package io.pravega.common.util;

import com.google.common.annotations.VisibleForTesting;
import io.pravega.common.Exceptions;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.Iterator;
import lombok.NonNull;

/* loaded from: input_file:io/pravega/common/util/CertificateUtils.class */
public class CertificateUtils {
    public static X509Certificate[] extractCerts(String str) throws CertificateException, IOException {
        Exceptions.checkNotNullOrEmpty(str, "certFilePath");
        FileInputStream fileInputStream = new FileInputStream(new File(str));
        Throwable th = null;
        try {
            X509Certificate[] extractCerts = extractCerts(fileInputStream);
            if (fileInputStream != null) {
                if (0 != 0) {
                    try {
                        fileInputStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                } else {
                    fileInputStream.close();
                }
            }
            return extractCerts;
        } catch (Throwable th3) {
            if (fileInputStream != null) {
                if (0 != 0) {
                    try {
                        fileInputStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    fileInputStream.close();
                }
            }
            throw th3;
        }
    }

    @VisibleForTesting
    static X509Certificate[] extractCerts(@NonNull InputStream inputStream) throws CertificateException {
        if (inputStream == null) {
            throw new NullPointerException("certificateInputStream is marked non-null but is null");
        }
        Collection<? extends Certificate> generateCertificates = CertificateFactory.getInstance("X.509").generateCertificates(inputStream);
        X509Certificate[] x509CertificateArr = new X509Certificate[generateCertificates.size()];
        int i = 0;
        Iterator<? extends Certificate> it = generateCertificates.iterator();
        while (it.hasNext()) {
            int i2 = i;
            i++;
            x509CertificateArr[i2] = (X509Certificate) it.next();
        }
        return x509CertificateArr;
    }

    public static String toString(X509Certificate[] x509CertificateArr) {
        StringBuilder sb = new StringBuilder();
        for (X509Certificate x509Certificate : x509CertificateArr) {
            sb.append(" -> {");
            sb.append("type=[" + x509Certificate.getType() + "], ");
            sb.append("subject=[" + x509Certificate.getSubjectX500Principal() + "], ");
            sb.append("issuer=[" + (x509Certificate.getIssuerDN() != null ? x509Certificate.getIssuerDN().getName() : "None") + "]");
            sb.append("}");
        }
        return sb.toString();
    }

    public static KeyStore createTrustStore(String str) throws CertificateException, IOException, KeyStoreException, NoSuchAlgorithmException {
        Exceptions.checkNotNullOrEmpty(str, "certFilePath");
        return createTrustStore(extractCerts(str));
    }

    @VisibleForTesting
    static KeyStore createTrustStore(X509Certificate[] x509CertificateArr) throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException {
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(null, null);
        int i = 0;
        for (X509Certificate x509Certificate : x509CertificateArr) {
            int i2 = i;
            i++;
            keyStore.setCertificateEntry(String.valueOf(i2), x509Certificate);
        }
        return keyStore;
    }
}
