package de.governikus.signer.toolbox.remotesigning;

import java.net.URI;
import java.net.http.HttpClient;
import java.net.http.HttpRequest;
import java.net.http.HttpResponse;
import java.util.Base64;
import javax.net.ssl.SSLContext;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;

/* loaded from: input_file:de/governikus/signer/toolbox/remotesigning/IdProvider.class */
public class IdProvider {
    private final Logger log = LogManager.getLogger(getClass());
    private final URI idpUrl;
    private HttpClient httpClient;

    public RemoteSigner loginForRemoteSignature(SSLContext sSLContext, URI uri) {
        return new RemoteSignatureAPI(URI.create(this.idpUrl + "/id-token/sad").normalize(), uri, this.httpClient).login(authenticate(sSLContext));
    }

    public byte[] authenticate(SSLContext sSLContext) {
        this.httpClient = HttpClient.newBuilder().sslContext(sSLContext).build();
        URI normalize = URI.create(this.idpUrl + "/auth/tls").normalize();
        try {
            HttpResponse send = this.httpClient.send(HttpRequest.newBuilder(normalize).header("Accept", "application/octet-stream").GET().build(), HttpResponse.BodyHandlers.ofByteArray());
            if (send.statusCode() != 200) {
                throw new RemoteSignatureException(String.format("IdProvide.authenticate(%s) response code %d, response body %s", normalize, Integer.valueOf(send.statusCode()), send.body() != null ? Base64.getEncoder().encodeToString((byte[]) send.body()) : null));
            }
            this.log.debug("IdProvide.authenticate({}) response code {}", normalize, Integer.valueOf(send.statusCode()));
            return (byte[]) send.body();
        } catch (InterruptedException e) {
            this.log.error(() -> {
                return String.format("IdProvide.authenticate(%s) interrupted", normalize);
            }, e);
            Thread.currentThread().interrupt();
            throw new RemoteSignatureException(e);
        } catch (Exception e2) {
            this.log.error(() -> {
                return String.format("IdProvide.loginForRemoteSignature(%s) failed", normalize);
            }, e2);
            throw new RemoteSignatureException(e2);
        }
    }

    public IdProvider(URI uri) {
        this.idpUrl = uri;
    }
}
