package org.apache.nifi.toolkit.tls.manager;

import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.KeyStore;
import org.apache.nifi.security.util.CertificateUtils;
import org.apache.nifi.toolkit.tls.configuration.TlsConfig;
import org.apache.nifi.toolkit.tls.standalone.TlsToolkitStandalone;
import org.apache.nifi.toolkit.tls.util.TlsHelper;

/* loaded from: input_file:org/apache/nifi/toolkit/tls/manager/TlsCertificateAuthorityManager.class */
public class TlsCertificateAuthorityManager extends BaseTlsManager {
    public TlsCertificateAuthorityManager(TlsConfig tlsConfig) throws GeneralSecurityException, IOException {
        super(tlsConfig);
    }

    public KeyStore.PrivateKeyEntry getOrGenerateCertificateAuthority() throws GeneralSecurityException, IOException {
        KeyStore.Entry entry = getEntry(TlsToolkitStandalone.NIFI_KEY);
        if (entry == null) {
            TlsConfig tlsConfig = getTlsConfig();
            KeyPair generateKeyPair = TlsHelper.generateKeyPair(tlsConfig.getKeyPairAlgorithm(), tlsConfig.getKeySize());
            entry = addPrivateKeyToKeyStore(generateKeyPair, TlsToolkitStandalone.NIFI_KEY, CertificateUtils.generateSelfSignedX509Certificate(generateKeyPair, tlsConfig.getDn(), tlsConfig.getSigningAlgorithm(), tlsConfig.getDays()));
        } else if (!KeyStore.PrivateKeyEntry.class.isInstance(entry)) {
            throw new IOException("Expected nifi-key alias to contain a private key entry");
        }
        return (KeyStore.PrivateKeyEntry) entry;
    }
}
