package com.floragunn.searchguard.ssl.util.config;

import com.floragunn.searchguard.support.PemKeyReader;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyException;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException;
import javax.crypto.NoSuchPaddingException;

/* loaded from: input_file:com/floragunn/searchguard/ssl/util/config/ClientAuthCredentials.class */
public class ClientAuthCredentials {
    private KeyStore keyStore;
    private char[] keyPassword;
    private String keyAlias;

    /* loaded from: input_file:com/floragunn/searchguard/ssl/util/config/ClientAuthCredentials$Builder.class */
    public static class Builder {
        private X509Certificate[] authenticationCertificate;
        private PrivateKey authenticationKey;
        private KeyStore keyStore;
        private String keyAlias;
        private String keyPassword;

        public Builder certPem(File file) throws GenericSSLConfigException {
            try {
                try {
                    FileInputStream fileInputStream = new FileInputStream(file);
                    try {
                        Builder certPem = certPem(fileInputStream);
                        fileInputStream.close();
                        return certPem;
                    } catch (Throwable th) {
                        try {
                            fileInputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                        throw th;
                    }
                } catch (FileNotFoundException e) {
                    throw new GenericSSLConfigException("Could not find certificate file " + file, e);
                }
            } catch (IOException | CertificateException e2) {
                throw new GenericSSLConfigException("Error while reading certificate file " + file, e2);
            }
        }

        public Builder certPem(InputStream inputStream) throws CertificateException {
            this.authenticationCertificate = PemKeyReader.loadCertificatesFromStream(inputStream);
            return this;
        }

        public Builder certKeyPem(File file, String str) throws GenericSSLConfigException {
            try {
                try {
                    FileInputStream fileInputStream = new FileInputStream(file);
                    try {
                        Builder certKeyPem = certKeyPem(fileInputStream, str);
                        fileInputStream.close();
                        return certKeyPem;
                    } catch (Throwable th) {
                        try {
                            fileInputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                        throw th;
                    }
                } catch (IOException | InvalidAlgorithmParameterException | KeyException | NoSuchAlgorithmException | InvalidKeySpecException | NoSuchPaddingException e) {
                    throw new GenericSSLConfigException("Error while reading certificate key file " + file, e);
                }
            } catch (FileNotFoundException e2) {
                throw new GenericSSLConfigException("Could not find certificate key file " + file, e2);
            }
        }

        public Builder certKeyPem(InputStream inputStream, String str) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeySpecException, InvalidAlgorithmParameterException, KeyException, IOException {
            this.authenticationKey = PemKeyReader.toPrivateKey(inputStream, str);
            return this;
        }

        public Builder jks(File file, String str, String str2) throws GenericSSLConfigException {
            return keyStore(file, str, str2, "JKS");
        }

        public Builder pkcs12(File file, String str, String str2) throws GenericSSLConfigException {
            return keyStore(file, str, str2, "PKCS12");
        }

        public Builder keyStore(File file, String str, String str2) throws GenericSSLConfigException {
            return keyStore(file, str, str2, null);
        }

        public Builder keyStore(File file, String str, String str2, String str3) throws GenericSSLConfigException {
            if (str3 == null) {
                try {
                    String name = file.getName();
                    if (name.endsWith(".jks")) {
                        str3 = "JKS";
                    } else {
                        if (!name.endsWith(".pfx") && !name.endsWith(".p12")) {
                            throw new IllegalArgumentException("Unknwon file type: " + name);
                        }
                        str3 = "PKCS12";
                    }
                } catch (Exception e) {
                    throw new GenericSSLConfigException("Error loading client auth key store from " + file, e);
                }
            }
            this.keyStore = KeyStore.getInstance(str3.toUpperCase());
            this.keyStore.load(new FileInputStream(file), str2 == null ? null : str2.toCharArray());
            this.keyAlias = str;
            this.keyPassword = str2;
            return this;
        }

        public ClientAuthCredentials build() throws GenericSSLConfigException {
            try {
                ClientAuthCredentials clientAuthCredentials = new ClientAuthCredentials();
                if (this.keyStore != null) {
                    clientAuthCredentials.keyStore = this.keyStore;
                    clientAuthCredentials.keyAlias = this.keyAlias;
                    clientAuthCredentials.keyPassword = this.keyPassword != null ? this.keyPassword.toCharArray() : null;
                } else {
                    if (this.authenticationCertificate == null || this.authenticationKey == null) {
                        throw new IllegalStateException("Builder not completely initialized: " + this);
                    }
                    clientAuthCredentials.keyPassword = PemKeyReader.randomChars(12);
                    clientAuthCredentials.keyAlias = "al";
                    clientAuthCredentials.keyStore = PemKeyReader.toKeystore(clientAuthCredentials.keyAlias, clientAuthCredentials.keyPassword, this.authenticationCertificate, this.authenticationKey);
                }
                return clientAuthCredentials;
            } catch (Exception e) {
                throw new GenericSSLConfigException("Error initializing client auth credentials", e);
            }
        }
    }

    public static Builder from() {
        return new Builder();
    }

    public KeyStore getKeyStore() {
        return this.keyStore;
    }

    public char[] getKeyPassword() {
        return this.keyPassword;
    }

    public String getKeyAlias() {
        return this.keyAlias;
    }
}
