package org.elasticsearch.test;

import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.security.cert.CertificateFactory;
import java.util.Objects;
import org.apache.lucene.tests.util.LuceneTestCase;
import org.elasticsearch.common.CheckedSupplier;
import org.elasticsearch.common.ssl.KeyStoreUtil;
import org.junit.Assert;
import org.junit.rules.ExternalResource;

/* loaded from: input_file:org/elasticsearch/test/TestTrustStore.class */
public class TestTrustStore extends ExternalResource {
    private final CheckedSupplier<InputStream, IOException> pemStreamSupplier;
    private Path trustStorePath;

    public TestTrustStore(CheckedSupplier<InputStream, IOException> checkedSupplier) {
        this.pemStreamSupplier = checkedSupplier;
    }

    public Path getTrustStorePath() {
        Assert.assertFalse("Tests in FIPS mode cannot supply a custom trust store", ESTestCase.inFipsJvm());
        return (Path) Objects.requireNonNullElseGet(this.trustStorePath, () -> {
            return (Path) ESTestCase.fail(null, "trust store not created", new Object[0]);
        });
    }

    protected void before() {
        Path resolve = LuceneTestCase.createTempDir().resolve("trust-store.jks");
        try {
            InputStream inputStream = (InputStream) this.pemStreamSupplier.get();
            try {
                OutputStream newOutputStream = Files.newOutputStream(resolve, new OpenOption[0]);
                try {
                    KeyStoreUtil.buildTrustStore(CertificateFactory.getInstance("X.509").generateCertificates(inputStream).stream().map(certificate -> {
                        return certificate;
                    }).toList(), "jks").store(newOutputStream, new char[0]);
                    this.trustStorePath = resolve;
                    if (newOutputStream != null) {
                        newOutputStream.close();
                    }
                    if (inputStream != null) {
                        inputStream.close();
                    }
                } catch (Throwable th) {
                    if (newOutputStream != null) {
                        try {
                            newOutputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    }
                    throw th;
                }
            } finally {
            }
        } catch (Exception e) {
            throw new AssertionError("unexpected", e);
        }
    }

    protected void after() {
        Assert.assertTrue(String.valueOf(this.trustStorePath) + " should still exist at teardown", Files.exists(this.trustStorePath, new LinkOption[0]));
    }
}
