package org.elasticsearch.xpack.security;

import java.io.IOException;
import java.io.UncheckedIOException;
import org.elasticsearch.bootstrap.BootstrapCheck;
import org.elasticsearch.bootstrap.BootstrapContext;
import org.elasticsearch.common.settings.KeyStoreWrapper;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.env.Environment;
import org.elasticsearch.xpack.core.XPackSettings;

/* loaded from: input_file:org/elasticsearch/xpack/security/FIPS140SecureSettingsBootstrapCheck.class */
public class FIPS140SecureSettingsBootstrapCheck implements BootstrapCheck {
    private final boolean fipsModeEnabled;
    private final Environment environment;

    /* JADX INFO: Access modifiers changed from: package-private */
    public FIPS140SecureSettingsBootstrapCheck(Settings settings, Environment environment) {
        this.fipsModeEnabled = ((Boolean) XPackSettings.FIPS_MODE_ENABLED.get(settings)).booleanValue();
        this.environment = environment;
    }

    public BootstrapCheck.BootstrapCheckResult check(BootstrapContext bootstrapContext) {
        if (this.fipsModeEnabled) {
            try {
                KeyStoreWrapper load = KeyStoreWrapper.load(this.environment.configFile());
                if (load != null) {
                    try {
                        if (load.getFormatVersion() < 3) {
                            BootstrapCheck.BootstrapCheckResult failure = BootstrapCheck.BootstrapCheckResult.failure("Secure settings store is not of the latest version. Please use bin/elasticsearch-keystore create to generate a new secure settings store and migrate the secure settings there.");
                            if (load != null) {
                                load.close();
                            }
                            return failure;
                        }
                    } finally {
                    }
                }
                if (load != null) {
                    load.close();
                }
            } catch (IOException e) {
                throw new UncheckedIOException(e);
            }
        }
        return BootstrapCheck.BootstrapCheckResult.success();
    }

    public boolean alwaysEnforce() {
        return this.fipsModeEnabled;
    }
}
