package uk.gov.dwp.tls;

import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import javax.crypto.SealedObject;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManagerFactory;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.slf4j.Logger;
import uk.gov.dwp.crypto.SecureStrings;
import uk.gov.dwp.logging.DwpEncodedLogger;

/* loaded from: input_file:uk/gov/dwp/tls/TLSConnectionBuilder.class */
public class TLSConnectionBuilder {
    private static final Logger LOG = DwpEncodedLogger.getLogger(TLSConnectionBuilder.class.getName());
    private static final SecureStrings secureCipher = new SecureStrings();
    private String trustStoreFile;
    private SealedObject trustStorePassword;
    private SealedObject keyStorePassword;
    private String keyStoreFile;

    public TLSConnectionBuilder(String str, String str2, String str3, String str4) {
        this.trustStorePassword = secureCipher.sealString(str2);
        this.keyStorePassword = secureCipher.sealString(str4);
        this.trustStoreFile = str;
        this.keyStoreFile = str3;
    }

    public TLSConnectionBuilder(String str, String str2) {
        this.trustStorePassword = secureCipher.sealString(str2);
        this.trustStoreFile = str;
    }

    public SSLContext createAndPopulateContext() throws NoSuchAlgorithmException, KeyStoreException, TLSGeneralException, IOException, CertificateException, UnrecoverableKeyException, KeyManagementException {
        TrustManagerFactory trustManagerFactory = null;
        KeyManagerFactory keyManagerFactory = null;
        KeyStore keyStore = null;
        KeyStore keyStore2 = null;
        if (getTrustStoreFile() == null || getTrustStoreFile().trim().length() <= 0) {
            LOG.info("Cannot use TRUSTSTORE, proceeding without trust anchors.  It is blank or null");
        } else {
            trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            keyStore2 = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore2.load(new FileInputStream(checkFile(getTrustStoreFile())), getTrustStorePassword().toCharArray());
            trustManagerFactory.init(keyStore2);
        }
        if (getKeyStoreFile() == null || getKeyStoreFile().trim().length() <= 0) {
            LOG.info("Cannot use KEYSTORE, proceeding without keystore.  It is blank or null");
        } else {
            keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore.load(new FileInputStream(checkFile(getKeyStoreFile())), getKeyStorePassword().toCharArray());
            keyManagerFactory.init(keyStore, getKeyStorePassword().toCharArray());
        }
        SSLContext sSLContext = SSLContext.getInstance("TLS");
        sSLContext.init(keyStore == null ? null : keyManagerFactory.getKeyManagers(), keyStore2 == null ? null : trustManagerFactory.getTrustManagers(), new SecureRandom());
        return sSLContext;
    }

    public CloseableHttpClient configureSSLConnection() throws KeyStoreException, IOException, CertificateException, NoSuchAlgorithmException, UnrecoverableKeyException, KeyManagementException, TLSGeneralException {
        HttpClientBuilder create = HttpClientBuilder.create();
        create.setSSLContext(createAndPopulateContext());
        return create.build();
    }

    private File checkFile(String str) throws TLSGeneralException {
        File file = new File(str);
        if (file.exists()) {
            return file;
        }
        throw new TLSGeneralException(String.format("%s does not exist", str));
    }

    public String getTrustStoreFile() {
        return this.trustStoreFile;
    }

    public String getTrustStorePassword() {
        return secureCipher.revealString(this.trustStorePassword);
    }

    public String getKeyStorePassword() {
        return secureCipher.revealString(this.keyStorePassword);
    }

    public String getKeyStoreFile() {
        return this.keyStoreFile;
    }
}
