package de.impfsoft.ticonnector;

import com.google.common.collect.Sets;
import com.google.common.hash.Hashing;
import de.gematik.ws.conn.cardservice.v8.CardInfoType;
import de.gematik.ws.conn.cardservicecommon.v2.CardTypeType;
import de.gematik.ws.conn.cardservicecommon.v2.PinResponseType;
import de.gematik.ws.conn.cardservicecommon.v2.PinResultEnum;
import de.gematik.ws.conn.certificateservice.v6.ReadCardCertificateResponse;
import de.gematik.ws.conn.certificateservicecommon.v2.CertRefEnum;
import de.gematik.ws.conn.certificateservicecommon.v2.X509DataInfoListType;
import de.gematik.ws.conn.eventservice.v7.GetCardsResponse;
import de.gematik.ws.conn.servicedirectory.v3.ConnectorServices;
import de.gematik.ws.conn.signatureservice.v7.ExternalAuthenticateResponse;
import de.gematik.ws.conn.signatureservice.v7.GetJobNumberResponse;
import de.gematik.ws.conn.signatureservice.v7.SignDocumentResponse;
import de.gematik.ws.tel.error.v2.Error;
import de.impfsoft.ticonnector.ConnectorException;
import de.impfsoft.ticonnector.TiEndpoints;
import de.impfsoft.ticonnector.model.ExternalAuthenticateResponeEnvelope;
import de.impfsoft.ticonnector.model.Fault;
import de.impfsoft.ticonnector.model.GetCardsResponeEnvelope;
import de.impfsoft.ticonnector.model.GetJobNumberEnvelope;
import de.impfsoft.ticonnector.model.PinResponseEnvelope;
import de.impfsoft.ticonnector.model.ReadCardCertificateResponseEnvelope;
import de.impfsoft.ticonnector.model.SignDocumentResponeEnvelope;
import de.impfsoft.ticonnector.model.TiVersion;
import de.impfsoft.ticonnector.model.generic.Body;
import de.impfsoft.ticonnector.model.generic.Envelope;
import de.impfsoft.ticonnector.sysconfig.RouteManager;
import de.impfsoft.ticonnector.utils.Utilities;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.lang.reflect.Method;
import java.net.URI;
import java.net.URISyntaxException;
import java.nio.charset.StandardCharsets;
import java.security.KeyManagementException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertPathBuilderException;
import java.util.Arrays;
import java.util.Base64;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
import javax.xml.bind.JAXBContext;
import javax.xml.bind.JAXBException;
import javax.xml.bind.Unmarshaller;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang3.StringEscapeUtils;
import org.apache.commons.lang3.text.translate.CharSequenceTranslator;
import org.apache.commons.lang3.text.translate.NumericEntityEscaper;
import org.apache.http.HttpResponse;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.RequestBuilder;
import org.apache.http.client.utils.HttpClientUtils;
import org.apache.http.entity.StringEntity;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:de/impfsoft/ticonnector/TIConnectorServiceImpl.class */
public class TIConnectorServiceImpl implements TIConnectorService {
    private final TiConnectorHttpClientProvider clientProvider;

    @NotNull
    private final Logger log = LoggerFactory.getLogger(getClass());

    @NotNull
    private final CharSequenceTranslator escaper = StringEscapeUtils.ESCAPE_XML10.with(new CharSequenceTranslator[]{NumericEntityEscaper.between(127, Integer.MAX_VALUE)});
    private final Set<CardTypeType> allowedCardTypes = Sets.newHashSet(new CardTypeType[]{CardTypeType.HBA_Q_SIG, CardTypeType.HBA, CardTypeType.SMC_B, CardTypeType.HB_AX});
    private final TiVersion signingServiceMinVersion = TiVersion.fromNumbers(2, 1, 0);
    private final TiVersion authServiceMinVersion = TiVersion.fromNumbers(2, 1, 0);
    private final TiVersion cardServiceMinVersion = TiVersion.fromNumbers(2, 1, 0);

    @NotNull
    private final RouteManager routeManager = new RouteManager();
    private final Map<String, X509DataInfoListType.X509DataInfo> certCache = new HashMap();

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:de/impfsoft/ticonnector/TIConnectorServiceImpl$DocumentType.class */
    public enum DocumentType {
        PDF("http://uri.etsi.org/02778/3", "application/pdf-a"),
        TEXT_PLAIN("urn:ietf:rfc:5652", "text/plain; charset=utf-8");


        @NotNull
        private final String signatureType;

        @NotNull
        private final String mimeType;

        DocumentType(@NotNull String str, @NotNull String str2) {
            this.signatureType = str;
            this.mimeType = str2;
        }

        @NotNull
        public String getSignatureType() {
            return this.signatureType;
        }

        @NotNull
        public String getMimeType() {
            return this.mimeType;
        }
    }

    public TIConnectorServiceImpl(boolean z) {
        try {
            this.clientProvider = new TiConnectorHttpClientProvider(z);
        } catch (KeyStoreException e) {
            throw new IllegalStateException(e.toString(), e);
        }
    }

    @Override // de.impfsoft.ticonnector.TIConnectorService
    @NotNull
    public Signature signPdfDocument(@NotNull TIConnectorConfiguration tIConnectorConfiguration, @Nullable String str, @NotNull InputStream inputStream) throws ConnectorException {
        return signDocument(tIConnectorConfiguration, DocumentType.PDF, str, inputStream);
    }

    @Override // de.impfsoft.ticonnector.TIConnectorService
    @NotNull
    public Signature signTextDocument(@NotNull TIConnectorConfiguration tIConnectorConfiguration, @Nullable String str, @NotNull InputStream inputStream) throws ConnectorException {
        return signDocument(tIConnectorConfiguration, DocumentType.TEXT_PLAIN, str, inputStream);
    }

    @NotNull
    public Signature signDocument(@NotNull TIConnectorConfiguration tIConnectorConfiguration, @NotNull DocumentType documentType, @Nullable String str, @NotNull InputStream inputStream) throws ConnectorException {
        return signDocumentInternal(tIConnectorConfiguration, documentType, str, inputStream, 0);
    }

    @NotNull
    private Signature signDocumentInternal(@NotNull TIConnectorConfiguration tIConnectorConfiguration, @NotNull DocumentType documentType, @Nullable String str, @NotNull InputStream inputStream, int i) throws ConnectorException {
        if (i >= 3) {
            throw new ConnectorException("Die maximale Anzahl von Pin-Verifikationsversuchen wurde überschritten", ConnectorException.ExceptionType.MAX_TRIES_EXCEEDED);
        }
        TiEndpoints connectorServices = getConnectorServices(tIConnectorConfiguration, this.signingServiceMinVersion);
        CardInfoType orElseThrow = getCards(tIConnectorConfiguration, connectorServices).getCards().getCard().stream().filter(cardInfoType -> {
            return this.allowedCardTypes.contains(cardInfoType.getCardType());
        }).filter(cardInfoType2 -> {
            return str == null || cardInfoType2.getIccsn().equals(str);
        }).findAny().orElseThrow(() -> {
            return new ConnectorException("Im Connector wurde keine passende Karte gefunden!", ConnectorException.ExceptionType.NO_CARD);
        });
        try {
            return new Signature(new ByteArrayInputStream(signDocument(tIConnectorConfiguration, connectorServices, orElseThrow.getCardHandle(), getJobNumber(tIConnectorConfiguration, connectorServices).getJobNumber(), documentType, inputStream).getSignResponse().stream().findAny().orElseThrow(() -> {
                return new ConnectorException("Response is missing in signDocument", ConnectorException.ExceptionType.INTERNAL);
            }).getSignatureObject().getBase64Signature().getValue()), orElseThrow.getCardType());
        } catch (ConnectorException e) {
            if (e.getType() == ConnectorException.ExceptionType.PIN_NEEDS_VERIFICATION && verifyPin(tIConnectorConfiguration, orElseThrow.getIccsn()).getPinResult() == PinResultEnum.OK) {
                return signDocumentInternal(tIConnectorConfiguration, documentType, str, inputStream, i + 1);
            }
            throw e;
        }
    }

    @Override // de.impfsoft.ticonnector.TIConnectorService
    @NotNull
    public GetCardsResponse queryCards(@NotNull TIConnectorConfiguration tIConnectorConfiguration) throws ConnectorException {
        return getCards(tIConnectorConfiguration, getConnectorServices(tIConnectorConfiguration, this.cardServiceMinVersion));
    }

    @NotNull
    public GetCardsResponse getCards(@NotNull TIConnectorConfiguration tIConnectorConfiguration, @NotNull TiEndpoints tiEndpoints) throws ConnectorException {
        TIConnectorContext context = tIConnectorConfiguration.getContext();
        String format = String.format("<?xml version=\"1.0\" ?>\n<soap:Envelope xmlns:soap=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:xsl=\"http://www.w3.org/1999/XSL/Transform\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" xmlns:ZSTI_EventService=\"http://ws.gematik.de/conn/EventService/WSDL/v7.2\" xmlns:ZSTI_EVT=\"http://ws.gematik.de/conn/EventService/v7.2\" xmlns:ZSTI_CONN=\"http://ws.gematik.de/conn/ConnectorCommon/v5.0\" xmlns:ZSTI_GERROR=\"http://ws.gematik.de/tel/error/v2.0\" xmlns:dss=\"urn:oasis:names:tc:dss:1.0:core:schema\" xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\" xmlns:saml=\"urn:oasis:names:tc:SAML:1.0:assertion\" xmlns:ZSTI_CCTX=\"http://ws.gematik.de/conn/ConnectorContext/v2.0\" xmlns:ZSTI_CARD=\"http://ws.gematik.de/conn/CardService/v8.1\" xmlns:ZSTI_CARDCMN=\"http://ws.gematik.de/conn/CardServiceCommon/v2.0\" xmlns:ZSTI_PI=\"http://ws.gematik.de/int/version/ProductInformation/v1.1\" xmlns:ZSTI_CTI=\"http://ws.gematik.de/conn/CardTerminalInfo/v8.0\" xmlns:ZSTI_HSM=\"http://ws.gematik.de/conn/HsmInfo/v8.0\" xsl:version=\"1.0\">\n  <soap:Body>\n    <ZSTI_EVT:GetCards mandant-wide=\"true\">\n      <ZSTI_CCTX:Context>\n        <ZSTI_CONN:MandantId>%s</ZSTI_CONN:MandantId>\n        <ZSTI_CONN:ClientSystemId>%s</ZSTI_CONN:ClientSystemId>\n        <ZSTI_CONN:WorkplaceId>%s</ZSTI_CONN:WorkplaceId>\n      </ZSTI_CCTX:Context>\n    </ZSTI_EVT:GetCards>\n  </soap:Body>\n</soap:Envelope>", this.escaper.translate(context.getMandantId()), this.escaper.translate(context.getClientSystemId()), this.escaper.translate(context.getWorkplaceId()));
        try {
            try {
                try {
                    URI serviceURL = tiEndpoints.getServiceURL(TiEndpoints.TiService.EventService, tIConnectorConfiguration.useTLS());
                    this.log.info("process getCards");
                    this.log.info("Send to {} with body\n{}", serviceURL, format);
                    CloseableHttpResponse execute = this.clientProvider.getHttpClient(tIConnectorConfiguration).execute(RequestBuilder.post(serviceURL).addHeader("Content-Type", "text/xml; charset=utf-8;").addHeader("SOAPAction", "\"http://ws.gematik.de/conn/EventService/v7.2#GetCards\"").addHeader("User-Agent", "wsdl2objc;").setEntity(new StringEntity(format)).build());
                    String iOUtils = IOUtils.toString(execute.getEntity().getContent(), StandardCharsets.UTF_8);
                    this.log.info("Retrieve response: {}\n", iOUtils);
                    if (iOUtils.isEmpty()) {
                        throw makeConnectorEmptyResponseException("Ein unbekannter Fehler ist bei der Abfrage der gesteckten Karten aufgetreten.", execute);
                    }
                    GetCardsResponse getCardsResponse = (GetCardsResponse) unwrapResult((GetCardsResponeEnvelope) JAXBContext.newInstance(new Class[]{GetCardsResponeEnvelope.class}).createUnmarshaller().unmarshal(IOUtils.toInputStream(iOUtils, StandardCharsets.UTF_8)));
                    HttpClientUtils.closeQuietly(execute);
                    this.log.info("finished getCards");
                    return getCardsResponse;
                } catch (ConnectorException e) {
                    throw e;
                }
            } catch (Throwable th) {
                throw convertToConnectorException("Ein unbekannter Fehler ist bei der Abfrage der gesteckten Karten aufgetreten.", null, th);
            }
        } catch (Throwable th2) {
            HttpClientUtils.closeQuietly((HttpResponse) null);
            this.log.info("finished getCards");
            throw th2;
        }
    }

    @NotNull
    public GetJobNumberResponse getJobNumber(@NotNull TIConnectorConfiguration tIConnectorConfiguration, @NotNull TiEndpoints tiEndpoints) {
        TIConnectorContext context = tIConnectorConfiguration.getContext();
        String format = String.format("<?xml version=\"1.0\"?>\n<soap:Envelope xmlns:soap=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:xsl=\"http://www.w3.org/1999/XSL/Transform\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" xmlns:ZSTI_SignatureService=\"http://ws.gematik.de/conn/SignatureService/WSDL/v7.4\" xmlns:ZSTI_SIG=\"http://ws.gematik.de/conn/SignatureService/v7.4\" xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\" xmlns:sp=\"urn:oasis:names:tc:dss-x:1.0:profiles:SignaturePolicy:schema#\" xmlns:xades=\"http://uri.etsi.org/01903/v1.3.2#\" xmlns:dss=\"urn:oasis:names:tc:dss:1.0:core:schema\" xmlns:saml=\"urn:oasis:names:tc:SAML:1.0:assertion\" xmlns:vr=\"urn:oasis:names:tc:dss-x:1.0:profiles:verificationreport:schema#\" xmlns:tsl=\"http://uri.etsi.org/02231/v2#\" xmlns:saml2=\"urn:oasis:names:tc:SAML:2.0:assertion\" xmlns:xenc=\"http://www.w3.org/2001/04/xmlenc#\" xmlns:ZSTI_CERTCMN=\"http://ws.gematik.de/conn/CertificateServiceCommon/v2.0\" xmlns:ZSTI_CONN=\"http://ws.gematik.de/conn/ConnectorCommon/v5.0\" xmlns:ZSTI_GERROR=\"http://ws.gematik.de/tel/error/v2.0\" xmlns:ZSTI_CCTX=\"http://ws.gematik.de/conn/ConnectorContext/v2.0\" xsl:version=\"1.0\">\n  <soap:Body>\n    <ZSTI_SIG:GetJobNumber>\n      <ZSTI_CCTX:Context>\n        <ZSTI_CONN:MandantId>%s</ZSTI_CONN:MandantId>\n        <ZSTI_CONN:ClientSystemId>%s</ZSTI_CONN:ClientSystemId>\n        <ZSTI_CONN:WorkplaceId>%s</ZSTI_CONN:WorkplaceId>\n      </ZSTI_CCTX:Context>\n    </ZSTI_SIG:GetJobNumber>\n  </soap:Body>\n</soap:Envelope>", this.escaper.translate(context.getMandantId()), this.escaper.translate(context.getClientSystemId()), this.escaper.translate(context.getWorkplaceId()));
        try {
            try {
                URI serviceURL = tiEndpoints.getServiceURL(TiEndpoints.TiService.SignatureService, tIConnectorConfiguration.useTLS());
                this.log.info("process getJobNumber");
                this.log.info("Send to {} with body\n{}", serviceURL, format);
                CloseableHttpResponse execute = this.clientProvider.getHttpClient(tIConnectorConfiguration).execute(RequestBuilder.post(serviceURL).addHeader("Content-Type", "text/xml; charset=utf-8;").addHeader("SOAPAction", "\"http://ws.gematik.de/conn/SignatureService/WSDL/v7.4#GetJobNumber\"").addHeader("User-Agent", "wsdl2objc;").setEntity(new StringEntity(format)).build());
                String iOUtils = IOUtils.toString(execute.getEntity().getContent(), StandardCharsets.UTF_8);
                this.log.info("Retrieve response: {}\n", iOUtils);
                if (iOUtils.isEmpty()) {
                    throw makeConnectorEmptyResponseException("Ein unbekannter Fehler ist bei der Anfrage nach eine Jobnumber aufgetreten.", execute);
                }
                GetJobNumberResponse getJobNumberResponse = (GetJobNumberResponse) unwrapResult((GetJobNumberEnvelope) JAXBContext.newInstance(new Class[]{GetJobNumberEnvelope.class}).createUnmarshaller().unmarshal(IOUtils.toInputStream(iOUtils, StandardCharsets.UTF_8)));
                HttpClientUtils.closeQuietly(execute);
                return getJobNumberResponse;
            } catch (ConnectorException e) {
                throw e;
            } catch (Throwable th) {
                throw convertToConnectorException("Ein unbekannter Fehler ist bei der Anfrage nach eine Jobnumber aufgetreten.", null, th);
            }
        } catch (Throwable th2) {
            HttpClientUtils.closeQuietly((HttpResponse) null);
            throw th2;
        }
    }

    @Override // de.impfsoft.ticonnector.TIConnectorService
    @NotNull
    public X509DataInfoListType.X509DataInfo queryCertificateViaCardInfoType(@NotNull TIConnectorConfiguration tIConnectorConfiguration, @NotNull CardInfoType cardInfoType, @Nullable List<CertRefEnum> list) throws ConnectorException {
        return this.certCache.computeIfAbsent(cardInfoType.getIccsn(), str -> {
            return loadCertificateFromCard(tIConnectorConfiguration, cardInfoType, list);
        });
    }

    @Override // de.impfsoft.ticonnector.TIConnectorService
    @NotNull
    public X509DataInfoListType.X509DataInfo queryCertificateViaIccsn(@NotNull TIConnectorConfiguration tIConnectorConfiguration, @Nullable String str, @Nullable List<CertRefEnum> list) throws ConnectorException {
        String orElse = tIConnectorConfiguration.getCardIccsn().orElse(str);
        return queryCertificateViaCardInfoType(tIConnectorConfiguration, getCards(tIConnectorConfiguration, getConnectorServices(tIConnectorConfiguration, this.cardServiceMinVersion)).getCards().getCard().stream().filter(cardInfoType -> {
            return this.allowedCardTypes.contains(cardInfoType.getCardType());
        }).filter(cardInfoType2 -> {
            return orElse == null || cardInfoType2.getIccsn().equals(orElse);
        }).findAny().orElseThrow(() -> {
            return new ConnectorException("Im Connector wurde keine passende Karte gefunden!", ConnectorException.ExceptionType.NO_CARD);
        }), list);
    }

    @NotNull
    private X509DataInfoListType.X509DataInfo loadCertificateFromCard(@NotNull TIConnectorConfiguration tIConnectorConfiguration, @NotNull CardInfoType cardInfoType, @Nullable List<CertRefEnum> list) {
        List list2;
        try {
            TiEndpoints connectorServices = getConnectorServices(tIConnectorConfiguration, this.cardServiceMinVersion);
            if (list == null) {
                switch (cardInfoType.getCardType()) {
                    case SMC_B:
                        list2 = Collections.singletonList(CertRefEnum.C_SIG.value());
                        break;
                    case HBA:
                    case HBA_Q_SIG:
                    case HB_AX:
                        list2 = Arrays.asList(CertRefEnum.C_SIG.value(), CertRefEnum.C_QES.value());
                        break;
                    default:
                        throw new ConnectorException("Kartentyp " + cardInfoType.getCardType() + " wird nicht unterstützt!", ConnectorException.ExceptionType.UNKNOWN);
                }
            } else {
                list2 = (List) list.stream().map((v0) -> {
                    return v0.value();
                }).collect(Collectors.toList());
            }
            Throwable th = null;
            Iterator it = list2.iterator();
            while (it.hasNext()) {
                try {
                    return tryToLoadCertificate(tIConnectorConfiguration, connectorServices, cardInfoType, (String) it.next());
                } catch (Throwable th2) {
                    th = th2;
                }
            }
            if (th != null) {
                throw th;
            }
            throw new IllegalStateException("should never happen");
        } catch (ConnectorException e) {
            throw e;
        } catch (Throwable th3) {
            throw convertToConnectorException("Ein unbekannter Fehler ist beim Auslesen des Kartenzertifikats aufgetreten.", null, th3);
        }
    }

    @NotNull
    private X509DataInfoListType.X509DataInfo tryToLoadCertificate(@NotNull TIConnectorConfiguration tIConnectorConfiguration, @NotNull TiEndpoints tiEndpoints, @NotNull CardInfoType cardInfoType, @NotNull String str) throws URISyntaxException, IOException, JAXBException, NoSuchAlgorithmException, KeyStoreException, KeyManagementException, UnrecoverableKeyException {
        TIConnectorContext context = tIConnectorConfiguration.getContext();
        String format = String.format("<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<soap:Envelope xmlns:soap=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:xsl=\"http://www.w3.org/1999/XSL/Transform\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" xmlns:ZSTI_SignatureService=\"http://ws.gematik.de/conn/SignatureService/WSDL/v7.4\" xmlns:ZSTI_SIG=\"http://ws.gematik.de/conn/SignatureService/v7.4\" xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\" xmlns:sp=\"urn:oasis:names:tc:dss-x:1.0:profiles:SignaturePolicy:schema#\" xmlns:xades=\"http://uri.etsi.org/01903/v1.3.2#\" xmlns:dss=\"urn:oasis:names:tc:dss:1.0:core:schema\" xmlns:saml=\"urn:oasis:names:tc:SAML:1.0:assertion\" xmlns:vr=\"urn:oasis:names:tc:dss-x:1.0:profiles:verificationreport:schema#\" xmlns:tsl=\"http://uri.etsi.org/02231/v2#\" xmlns:saml2=\"urn:oasis:names:tc:SAML:2.0:assertion\" xmlns:xenc=\"http://www.w3.org/2001/04/xmlenc#\" xmlns:CERT=\"http://ws.gematik.de/conn/CertificateService/v6.0\"\nxmlns:ZSTI_CERTCMN=\"http://ws.gematik.de/conn/CertificateServiceCommon/v2.0\" xmlns:CONN=\"http://ws.gematik.de/conn/ConnectorCommon/v5.0\"\nxmlns:ZSTI_GERROR=\"http://ws.gematik.de/tel/error/v2.0\" xmlns:CCTX=\"http://ws.gematik.de/conn/ConnectorContext/v2.0\"\nxsl:version=\"1.0\">\n  <soap:Body>\n<CERT:ReadCardCertificate>\n <CONN:CardHandle>%s</CONN:CardHandle>\n <CCTX:Context>\n <CONN:MandantId>%s</CONN:MandantId>\n <CONN:ClientSystemId>%s</CONN:ClientSystemId>\n <CONN:WorkplaceId>%s</CONN:WorkplaceId>\n <CONN:UserId>%s</CONN:UserId>\n </CCTX:Context>\n <CERT:CertRefList>\n <CERT:CertRef>" + str + "</CERT:CertRef>\n </CERT:CertRefList>\n</CERT:ReadCardCertificate>  </soap:Body>\n</soap:Envelope>", this.escaper.translate(cardInfoType.getCardHandle()), this.escaper.translate(context.getMandantId()), this.escaper.translate(context.getClientSystemId()), this.escaper.translate(context.getWorkplaceId()), this.escaper.translate(context.getUserId().orElse("Test")));
        URI serviceURL = tiEndpoints.getServiceURL(TiEndpoints.TiService.CertificateService, tIConnectorConfiguration.useTLS());
        this.log.info("process readCertificate");
        this.log.info("Send to {} with body\n{}", serviceURL, format);
        try {
            CloseableHttpResponse execute = this.clientProvider.getHttpClient(tIConnectorConfiguration).execute(RequestBuilder.post(serviceURL).addHeader("Content-Type", "text/xml; charset=utf-8;").addHeader("SOAPAction", "\"http://ws.gematik.de/conn/CertificateService/v6.0#ReadCardCertificate\"").addHeader("User-Agent", "wsdl2objc;").setEntity(new StringEntity(format)).build());
            String iOUtils = IOUtils.toString(execute.getEntity().getContent(), StandardCharsets.UTF_8);
            this.log.info("Retrieve response: {}\n", iOUtils);
            if (iOUtils.isEmpty()) {
                throw makeConnectorEmptyResponseException("Ein unbekannter Fehler ist beim Auslesen des Kartenzertifikats aufgetreten", execute);
            }
            X509DataInfoListType.X509DataInfo orElseThrow = ((ReadCardCertificateResponse) unwrapResult((ReadCardCertificateResponseEnvelope) JAXBContext.newInstance(new Class[]{ReadCardCertificateResponseEnvelope.class}).createUnmarshaller().unmarshal(IOUtils.toInputStream(iOUtils, StandardCharsets.UTF_8)))).getX509DataInfoList().getX509DataInfo().stream().findAny().orElseThrow(() -> {
                return new ConnectorException("no certificate found", ConnectorException.ExceptionType.UNKNOWN);
            });
            HttpClientUtils.closeQuietly(execute);
            return orElseThrow;
        } catch (Throwable th) {
            HttpClientUtils.closeQuietly((HttpResponse) null);
            throw th;
        }
    }

    @NotNull
    public SignDocumentResponse signDocument(@NotNull TIConnectorConfiguration tIConnectorConfiguration, @NotNull TiEndpoints tiEndpoints, @NotNull String str, @NotNull String str2, @NotNull DocumentType documentType, @NotNull InputStream inputStream) {
        try {
            try {
                TIConnectorContext context = tIConnectorConfiguration.getContext();
                String format = String.format("<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n<soap:Envelope xmlns:soap=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:xsl=\"http://www.w3.org/1999/XSL/Transform\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" xmlns:ZSTI_SignatureService=\"http://ws.gematik.de/conn/SignatureService/WSDL/v7.4\" xmlns:ZSTI_SIG=\"http://ws.gematik.de/conn/SignatureService/v7.4\" xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\" xmlns:sp=\"urn:oasis:names:tc:dss-x:1.0:profiles:SignaturePolicy:schema#\" xmlns:xades=\"http://uri.etsi.org/01903/v1.3.2#\" xmlns:dss=\"urn:oasis:names:tc:dss:1.0:core:schema\" xmlns:saml=\"urn:oasis:names:tc:SAML:1.0:assertion\" xmlns:vr=\"urn:oasis:names:tc:dss-x:1.0:profiles:verificationreport:schema#\" xmlns:tsl=\"http://uri.etsi.org/02231/v2#\" xmlns:saml2=\"urn:oasis:names:tc:SAML:2.0:assertion\" xmlns:xenc=\"http://www.w3.org/2001/04/xmlenc#\" xmlns:ZSTI_CERTCMN=\"http://ws.gematik.de/conn/CertificateServiceCommon/v2.0\" xmlns:ZSTI_CONN=\"http://ws.gematik.de/conn/ConnectorCommon/v5.0\" xmlns:ZSTI_GERROR=\"http://ws.gematik.de/tel/error/v2.0\" xmlns:ZSTI_CCTX=\"http://ws.gematik.de/conn/ConnectorContext/v2.0\" xsl:version=\"1.0\">\n  <soap:Body>\n    <ZSTI_SIG:SignDocument>\n      <ZSTI_CONN:CardHandle>%s</ZSTI_CONN:CardHandle>\n      <ZSTI_CCTX:Context>\n        <ZSTI_CONN:MandantId>%s</ZSTI_CONN:MandantId>\n        <ZSTI_CONN:ClientSystemId>%s</ZSTI_CONN:ClientSystemId>\n        <ZSTI_CONN:WorkplaceId>%s</ZSTI_CONN:WorkplaceId>\n$USER_ID$      </ZSTI_CCTX:Context>\n      <ZSTI_SIG:TvMode>NONE</ZSTI_SIG:TvMode>\n      <ZSTI_SIG:JobNumber>%s</ZSTI_SIG:JobNumber>\n      <ZSTI_SIG:SignRequest RequestID=\"PUP-000\">\n        <ZSTI_SIG:OptionalInputs>\n          <dss:SignatureType>%s</dss:SignatureType>\n        </ZSTI_SIG:OptionalInputs>\n        <ZSTI_SIG:Document ShortText=\"Impfzertifikat\">\n          <dss:Base64Data MimeType=\"%s\">%s</dss:Base64Data>\n        </ZSTI_SIG:Document>\n        <ZSTI_SIG:IncludeRevocationInfo>false</ZSTI_SIG:IncludeRevocationInfo>\n      </ZSTI_SIG:SignRequest>\n    </ZSTI_SIG:SignDocument>\n  </soap:Body>\n</soap:Envelope>\n", this.escaper.translate(str), this.escaper.translate(context.getMandantId()), this.escaper.translate(context.getClientSystemId()), this.escaper.translate(context.getWorkplaceId()), this.escaper.translate(str2), this.escaper.translate(documentType.getSignatureType()), this.escaper.translate(documentType.getMimeType()), this.escaper.translate(Base64.getEncoder().encodeToString(IOUtils.toByteArray(inputStream))));
                String orElse = context.getUserId().orElse(null);
                String replace = orElse == null ? format.replace("$USER_ID$", "") : format.replace("$USER_ID$", "        <ZSTI_CONN:UserId>" + this.escaper.translate(orElse) + "</ZSTI_CONN:UserId>\n");
                URI serviceURL = tiEndpoints.getServiceURL(TiEndpoints.TiService.SignatureService, tIConnectorConfiguration.useTLS());
                this.log.info("process signDocument");
                this.log.info("Send to {} with body\n{}", serviceURL, replace);
                CloseableHttpResponse execute = this.clientProvider.getHttpClient(tIConnectorConfiguration).execute(RequestBuilder.post(serviceURL).addHeader("Content-Type", "text/xml; charset=utf-8;").addHeader("SOAPAction", "\"http://ws.gematik.de/conn/SignatureService/WSDL/v7.4#SignDocument\"").addHeader("User-Agent", "wsdl2objc;").setEntity(new StringEntity(replace)).build());
                String iOUtils = IOUtils.toString(execute.getEntity().getContent(), StandardCharsets.UTF_8);
                this.log.info("Retrieve response: {}\n", iOUtils);
                if (iOUtils.isEmpty()) {
                    throw makeConnectorEmptyResponseException("Ein unbekannter Fehler ist bei der Signierung eines Dokumentes aufgetreten.", execute);
                }
                SignDocumentResponse signDocumentResponse = (SignDocumentResponse) unwrapResult((SignDocumentResponeEnvelope) JAXBContext.newInstance(new Class[]{SignDocumentResponeEnvelope.class}).createUnmarshaller().unmarshal(IOUtils.toInputStream(iOUtils, StandardCharsets.UTF_8)));
                HttpClientUtils.closeQuietly(execute);
                return signDocumentResponse;
            } catch (ConnectorException e) {
                throw e;
            } catch (Throwable th) {
                throw convertToConnectorException("Ein unbekannter Fehler ist bei der Signierung eines Dokumentes aufgetreten.", null, th);
            }
        } catch (Throwable th2) {
            HttpClientUtils.closeQuietly((HttpResponse) null);
            throw th2;
        }
    }

    @Override // de.impfsoft.ticonnector.TIConnectorService
    @NotNull
    public ExternalAuthenticateResponse externalAuthenticate(@NotNull TIConnectorConfiguration tIConnectorConfiguration, @NotNull CardInfoType cardInfoType, @NotNull String str) throws ConnectorException {
        try {
            try {
                TiEndpoints connectorServices = getConnectorServices(tIConnectorConfiguration, this.authServiceMinVersion);
                TIConnectorContext context = tIConnectorConfiguration.getContext();
                String format = String.format("<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n    <soap:Envelope xmlns:soap=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:xsl=\"http://www.w3.org/1999/XSL/Transform\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" xmlns:ZSTI_AuthSignatureService=\"http://ws.gematik.de/conn/AuthSignatureService/WSDL/v7.4\" xmlns:ZSTI_SIG=\"http://ws.gematik.de/conn/SignatureService/v7.4\" xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\" xmlns:sp=\"urn:oasis:names:tc:dss-x:1.0:profiles:SignaturePolicy:schema#\" xmlns:xades=\"http://uri.etsi.org/01903/v1.3.2#\" xmlns:dss=\"urn:oasis:names:tc:dss:1.0:core:schema\" xmlns:saml=\"urn:oasis:names:tc:SAML:1.0:assertion\" xmlns:vr=\"urn:oasis:names:tc:dss-x:1.0:profiles:verificationreport:schema#\" xmlns:tsl=\"http://uri.etsi.org/02231/v2#\" xmlns:saml2=\"urn:oasis:names:tc:SAML:2.0:assertion\" xmlns:xenc=\"http://www.w3.org/2001/04/xmlenc#\" xmlns:ZSTI_CERTCMN=\"http://ws.gematik.de/conn/CertificateServiceCommon/v2.0\" xmlns:ZSTI_CONN=\"http://ws.gematik.de/conn/ConnectorCommon/v5.0\" xmlns:ZSTI_GERROR=\"http://ws.gematik.de/tel/error/v2.0\" xmlns:ZSTI_CCTX=\"http://ws.gematik.de/conn/ConnectorContext/v2.0\" xsl:version=\"1.0\">\n      <soap:Body>\n        <ZSTI_SIG:ExternalAuthenticate>\n          <ZSTI_CONN:CardHandle>%s</ZSTI_CONN:CardHandle>\n          <ZSTI_CCTX:Context>\n            <ZSTI_CONN:MandantId>%s</ZSTI_CONN:MandantId>\n            <ZSTI_CONN:ClientSystemId>%s</ZSTI_CONN:ClientSystemId>\n            <ZSTI_CONN:WorkplaceId>%s</ZSTI_CONN:WorkplaceId>\n          </ZSTI_CCTX:Context>\n          <ZSTI_SIG:OptionalInputs>\n            <dss:SignatureType>urn:ietf:rfc:3447</dss:SignatureType>\n            <ZSTI_SIG:SignatureSchemes>RSASSA-PSS</ZSTI_SIG:SignatureSchemes>\n          </ZSTI_SIG:OptionalInputs>\n          <ZSTI_SIG:BinaryString>\n            <dss:Base64Data MimeType=\"application/octet-stream\">%s</dss:Base64Data>\n          </ZSTI_SIG:BinaryString>\n        </ZSTI_SIG:ExternalAuthenticate>\n      </soap:Body>\n    </soap:Envelope>", this.escaper.translate(cardInfoType.getCardHandle()), this.escaper.translate(context.getMandantId()), this.escaper.translate(context.getClientSystemId()), this.escaper.translate(context.getWorkplaceId()), this.escaper.translate(Base64.getEncoder().encodeToString(Hashing.sha256().hashBytes(str.getBytes(StandardCharsets.UTF_8)).asBytes())));
                URI serviceURL = connectorServices.getServiceURL(TiEndpoints.TiService.AuthSignatureService, tIConnectorConfiguration.useTLS());
                this.log.info("process externalAuth");
                this.log.info("Send to {} with body\n{}", serviceURL, format);
                CloseableHttpResponse execute = this.clientProvider.getHttpClient(tIConnectorConfiguration).execute(RequestBuilder.post(serviceURL).addHeader("Content-Type", "text/xml; charset=utf-8;").addHeader("SOAPAction", "\"http://ws.gematik.de/conn/SignatureService/v7.4#ExternalAuthenticate\"").addHeader("User-Agent", "wsdl2objc;").setEntity(new StringEntity(format)).build());
                String iOUtils = IOUtils.toString(execute.getEntity().getContent(), StandardCharsets.UTF_8);
                this.log.info("Retrieve response: {}\n", iOUtils);
                if (iOUtils.isEmpty()) {
                    throw makeConnectorEmptyResponseException("Ein unbekannter Fehler ist bei der Ausstellung der Authentifizierungssignatur aufgetreten", execute);
                }
                ExternalAuthenticateResponse externalAuthenticateResponse = (ExternalAuthenticateResponse) unwrapResult((ExternalAuthenticateResponeEnvelope) JAXBContext.newInstance(new Class[]{ExternalAuthenticateResponeEnvelope.class}).createUnmarshaller().unmarshal(IOUtils.toInputStream(iOUtils, StandardCharsets.UTF_8)));
                HttpClientUtils.closeQuietly(execute);
                return externalAuthenticateResponse;
            } catch (ConnectorException e) {
                throw e;
            } catch (Throwable th) {
                throw convertToConnectorException("Ein unbekannter Fehler ist bei der Ausstellung der Authentifizierungssignatur aufgetreten", null, th);
            }
        } catch (Throwable th2) {
            HttpClientUtils.closeQuietly((HttpResponse) null);
            throw th2;
        }
    }

    @Override // de.impfsoft.ticonnector.TIConnectorService
    @NotNull
    public PinResponseType verifyPin(@NotNull TIConnectorConfiguration tIConnectorConfiguration, @Nullable String str) throws ConnectorException {
        CharSequence charSequence;
        try {
            try {
                TiEndpoints connectorServices = getConnectorServices(tIConnectorConfiguration, this.cardServiceMinVersion);
                TIConnectorContext context = tIConnectorConfiguration.getContext();
                CardInfoType orElseThrow = getCards(tIConnectorConfiguration, connectorServices).getCards().getCard().stream().filter(cardInfoType -> {
                    return str == null || cardInfoType.getIccsn().equals(str);
                }).findAny().orElseThrow(() -> {
                    return new ConnectorException("Im Connector wurde keine passende Karte gefunden!", ConnectorException.ExceptionType.NO_CARD);
                });
                switch (orElseThrow.getCardType()) {
                    case SMC_B:
                        charSequence = "PIN.SMC";
                        break;
                    case HBA:
                    case HBA_Q_SIG:
                    case HB_AX:
                        charSequence = "PIN.CH";
                        break;
                    default:
                        throw new ConnectorException("Kann Pin nicht freischalten, da der Kartentyp nicht unterstützt wird " + orElseThrow.getCardType(), ConnectorException.ExceptionType.CONNECTOR_ERROR);
                }
                String format = String.format("<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n    <soap:Envelope xmlns:soap=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:xsl=\"http://www.w3.org/1999/XSL/Transform\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" xmlns:ZSTI_AuthSignatureService=\"http://ws.gematik.de/conn/AuthSignatureService/WSDL/v7.4\" xmlns:ZSTI_SIG=\"http://ws.gematik.de/conn/SignatureService/v7.4\" xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\" xmlns:sp=\"urn:oasis:names:tc:dss-x:1.0:profiles:SignaturePolicy:schema#\" xmlns:xades=\"http://uri.etsi.org/01903/v1.3.2#\" xmlns:dss=\"urn:oasis:names:tc:dss:1.0:core:schema\" xmlns:saml=\"urn:oasis:names:tc:SAML:1.0:assertion\" xmlns:vr=\"urn:oasis:names:tc:dss-x:1.0:profiles:verificationreport:schema#\" xmlns:tsl=\"http://uri.etsi.org/02231/v2#\" xmlns:saml2=\"urn:oasis:names:tc:SAML:2.0:assertion\" xmlns:xenc=\"http://www.w3.org/2001/04/xmlenc#\" xmlns:ZSTI_CERTCMN=\"http://ws.gematik.de/conn/CertificateServiceCommon/v2.0\" xmlns:ZSTI_CONN=\"http://ws.gematik.de/conn/ConnectorCommon/v5.0\" xmlns:ZSTI_GERROR=\"http://ws.gematik.de/tel/error/v2.0\" xmlns:ZSTI_CCTX=\"http://ws.gematik.de/conn/ConnectorContext/v2.0\" xmlns:ZSTI_CARD=\"http://ws.gematik.de/conn/CardService/v8.1\" xmlns:ZSTI_CARDCMN=\"http://ws.gematik.de/conn/CardServiceCommon/v2.0\" xsl:version=\"1.0\">\n<soap:Body>\n<ZSTI_CARD:VerifyPin>\n<ZSTI_CCTX:Context>\n<ZSTI_CONN:MandantId>%s</ZSTI_CONN:MandantId>\n<ZSTI_CONN:ClientSystemId>%s</ZSTI_CONN:ClientSystemId>\n<ZSTI_CONN:WorkplaceId>%s</ZSTI_CONN:WorkplaceId>\n<ZSTI_CONN:UserId>%s</ZSTI_CONN:UserId>\n</ZSTI_CCTX:Context>\n<ZSTI_CONN:CardHandle>%s</ZSTI_CONN:CardHandle>\n<ZSTI_CARDCMN:PinTyp>%s</ZSTI_CARDCMN:PinTyp>\n</ZSTI_CARD:VerifyPin>\n</soap:Body>\n</soap:Envelope>", this.escaper.translate(context.getMandantId()), this.escaper.translate(context.getClientSystemId()), this.escaper.translate(context.getWorkplaceId()), this.escaper.translate(context.getUserId().orElse("unk")), this.escaper.translate(orElseThrow.getCardHandle()), this.escaper.translate(charSequence));
                URI serviceURL = connectorServices.getServiceURL(TiEndpoints.TiService.CardService, tIConnectorConfiguration.useTLS());
                this.log.info("process externalAuth");
                this.log.info("Send to {} with body\n{}", serviceURL, format);
                CloseableHttpResponse execute = this.clientProvider.getHttpClient(tIConnectorConfiguration).execute(RequestBuilder.post(serviceURL).addHeader("Content-Type", "text/xml; charset=utf-8;").addHeader("SOAPAction", "\"http://ws.gematik.de/conn/CardService/v8.1#VerifyPin\"").addHeader("User-Agent", "wsdl2objc;").setEntity(new StringEntity(format)).build());
                String iOUtils = IOUtils.toString(execute.getEntity().getContent(), StandardCharsets.UTF_8);
                this.log.info("Retrieve response: {}\n", iOUtils);
                if (iOUtils.isEmpty()) {
                    throw makeConnectorEmptyResponseException("Ein unbekannter Fehler ist bei der Verifikation der Karten-PIN aufgetreten.", execute);
                }
                PinResponseType pinResponseType = (PinResponseType) unwrapResult((PinResponseEnvelope) JAXBContext.newInstance(new Class[]{PinResponseEnvelope.class}).createUnmarshaller().unmarshal(IOUtils.toInputStream(iOUtils, StandardCharsets.UTF_8)));
                HttpClientUtils.closeQuietly(execute);
                return pinResponseType;
            } catch (Throwable th) {
                if (th instanceof ConnectorException) {
                    throw ((ConnectorException) th);
                }
                throw new ConnectorException(th.toString(), ConnectorException.ExceptionType.UNKNOWN, th);
            }
        } catch (Throwable th2) {
            HttpClientUtils.closeQuietly((HttpResponse) null);
            throw th2;
        }
    }

    @NotNull
    private static <T extends Envelope<V>, V extends Body<W>, W> W unwrapResult(@NotNull T t) throws ConnectorException {
        Error.Trace orElse;
        W w = (W) ((Body) t.getBody()).getResponse().orElse(null);
        if (w != null) {
            return w;
        }
        Fault orElse2 = ((Body) t.getBody()).getFault().orElse(null);
        if (orElse2 == null) {
            throw new ConnectorException("<UNKNOWN*>", ConnectorException.ExceptionType.CONNECTOR_ERROR);
        }
        Error orElse3 = orElse2.getError().orElse(null);
        if (orElse3 == null || (orElse = orElse3.getTrace().stream().findFirst().orElse(null)) == null || orElse.getCode().intValue() != 4085) {
            throw new ConnectorException(orElse2.getFaultDescription().orElse("<UNKNOWN>"), ConnectorException.ExceptionType.CONNECTOR_ERROR);
        }
        throw new ConnectorException("Die PIN muss verifiziert werden!", ConnectorException.ExceptionType.PIN_NEEDS_VERIFICATION);
    }

    @NotNull
    public TiEndpoints getConnectorServices(@NotNull TIConnectorConfiguration tIConnectorConfiguration, @Nullable TiVersion tiVersion) {
        try {
            try {
                try {
                    CloseableHttpResponse execute = this.clientProvider.getHttpClient(tIConnectorConfiguration).execute(RequestBuilder.get(new URI(tIConnectorConfiguration.getUri().toString() + "/connector.sds")).addHeader("Content-Type", "text/xml; charset=utf-8;").build());
                    String iOUtils = IOUtils.toString(execute.getEntity().getContent(), StandardCharsets.UTF_8);
                    this.log.info("Retrieve response: {}\n", iOUtils);
                    HttpClientUtils.closeQuietly(execute);
                    if (execute.getStatusLine().getStatusCode() == 401) {
                        throw new ConnectorException("Der Zugriff wurde vom Konnektor verweigert. Prüfen Sie Nutzername/Password/Client-Zertifikat", ConnectorException.ExceptionType.CONFIGURATION_ERROR);
                    }
                    if (execute.getStatusLine().getStatusCode() == 404) {
                        throw new ConnectorException("Der Zugriff auf den Konnektor ist mit Fehler 404 gescheitert. Bitte prüfen Sie die Adresse des Konnektors!", ConnectorException.ExceptionType.CONFIGURATION_ERROR);
                    }
                    if (iOUtils.isEmpty()) {
                        throw makeConnectorEmptyResponseException("Beim Abruf des Service-Directories ist ein Fehler aufgetreten.", execute);
                    }
                    Unmarshaller createUnmarshaller = JAXBContext.newInstance(new Class[]{ConnectorServices.class}).createUnmarshaller();
                    if (tiVersion != null) {
                        Matcher matcher = Pattern.compile("<ProductTypeVersion>.*</ProductTypeVersion>").matcher(iOUtils);
                        if (!matcher.find()) {
                            throw new ConnectorException("Das Service-Directory kann nicht gelesen werden! Prüfen Sie ob eine Firewall den Zugriff blockiert oder die Firmware des Konnektors zu alt ist. Die empfangene Nachricht lautet: " + iOUtils.substring(0, Math.min(100, iOUtils.length())) + "[..]", ConnectorException.ExceptionType.CONFIGURATION_ERROR);
                        }
                        TiVersion fromString = TiVersion.fromString(matcher.group().replace("<ProductTypeVersion>", "").replace("</ProductTypeVersion>", ""));
                        if (fromString.isLessThan(tiVersion)) {
                            throw new ConnectorException(String.format("Die Firmware des Konnektors ist veraltet! Für die Funktion wird Version %s benötigt. Der Konnektor ist aktuell auf Version %s", fromString.toString(), tiVersion.toString()), ConnectorException.ExceptionType.WRONG_VERSION);
                        }
                    }
                    try {
                        ConnectorServices connectorServices = (ConnectorServices) createUnmarshaller.unmarshal(IOUtils.toInputStream(iOUtils, StandardCharsets.UTF_8));
                        boolean isTLSMandatory = connectorServices.isTLSMandatory();
                        if (tIConnectorConfiguration.useTLS() || !isTLSMandatory) {
                            return new TiEndpoints(connectorServices.getServiceInformation().getService());
                        }
                        throw new ConnectorException("Der Konnektor kann nur per TLS angesteuert werden. Bitte geben Sie eine HTTPS URL ein!", ConnectorException.ExceptionType.CONFIGURATION_ERROR);
                    } catch (Throwable th) {
                        throw new ConnectorException("Das Service-Directory kann nicht ausgelesen werden. Ist die Firmware des Konnektors aktuell?", ConnectorException.ExceptionType.DISCOVERY_ERROR);
                    }
                } catch (Throwable th2) {
                    HttpClientUtils.closeQuietly((HttpResponse) null);
                    throw th2;
                }
            } catch (Throwable th3) {
                CertPathBuilderException certPathBuilderException = (CertPathBuilderException) Utilities.findCause(th3, CertPathBuilderException.class).orElse(null);
                if (certPathBuilderException == null) {
                    throw new ConnectorException("Auf den Konnektor konnte nicht zugegriffen werden. Bitte prüfen Sie die Adresse des Konnektors!", ConnectorException.ExceptionType.CONFIGURATION_ERROR, th3);
                }
                try {
                    Method method = certPathBuilderException.getClass().getMethod("getAdjacencyList", new Class[0]);
                    method.setAccessible(true);
                    this.log.info("result:" + method.invoke(certPathBuilderException, new Object[0]));
                    this.log.error("PKIX Building failed: ", method.invoke(certPathBuilderException, new Object[0]).toString());
                } catch (Throwable th4) {
                    this.log.error(th4.toString(), th4);
                }
                throw new ConnectorException("Auf den Konnektor konnte nicht zugegriffen werden, da das Server-Zertifikat des Konnektors nicht als vertrauenswürdig erkannt wird.", ConnectorException.ExceptionType.CONFIGURATION_ERROR, th3);
            }
        } catch (ConnectorException e) {
            throw e;
        } catch (Throwable th5) {
            throw new ConnectorException(th5.toString(), ConnectorException.ExceptionType.UNKNOWN, th5);
        }
    }

    @NotNull
    private ConnectorException makeConnectorEmptyResponseException(@NotNull String str, @NotNull HttpResponse httpResponse) {
        return new ConnectorException(str + "Der Konnektor liefert Status " + httpResponse.getStatusLine().getStatusCode() + "aber keine weiteren Informationen!", ConnectorException.ExceptionType.UNKNOWN);
    }

    @NotNull
    private ConnectorException convertToConnectorException(@NotNull String str, @Nullable String str2, @NotNull Throwable th) {
        if (th instanceof ConnectorException) {
            ConnectorException connectorException = (ConnectorException) th;
            throw new ConnectorException(connectorException.getMessage(), connectorException.getType(), connectorException.getCause());
        }
        if (str2 != null) {
            throw new ConnectorException(str + " Der Konnektor meldet: " + str2, ConnectorException.ExceptionType.UNKNOWN, th);
        }
        throw new ConnectorException(str, ConnectorException.ExceptionType.UNKNOWN, th);
    }

    @Override // de.impfsoft.ticonnector.TIConnectorService
    public void setupRoutes(@NotNull TIConnectorConfiguration tIConnectorConfiguration) {
        String host = tIConnectorConfiguration.getUri().getHost();
        try {
            this.routeManager.removeRoute("100.102.0.0");
            this.routeManager.removeRoute("100.103.0.0");
            this.routeManager.removeRoute("100.102.128.0");
            this.routeManager.addRoute("100.102.0.0", host, "255.255.128.0");
            this.routeManager.addRoute("100.103.0.0", host, "255.255.0.0");
            this.routeManager.addRoute("100.102.128.0", host, "255.255.128.0");
        } catch (ConnectorException e) {
            throw e;
        } catch (Throwable th) {
            throw new ConnectorException(th.toString(), ConnectorException.ExceptionType.UNKNOWN, th);
        }
    }
}
