package org.springframework.boot.ssl.jks;

import java.io.IOException;
import java.io.InputStream;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.cert.CertificateException;
import java.util.function.Supplier;
import org.springframework.boot.ssl.SslStoreBundle;
import org.springframework.util.Assert;
import org.springframework.util.ResourceUtils;
import org.springframework.util.StringUtils;

/* loaded from: input_file:WEB-INF/lib/spring-boot-3.2.0-M3.jar:org/springframework/boot/ssl/jks/JksSslStoreBundle.class */
public class JksSslStoreBundle implements SslStoreBundle {
    private final JksSslStoreDetails keyStoreDetails;
    private final KeyStore keyStore;
    private final KeyStore trustStore;

    public JksSslStoreBundle(JksSslStoreDetails jksSslStoreDetails, JksSslStoreDetails jksSslStoreDetails2) {
        this.keyStoreDetails = jksSslStoreDetails;
        this.keyStore = createKeyStore("key", this.keyStoreDetails);
        this.trustStore = createKeyStore("trust", jksSslStoreDetails2);
    }

    @Override // org.springframework.boot.ssl.SslStoreBundle
    public KeyStore getKeyStore() {
        return this.keyStore;
    }

    @Override // org.springframework.boot.ssl.SslStoreBundle
    public String getKeyStorePassword() {
        if (this.keyStoreDetails != null) {
            return this.keyStoreDetails.password();
        }
        return null;
    }

    @Override // org.springframework.boot.ssl.SslStoreBundle
    public KeyStore getTrustStore() {
        return this.trustStore;
    }

    private KeyStore createKeyStore(String str, JksSslStoreDetails jksSslStoreDetails) {
        if (jksSslStoreDetails == null || jksSslStoreDetails.isEmpty()) {
            return null;
        }
        try {
            String defaultType = !StringUtils.hasText(jksSslStoreDetails.type()) ? KeyStore.getDefaultType() : jksSslStoreDetails.type();
            char[] charArray = jksSslStoreDetails.password() != null ? jksSslStoreDetails.password().toCharArray() : null;
            String location = jksSslStoreDetails.location();
            KeyStore keyStoreInstance = getKeyStoreInstance(defaultType, jksSslStoreDetails.provider());
            if (isHardwareKeystoreType(defaultType)) {
                loadHardwareKeyStore(keyStoreInstance, location, charArray);
            } else {
                loadKeyStore(keyStoreInstance, location, charArray);
            }
            return keyStoreInstance;
        } catch (Exception e) {
            throw new IllegalStateException("Unable to create %s store: %s".formatted(str, e.getMessage()), e);
        }
    }

    private KeyStore getKeyStoreInstance(String str, String str2) throws KeyStoreException, NoSuchProviderException {
        return !StringUtils.hasText(str2) ? KeyStore.getInstance(str) : KeyStore.getInstance(str, str2);
    }

    private boolean isHardwareKeystoreType(String str) {
        return str.equalsIgnoreCase("PKCS11");
    }

    private void loadHardwareKeyStore(KeyStore keyStore, String str, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
        Assert.state(!StringUtils.hasText(str), (Supplier<String>) () -> {
            return "Location is '%s', but must be empty or null for PKCS11 hardware key stores".formatted(str);
        });
        keyStore.load(null, cArr);
    }

    private void loadKeyStore(KeyStore keyStore, String str, char[] cArr) {
        Assert.state(StringUtils.hasText(str), (Supplier<String>) () -> {
            return "Location must not be empty or null";
        });
        try {
            InputStream openStream = ResourceUtils.getURL(str).openStream();
            try {
                keyStore.load(openStream, cArr);
                if (openStream != null) {
                    openStream.close();
                }
            } finally {
            }
        } catch (Exception e) {
            throw new IllegalStateException("Could not load store from '" + str + "'", e);
        }
    }
}
