package se.signatureservice.transactionsigning.signservice;

import java.io.BufferedReader;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.net.HttpURLConnection;
import java.net.URL;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import se.signatureservice.transactionsigning.SignerConfig;
import se.signatureservice.transactionsigning.common.InvalidConfigurationException;
import se.signatureservice.transactionsigning.common.InvalidParameterException;
import se.signatureservice.transactionsigning.common.SignatureException;
import signservice.org.apache.hc.client5.http.classic.methods.HttpPost;
import signservice.org.apache.hc.core5.http.HttpHeaders;
import signservice.org.json.JSONObject;

/* loaded from: input_file:se/signatureservice/transactionsigning/signservice/DefaultSignService.class */
public class DefaultSignService implements SignService {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) DefaultSignService.class);
    private SignerConfig config;
    private boolean initialized = false;
    private SSLContext sslContext;

    @Override // se.signatureservice.transactionsigning.signservice.SignService
    public void init(SignerConfig signerConfig) throws InvalidConfigurationException {
        this.config = signerConfig;
        if (signerConfig.getApiEndpoint() == null) {
            throw new InvalidConfigurationException("API endpoint is missing");
        }
        if (signerConfig.getSslKeyStore() != null) {
            this.sslContext = createSSLContext(signerConfig.getSslKeyStore(), signerConfig.getSslKeyStorePassword(), signerConfig.getSslTrustStore(), signerConfig.getSslAlgorithm());
        } else {
            this.sslContext = null;
        }
        this.initialized = true;
    }

    @Override // se.signatureservice.transactionsigning.signservice.SignService
    public String requestSignature(String str) throws SignatureException {
        String str2 = null;
        HttpURLConnection httpURLConnection = null;
        try {
            if (!this.initialized) {
                throw new SignatureException("SignService must be initialized before calling requestSignature");
            }
            try {
                URL url = new URL(this.config.getApiEndpoint());
                if (url.getProtocol().equalsIgnoreCase("https")) {
                    httpURLConnection = (HttpsURLConnection) url.openConnection();
                    if (this.sslContext != null) {
                        ((HttpsURLConnection) httpURLConnection).setSSLSocketFactory(this.sslContext.getSocketFactory());
                    }
                } else {
                    httpURLConnection = (HttpURLConnection) url.openConnection();
                }
                httpURLConnection.setDoOutput(true);
                httpURLConnection.setInstanceFollowRedirects(false);
                httpURLConnection.setRequestMethod(HttpPost.METHOD_NAME);
                httpURLConnection.setRequestProperty("Content-Type", "application/json");
                if (this.config.getApiKey() != null) {
                    httpURLConnection.setRequestProperty(HttpHeaders.AUTHORIZATION, "bearer " + this.config.getApiKey());
                }
                OutputStream outputStream = httpURLConnection.getOutputStream();
                outputStream.write(str.getBytes("UTF-8"));
                outputStream.close();
                httpURLConnection.getResponseCode();
                BufferedReader bufferedReader = (httpURLConnection.getResponseCode() < 200 || httpURLConnection.getResponseCode() > 299) ? new BufferedReader(new InputStreamReader(httpURLConnection.getErrorStream())) : new BufferedReader(new InputStreamReader(httpURLConnection.getInputStream()));
                StringBuilder sb = new StringBuilder();
                while (true) {
                    String readLine = bufferedReader.readLine();
                    if (readLine != null) {
                        sb.append(readLine);
                    } else {
                        try {
                            break;
                        } catch (Exception e) {
                            log.error("Invalid response received from server: " + ((Object) sb));
                        }
                    }
                }
                str2 = new JSONObject(sb.toString()).toString();
                httpURLConnection.disconnect();
                if (httpURLConnection != null) {
                    httpURLConnection.disconnect();
                }
                return str2;
            } catch (Exception e2) {
                throw new SignatureException("Error when requesting signature: " + e2.getMessage(), e2);
            }
        } catch (Throwable th) {
            if (httpURLConnection != null) {
                httpURLConnection.disconnect();
            }
            throw th;
        }
    }

    private SSLContext createSSLContext(KeyStore keyStore, String str, KeyStore keyStore2, String str2) {
        SSLContext sSLContext = null;
        try {
            sSLContext = SSLContext.getInstance(str2);
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            keyManagerFactory.init(keyStore, str.toCharArray());
            KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
            TrustManager[] trustManagerArr = null;
            if (keyStore2 != null) {
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                trustManagerFactory.init(keyStore2);
                trustManagerArr = trustManagerFactory.getTrustManagers();
            }
            sSLContext.init(keyManagers, trustManagerArr, null);
        } catch (Exception e) {
            log.error("Failed to create SSL context: " + e.getMessage(), (Throwable) e);
        }
        return sSLContext;
    }

    private KeyStore loadKeyStore(String str, String str2, String str3) throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException, InvalidParameterException {
        KeyStore keyStore = KeyStore.getInstance(str3 != null ? str3 : KeyStore.getDefaultType());
        File file = new File(str);
        InputStream resourceAsStream = getClass().getClassLoader().getResourceAsStream(str);
        if (resourceAsStream != null) {
            log.debug("Loading from classpath: " + str);
            keyStore.load(resourceAsStream, str2.toCharArray());
        } else {
            if (file == null || !file.exists()) {
                throw new InvalidParameterException("Cannot read keystore (" + str + ") from classpath or filesystem.");
            }
            log.debug("Loading from file system: " + str);
            keyStore.load(new FileInputStream(file), str2.toCharArray());
        }
        return keyStore;
    }
}
