package shadow.palantir.driver.com.palantir.conjure.java.config.ssl;

import com.palantir.logsafe.Arg;
import com.palantir.logsafe.SafeArg;
import com.palantir.logsafe.exceptions.SafeRuntimeException;
import com.palantir.logsafe.logger.SafeLogger;
import com.palantir.logsafe.logger.SafeLoggerFactory;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.function.Supplier;
import java.util.stream.Collectors;
import shadow.palantir.driver.com.google.common.base.Suppliers;
import shadow.palantir.driver.com.google.common.collect.ImmutableMap;
import shadow.palantir.driver.com.google.common.hash.Hashing;
import shadow.palantir.driver.com.google.common.io.Resources;

/* loaded from: input_file:shadow/palantir/driver/com/palantir/conjure/java/config/ssl/DefaultCas.class */
final class DefaultCas {
    private static final String CA_CERTIFICATES_CRT = "/ca-certificates.crt";
    private static final SafeLogger log = SafeLoggerFactory.get((Class<?>) DefaultCas.class);
    private static final Supplier<Map<String, X509Certificate>> TRUSTED_CERTIFICATES = Suppliers.memoize(DefaultCas::getTrustedCertificates);

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Map<String, X509Certificate> getCertificates() {
        return TRUSTED_CERTIFICATES.get();
    }

    private static Map<String, X509Certificate> getTrustedCertificates() {
        ImmutableMap.Builder builder = ImmutableMap.builder();
        try {
            List<X509Certificate> list = (List) KeyStores.readX509Certificates(new ByteArrayInputStream(Resources.toByteArray(Resources.getResource(DefaultCas.class, CA_CERTIFICATES_CRT)))).stream().map(certificate -> {
                return (X509Certificate) certificate;
            }).collect(Collectors.toList());
            int i = 0;
            for (X509Certificate x509Certificate : list) {
                String lowerCase = x509Certificate.getSubjectX500Principal().getName().toLowerCase(Locale.ENGLISH);
                builder.put(lowerCase + i, x509Certificate);
                log.debug("Adding CA certificate", SafeArg.of("certificateIndex", Integer.valueOf(i)), SafeArg.of("certificateCount", Integer.valueOf(list.size())), SafeArg.of("certificateCommonName", lowerCase), SafeArg.of("expiry", x509Certificate.getNotAfter()), SafeArg.of("sha256Fingerprint", Hashing.sha256().hashBytes(x509Certificate.getEncoded()).toString()));
                i++;
            }
            return builder.buildOrThrow();
        } catch (IOException | CertificateException e) {
            throw new SafeRuntimeException("Could not read file as an X.509 certificate", e, new Arg[0]);
        }
    }

    private DefaultCas() {
    }
}
