package ch.elexis.covid.cert.service.rest;

import ch.elexis.covid.cert.service.CertificatesService;
import ch.elexis.covid.cert.service.rest.model.RecoveryModel;
import ch.elexis.covid.cert.service.rest.model.RevokeModel;
import ch.elexis.covid.cert.service.rest.model.SuccessResponse;
import ch.elexis.covid.cert.service.rest.model.TestModel;
import ch.elexis.covid.cert.service.rest.model.VaccinationModel;
import com.google.gson.Gson;
import com.google.gson.GsonBuilder;
import java.io.IOException;
import java.io.InputStream;
import java.nio.charset.StandardCharsets;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.Signature;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.Base64;
import java.util.Properties;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import javax.ws.rs.client.Client;
import javax.ws.rs.client.ClientBuilder;
import javax.ws.rs.client.ClientRequestContext;
import javax.ws.rs.client.ClientRequestFilter;
import javax.ws.rs.client.Entity;
import javax.ws.rs.client.WebTarget;
import javax.ws.rs.core.Configuration;
import javax.ws.rs.core.Response;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang3.StringUtils;
import org.glassfish.jersey.client.ClientConfig;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:ch/elexis/covid/cert/service/rest/CovidCertificateApi.class */
public class CovidCertificateApi {
    private XSignatureClientRequestFilter xSignatureClientRequestFilter;
    private CertificatesService.Mode mode;
    private Properties keyProperties;
    private Client jaxrsClient = createJaxrsClient();
    private Gson gson = new GsonBuilder().create();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:ch/elexis/covid/cert/service/rest/CovidCertificateApi$XSignatureClientRequestFilter.class */
    public class XSignatureClientRequestFilter implements ClientRequestFilter {
        private String payload;
        private String signedPayload;
        private PrivateKey privateKey;

        private XSignatureClientRequestFilter() {
        }

        public void filter(ClientRequestContext clientRequestContext) throws IOException {
            clientRequestContext.getHeaders().add("X-Signature", getSignedPayload());
        }

        public String getSignedPayload() {
            if (this.signedPayload == null) {
                signPayload();
            }
            return this.signedPayload;
        }

        private void signPayload() {
            if (this.payload != null) {
                PrivateKey privateKey = getPrivateKey();
                byte[] bytes = this.payload.replaceAll("[\\n\\r\\t ]", "").getBytes(StandardCharsets.UTF_8);
                try {
                    Signature signature = Signature.getInstance("SHA256withRSA");
                    signature.initSign(privateKey);
                    signature.update(bytes);
                    this.signedPayload = Base64.getEncoder().encodeToString(signature.sign());
                } catch (Exception e) {
                    LoggerFactory.getLogger(getClass()).warn("Error signing payload", e);
                } finally {
                    this.payload = null;
                }
            }
        }

        public void setPayload(String str) {
            this.payload = str;
            this.signedPayload = null;
        }

        private PrivateKey getPrivateKey() {
            if (this.privateKey == null) {
                this.privateKey = loadPrivateKey();
            }
            return this.privateKey;
        }

        private PrivateKey loadPrivateKey() {
            try {
                InputStream resourceAsStream = getClass().getClassLoader().getResourceAsStream("/rsc/" + CovidCertificateApi.this.keyProperties.getProperty(CovidCertificateApi.this.mode == CertificatesService.Mode.TEST ? "testkey" : "prodkey"));
                if (resourceAsStream != null) {
                    return KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(Base64.getDecoder().decode(StringUtils.substringBetween(IOUtils.toString(resourceAsStream, "UTF-8").replaceAll("(\\r|\\n|\\r\\n)+", ""), "-----BEGIN PRIVATE KEY-----", "-----END PRIVATE KEY-----"))));
                }
            } catch (Exception e) {
                LoggerFactory.getLogger(getClass()).warn("Error loading private key", e);
            }
            return null;
        }
    }

    public CovidCertificateApi(CertificatesService.Mode mode, Properties properties) {
        this.mode = mode;
        this.keyProperties = properties;
    }

    public synchronized Object vaccination(VaccinationModel vaccinationModel) {
        WebTarget path = this.jaxrsClient.target(getBaseUrl()).path("/api/v1/covidcertificate/vaccination");
        LoggerFactory.getLogger(getClass()).info("API target [" + path + "]");
        this.xSignatureClientRequestFilter.setPayload(this.gson.toJson(vaccinationModel));
        Response post = path.request().post(Entity.json(this.gson.toJson(vaccinationModel)));
        if (post.getStatus() < 300) {
            return post.readEntity(SuccessResponse.class);
        }
        String str = "[" + post.getStatus() + "]\n" + ((String) post.readEntity(String.class));
        LoggerFactory.getLogger(getClass()).error(str);
        return str;
    }

    public synchronized Object test(TestModel testModel) {
        WebTarget path = this.jaxrsClient.target(getBaseUrl()).path("/api/v1/covidcertificate/test");
        LoggerFactory.getLogger(getClass()).info("API target [" + path + "]");
        this.xSignatureClientRequestFilter.setPayload(this.gson.toJson(testModel));
        Response post = path.request().post(Entity.json(this.gson.toJson(testModel)));
        if (post.getStatus() < 300) {
            return post.readEntity(SuccessResponse.class);
        }
        String str = "[" + post.getStatus() + "]\n" + ((String) post.readEntity(String.class));
        LoggerFactory.getLogger(getClass()).error(str);
        return str;
    }

    public synchronized Object recovery(RecoveryModel recoveryModel) {
        WebTarget path = this.jaxrsClient.target(getBaseUrl()).path("/api/v1/covidcertificate/recovery");
        LoggerFactory.getLogger(getClass()).info("API target [" + path + "]");
        this.xSignatureClientRequestFilter.setPayload(this.gson.toJson(recoveryModel));
        Response post = path.request().post(Entity.json(this.gson.toJson(recoveryModel)));
        if (post.getStatus() < 300) {
            return post.readEntity(SuccessResponse.class);
        }
        String str = "[" + post.getStatus() + "]\n" + ((String) post.readEntity(String.class));
        LoggerFactory.getLogger(getClass()).error(str);
        return str;
    }

    public synchronized Object revoke(RevokeModel revokeModel) {
        WebTarget path = this.jaxrsClient.target(getBaseUrl()).path("/api/v1/covidcertificate/revoke");
        LoggerFactory.getLogger(getClass()).info("API target [" + path + "]");
        this.xSignatureClientRequestFilter.setPayload(this.gson.toJson(revokeModel));
        Response post = path.request().post(Entity.json(this.gson.toJson(revokeModel)));
        if (post.getStatus() < 300) {
            return null;
        }
        String str = "[" + post.getStatus() + "]\n" + ((String) post.readEntity(String.class));
        LoggerFactory.getLogger(getClass()).error(str);
        return str;
    }

    public synchronized Object issuableVaccines() {
        WebTarget path = this.jaxrsClient.target(getBaseUrl()).path("/api/v1/valuesets/issuable-vaccines");
        LoggerFactory.getLogger(getClass()).info("API target [" + path + "]");
        Response response = path.request().get();
        if (response.getStatus() < 300) {
            return response.readEntity(String.class);
        }
        String str = "[" + response.getStatus() + "]\n" + ((String) response.readEntity(String.class));
        LoggerFactory.getLogger(getClass()).error(str);
        return str;
    }

    public synchronized Object issuableRapidTests() {
        WebTarget path = this.jaxrsClient.target(getBaseUrl()).path("/api/v1/valuesets/issuable-rapid-tests");
        LoggerFactory.getLogger(getClass()).info("API target [" + path + "]");
        Response response = path.request().get();
        if (response.getStatus() < 300) {
            return response.readEntity(String.class);
        }
        String str = "[" + response.getStatus() + "]\n" + ((String) response.readEntity(String.class));
        LoggerFactory.getLogger(getClass()).error(str);
        return str;
    }

    private String getBaseUrl() {
        return this.mode.getUrl();
    }

    private Client createJaxrsClient() {
        try {
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            KeyStore keyStore = KeyStore.getInstance("PKCS12");
            keyStore.load(getClass().getClassLoader().getResourceAsStream("/rsc/" + this.keyProperties.getProperty(this.mode == CertificatesService.Mode.TEST ? "testcert" : "prodcert")), this.keyProperties.getProperty(this.mode == CertificatesService.Mode.TEST ? "testcertpass" : "prodcertpass").toCharArray());
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            keyManagerFactory.init(keyStore, this.keyProperties.getProperty(this.mode == CertificatesService.Mode.TEST ? "testcertpass" : "prodcertpass").toCharArray());
            sSLContext.init(keyManagerFactory.getKeyManagers(), new TrustManager[]{new X509TrustManager() { // from class: ch.elexis.covid.cert.service.rest.CovidCertificateApi.1
                @Override // javax.net.ssl.X509TrustManager
                public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
                }

                @Override // javax.net.ssl.X509TrustManager
                public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
                }

                @Override // javax.net.ssl.X509TrustManager
                public X509Certificate[] getAcceptedIssuers() {
                    return new X509Certificate[0];
                }
            }}, new SecureRandom());
            return ClientBuilder.newBuilder().sslContext(sSLContext).hostnameVerifier((str, sSLSession) -> {
                return true;
            }).withConfig(getClientConfig()).build();
        } catch (Exception e) {
            LoggerFactory.getLogger(getClass()).warn("Error creating jaxrs client", e);
            return null;
        }
    }

    private Configuration getClientConfig() {
        ClientConfig clientConfig = new ClientConfig();
        this.xSignatureClientRequestFilter = new XSignatureClientRequestFilter();
        clientConfig.register(this.xSignatureClientRequestFilter);
        return clientConfig;
    }
}
