package de.authada.eid.core.authentication;

import de.authada.eid.core.ConnectionBuilderException;
import de.authada.eid.core.api.process.AuthContext;
import de.authada.eid.core.api.process.Config;
import de.authada.eid.core.authentication.AdditionalEACInfo;
import de.authada.eid.core.authentication.RefreshAddressValidationStep;
import de.authada.eid.core.authentication.paos.PAOSUtils;
import de.authada.eid.core.http.URLUtils;
import de.authada.eid.core.support.Function;
import de.authada.eid.core.support.Optional;
import de.authada.eid.core.support.Supplier;
import de.authada.eid.core.tls.EserviceConnection;
import de.authada.eid.core.tls.EserviceConnectionBuilder;
import java.io.IOException;
import java.net.InetSocketAddress;
import java.net.URL;
import km.b;
import km.d;

/* loaded from: classes2.dex */
public class RefreshAddressValidationStep {
    private static final b LOGGER = d.b(RefreshAddressValidationStep.class);

    /* JADX INFO: Access modifiers changed from: private */
    public /* synthetic */ Boolean lambda$processStep$0(URL url, AuthContext authContext, AdditionalEACInfo additionalEACInfo) {
        b bVar = LOGGER;
        bVar.s("Using additional eac info");
        try {
            EserviceConnection createEserviceConnection = createEserviceConnection(url, authContext.config());
            try {
                if (!additionalEACInfo.getCertificateHashes().contains(PAOSUtils.hash(additionalEACInfo.getDigest(), createEserviceConnection.getPeerCertificate()))) {
                    Boolean bool = Boolean.FALSE;
                    createEserviceConnection.close();
                    return bool;
                }
                bVar.r("refresh url certificate hashes are valid");
                boolean validateSameOrigin = URLUtils.validateSameOrigin(additionalEACInfo.getSubjectURL(), url);
                bVar.v(Boolean.valueOf(validateSameOrigin), "same origin check result: {}");
                Boolean valueOf = Boolean.valueOf(validateSameOrigin);
                createEserviceConnection.close();
                return valueOf;
            } catch (Throwable th2) {
                if (createEserviceConnection != null) {
                    try {
                        createEserviceConnection.close();
                    } catch (Throwable th3) {
                        th2.addSuppressed(th3);
                    }
                }
                throw th2;
            }
        } catch (ConnectionBuilderException | IOException e10) {
            LOGGER.l(e10);
            return Boolean.FALSE;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public /* synthetic */ Boolean lambda$processStep$1(URL url, AuthContext authContext) {
        try {
            EserviceConnection createEserviceConnection = createEserviceConnection(url, authContext.config());
            try {
                boolean validateSameOrigin = URLUtils.validateSameOrigin(url, authContext.getTCTokenURL());
                LOGGER.v(Boolean.valueOf(validateSameOrigin), "no additional eac info, only same origin check result: {}");
                Boolean valueOf = Boolean.valueOf(validateSameOrigin);
                if (createEserviceConnection != null) {
                    createEserviceConnection.close();
                }
                return valueOf;
            } finally {
            }
        } catch (ConnectionBuilderException | IOException e10) {
            LOGGER.l(e10);
            return Boolean.FALSE;
        }
    }

    public EserviceConnection createEserviceConnection(URL url, Config config) {
        return new EserviceConnectionBuilder().connectionTimeoutMs(config.getConnectionTimeoutMS()).connectionRetries(config.getConnectionRetries()).connectionRetryInterval(config.getConnectionRetryIntervalMs()).targetAddress(new InetSocketAddress(url.getHost(), URLUtils.getPort(url))).build();
    }

    public boolean processStep(final URL url, final AuthContext authContext, Optional<AdditionalEACInfo> optional) {
        LOGGER.s("Validating RefreshAddress");
        return ((Boolean) optional.map(new Function() { // from class: wi.a
            @Override // de.authada.eid.core.support.Function
            /* renamed from: apply */
            public final Object mo2apply(Object obj) {
                Boolean lambda$processStep$0;
                lambda$processStep$0 = RefreshAddressValidationStep.this.lambda$processStep$0(url, authContext, (AdditionalEACInfo) obj);
                return lambda$processStep$0;
            }
        }).orElseGet(new Supplier() { // from class: wi.b
            @Override // de.authada.eid.core.support.Supplier
            public final Object get() {
                Boolean lambda$processStep$1;
                lambda$processStep$1 = RefreshAddressValidationStep.this.lambda$processStep$1(url, authContext);
                return lambda$processStep$1;
            }
        })).booleanValue();
    }
}
