package org.elasticsearch.xpack.core.ssl;

import java.io.IOException;
import java.nio.file.Path;
import java.security.GeneralSecurityException;
import java.util.Collection;
import java.util.List;
import java.util.Objects;
import java.util.Set;
import org.elasticsearch.ElasticsearchException;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.util.CollectionUtils;
import org.elasticsearch.core.Nullable;
import org.elasticsearch.env.Environment;
import org.elasticsearch.xpack.core.ssl.cert.CertificateInfo;

/* loaded from: input_file:lib/x-pack-core-7.17.14.jar:org/elasticsearch/xpack/core/ssl/RestrictedTrustConfig.class */
public final class RestrictedTrustConfig extends TrustConfig {
    private static final String RESTRICTIONS_KEY_SUBJECT_NAME = "trust.subject_name";
    public static final String SAN_OTHER_COMMON = "subjectAltName.otherName.commonName";
    public static final String SAN_DNS = "subjectAltName.dnsName";
    static final Set<String> SUPPORTED_X_509_FIELDS = org.elasticsearch.core.Set.of(SAN_OTHER_COMMON, SAN_DNS);
    private final String groupConfigPath;
    private final TrustConfig delegate;
    private final Set<String> configuredX509Fields;

    /* JADX INFO: Access modifiers changed from: package-private */
    public RestrictedTrustConfig(String str, Set<String> set, TrustConfig trustConfig) {
        this.configuredX509Fields = set;
        this.groupConfigPath = (String) Objects.requireNonNull(str);
        this.delegate = (TrustConfig) Objects.requireNonNull(trustConfig);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // org.elasticsearch.xpack.core.ssl.TrustConfig
    public RestrictedTrustManager createTrustManager(@Nullable Environment environment) {
        try {
            return new RestrictedTrustManager(this.delegate.createTrustManager(environment), readTrustGroup(resolveGroupConfigPath(environment)), this.configuredX509Fields);
        } catch (IOException e) {
            throw new ElasticsearchException("failed to initialize TrustManager for {}", e, toString());
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // org.elasticsearch.xpack.core.ssl.TrustConfig
    public Collection<CertificateInfo> certificates(Environment environment) throws GeneralSecurityException, IOException {
        return this.delegate.certificates(environment);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // org.elasticsearch.xpack.core.ssl.TrustConfig
    public List<Path> filesToMonitor(@Nullable Environment environment) {
        return CollectionUtils.appendToCopy(this.delegate.filesToMonitor(environment), resolveGroupConfigPath(environment));
    }

    @Override // org.elasticsearch.xpack.core.ssl.TrustConfig
    public String toString() {
        return "restrictedTrust=[" + this.groupConfigPath + ']';
    }

    @Override // org.elasticsearch.xpack.core.ssl.TrustConfig
    public boolean equals(Object obj) {
        if (this == obj) {
            return true;
        }
        if (obj == null || getClass() != obj.getClass()) {
            return false;
        }
        RestrictedTrustConfig restrictedTrustConfig = (RestrictedTrustConfig) obj;
        return this.groupConfigPath.equals(restrictedTrustConfig.groupConfigPath) && this.delegate.equals(restrictedTrustConfig.delegate);
    }

    @Override // org.elasticsearch.xpack.core.ssl.TrustConfig
    public int hashCode() {
        return (31 * this.groupConfigPath.hashCode()) + this.delegate.hashCode();
    }

    private Path resolveGroupConfigPath(@Nullable Environment environment) {
        return CertParsingUtils.resolvePath(this.groupConfigPath, environment);
    }

    private CertificateTrustRestrictions readTrustGroup(Path path) throws IOException {
        return new CertificateTrustRestrictions(Settings.builder().loadFromPath(path).build().getAsList(RESTRICTIONS_KEY_SUBJECT_NAME));
    }
}
