package io.quarkus.pulsar;

import io.quarkus.tls.TlsConfiguration;
import io.vertx.core.buffer.Buffer;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.Base64;
import java.util.Map;
import java.util.stream.Stream;
import org.apache.pulsar.client.api.Authentication;
import org.apache.pulsar.client.api.AuthenticationDataProvider;
import org.apache.pulsar.client.api.PulsarClientException;

/* loaded from: input_file:io/quarkus/pulsar/QuarkusPulsarKeyStoreAuthentication.class */
public class QuarkusPulsarKeyStoreAuthentication implements Authentication {
    public static final String BEGIN_CERT = "-----BEGIN CERTIFICATE-----";
    public static final String END_CERT = "-----END CERTIFICATE-----";
    public static final String LINE_SEPARATOR = System.getProperty("line.separator", "\n");
    private final TlsConfiguration configuration;

    /* loaded from: input_file:io/quarkus/pulsar/QuarkusPulsarKeyStoreAuthentication$QuarkusPulsarAuthenticationData.class */
    private static class QuarkusPulsarAuthenticationData implements AuthenticationDataProvider {
        private final Certificate[] certs;
        private final PrivateKey privateKey;
        private final InputStream trustStoreStream;

        public QuarkusPulsarAuthenticationData(Certificate[] certificateArr, PrivateKey privateKey, Buffer buffer) {
            this.certs = certificateArr;
            this.privateKey = privateKey;
            this.trustStoreStream = new ByteArrayInputStream(buffer.getBytes());
        }

        public boolean hasDataForTls() {
            return true;
        }

        public Certificate[] getTlsCertificates() {
            return this.certs;
        }

        public PrivateKey getTlsPrivateKey() {
            return this.privateKey;
        }

        public InputStream getTlsTrustStoreStream() {
            return this.trustStoreStream;
        }
    }

    public QuarkusPulsarKeyStoreAuthentication(TlsConfiguration tlsConfiguration) {
        this.configuration = tlsConfiguration;
    }

    public String getAuthMethodName() {
        return "quarkus-pulsar";
    }

    public void configure(Map<String, String> map) {
    }

    public void start() throws PulsarClientException {
    }

    public void close() throws IOException {
    }

    public AuthenticationDataProvider getAuthData() throws PulsarClientException {
        try {
            String password = this.configuration.getKeyStoreOptions().getPassword();
            KeyStore keyStore = this.configuration.getKeyStore();
            String nextElement = keyStore.aliases().nextElement();
            X509Certificate[] x509CertificateArr = (X509Certificate[]) Stream.of((X509Certificate) keyStore.getCertificate(nextElement)).toArray(i -> {
                return new X509Certificate[i];
            });
            PrivateKey privateKey = ((KeyStore.PrivateKeyEntry) keyStore.getEntry(nextElement, new KeyStore.PasswordProtection(password.toCharArray()))).getPrivateKey();
            KeyStore trustStore = this.configuration.getTrustStore();
            return new QuarkusPulsarAuthenticationData(x509CertificateArr, privateKey, formatCrtFileContents(trustStore.getCertificate(trustStore.aliases().nextElement())));
        } catch (Exception e) {
            throw new PulsarClientException(e);
        }
    }

    public static Buffer formatCrtFileContents(Certificate certificate) throws CertificateEncodingException {
        Buffer buffer = Buffer.buffer();
        buffer.appendString(BEGIN_CERT).appendString(LINE_SEPARATOR).appendBytes(Base64.getMimeEncoder(64, LINE_SEPARATOR.getBytes()).encode(certificate.getEncoded())).appendString(LINE_SEPARATOR).appendString(END_CERT);
        return buffer;
    }
}
