package org.apache.nifi.security.util;

import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.Security;
import org.apache.commons.lang3.StringUtils;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/nifi-security-utils-1.9.2.jar:org/apache/nifi/security/util/KeyStoreUtils.class */
public class KeyStoreUtils {
    private static final Logger logger = LoggerFactory.getLogger(KeyStoreUtils.class);
    public static final String SUN_PROVIDER_NAME = "SUN";

    public static String getKeyStoreProvider(String str) {
        if (KeystoreType.PKCS12.toString().equalsIgnoreCase(str)) {
            return BouncyCastleProvider.PROVIDER_NAME;
        }
        if (KeystoreType.JKS.toString().equalsIgnoreCase(str)) {
            return SUN_PROVIDER_NAME;
        }
        return null;
    }

    public static KeyStore getKeyStore(String str) throws KeyStoreException {
        String keyStoreProvider = getKeyStoreProvider(str);
        if (StringUtils.isNotEmpty(keyStoreProvider)) {
            try {
                return KeyStore.getInstance(str, keyStoreProvider);
            } catch (Exception e) {
                logger.error("Unable to load " + keyStoreProvider + StringUtils.SPACE + str + " keystore.  This may cause issues getting trusted CA certificates as well as Certificate Chains for use in TLS.", e);
            }
        }
        return KeyStore.getInstance(str);
    }

    public static KeyStore getTrustStore(String str) throws KeyStoreException {
        if (KeystoreType.PKCS12.toString().equalsIgnoreCase(str)) {
            logger.warn(str + " truststores are deprecated.  " + KeystoreType.JKS.toString() + " is preferred.");
        }
        return getKeyStore(str);
    }

    static {
        Security.addProvider(new BouncyCastleProvider());
    }
}
