package org.elasticsearch.xpack.ssl;

import java.io.BufferedReader;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.Path;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import java.util.Objects;
import javax.net.ssl.X509ExtendedKeyManager;
import javax.net.ssl.X509ExtendedTrustManager;
import org.elasticsearch.ElasticsearchException;
import org.elasticsearch.common.Nullable;
import org.elasticsearch.common.settings.SecureString;
import org.elasticsearch.env.Environment;

/* loaded from: input_file:org/elasticsearch/xpack/ssl/PEMKeyConfig.class */
class PEMKeyConfig extends KeyConfig {
    private final String keyPath;
    private final String keyPassword;
    private final String certPath;

    /* JADX INFO: Access modifiers changed from: package-private */
    public PEMKeyConfig(String str, String str2, String str3) {
        this.keyPath = (String) Objects.requireNonNull(str, "key file must be specified");
        this.keyPassword = str2;
        this.certPath = (String) Objects.requireNonNull(str3, "certificate must be specified");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // org.elasticsearch.xpack.ssl.KeyConfig
    public X509ExtendedKeyManager createKeyManager(@Nullable Environment environment) {
        try {
            PrivateKey readPrivateKey = readPrivateKey(CertUtils.resolvePath(this.keyPath, environment));
            Certificate[] readCertificates = CertUtils.readCertificates(Collections.singletonList(this.certPath), environment);
            SecureString secureString = new SecureString(this.keyPassword == null ? new char[0] : this.keyPassword.toCharArray());
            Throwable th = null;
            try {
                try {
                    X509ExtendedKeyManager keyManager = CertUtils.keyManager(readCertificates, readPrivateKey, secureString.getChars());
                    if (secureString != null) {
                        if (0 != 0) {
                            try {
                                secureString.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            secureString.close();
                        }
                    }
                    return keyManager;
                } finally {
                }
            } finally {
            }
        } catch (Exception e) {
            throw new ElasticsearchException("failed to initialize a KeyManagerFactory", e, new Object[0]);
        }
    }

    private PrivateKey readPrivateKey(Path path) throws Exception {
        BufferedReader newBufferedReader = Files.newBufferedReader(path, StandardCharsets.UTF_8);
        Throwable th = null;
        try {
            SecureString secureString = new SecureString(this.keyPassword == null ? new char[0] : this.keyPassword.toCharArray());
            Throwable th2 = null;
            try {
                try {
                    PrivateKey readPrivateKey = CertUtils.readPrivateKey(newBufferedReader, () -> {
                        if (this.keyPassword == null) {
                            return null;
                        }
                        return secureString.getChars();
                    });
                    if (secureString != null) {
                        if (0 != 0) {
                            try {
                                secureString.close();
                            } catch (Throwable th3) {
                                th2.addSuppressed(th3);
                            }
                        } else {
                            secureString.close();
                        }
                    }
                    return readPrivateKey;
                } finally {
                }
            } catch (Throwable th4) {
                if (secureString != null) {
                    if (th2 != null) {
                        try {
                            secureString.close();
                        } catch (Throwable th5) {
                            th2.addSuppressed(th5);
                        }
                    } else {
                        secureString.close();
                    }
                }
                throw th4;
            }
        } finally {
            if (newBufferedReader != null) {
                if (0 != 0) {
                    try {
                        newBufferedReader.close();
                    } catch (Throwable th6) {
                        th.addSuppressed(th6);
                    }
                } else {
                    newBufferedReader.close();
                }
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // org.elasticsearch.xpack.ssl.TrustConfig
    public X509ExtendedTrustManager createTrustManager(@Nullable Environment environment) {
        try {
            return CertUtils.trustManager(CertUtils.readCertificates(Collections.singletonList(this.certPath), environment));
        } catch (Exception e) {
            throw new ElasticsearchException("failed to initialize a TrustManagerFactory", e, new Object[0]);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // org.elasticsearch.xpack.ssl.TrustConfig
    public List<Path> filesToMonitor(@Nullable Environment environment) {
        ArrayList arrayList = new ArrayList(2);
        arrayList.add(CertUtils.resolvePath(this.keyPath, environment));
        arrayList.add(CertUtils.resolvePath(this.certPath, environment));
        return arrayList;
    }

    @Override // org.elasticsearch.xpack.ssl.TrustConfig
    public boolean equals(Object obj) {
        if (this == obj) {
            return true;
        }
        if (obj == null || getClass() != obj.getClass()) {
            return false;
        }
        PEMKeyConfig pEMKeyConfig = (PEMKeyConfig) obj;
        if (this.keyPath != null) {
            if (!this.keyPath.equals(pEMKeyConfig.keyPath)) {
                return false;
            }
        } else if (pEMKeyConfig.keyPath != null) {
            return false;
        }
        if (this.keyPassword != null) {
            if (!this.keyPassword.equals(pEMKeyConfig.keyPassword)) {
                return false;
            }
        } else if (pEMKeyConfig.keyPassword != null) {
            return false;
        }
        return this.certPath != null ? this.certPath.equals(pEMKeyConfig.certPath) : pEMKeyConfig.certPath == null;
    }

    @Override // org.elasticsearch.xpack.ssl.TrustConfig
    public int hashCode() {
        return (31 * ((31 * (this.keyPath != null ? this.keyPath.hashCode() : 0)) + (this.keyPassword != null ? this.keyPassword.hashCode() : 0))) + (this.certPath != null ? this.certPath.hashCode() : 0);
    }

    @Override // org.elasticsearch.xpack.ssl.TrustConfig
    public String toString() {
        return "keyPath=[" + this.keyPath + "], certPaths=[" + this.certPath + "]";
    }
}
