package io.helidon.common.pki;

import io.helidon.builder.api.Prototype;
import io.helidon.common.configurable.Resource;
import io.helidon.common.configurable.ResourceException;
import io.helidon.common.pki.Keys;
import java.io.IOException;
import java.io.InputStream;
import java.lang.System;
import java.security.KeyStore;
import java.security.cert.X509Certificate;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.stream.Stream;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:io/helidon/common/pki/KeysBuilderDecorator.class */
public class KeysBuilderDecorator implements Prototype.BuilderDecorator<Keys.BuilderBase<?, ?>> {
    private static final System.Logger LOGGER = System.getLogger(Keys.class.getName());

    public void decorate(Keys.BuilderBase<?, ?> builderBase) {
        try {
            builderBase.keystore().ifPresent(keystoreKeys -> {
                updateFromKeystore(builderBase, keystoreKeys);
            });
            builderBase.pem().ifPresent(pemKeys -> {
                updateFromPem(builderBase, pemKeys);
            });
            if (builderBase.publicKey().isEmpty() && builderBase.publicCert().isPresent()) {
                builderBase.publicKey(builderBase.publicCert().get().getPublicKey());
            }
        } catch (ResourceException e) {
            throw new PkiException("Failed to load key configuration", e);
        }
    }

    private void updateFromPem(Keys.BuilderBase<?, ?> builderBase, PemKeys pemKeys) {
        if (builderBase.privateKey().isEmpty()) {
            pemKeys.key().ifPresent(resource -> {
                builderBase.privateKey(PemReader.readPrivateKey(resource.stream(), pemKeys.keyPassphrase().orElse(null)));
            });
        }
        if (builderBase.publicKey().isEmpty()) {
            pemKeys.publicKey().ifPresent(resource2 -> {
                builderBase.publicKey(PemReader.readPublicKey(resource2.stream()));
            });
        }
        List list = (List) pemKeys.certChain().map(resource3 -> {
            return PemReader.readCertificates(resource3.stream());
        }).orElseGet(List::of);
        Objects.requireNonNull(builderBase);
        list.forEach(builderBase::addCertChain);
        if (!list.isEmpty() && builderBase.publicCert().isEmpty()) {
            builderBase.publicCert((X509Certificate) list.get(0));
        }
        Stream flatMap = pemKeys.certificates().stream().map(resource4 -> {
            return PemReader.readCertificates(resource4.stream());
        }).flatMap((v0) -> {
            return v0.stream();
        });
        Objects.requireNonNull(builderBase);
        flatMap.forEach(builderBase::addCert);
    }

    private void updateFromKeystore(Keys.BuilderBase<?, ?> builderBase, KeystoreKeys keystoreKeys) {
        char[] orElseGet = keystoreKeys.passphrase().orElseGet(() -> {
            return new char[0];
        });
        char[] orElse = keystoreKeys.keyPassphrase().orElse(orElseGet);
        String type = keystoreKeys.type();
        Resource keystore = keystoreKeys.keystore();
        try {
            InputStream stream = keystore.stream();
            try {
                KeyStore loadKeystore = PkiUtil.loadKeystore(type, stream, orElseGet, keystore.location());
                if (stream != null) {
                    stream.close();
                }
                Optional<String> keyAlias = keystoreKeys.keyAlias();
                String orElse2 = keyAlias.orElse(KeystoreKeysBlueprint.DEFAULT_PRIVATE_KEY_ALIAS);
                if (builderBase.privateKey().isEmpty()) {
                    boolean isEmpty = keyAlias.isEmpty();
                    try {
                        builderBase.privateKey(PkiUtil.loadPrivateKey(loadKeystore, orElse2, orElse));
                    } catch (Exception e) {
                        if (!isEmpty) {
                            throw e;
                        }
                        LOGGER.log(System.Logger.Level.DEBUG, "Failed to read private key from default alias", e);
                    }
                }
                if (builderBase.certChain().isEmpty()) {
                    Optional<String> certChainAlias = keystoreKeys.certChainAlias();
                    boolean isEmpty2 = certChainAlias.isEmpty();
                    String orElse3 = certChainAlias.orElse(orElse2);
                    try {
                        List<X509Certificate> loadCertChain = PkiUtil.loadCertChain(loadKeystore, orElse3);
                        Objects.requireNonNull(builderBase);
                        loadCertChain.forEach(builderBase::addCertChain);
                    } catch (Exception e2) {
                        if (!isEmpty2) {
                            throw e2;
                        }
                        LOGGER.log(System.Logger.Level.DEBUG, "Failed to certificate chain from alias \"" + orElse3 + "\"", e2);
                    }
                }
                if (builderBase.publicCert().isEmpty()) {
                    Optional<String> certAlias = keystoreKeys.certAlias();
                    if (!certAlias.isEmpty()) {
                        builderBase.publicCert(PkiUtil.loadCertificate(loadKeystore, certAlias.get()));
                    } else if (!builderBase.certChain().isEmpty()) {
                        builderBase.publicCert(builderBase.certChain().get(0));
                    }
                }
                if (!keystoreKeys.trustStore()) {
                    keystoreKeys.certAliases().forEach(str -> {
                        builderBase.addCert(PkiUtil.loadCertificate(loadKeystore, str));
                    });
                    return;
                }
                List<X509Certificate> loadCertificates = PkiUtil.loadCertificates(loadKeystore);
                Objects.requireNonNull(builderBase);
                loadCertificates.forEach(builderBase::addCert);
            } finally {
            }
        } catch (IOException e3) {
            throw new PkiException("Failed to read keystore from its resource: " + String.valueOf(keystore), e3);
        }
    }
}
