package io.camunda.zeebe.util;

import java.io.File;
import java.io.FileInputStream;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Objects;
import java.util.stream.Stream;

/* loaded from: input_file:io/camunda/zeebe/util/TlsConfigUtil.class */
public final class TlsConfigUtil {
    private TlsConfigUtil() {
    }

    public static void validateTlsConfig(File file, File file2, File file3) {
        if ((file != null || file2 != null) && file3 != null) {
            throw new IllegalArgumentException("Expected to configure with a certificate and private key pair, or with a key store and password, but both were provided. Please select only one approach");
        }
        if (file3 != null) {
            if (!file3.canRead()) {
                throw new IllegalArgumentException(String.format("Expected the configured network security keystore file '%s' to point to a readable file, but it does not", file3));
            }
        } else {
            if (file == null) {
                throw new IllegalArgumentException("Expected to have a valid certificate chain path for network security, but none configured");
            }
            if (file2 == null) {
                throw new IllegalArgumentException("Expected to have a valid private key path for network security, but none configured");
            }
            if (!file.canRead()) {
                throw new IllegalArgumentException(String.format("Expected the configured network security certificate chain path '%s' to point to a readable file, but it does not", file));
            }
            if (!file2.canRead()) {
                throw new IllegalArgumentException(String.format("Expected the configured network security private key path '%s' to point to a readable file, but it does not", file2));
            }
        }
    }

    public static PrivateKey getPrivateKey(File file, String str) throws KeyStoreException, UnrecoverableKeyException, NoSuchAlgorithmException {
        String objects = Objects.toString(str, "");
        KeyStore keyStore = getKeyStore(file, objects);
        return (PrivateKey) keyStore.getKey(keyStore.aliases().nextElement(), objects.toCharArray());
    }

    public static X509Certificate[] getCertificateChain(File file, String str) throws KeyStoreException {
        KeyStore keyStore = getKeyStore(file, Objects.toString(str, ""));
        Stream stream = Arrays.stream(keyStore.getCertificateChain(keyStore.aliases().nextElement()));
        Class<X509Certificate> cls = X509Certificate.class;
        Objects.requireNonNull(X509Certificate.class);
        return (X509Certificate[]) stream.map((v1) -> {
            return r1.cast(v1);
        }).toArray(i -> {
            return new X509Certificate[i];
        });
    }

    private static KeyStore getKeyStore(File file, String str) throws KeyStoreException {
        KeyStore keyStore = KeyStore.getInstance("PKCS12");
        try {
            keyStore.load(new FileInputStream(file), str.toCharArray());
            return keyStore;
        } catch (Exception e) {
            throw new IllegalStateException(String.format("Keystore failed to load file: %s, please ensure it is a valid PKCS12 keystore", file.toPath()), e);
        }
    }
}
