package de.impfsoft.ticonnector;

import com.google.common.hash.Hashing;
import de.impfsoft.ticonnector.TIConnectorConfiguration;
import de.impfsoft.ticonnector.utils.ResourceEnumerator;
import java.io.InputStream;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Base64;
import java.util.Collections;
import java.util.Enumeration;
import java.util.List;
import javax.net.ssl.SSLContext;
import org.apache.http.auth.UsernamePasswordCredentials;
import org.apache.http.client.config.RequestConfig;
import org.apache.http.conn.ssl.NoopHostnameVerifier;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.message.BasicHeader;
import org.apache.http.ssl.SSLContextBuilder;
import org.apache.http.ssl.SSLContexts;
import org.apache.http.ssl.TrustStrategy;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:de/impfsoft/ticonnector/TiConnectorHttpClientProvider.class */
public class TiConnectorHttpClientProvider {

    @NotNull
    private final Logger log = LoggerFactory.getLogger(getClass());

    @Nullable
    private CloseableHttpClient client = null;

    @NotNull
    private String lastKeystoreHash = "";

    @NotNull
    private String lastConfigurationHash = "";
    private final KeyStore keyStore = KeyStore.getInstance("PKCS12");

    public TiConnectorHttpClientProvider(boolean z) throws KeyStoreException {
        InputStream newInputStream;
        InputStream newInputStream2;
        try {
            this.keyStore.load(null, "1234".toCharArray());
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            ResourceEnumerator findResources = ResourceEnumerator.findResources("/ticerts/");
            try {
                for (Path path : findResources.getFiles()) {
                    if (!Files.isDirectory(path, new LinkOption[0])) {
                        LoggerFactory.getLogger(getClass()).info("Loading ti-certs " + path.getFileName());
                        try {
                            newInputStream2 = Files.newInputStream(path, new OpenOption[0]);
                        } catch (Throwable th) {
                            LoggerFactory.getLogger(getClass()).error(th.toString());
                        }
                        try {
                            this.keyStore.setCertificateEntry(path.getFileName().toString(), (X509Certificate) certificateFactory.generateCertificate(newInputStream2));
                            if (newInputStream2 != null) {
                                newInputStream2.close();
                            }
                        } catch (Throwable th2) {
                            if (newInputStream2 != null) {
                                try {
                                    newInputStream2.close();
                                } catch (Throwable th3) {
                                    th2.addSuppressed(th3);
                                }
                            }
                            throw th2;
                            break;
                        }
                    }
                }
                if (findResources != null) {
                    findResources.close();
                }
                if (z) {
                    findResources = ResourceEnumerator.findResources("/dev_ticerts/");
                    try {
                        for (Path path2 : findResources.getFiles()) {
                            if (!Files.isDirectory(path2, new LinkOption[0])) {
                                LoggerFactory.getLogger(getClass()).info("Loading ti-certs " + path2.getFileName());
                                try {
                                    newInputStream = Files.newInputStream(path2, new OpenOption[0]);
                                } catch (Throwable th4) {
                                    LoggerFactory.getLogger(getClass()).error(th4.toString());
                                }
                                try {
                                    this.keyStore.setCertificateEntry(path2.getFileName().toString(), (X509Certificate) certificateFactory.generateCertificate(newInputStream));
                                    if (newInputStream != null) {
                                        newInputStream.close();
                                    }
                                } catch (Throwable th5) {
                                    if (newInputStream != null) {
                                        try {
                                            newInputStream.close();
                                        } catch (Throwable th6) {
                                            th5.addSuppressed(th6);
                                        }
                                    }
                                    throw th5;
                                    break;
                                }
                            }
                        }
                        if (findResources != null) {
                            findResources.close();
                        }
                    } finally {
                        if (findResources != null) {
                            try {
                                findResources.close();
                            } catch (Throwable th7) {
                                th.addSuppressed(th7);
                            }
                        }
                    }
                }
            } catch (Throwable th8) {
                throw th8;
            }
        } catch (Throwable th9) {
            LoggerFactory.getLogger(getClass()).error(th9.toString(), th9);
        }
    }

    @NotNull
    public synchronized CloseableHttpClient getHttpClient(@NotNull TIConnectorConfiguration tIConnectorConfiguration) throws KeyStoreException, NoSuchAlgorithmException, KeyManagementException, UnrecoverableKeyException {
        RequestConfig build = RequestConfig.custom().setConnectTimeout(5000).setConnectionRequestTimeout(60000).setSocketTimeout(60000).build();
        KeyStore trustedCertificates = tIConnectorConfiguration.getTrustedCertificates();
        TIConnectorConfiguration.ClientCertificate orElse = tIConnectorConfiguration.getClientCertificate().orElse(null);
        KeyStore clientCertificate = orElse != null ? orElse.getClientCertificate() : null;
        char[] privateKeyPassword = orElse != null ? orElse.getPrivateKeyPassword() : null;
        ArrayList arrayList = new ArrayList();
        arrayList.add(trustedCertificates);
        if (clientCertificate != null) {
            arrayList.add(clientCertificate);
        }
        String hashKeystore = hashKeystore(arrayList);
        String hashConfiguration = hashConfiguration(tIConnectorConfiguration);
        if ((this.client != null && hashKeystore.equals(this.lastKeystoreHash) && hashConfiguration.equals(this.lastConfigurationHash)) ? false : true) {
            this.log.info("Create new HttpClient");
            SSLContextBuilder custom = SSLContexts.custom();
            if (trustedCertificates != null && trustedCertificates.size() > 0) {
                for (String str : Collections.list(trustedCertificates.aliases())) {
                    if (trustedCertificates.isCertificateEntry(str)) {
                        Certificate certificate = trustedCertificates.getCertificate(str);
                        String str2 = "custom_" + str;
                        this.log.info("copy certificate with alias " + str + " from trusted keystore");
                        if (this.keyStore.containsAlias(str2)) {
                            this.log.info("replace existing entry for alias " + str2);
                            this.keyStore.deleteEntry(str2);
                        }
                        this.keyStore.setCertificateEntry(str2, certificate);
                    }
                }
            }
            if (this.keyStore.size() > 0) {
                this.log.info("creating Keystore with the following certificates:");
                Enumeration<String> aliases = this.keyStore.aliases();
                while (aliases.hasMoreElements()) {
                    String nextElement = aliases.nextElement();
                    Certificate certificate2 = this.keyStore.getCertificate(nextElement);
                    if (certificate2 == null) {
                        this.log.warn("certificate for alias " + nextElement + " is null!");
                    } else if (certificate2 instanceof X509Certificate) {
                        this.log.info(((X509Certificate) certificate2).getSubjectDN().getName());
                    } else {
                        this.log.warn("certificate for alias " + nextElement + " is not an X509Certificate");
                    }
                }
                custom = custom.loadTrustMaterial(this.keyStore, (TrustStrategy) null);
            }
            if (clientCertificate != null && clientCertificate.size() > 0) {
                custom = custom.loadKeyMaterial(clientCertificate, privateKeyPassword);
            }
            SSLContext build2 = custom.build();
            if (this.client != null) {
                try {
                    this.client.close();
                } catch (Throwable th) {
                    this.log.error(th.toString(), th);
                }
            }
            this.lastKeystoreHash = hashKeystore;
            this.lastConfigurationHash = hashConfiguration;
            UsernamePasswordCredentials orElse2 = tIConnectorConfiguration.getCredentials().orElse(null);
            this.client = HttpClientBuilder.create().setSSLHostnameVerifier(new NoopHostnameVerifier()).setSSLContext(build2).setDefaultHeaders(orElse2 != null ? Collections.singletonList(new BasicHeader("Authorization", "Basic " + new String(Base64.getEncoder().encode(String.format("%s:%s", orElse2.getUserName(), orElse2.getPassword()).getBytes(StandardCharsets.UTF_8)), StandardCharsets.UTF_8))) : Collections.emptyList()).setDefaultRequestConfig(build).build();
        }
        return this.client;
    }

    @NotNull
    private String hashKeystore(@NotNull List<KeyStore> list) {
        String str = "";
        try {
            for (KeyStore keyStore : list) {
                if (keyStore != null) {
                    Enumeration<String> aliases = keyStore.aliases();
                    while (aliases.hasMoreElements()) {
                        try {
                            str = str + Hashing.md5().hashBytes(keyStore.getCertificate(aliases.nextElement()).getEncoded()).toString();
                        } catch (Throwable th) {
                        }
                    }
                }
            }
        } catch (Throwable th2) {
        }
        return str;
    }

    @NotNull
    private String hashConfiguration(@NotNull TIConnectorConfiguration tIConnectorConfiguration) {
        return Hashing.md5().hashBytes((tIConnectorConfiguration.getUri().toString() + ((String) tIConnectorConfiguration.getCredentials().map(usernamePasswordCredentials -> {
            return usernamePasswordCredentials.getUserName() + usernamePasswordCredentials.getPassword();
        }).orElse(""))).getBytes(StandardCharsets.UTF_8)).toString();
    }
}
