package shadow.org.elasticsearch.xpack.sql.client;

import java.io.IOException;
import java.io.InputStream;
import java.net.URI;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.Paths;
import java.nio.file.StandardOpenOption;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.util.Arrays;
import java.util.LinkedHashSet;
import java.util.Objects;
import java.util.Properties;
import java.util.Set;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;

/* loaded from: input_file:shadow/org/elasticsearch/xpack/sql/client/SslConfig.class */
public class SslConfig {
    private static final String SSL_DEFAULT = "false";
    private static final String SSL_PROTOCOL_DEFAULT = "TLS";
    private static final String SSL_KEYSTORE_LOCATION_DEFAULT = "";
    private static final String SSL_KEYSTORE_PASS_DEFAULT = "";
    private static final String SSL_KEYSTORE_TYPE_DEFAULT = "JKS";
    private static final String SSL_TRUSTSTORE_LOCATION_DEFAULT = "";
    private static final String SSL_TRUSTSTORE_PASS_DEFAULT = "";
    private static final String SSL_TRUSTSTORE_TYPE_DEFAULT = "JKS";
    private final boolean enabled;
    private final String protocol;
    private final String keystoreLocation;
    private final String keystorePass;
    private final String keystoreType;
    private final String truststoreLocation;
    private final String truststorePass;
    private final String truststoreType;
    private final SSLContext sslContext;
    public static final String SSL = "ssl";
    public static final String SSL_PROTOCOL = "ssl.protocol";
    public static final String SSL_KEYSTORE_LOCATION = "ssl.keystore.location";
    public static final String SSL_KEYSTORE_PASS = "ssl.keystore.pass";
    public static final String SSL_KEYSTORE_TYPE = "ssl.keystore.type";
    public static final String SSL_TRUSTSTORE_LOCATION = "ssl.truststore.location";
    public static final String SSL_TRUSTSTORE_PASS = "ssl.truststore.pass";
    public static final String SSL_TRUSTSTORE_TYPE = "ssl.truststore.type";
    static final Set<String> OPTION_NAMES = new LinkedHashSet(Arrays.asList(SSL, SSL_PROTOCOL, SSL_KEYSTORE_LOCATION, SSL_KEYSTORE_PASS, SSL_KEYSTORE_TYPE, SSL_TRUSTSTORE_LOCATION, SSL_TRUSTSTORE_PASS, SSL_TRUSTSTORE_TYPE));

    public SslConfig(Properties properties, URI uri) {
        boolean z = uri.getScheme() != null;
        boolean z2 = properties.getProperty(SSL) != null;
        boolean equals = "https".equals(uri.getScheme());
        if (!z2 && !z) {
            this.enabled = StringUtils.parseBoolean("false");
        } else {
            if (z2 && equals && !StringUtils.parseBoolean(properties.getProperty(SSL))) {
                throw new ClientException("Cannot enable SSL: HTTPS protocol being used in the URL and SSL disabled in properties");
            }
            this.enabled = equals || StringUtils.parseBoolean(properties.getProperty(SSL, "false"));
        }
        this.protocol = properties.getProperty(SSL_PROTOCOL, SSL_PROTOCOL_DEFAULT);
        this.keystoreLocation = properties.getProperty(SSL_KEYSTORE_LOCATION, "");
        this.keystorePass = properties.getProperty(SSL_KEYSTORE_PASS, "");
        this.keystoreType = properties.getProperty(SSL_KEYSTORE_TYPE, "JKS");
        this.truststoreLocation = properties.getProperty(SSL_TRUSTSTORE_LOCATION, "");
        this.truststorePass = properties.getProperty(SSL_TRUSTSTORE_PASS, "");
        this.truststoreType = properties.getProperty(SSL_TRUSTSTORE_TYPE, "JKS");
        this.sslContext = this.enabled ? createSSLContext() : null;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean isEnabled() {
        return this.enabled;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SSLSocketFactory sslSocketFactory() {
        return this.sslContext.getSocketFactory();
    }

    private SSLContext createSSLContext() {
        try {
            SSLContext sSLContext = SSLContext.getInstance(this.protocol);
            sSLContext.init(loadKeyManagers(), loadTrustManagers(), null);
            return sSLContext;
        } catch (Exception e) {
            throw new ClientException("Failed to initialize SSL - " + e.getMessage(), e);
        }
    }

    private KeyManager[] loadKeyManagers() throws GeneralSecurityException, IOException {
        if (!StringUtils.hasText(this.keystoreLocation)) {
            return null;
        }
        char[] charArray = StringUtils.hasText(this.keystorePass) ? this.keystorePass.trim().toCharArray() : null;
        KeyStore loadKeyStore = loadKeyStore(this.keystoreLocation, charArray, this.keystoreType);
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        keyManagerFactory.init(loadKeyStore, charArray);
        return keyManagerFactory.getKeyManagers();
    }

    private static KeyStore loadKeyStore(String str, char[] cArr, String str2) throws GeneralSecurityException, IOException {
        KeyStore keyStore = KeyStore.getInstance(str2);
        if (!Files.exists(Paths.get(str, new String[0]), new LinkOption[0])) {
            throw new ClientException("Expected to find keystore file at [" + str + "] but was unable to. Make sure you have specified a valid URI.");
        }
        try {
            InputStream newInputStream = Files.newInputStream(Paths.get(str, new String[0]), StandardOpenOption.READ);
            try {
                keyStore.load(newInputStream, cArr);
                if (newInputStream != null) {
                    newInputStream.close();
                }
                return keyStore;
            } catch (Throwable th) {
                if (newInputStream != null) {
                    try {
                        newInputStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
                throw th;
            }
        } catch (Exception e) {
            throw new ClientException("Cannot open keystore [" + str + "] - " + e.getMessage(), e);
        }
    }

    private TrustManager[] loadTrustManagers() throws GeneralSecurityException, IOException {
        KeyStore keyStore = null;
        if (StringUtils.hasText(this.truststoreLocation)) {
            keyStore = loadKeyStore(this.truststoreLocation, StringUtils.hasText(this.truststorePass) ? this.truststorePass.trim().toCharArray() : null, this.truststoreType);
        }
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(keyStore);
        return trustManagerFactory.getTrustManagers();
    }

    public boolean equals(Object obj) {
        if (this == obj) {
            return true;
        }
        if (obj == null || getClass() != obj.getClass()) {
            return false;
        }
        SslConfig sslConfig = (SslConfig) obj;
        return Objects.equals(Boolean.valueOf(this.enabled), Boolean.valueOf(sslConfig.enabled)) && Objects.equals(this.protocol, sslConfig.protocol) && Objects.equals(this.keystoreLocation, sslConfig.keystoreLocation) && Objects.equals(this.keystorePass, sslConfig.keystorePass) && Objects.equals(this.keystoreType, sslConfig.keystoreType) && Objects.equals(this.truststoreLocation, sslConfig.truststoreLocation) && Objects.equals(this.truststorePass, sslConfig.truststorePass) && Objects.equals(this.truststoreType, sslConfig.truststoreType);
    }

    public int hashCode() {
        return getClass().hashCode();
    }
}
