package org.springframework.boot.ssl.pem;

import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.List;
import org.springframework.boot.ssl.SslStoreBundle;
import org.springframework.util.Assert;
import org.springframework.util.StringUtils;

/* loaded from: input_file:docker/live-ingester/alfresco-hxinsight-connector-live-ingester-0.0.2-A1-app.jar:BOOT-INF/lib/spring-boot-3.2.1.jar:org/springframework/boot/ssl/pem/PemSslStoreBundle.class */
public class PemSslStoreBundle implements SslStoreBundle {
    private static final String DEFAULT_ALIAS = "ssl";
    private final KeyStore keyStore;
    private final KeyStore trustStore;

    public PemSslStoreBundle(PemSslStoreDetails pemSslStoreDetails, PemSslStoreDetails pemSslStoreDetails2) {
        this(pemSslStoreDetails, pemSslStoreDetails2, (String) null);
    }

    @Deprecated(since = "3.2.0", forRemoval = true)
    public PemSslStoreBundle(PemSslStoreDetails pemSslStoreDetails, PemSslStoreDetails pemSslStoreDetails2, String str) {
        this.keyStore = createKeyStore("key", PemSslStore.load(pemSslStoreDetails), str);
        this.trustStore = createKeyStore("trust", PemSslStore.load(pemSslStoreDetails2), str);
    }

    public PemSslStoreBundle(PemSslStore pemSslStore, PemSslStore pemSslStore2) {
        this(pemSslStore, pemSslStore2, (String) null);
    }

    private PemSslStoreBundle(PemSslStore pemSslStore, PemSslStore pemSslStore2, String str) {
        this.keyStore = createKeyStore("key", pemSslStore, str);
        this.trustStore = createKeyStore("trust", pemSslStore2, str);
    }

    @Override // org.springframework.boot.ssl.SslStoreBundle
    public KeyStore getKeyStore() {
        return this.keyStore;
    }

    @Override // org.springframework.boot.ssl.SslStoreBundle
    public String getKeyStorePassword() {
        return null;
    }

    @Override // org.springframework.boot.ssl.SslStoreBundle
    public KeyStore getTrustStore() {
        return this.trustStore;
    }

    private static KeyStore createKeyStore(String str, PemSslStore pemSslStore, String str2) {
        if (pemSslStore == null) {
            return null;
        }
        try {
            Assert.notEmpty(pemSslStore.certificates(), "Certificates must not be empty");
            String alias = pemSslStore.alias() != null ? pemSslStore.alias() : str2;
            String str3 = alias != null ? alias : DEFAULT_ALIAS;
            KeyStore createKeyStore = createKeyStore(pemSslStore.type());
            List<X509Certificate> certificates = pemSslStore.certificates();
            PrivateKey privateKey = pemSslStore.privateKey();
            if (privateKey != null) {
                addPrivateKey(createKeyStore, privateKey, str3, pemSslStore.password(), certificates);
            } else {
                addCertificates(createKeyStore, certificates, str3);
            }
            return createKeyStore;
        } catch (Exception e) {
            throw new IllegalStateException("Unable to create %s store: %s".formatted(str, e.getMessage()), e);
        }
    }

    private static KeyStore createKeyStore(String str) throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException {
        KeyStore keyStore = KeyStore.getInstance(StringUtils.hasText(str) ? str : KeyStore.getDefaultType());
        keyStore.load(null);
        return keyStore;
    }

    private static void addPrivateKey(KeyStore keyStore, PrivateKey privateKey, String str, String str2, List<X509Certificate> list) throws KeyStoreException {
        keyStore.setKeyEntry(str, privateKey, str2 != null ? str2.toCharArray() : null, (Certificate[]) list.toArray(i -> {
            return new X509Certificate[i];
        }));
    }

    private static void addCertificates(KeyStore keyStore, List<X509Certificate> list, String str) throws KeyStoreException {
        for (int i = 0; i < list.size(); i++) {
            keyStore.setCertificateEntry(str + (list.size() == 1 ? "" : "-" + i), list.get(i));
        }
    }
}
