package ai.vespa.hosted.auth;

import ai.vespa.hosted.api.Properties;
import com.yahoo.config.provision.SystemName;
import com.yahoo.security.KeyUtils;
import com.yahoo.security.SslContextBuilder;
import com.yahoo.security.X509CertificateUtils;
import java.io.IOException;
import java.io.UncheckedIOException;
import java.net.http.HttpRequest;
import java.nio.file.Files;
import java.nio.file.Path;
import java.security.NoSuchAlgorithmException;
import java.security.cert.X509Certificate;
import java.time.Instant;
import java.util.Optional;
import javax.net.ssl.SSLContext;

/* loaded from: input_file:ai/vespa/hosted/auth/EndpointAuthenticator.class */
public class EndpointAuthenticator implements ai.vespa.hosted.api.EndpointAuthenticator {
    public EndpointAuthenticator(SystemName systemName) {
    }

    public SSLContext sslContext() {
        try {
            Optional nonBlankProperty = Properties.getNonBlankProperty("vespa.test.credentials.root");
            if (nonBlankProperty.isEmpty()) {
                return SSLContext.getDefault();
            }
            Path of = Path.of((String) nonBlankProperty.get(), new String[0]);
            Path resolve = of.resolve("cert");
            Path resolve2 = of.resolve("key");
            X509Certificate fromPem = X509CertificateUtils.fromPem(new String(Files.readAllBytes(resolve)));
            if (Instant.now().isBefore(fromPem.getNotBefore().toInstant()) || Instant.now().isAfter(fromPem.getNotAfter().toInstant())) {
                throw new IllegalStateException("Certificate at '" + resolve + "' is valid between " + fromPem.getNotBefore() + " and " + fromPem.getNotAfter() + " — not now.");
            }
            return new SslContextBuilder().withKeyStore(KeyUtils.fromPemEncodedPrivateKey(new String(Files.readAllBytes(resolve2))), fromPem).build();
        } catch (IOException e) {
            throw new UncheckedIOException(e);
        } catch (NoSuchAlgorithmException e2) {
            throw new IllegalStateException(e2);
        }
    }

    public HttpRequest.Builder authenticated(HttpRequest.Builder builder) {
        return builder;
    }
}
