package org.springframework.vault.support;

import com.fasterxml.jackson.annotation.JsonProperty;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.security.spec.KeySpec;
import org.springframework.util.Assert;
import org.springframework.vault.VaultException;

/* loaded from: input_file:org/springframework/vault/support/CertificateBundle.class */
public class CertificateBundle {
    private final String serialNumber;
    private final String certificate;
    private final String issuingCaCertificate;
    private final String privateKey;

    private CertificateBundle(@JsonProperty("serial_number") String str, @JsonProperty("certificate") String str2, @JsonProperty("issuing_ca") String str3, @JsonProperty("private_key") String str4) {
        this.serialNumber = str;
        this.certificate = str2;
        this.issuingCaCertificate = str3;
        this.privateKey = str4;
    }

    public static CertificateBundle of(String str, String str2, String str3, String str4) {
        Assert.hasText(str, "Serial number must not be empty");
        Assert.hasText(str2, "Certificate must not be empty");
        Assert.hasText(str3, "Issuing CA certificate must not be empty");
        Assert.hasText(str4, "Private key must not be empty");
        return new CertificateBundle(str, str2, str3, str4);
    }

    public String getSerialNumber() {
        return this.serialNumber;
    }

    public String getCertificate() {
        return this.certificate;
    }

    public String getIssuingCaCertificate() {
        return this.issuingCaCertificate;
    }

    public String getPrivateKey() {
        return this.privateKey;
    }

    public KeySpec getPrivateKeySpec() {
        try {
            return KeystoreUtil.getRSAKeySpec(Base64.decode(getPrivateKey()));
        } catch (IOException e) {
            throw new VaultException("Cannot create KeySpec from private key", e);
        }
    }

    public X509Certificate getX509Certificate() {
        try {
            return KeystoreUtil.getCertificate(Base64.decode(getCertificate()));
        } catch (IOException | CertificateException e) {
            throw new VaultException("Cannot create Certificate from certificate", e);
        }
    }

    public X509Certificate getX509IssuerCertificate() {
        try {
            return KeystoreUtil.getCertificate(Base64.decode(getIssuingCaCertificate()));
        } catch (IOException | CertificateException e) {
            throw new VaultException("Cannot create Certificate from issuing CA certificate", e);
        }
    }

    public KeyStore createKeyStore(String str) {
        Assert.hasText(str, "Key alias must not be empty");
        try {
            return KeystoreUtil.createKeyStore(str, getPrivateKeySpec(), getX509Certificate(), getX509IssuerCertificate());
        } catch (IOException | GeneralSecurityException e) {
            throw new VaultException("Cannot create KeyStore", e);
        }
    }
}
