package io.camunda.search.connect.util;

import io.camunda.search.connect.SearchClientConnectException;
import io.camunda.search.connect.configuration.SecurityConfiguration;
import java.io.BufferedInputStream;
import java.io.FileInputStream;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import javax.net.ssl.SSLContext;
import org.apache.http.conn.ssl.TrustSelfSignedStrategy;
import org.apache.http.ssl.SSLContexts;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/camunda/search/connect/util/SecurityUtil.class */
public final class SecurityUtil {
    private static final Logger LOGGER = LoggerFactory.getLogger(SecurityUtil.class);

    private SecurityUtil() {
    }

    public static SSLContext getSSLContext(SecurityConfiguration securityConfiguration, String str) throws KeyStoreException, NoSuchAlgorithmException, KeyManagementException {
        KeyStore loadCustomTrustStore = loadCustomTrustStore(securityConfiguration);
        String certificatePath = securityConfiguration.getCertificatePath();
        if (certificatePath != null) {
            setCertificateInTrustStore(loadCustomTrustStore, loadCertificateFromPath(certificatePath), str);
        }
        return loadCustomTrustStore.size() > 0 ? SSLContexts.custom().loadTrustMaterial(loadCustomTrustStore, securityConfiguration.isSelfSigned() ? new TrustSelfSignedStrategy() : null).build() : SSLContext.getDefault();
    }

    private static KeyStore loadCustomTrustStore(SecurityConfiguration securityConfiguration) {
        try {
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore.load(null);
            return keyStore;
        } catch (Exception e) {
            throw new SearchClientConnectException("Could not create certificate trustStore for the secured OpenSearch Connection!", e);
        }
    }

    private static Certificate loadCertificateFromPath(String str) {
        try {
            BufferedInputStream bufferedInputStream = new BufferedInputStream(new FileInputStream(str));
            try {
                CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
                if (bufferedInputStream.available() <= 0) {
                    throw new SearchClientConnectException("Could not load certificate from file, file is empty. File: " + str);
                }
                Certificate generateCertificate = certificateFactory.generateCertificate(bufferedInputStream);
                LOGGER.debug("Found certificate: {}", generateCertificate);
                bufferedInputStream.close();
                return generateCertificate;
            } finally {
            }
        } catch (Exception e) {
            throw new SearchClientConnectException("Could not load configured server certificate for the secured Connection!", e);
        }
    }

    public static void setCertificateInTrustStore(KeyStore keyStore, Certificate certificate, String str) {
        try {
            keyStore.setCertificateEntry(str, certificate);
        } catch (Exception e) {
            throw new SearchClientConnectException("Could not set configured server certificate in trust store!", e);
        }
    }
}
