package org.elasticsearch.xpack.core.ssl;

import java.io.IOException;
import java.nio.file.Path;
import java.security.GeneralSecurityException;
import java.util.ArrayList;
import java.util.List;
import org.elasticsearch.common.Nullable;
import org.elasticsearch.common.settings.Setting;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.env.Environment;
import org.elasticsearch.xpack.core.XPackSettings;
import org.elasticsearch.xpack.core.ssl.cert.CertificateInfo;

/* loaded from: input_file:lib/x-pack-core-7.9.0.jar:org/elasticsearch/xpack/core/ssl/SSLConfiguration.class */
public final class SSLConfiguration {
    static final SSLConfigurationSettings SETTINGS_PARSER = SSLConfigurationSettings.withoutPrefix();
    private final KeyConfig keyConfig;
    private final TrustConfig trustConfig;
    private final List<String> ciphers;
    private final List<String> supportedProtocols;
    private final SSLClientAuth sslClientAuth;
    private final VerificationMode verificationMode;
    private final boolean explicitlyConfigured;

    /* JADX INFO: Access modifiers changed from: package-private */
    public SSLConfiguration(Settings settings) {
        this.keyConfig = createKeyConfig(settings);
        this.trustConfig = createTrustConfig(settings, this.keyConfig);
        this.ciphers = getListOrDefault(SETTINGS_PARSER.ciphers, settings, XPackSettings.DEFAULT_CIPHERS);
        this.supportedProtocols = getListOrDefault(SETTINGS_PARSER.supportedProtocols, settings, XPackSettings.DEFAULT_SUPPORTED_PROTOCOLS);
        this.sslClientAuth = SETTINGS_PARSER.clientAuth.get(settings).orElse(XPackSettings.CLIENT_AUTH_DEFAULT);
        this.verificationMode = SETTINGS_PARSER.verificationMode.get(settings).orElse(XPackSettings.VERIFICATION_MODE_DEFAULT);
        this.explicitlyConfigured = !settings.isEmpty();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public KeyConfig keyConfig() {
        return this.keyConfig;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public TrustConfig trustConfig() {
        return this.trustConfig;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public List<String> cipherSuites() {
        return this.ciphers;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public List<String> supportedProtocols() {
        return this.supportedProtocols;
    }

    public VerificationMode verificationMode() {
        return this.verificationMode;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SSLClientAuth sslClientAuth() {
        return this.sslClientAuth;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public List<Path> filesToMonitor(@Nullable Environment environment) {
        if (keyConfig() == trustConfig()) {
            return keyConfig().filesToMonitor(environment);
        }
        ArrayList arrayList = new ArrayList(keyConfig().filesToMonitor(environment));
        arrayList.addAll(trustConfig().filesToMonitor(environment));
        return arrayList;
    }

    public boolean isExplicitlyConfigured() {
        return this.explicitlyConfigured;
    }

    public String toString() {
        return "SSLConfiguration{keyConfig=[" + this.keyConfig + "], trustConfig=" + this.trustConfig + "], cipherSuites=[" + this.ciphers + "], supportedProtocols=[" + this.supportedProtocols + "], sslClientAuth=[" + this.sslClientAuth + "], verificationMode=[" + this.verificationMode + "]}";
    }

    public boolean equals(Object obj) {
        if (this == obj) {
            return true;
        }
        if (!(obj instanceof SSLConfiguration)) {
            return false;
        }
        SSLConfiguration sSLConfiguration = (SSLConfiguration) obj;
        if (keyConfig() != null) {
            if (!keyConfig().equals(sSLConfiguration.keyConfig())) {
                return false;
            }
        } else if (sSLConfiguration.keyConfig() != null) {
            return false;
        }
        if (trustConfig() != null) {
            if (!trustConfig().equals(sSLConfiguration.trustConfig())) {
                return false;
            }
        } else if (sSLConfiguration.trustConfig() != null) {
            return false;
        }
        if (cipherSuites() != null) {
            if (!cipherSuites().equals(sSLConfiguration.cipherSuites())) {
                return false;
            }
        } else if (sSLConfiguration.cipherSuites() != null) {
            return false;
        }
        if (supportedProtocols().equals(sSLConfiguration.supportedProtocols()) && verificationMode() == sSLConfiguration.verificationMode() && sslClientAuth() == sSLConfiguration.sslClientAuth()) {
            return supportedProtocols() != null ? supportedProtocols().equals(sSLConfiguration.supportedProtocols()) : sSLConfiguration.supportedProtocols() == null;
        }
        return false;
    }

    public int hashCode() {
        return (31 * ((31 * ((31 * ((31 * ((31 * (keyConfig() != null ? keyConfig().hashCode() : 0)) + (trustConfig() != null ? trustConfig().hashCode() : 0))) + (cipherSuites() != null ? cipherSuites().hashCode() : 0))) + (supportedProtocols() != null ? supportedProtocols().hashCode() : 0))) + verificationMode().hashCode())) + sslClientAuth().hashCode();
    }

    private static KeyConfig createKeyConfig(Settings settings) {
        KeyConfig createKeyConfig = CertParsingUtils.createKeyConfig(SETTINGS_PARSER.x509KeyPair, settings, SETTINGS_PARSER.truststoreAlgorithm.get(settings));
        return createKeyConfig == null ? KeyConfig.NONE : createKeyConfig;
    }

    private static TrustConfig createTrustConfig(Settings settings, KeyConfig keyConfig) {
        TrustConfig createCertChainTrustConfig = createCertChainTrustConfig(settings, keyConfig);
        return (TrustConfig) SETTINGS_PARSER.trustRestrictionsPath.get(settings).map(str -> {
            return new RestrictedTrustConfig(str, createCertChainTrustConfig);
        }).orElse(createCertChainTrustConfig);
    }

    private static TrustConfig createCertChainTrustConfig(Settings settings, KeyConfig keyConfig) {
        String orElse = SETTINGS_PARSER.truststorePath.get(settings).orElse(null);
        String keyStoreType = SSLConfigurationSettings.getKeyStoreType(SETTINGS_PARSER.truststoreType, settings, orElse);
        List<String> listOrNull = getListOrNull(SETTINGS_PARSER.caPaths, settings);
        if (orElse != null && listOrNull != null) {
            throw new IllegalArgumentException("you cannot specify a truststore and ca files");
        }
        if (!SETTINGS_PARSER.verificationMode.get(settings).orElse(XPackSettings.VERIFICATION_MODE_DEFAULT).isCertificateVerificationEnabled()) {
            return TrustAllConfig.INSTANCE;
        }
        if (listOrNull != null) {
            return new PEMTrustConfig(listOrNull);
        }
        if (orElse != null || keyStoreType.equalsIgnoreCase("pkcs11")) {
            return new StoreTrustConfig(orElse, keyStoreType, SETTINGS_PARSER.truststorePassword.get(settings), SETTINGS_PARSER.truststoreAlgorithm.get(settings));
        }
        return keyConfig != KeyConfig.NONE ? DefaultJDKTrustConfig.merge(keyConfig, getDefaultTrustStorePassword(settings)) : new DefaultJDKTrustConfig(getDefaultTrustStorePassword(settings));
    }

    /*  JADX ERROR: JadxRuntimeException in pass: RegionMakerVisitor
        jadx.core.utils.exceptions.JadxRuntimeException: Can't find top splitter block for handler:B:20:0x0057
        	at jadx.core.utils.BlockUtils.getTopSplitterForHandler(BlockUtils.java:1166)
        	at jadx.core.dex.visitors.regions.RegionMaker.processTryCatchBlocks(RegionMaker.java:1022)
        	at jadx.core.dex.visitors.regions.RegionMakerVisitor.visit(RegionMakerVisitor.java:55)
        */
    /* JADX WARN: Unreachable blocks removed: 8, instructions: 12 */
    private static org.elasticsearch.common.settings.SecureString getDefaultTrustStorePassword(org.elasticsearch.common.settings.Settings r5) {
        /*
            java.lang.String r0 = "javax.net.ssl.trustStoreType"
            java.lang.String r1 = ""
            java.lang.String r0 = java.lang.System.getProperty(r0, r1)
            java.lang.String r1 = "PKCS11"
            boolean r0 = r0.equalsIgnoreCase(r1)
            if (r0 == 0) goto L79
            org.elasticsearch.common.settings.SecureString r0 = new org.elasticsearch.common.settings.SecureString
            r1 = r0
            java.lang.String r2 = "javax.net.ssl.trustStorePassword"
            java.lang.String r3 = ""
            java.lang.String r2 = java.lang.System.getProperty(r2, r3)
            char[] r2 = r2.toCharArray()
            r1.<init>(r2)
            r6 = r0
            r0 = r6
            int r0 = r0.length()     // Catch: java.lang.Throwable -> L69
            if (r0 != 0) goto L61
            org.elasticsearch.xpack.core.ssl.SSLConfigurationSettings r0 = org.elasticsearch.xpack.core.ssl.SSLConfiguration.SETTINGS_PARSER     // Catch: java.lang.Throwable -> L69
            org.elasticsearch.common.settings.Setting<org.elasticsearch.common.settings.SecureString> r0 = r0.truststorePassword     // Catch: java.lang.Throwable -> L69
            r1 = r5
            java.lang.Object r0 = r0.get(r1)     // Catch: java.lang.Throwable -> L69
            org.elasticsearch.common.settings.SecureString r0 = (org.elasticsearch.common.settings.SecureString) r0     // Catch: java.lang.Throwable -> L69
            r7 = r0
            r0 = r7
            r8 = r0
            r0 = r7
            if (r0 == 0) goto L45
            r0 = r7
            r0.close()     // Catch: java.lang.Throwable -> L69
        L45:
            r0 = r6
            r0.close()
            r0 = r8
            return r0
        L4b:
            r8 = move-exception
            r0 = r7
            if (r0 == 0) goto L5f
            r0 = r7
            r0.close()     // Catch: java.lang.Throwable -> L57 java.lang.Throwable -> L69
            goto L5f
        L57:
            r9 = move-exception
            r0 = r8
            r1 = r9
            r0.addSuppressed(r1)     // Catch: java.lang.Throwable -> L69
        L5f:
            r0 = r8
            throw r0     // Catch: java.lang.Throwable -> L69
        L61:
            r0 = r6
            r7 = r0
            r0 = r6
            r0.close()
            r0 = r7
            return r0
        L69:
            r7 = move-exception
            r0 = r6
            r0.close()     // Catch: java.lang.Throwable -> L71
            goto L77
        L71:
            r8 = move-exception
            r0 = r7
            r1 = r8
            r0.addSuppressed(r1)
        L77:
            r0 = r7
            throw r0
        L79:
            r0 = 0
            return r0
        */
        throw new UnsupportedOperationException("Method not decompiled: org.elasticsearch.xpack.core.ssl.SSLConfiguration.getDefaultTrustStorePassword(org.elasticsearch.common.settings.Settings):org.elasticsearch.common.settings.SecureString");
    }

    private static List<String> getListOrNull(Setting<List<String>> setting, Settings settings) {
        return getListOrDefault(setting, settings, null);
    }

    private static List<String> getListOrDefault(Setting<List<String>> setting, Settings settings, List<String> list) {
        return setting.exists(settings) ? setting.get(settings) : list;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public List<CertificateInfo> getDefinedCertificates(@Nullable Environment environment) throws GeneralSecurityException, IOException {
        ArrayList arrayList = new ArrayList();
        arrayList.addAll(this.keyConfig.certificates(environment));
        arrayList.addAll(this.trustConfig.certificates(environment));
        return arrayList;
    }
}
