package org.apache.nifi.toolkit.tls.service.client;

import com.fasterxml.jackson.databind.ObjectMapper;
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.security.KeyPair;
import java.security.cert.X509Certificate;
import org.apache.nifi.toolkit.tls.configuration.TlsClientConfig;
import org.apache.nifi.toolkit.tls.manager.TlsClientManager;
import org.apache.nifi.toolkit.tls.manager.writer.JsonConfigurationWriter;
import org.apache.nifi.toolkit.tls.standalone.TlsToolkitStandalone;
import org.apache.nifi.toolkit.tls.util.OutputStreamFactory;
import org.apache.nifi.toolkit.tls.util.TlsHelper;
import org.apache.nifi.util.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/nifi/toolkit/tls/service/client/TlsCertificateAuthorityClient.class */
public class TlsCertificateAuthorityClient {
    private final Logger logger;
    private final OutputStreamFactory outputStreamFactory;

    public TlsCertificateAuthorityClient() {
        this(FileOutputStream::new);
    }

    public TlsCertificateAuthorityClient(OutputStreamFactory outputStreamFactory) {
        this.logger = LoggerFactory.getLogger(TlsCertificateAuthorityClient.class);
        this.outputStreamFactory = outputStreamFactory;
    }

    public void generateCertificateAndGetItSigned(TlsClientConfig tlsClientConfig, String str, String str2, boolean z) throws Exception {
        try {
            TlsClientManager tlsClientManager = new TlsClientManager(tlsClientConfig);
            tlsClientManager.setDifferentKeyAndKeyStorePassword(z);
            if (!StringUtils.isEmpty(str)) {
                tlsClientManager.setCertificateAuthorityDirectory(new File(str));
            }
            if (!StringUtils.isEmpty(str2)) {
                tlsClientManager.addClientConfigurationWriter(new JsonConfigurationWriter(new ObjectMapper(), new File(str2)));
            }
            if (tlsClientManager.getEntry(TlsToolkitStandalone.NIFI_KEY) == null) {
                if (this.logger.isInfoEnabled()) {
                    this.logger.info("Requesting new certificate from " + tlsClientConfig.getCaHostname() + ":" + tlsClientConfig.getPort());
                }
                KeyPair generateKeyPair = TlsHelper.generateKeyPair(tlsClientConfig.getKeyPairAlgorithm(), tlsClientConfig.getKeySize());
                X509Certificate[] perform = tlsClientConfig.createCertificateSigningRequestPerformer().perform(generateKeyPair);
                tlsClientManager.addPrivateKeyToKeyStore(generateKeyPair, TlsToolkitStandalone.NIFI_KEY, perform);
                tlsClientManager.setCertificateEntry(TlsToolkitStandalone.NIFI_CERT, perform[perform.length - 1]);
            } else if (this.logger.isInfoEnabled()) {
                this.logger.info("Already had entry for nifi-key not requesting new certificate.");
            }
            tlsClientManager.write(this.outputStreamFactory);
        } catch (IOException e) {
            this.logger.error("Unable to open existing keystore, it can be reused by specifiying both configJson and useConfigJson");
            throw e;
        }
    }
}
