package be.fgov.ehealth.technicalconnector.ra.service.impl;

import be.ehealth.technicalconnector.beid.BeIDInfo;
import be.ehealth.technicalconnector.beid.domain.Identity;
import be.ehealth.technicalconnector.exception.TechnicalConnectorException;
import be.ehealth.technicalconnector.service.sts.security.Credential;
import be.ehealth.technicalconnector.service.sts.security.impl.BeIDCredential;
import be.ehealth.technicalconnector.session.SessionServiceWithCache;
import be.ehealth.technicalconnector.utils.ConfigurableImplementation;
import be.ehealth.technicalconnector.utils.ConnectorXmlUtils;
import be.ehealth.technicalconnector.utils.IdentifierType;
import be.fgov.ehealth.certra.protocol.v1.GenerateCertificateForRenewalRequest;
import be.fgov.ehealth.certra.protocol.v1.GenerateCertificateForRenewalResponse;
import be.fgov.ehealth.certra.protocol.v1.GenerateCertificateRequest;
import be.fgov.ehealth.certra.protocol.v1.GenerateCertificateResponse;
import be.fgov.ehealth.certra.protocol.v1.GetCertificateRequest;
import be.fgov.ehealth.certra.protocol.v1.GetCertificateResponse;
import be.fgov.ehealth.certra.protocol.v1.GetEHActorQualitiesRequest;
import be.fgov.ehealth.certra.protocol.v1.GetEHActorQualitiesResponse;
import be.fgov.ehealth.certra.protocol.v1.GetExistingApplicationIdsRequest;
import be.fgov.ehealth.certra.protocol.v1.GetExistingApplicationIdsResponse;
import be.fgov.ehealth.certra.protocol.v1.GetRevocableCertificatesRequest;
import be.fgov.ehealth.certra.protocol.v1.GetRevocableCertificatesResponse;
import be.fgov.ehealth.certra.protocol.v1.RevokeRequest;
import be.fgov.ehealth.certra.protocol.v1.RevokeResponse;
import be.fgov.ehealth.certra.protocol.v1.SearchCriteriumType;
import be.fgov.ehealth.etee.ra.aqdr._1_0.protocol.EHActorQualitiesDataRequest;
import be.fgov.ehealth.etee.ra.aqdr._1_0.protocol.EHActorQualitiesDataResponse;
import be.fgov.ehealth.etee.ra.aqdr._1_0.protocol.EntityType;
import be.fgov.ehealth.etee.ra.csr._1_0.protocol.ContactDataType;
import be.fgov.ehealth.etee.ra.csr._1_0.protocol.EHealthCertificateRequest;
import be.fgov.ehealth.etee.ra.csr._1_0.protocol.UsagesType;
import be.fgov.ehealth.etee.ra.revoke._1_0.protocol.RevocableCertificateType;
import be.fgov.ehealth.etee.ra.revoke._1_0.protocol.RevocableCertificatesDataRequest;
import be.fgov.ehealth.etee.ra.revoke._1_0.protocol.RevocableCertificatesDataResponse;
import be.fgov.ehealth.etee.ra.revoke._1_0.protocol.RevokeDataRequest;
import be.fgov.ehealth.technicalconnector.ra.domain.ContactData;
import be.fgov.ehealth.technicalconnector.ra.domain.NewCertificateContract;
import be.fgov.ehealth.technicalconnector.ra.domain.Organization;
import be.fgov.ehealth.technicalconnector.ra.domain.RenewCertificateContract;
import be.fgov.ehealth.technicalconnector.ra.domain.Result;
import be.fgov.ehealth.technicalconnector.ra.domain.RevokeCertificateContract;
import be.fgov.ehealth.technicalconnector.ra.enumaration.Status;
import be.fgov.ehealth.technicalconnector.ra.enumaration.UsageType;
import be.fgov.ehealth.technicalconnector.ra.exceptions.RaException;
import be.fgov.ehealth.technicalconnector.ra.service.AuthenticationCertificateRegistrationService;
import be.fgov.ehealth.technicalconnector.ra.utils.CertificateUtils;
import be.fgov.ehealth.technicalconnector.ra.utils.RaUtils;
import java.security.NoSuchProviderException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.security.auth.x500.X500Principal;
import org.apache.commons.lang.ArrayUtils;
import org.apache.commons.lang.Validate;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:be/fgov/ehealth/technicalconnector/ra/service/impl/AuthenticationCertificateRegistrationServiceImpl.class */
public class AuthenticationCertificateRegistrationServiceImpl implements AuthenticationCertificateRegistrationService, ConfigurableImplementation, SessionServiceWithCache {
    private static final CertificateFactory CF;
    private static final Logger LOG;
    private Credential cred;
    private static Map<String, byte[]> cacheQualities;
    private static Map<String, byte[]> cacheRevokables;
    private static Map<String, List<X509Certificate>> cacheCertList;

    @Override // be.fgov.ehealth.technicalconnector.ra.service.AuthenticationCertificateRegistrationService
    public String request(NewCertificateContract newCertificateContract) throws TechnicalConnectorException {
        Validate.isTrue(newCertificateContract.isContractViewed());
        EHealthCertificateRequest eHealthCertificateRequest = new EHealthCertificateRequest();
        eHealthCertificateRequest.setCsr(newCertificateContract.getPkcs10DerEncoded());
        eHealthCertificateRequest.setContract(newCertificateContract.getContract());
        eHealthCertificateRequest.setContactData(map(newCertificateContract.getContact()));
        if (null == eHealthCertificateRequest.getUsagesType()) {
            eHealthCertificateRequest.setUsagesType(new UsagesType());
        }
        Iterator<UsageType> it = newCertificateContract.getUsageTypes().iterator();
        while (it.hasNext()) {
            eHealthCertificateRequest.getUsagesType().getUsageTypes().add(it.next().getType());
        }
        String nationalNumber = newCertificateContract.getRequestor().getNationalNumber();
        if (newCertificateContract.getDistinguishedName().isNaturalPerson()) {
            eHealthCertificateRequest.setEHActorQualitiesSignedData(getQualities(nationalNumber, EntityType.NATURAL));
        } else {
            if (!cacheQualities.containsKey(nationalNumber)) {
                cacheQualities.put(nationalNumber, getQualities(nationalNumber, EntityType.LEGAL));
            }
            eHealthCertificateRequest.setEHActorQualitiesSignedData(cacheQualities.get(nationalNumber));
        }
        if (LOG.isDebugEnabled()) {
            ConnectorXmlUtils.dump(eHealthCertificateRequest);
        }
        if (newCertificateContract instanceof RenewCertificateContract) {
            GenerateCertificateForRenewalRequest generateCertificateForRenewalRequest = new GenerateCertificateForRenewalRequest();
            generateCertificateForRenewalRequest.setEhcsr(RaUtils.transform(this.cred, eHealthCertificateRequest, EHealthCertificateRequest.class));
            return ((GenerateCertificateForRenewalResponse) RaUtils.invokeCertRa(generateCertificateForRenewalRequest, RaUtils.SOAPACTION_CERTRA_RENEW_CERT, GenerateCertificateForRenewalResponse.class).getResult()).getRequestId();
        }
        GenerateCertificateRequest generateCertificateRequest = new GenerateCertificateRequest();
        generateCertificateRequest.setEhcsr(RaUtils.transform(this.cred, eHealthCertificateRequest, EHealthCertificateRequest.class));
        return ((GenerateCertificateResponse) RaUtils.invokeCertRa(generateCertificateRequest, RaUtils.SOAPACTION_CERTRA_GEN_CERT, GenerateCertificateResponse.class).getResult()).getRequestId();
    }

    @Override // be.fgov.ehealth.technicalconnector.ra.service.AuthenticationCertificateRegistrationService
    public String renew(RenewCertificateContract renewCertificateContract) throws TechnicalConnectorException {
        return request(renewCertificateContract);
    }

    @Override // be.fgov.ehealth.technicalconnector.ra.service.AuthenticationCertificateRegistrationService
    public Result<Void> revoke(RevokeCertificateContract revokeCertificateContract) throws TechnicalConnectorException {
        Validate.isTrue(revokeCertificateContract.isContractViewed());
        String nationalNumber = BeIDInfo.getInstance().getIdentity().getNationalNumber();
        if (!cacheRevokables.containsKey(nationalNumber)) {
            cacheRevokables.put(nationalNumber, getRevocableCertificates(nationalNumber));
        }
        byte[] bArr = cacheRevokables.get(nationalNumber);
        RevocableCertificatesDataResponse revocableCertificatesDataResponse = (RevocableCertificatesDataResponse) RaUtils.transform(bArr, RevocableCertificatesDataResponse.class);
        ArrayList arrayList = new ArrayList();
        arrayList.addAll(revocableCertificatesDataResponse.getRevocablePersonalCertificates());
        arrayList.addAll(revocableCertificatesDataResponse.getRevocableOrganizationCertificates());
        String str = null;
        Iterator it = arrayList.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            RevocableCertificateType revocableCertificateType = (RevocableCertificateType) it.next();
            X509Certificate x509Certificate = revokeCertificateContract.getX509Certificate();
            if (revocableCertificateType.getAuthSerial().equals(x509Certificate.getSerialNumber().toString(10)) && x509Certificate.getIssuerX500Principal().equals(new X500Principal(revocableCertificateType.getIssuerDN()))) {
                str = revocableCertificateType.getRequestId();
                break;
            }
        }
        Validate.notNull(str);
        RevokeDataRequest revokeDataRequest = new RevokeDataRequest();
        revokeDataRequest.setRequestId(str);
        revokeDataRequest.setContract(revokeCertificateContract.getContract());
        revokeDataRequest.setRevocableCertificatesDataSignedResponse(bArr);
        RevokeRequest revokeRequest = new RevokeRequest();
        revokeRequest.setRevokeDataRequest(RaUtils.transform(this.cred, revokeDataRequest, RevokeDataRequest.class));
        Result invokeCertRa = RaUtils.invokeCertRa(revokeRequest, RaUtils.SOAPACTION_CERTRA_REVOKE, RevokeResponse.class);
        return invokeCertRa.hasStatusError() ? new Result<>("Unable to revoke certificate", invokeCertRa.getCause()) : new Result<>((Void) null);
    }

    @Override // be.fgov.ehealth.technicalconnector.ra.service.AuthenticationCertificateRegistrationService
    public Result<X509Certificate[]> poll(String str) throws TechnicalConnectorException {
        X509Certificate[] x509CertificateArr = new X509Certificate[0];
        GetCertificateRequest getCertificateRequest = new GetCertificateRequest();
        getCertificateRequest.setRequestId(str);
        Result invokeCertRa = RaUtils.invokeCertRa(getCertificateRequest, RaUtils.SOAPACTION_CERTRA_GET_CERT, GetCertificateResponse.class);
        if (!invokeCertRa.getStatus().equals(Status.OK)) {
            return invokeCertRa.getStatus().equals(Status.PENDING) ? new Result<>(invokeCertRa.getTime()) : new Result<>("Unable to obtain certificate", invokeCertRa.getCause());
        }
        X509Certificate[] x509CertificateArr2 = (X509Certificate[]) ArrayUtils.add(x509CertificateArr, CertificateUtils.toX509Certificate(((GetCertificateResponse) invokeCertRa.getResult()).getCertificate()));
        Iterator it = ((GetCertificateResponse) invokeCertRa.getResult()).getCaCertificates().iterator();
        while (it.hasNext()) {
            x509CertificateArr2 = (X509Certificate[]) ArrayUtils.add(x509CertificateArr2, CertificateUtils.toX509Certificate((byte[]) it.next()));
        }
        return new Result<>(x509CertificateArr2);
    }

    @Override // be.fgov.ehealth.technicalconnector.ra.service.AuthenticationCertificateRegistrationService
    public Result<List<X509Certificate>> getRevokableCertificates(Identity identity) throws TechnicalConnectorException {
        String nationalNumber = identity.getNationalNumber();
        if (!cacheRevokables.containsKey(nationalNumber)) {
            cacheRevokables.put(nationalNumber, getRevocableCertificates(nationalNumber));
        }
        byte[] bArr = cacheRevokables.get(nationalNumber);
        if (!cacheCertList.containsKey(nationalNumber)) {
            cacheCertList.put(nationalNumber, convert(bArr));
        }
        return new Result<>(cacheCertList.get(nationalNumber));
    }

    private List<X509Certificate> convert(byte[] bArr) throws RaException, TechnicalConnectorException {
        RevocableCertificatesDataResponse revocableCertificatesDataResponse = (RevocableCertificatesDataResponse) RaUtils.transform(bArr, RevocableCertificatesDataResponse.class);
        ArrayList arrayList = new ArrayList();
        arrayList.addAll(revocableCertificatesDataResponse.getRevocablePersonalCertificates());
        arrayList.addAll(revocableCertificatesDataResponse.getRevocableOrganizationCertificates());
        ArrayList arrayList2 = new ArrayList();
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            try {
                arrayList2.add((X509Certificate) CF.generateCertPath(Arrays.asList(poll(((RevocableCertificateType) it.next()).getRequestId()).getResult())).getCertificates().get(0));
            } catch (CertificateException e) {
                LOG.error("Unable to add revocable certificate", e);
            }
        }
        return arrayList2;
    }

    private byte[] getRevocableCertificates(String str) throws TechnicalConnectorException {
        RevocableCertificatesDataRequest revocableCertificatesDataRequest = new RevocableCertificatesDataRequest();
        revocableCertificatesDataRequest.setSSIN(str);
        GetRevocableCertificatesRequest getRevocableCertificatesRequest = new GetRevocableCertificatesRequest();
        getRevocableCertificatesRequest.setRevocableCertificatesDataRequest(RaUtils.transform(this.cred, revocableCertificatesDataRequest, RevocableCertificatesDataRequest.class));
        return ((GetRevocableCertificatesResponse) RaUtils.invokeCertRa(getRevocableCertificatesRequest, RaUtils.SOAPACTION_CERTRA_REVOCABLES, GetRevocableCertificatesResponse.class).getResult()).getRevocableCertificatesDataResponse();
    }

    @Override // be.fgov.ehealth.technicalconnector.ra.service.AuthenticationCertificateRegistrationService
    public Result<List<Organization>> getOrganizationList(Identity identity) throws TechnicalConnectorException {
        String nationalNumber = identity.getNationalNumber();
        if (!cacheQualities.containsKey(nationalNumber)) {
            cacheQualities.put(nationalNumber, getQualities(nationalNumber, EntityType.LEGAL));
        }
        EHActorQualitiesDataResponse eHActorQualitiesDataResponse = (EHActorQualitiesDataResponse) RaUtils.transform(cacheQualities.get(nationalNumber), EHActorQualitiesDataResponse.class);
        ArrayList arrayList = new ArrayList();
        for (be.fgov.ehealth.etee.ra.aqdr._1_0.protocol.Organization organization : eHActorQualitiesDataResponse.getLegalPerson().getOrganizations()) {
            organization.getIdentifier().getID();
            organization.getIdentifier().getType();
            arrayList.add(new Organization(organization.getIdentifier().getID(), IdentifierType.lookup(organization.getIdentifier().getType(), (String) null, 48), organization.getNameNl()));
        }
        return new Result<>(arrayList);
    }

    @Override // be.fgov.ehealth.technicalconnector.ra.service.AuthenticationCertificateRegistrationService
    public Result<List<String>> getApplicationIdList(Organization organization) throws TechnicalConnectorException {
        GetExistingApplicationIdsRequest getExistingApplicationIdsRequest = new GetExistingApplicationIdsRequest();
        SearchCriteriumType searchCriteriumType = new SearchCriteriumType();
        searchCriteriumType.setValue(organization.getId());
        searchCriteriumType.setType(organization.getType().getType(48));
        getExistingApplicationIdsRequest.setSearchCriterium(searchCriteriumType);
        Result invokeCertRa = RaUtils.invokeCertRa(getExistingApplicationIdsRequest, RaUtils.SOAPACTION_CERTRA_APPLICATIONIDS, GetExistingApplicationIdsResponse.class);
        ArrayList arrayList = new ArrayList();
        Iterator it = ((GetExistingApplicationIdsResponse) invokeCertRa.getResult()).getSearchCriteria().iterator();
        while (it.hasNext()) {
            arrayList.add(((SearchCriteriumType) it.next()).getApplicationID());
        }
        return new Result<>(arrayList);
    }

    private byte[] getQualities(String str, EntityType entityType) throws TechnicalConnectorException {
        EHActorQualitiesDataRequest eHActorQualitiesDataRequest = new EHActorQualitiesDataRequest();
        eHActorQualitiesDataRequest.setSSIN(str);
        eHActorQualitiesDataRequest.setEntityType(entityType);
        GetEHActorQualitiesRequest getEHActorQualitiesRequest = new GetEHActorQualitiesRequest();
        getEHActorQualitiesRequest.setEHActorQualitiesDataRequest(RaUtils.transform(this.cred, eHActorQualitiesDataRequest, EHActorQualitiesDataRequest.class));
        return ((GetEHActorQualitiesResponse) RaUtils.invokeCertRa(getEHActorQualitiesRequest, RaUtils.SOAPACTION_CERTRA_QUAL, GetEHActorQualitiesResponse.class).getResult()).getEHActorQualitiesDataResponse();
    }

    private static ContactDataType map(ContactData contactData) {
        ContactDataType contactDataType = new ContactDataType();
        contactDataType.setEmailPrivate(contactData.getEmailPrivate());
        contactDataType.setEmailGeneral(contactData.getEmailGeneral());
        contactDataType.setPhonePrivate(contactData.getPhonePrivate());
        contactDataType.setPhoneGeneral(contactData.getPhoneGeneral());
        return contactDataType;
    }

    public void initialize(Map<String, Object> map) throws TechnicalConnectorException {
        this.cred = BeIDCredential.getInstance("CertRA", "Signature");
    }

    public void flushCache() {
        cacheQualities.clear();
    }

    static {
        try {
            CF = CertificateFactory.getInstance("X.509", "BC");
            LOG = LoggerFactory.getLogger(AuthenticationCertificateRegistrationServiceImpl.class);
            cacheQualities = new HashMap();
            cacheRevokables = new HashMap();
            cacheCertList = new HashMap();
        } catch (NoSuchProviderException e) {
            throw new IllegalArgumentException(e);
        } catch (CertificateException e2) {
            throw new IllegalArgumentException(e2);
        }
    }
}
