package com.zollsoft.eRezeptServices;

import ca.uhn.fhir.rest.api.Constants;
import com.fasterxml.jackson.core.JsonFactory;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.URISyntaxException;
import java.net.URLDecoder;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.Security;
import java.security.cert.CertificateException;
import java.util.ArrayList;
import java.util.Base64;
import java.util.LinkedHashMap;
import javax.crypto.BadPaddingException;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import org.apache.commons.codec.digest.DigestUtils;
import org.apache.commons.lang3.RandomStringUtils;
import org.apache.http.Consts;
import org.apache.http.Header;
import org.apache.http.HttpEntity;
import org.apache.http.ParseException;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.client.methods.HttpUriRequest;
import org.apache.http.entity.mime.MultipartEntityBuilder;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.message.BasicNameValuePair;
import org.apache.http.util.EntityUtils;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.jose4j.jwe.ContentEncryptionAlgorithmIdentifiers;
import org.jose4j.jwe.JsonWebEncryption;
import org.jose4j.jwe.KeyManagementAlgorithmIdentifiers;
import org.jose4j.jwk.JsonWebKey;
import org.jose4j.jwt.ReservedClaimNames;
import org.jose4j.jwx.HeaderParameterNames;
import org.jose4j.keys.AesKey;
import org.jose4j.lang.JoseException;
import org.json.simple.JSONObject;
import org.json.simple.parser.JSONParser;

/* loaded from: input_file:com/zollsoft/eRezeptServices/ERezeptTIAuthentifizierung.class */
public class ERezeptTIAuthentifizierung {
    private static ERezeptDiscoveryDocument dd;
    private static final CloseableHttpClient httpClient = HttpClients.createDefault();
    private static byte[] tokenKey = new byte[32];
    private static String accessToken;

    private static String authenticate(ERezeptTIConnectorMessenger eRezeptTIConnectorMessenger) throws URISyntaxException, InvalidKeyException, NoSuchAlgorithmException, InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException, NoSuchPaddingException, ParseException, IOException, CertificateException {
        createTokenKey();
        System.out.println("Schritt 1: DiscoveryDocument herunterladen und Signatur validieren");
        getDiscoveryDocument();
        System.out.println("Schritt 2: Codechallenge und mit dem Hash256 CodeVerifier generieren");
        String createCodeVerifier = createCodeVerifier();
        String createCodeChallenge = createCodeChallenge(createCodeVerifier);
        System.out.println("Schritt 3 Authorization Challenge beantragen");
        String authorizationChallengeRequest = authorizationChallengeRequest(createCodeChallenge);
        System.out.println("Schritt 4 Challenge Token über Konnektor SMCB signieren und mittels Public Key verschlüsseln");
        String signHashChallengeToken = signHashChallengeToken(eRezeptTIConnectorMessenger.readCardCertificate(), authorizationChallengeRequest, eRezeptTIConnectorMessenger);
        String jSONAssignmentFromBody = dd.getJSONAssignmentFromBody("authorization_endpoint");
        String jSONAssignmentFromBody2 = dd.getJSONAssignmentFromBody("token_endpoint");
        String jSONAssignmentFromBody3 = dd.getJSONAssignmentFromBody("uri_puk_idp_enc");
        dd.getJSONAssignmentFromBody("uri_puk_idp_sig");
        String encodeToString = Base64.getUrlEncoder().withoutPadding().encodeToString(tokenKey);
        JsonWebKey jsonWebKey = get_puk_idp_enc(jSONAssignmentFromBody3);
        HttpPost encryptSignedChallengeTokenIntoHttpPost = encryptSignedChallengeTokenIntoHttpPost(signHashChallengeToken, jsonWebKey, authorizationChallengeRequest, jSONAssignmentFromBody);
        System.out.println("Schritt 7 verschlüsselte Challenge Response zusammen mit dem verschlüsselten Challenge Token mittels Multiparts HTTP Post verschicken im Austausch für ein Authorisation-Code");
        String sendChallengeResponseForAuthorizationCode = sendChallengeResponseForAuthorizationCode(encryptSignedChallengeTokenIntoHttpPost);
        System.out.println("Schritt 8 Token ID und CodeChallange verschlüsset zurückschicken");
        accessToken = sendCodeChallangeForAccessToken(encryptCodeChallangeIntoHttpPost(createCodeVerifier, jsonWebKey, sendChallengeResponseForAuthorizationCode, jSONAssignmentFromBody2, encodeToString));
        accessToken = decryptAccessToken(accessToken);
        return accessToken;
    }

    private static void getDiscoveryDocument() {
        dd = new ERezeptDiscoveryDocument();
        dd.readDiscoveryDocument(ERezeptConstants.defaultBackend);
        dd.encryptDiscoveryDocumentJWT();
    }

    private static String createCodeVerifier() {
        return Base64.getUrlEncoder().withoutPadding().encodeToString(DigestUtils.sha256(RandomStringUtils.random(123)));
    }

    private static String createCodeChallenge(String str) {
        return new String(Base64.getUrlEncoder().withoutPadding().encode(DigestUtils.sha256(str)));
    }

    private static String authorizationChallengeRequest(String str) throws URISyntaxException {
        String str2 = dd.getJSONAssignmentFromBody("authorization_endpoint") + "?scope=openid+e-rezept&response_type=code&redirect_uri=" + ERezeptConstants.backend(ERezeptConstants.defaultBackend).getRedirectURI() + "&state=AcYxMQ5MZMpRh6WOBjs8&code_challenge_method=S256&code_challenge=" + str + "&nonce=nN4LkW1moAwg1tofYZtffsdf&client_id=" + ERezeptConstants.backend(ERezeptConstants.defaultBackend).getClientId();
        HttpGet httpGet = new HttpGet(str2);
        httpGet.addHeader("User-Agent", ERezeptConstants.backend(ERezeptConstants.defaultBackend).getUserAgent());
        System.out.println("GET Request 13: " + str2);
        for (Header header : httpGet.getAllHeaders()) {
            System.out.println("GET Request 13 Header: " + header.getName() + " : " + header.getValue());
        }
        try {
            CloseableHttpResponse execute = httpClient.execute((HttpUriRequest) httpGet);
            try {
                HttpEntity entity = execute.getEntity();
                if (entity == null) {
                    if (execute != null) {
                        execute.close();
                    }
                    return null;
                }
                String obj = ((JSONObject) new JSONParser().parse(EntityUtils.toString(entity))).get("challenge").toString();
                if (execute != null) {
                    execute.close();
                }
                return obj;
            } finally {
            }
        } catch (IOException | org.json.simple.parser.ParseException e) {
            e.printStackTrace();
            return null;
        }
    }

    private static String signHashChallengeToken(String str, String str2, ERezeptTIConnectorMessenger eRezeptTIConnectorMessenger) {
        String str3 = Base64.getUrlEncoder().encodeToString(("{\"typ\":\"JWT\",\"cty\":\"NJWT\",\"alg\":\"PS256\",\"x5c\":[\"" + str + "\"]}").getBytes()) + "." + Base64.getUrlEncoder().encodeToString(("{\"njwt\":\"" + str2 + "\"}").getBytes());
        return new String(str3 + "." + eRezeptTIConnectorMessenger.externalAuthenticate(Base64.getEncoder().encodeToString(DigestUtils.sha256(str3))));
    }

    private static void createTokenKey() throws NoSuchAlgorithmException {
        KeyGenerator keyGenerator = KeyGenerator.getInstance(AesKey.ALGORITHM);
        keyGenerator.init(256);
        tokenKey = keyGenerator.generateKey().getEncoded();
    }

    private static String decryptAccessToken(String str) {
        JsonWebEncryption jsonWebEncryption = new JsonWebEncryption();
        jsonWebEncryption.setKey(new AesKey(tokenKey));
        try {
            jsonWebEncryption.setCompactSerialization(str);
            str = ((JSONObject) new JSONParser().parse(jsonWebEncryption.getPlaintextString())).get("njwt").toString();
        } catch (Exception e) {
            e.printStackTrace();
        }
        return str;
    }

    public static String getAccessToken(Boolean bool, Integer num, String str, String str2, String str3, String str4, String str5, String str6, String str7, String str8) {
        if (accessToken == null) {
            try {
                authenticate(new ERezeptTIConnectorMessenger(bool, num, str, str2, str3, str4, str5, str6, str7, str8));
            } catch (IOException e) {
                e.printStackTrace();
            } catch (URISyntaxException | InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | CertificateException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException | ParseException e2) {
                e2.printStackTrace();
            }
        } else {
            JSONObject jSONObject = null;
            try {
                jSONObject = (JSONObject) new JSONParser().parse(new String(Base64.getDecoder().decode(accessToken.split("\\.")[1])));
            } catch (org.json.simple.parser.ParseException e3) {
                e3.printStackTrace();
            }
            Boolean bool2 = true;
            if (((Long) jSONObject.get(ReservedClaimNames.EXPIRATION_TIME)).longValue() > Long.valueOf(System.currentTimeMillis() / 1000).longValue() + 10) {
                bool2 = false;
            }
            if (bool2.booleanValue()) {
                try {
                    authenticate(new ERezeptTIConnectorMessenger(bool, num, str, str2, str3, str4, str5, str6, str7, str8));
                } catch (IOException | URISyntaxException | InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | CertificateException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException | ParseException e4) {
                    e4.printStackTrace();
                }
            }
        }
        return new String(Constants.HEADER_AUTHORIZATION_VALPREFIX_BEARER + accessToken);
    }

    public static void setAccessToken(String str) {
        if (str.length() < 10) {
            accessToken = null;
        } else {
            accessToken = str.substring(7);
        }
    }

    private static HttpPost encryptSignedChallengeTokenIntoHttpPost(String str, JsonWebKey jsonWebKey, String str2, String str3) throws InvalidKeyException, NoSuchAlgorithmException, InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException, NoSuchPaddingException, UnsupportedEncodingException {
        JsonWebEncryption jsonWebEncryption = new JsonWebEncryption();
        jsonWebEncryption.setPayload("{\"njwt\":\"" + str + "\"}");
        jsonWebEncryption.setAlgorithmHeaderValue(KeyManagementAlgorithmIdentifiers.ECDH_ES);
        jsonWebEncryption.setEncryptionMethodHeaderParameter(ContentEncryptionAlgorithmIdentifiers.AES_256_GCM);
        jsonWebEncryption.setKey(jsonWebKey.getKey());
        jsonWebEncryption.setHeader(HeaderParameterNames.CONTENT_TYPE, "NJWT");
        Long l = null;
        try {
            l = (Long) ((JSONObject) new JSONParser().parse(new String(Base64.getDecoder().decode(str2.split("\\.")[1])))).get(ReservedClaimNames.EXPIRATION_TIME);
        } catch (org.json.simple.parser.ParseException e) {
            e.printStackTrace();
        }
        jsonWebEncryption.getHeaders().setObjectHeaderValue(ReservedClaimNames.EXPIRATION_TIME, l);
        String str4 = "";
        try {
            str4 = jsonWebEncryption.getCompactSerialization();
        } catch (JoseException e2) {
            e2.printStackTrace();
        }
        String str5 = str4;
        MultipartEntityBuilder.create().addBinaryBody("signed_challenge", str5.getBytes()).build();
        HttpPost httpPost = new HttpPost(str3);
        ArrayList arrayList = new ArrayList();
        arrayList.add(new BasicNameValuePair("signed_challenge", str5));
        httpPost.setEntity(new UrlEncodedFormEntity(arrayList, Consts.UTF_8));
        httpPost.addHeader("Accept", Constants.CT_JSON);
        httpPost.addHeader("User-Agent", ERezeptConstants.backend(ERezeptConstants.defaultBackend).getUserAgent());
        return httpPost;
    }

    /* JADX WARN: Multi-variable type inference failed */
    private static String sendChallengeResponseForAuthorizationCode(HttpPost httpPost) throws ParseException, IOException {
        httpPost.getEntity().writeTo(new ByteArrayOutputStream());
        try {
            Header[] headers = httpClient.execute((HttpUriRequest) httpPost).getHeaders("Location");
            String str = headers.length == 1 ? headers[0].getValue().split("\\?")[1] : "";
            LinkedHashMap linkedHashMap = new LinkedHashMap();
            for (String str2 : str.split("&")) {
                int indexOf = str2.indexOf("=");
                linkedHashMap.put(URLDecoder.decode(str2.substring(0, indexOf), "UTF-8"), URLDecoder.decode(str2.substring(indexOf + 1), "UTF-8"));
            }
            return (String) linkedHashMap.get("code");
        } catch (IOException e) {
            e.printStackTrace();
            return null;
        }
    }

    private static JsonWebKey get_puk_idp_enc(String str) {
        HttpGet httpGet = new HttpGet(str);
        httpGet.addHeader("User-Agent", ERezeptConstants.backend(ERezeptConstants.defaultBackend).getUserAgent());
        try {
            CloseableHttpResponse execute = httpClient.execute((HttpUriRequest) httpGet);
            try {
                HttpEntity entity = execute.getEntity();
                if (entity == null) {
                    if (execute != null) {
                        execute.close();
                    }
                    return null;
                }
                String entityUtils = EntityUtils.toString(entity);
                Security.addProvider(new BouncyCastleProvider());
                JsonWebKey newJwk = JsonWebKey.Factory.newJwk(entityUtils);
                if (execute != null) {
                    execute.close();
                }
                return newJwk;
            } finally {
            }
        } catch (IOException | JoseException e) {
            e.printStackTrace();
            return null;
        }
    }

    private static HttpPost encryptCodeChallangeIntoHttpPost(String str, JsonWebKey jsonWebKey, String str2, String str3, String str4) {
        JsonWebEncryption jsonWebEncryption = new JsonWebEncryption();
        JSONObject jSONObject = new JSONObject();
        jSONObject.put("token_key", str4);
        jSONObject.put("code_verifier", str);
        jsonWebEncryption.setPayload(jSONObject.toString());
        jsonWebEncryption.setAlgorithmHeaderValue(KeyManagementAlgorithmIdentifiers.ECDH_ES);
        jsonWebEncryption.setEncryptionMethodHeaderParameter(ContentEncryptionAlgorithmIdentifiers.AES_256_GCM);
        jsonWebEncryption.setKey(jsonWebKey.getKey());
        jsonWebEncryption.setHeader(HeaderParameterNames.CONTENT_TYPE, JsonFactory.FORMAT_NAME_JSON);
        String str5 = "";
        try {
            str5 = jsonWebEncryption.getCompactSerialization();
        } catch (JoseException e) {
            e.printStackTrace();
        }
        HttpPost httpPost = new HttpPost(str3);
        ArrayList arrayList = new ArrayList();
        arrayList.add(new BasicNameValuePair("key_verifier", str5));
        arrayList.add(new BasicNameValuePair("code", str2));
        arrayList.add(new BasicNameValuePair("grant_type", "authorization_code"));
        arrayList.add(new BasicNameValuePair("redirect_uri", ERezeptConstants.backend(ERezeptConstants.defaultBackend).getRedirectURI()));
        arrayList.add(new BasicNameValuePair("client_id", ERezeptConstants.backend(ERezeptConstants.defaultBackend).getClientId()));
        httpPost.setEntity(new UrlEncodedFormEntity(arrayList, Consts.UTF_8));
        httpPost.addHeader("Accept", Constants.CT_JSON);
        httpPost.addHeader("User-Agent", ERezeptConstants.backend(ERezeptConstants.defaultBackend).getUserAgent());
        return httpPost;
    }

    private static String sendCodeChallangeForAccessToken(HttpPost httpPost) throws IOException {
        try {
            return (String) ((JSONObject) new JSONParser().parse(EntityUtils.toString(httpClient.execute((HttpUriRequest) httpPost).getEntity()))).get("access_token");
        } catch (IOException | org.json.simple.parser.ParseException e) {
            e.printStackTrace();
            return "";
        }
    }

    public static String httpPostToString(HttpPost httpPost) {
        StringBuilder sb = new StringBuilder();
        sb.append("\nRequestLine:");
        sb.append(httpPost.getRequestLine().toString());
        int i = 0;
        for (Header header : httpPost.getAllHeaders()) {
            if (i == 0) {
                sb.append("\nHeader:");
            }
            i++;
            sb.append(header.getName() + " = " + header.getValue() + ";\n ");
        }
        HttpEntity entity = httpPost.getEntity();
        String str = "";
        if (entity != null) {
            try {
                str = EntityUtils.toString(entity);
            } catch (Exception e) {
                e.printStackTrace();
            }
        }
        sb.append("\nContent:");
        sb.append(str);
        return sb.toString();
    }
}
