package org.springframework.vault.support;

import com.fasterxml.jackson.annotation.JsonProperty;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import org.springframework.util.Assert;
import org.springframework.util.Base64Utils;
import org.springframework.vault.VaultException;

/* loaded from: input_file:org/springframework/vault/support/Certificate.class */
public class Certificate {
    private final String serialNumber;
    private final String certificate;
    private final String issuingCaCertificate;

    /* JADX INFO: Access modifiers changed from: package-private */
    public Certificate(@JsonProperty("serial_number") String str, @JsonProperty("certificate") String str2, @JsonProperty("issuing_ca") String str3) {
        this.serialNumber = str;
        this.certificate = str2;
        this.issuingCaCertificate = str3;
    }

    public static Certificate of(String str, String str2, String str3) {
        Assert.hasText(str, "Serial number must not be empty");
        Assert.hasText(str2, "Certificate must not be empty");
        Assert.hasText(str3, "Issuing CA certificate must not be empty");
        return new Certificate(str, str2, str3);
    }

    public String getSerialNumber() {
        return this.serialNumber;
    }

    public String getCertificate() {
        return this.certificate;
    }

    public String getIssuingCaCertificate() {
        return this.issuingCaCertificate;
    }

    public X509Certificate getX509Certificate() {
        try {
            return KeystoreUtil.getCertificate(Base64Utils.decodeFromString(getCertificate()));
        } catch (IOException | CertificateException e) {
            throw new VaultException("Cannot create Certificate from certificate", e);
        }
    }

    public X509Certificate getX509IssuerCertificate() {
        try {
            return KeystoreUtil.getCertificate(Base64Utils.decodeFromString(getIssuingCaCertificate()));
        } catch (IOException | CertificateException e) {
            throw new VaultException("Cannot create Certificate from issuing CA certificate", e);
        }
    }

    public KeyStore createTrustStore() {
        try {
            return KeystoreUtil.createKeyStore(getX509Certificate(), getX509IssuerCertificate());
        } catch (IOException | GeneralSecurityException e) {
            throw new VaultException("Cannot create KeyStore", e);
        }
    }
}
