package org.apache.nifi.security.ssl;

import java.io.InputStream;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.cert.Certificate;
import java.util.Objects;

/* loaded from: input_file:org/apache/nifi/security/ssl/PemPrivateKeyCertificateKeyStoreBuilder.class */
public class PemPrivateKeyCertificateKeyStoreBuilder implements KeyStoreBuilder {
    private static final String ALIAS = "private-key-1";
    private static final char[] EMPTY_PROTECTION_PARAMETER = new char[0];
    private InputStream privateKeyInputStream;
    private InputStream certificateInputStream;

    @Override // org.apache.nifi.security.ssl.KeyStoreBuilder
    public KeyStore build() {
        KeyStore initializedKeyStore = getInitializedKeyStore();
        if (this.certificateInputStream == null) {
            throw new BuilderConfigurationException("Certificate InputStream not configured");
        }
        if (this.privateKeyInputStream == null) {
            throw new BuilderConfigurationException("Private Key InputStream not configured");
        }
        loadKeyStore(initializedKeyStore);
        return initializedKeyStore;
    }

    public PemPrivateKeyCertificateKeyStoreBuilder certificateInputStream(InputStream inputStream) {
        this.certificateInputStream = (InputStream) Objects.requireNonNull(inputStream, "Certificate InputStream required");
        return this;
    }

    public PemPrivateKeyCertificateKeyStoreBuilder privateKeyInputStream(InputStream inputStream) {
        this.privateKeyInputStream = (InputStream) Objects.requireNonNull(inputStream, "Private Key InputStream required");
        return this;
    }

    private void loadKeyStore(KeyStore keyStore) {
        Certificate[] certificateArr = (Certificate[]) new StandardPemCertificateReader().readCertificates(this.certificateInputStream).toArray(new Certificate[0]);
        try {
            keyStore.setKeyEntry(ALIAS, new StandardPemPrivateKeyReader().readPrivateKey(this.privateKeyInputStream), EMPTY_PROTECTION_PARAMETER, certificateArr);
        } catch (KeyStoreException e) {
            throw new BuilderConfigurationException("Set key entry failed", e);
        }
    }

    private KeyStore getInitializedKeyStore() {
        String defaultType = KeyStore.getDefaultType();
        try {
            KeyStore keyStore = KeyStore.getInstance(defaultType);
            keyStore.load(null);
            return keyStore;
        } catch (Exception e) {
            throw new BuilderConfigurationException(String.format("Key Store Type [%s] initialization failed", defaultType), e);
        }
    }
}
