package com.floragunn.searchguard.test.helper.certificate;

import com.floragunn.searchguard.test.helper.certificate.utils.CertificateAndPrivateKeyWriter;
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.jce.provider.BouncyCastleProvider;

/* loaded from: input_file:com/floragunn/searchguard/test/helper/certificate/TestCertificate.class */
public class TestCertificate {
    private static final Provider DEFAULT_SECURITY_PROVIDER = new BouncyCastleProvider();
    private final X509CertificateHolder certificate;
    private final KeyPair keyPair;
    private final String privateKeyPassword;
    private final File certificateFile;
    private final File privateKeyFile;
    private final CertificateType certificateType;
    private final File directory;
    private String certificateString;
    private File jksFile;

    public TestCertificate(X509CertificateHolder x509CertificateHolder, KeyPair keyPair, String str, CertificateType certificateType, File file) {
        this.certificate = x509CertificateHolder;
        this.keyPair = keyPair;
        this.privateKeyPassword = str;
        this.certificateType = certificateType;
        this.directory = file;
        switch (certificateType) {
            case ca:
                this.certificateFile = new File(file, "ca.pem");
                this.privateKeyFile = new File(file, "ca-key.pem");
                break;
            case admin_client:
                this.certificateFile = new File(file, String.format("admin-client-%s.pem", x509CertificateHolder.getSubject()));
                this.privateKeyFile = new File(file, String.format("admin-client-%s-key.pem", x509CertificateHolder.getSubject()));
                break;
            case client:
                this.certificateFile = new File(file, String.format("client-%s.pem", x509CertificateHolder.getSubject()));
                this.privateKeyFile = new File(file, String.format("client-%s-key.pem", x509CertificateHolder.getSubject()));
                break;
            case node_rest:
                this.certificateFile = new File(file, String.format("node-%s-rest.pem", x509CertificateHolder.getSubject()));
                this.privateKeyFile = new File(file, String.format("node-%s-rest-key.pem", x509CertificateHolder.getSubject()));
                break;
            case node_transport:
                this.certificateFile = new File(file, String.format("node-%s-transport.pem", x509CertificateHolder.getSubject()));
                this.privateKeyFile = new File(file, String.format("node-%s-transport-key.pem", x509CertificateHolder.getSubject()));
                break;
            case node_transport_rest:
                this.certificateFile = new File(file, String.format("node-%s-transport-rest.pem", x509CertificateHolder.getSubject()));
                this.privateKeyFile = new File(file, String.format("node-%s-transport-rest-key.pem", x509CertificateHolder.getSubject()));
                break;
            case other:
                this.certificateFile = new File(file, String.format("cert-%s.pem", x509CertificateHolder.getSubject()));
                this.privateKeyFile = new File(file, String.format("cert-%s-key.pem", x509CertificateHolder.getSubject()));
                break;
            default:
                throw new RuntimeException("Not supported");
        }
        this.certificateString = CertificateAndPrivateKeyWriter.writeCertificate(x509CertificateHolder);
        CertificateAndPrivateKeyWriter.saveCertificate(this.certificateFile, x509CertificateHolder);
        CertificateAndPrivateKeyWriter.savePrivateKey(this.privateKeyFile, keyPair.getPrivate(), str);
    }

    public X509CertificateHolder getCertificate() {
        return this.certificate;
    }

    public KeyPair getKeyPair() {
        return this.keyPair;
    }

    public String getPrivateKeyPassword() {
        return this.privateKeyPassword;
    }

    public File getCertificateFile() {
        return this.certificateFile;
    }

    public String getCertificateString() {
        return this.certificateString;
    }

    public File getPrivateKeyFile() {
        return this.privateKeyFile;
    }

    public CertificateType getCertificateType() {
        return this.certificateType;
    }

    public File getJksFile() {
        if (this.jksFile == null) {
            this.jksFile = saveAsJksFile();
        }
        return this.jksFile;
    }

    public TestCertificate at(File file) {
        return new TestCertificate(this.certificate, this.keyPair, this.privateKeyPassword, this.certificateType, file);
    }

    private File saveAsJksFile() {
        try {
            File file = new File(this.directory, String.format("cert-%s.pem", this.certificate.getSubject()));
            X509Certificate certificate = new JcaX509CertificateConverter().setProvider(DEFAULT_SECURITY_PROVIDER).getCertificate(this.certificate);
            KeyStore keyStore = KeyStore.getInstance("JKS");
            keyStore.load(null, null);
            keyStore.setKeyEntry("cert", this.keyPair.getPrivate(), this.privateKeyPassword.toCharArray(), new X509Certificate[]{certificate});
            keyStore.store(new FileOutputStream(file), this.privateKeyPassword.toCharArray());
            return file;
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            throw new RuntimeException(e);
        }
    }
}
