package org.elasticsearch.client.security;

import java.io.IOException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.Base64;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import org.elasticsearch.client.Validatable;
import org.elasticsearch.client.ValidationException;
import org.elasticsearch.xcontent.ToXContent;
import org.elasticsearch.xcontent.ToXContentObject;
import org.elasticsearch.xcontent.XContentBuilder;

/* loaded from: input_file:WEB-INF/lib/elasticsearch-rest-high-level-client-7.17.9.jar:org/elasticsearch/client/security/DelegatePkiAuthenticationRequest.class */
public final class DelegatePkiAuthenticationRequest implements Validatable, ToXContentObject {
    private final List<X509Certificate> x509CertificateChain;

    public DelegatePkiAuthenticationRequest(List<X509Certificate> list) {
        if (list == null || list.isEmpty()) {
            throw new IllegalArgumentException("certificate chain must not be empty or null");
        }
        this.x509CertificateChain = Collections.unmodifiableList(list);
    }

    @Override // org.elasticsearch.xcontent.ToXContent
    public XContentBuilder toXContent(XContentBuilder xContentBuilder, ToXContent.Params params) throws IOException {
        xContentBuilder.startObject().startArray("x509_certificate_chain");
        try {
            Iterator<X509Certificate> it = this.x509CertificateChain.iterator();
            while (it.hasNext()) {
                xContentBuilder.value(Base64.getEncoder().encodeToString(it.next().getEncoded()));
            }
            return xContentBuilder.endArray().endObject();
        } catch (CertificateEncodingException e) {
            throw new IOException(e);
        }
    }

    public List<X509Certificate> getCertificateChain() {
        return this.x509CertificateChain;
    }

    public boolean equals(Object obj) {
        if (this == obj) {
            return true;
        }
        if (obj == null || getClass() != obj.getClass()) {
            return false;
        }
        return Objects.equals(this.x509CertificateChain, ((DelegatePkiAuthenticationRequest) obj).x509CertificateChain);
    }

    public int hashCode() {
        return Objects.hash(this.x509CertificateChain);
    }

    @Override // org.elasticsearch.client.Validatable
    public Optional<ValidationException> validate() {
        ValidationException validationException = new ValidationException();
        if (false == isOrderedCertificateChain(this.x509CertificateChain)) {
            validationException.addValidationError("certificates chain must be an ordered chain");
        }
        return validationException.validationErrors().isEmpty() ? Optional.empty() : Optional.of(validationException);
    }

    private static boolean isOrderedCertificateChain(List<X509Certificate> list) {
        for (int i = 1; i < list.size(); i++) {
            if (false == list.get(i - 1).getIssuerX500Principal().equals(list.get(i).getSubjectX500Principal())) {
                return false;
            }
        }
        return true;
    }
}
