package com.couchbase.client.dcp;

import com.couchbase.client.core.deps.io.netty.handler.ssl.SslContextBuilder;
import com.couchbase.client.dcp.core.utils.CbCollections;
import java.io.InputStream;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.util.List;
import java.util.Objects;
import java.util.function.Supplier;
import javax.net.ssl.KeyManagerFactory;

/* loaded from: input_file:com/couchbase/client/dcp/CertificateAuthenticator.class */
public class CertificateAuthenticator implements Authenticator {
    private final PrivateKey key;
    private final String keyPassword;
    private final List<X509Certificate> keyCertChain;
    private final Supplier<KeyManagerFactory> keyManagerFactory;

    public static CertificateAuthenticator fromKeyStore(Path path, String str) {
        return fromKeyStore(path, str, null);
    }

    public static CertificateAuthenticator fromKeyStore(Path path, String str, String str2) {
        String defaultType;
        Objects.requireNonNull(path, "KeyStorePath");
        try {
            InputStream newInputStream = Files.newInputStream(path, new OpenOption[0]);
            if (str2 != null) {
                defaultType = str2;
            } else {
                try {
                    defaultType = KeyStore.getDefaultType();
                } finally {
                }
            }
            KeyStore keyStore = KeyStore.getInstance(defaultType);
            keyStore.load(newInputStream, str != null ? str.toCharArray() : null);
            CertificateAuthenticator fromKeyStore = fromKeyStore(keyStore, str);
            if (newInputStream != null) {
                newInputStream.close();
            }
            return fromKeyStore;
        } catch (Exception e) {
            throw new IllegalArgumentException("Could not initialize KeyStore from Path", e);
        }
    }

    public static CertificateAuthenticator fromKeyStore(KeyStore keyStore, String str) {
        Objects.requireNonNull(keyStore, "KeyStore");
        try {
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            keyManagerFactory.init(keyStore, str != null ? str.toCharArray() : null);
            return fromKeyManagerFactory(() -> {
                return keyManagerFactory;
            });
        } catch (Exception e) {
            throw new IllegalArgumentException("Could not initialize KeyManagerFactory with KeyStore", e);
        }
    }

    public static CertificateAuthenticator fromKeyManagerFactory(Supplier<KeyManagerFactory> supplier) {
        Objects.requireNonNull(supplier, "KeyManagerFactory");
        return new CertificateAuthenticator(null, null, null, supplier);
    }

    public static CertificateAuthenticator fromKey(PrivateKey privateKey, String str, List<X509Certificate> list) {
        Objects.requireNonNull(privateKey, "PrivateKey");
        if (CbCollections.isNullOrEmpty(list)) {
            throw new IllegalArgumentException("KeyCertChain must not be null or empty");
        }
        return new CertificateAuthenticator(privateKey, str, list, null);
    }

    private CertificateAuthenticator(PrivateKey privateKey, String str, List<X509Certificate> list, Supplier<KeyManagerFactory> supplier) {
        this.key = privateKey;
        this.keyPassword = str;
        this.keyCertChain = list;
        this.keyManagerFactory = supplier;
        if (privateKey != null && supplier != null) {
            throw new IllegalArgumentException("Either a key certificate or a key manager factory can be provided, but not both!");
        }
    }

    @Override // com.couchbase.client.dcp.Authenticator
    public void applyTlsProperties(SslContextBuilder sslContextBuilder) {
        if (this.keyManagerFactory != null) {
            sslContextBuilder.keyManager(this.keyManagerFactory.get());
        } else if (this.key != null) {
            sslContextBuilder.keyManager(this.key, this.keyPassword, (X509Certificate[]) this.keyCertChain.toArray(new X509Certificate[0]));
        }
    }

    @Override // com.couchbase.client.dcp.Authenticator
    public boolean requiresTls() {
        return true;
    }

    public String toString() {
        return "CertificateAuthenticator{hasKey=" + (this.key != null) + ", hasKeyManagerFactory=" + (this.keyManagerFactory != null) + '}';
    }
}
