package io.confluent.tokenapi.jwt;

import io.confluent.common.security.util.PemUtils;
import java.io.IOException;
import java.io.InputStream;
import java.nio.file.DirectoryStream;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.security.KeyPair;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import java.util.Optional;
import java.util.stream.Collectors;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/confluent/tokenapi/jwt/KeyPairHandler.class */
public class KeyPairHandler {
    private static final Logger log = LoggerFactory.getLogger(KeyPairHandler.class);
    private final List<KeyPair> keyPairs;
    private final String keyPairPassphrase;

    public KeyPairHandler(Path path) {
        this.keyPairPassphrase = null;
        this.keyPairs = loadKeys(path);
    }

    public KeyPairHandler(Path path, String str) {
        this.keyPairPassphrase = str;
        this.keyPairs = loadKeys(path);
    }

    private List<KeyPair> loadKeys(Path path) {
        try {
            List<KeyPair> list = (List) getKeyPairPaths(path).stream().map(this::tryLoadKeyPair).filter((v0) -> {
                return v0.isPresent();
            }).map((v0) -> {
                return v0.get();
            }).collect(Collectors.toList());
            if (list.isEmpty()) {
                throw new IllegalStateException(String.format("No keypair(s) could be loaded from config %s with path: %s. Please check logs for more info.", JwsConfig.TOKEN_KEY_PATH_PROP, path));
            }
            return list;
        } catch (IOException e) {
            String format = String.format("Unable to load token keyPair(s) from config %s with path: %s. Please check logs for more info.", JwsConfig.TOKEN_KEY_PATH_PROP, path);
            log.error(format, e);
            throw new IllegalStateException(format, e);
        }
    }

    private List<Path> getKeyPairPaths(Path path) throws IOException {
        if (Files.isRegularFile(path, new LinkOption[0])) {
            return Collections.singletonList(path);
        }
        ArrayList arrayList = new ArrayList();
        DirectoryStream<Path> newDirectoryStream = Files.newDirectoryStream(path, "*.pem");
        arrayList.getClass();
        newDirectoryStream.forEach((v1) -> {
            r1.add(v1);
        });
        return arrayList;
    }

    private Optional<KeyPair> tryLoadKeyPair(Path path) {
        KeyPair loadKeyPair;
        try {
            InputStream newInputStream = Files.newInputStream(path, new OpenOption[0]);
            Throwable th = null;
            try {
                try {
                    if (this.keyPairPassphrase == null || this.keyPairPassphrase.isEmpty()) {
                        log.info("Loading keypair from path {} without passphrase", path);
                        loadKeyPair = PemUtils.loadKeyPair(newInputStream);
                    } else {
                        log.info("Loading keypair from path {} with a passphrase", path);
                        loadKeyPair = PemUtils.loadKeyPair(newInputStream, this.keyPairPassphrase);
                    }
                    Optional<KeyPair> of = Optional.of(loadKeyPair);
                    if (newInputStream != null) {
                        if (0 != 0) {
                            try {
                                newInputStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            newInputStream.close();
                        }
                    }
                    return of;
                } finally {
                }
            } finally {
            }
        } catch (Exception e) {
            log.error(String.format("Unable to load token keyPair from config %s with path: %s", JwsConfig.TOKEN_KEY_PATH_PROP, path), e);
            return Optional.empty();
        }
    }

    public List<KeyPair> getKeyPairs() {
        return this.keyPairs;
    }
}
