package de.impfdoc.impfzert.eu;

import com.fasterxml.jackson.databind.DeserializationFeature;
import com.fasterxml.jackson.databind.ObjectMapper;
import de.impfdoc.impfzert.api.ImpfZertException;
import de.impfdoc.impfzert.eu.data.AuthLink;
import de.impfdoc.impfzert.eu.data.Challenge;
import de.impfdoc.impfzert.eu.data.Token;
import de.impfdoc.impfzert.eu.json.CertificationData;
import de.impfdoc.impfzert.model.ImpfZert;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.net.SocketTimeoutException;
import java.net.URI;
import java.net.URISyntaxException;
import java.nio.charset.StandardCharsets;
import java.security.SecureRandom;
import java.util.Arrays;
import java.util.Base64;
import java.util.stream.Collectors;
import org.apache.commons.io.IOUtils;
import org.apache.http.Header;
import org.apache.http.HttpResponse;
import org.apache.http.client.HttpClient;
import org.apache.http.client.config.RequestConfig;
import org.apache.http.client.methods.HttpUriRequest;
import org.apache.http.client.methods.RequestBuilder;
import org.apache.http.client.utils.HttpClientUtils;
import org.apache.http.entity.StringEntity;
import org.apache.http.impl.client.HttpClientBuilder;
import org.jetbrains.annotations.NotNull;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:de/impfdoc/impfzert/eu/EuCertService.class */
public class EuCertService {
    private final EuImpfZertConfiguration euImpfZertConfiguration;

    @NotNull
    private final Logger log = LoggerFactory.getLogger(getClass());

    @NotNull
    private final ObjectMapper mapper = new ObjectMapper().configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false);

    @NotNull
    private final SecureRandom random = new SecureRandom();
    private final HttpClient client = HttpClientBuilder.create().build();

    public EuCertService(@NotNull EuImpfZertConfiguration euImpfZertConfiguration) {
        this.euImpfZertConfiguration = euImpfZertConfiguration;
    }

    public boolean checkIfServiceIsAvailable(@NotNull String str) {
        this.log.info("check if service is available at " + str);
        HttpResponse httpResponse = null;
        try {
            try {
                httpResponse = this.client.execute(RequestBuilder.get(str).setConfig(RequestConfig.custom().setConnectTimeout(3000).setSocketTimeout(3000).setConnectionRequestTimeout(3000).build()).build());
                HttpClientUtils.closeQuietly(httpResponse);
                return true;
            } catch (Throwable th) {
                this.log.error(th.toString(), th);
                HttpClientUtils.closeQuietly(httpResponse);
                return false;
            }
        } catch (Throwable th2) {
            HttpClientUtils.closeQuietly(httpResponse);
            throw th2;
        }
    }

    @NotNull
    public Challenge getChallenge() throws IOException {
        if (!checkIfServiceIsAvailable(this.euImpfZertConfiguration.getServerUrl()) || !checkIfServiceIsAvailable(this.euImpfZertConfiguration.getIssuerUrl())) {
            throw new ImpfZertException(ImpfZertException.Type.NoConnection, "Entschuldigung! Der Server zur Ausstellung der EU-Zertifikate kann nicht erreicht werden. Wahrscheinlich ist die entsprechende Route nicht gesetzt oder die Einstellungen für den TI-Konnektor sind nicht korrekt.Bitte überprüfen Sie ob die Route gesetzt ist und Ihre TI-Einstellungen korrekt sind. Falls Sie unsicher sind, wenden Sie sich bitte an Ihren IT-Administrator. Falls alle Einstellungen korrekt sind, probieren Sie es bitte später nochmals.", null);
        }
        String randomDigitString = randomDigitString(30);
        HttpUriRequest build = RequestBuilder.get(String.format("%s/auth/realms/%s/protocol/openid-connect/auth", this.euImpfZertConfiguration.getServerUrl(), this.euImpfZertConfiguration.getRealm())).addParameter("redirect_uri", "connector://authenticated").addParameter("response_type", "code").addParameter("scope", "openid").addParameter("client_id", this.euImpfZertConfiguration.getClientId()).addParameter("nonce", randomDigitString).build();
        this.log.debug("getChallenge with nonce {} from {}", randomDigitString, build.getURI());
        try {
            HttpResponse execute = this.client.execute(build);
            if (execute.getStatusLine().getStatusCode() != 200) {
                throw new ImpfZertException(ImpfZertException.Type.ChallengeError, String.format("GetChallenge to %s failed with error %d and message %s", build.getURI(), Integer.valueOf(execute.getStatusLine().getStatusCode()), IOUtils.toString(execute.getEntity().getContent(), StandardCharsets.UTF_8)), null);
            }
            this.log.debug("request suceeded");
            Challenge challenge = new Challenge(execute.getFirstHeader("X-Auth-Challenge").getValue(), execute.getFirstHeader("Location").getValue());
            this.log.debug(challenge.toString());
            HttpClientUtils.closeQuietly(execute);
            return challenge;
        } catch (Throwable th) {
            HttpClientUtils.closeQuietly((HttpResponse) null);
            throw th;
        }
    }

    @NotNull
    public AuthLink submitSignedChallenge(@NotNull Challenge challenge, @NotNull byte[] bArr, @NotNull byte[] bArr2) throws IOException, URISyntaxException {
        HttpUriRequest build = RequestBuilder.get(challenge.getLocation()).addHeader("x-auth-signed-challenge", Base64.getEncoder().encodeToString(bArr)).addHeader("x-auth-certificate", Base64.getEncoder().encodeToString(bArr2)).setConfig(RequestConfig.custom().setRedirectsEnabled(false).build()).build();
        try {
            try {
                HttpResponse execute = this.client.execute(build);
                if (execute.getStatusLine().getStatusCode() != 302) {
                    throw new ImpfZertException(ImpfZertException.Type.ChallengeError, String.format("SubmitSignedChallenge to %s failed with error %d and message %s", build.getURI(), Integer.valueOf(execute.getStatusLine().getStatusCode()), IOUtils.toString(execute.getEntity().getContent(), StandardCharsets.UTF_8)), null);
                }
                this.log.debug("request suceeded");
                AuthLink authLink = new AuthLink(new URI(((Header) Arrays.stream(execute.getHeaders("Location")).findFirst().orElseThrow(() -> {
                    return new ImpfZertException(ImpfZertException.Type.ChallengeError, "no location found in AuthLink", null);
                })).getValue()));
                HttpClientUtils.closeQuietly(execute);
                return authLink;
            } catch (SocketTimeoutException e) {
                throw new ImpfZertException(ImpfZertException.Type.ServiceUnavailable, "Der Server zur Ausstellung der EU-Zertifikaten antwortet nicht. Eventuell ist dieser überlastet oder es gibt eine Störung im Netzwerk. Bitte versuchen Sie es später noch einmal.", e);
            }
        } catch (Throwable th) {
            HttpClientUtils.closeQuietly((HttpResponse) null);
            throw th;
        }
    }

    @NotNull
    public Token tokenExchange(@NotNull AuthLink authLink) throws IOException {
        HttpUriRequest build = RequestBuilder.post(String.format("%s/auth/realms/%s/protocol/openid-connect/token", this.euImpfZertConfiguration.getServerUrl(), this.euImpfZertConfiguration.getRealm())).addParameter("grant_type", "authorization_code").addParameter("redirect_uri", "connector://authenticated").addParameter("client_id", this.euImpfZertConfiguration.getClientId()).addParameter("session_state", authLink.getSessionState()).addParameter("code", authLink.getCode()).addHeader("Content-Type", "application/x-www-form-urlencoded").build();
        try {
            HttpResponse execute = this.client.execute(build);
            if (execute.getStatusLine().getStatusCode() != 200) {
                throw new ImpfZertException(ImpfZertException.Type.ChallengeError, String.format("tokenExchange to %s failed with error %d and message %s", build.getURI(), Integer.valueOf(execute.getStatusLine().getStatusCode()), IOUtils.toString(execute.getEntity().getContent(), StandardCharsets.UTF_8)), null);
            }
            this.log.debug("request suceeded");
            Token token = (Token) this.mapper.readerFor(Token.class).readValue(IOUtils.toString(execute.getEntity().getContent(), StandardCharsets.UTF_8));
            HttpClientUtils.closeQuietly(execute);
            return token;
        } catch (Throwable th) {
            HttpClientUtils.closeQuietly((HttpResponse) null);
            throw th;
        }
    }

    @NotNull
    public Token refreshToken(@NotNull Token token) throws IOException {
        HttpUriRequest build = RequestBuilder.post(String.format("%s/auth/realms/%s/protocol/openid-connect/token", this.euImpfZertConfiguration.getServerUrl(), this.euImpfZertConfiguration.getRealm())).addParameter("grant_type", "refresh_token").addParameter("refresh_token", token.getRefreshToken()).addParameter("redirect_uri", "connector://authenticated").addParameter("client_id", this.euImpfZertConfiguration.getClientId()).addHeader("Content-Type", "application/x-www-form-urlencoded").build();
        try {
            HttpResponse execute = this.client.execute(build);
            if (execute.getStatusLine().getStatusCode() != 200) {
                throw new ImpfZertException(ImpfZertException.Type.ChallengeError, String.format("tokenExchange to %s failed with error %d and message %s", build.getURI(), Integer.valueOf(execute.getStatusLine().getStatusCode()), IOUtils.toString(execute.getEntity().getContent(), StandardCharsets.UTF_8)), null);
            }
            this.log.debug("request suceeded");
            Token token2 = (Token) this.mapper.readerFor(Token.class).readValue(IOUtils.toString(execute.getEntity().getContent(), StandardCharsets.UTF_8));
            HttpClientUtils.closeQuietly(execute);
            return token2;
        } catch (Throwable th) {
            HttpClientUtils.closeQuietly((HttpResponse) null);
            throw th;
        }
    }

    @NotNull
    public ImpfZert getPdf(@NotNull Token token, @NotNull CertificationData certificationData) throws IOException {
        String writeValueAsString = this.mapper.writeValueAsString(certificationData);
        this.log.debug("JSON is: " + writeValueAsString);
        HttpUriRequest build = RequestBuilder.post(this.euImpfZertConfiguration.getIssuerUrl()).addHeader("Authorization", "Bearer " + token.getAccessToken()).addHeader("Accept", "application/pdf").addHeader("Content-Type", "application/vnd.dgc.v1+json").setEntity(new StringEntity(writeValueAsString, StandardCharsets.UTF_8)).build();
        try {
            HttpResponse execute = this.client.execute(build);
            if (execute.getStatusLine().getStatusCode() != 200) {
                throw new ImpfZertException(ImpfZertException.Type.ChallengeError, String.format("tokenExchange to %s failed with error %d and message %s", build.getURI(), Integer.valueOf(execute.getStatusLine().getStatusCode()), IOUtils.toString(execute.getEntity().getContent(), StandardCharsets.UTF_8)), null);
            }
            this.log.debug("request suceeded");
            ImpfZert impfZert = new ImpfZert(new ByteArrayInputStream(IOUtils.toByteArray(execute.getEntity().getContent())), null);
            HttpClientUtils.closeQuietly(execute);
            return impfZert;
        } catch (Throwable th) {
            HttpClientUtils.closeQuietly((HttpResponse) null);
            throw th;
        }
    }

    private String randomDigitString(int i) {
        return (String) this.random.ints(0L, 10, i).mapToObj(Integer::toString).collect(Collectors.joining());
    }
}
