package org.apache.nifi.web.security.knox;

import java.io.IOException;
import java.io.InputStream;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPublicKey;
import java.util.Set;
import org.apache.nifi.util.NiFiProperties;

/* loaded from: input_file:org/apache/nifi/web/security/knox/StandardKnoxConfiguration.class */
public class StandardKnoxConfiguration implements KnoxConfiguration {
    private final NiFiProperties properties;

    public StandardKnoxConfiguration(NiFiProperties niFiProperties) {
        this.properties = niFiProperties;
    }

    @Override // org.apache.nifi.web.security.knox.KnoxConfiguration
    public boolean isKnoxEnabled() {
        return this.properties.isKnoxSsoEnabled();
    }

    @Override // org.apache.nifi.web.security.knox.KnoxConfiguration
    public String getKnoxUrl() {
        return this.properties.getKnoxUrl();
    }

    @Override // org.apache.nifi.web.security.knox.KnoxConfiguration
    public Set<String> getAudiences() {
        return this.properties.getKnoxAudiences();
    }

    @Override // org.apache.nifi.web.security.knox.KnoxConfiguration
    public String getKnoxCookieName() {
        return this.properties.getKnoxCookieName();
    }

    @Override // org.apache.nifi.web.security.knox.KnoxConfiguration
    public RSAPublicKey getKnoxPublicKey() {
        Path knoxPublicKeyPath = this.properties.getKnoxPublicKeyPath();
        if (!Files.isRegularFile(knoxPublicKeyPath, new LinkOption[0]) || !Files.exists(knoxPublicKeyPath, new LinkOption[0])) {
            throw new RuntimeException(String.format("The specified Knox public key path does not exist '%s'", knoxPublicKeyPath.toString()));
        }
        try {
            InputStream newInputStream = Files.newInputStream(knoxPublicKeyPath, new OpenOption[0]);
            Throwable th = null;
            try {
                try {
                    RSAPublicKey rSAPublicKey = (RSAPublicKey) ((X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(newInputStream)).getPublicKey();
                    if (newInputStream != null) {
                        if (0 != 0) {
                            try {
                                newInputStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            newInputStream.close();
                        }
                    }
                    return rSAPublicKey;
                } finally {
                }
            } finally {
            }
        } catch (IOException | CertificateException e) {
            throw new RuntimeException(e.getMessage(), e);
        }
    }
}
