package org.elasticsearch.common.ssl;

import java.net.Socket;
import java.security.GeneralSecurityException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.function.Supplier;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.X509ExtendedTrustManager;
import org.elasticsearch.common.ssl.SslDiagnostics;

/* loaded from: input_file:ingrid-iplug-sns-7.0.0/lib/elasticsearch-ssl-config-7.17.14.jar:org/elasticsearch/common/ssl/DiagnosticTrustManager.class */
public final class DiagnosticTrustManager extends X509ExtendedTrustManager {
    private final X509ExtendedTrustManager delegate;
    private final Supplier<String> contextName;
    private final DiagnosticLogger logger;
    private final Map<String, List<X509Certificate>> issuers;

    @FunctionalInterface
    /* loaded from: input_file:ingrid-iplug-sns-7.0.0/lib/elasticsearch-ssl-config-7.17.14.jar:org/elasticsearch/common/ssl/DiagnosticTrustManager$DiagnosticLogger.class */
    public interface DiagnosticLogger {
        void warning(String str, GeneralSecurityException generalSecurityException);
    }

    public DiagnosticTrustManager(X509ExtendedTrustManager x509ExtendedTrustManager, Supplier<String> supplier, DiagnosticLogger diagnosticLogger) {
        this.delegate = x509ExtendedTrustManager;
        this.contextName = supplier;
        this.logger = diagnosticLogger;
        this.issuers = (Map) Stream.of((Object[]) x509ExtendedTrustManager.getAcceptedIssuers()).collect(Collectors.toMap(x509Certificate -> {
            return x509Certificate.getSubjectX500Principal().getName();
        }, (v0) -> {
            return Collections.singletonList(v0);
        }, (list, list2) -> {
            ArrayList arrayList = new ArrayList(list.size() + list2.size());
            arrayList.addAll(list);
            arrayList.addAll(list2);
            return arrayList;
        }));
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str, Socket socket) throws CertificateException {
        try {
            this.delegate.checkClientTrusted(x509CertificateArr, str, socket);
        } catch (CertificateException e) {
            diagnose(e, x509CertificateArr, SslDiagnostics.PeerType.CLIENT, session(socket));
            throw e;
        }
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str, Socket socket) throws CertificateException {
        try {
            this.delegate.checkServerTrusted(x509CertificateArr, str, socket);
        } catch (CertificateException e) {
            diagnose(e, x509CertificateArr, SslDiagnostics.PeerType.SERVER, session(socket));
            throw e;
        }
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine) throws CertificateException {
        try {
            this.delegate.checkClientTrusted(x509CertificateArr, str, sSLEngine);
        } catch (CertificateException e) {
            diagnose(e, x509CertificateArr, SslDiagnostics.PeerType.CLIENT, session(sSLEngine));
            throw e;
        }
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine) throws CertificateException {
        try {
            this.delegate.checkServerTrusted(x509CertificateArr, str, sSLEngine);
        } catch (CertificateException e) {
            diagnose(e, x509CertificateArr, SslDiagnostics.PeerType.SERVER, session(sSLEngine));
            throw e;
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        try {
            this.delegate.checkClientTrusted(x509CertificateArr, str);
        } catch (CertificateException e) {
            diagnose(e, x509CertificateArr, SslDiagnostics.PeerType.CLIENT, null);
            throw e;
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        try {
            this.delegate.checkServerTrusted(x509CertificateArr, str);
        } catch (CertificateException e) {
            diagnose(e, x509CertificateArr, SslDiagnostics.PeerType.SERVER, null);
            throw e;
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return this.delegate.getAcceptedIssuers();
    }

    private void diagnose(CertificateException certificateException, X509Certificate[] x509CertificateArr, SslDiagnostics.PeerType peerType, SSLSession sSLSession) {
        this.logger.warning(SslDiagnostics.getTrustDiagnosticFailure(x509CertificateArr, peerType, sSLSession, this.contextName.get(), this.issuers), certificateException);
    }

    private SSLSession session(Socket socket) {
        if (!(socket instanceof SSLSocket)) {
            return null;
        }
        SSLSocket sSLSocket = (SSLSocket) socket;
        SSLSession handshakeSession = sSLSocket.getHandshakeSession();
        return handshakeSession == null ? sSLSocket.getSession() : handshakeSession;
    }

    private SSLSession session(SSLEngine sSLEngine) {
        return sSLEngine.getHandshakeSession();
    }
}
