package no.digipost.security.keystore;

import java.io.IOException;
import java.io.InputStream;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.LinkedHashMap;
import java.util.Map;
import java.util.Optional;
import java.util.function.Function;
import java.util.stream.Stream;
import no.digipost.security.DigipostSecurityException;

/* loaded from: input_file:no/digipost/security/keystore/KeyStoreBuilder.class */
public final class KeyStoreBuilder {
    public static final Function<? super X509Certificate, String> DEFAULT_ALIAS_CREATOR = x509Certificate -> {
        return x509Certificate.getSubjectX500Principal().getName() + "-" + x509Certificate.getSerialNumber() + "-" + x509Certificate.getIssuerX500Principal().getName();
    };
    private final KeyStoreType type;
    private final Map<String, X509Certificate> certificates = new LinkedHashMap();
    private String keyStoreClasspathResourceName;
    private InputStream keyStoreStream;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:no/digipost/security/keystore/KeyStoreBuilder$KeyStoreInitializer.class */
    public interface KeyStoreInitializer {
        void apply(KeyStore keyStore, Optional<InputStream> optional) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException;
    }

    public KeyStoreBuilder(KeyStoreType keyStoreType) {
        this.type = keyStoreType;
    }

    public KeyStoreBuilder containing(X509Certificate x509Certificate) {
        return containing(Stream.of(x509Certificate));
    }

    public KeyStoreBuilder containing(X509Certificate x509Certificate, String str) {
        return containing(Stream.of(x509Certificate), x509Certificate2 -> {
            return str;
        });
    }

    public KeyStoreBuilder containing(Collection<X509Certificate> collection) {
        return containing(collection.stream());
    }

    public KeyStoreBuilder containing(Stream<X509Certificate> stream) {
        return containing(stream, DEFAULT_ALIAS_CREATOR);
    }

    public KeyStoreBuilder containing(Stream<X509Certificate> stream, Function<? super X509Certificate, String> function) {
        stream.forEach(x509Certificate -> {
            String str = (String) function.apply(x509Certificate);
            this.certificates.merge(str, x509Certificate, (x509Certificate, x509Certificate2) -> {
                throw new DuplicateAlias(str, x509Certificate, x509Certificate2);
            });
        });
        return this;
    }

    public KeyStoreBuilder loadFromClasspath(String str) {
        if (str == null) {
            throw new IllegalArgumentException("Classpath resource name is null");
        }
        this.keyStoreClasspathResourceName = str.replaceFirst("^/(?=.+)", "");
        this.keyStoreStream = null;
        return this;
    }

    public KeyStoreBuilder loadFrom(InputStream inputStream) {
        if (inputStream == null) {
            throw new IllegalArgumentException("Key store InputStream is null. Please specify a stream with data.");
        }
        this.keyStoreStream = inputStream;
        this.keyStoreClasspathResourceName = null;
        return this;
    }

    public KeyStore withNoPassword() {
        return withPassword((char[]) null);
    }

    public KeyStore withPassword(String str) {
        return withPassword(str == null ? null : str.toCharArray());
    }

    public KeyStore withPassword(char[] cArr) {
        KeyStore initNewKeyStore = initNewKeyStore((keyStore, optional) -> {
            keyStore.load((InputStream) optional.orElse(null), cArr);
        });
        if (!this.certificates.isEmpty()) {
            try {
                for (Map.Entry<String, X509Certificate> entry : this.certificates.entrySet()) {
                    String key = entry.getKey();
                    if (initNewKeyStore.isCertificateEntry(key)) {
                        throw new DuplicateAlias(key, initNewKeyStore.getCertificate(key), entry.getValue());
                    }
                    initNewKeyStore.setCertificateEntry(key, entry.getValue());
                }
            } catch (KeyStoreException e) {
                throw new DigipostSecurityException(e);
            }
        }
        return initNewKeyStore;
    }

    private KeyStore initNewKeyStore(KeyStoreInitializer keyStoreInitializer) {
        try {
            KeyStore keyStore = KeyStore.getInstance(this.type.typeName);
            if (this.keyStoreClasspathResourceName != null) {
                InputStream resourceAsStream = KeyStoreBuilder.class.getClassLoader().getResourceAsStream(this.keyStoreClasspathResourceName);
                try {
                    if (resourceAsStream == null) {
                        throw new IllegalArgumentException("Unable to locate " + this.keyStoreClasspathResourceName + " on classpath");
                    }
                    keyStoreInitializer.apply(keyStore, Optional.of(resourceAsStream));
                    if (resourceAsStream != null) {
                        resourceAsStream.close();
                    }
                } finally {
                }
            } else {
                keyStoreInitializer.apply(keyStore, Optional.ofNullable(this.keyStoreStream));
            }
            return keyStore;
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            throw new DigipostSecurityException("Unable to load key store instance of type " + this + ", because " + e.getClass().getSimpleName() + ": '" + e.getMessage() + "'", e);
        }
    }
}
