package org.apache.nifi.security.ssl;

import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.List;
import java.util.ListIterator;
import java.util.Objects;

/* loaded from: input_file:org/apache/nifi/security/ssl/EphemeralKeyStoreBuilder.class */
public class EphemeralKeyStoreBuilder implements KeyStoreBuilder {
    private static final String CERTIFICATE_ALIAS = "certificate-%d";
    private static final String PRIVATE_KEY_ALIAS = "private-key-%d";
    private final List<X509Certificate> certificates = new ArrayList();
    private final List<KeyStore.PrivateKeyEntry> privateKeyEntries = new ArrayList();
    private char[] keyPassword = null;

    public EphemeralKeyStoreBuilder addCertificate(X509Certificate x509Certificate) {
        Objects.requireNonNull(x509Certificate, "Certificate required");
        this.certificates.add(x509Certificate);
        return this;
    }

    public EphemeralKeyStoreBuilder addPrivateKeyEntry(KeyStore.PrivateKeyEntry privateKeyEntry) {
        Objects.requireNonNull(privateKeyEntry, "Private Key Entry required");
        this.privateKeyEntries.add(privateKeyEntry);
        return this;
    }

    public EphemeralKeyStoreBuilder keyPassword(char[] cArr) {
        this.keyPassword = (char[]) ((char[]) Objects.requireNonNull(cArr, "Key Password required")).clone();
        return this;
    }

    @Override // org.apache.nifi.security.ssl.KeyStoreBuilder
    public KeyStore build() {
        KeyStore initializedKeyStore = getInitializedKeyStore();
        ListIterator<X509Certificate> listIterator = this.certificates.listIterator();
        while (listIterator.hasNext()) {
            String formatted = CERTIFICATE_ALIAS.formatted(Integer.valueOf(listIterator.nextIndex()));
            try {
                initializedKeyStore.setCertificateEntry(formatted, listIterator.next());
            } catch (KeyStoreException e) {
                throw new BuilderConfigurationException(String.format("Set certificate entry [%s] failed", formatted), e);
            }
        }
        ListIterator<KeyStore.PrivateKeyEntry> listIterator2 = this.privateKeyEntries.listIterator();
        while (listIterator2.hasNext()) {
            String formatted2 = PRIVATE_KEY_ALIAS.formatted(Integer.valueOf(listIterator2.nextIndex()));
            KeyStore.PrivateKeyEntry next = listIterator2.next();
            try {
                initializedKeyStore.setKeyEntry(formatted2, next.getPrivateKey(), this.keyPassword, next.getCertificateChain());
            } catch (KeyStoreException e2) {
                throw new BuilderConfigurationException(String.format("Set key entry [%s] failed", formatted2), e2);
            }
        }
        return initializedKeyStore;
    }

    private KeyStore getInitializedKeyStore() {
        String defaultType = KeyStore.getDefaultType();
        try {
            KeyStore keyStore = KeyStore.getInstance(defaultType);
            keyStore.load(null);
            return keyStore;
        } catch (Exception e) {
            throw new BuilderConfigurationException(String.format("Key Store Type [%s] initialization failed", defaultType), e);
        }
    }
}
