package com.amazon.opendistroforelasticsearch.security.ssl.util;

import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import org.elasticsearch.ElasticsearchException;

/* loaded from: input_file:com/amazon/opendistroforelasticsearch/security/ssl/util/CertFromTruststore.class */
public class CertFromTruststore {
    private final KeystoreProps keystoreProps;
    private final String serverTruststoreAlias;
    private final X509Certificate[] serverTrustedCerts;
    private final String clientTruststoreAlias;
    private final X509Certificate[] clientTrustedCerts;

    public CertFromTruststore() {
        this.keystoreProps = null;
        this.serverTruststoreAlias = null;
        this.serverTrustedCerts = null;
        this.clientTruststoreAlias = null;
        this.clientTrustedCerts = null;
    }

    public static CertFromTruststore Empty() {
        return new CertFromTruststore();
    }

    public CertFromTruststore(KeystoreProps keystoreProps, String str) throws CertificateException, NoSuchAlgorithmException, KeyStoreException, IOException {
        this.keystoreProps = keystoreProps;
        KeyStore loadKeystore = keystoreProps.loadKeystore();
        this.serverTruststoreAlias = str;
        this.serverTrustedCerts = SSLCertificateHelper.exportRootCertificates(loadKeystore, str);
        this.clientTruststoreAlias = this.serverTruststoreAlias;
        this.clientTrustedCerts = this.serverTrustedCerts;
        validate();
    }

    public CertFromTruststore(KeystoreProps keystoreProps, String str, String str2) throws CertificateException, NoSuchAlgorithmException, KeyStoreException, IOException {
        this.keystoreProps = keystoreProps;
        KeyStore loadKeystore = this.keystoreProps.loadKeystore();
        this.serverTruststoreAlias = str;
        this.serverTrustedCerts = SSLCertificateHelper.exportRootCertificates(loadKeystore, this.serverTruststoreAlias);
        this.clientTruststoreAlias = str2;
        this.clientTrustedCerts = SSLCertificateHelper.exportRootCertificates(loadKeystore, this.clientTruststoreAlias);
        validate();
    }

    private void validate() {
        if (this.serverTrustedCerts == null || this.serverTrustedCerts.length == 0) {
            throw new ElasticsearchException("No truststore configured for server certs", new Object[0]);
        }
        if (this.clientTrustedCerts == null || this.clientTrustedCerts.length == 0) {
            throw new ElasticsearchException("No truststore configured for client certs", new Object[0]);
        }
    }

    public X509Certificate[] getServerTrustedCerts() {
        return this.serverTrustedCerts;
    }

    public X509Certificate[] getClientTrustedCerts() {
        return this.clientTrustedCerts;
    }
}
