package org.graylog.security.certutil.cert.storage;

import jakarta.inject.Inject;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.StringReader;
import java.io.StringWriter;
import java.security.GeneralSecurityException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.LinkedList;
import java.util.Optional;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.jcajce.JcaPEMWriter;
import org.bouncycastle.operator.OperatorCreationException;
import org.graylog.security.certutil.cert.CertificateChain;
import org.graylog2.cluster.preflight.DataNodeProvisioningService;

/* loaded from: input_file:org/graylog/security/certutil/cert/storage/CertChainMongoStorage.class */
public class CertChainMongoStorage implements CertChainStorage {
    private DataNodeProvisioningService mongoService;

    @Inject
    public CertChainMongoStorage(DataNodeProvisioningService dataNodeProvisioningService) {
        this.mongoService = dataNodeProvisioningService;
    }

    @Override // org.graylog.security.certutil.cert.storage.CertChainStorage
    public void writeCertChain(CertificateChain certificateChain, String str) throws IOException, OperatorCreationException {
        StringWriter stringWriter = new StringWriter();
        JcaPEMWriter jcaPEMWriter = new JcaPEMWriter(stringWriter);
        try {
            for (Certificate certificate : certificateChain.toCertificateChainArray()) {
                jcaPEMWriter.writeObject(certificate);
            }
            jcaPEMWriter.close();
            this.mongoService.writeCert(str, stringWriter.toString());
        } catch (Throwable th) {
            try {
                jcaPEMWriter.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    @Override // org.graylog.security.certutil.cert.storage.CertChainStorage
    public Optional<CertificateChain> readCertChain(String str) throws IOException, GeneralSecurityException {
        Optional<String> readCert = this.mongoService.readCert(str);
        if (readCert.isPresent()) {
            PEMParser pEMParser = new PEMParser(new BufferedReader(new StringReader(readCert.get())));
            LinkedList linkedList = new LinkedList();
            X509Certificate readSingleCert = readSingleCert(pEMParser);
            if (readSingleCert != null) {
                X509Certificate readSingleCert2 = readSingleCert(pEMParser);
                while (true) {
                    X509Certificate x509Certificate = readSingleCert2;
                    if (x509Certificate == null) {
                        return Optional.of(new CertificateChain(readSingleCert, linkedList));
                    }
                    linkedList.add(x509Certificate);
                    readSingleCert2 = readSingleCert(pEMParser);
                }
            }
        }
        return Optional.empty();
    }

    private X509Certificate readSingleCert(PEMParser pEMParser) throws IOException, CertificateException {
        Object readObject = pEMParser.readObject();
        if (readObject instanceof X509Certificate) {
            return (X509Certificate) readObject;
        }
        if (readObject instanceof X509CertificateHolder) {
            return new JcaX509CertificateConverter().getCertificate((X509CertificateHolder) readObject);
        }
        return null;
    }
}
