package com.floragunn.searchguard.ssl.util.config;

import com.floragunn.searchguard.support.PemKeyReader;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.nio.file.Path;
import java.security.KeyStore;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;

/* loaded from: input_file:com/floragunn/searchguard/ssl/util/config/TrustStore.class */
public class TrustStore {
    private KeyStore keyStore;
    private char[] keyPassword;
    private String keyAlias;

    /* loaded from: input_file:com/floragunn/searchguard/ssl/util/config/TrustStore$Builder.class */
    public static class Builder {
        private X509Certificate[] certificates;
        private KeyStore keyStore;

        public Builder certPem(File file) throws GenericSSLConfigException {
            try {
                try {
                    FileInputStream fileInputStream = new FileInputStream(file);
                    try {
                        Builder certPem = certPem(fileInputStream);
                        fileInputStream.close();
                        return certPem;
                    } catch (Throwable th) {
                        try {
                            fileInputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                        throw th;
                    }
                } catch (IOException | CertificateException e) {
                    throw new GenericSSLConfigException("Error while reading certificate file " + file, e);
                }
            } catch (FileNotFoundException e2) {
                throw new GenericSSLConfigException("Could not find certificate file " + file, e2);
            }
        }

        public Builder certPem(Path path) throws GenericSSLConfigException {
            return certPem(path.toFile());
        }

        public Builder certPem(InputStream inputStream) throws CertificateException {
            this.certificates = PemKeyReader.loadCertificatesFromStream(inputStream);
            return this;
        }

        public Builder jks(File file, String str) throws GenericSSLConfigException {
            return keyStore(file, str, "JKS");
        }

        public Builder pkcs12(File file, String str) throws GenericSSLConfigException {
            return keyStore(file, str, "PKCS12");
        }

        public Builder keyStore(File file, String str) throws GenericSSLConfigException {
            return keyStore(file, str, null);
        }

        public Builder keyStore(File file, String str, String str2) throws GenericSSLConfigException {
            if (str2 == null) {
                try {
                    String name = file.getName();
                    if (name.endsWith(".jks")) {
                        str2 = "JKS";
                    } else {
                        if (!name.endsWith(".pfx") && !name.endsWith(".p12")) {
                            throw new IllegalArgumentException("Unknwon file type: " + name);
                        }
                        str2 = "PKCS12";
                    }
                } catch (Exception e) {
                    throw new GenericSSLConfigException("Error loading client auth key store from " + file, e);
                }
            }
            this.keyStore = KeyStore.getInstance(str2.toUpperCase());
            this.keyStore.load(new FileInputStream(file), str == null ? null : str.toCharArray());
            return this;
        }

        public TrustStore build() throws GenericSSLConfigException {
            try {
                TrustStore trustStore = new TrustStore();
                if (this.keyStore != null) {
                    trustStore.keyStore = this.keyStore;
                } else {
                    if (this.certificates == null) {
                        throw new IllegalStateException("Builder not completely initialized: " + this);
                    }
                    trustStore.keyStore = PemKeyReader.toTruststore("al", this.certificates);
                }
                return trustStore;
            } catch (Exception e) {
                throw new GenericSSLConfigException("Error initializing client auth credentials", e);
            }
        }
    }

    public static Builder from() {
        return new Builder();
    }

    public KeyStore getKeyStore() {
        return this.keyStore;
    }

    public char[] getKeyPassword() {
        return this.keyPassword;
    }

    public String getKeyAlias() {
        return this.keyAlias;
    }
}
