package org.apache.nifi.ldap.ssl;

import java.io.IOException;
import java.io.InputStream;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.nio.file.Paths;
import java.security.KeyStore;
import java.util.Map;
import java.util.Objects;
import javax.net.ssl.SSLContext;
import org.apache.nifi.authentication.exception.ProviderCreationException;
import org.apache.nifi.ldap.ProviderProperty;
import org.apache.nifi.security.ssl.StandardKeyStoreBuilder;
import org.apache.nifi.security.ssl.StandardSslContextBuilder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/nifi/ldap/ssl/StandardLdapSslContextProvider.class */
public class StandardLdapSslContextProvider implements LdapSslContextProvider {
    private static final Logger logger = LoggerFactory.getLogger(StandardLdapSslContextProvider.class);
    private static final String DEFAULT_PROTOCOL = "TLS";

    @Override // org.apache.nifi.ldap.ssl.LdapSslContextProvider
    public SSLContext createContext(Map<String, String> map) {
        Objects.requireNonNull(map, "Properties required");
        String str = map.get(ProviderProperty.TLS_PROTOCOL.getProperty());
        String str2 = (str == null || str.isBlank()) ? DEFAULT_PROTOCOL : str;
        try {
            StandardSslContextBuilder standardSslContextBuilder = new StandardSslContextBuilder();
            standardSslContextBuilder.protocol(str2);
            KeyStore trustStore = getTrustStore(map);
            if (trustStore == null) {
                logger.debug("LDAP TLS Truststore not configured");
            } else {
                standardSslContextBuilder.trustStore(trustStore);
            }
            KeyStore keyStore = getKeyStore(map);
            if (keyStore == null) {
                logger.debug("LDAP TLS Keystore not configured");
            } else {
                char[] charArray = map.get(ProviderProperty.KEYSTORE_PASSWORD.getProperty()).toCharArray();
                standardSslContextBuilder.keyStore(keyStore);
                standardSslContextBuilder.keyPassword(charArray);
            }
            return standardSslContextBuilder.build();
        } catch (Exception e) {
            throw new ProviderCreationException("Error configuring TLS for LDAP Provider", e);
        }
    }

    private KeyStore getKeyStore(Map<String, String> map) throws IOException {
        KeyStore keyStore;
        String str = map.get(ProviderProperty.KEYSTORE.getProperty());
        String str2 = map.get(ProviderProperty.KEYSTORE_PASSWORD.getProperty());
        String str3 = map.get(ProviderProperty.KEYSTORE_TYPE.getProperty());
        if (str == null || str.isBlank()) {
            keyStore = null;
        } else {
            if (str2 == null) {
                throw new ProviderCreationException("Keystore Password not configured");
            }
            StandardKeyStoreBuilder standardKeyStoreBuilder = new StandardKeyStoreBuilder();
            standardKeyStoreBuilder.type(str3);
            standardKeyStoreBuilder.password(str2.toCharArray());
            InputStream newInputStream = Files.newInputStream(Paths.get(str, new String[0]), new OpenOption[0]);
            try {
                standardKeyStoreBuilder.inputStream(newInputStream);
                keyStore = standardKeyStoreBuilder.build();
                if (newInputStream != null) {
                    newInputStream.close();
                }
            } catch (Throwable th) {
                if (newInputStream != null) {
                    try {
                        newInputStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
                throw th;
            }
        }
        return keyStore;
    }

    private KeyStore getTrustStore(Map<String, String> map) throws IOException {
        KeyStore keyStore;
        String str = map.get(ProviderProperty.TRUSTSTORE.getProperty());
        String str2 = map.get(ProviderProperty.TRUSTSTORE_PASSWORD.getProperty());
        String str3 = map.get(ProviderProperty.TRUSTSTORE_TYPE.getProperty());
        if (str == null || str.isBlank()) {
            keyStore = null;
        } else {
            if (str2 == null) {
                throw new ProviderCreationException("Truststore Password not configured");
            }
            StandardKeyStoreBuilder standardKeyStoreBuilder = new StandardKeyStoreBuilder();
            standardKeyStoreBuilder.type(str3);
            standardKeyStoreBuilder.password(str2.toCharArray());
            InputStream newInputStream = Files.newInputStream(Paths.get(str, new String[0]), new OpenOption[0]);
            try {
                standardKeyStoreBuilder.inputStream(newInputStream);
                keyStore = standardKeyStoreBuilder.build();
                if (newInputStream != null) {
                    newInputStream.close();
                }
            } catch (Throwable th) {
                if (newInputStream != null) {
                    try {
                        newInputStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
                throw th;
            }
        }
        return keyStore;
    }
}
