package org.somda.sdc.dpws.crypto;

import com.google.inject.Inject;
import java.io.IOException;
import java.io.InputStream;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Optional;
import javax.net.ssl.SSLContext;
import org.apache.http.ssl.SSLContextBuilder;
import org.apache.http.ssl.SSLContexts;
import org.apache.http.ssl.TrustStrategy;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;

/* loaded from: input_file:org/somda/sdc/dpws/crypto/CryptoConfigurator.class */
public class CryptoConfigurator {
    private static final Logger LOG = LogManager.getLogger(CryptoConfigurator.class);

    @Inject
    CryptoConfigurator() {
    }

    public SSLContext createSslContextFromCryptoConfig(CachingCryptoSettings cachingCryptoSettings) throws KeyStoreException, UnrecoverableKeyException, CertificateException, NoSuchAlgorithmException, IOException, KeyManagementException {
        Optional<SSLContext> sslContext = cachingCryptoSettings.getSslContext();
        if (sslContext.isPresent()) {
            LOG.debug("Retrieved cached SSLContext");
            return sslContext.orElseThrow();
        }
        LOG.debug("Creating new SSLContext");
        SSLContext createSslContextFromCryptoConfigInternal = createSslContextFromCryptoConfigInternal(cachingCryptoSettings);
        cachingCryptoSettings.setSslContext(createSslContextFromCryptoConfigInternal);
        return createSslContextFromCryptoConfigInternal;
    }

    public SSLContext createSslContextFromCryptoConfig(CryptoSettings cryptoSettings) throws KeyStoreException, UnrecoverableKeyException, CertificateException, NoSuchAlgorithmException, IOException, KeyManagementException {
        return cryptoSettings instanceof CachingCryptoSettings ? createSslContextFromCryptoConfig((CachingCryptoSettings) cryptoSettings) : createSslContextFromCryptoConfigInternal(cryptoSettings);
    }

    private static SSLContext createSslContextFromCryptoConfigInternal(CryptoSettings cryptoSettings) throws KeyStoreException, UnrecoverableKeyException, CertificateException, NoSuchAlgorithmException, IOException, KeyManagementException {
        SSLContextBuilder custom = SSLContexts.custom();
        Optional<InputStream> keyStoreStream = cryptoSettings.getKeyStoreStream();
        if (!keyStoreStream.isPresent()) {
            throw new IOException("Expected key store, but none found");
        }
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(keyStoreStream.get(), cryptoSettings.getKeyStorePassword().toCharArray());
        custom.loadKeyMaterial(keyStore, cryptoSettings.getKeyStorePassword().toCharArray());
        Optional<InputStream> trustStoreStream = cryptoSettings.getTrustStoreStream();
        if (!trustStoreStream.isPresent()) {
            throw new IOException("Expected trust store, but none found");
        }
        KeyStore keyStore2 = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore2.load(trustStoreStream.get(), cryptoSettings.getTrustStorePassword().toCharArray());
        custom.loadTrustMaterial(keyStore2, (TrustStrategy) null);
        return custom.build();
    }

    public static List<X509Certificate> getCertificates(CryptoSettings cryptoSettings) {
        KeyStore keyStore;
        Optional<InputStream> keyStoreStream;
        ArrayList arrayList = new ArrayList();
        if (cryptoSettings == null) {
            return arrayList;
        }
        try {
            keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStoreStream = cryptoSettings.getKeyStoreStream();
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            LOG.error("Error retrieving certificates from keystore", e);
        }
        if (!keyStoreStream.isPresent()) {
            return arrayList;
        }
        keyStore.load(keyStoreStream.get(), cryptoSettings.getKeyStorePassword().toCharArray());
        Iterator<String> asIterator = keyStore.aliases().asIterator();
        while (asIterator.hasNext()) {
            Certificate certificate = keyStore.getCertificate(asIterator.next());
            if (certificate instanceof X509Certificate) {
                arrayList.add((X509Certificate) certificate);
            }
        }
        return arrayList;
    }

    public static SSLContext createSslContextFromSystemProperties() {
        return SSLContexts.createSystemDefault();
    }
}
