package org.elasticsearch.xpack.core.ssl;

import java.io.IOException;
import java.nio.file.Path;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import java.util.Objects;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509ExtendedTrustManager;
import org.elasticsearch.ElasticsearchException;
import org.elasticsearch.common.Nullable;
import org.elasticsearch.common.settings.SecureString;
import org.elasticsearch.env.Environment;
import org.elasticsearch.xpack.core.ssl.TrustConfig;
import org.elasticsearch.xpack.core.ssl.cert.CertificateInfo;

/* loaded from: input_file:org/elasticsearch/xpack/core/ssl/DefaultJDKTrustConfig.class */
class DefaultJDKTrustConfig extends TrustConfig {
    private SecureString trustStorePassword;

    /* JADX INFO: Access modifiers changed from: package-private */
    public DefaultJDKTrustConfig(@Nullable SecureString secureString) {
        this.trustStorePassword = secureString;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // org.elasticsearch.xpack.core.ssl.TrustConfig
    public X509ExtendedTrustManager createTrustManager(@Nullable Environment environment) {
        try {
            return CertParsingUtils.trustManager(getSystemTrustStore(), TrustManagerFactory.getDefaultAlgorithm());
        } catch (Exception e) {
            throw new ElasticsearchException("failed to initialize a TrustManagerFactory", e, new Object[0]);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // org.elasticsearch.xpack.core.ssl.TrustConfig
    public Collection<CertificateInfo> certificates(Environment environment) throws GeneralSecurityException, IOException {
        return Collections.emptyList();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // org.elasticsearch.xpack.core.ssl.TrustConfig
    public List<Path> filesToMonitor(@Nullable Environment environment) {
        return Collections.emptyList();
    }

    @Override // org.elasticsearch.xpack.core.ssl.TrustConfig
    public String toString() {
        return "JDK trusted certs";
    }

    @Override // org.elasticsearch.xpack.core.ssl.TrustConfig
    public boolean equals(Object obj) {
        if (this == obj) {
            return true;
        }
        if (obj == null || getClass() != obj.getClass()) {
            return false;
        }
        return Objects.equals(this.trustStorePassword, ((DefaultJDKTrustConfig) obj).trustStorePassword);
    }

    @Override // org.elasticsearch.xpack.core.ssl.TrustConfig
    public int hashCode() {
        return Objects.hash(this.trustStorePassword);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static TrustConfig merge(TrustConfig trustConfig, SecureString secureString) {
        return trustConfig == null ? new DefaultJDKTrustConfig(secureString) : new TrustConfig.CombiningTrustConfig(Arrays.asList(new DefaultJDKTrustConfig(secureString), trustConfig));
    }

    private KeyStore getSystemTrustStore() throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException {
        if (!System.getProperty("javax.net.ssl.trustStoreType", "").equalsIgnoreCase("PKCS11") || this.trustStorePassword == null) {
            return null;
        }
        KeyStore keyStore = KeyStore.getInstance("PKCS11");
        keyStore.load(null, this.trustStorePassword.getChars());
        return keyStore;
    }
}
