package uk.co.automatictester.truststore.maven.plugin.truststore;

import java.io.FileOutputStream;
import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.HashSet;
import java.util.List;
import java.util.Optional;
import java.util.Set;
import org.apache.maven.plugin.logging.Log;
import uk.co.automatictester.truststore.maven.plugin.bc.BouncyCastleKeyStoreLoader;
import uk.co.automatictester.truststore.maven.plugin.certificate.CertificateInspector;
import uk.co.automatictester.truststore.maven.plugin.keystore.KeyStoreFactory;
import uk.co.automatictester.truststore.maven.plugin.mojo.CustomScryptConfig;

/* loaded from: input_file:uk/co/automatictester/truststore/maven/plugin/truststore/TruststoreWriter.class */
public class TruststoreWriter {
    private final Log log;
    private final TruststoreFormat format;
    private final String file;
    private final String password;
    private CustomScryptConfig scryptConfig;

    public void write(List<X509Certificate> list) {
        if (list.isEmpty()) {
            this.log.warn("Truststore not generated: no certificates to store");
        } else {
            saveKeyStore(populateKeyStore(deduplicateCerts(list)));
        }
    }

    private Set<X509Certificate> deduplicateCerts(List<X509Certificate> list) {
        return new HashSet(list);
    }

    private KeyStore populateKeyStore(Set<X509Certificate> set) {
        try {
            KeyStore loadKeyStore = loadKeyStore(KeyStoreFactory.createInstance(this.format));
            for (X509Certificate x509Certificate : set) {
                CertificateInspector certificateInspector = new CertificateInspector(this.log, x509Certificate);
                logCertDetails(certificateInspector);
                loadKeyStore.setCertificateEntry(String.format("%s - %s", certificateInspector.getIssuer(), certificateInspector.getSerialNumber()), x509Certificate);
            }
            return loadKeyStore;
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            throw new RuntimeException(String.format("Error building truststore: %s", e.getMessage()), e);
        }
    }

    private KeyStore loadKeyStore(KeyStore keyStore) throws CertificateException, IOException, NoSuchAlgorithmException {
        if (!keyStore.getType().equals(TruststoreFormat.BCFKS.toString()) || this.scryptConfig == null) {
            this.log.info("Generating " + this.format + " truststore");
            return KeyStoreLoader.load(keyStore);
        }
        this.log.info("Generating " + this.format + " truststore with custom Scrypt parameters:");
        this.log.info(this.scryptConfig.toString());
        return BouncyCastleKeyStoreLoader.load(keyStore, this.scryptConfig);
    }

    private void logCertDetails(CertificateInspector certificateInspector) {
        Optional<String> subjectAlternativeNames = certificateInspector.getSubjectAlternativeNames();
        this.log.info("Serial number:     " + certificateInspector.getSerialNumber());
        this.log.info("Subject:           " + certificateInspector.getSubject());
        subjectAlternativeNames.ifPresent(str -> {
            this.log.info("Subject Alt Names: " + str);
        });
        this.log.info("Issuer:            " + certificateInspector.getIssuer());
        this.log.info("Valid between:     " + certificateInspector.getNotValidBefore() + " and " + certificateInspector.getNotValidAfter() + " (GMT)" + System.lineSeparator());
    }

    private void saveKeyStore(KeyStore keyStore) {
        try {
            FileOutputStream fileOutputStream = new FileOutputStream(this.file);
            Throwable th = null;
            try {
                try {
                    keyStore.store(fileOutputStream, this.password.toCharArray());
                    this.log.info("Total of " + keyStore.size() + " certificates saved to: " + this.file);
                    if (fileOutputStream != null) {
                        if (0 != 0) {
                            try {
                                fileOutputStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            fileOutputStream.close();
                        }
                    }
                } finally {
                }
            } finally {
            }
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            throw new RuntimeException(String.format("Error writing file %s: %s", this.file, e.getMessage()), e);
        }
    }

    public TruststoreWriter(Log log, TruststoreFormat truststoreFormat, String str, String str2) {
        this.log = log;
        this.format = truststoreFormat;
        this.file = str;
        this.password = str2;
    }

    public void setScryptConfig(CustomScryptConfig customScryptConfig) {
        this.scryptConfig = customScryptConfig;
    }
}
