsolutePath() + "]", e3);
        }
    }

    private List<Certificate> getCertificates() {
        try {
            return PemUtils.readCertificates(Collections.singleton(this.certificate));
        } catch (FileNotFoundException | NoSuchFileException e) {
            throw new SslConfigException("the configured ssl certificate file [" + this.certificate.toAbsolutePath() + "] does not exist", e);
        } catch (IOException e2) {
            throw new SslConfigException("the configured ssl certificate file [" + this.certificate.toAbsolutePath() + "] cannot be read", e2);
        } catch (GeneralSecurityException e3) {
            throw new SslConfigException("cannot load ssl certificate from [" + this.certificate.toAbsolutePath() + "]", e3);
        }
    }

    public String toString() {
        return "PEM-key-config{cert=" + this.certificate.toAbsolutePath() + " key=" + this.key.toAbsolutePath() + "}";
    }

    public boolean equals(Object obj) {
        if (this == obj) {
            return true;
        }
        if (obj == null || getClass() != obj.getClass()) {
            return false;
        }
        PemKeyConfig pemKeyConfig = (PemKeyConfig) obj;
        return Objects.equals(this.certificate, pemKeyConfig.certificate) && Objects.equals(this.key, pemKeyConfig.key) && Arrays.equals(this.keyPassword, pemKeyConfig.keyPassword);
    }

    public int hashCode() {
        return (31 * Objects.hash(this.certificate, this.key)) + Arrays.hashCode(this.keyPassword);
    }
}
