package be.ehealth.technicalconnector.service.keydepot.impl;

import be.ehealth.technicalconnector.config.impl.ConfigurationModuleBootstrap;
import be.ehealth.technicalconnector.exception.TechnicalConnectorException;
import be.ehealth.technicalconnector.exception.TechnicalConnectorExceptionValues;
import be.ehealth.technicalconnector.service.etee.domain.EncryptionToken;
import be.ehealth.technicalconnector.service.keydepot.KeyDepotService;
import be.ehealth.technicalconnector.service.ws.ServiceFactory;
import be.ehealth.technicalconnector.utils.CertificateParser;
import be.ehealth.technicalconnector.utils.impl.JaxbContextFactory;
import be.ehealth.technicalconnector.ws.domain.GenericRequest;
import be.fgov.ehealth.commons._1_0.core.LocalisedString;
import be.fgov.ehealth.etkdepot._1_0.protocol.GetEtkRequest;
import be.fgov.ehealth.etkdepot._1_0.protocol.GetEtkResponse;
import be.fgov.ehealth.etkdepot._1_0.protocol.IdentifierType;
import be.fgov.ehealth.etkdepot._1_0.protocol.MatchingEtk;
import be.fgov.ehealth.etkdepot._1_0.protocol.SearchCriteriaType;
import java.security.GeneralSecurityException;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import javax.xml.soap.SOAPException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:be/ehealth/technicalconnector/service/keydepot/impl/KeyDepotServiceImpl.class */
public class KeyDepotServiceImpl implements KeyDepotService, ConfigurationModuleBootstrap.ModuleBootstrapHook {
    private static final long serialVersionUID = 1;
    private static final Logger LOG = LoggerFactory.getLogger(KeyDepotServiceImpl.class);

    private GetEtkResponse getETK(SearchCriteriaType searchCriteriaType) throws TechnicalConnectorException {
        GetEtkRequest getEtkRequest = new GetEtkRequest();
        getEtkRequest.setSearchCriteria(searchCriteriaType);
        return getETK(getEtkRequest);
    }

    @Override // be.ehealth.technicalconnector.service.keydepot.KeyDepotService
    public GetEtkResponse getETK(GetEtkRequest getEtkRequest) throws TechnicalConnectorException {
        GenericRequest eTKService = ServiceFactory.getETKService();
        eTKService.setPayload(getEtkRequest);
        try {
            return (GetEtkResponse) be.ehealth.technicalconnector.ws.ServiceFactory.getGenericWsSender().send(eTKService).asObject(GetEtkResponse.class);
        } catch (SOAPException e) {
            throw new TechnicalConnectorException(TechnicalConnectorExceptionValues.ERROR_WS, e.getMessage(), e);
        }
    }

    private SearchCriteriaType generatedSearchCreteriaType(String str, String str2, String str3) {
        SearchCriteriaType searchCriteriaType = new SearchCriteriaType();
        ArrayList arrayList = new ArrayList();
        IdentifierType identifierType = new IdentifierType();
        if (str3 != null) {
            identifierType.setApplicationID(str3);
        }
        identifierType.setType(str);
        identifierType.setValue(str2);
        arrayList.add(identifierType);
        searchCriteriaType.getIdentifiers().addAll(arrayList);
        return searchCriteriaType;
    }

    @Override // be.ehealth.technicalconnector.service.keydepot.KeyDepotService
    public Set<EncryptionToken> getETKSet(be.ehealth.technicalconnector.utils.IdentifierType identifierType, String str, String str2) throws TechnicalConnectorException {
        HashSet hashSet = new HashSet();
        SearchCriteriaType generatedSearchCreteriaType = generatedSearchCreteriaType(identifierType.getType(48), str, str2);
        GetEtkResponse etk = getETK(generatedSearchCreteriaType);
        validate(etk);
        if (etk.getETK() != null) {
            hashSet.add(toEncryptionToken(etk.getETK()));
        } else if (str2 != null || etk.getMatchingEtks().isEmpty()) {
            unableToFindEtk(generatedSearchCreteriaType);
        } else {
            Iterator it = etk.getMatchingEtks().iterator();
            while (it.hasNext()) {
                hashSet.addAll(getEtk((MatchingEtk) it.next(), identifierType, str));
            }
        }
        return hashSet;
    }

    private Set<EncryptionToken> getEtk(MatchingEtk matchingEtk, be.ehealth.technicalconnector.utils.IdentifierType identifierType, String str) throws TechnicalConnectorException {
        HashSet hashSet = new HashSet();
        SearchCriteriaType searchCriteriaType = new SearchCriteriaType();
        if (matchingEtk.getIdentifiers() == null || matchingEtk.getIdentifiers().size() == 0) {
            LOG.warn("Empty IdentifierList of MatchingETK");
            throw new TechnicalConnectorException(TechnicalConnectorExceptionValues.ERROR_ETK_NOTFOUND, new Object[0]);
        }
        searchCriteriaType.getIdentifiers().add(matchingEtk.getIdentifiers().get(0));
        GetEtkResponse etk = getETK(searchCriteriaType);
        validate(etk);
        EncryptionToken encryptionToken = toEncryptionToken(etk.getETK());
        CertificateParser certificateParser = new CertificateParser(encryptionToken.getAuthenticationCertificate());
        if (certificateParser.getIdentifier().equals(identifierType) && certificateParser.getId().equalsIgnoreCase(str)) {
            hashSet.add(encryptionToken);
        } else if (certificateParser.getIdentifier().equals(be.ehealth.technicalconnector.utils.IdentifierType.SSIN) && identifierType.equals(be.ehealth.technicalconnector.utils.IdentifierType.NIHII)) {
            LOG.debug("Request was based on NIHII number [{}] but SSIN recieved.", str);
            hashSet.add(encryptionToken);
        } else {
            LOG.warn("Ignoring etk with SubjectX509Name [{}]", encryptionToken.getAuthenticationCertificate().getSubjectX500Principal().getName("RFC2253"));
        }
        return hashSet;
    }

    private static void validate(GetEtkResponse getEtkResponse) throws TechnicalConnectorException {
        if (getEtkResponse.getStatus().getCode().equalsIgnoreCase("200")) {
            return;
        }
        LOG.error(TechnicalConnectorExceptionValues.ERROR_ETK_NOTFOUND + ": " + ((LocalisedString) getEtkResponse.getStatus().getMessages().get(0)).getValue());
        throw new TechnicalConnectorException(TechnicalConnectorExceptionValues.ERROR_ETK_NOTFOUND, new Object[0]);
    }

    private static EncryptionToken toEncryptionToken(byte[] bArr) throws TechnicalConnectorException {
        try {
            return new EncryptionToken(bArr);
        } catch (GeneralSecurityException e) {
            LOG.error(TechnicalConnectorExceptionValues.ERROR_ETK_NOTFOUND.getMessage(), e);
            throw new TechnicalConnectorException(TechnicalConnectorExceptionValues.ERROR_ETK_NOTFOUND, e, new Object[0]);
        }
    }

    private static void unableToFindEtk(SearchCriteriaType searchCriteriaType) throws TechnicalConnectorException {
        StringBuilder sb = new StringBuilder();
        if (LOG.isErrorEnabled()) {
            for (IdentifierType identifierType : searchCriteriaType.getIdentifiers()) {
                sb.append("SearchCriteria:  type=[").append(identifierType.getType()).append("] , value=[").append(identifierType.getValue()).append("], appId=[").append(identifierType.getApplicationID()).append("]");
            }
            LOG.error("No ETK found for {}", sb.toString());
        }
        throw new TechnicalConnectorException(TechnicalConnectorExceptionValues.ERROR_ETK_NOTFOUND, new Object[0]);
    }

    @Override // be.ehealth.technicalconnector.config.impl.ConfigurationModuleBootstrap.ModuleBootstrapHook
    public void bootstrap() {
        JaxbContextFactory.initJaxbContext((Class<?>[]) new Class[]{GetEtkRequest.class});
        JaxbContextFactory.initJaxbContext((Class<?>[]) new Class[]{GetEtkResponse.class});
    }
}
