package org.elasticsearch.xpack.security;

import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import org.elasticsearch.bootstrap.BootstrapCheck;
import org.elasticsearch.bootstrap.BootstrapContext;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.xpack.core.XPackSettings;
import org.elasticsearch.xpack.core.security.SecurityField;
import org.elasticsearch.xpack.core.security.authc.RealmConfig;
import org.elasticsearch.xpack.core.security.authc.RealmSettings;
import org.elasticsearch.xpack.core.ssl.SSLService;

/* loaded from: input_file:org/elasticsearch/xpack/security/PkiRealmBootstrapCheck.class */
class PkiRealmBootstrapCheck implements BootstrapCheck {
    private final SSLService sslService;

    /* JADX INFO: Access modifiers changed from: package-private */
    public PkiRealmBootstrapCheck(SSLService sSLService) {
        this.sslService = sSLService;
    }

    public BootstrapCheck.BootstrapCheckResult check(BootstrapContext bootstrapContext) {
        Settings settings = bootstrapContext.settings();
        if (!RealmSettings.getRealmSettings(settings).entrySet().stream().filter(entry -> {
            return "pki".equals(((RealmConfig.RealmIdentifier) entry.getKey()).getType());
        }).map((v0) -> {
            return v0.getValue();
        }).anyMatch(settings2 -> {
            return settings2.getAsBoolean("enabled", true).booleanValue();
        })) {
            return BootstrapCheck.BootstrapCheckResult.success();
        }
        Iterator<String> it = getSslContextNames(settings).iterator();
        while (it.hasNext()) {
            if (this.sslService.isSSLClientAuthEnabled(this.sslService.getSSLConfiguration(it.next()))) {
                return BootstrapCheck.BootstrapCheckResult.success();
            }
        }
        return BootstrapCheck.BootstrapCheckResult.failure("a PKI realm is enabled but cannot be used as neither HTTP or Transport have SSL and client authentication enabled");
    }

    private List<String> getSslContextNames(Settings settings) {
        ArrayList arrayList = new ArrayList();
        if (((Boolean) XPackSettings.HTTP_SSL_ENABLED.get(settings)).booleanValue()) {
            arrayList.add(SecurityField.setting("http.ssl"));
        }
        if (((Boolean) XPackSettings.TRANSPORT_SSL_ENABLED.get(settings)).booleanValue()) {
            arrayList.add(SecurityField.setting("transport.ssl"));
            arrayList.addAll(this.sslService.getTransportProfileContextNames());
        }
        return arrayList;
    }

    public boolean alwaysEnforce() {
        return true;
    }
}
