package com.floragunn.searchguard.tools.tlstool.tasks;

import com.floragunn.searchguard.tools.tlstool.Config;
import com.floragunn.searchguard.tools.tlstool.Context;
import com.floragunn.searchguard.tools.tlstool.ToolException;
import java.io.File;
import java.security.PrivateKey;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.bouncycastle.cert.X509CertificateHolder;

/* loaded from: input_file:com/floragunn/searchguard/tools/tlstool/tasks/LoadCa.class */
public class LoadCa extends Task {
    private static final Logger log = LogManager.getLogger((Class<?>) LoadCa.class);
    private Config.Ca.Certificate signingCertificateConfig;
    private String fileNameBase;

    public LoadCa(Context context, Config.Ca ca) throws ToolException {
        super(context);
        if (ca == null) {
            throw new ToolException("Configuration ca is required");
        }
        if (ca.getRoot() == null) {
            throw new ToolException("Configuration ca.root is required");
        }
        context.setRootCaFile(getConfiguredFile(ca.getRoot().getFile(), "root-ca.pem", "pem"));
        if (ca.getIntermediate() != null) {
            this.signingCertificateConfig = ca.getIntermediate();
            this.fileNameBase = "signing-ca";
        } else {
            this.signingCertificateConfig = ca.getRoot();
            this.fileNameBase = "root-ca";
        }
        if (this.signingCertificateConfig == null) {
            throw new ToolException("Configuration ca.intermediate is required");
        }
    }

    @Override // com.floragunn.searchguard.tools.tlstool.tasks.Task
    public void run() throws ToolException {
        File configuredFile = getConfiguredFile(this.signingCertificateConfig.getFile(), this.fileNameBase + ".key", "key");
        File configuredFile2 = getConfiguredFile(this.signingCertificateConfig.getFile(), this.fileNameBase + ".pem", "pem");
        this.ctx.setSigningPrivateKey((PrivateKey) readObjectFromPem(configuredFile, PrivateKey.class, this.signingCertificateConfig.getPkPassword()));
        this.ctx.setSigningCertificate((X509CertificateHolder) readObjectFromPem(configuredFile2, X509CertificateHolder.class));
        log.info("Using signing certificate: " + configuredFile2.getAbsolutePath());
    }
}
