package de.authada.eid.core.authentication;

import de.authada.cz.msebera.android.httpclient.HttpEntity;
import de.authada.cz.msebera.android.httpclient.HttpException;
import de.authada.cz.msebera.android.httpclient.HttpHeaders;
import de.authada.cz.msebera.android.httpclient.HttpMessage;
import de.authada.cz.msebera.android.httpclient.HttpResponse;
import de.authada.cz.msebera.android.httpclient.HttpStatus;
import de.authada.cz.msebera.android.httpclient.entity.ContentType;
import de.authada.cz.msebera.android.httpclient.util.EntityUtils;
import de.authada.eid.core.api.process.Config;
import de.authada.eid.core.authentication.ImmutableUnvalidatedTCTokenContext;
import de.authada.eid.core.authentication.tctoken.TCTokenParser;
import de.authada.eid.core.http.HttpClient;
import de.authada.eid.core.http.HttpRequestBuilder;
import de.authada.eid.core.support.Optional;
import de.authada.eid.core.tls.EserviceConnection;
import de.authada.eid.core.tls.EserviceConnectionBuilder;
import de.authada.eid.core.utils.StringUtils;
import de.authada.org.bouncycastle.tls.crypto.TlsCertificate;
import java.io.IOException;
import java.net.InetSocketAddress;
import java.net.URL;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Locale;
import java.util.Objects;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.xpath.XPathExpressionException;
import km.b;
import km.d;

/* loaded from: classes2.dex */
public class FetchTCTokenStep {
    private static final String TCTOKEN_TYPE_CLOSE_TAG = "</TCTokenType>";
    private static final String TCTOKEN_TYPE_OPEN_TAG = "<TCTokenType>";
    private final TCTokenParser tcTokenParser;
    private static final b LOGGER = d.b(FetchTCTokenStep.class);
    private static final ContentType EXPECTED_CONTENT_TYPE = ContentType.TEXT_XML.withCharset(StandardCharsets.UTF_8);

    public FetchTCTokenStep() {
        try {
            this.tcTokenParser = new TCTokenParser();
        } catch (ParserConfigurationException | XPathExpressionException e10) {
            throw new TCTokenException("Failed to initialize TCToken parser", e10);
        }
    }

    private void validateBody(String str) {
        String nullIfEmpty = StringUtils.toNullIfEmpty(str);
        if (nullIfEmpty == null) {
            throw new IOException("Empty body");
        }
        if (!nullIfEmpty.startsWith(TCTOKEN_TYPE_OPEN_TAG) || !nullIfEmpty.endsWith(TCTOKEN_TYPE_CLOSE_TAG)) {
            throw new IOException("Body contains illegal data");
        }
    }

    private void validateContentType(HttpMessage httpMessage) {
        ContentType parse = ContentType.parse(httpMessage.getFirstHeader("Content-Type").getValue());
        ContentType contentType = EXPECTED_CONTENT_TYPE;
        String mimeType = contentType.getMimeType();
        Locale locale = Locale.ENGLISH;
        if (!Objects.equals(mimeType.toLowerCase(locale), parse.getMimeType().toLowerCase(locale)) || !Objects.equals(contentType.getCharset(), parse.getCharset())) {
            throw new IOException("Invalid content-type");
        }
    }

    private String validateResponseAndGetBody(HttpResponse httpResponse) {
        validateContentType(httpResponse);
        String extractTCTokenString = extractTCTokenString(httpResponse);
        validateBody(extractTCTokenString);
        return extractTCTokenString;
    }

    public EserviceConnection createConnection(URL url, Config config) {
        return new EserviceConnectionBuilder().connectionTimeoutMs(config.getConnectionTimeoutMS()).connectionRetries(config.getConnectionRetries()).connectionRetryInterval(config.getConnectionRetryIntervalMs()).targetAddress(getTargetAddress(url)).build();
    }

    public String extractTCTokenString(HttpResponse httpResponse) {
        if (httpResponse == null) {
            throw new IOException("response is null");
        }
        HttpEntity entity = httpResponse.getEntity();
        if (entity != null) {
            return EntityUtils.toString(entity, StandardCharsets.UTF_8);
        }
        throw new IOException("Body is missing");
    }

    public HttpResponse getResponse(StartContext startContext, Collection<TlsCertificate> collection, ImmutableUnvalidatedTCTokenContext.Builder builder) {
        Optional<URL> of2 = Optional.of(startContext.getTCTokenURL());
        EserviceConnection eserviceConnection = null;
        HttpResponse httpResponse = null;
        while (of2.isPresent()) {
            URL url = of2.get();
            b bVar = LOGGER;
            bVar.v(url, "Trying to fetch tctoken from url {}");
            EserviceConnection createConnection = createConnection(url, startContext.getConfig());
            collection.add(createConnection.getPeerCertificate());
            bVar.p(createConnection.getPeerCertificate().getSerialNumber(), "Received eservice peer certificate with sn: {}");
            HttpResponse send = new HttpClient(createConnection).send(new HttpRequestBuilder().getMethod().path(url.getPath()).body(Optional.empty()).build());
            httpResponse = send;
            of2 = nextLocation(send);
            eserviceConnection = createConnection;
        }
        builder.eserviceConnection(eserviceConnection);
        return httpResponse;
    }

    public InetSocketAddress getTargetAddress(URL url) {
        return new InetSocketAddress(url.getHost(), url.getPort() == -1 ? url.getDefaultPort() : url.getPort());
    }

    public Optional<URL> nextLocation(HttpResponse httpResponse) {
        int statusCode = httpResponse.getStatusLine().getStatusCode();
        if (statusCode != 307) {
            switch (statusCode) {
                case HttpStatus.SC_MOVED_PERMANENTLY /* 301 */:
                case HttpStatus.SC_MOVED_TEMPORARILY /* 302 */:
                case HttpStatus.SC_SEE_OTHER /* 303 */:
                    break;
                default:
                    return Optional.empty();
            }
        }
        LOGGER.r("TC Token location is a redirect");
        return Optional.of(new URL(httpResponse.getFirstHeader(HttpHeaders.LOCATION).getValue()));
    }

    public UnvalidatedTCTokenContext process(StartContext startContext) {
        b bVar = LOGGER;
        bVar.s("Fetching tc token");
        ImmutableUnvalidatedTCTokenContext.Builder builder = ImmutableUnvalidatedTCTokenContext.builder();
        try {
            ArrayList arrayList = new ArrayList();
            HttpResponse response = getResponse(startContext, arrayList, builder);
            bVar.s("Got tctoken response");
            String validateResponseAndGetBody = validateResponseAndGetBody(response);
            bVar.p(validateResponseAndGetBody, "Received TCToken: {}");
            bVar.s("Validated response, parsing tc token");
            builder.unvalidatedTCToken(this.tcTokenParser.parse(validateResponseAndGetBody));
            builder.addAllCertificates(arrayList);
            return builder.build();
        } catch (HttpException | IOException e10) {
            throw new TCTokenException("Failed to retrieve TC Token", e10);
        }
    }
}
