package org.zowe.apiml.cloudgatewayservice.service;

import java.io.IOException;
import java.io.StringWriter;
import java.security.cert.Certificate;
import javax.annotation.PostConstruct;
import lombok.Generated;
import org.bouncycastle.openssl.jcajce.JcaPEMWriter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Service;
import org.zowe.apiml.message.log.ApimlLogger;
import org.zowe.apiml.message.yaml.YamlMessageServiceInstance;
import org.zowe.apiml.security.HttpsConfig;
import org.zowe.apiml.security.HttpsConfigError;
import org.zowe.apiml.security.SecurityUtils;

@Service
/* loaded from: input_file:org/zowe/apiml/cloudgatewayservice/service/CertificateChainService.class */
public class CertificateChainService {

    @Value("${server.ssl.keyStore:#{null}}")
    private String keyStore;

    @Value("${server.ssl.keyStorePassword:#{null}}")
    private char[] keyStorePassword;

    @Value("${server.ssl.keyPassword:#{null}}")
    private char[] keyPassword;

    @Value("${server.ssl.keyStoreType:PKCS12}")
    private String keyStoreType;

    @Value("${server.ssl.keyAlias:#{null}}")
    private String keyAlias;
    Certificate[] certificates;

    @Generated
    private static final Logger log = LoggerFactory.getLogger(CertificateChainService.class);
    private static final ApimlLogger apimlLog = ApimlLogger.of(CertificateChainService.class, YamlMessageServiceInstance.getInstance());

    public String getCertificatesInPEMFormat() {
        StringWriter stringWriter = new StringWriter();
        if (this.certificates != null && this.certificates.length > 0) {
            try {
                JcaPEMWriter jcaPEMWriter = new JcaPEMWriter(stringWriter);
                Throwable th = null;
                try {
                    try {
                        for (Certificate certificate : this.certificates) {
                            jcaPEMWriter.writeObject(certificate);
                        }
                        if (jcaPEMWriter != null) {
                            if (0 != 0) {
                                try {
                                    jcaPEMWriter.close();
                                } catch (Throwable th2) {
                                    th.addSuppressed(th2);
                                }
                            } else {
                                jcaPEMWriter.close();
                            }
                        }
                    } finally {
                    }
                } finally {
                }
            } catch (IOException e) {
                log.error("Failed to convert a certificate to PEM format. {}", e.getMessage());
                return null;
            }
        }
        return stringWriter.toString();
    }

    @PostConstruct
    void loadCertChain() {
        HttpsConfig build = HttpsConfig.builder().keyAlias(this.keyAlias).keyStore(this.keyStore).keyPassword(this.keyPassword).keyStorePassword(this.keyStorePassword).keyStoreType(this.keyStoreType).build();
        try {
            this.certificates = SecurityUtils.loadCertificateChain(build);
        } catch (Exception e) {
            apimlLog.log("org.zowe.apiml.common.sslContextInitializationError", new Object[]{e.getMessage()});
            throw new HttpsConfigError("Error initializing SSL Context: " + e.getMessage(), e, HttpsConfigError.ErrorCode.HTTP_CLIENT_INITIALIZATION_FAILED, build);
        }
    }
}
