package org.elasticsearch.common.ssl;

import java.nio.file.Path;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.UnrecoverableKeyException;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.Enumeration;
import javax.net.ssl.X509ExtendedKeyManager;

/* loaded from: input_file:ingrid-iplug-wfs-dsc-6.2.0/lib/elasticsearch-ssl-config-7.17.9.jar:org/elasticsearch/common/ssl/StoreKeyConfig.class */
public class StoreKeyConfig implements SslKeyConfig {
    private final Path path;
    private final char[] storePassword;
    private final String type;
    private final char[] keyPassword;
    private final String algorithm;

    /* JADX INFO: Access modifiers changed from: package-private */
    public StoreKeyConfig(Path path, char[] cArr, String str, char[] cArr2, String str2) {
        this.path = path;
        this.storePassword = cArr;
        this.type = str;
        this.keyPassword = cArr2;
        this.algorithm = str2;
    }

    @Override // org.elasticsearch.common.ssl.SslKeyConfig
    public Collection<Path> getDependentFiles() {
        return Collections.singleton(this.path);
    }

    @Override // org.elasticsearch.common.ssl.SslKeyConfig
    public X509ExtendedKeyManager createKeyManager() {
        try {
            KeyStore readKeyStore = KeyStoreUtil.readKeyStore(this.path, this.type, this.storePassword);
            checkKeyStore(readKeyStore);
            return KeyStoreUtil.createKeyManager(readKeyStore, this.keyPassword, this.algorithm);
        } catch (UnrecoverableKeyException e) {
            String str = "failed to load a KeyManager for keystore [" + this.path.toAbsolutePath() + "], this is usually caused by an incorrect key-password";
            if (this.keyPassword.length == 0) {
                str = str + " (no key-password was provided)";
            } else if (Arrays.equals(this.storePassword, this.keyPassword)) {
                str = str + " (we tried to access the key using the same password as the keystore)";
            }
            throw new SslConfigException(str, e);
        } catch (GeneralSecurityException e2) {
            throw new SslConfigException("failed to load a KeyManager for keystore [" + this.path + "] of type [" + this.type + "]", e2);
        }
    }

    private void checkKeyStore(KeyStore keyStore) throws KeyStoreException {
        Enumeration<String> aliases = keyStore.aliases();
        while (aliases.hasMoreElements()) {
            if (keyStore.isKeyEntry(aliases.nextElement())) {
                return;
            }
        }
        throw new SslConfigException(this.path != null ? "the keystore [" + this.path + "] does not contain a private key entry" : "the configured PKCS#11 token does not contain a private key entry");
    }
}
