package be.ehealth.technicalconnector.service.keydepot.impl;

import be.ehealth.technicalconnector.cache.Cache;
import be.ehealth.technicalconnector.cache.CacheFactory;
import be.ehealth.technicalconnector.exception.TechnicalConnectorException;
import be.ehealth.technicalconnector.exception.TechnicalConnectorExceptionValues;
import be.ehealth.technicalconnector.handler.SchemaValidatorHandler;
import be.ehealth.technicalconnector.service.ServiceFactory;
import be.ehealth.technicalconnector.service.etee.domain.EncryptionToken;
import be.ehealth.technicalconnector.service.keydepot.KeyDepotManager;
import be.ehealth.technicalconnector.service.keydepot.KeyDepotService;
import be.ehealth.technicalconnector.service.sts.security.Credential;
import be.ehealth.technicalconnector.session.Session;
import be.ehealth.technicalconnector.session.SessionItem;
import be.ehealth.technicalconnector.session.SessionServiceWithCache;
import be.ehealth.technicalconnector.utils.CertificateParser;
import be.ehealth.technicalconnector.utils.IdentifierType;
import be.fgov.ehealth.technicalconnector.bootstrap.bcp.domain.CacheInformation;
import java.security.cert.X509Certificate;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:be/ehealth/technicalconnector/service/keydepot/impl/KeyDepotManagerImpl.class */
public final class KeyDepotManagerImpl implements KeyDepotManager, SessionServiceWithCache {
    private static final Logger LOG = LoggerFactory.getLogger(KeyDepotManagerImpl.class);
    private KeyDepotService service;
    private Cache<X509Certificate, EncryptionToken> cache;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: be.ehealth.technicalconnector.service.keydepot.impl.KeyDepotManagerImpl$1, reason: invalid class name */
    /* loaded from: input_file:be/ehealth/technicalconnector/service/keydepot/impl/KeyDepotManagerImpl$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$be$ehealth$technicalconnector$service$keydepot$KeyDepotManager$EncryptionTokenType = new int[KeyDepotManager.EncryptionTokenType.values().length];

        static {
            try {
                $SwitchMap$be$ehealth$technicalconnector$service$keydepot$KeyDepotManager$EncryptionTokenType[KeyDepotManager.EncryptionTokenType.ENCRYPTION.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$be$ehealth$technicalconnector$service$keydepot$KeyDepotManager$EncryptionTokenType[KeyDepotManager.EncryptionTokenType.HOLDER_OF_KEY.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
        }
    }

    /* loaded from: input_file:be/ehealth/technicalconnector/service/keydepot/impl/KeyDepotManagerImpl$KeyDepotManagerImplSingleton.class */
    private enum KeyDepotManagerImplSingleton {
        INSTANCE;

        private transient KeyDepotManager instance = new KeyDepotManagerImpl(null);

        KeyDepotManagerImplSingleton() {
        }

        public KeyDepotManager getKeyDepotManager() {
            return this.instance;
        }
    }

    private KeyDepotManagerImpl() {
        this.cache = CacheFactory.newInstance(CacheFactory.CacheType.MEMORY, "etkdepot-manager", CacheInformation.ExpiryType.NONE, null);
        try {
            this.service = ServiceFactory.getKeyDepotService();
            Session.getInstance().registerSessionService(this);
        } catch (TechnicalConnectorException e) {
            LOG.error(e.getMessage(), e);
            throw new IllegalArgumentException(e);
        }
    }

    public static KeyDepotManager getInstance() {
        return KeyDepotManagerImplSingleton.INSTANCE.getKeyDepotManager();
    }

    @Override // be.ehealth.technicalconnector.service.keydepot.KeyDepotManager
    public EncryptionToken getHolderOfKeyETK() throws TechnicalConnectorException {
        return getETK(KeyDepotManager.EncryptionTokenType.HOLDER_OF_KEY);
    }

    @Override // be.ehealth.technicalconnector.service.keydepot.KeyDepotManager
    public EncryptionToken getEncryptionETK() throws TechnicalConnectorException {
        return getETK(KeyDepotManager.EncryptionTokenType.ENCRYPTION);
    }

    @Override // be.ehealth.technicalconnector.service.keydepot.KeyDepotManager
    public EncryptionToken getETK(KeyDepotManager.EncryptionTokenType encryptionTokenType) throws TechnicalConnectorException {
        SessionItem session = Session.getInstance().getSession();
        switch (AnonymousClass1.$SwitchMap$be$ehealth$technicalconnector$service$keydepot$KeyDepotManager$EncryptionTokenType[encryptionTokenType.ordinal()]) {
            case SchemaValidatorHandler.VERIFY_INBOUND /* 1 */:
                return getEncryptionToken(session.getEncryptionCredential());
            case SchemaValidatorHandler.VERIFY_OUTBOUND /* 2 */:
                return getEncryptionToken(session.getHolderOfKeyCredential());
            default:
                throw new IllegalArgumentException("Unsupported EncryptionTokenType.");
        }
    }

    private EncryptionToken getEncryptionToken(Credential credential) throws TechnicalConnectorException {
        if (credential == null) {
            LOG.error(TechnicalConnectorExceptionValues.NO_VALID_SESSION_WITH_ENCRYPTION.getMessage());
            throw new TechnicalConnectorException(TechnicalConnectorExceptionValues.NO_VALID_SESSION_WITH_ENCRYPTION, new Object[0]);
        }
        X509Certificate certificate = credential.getCertificate();
        if (!this.cache.containsKey(certificate)) {
            this.cache.put(certificate, getEtkBasedOnX509(certificate));
        }
        return this.cache.get(certificate);
    }

    private EncryptionToken getEtkBasedOnX509(X509Certificate x509Certificate) throws TechnicalConnectorException {
        CertificateParser certificateParser = new CertificateParser(x509Certificate);
        IdentifierType identifier = certificateParser.getIdentifier();
        String id = certificateParser.getId();
        String application = certificateParser.getApplication();
        if (identifier == null || StringUtils.isEmpty(id) || !StringUtils.isNumeric(id)) {
            LOG.error(TechnicalConnectorExceptionValues.ERROR_ETK_NOTFOUND.getMessage());
            throw new TechnicalConnectorException(TechnicalConnectorExceptionValues.ERROR_ETK_NOTFOUND, new Object[0]);
        }
        try {
            return getEtk(identifier, Long.valueOf(Long.parseLong(id)), application);
        } catch (NumberFormatException e) {
            LOG.error(TechnicalConnectorExceptionValues.ERROR_ETK_NOTFOUND.getMessage());
            throw new TechnicalConnectorException(TechnicalConnectorExceptionValues.ERROR_ETK_NOTFOUND, e, new Object[0]);
        }
    }

    @Override // be.ehealth.technicalconnector.service.keydepot.KeyDepotManager
    public EncryptionToken getETK(IdentifierType identifierType, Long l, String str) throws TechnicalConnectorException {
        Set<EncryptionToken> etkSet = getEtkSet(identifierType, l, str);
        if (etkSet.size() == 1) {
            return etkSet.iterator().next();
        }
        LOG.error(TechnicalConnectorExceptionValues.ERROR_ETK_NOTFOUND.getMessage());
        throw new TechnicalConnectorException(TechnicalConnectorExceptionValues.ERROR_ETK_NOTFOUND, new Object[0]);
    }

    @Override // be.ehealth.technicalconnector.service.keydepot.KeyDepotManager
    public EncryptionToken getEtk(IdentifierType identifierType, Long l, String str) throws TechnicalConnectorException {
        return getETK(identifierType, l, str);
    }

    @Override // be.ehealth.technicalconnector.service.keydepot.KeyDepotManager
    public Set<EncryptionToken> getETKs(IdentifierType identifierType, Long l, String str) throws TechnicalConnectorException {
        String formatIdentifierValue = identifierType.formatIdentifierValue(l.longValue());
        HashSet hashSet = new HashSet();
        hashSet.addAll(this.service.getETKSet(identifierType, formatIdentifierValue, str));
        if (LOG.isDebugEnabled()) {
            StringBuilder sb = new StringBuilder();
            sb.append(identifierType).append("/").append(l).append("/").append(str).append(" size [").append(hashSet.size()).append("] with serialnr [");
            String str2 = "";
            Iterator it = hashSet.iterator();
            while (it.hasNext()) {
                sb.append(str2).append(((EncryptionToken) it.next()).getCertificate().getSerialNumber().toString(10));
                str2 = ",";
            }
            sb.append("]");
            LOG.debug("Retrieved ETK from eHealth Key Depot Web Service: {}", sb.toString());
        }
        return hashSet;
    }

    @Override // be.ehealth.technicalconnector.service.keydepot.KeyDepotManager
    public Set<EncryptionToken> getEtkSet(IdentifierType identifierType, Long l, String str) throws TechnicalConnectorException {
        return getETKs(identifierType, l, str);
    }

    @Override // be.ehealth.technicalconnector.service.keydepot.KeyDepotManager
    public void setKeyDepotService(KeyDepotService keyDepotService) {
        this.service = keyDepotService;
        flushCache();
    }

    @Override // be.ehealth.technicalconnector.session.SessionServiceWithCache
    public void flushCache() {
        this.cache.clear();
    }

    /* synthetic */ KeyDepotManagerImpl(AnonymousClass1 anonymousClass1) {
        this();
    }
}
