package org.elasticsearch.xpack.ssl;

import java.io.IOException;
import java.nio.file.Path;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.CopyOnWriteArraySet;
import org.elasticsearch.common.component.AbstractComponent;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.env.Environment;
import org.elasticsearch.watcher.FileChangesListener;
import org.elasticsearch.watcher.FileWatcher;
import org.elasticsearch.watcher.ResourceWatcherService;

/* loaded from: input_file:org/elasticsearch/xpack/ssl/SSLConfigurationReloader.class */
public class SSLConfigurationReloader extends AbstractComponent {
    private final ConcurrentHashMap<Path, ChangeListener> pathToChangeListenerMap;
    private final Environment environment;
    private final ResourceWatcherService resourceWatcherService;
    private final SSLService sslService;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/elasticsearch/xpack/ssl/SSLConfigurationReloader$ChangeListener.class */
    public class ChangeListener implements FileChangesListener {
        private final CopyOnWriteArraySet<SSLConfiguration> sslConfigurations;

        private ChangeListener() {
            this.sslConfigurations = new CopyOnWriteArraySet<>();
        }

        /* JADX INFO: Access modifiers changed from: private */
        public void addSSLConfiguration(SSLConfiguration sSLConfiguration) {
            this.sslConfigurations.add(sSLConfiguration);
        }

        @Override // org.elasticsearch.watcher.FileChangesListener
        public void onFileCreated(Path path) {
            onFileChanged(path);
        }

        @Override // org.elasticsearch.watcher.FileChangesListener
        public void onFileDeleted(Path path) {
            onFileChanged(path);
        }

        @Override // org.elasticsearch.watcher.FileChangesListener
        public void onFileChanged(Path path) {
            boolean z = false;
            Iterator<SSLConfiguration> it = this.sslConfigurations.iterator();
            while (it.hasNext()) {
                SSLConfiguration next = it.next();
                if (next.filesToMonitor(SSLConfigurationReloader.this.environment).contains(path)) {
                    SSLConfigurationReloader.this.reloadSSLContext(next);
                    z = true;
                }
            }
            if (z) {
                SSLConfigurationReloader.this.logger.info("reloaded [{}] and updated ssl contexts using this file", path);
            }
        }
    }

    public SSLConfigurationReloader(Settings settings, Environment environment, SSLService sSLService, ResourceWatcherService resourceWatcherService) {
        super(settings);
        this.pathToChangeListenerMap = new ConcurrentHashMap<>();
        this.environment = environment;
        this.resourceWatcherService = resourceWatcherService;
        this.sslService = sSLService;
        startWatching(sSLService.getLoadedSSLConfigurations());
    }

    private void startWatching(Collection<SSLConfiguration> collection) {
        for (SSLConfiguration sSLConfiguration : collection) {
            Iterator<Path> it = directoriesToMonitor(sSLConfiguration.filesToMonitor(this.environment)).iterator();
            while (it.hasNext()) {
                this.pathToChangeListenerMap.compute(it.next(), (path, changeListener) -> {
                    if (changeListener != null) {
                        changeListener.addSSLConfiguration(sSLConfiguration);
                        return changeListener;
                    }
                    ChangeListener changeListener = new ChangeListener();
                    changeListener.addSSLConfiguration(sSLConfiguration);
                    FileWatcher fileWatcher = new FileWatcher(path);
                    fileWatcher.addListener(changeListener);
                    try {
                        this.resourceWatcherService.add(fileWatcher, ResourceWatcherService.Frequency.HIGH);
                        return changeListener;
                    } catch (IOException e) {
                        this.logger.error("failed to start watching directory [{}] for ssl configuration [{}]", path, sSLConfiguration);
                        return null;
                    }
                });
            }
        }
    }

    void reloadSSLContext(SSLConfiguration sSLConfiguration) {
        this.logger.debug("reloading ssl configuration [{}]", sSLConfiguration);
        this.sslService.sslContextHolder(sSLConfiguration).reload();
    }

    private static Set<Path> directoriesToMonitor(List<Path> list) {
        HashSet hashSet = new HashSet();
        Iterator<Path> it = list.iterator();
        while (it.hasNext()) {
            hashSet.add(it.next().getParent());
        }
        return hashSet;
    }
}
