package org.elasticsearch.common.ssl;

import java.io.IOException;
import java.nio.file.Path;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.function.BiFunction;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509ExtendedTrustManager;
import org.elasticsearch.common.Nullable;

/* loaded from: input_file:BOOT-INF/lib/elasticsearch-ssl-config-7.12.1.jar:org/elasticsearch/common/ssl/DefaultJdkTrustConfig.class */
final class DefaultJdkTrustConfig implements SslTrustConfig {
    private final BiFunction<String, String, String> systemProperties;
    private final char[] trustStorePassword;

    /* JADX INFO: Access modifiers changed from: package-private */
    public DefaultJdkTrustConfig() {
        this(System::getProperty);
    }

    DefaultJdkTrustConfig(BiFunction<String, String, String> biFunction) {
        this(biFunction, isPkcs11Truststore(biFunction) ? getSystemTrustStorePassword(biFunction) : null);
    }

    DefaultJdkTrustConfig(BiFunction<String, String, String> biFunction, @Nullable char[] cArr) {
        this.systemProperties = biFunction;
        this.trustStorePassword = cArr;
    }

    @Override // org.elasticsearch.common.ssl.SslTrustConfig
    public X509ExtendedTrustManager createTrustManager() {
        try {
            return KeyStoreUtil.createTrustManager(getSystemTrustStore(), TrustManagerFactory.getDefaultAlgorithm());
        } catch (GeneralSecurityException e) {
            throw new SslConfigException("failed to initialize a TrustManager for the system keystore", e);
        }
    }

    private KeyStore getSystemTrustStore() {
        if (!isPkcs11Truststore(this.systemProperties) || this.trustStorePassword == null) {
            return null;
        }
        try {
            KeyStore keyStore = KeyStore.getInstance("PKCS11");
            keyStore.load(null, this.trustStorePassword);
            return keyStore;
        } catch (IOException | GeneralSecurityException e) {
            throw new SslConfigException("failed to load the system PKCS#11 truststore", e);
        }
    }

    private static boolean isPkcs11Truststore(BiFunction<String, String, String> biFunction) {
        return biFunction.apply("javax.net.ssl.trustStoreType", "").equalsIgnoreCase("PKCS11");
    }

    private static char[] getSystemTrustStorePassword(BiFunction<String, String, String> biFunction) {
        return biFunction.apply("javax.net.ssl.trustStorePassword", "").toCharArray();
    }

    @Override // org.elasticsearch.common.ssl.SslTrustConfig
    public Collection<Path> getDependentFiles() {
        return Collections.emptyList();
    }

    public String toString() {
        return "JDK-trusted-certs";
    }

    public boolean equals(Object obj) {
        if (this == obj) {
            return true;
        }
        if (obj == null || getClass() != obj.getClass()) {
            return false;
        }
        return Arrays.equals(this.trustStorePassword, ((DefaultJdkTrustConfig) obj).trustStorePassword);
    }

    public int hashCode() {
        return Arrays.hashCode(this.trustStorePassword);
    }
}
