package org.sdase.commons.shared.certificates.ca;

import io.dropwizard.Configuration;
import io.dropwizard.ConfiguredBundle;
import io.dropwizard.setup.Bootstrap;
import io.dropwizard.setup.Environment;
import java.security.KeyStoreException;
import java.util.Optional;
import javax.annotation.Nullable;
import javax.net.ssl.SSLContext;
import org.apache.commons.lang3.StringUtils;
import org.sdase.commons.shared.certificates.ca.ssl.CertificateReader;
import org.sdase.commons.shared.certificates.ca.ssl.SslUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/sdase/commons/shared/certificates/ca/CaCertificatesBundle.class */
public class CaCertificatesBundle<C extends Configuration> implements ConfiguredBundle<C> {
    private static final Logger LOGGER = LoggerFactory.getLogger(CaCertificatesBundle.class);
    public static final String DEFAULT_TRUSTED_CERTIFICATES_DIR = "/var/trust/certificates";
    private final CaCertificateConfigurationProvider<C> configProvider;
    private SSLContext sslContext;
    private CertificateReader certificateReader = new CertificateReader(DEFAULT_TRUSTED_CERTIFICATES_DIR);
    private boolean isCertificateLoaded = false;

    /* loaded from: input_file:org/sdase/commons/shared/certificates/ca/CaCertificatesBundle$Builder.class */
    public static class Builder<C extends Configuration> implements InitialBuilder, FinalBuilder<C> {
        private CaCertificateConfigurationProvider<C> configProvider;

        private Builder() {
        }

        private Builder(CaCertificateConfigurationProvider<C> caCertificateConfigurationProvider) {
            this.configProvider = caCertificateConfigurationProvider;
        }

        @Override // org.sdase.commons.shared.certificates.ca.CaCertificatesBundle.InitialBuilder
        public <C1 extends Configuration> FinalBuilder<C1> withCaCertificateConfigProvider(CaCertificateConfigurationProvider<C1> caCertificateConfigurationProvider) {
            return new Builder(caCertificateConfigurationProvider);
        }

        @Override // org.sdase.commons.shared.certificates.ca.CaCertificatesBundle.FinalBuilder
        public CaCertificatesBundle<C> build() {
            return new CaCertificatesBundle<>(this.configProvider);
        }
    }

    /* loaded from: input_file:org/sdase/commons/shared/certificates/ca/CaCertificatesBundle$FinalBuilder.class */
    public interface FinalBuilder<C extends Configuration> {
        CaCertificatesBundle<C> build();
    }

    /* loaded from: input_file:org/sdase/commons/shared/certificates/ca/CaCertificatesBundle$InitialBuilder.class */
    public interface InitialBuilder {
        <C extends Configuration> FinalBuilder<C> withCaCertificateConfigProvider(CaCertificateConfigurationProvider<C> caCertificateConfigurationProvider);
    }

    public CaCertificatesBundle(CaCertificateConfigurationProvider<C> caCertificateConfigurationProvider) {
        this.configProvider = caCertificateConfigurationProvider;
    }

    public static <T extends Configuration> Builder<T> builder() {
        return new Builder<>();
    }

    public void initialize(Bootstrap<?> bootstrap) {
    }

    public void run(C c, Environment environment) throws KeyStoreException {
        CaCertificateConfiguration apply;
        String str = DEFAULT_TRUSTED_CERTIFICATES_DIR;
        if (this.configProvider != null && (apply = this.configProvider.apply(c)) != null && StringUtils.isNotBlank(apply.getCustomCaCertificateDir())) {
            str = apply.getCustomCaCertificateDir();
            this.certificateReader = new CertificateReader(str);
        }
        Optional<SSLContext> createSSLContext = createSSLContext();
        if (createSSLContext.isPresent()) {
            this.sslContext = createSSLContext.get();
            LOGGER.info("Loaded certificates from {}", str);
        } else {
            LOGGER.warn("No certificates are found in the provided directory {}", str);
        }
        this.isCertificateLoaded = true;
    }

    @Nullable
    public SSLContext getSslContext() {
        if (this.sslContext != null || this.isCertificateLoaded) {
            return this.sslContext;
        }
        throw new IllegalStateException("Could not access sslContext before Application#run(Configuration, Environment).");
    }

    private Optional<SSLContext> createSSLContext() {
        return this.certificateReader.readCertificates().map(SslUtil::createTruststoreFromPemKey).map(SslUtil::createSslContext);
    }
}
