package org.apache.nifi.registry.security.util;

import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.Security;
import java.util.HashMap;
import java.util.Map;
import org.apache.commons.lang3.StringUtils;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/nifi-registry-security-utils-1.15.2.jar:org/apache/nifi/registry/security/util/KeyStoreUtils.class */
public class KeyStoreUtils {
    private static final String SUN_SECURITY_PROVIDER = "SUN";
    private static final Logger logger = LoggerFactory.getLogger(KeyStoreUtils.class);
    private static final Map<String, String> KEY_STORE_TYPE_PROVIDERS = new HashMap();

    public static String getKeyStoreProvider(String str) {
        return KEY_STORE_TYPE_PROVIDERS.get(StringUtils.upperCase(str));
    }

    public static KeyStore getKeyStore(String str) throws KeyStoreException {
        String keyStoreProvider = getKeyStoreProvider(str);
        if (StringUtils.isNotEmpty(keyStoreProvider)) {
            try {
                return KeyStore.getInstance(str, keyStoreProvider);
            } catch (Exception e) {
                logger.error("Unable to load " + keyStoreProvider + StringUtils.SPACE + str + " keystore.  This may cause issues getting trusted CA certificates as well as Certificate Chains for use in TLS.", e);
            }
        }
        return KeyStore.getInstance(str);
    }

    static {
        Security.addProvider(new BouncyCastleProvider());
        KEY_STORE_TYPE_PROVIDERS.put(KeystoreType.JKS.toString(), SUN_SECURITY_PROVIDER);
        KEY_STORE_TYPE_PROVIDERS.put(KeystoreType.PKCS12.toString(), "BC");
        KEY_STORE_TYPE_PROVIDERS.put(KeystoreType.BCFKS.toString(), "BC");
    }
}
