package org.opensearch.sdk.ssl.util;

import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import org.opensearch.OpenSearchException;

/* loaded from: input_file:org/opensearch/sdk/ssl/util/CertFromKeystore.class */
public class CertFromKeystore {
    private final KeystoreProps keystoreProps;
    private final String serverKeystoreAlias;
    private final String clientKeystoreAlias;
    private PrivateKey serverKey;
    private X509Certificate[] serverCert;
    private final char[] serverKeyPassword;
    private PrivateKey clientKey;
    private X509Certificate[] clientCert;
    private final char[] clientKeyPassword;
    private X509Certificate[] loadedCerts;

    public CertFromKeystore(KeystoreProps keystoreProps, String str, String str2) throws CertificateException, NoSuchAlgorithmException, KeyStoreException, IOException, UnrecoverableKeyException {
        this.keystoreProps = keystoreProps;
        KeyStore loadKeystore = keystoreProps.loadKeystore();
        this.serverKeystoreAlias = str;
        this.serverKeyPassword = Utils.toCharArray(str2);
        this.serverCert = SSLCertificateHelper.exportServerCertChain(loadKeystore, this.serverKeystoreAlias);
        this.serverKey = SSLCertificateHelper.exportDecryptedKey(loadKeystore, this.serverKeystoreAlias, this.serverKeyPassword);
        this.clientKeystoreAlias = str;
        this.clientKeyPassword = this.serverKeyPassword;
        this.clientCert = this.serverCert;
        this.clientKey = this.serverKey;
        this.loadedCerts = this.serverCert;
        validate();
    }

    public CertFromKeystore(KeystoreProps keystoreProps, String str, String str2, String str3, String str4) throws CertificateException, NoSuchAlgorithmException, KeyStoreException, IOException, UnrecoverableKeyException {
        this.keystoreProps = keystoreProps;
        KeyStore loadKeystore = keystoreProps.loadKeystore();
        this.serverKeystoreAlias = str;
        this.serverKeyPassword = Utils.toCharArray(str3);
        this.serverCert = SSLCertificateHelper.exportServerCertChain(loadKeystore, str);
        this.serverKey = SSLCertificateHelper.exportDecryptedKey(loadKeystore, str, this.serverKeyPassword);
        this.clientKeystoreAlias = str2;
        this.clientKeyPassword = Utils.toCharArray(str4);
        this.clientCert = SSLCertificateHelper.exportServerCertChain(loadKeystore, str2);
        this.clientKey = SSLCertificateHelper.exportDecryptedKey(loadKeystore, str2, this.clientKeyPassword);
        ArrayList arrayList = new ArrayList(this.serverCert.length + this.clientCert.length);
        Collections.addAll(arrayList, this.serverCert);
        Collections.addAll(arrayList, this.clientCert);
        this.loadedCerts = (X509Certificate[]) arrayList.toArray(new X509Certificate[arrayList.size()]);
        validate();
    }

    private void validate() {
        if (this.serverKey == null) {
            throw new OpenSearchException("No key found in " + this.keystoreProps.getFilePath() + " with alias " + this.serverKeystoreAlias, new Object[0]);
        }
        if (this.serverCert == null || this.serverCert.length == 0) {
            throw new OpenSearchException("No certificates found in " + this.keystoreProps.getFilePath() + " with alias " + this.serverKeystoreAlias, new Object[0]);
        }
        if (this.clientKey == null) {
            throw new OpenSearchException("No key found in " + this.keystoreProps.getFilePath() + " with alias " + this.clientKeystoreAlias, new Object[0]);
        }
        if (this.clientCert == null || this.clientCert.length == 0) {
            throw new OpenSearchException("No certificates found in " + this.keystoreProps.getFilePath() + " with alias " + this.clientKeystoreAlias, new Object[0]);
        }
    }

    public X509Certificate[] getCerts() {
        return this.loadedCerts;
    }

    public PrivateKey getServerKey() {
        return this.serverKey;
    }

    public X509Certificate[] getServerCert() {
        return this.serverCert;
    }

    public PrivateKey getClientKey() {
        return this.clientKey;
    }

    public X509Certificate[] getClientCert() {
        return this.clientCert;
    }
}
