package de.governikus.bea.beaToolkit.autent;

import de.bos_bremen.gov.autent.challengeresponse.schema.Challenge;
import de.bos_bremen.gov.autent.challengeresponse.schema.ChallengeResponse;
import de.bos_bremen.gov.autent.challengeresponse.schema.ObjectFactory;
import de.bos_bremen.gov.autent.challengeresponse.schema.Response;
import de.bos_bremen.gov.autent.common.XmlPartParser;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.io.PrintWriter;
import java.io.StringWriter;
import java.net.HttpURLConnection;
import java.net.Proxy;
import java.net.URI;
import java.net.URL;
import java.net.URLConnection;
import java.nio.charset.StandardCharsets;
import java.security.AccessController;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.PrivilegedAction;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import java.util.Scanner;
import java.util.UUID;
import java.util.logging.Logger;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManagerFactory;
import javax.xml.bind.JAXBContext;
import javax.xml.bind.JAXBElement;
import javax.xml.bind.JAXBException;
import javax.xml.bind.Marshaller;

/* loaded from: input_file:de/governikus/bea/beaToolkit/autent/ChallengeResponseConnection.class */
public class ChallengeResponseConnection {
    private static final Logger LOG = Logger.getLogger(ChallengeResponseConnection.class.getName());
    private final String sessionId;
    private final URI serverUri;
    private final Proxy proxy;
    private final List<X509Certificate> sslCerts;
    private final boolean sslHostCheck;
    private byte[] challengeValue;
    private String requestedHashOID;
    private String nextSoapRequest;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:de/governikus/bea/beaToolkit/autent/ChallengeResponseConnection$NullHostnameVerifier.class */
    public static class NullHostnameVerifier implements HostnameVerifier {
        NullHostnameVerifier() {
        }

        @Override // javax.net.ssl.HostnameVerifier
        public boolean verify(String str, SSLSession sSLSession) {
            return true;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:de/governikus/bea/beaToolkit/autent/ChallengeResponseConnection$PrivilegedParseAction.class */
    public static class PrivilegedParseAction implements PrivilegedAction<Object> {
        private final InputStream ins;

        PrivilegedParseAction(InputStream inputStream) {
            this.ins = inputStream;
        }

        @Override // java.security.PrivilegedAction
        public Object run() {
            try {
                XmlPartParser xmlPartParser = new XmlPartParser("de.bos_bremen.gov.autent.challengeresponse.schema", getClass().getClassLoader(), "http://www.bos-bremen.de/challengeResponse", new String[]{"challenge"});
                xmlPartParser.parse(this.ins);
                return xmlPartParser.getParsedObject();
            } catch (Exception e) {
                throw new RuntimeException(e);
            }
        }
    }

    public ChallengeResponseConnection(URI uri, String str, List<X509Certificate> list, boolean z, Proxy proxy) {
        this.serverUri = uri;
        this.sessionId = str;
        this.sslCerts = list;
        this.sslHostCheck = z;
        this.proxy = proxy;
    }

    public static String readFromStream(InputStream inputStream) {
        Scanner scanner = new Scanner(inputStream, StandardCharsets.UTF_8.name());
        Throwable th = null;
        try {
            try {
                String next = scanner.useDelimiter("\\A").next();
                if (scanner != null) {
                    if (0 != 0) {
                        try {
                            scanner.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        scanner.close();
                    }
                }
                return next;
            } finally {
            }
        } catch (Throwable th3) {
            if (scanner != null) {
                if (th != null) {
                    try {
                        scanner.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    scanner.close();
                }
            }
            throw th3;
        }
    }

    private static SSLSocketFactory getSSLFactory(List<X509Certificate> list) throws GeneralSecurityException, IOException {
        SSLContext sSLContext = SSLContext.getInstance("TLS");
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        KeyStore keyStore = KeyStore.getInstance("jks");
        keyStore.load((InputStream) null, (char[]) null);
        for (int i = 0; i < list.size(); i++) {
            keyStore.setCertificateEntry("alias" + i, list.get(i));
        }
        trustManagerFactory.init(keyStore);
        sSLContext.init((KeyManager[]) null, trustManagerFactory.getTrustManagers(), new SecureRandom());
        return sSLContext.getSocketFactory();
    }

    public synchronized byte[] getChallengeValue() throws IOException {
        if (this.challengeValue == null) {
            getChallenge();
        }
        return this.challengeValue;
    }

    public String getRequestedHashOID() {
        return this.requestedHashOID;
    }

    public boolean sendResponse(byte[] bArr, String str, Collection<X509Certificate> collection, Collection<Certificate> collection2) throws IOException, CertificateEncodingException, JAXBException {
        ObjectFactory objectFactory = new ObjectFactory();
        ChallengeResponse createChallengeResponse = objectFactory.createChallengeResponse();
        Response createResponse = objectFactory.createResponse();
        createResponse.setHashOID(str);
        createResponse.setRawSignature(bArr);
        Iterator<X509Certificate> it = collection.iterator();
        while (it.hasNext()) {
            createResponse.getCertificate().add(it.next().getEncoded());
        }
        Iterator<Certificate> it2 = collection2.iterator();
        while (it2.hasNext()) {
            createResponse.getAttributeCertificate().add(it2.next().getEncoded());
        }
        createChallengeResponse.setReturn(createResponse);
        StringWriter stringWriter = new StringWriter();
        PrintWriter printWriter = new PrintWriter(stringWriter);
        Marshaller createMarshaller = JAXBContext.newInstance("de.bos_bremen.gov.autent.challengeresponse.schema", objectFactory.getClass().getClassLoader()).createMarshaller();
        printWriter.println("<soap:Envelope xmlns:soap=\"http://schemas.xmlsoap.org/soap/envelope/\">");
        printWriter.println("   <soap:Header>");
        printWriter.println("      <sb:Correlation xmlns:sb=\"http://urn:liberty:sb:2003-08\"");
        printWriter.println("         messageID=\"" + UUID.randomUUID().toString() + "\"");
        printWriter.println("         refToMessageID=\"" + this.sessionId + "\"/>");
        printWriter.println("   </soap:Header>");
        printWriter.println("   <soap:Body>");
        createMarshaller.marshal(objectFactory.createChallengeResponse(createChallengeResponse), printWriter);
        printWriter.println("   </soap:Body>");
        printWriter.println("</soap:Envelope>");
        return callPaos("<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>" + stringWriter.toString().replace("<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>", "")).startsWith("no_more_questions");
    }

    public String getSoapRequest() throws IOException {
        if (this.nextSoapRequest == null) {
            callPaos((String) null);
        }
        String str = this.nextSoapRequest;
        this.nextSoapRequest = null;
        return str;
    }

    public boolean sendResponse(String str) throws IOException {
        return callPaos(str).startsWith("no_more_questions");
    }

    private void getChallenge() throws IOException {
        String callPaos = callPaos((String) null);
        if (callPaos != null) {
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(callPaos.getBytes(StandardCharsets.UTF_8));
            Throwable th = null;
            try {
                try {
                    Object doPrivileged = AccessController.doPrivileged(new PrivilegedParseAction(byteArrayInputStream));
                    if (byteArrayInputStream != null) {
                        if (0 != 0) {
                            try {
                                byteArrayInputStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            byteArrayInputStream.close();
                        }
                    }
                    if (doPrivileged instanceof JAXBElement) {
                        doPrivileged = ((JAXBElement) doPrivileged).getValue();
                    }
                    if (doPrivileged instanceof Challenge) {
                        Challenge challenge = (Challenge) doPrivileged;
                        this.challengeValue = challenge.getValue();
                        this.requestedHashOID = challenge.getHashOID();
                    } else {
                        StringBuilder sb = new StringBuilder(50);
                        sb.append("invalid server response: ");
                        sb.append(callPaos);
                        if (doPrivileged != null) {
                            sb.append(" --> ");
                            sb.append(doPrivileged.getClass().getName());
                        }
                        throw new IOException(sb.toString());
                    }
                } catch (Throwable th3) {
                    th = th3;
                    throw th3;
                }
            } catch (Throwable th4) {
                if (byteArrayInputStream != null) {
                    if (th != null) {
                        try {
                            byteArrayInputStream.close();
                        } catch (Throwable th5) {
                            th.addSuppressed(th5);
                        }
                    } else {
                        byteArrayInputStream.close();
                    }
                }
                throw th4;
            }
        }
    }

    String callPaos(String str) throws IOException {
        try {
            URL url = this.serverUri.toURL();
            URLConnection openConnection = this.proxy == null ? url.openConnection() : url.openConnection(this.proxy);
            if (openConnection instanceof HttpsURLConnection) {
                HttpsURLConnection httpsURLConnection = (HttpsURLConnection) openConnection;
                if (this.sslCerts != null && !this.sslCerts.isEmpty()) {
                    httpsURLConnection.setSSLSocketFactory(getSSLFactory(this.sslCerts));
                }
                if (!this.sslHostCheck) {
                    httpsURLConnection.setHostnameVerifier(new NullHostnameVerifier());
                }
            }
            if (!(openConnection instanceof HttpURLConnection)) {
                throw new IOException("the url: " + this.serverUri + " is not a http url");
            }
            HttpURLConnection httpURLConnection = (HttpURLConnection) openConnection;
            httpURLConnection.addRequestProperty("accept", "text/html; application/vnd.paos+xml");
            httpURLConnection.addRequestProperty("PAOS", "ver=\"urn:liberty:paos:2003-08\"; \"urn:liberty:id-sys-pp:2003-08\", \"urn:liberty:id-sys-pp:demographics\"");
            httpURLConnection.addRequestProperty("requestID", this.sessionId);
            if (str != null) {
                LOG.info("<" + this.sessionId + "> send Soap Request : " + str);
                httpURLConnection.setDoOutput(true);
                OutputStream outputStream = httpURLConnection.getOutputStream();
                Throwable th = null;
                try {
                    try {
                        outputStream.write(str.getBytes(StandardCharsets.UTF_8));
                        if (outputStream != null) {
                            if (0 != 0) {
                                try {
                                    outputStream.close();
                                } catch (Throwable th2) {
                                    th.addSuppressed(th2);
                                }
                            } else {
                                outputStream.close();
                            }
                        }
                    } finally {
                    }
                } finally {
                }
            } else {
                LOG.info("<" + this.sessionId + "> send Soap Request without content");
                httpURLConnection.setRequestMethod("POST");
            }
            String readFromStream = readFromStream(httpURLConnection.getInputStream());
            if (readFromStream.contains("soap:Envelope>")) {
                this.nextSoapRequest = readFromStream;
            }
            LOG.info("received Soap Result: " + readFromStream);
            return readFromStream;
        } catch (GeneralSecurityException e) {
            throw new IOException("can not create ssl factory with given cert", e);
        }
    }
}
