package de.governikus.signer.toolbox.remotesigning;

import com.fasterxml.jackson.databind.DeserializationFeature;
import com.fasterxml.jackson.databind.ObjectMapper;
import java.net.URI;
import java.net.http.HttpClient;
import java.net.http.HttpRequest;
import java.net.http.HttpResponse;
import java.security.PublicKey;
import java.util.Arrays;
import java.util.Base64;
import java.util.List;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;

/* loaded from: input_file:de/governikus/signer/toolbox/remotesigning/Remote.class */
public class Remote {
    private static final Logger LOG = LogManager.getLogger(Remote.class);
    private static final ObjectMapper json = new ObjectMapper().disable(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES);

    /* loaded from: input_file:de/governikus/signer/toolbox/remotesigning/Remote$TokenAugmentationRequest.class */
    private static class TokenAugmentationRequest {
        byte[] idToken;
        byte[] sadPublicKey;

        public byte[] getIdToken() {
            return this.idToken;
        }

        public byte[] getSadPublicKey() {
            return this.sadPublicKey;
        }

        public void setIdToken(byte[] bArr) {
            this.idToken = bArr;
        }

        public void setSadPublicKey(byte[] bArr) {
            this.sadPublicKey = bArr;
        }

        public boolean equals(Object obj) {
            if (obj == this) {
                return true;
            }
            if (!(obj instanceof TokenAugmentationRequest)) {
                return false;
            }
            TokenAugmentationRequest tokenAugmentationRequest = (TokenAugmentationRequest) obj;
            return tokenAugmentationRequest.canEqual(this) && Arrays.equals(getIdToken(), tokenAugmentationRequest.getIdToken()) && Arrays.equals(getSadPublicKey(), tokenAugmentationRequest.getSadPublicKey());
        }

        protected boolean canEqual(Object obj) {
            return obj instanceof TokenAugmentationRequest;
        }

        public int hashCode() {
            return (((1 * 59) + Arrays.hashCode(getIdToken())) * 59) + Arrays.hashCode(getSadPublicKey());
        }

        public String toString() {
            return "Remote.TokenAugmentationRequest(idToken=" + Arrays.toString(getIdToken()) + ", sadPublicKey=" + Arrays.toString(getSadPublicKey()) + ")";
        }

        public TokenAugmentationRequest() {
        }

        public TokenAugmentationRequest(byte[] bArr, byte[] bArr2) {
            this.idToken = bArr;
            this.sadPublicKey = bArr2;
        }
    }

    private Remote() {
    }

    public static List<RemoteSignatureKeyJson> listKeys(URI uri, String str, byte[] bArr, HttpClient httpClient) {
        try {
            URI normalize = URI.create(uri + "/resources/certificates?application=RemoteSignature&uuid=" + str).normalize();
            HttpResponse send = httpClient.send(HttpRequest.newBuilder(normalize).header("Authorization", "Bearer " + Base64.getEncoder().encodeToString(bArr)).GET().build(), HttpResponse.BodyHandlers.ofByteArray());
            if (send.statusCode() != 200) {
                throw new RemoteSignatureException(String.format("Remote.listKeys(%s) call response code %d response body %s", normalize, Integer.valueOf(send.statusCode()), send.body() != null ? Base64.getEncoder().encodeToString((byte[]) send.body()) : null));
            }
            LOG.debug("Remote.listKeys({}) call response code {}", normalize, Integer.valueOf(send.statusCode()));
            return List.of((Object[]) json.readValue((byte[]) send.body(), RemoteSignatureKeyJson[].class));
        } catch (InterruptedException e) {
            LOG.error(() -> {
                return String.format("Remote.listKeys(%s) interrupted", uri);
            }, e);
            Thread.currentThread().interrupt();
            throw new RemoteSignatureException("interrupted list-keys", e);
        } catch (Exception e2) {
            LOG.error(() -> {
                return String.format("Remote.listKeys(%s) interrupted", uri);
            }, e2);
            throw new RemoteSignatureException("failed to list keys", e2);
        }
    }

    public static byte[] augmentToken(URI uri, PublicKey publicKey, byte[] bArr, HttpClient httpClient) {
        try {
            HttpResponse send = httpClient.send(HttpRequest.newBuilder(uri).header("Content-Type", "application/json").header("Accept", "application/octet-stream").POST(HttpRequest.BodyPublishers.ofByteArray(json.writeValueAsBytes(new TokenAugmentationRequest(bArr, publicKey.getEncoded())))).build(), HttpResponse.BodyHandlers.ofByteArray());
            if (send.statusCode() != 200) {
                throw new RemoteSignatureException(String.format("Remote.augmentToken(%s) call response code %d response body %s", uri, Integer.valueOf(send.statusCode()), send.body() != null ? Base64.getEncoder().encodeToString((byte[]) send.body()) : null));
            }
            LOG.debug("Remote.augmentToken(uri={}, pk={}) call response code {}", uri, publicKey, Integer.valueOf(send.statusCode()));
            return (byte[]) send.body();
        } catch (InterruptedException e) {
            LOG.error(() -> {
                return String.format("Remote.augmentToken(uri=%s, pk=%s) interrupted", uri, publicKey);
            }, e);
            Thread.currentThread().interrupt();
            throw new RemoteSignatureException("interrupted token augmentation", e);
        } catch (Exception e2) {
            LOG.error(() -> {
                return String.format("Remote.augmentToken(uri=%s, pk=%s) failed", uri, publicKey);
            }, e2);
            throw new RemoteSignatureException("failed to augment token with SAD public key", e2);
        }
    }

    public static List<byte[]> remoteSign(URI uri, byte[] bArr, HttpClient httpClient) {
        try {
            HttpResponse send = httpClient.send(HttpRequest.newBuilder(uri).header("Content-Type", "application/octet-stream").header("Accept", "application/json").POST(HttpRequest.BodyPublishers.ofByteArray(bArr)).build(), HttpResponse.BodyHandlers.ofByteArray());
            if (send.statusCode() != 200) {
                throw new RemoteSignatureException(String.format("Remote.remoteSign(uri=%s) call response code %d response body %s", uri, Integer.valueOf(send.statusCode()), send.body() != null ? Base64.getEncoder().encodeToString((byte[]) send.body()) : null));
            }
            LOG.debug("Remote.remoteSign(uri={}) call response code {}", uri, Integer.valueOf(send.statusCode()));
            return List.of((Object[]) json.readValue((byte[]) send.body(), byte[][].class));
        } catch (InterruptedException e) {
            LOG.error(() -> {
                return String.format("Remote.remoteSign(uri=%s) interrupted", uri);
            }, e);
            Thread.currentThread().interrupt();
            throw new RemoteSignatureException("interrupted signature operation", e);
        } catch (Exception e2) {
            LOG.error(() -> {
                return String.format("Remote.remoteSign(uri=%s) failed", uri);
            }, e2);
            throw new RemoteSignatureException("failed to send remote signature request", e2);
        }
    }
}
