package be.ehealth.technicalconnector.service.kgss.builders.impl;

import be.ehealth.technicalconnector.config.impl.ConfigurationModuleBootstrap;
import be.ehealth.technicalconnector.exception.TechnicalConnectorException;
import be.ehealth.technicalconnector.exception.TechnicalConnectorExceptionValues;
import be.ehealth.technicalconnector.service.etee.Crypto;
import be.ehealth.technicalconnector.service.etee.CryptoFactory;
import be.ehealth.technicalconnector.service.etee.domain.EncryptionToken;
import be.ehealth.technicalconnector.service.kgss.builders.KgssMessageBuilder;
import be.ehealth.technicalconnector.service.kgss.domain.KeyResult;
import be.ehealth.technicalconnector.service.sts.security.Credential;
import be.ehealth.technicalconnector.utils.ConnectorCryptoUtils;
import be.ehealth.technicalconnector.utils.MarshallerHelper;
import be.ehealth.technicalconnector.utils.impl.JaxbContextFactory;
import be.fgov.ehealth.etee.kgss._1_0.protocol.GetKeyRequest;
import be.fgov.ehealth.etee.kgss._1_0.protocol.GetKeyRequestContent;
import be.fgov.ehealth.etee.kgss._1_0.protocol.GetKeyResponse;
import be.fgov.ehealth.etee.kgss._1_0.protocol.GetKeyResponseContent;
import be.fgov.ehealth.etee.kgss._1_0.protocol.GetNewKeyRequest;
import be.fgov.ehealth.etee.kgss._1_0.protocol.GetNewKeyRequestContent;
import be.fgov.ehealth.etee.kgss._1_0.protocol.GetNewKeyResponse;
import be.fgov.ehealth.etee.kgss._1_0.protocol.GetNewKeyResponseContent;
import be.fgov.ehealth.etee.kgss._1_0.protocol.SealedContentType;
import java.security.GeneralSecurityException;
import java.security.PrivateKey;
import java.text.MessageFormat;
import java.util.Map;
import javax.crypto.SecretKey;
import org.apache.commons.lang3.ArrayUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:be/ehealth/technicalconnector/service/kgss/builders/impl/KgssMessageBuilderImpl.class */
public class KgssMessageBuilderImpl implements KgssMessageBuilder, ConfigurationModuleBootstrap.ModuleBootstrapHook {
    private SecretKey key;
    private EncryptionToken encryptionToken;
    private Crypto crypto;
    private static final Logger LOG = LoggerFactory.getLogger(KgssMessageBuilderImpl.class);
    private static MarshallerHelper<GetNewKeyResponseContent, GetNewKeyRequestContent> newKeyHelper = new MarshallerHelper<>(GetNewKeyResponseContent.class, GetNewKeyRequestContent.class);
    private static MarshallerHelper<GetKeyResponseContent, GetKeyRequestContent> getKeyHelper = new MarshallerHelper<>(GetKeyResponseContent.class, GetKeyRequestContent.class);

    public KgssMessageBuilderImpl() {
        LOG.debug("KgssMessageBuilderImpl default consturctor. Only for bootstrap purspose");
    }

    public KgssMessageBuilderImpl(byte[] bArr, Credential credential, Map<String, PrivateKey> map) throws TechnicalConnectorException {
        this.encryptionToken = toEncryptionToken(bArr);
        this.crypto = CryptoFactory.getCrypto(credential, map);
    }

    @Override // be.ehealth.technicalconnector.service.kgss.builders.KgssMessageBuilder
    public GetNewKeyRequest sealGetNewKeyRequest(GetNewKeyRequestContent getNewKeyRequestContent) throws TechnicalConnectorException {
        GetNewKeyRequest getNewKeyRequest = new GetNewKeyRequest();
        byte[] xMLByteArray = newKeyHelper.toXMLByteArray(getNewKeyRequestContent);
        if (LOG.isDebugEnabled()) {
            LOG.debug("Access Control List defined as : {}", new String(xMLByteArray));
        }
        SealedContentType sealedContentType = new SealedContentType();
        sealedContentType.setSealedContent(this.crypto.seal(Crypto.SigningPolicySelector.WITHOUT_NON_REPUDIATION, this.encryptionToken, xMLByteArray));
        getNewKeyRequest.setSealedNewKeyRequest(sealedContentType);
        return getNewKeyRequest;
    }

    @Override // be.ehealth.technicalconnector.service.kgss.builders.KgssMessageBuilder
    public GetNewKeyResponseContent unsealGetNewKeyResponse(GetNewKeyResponse getNewKeyResponse) throws TechnicalConnectorException {
        return newKeyHelper.toObject(this.crypto.unseal(Crypto.SigningPolicySelector.WITHOUT_NON_REPUDIATION, getNewKeyResponse.getSealedNewKeyResponse().getSealedContent()).getContentAsByte());
    }

    @Override // be.ehealth.technicalconnector.service.kgss.builders.KgssMessageBuilder
    public GetKeyRequest sealGetKeyRequest(GetKeyRequestContent getKeyRequestContent) throws TechnicalConnectorException {
        GetKeyRequest getKeyRequest = new GetKeyRequest();
        if (ArrayUtils.isEmpty(getKeyRequestContent.getETK()) && ArrayUtils.isEmpty(getKeyRequestContent.getKeyEncryptionKey())) {
            this.key = ConnectorCryptoUtils.generateKey();
            getKeyRequestContent.setKeyEncryptionKey(this.key.getEncoded());
        }
        byte[] xMLByteArray = getKeyHelper.toXMLByteArray(getKeyRequestContent);
        SealedContentType sealedContentType = new SealedContentType();
        sealedContentType.setSealedContent(this.crypto.seal(Crypto.SigningPolicySelector.WITHOUT_NON_REPUDIATION, this.encryptionToken, xMLByteArray));
        getKeyRequest.setSealedKeyRequest(sealedContentType);
        return getKeyRequest;
    }

    @Override // be.ehealth.technicalconnector.service.kgss.builders.KgssMessageBuilder
    public GetKeyResponseContent unsealGetKeyResponse(GetKeyResponse getKeyResponse) throws TechnicalConnectorException {
        SealedContentType sealedKeyResponse = getKeyResponse.getSealedKeyResponse();
        return getKeyHelper.toObject((this.key == null ? this.crypto.unseal(Crypto.SigningPolicySelector.WITHOUT_NON_REPUDIATION, sealedKeyResponse.getSealedContent()) : this.crypto.unseal(Crypto.SigningPolicySelector.WITHOUT_NON_REPUDIATION, new KeyResult(this.key, "dummy"), sealedKeyResponse.getSealedContent())).getContentAsByte());
    }

    private EncryptionToken toEncryptionToken(byte[] bArr) throws TechnicalConnectorException {
        try {
            return new EncryptionToken(bArr);
        } catch (GeneralSecurityException e) {
            LOG.debug(MessageFormat.format(TechnicalConnectorExceptionValues.ERROR_KGSS.getMessage(), "Not a valid ETK, expecting the KGSS ETK."));
            throw new TechnicalConnectorException(TechnicalConnectorExceptionValues.ERROR_KGSS, e, "Not a valid ETK, expecting the KGSS ETK.");
        }
    }

    @Override // be.ehealth.technicalconnector.config.impl.ConfigurationModuleBootstrap.ModuleBootstrapHook
    public void bootstrap() {
        JaxbContextFactory.initJaxbContext((Class<?>[]) new Class[]{GetNewKeyRequestContent.class});
        JaxbContextFactory.initJaxbContext((Class<?>[]) new Class[]{GetNewKeyResponseContent.class});
        JaxbContextFactory.initJaxbContext((Class<?>[]) new Class[]{GetKeyRequestContent.class});
        JaxbContextFactory.initJaxbContext((Class<?>[]) new Class[]{GetKeyResponseContent.class});
    }
}
