package com.helger.smpclient.bdxr2;

import com.helger.commons.ValueEnforcer;
import com.helger.commons.annotation.Nonempty;
import com.helger.commons.collection.impl.CommonsArrayList;
import com.helger.commons.collection.impl.ICommonsList;
import com.helger.commons.http.HttpHeaderMap;
import com.helger.peppol.sml.ISMLInfo;
import com.helger.peppol.smp.ISMPTransportProfile;
import com.helger.peppolid.CIdentifier;
import com.helger.peppolid.IDocumentTypeIdentifier;
import com.helger.peppolid.IParticipantIdentifier;
import com.helger.peppolid.IProcessIdentifier;
import com.helger.peppolid.factory.IIdentifierFactory;
import com.helger.peppolid.simple.doctype.SimpleDocumentTypeIdentifier;
import com.helger.peppolid.simple.process.SimpleProcessIdentifier;
import com.helger.security.certificate.CertificateHelper;
import com.helger.smpclient.bdxr2.marshal.BDXR2MarshallerServiceGroup;
import com.helger.smpclient.bdxr2.marshal.BDXR2MarshallerServiceMetadata;
import com.helger.smpclient.exception.SMPClientException;
import com.helger.smpclient.exception.SMPClientNotFoundException;
import com.helger.smpclient.httpclient.AbstractGenericSMPClient;
import com.helger.smpclient.httpclient.SMPHttpResponseHandlerSigned;
import com.helger.smpclient.httpclient.SMPHttpResponseHandlerUnsigned;
import com.helger.smpclient.url.ISMPURLProvider;
import com.helger.smpclient.url.SMPDNSResolutionException;
import com.helger.xsds.bdxr.smp2.ServiceGroupType;
import com.helger.xsds.bdxr.smp2.ServiceMetadataType;
import com.helger.xsds.bdxr.smp2.ac.CertificateType;
import com.helger.xsds.bdxr.smp2.ac.EndpointType;
import com.helger.xsds.bdxr.smp2.ac.ProcessMetadataType;
import com.helger.xsds.bdxr.smp2.ac.ProcessType;
import com.helger.xsds.bdxr.smp2.ac.RedirectType;
import com.helger.xsds.bdxr.smp2.ac.ServiceReferenceType;
import com.helger.xsds.bdxr.smp2.bc.IDType;
import com.helger.xsds.xmldsig.X509DataType;
import java.net.URI;
import java.security.KeyStore;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Iterator;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.xml.bind.JAXBElement;
import org.apache.hc.client5.http.classic.methods.HttpGet;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/peppol-smp-client-8.8.4.jar:com/helger/smpclient/bdxr2/BDXR2ClientReadOnly.class */
public class BDXR2ClientReadOnly extends AbstractGenericSMPClient<BDXR2ClientReadOnly> implements IBDXR2ServiceGroupProvider, IBDXR2ServiceMetadataProvider {
    public static final String PATH_OASIS_BDXR_SMP_2 = "bdxr-smp-2/";
    public static final String URL_PART_SERVICES = "services";
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) BDXR2ClientReadOnly.class);

    public BDXR2ClientReadOnly(@Nonnull ISMPURLProvider iSMPURLProvider, @Nonnull IParticipantIdentifier iParticipantIdentifier, @Nonnull ISMLInfo iSMLInfo) throws SMPDNSResolutionException {
        this(iSMPURLProvider.getSMPURIOfParticipant(iParticipantIdentifier, iSMLInfo));
    }

    public BDXR2ClientReadOnly(@Nonnull ISMPURLProvider iSMPURLProvider, @Nonnull IParticipantIdentifier iParticipantIdentifier, @Nonnull @Nonempty String str) throws SMPDNSResolutionException {
        this(iSMPURLProvider.getSMPURIOfParticipant(iParticipantIdentifier, str));
    }

    public BDXR2ClientReadOnly(@Nonnull URI uri) {
        super(uri, false);
    }

    @Nonnull
    public ServiceGroupType getServiceGroup(@Nonnull IParticipantIdentifier iParticipantIdentifier) throws SMPClientException {
        ValueEnforcer.notNull(iParticipantIdentifier, "ServiceGroupID");
        String str = getSMPHostURI() + PATH_OASIS_BDXR_SMP_2 + iParticipantIdentifier.getURIPercentEncoded();
        if (LOGGER.isDebugEnabled()) {
            LOGGER.debug("BDXR2Client getServiceGroup@" + str);
        }
        HttpGet httpGet = new HttpGet(str);
        BDXR2MarshallerServiceGroup bDXR2MarshallerServiceGroup = new BDXR2MarshallerServiceGroup(isXMLSchemaValidation());
        customizeMarshaller(bDXR2MarshallerServiceGroup);
        ServiceGroupType serviceGroupType = (ServiceGroupType) executeGenericRequest(httpGet, new SMPHttpResponseHandlerUnsigned(bDXR2MarshallerServiceGroup));
        if (LOGGER.isDebugEnabled()) {
            LOGGER.debug("Received response: " + serviceGroupType);
        }
        return serviceGroupType;
    }

    @Override // com.helger.smpclient.bdxr2.IBDXR2ServiceGroupProvider
    @Nullable
    public ServiceGroupType getServiceGroupOrNull(@Nonnull IParticipantIdentifier iParticipantIdentifier) throws SMPClientException {
        try {
            return getServiceGroup(iParticipantIdentifier);
        } catch (SMPClientNotFoundException e) {
            if (!LOGGER.isDebugEnabled()) {
                return null;
            }
            LOGGER.debug("Found no ServiceGroup");
            return null;
        }
    }

    @Nonnull
    public static ICommonsList<IDocumentTypeIdentifier> getAllDocumentTypes(@Nullable ServiceGroupType serviceGroupType, @Nonnull IIdentifierFactory iIdentifierFactory) {
        IDocumentTypeIdentifier createDocumentTypeIdentifier;
        ValueEnforcer.notNull(iIdentifierFactory, "IdentifierFactory");
        CommonsArrayList commonsArrayList = new CommonsArrayList();
        if (serviceGroupType != null) {
            Iterator<ServiceReferenceType> it = serviceGroupType.getServiceReference().iterator();
            while (it.hasNext()) {
                IDType id = it.next().getID();
                if (id != null && (createDocumentTypeIdentifier = iIdentifierFactory.createDocumentTypeIdentifier(id.getSchemeID(), id.getValue())) != null) {
                    commonsArrayList.add(createDocumentTypeIdentifier);
                }
            }
        }
        return commonsArrayList;
    }

    @Nonnull
    public ServiceMetadataType getServiceMetadata(@Nonnull IParticipantIdentifier iParticipantIdentifier, @Nonnull IDocumentTypeIdentifier iDocumentTypeIdentifier) throws SMPClientException {
        ValueEnforcer.notNull(iParticipantIdentifier, "ServiceGroupID");
        ValueEnforcer.notNull(iDocumentTypeIdentifier, "DocumentTypeID");
        String str = getSMPHostURI() + PATH_OASIS_BDXR_SMP_2 + iParticipantIdentifier.getURIPercentEncoded() + "/services/" + iDocumentTypeIdentifier.getURIPercentEncoded();
        if (LOGGER.isDebugEnabled()) {
            LOGGER.debug("BDXR2Client getServiceRegistration@" + str);
        }
        boolean isXMLSchemaValidation = isXMLSchemaValidation();
        boolean isVerifySignature = isVerifySignature();
        KeyStore trustStore = getTrustStore();
        if (isVerifySignature && trustStore == null) {
            LOGGER.error("BDXR2 SMP client Verify Signature is enabled, but no TrustStore is provided. This will not work.");
        }
        HttpGet httpGet = new HttpGet(str);
        BDXR2MarshallerServiceMetadata bDXR2MarshallerServiceMetadata = new BDXR2MarshallerServiceMetadata(isXMLSchemaValidation);
        customizeMarshaller(bDXR2MarshallerServiceMetadata);
        ServiceMetadataType serviceMetadataType = (ServiceMetadataType) executeGenericRequest(httpGet, new SMPHttpResponseHandlerSigned(bDXR2MarshallerServiceMetadata, trustStore).setVerifySignature(isVerifySignature));
        if (LOGGER.isDebugEnabled()) {
            LOGGER.debug("Received response: " + serviceMetadataType);
        }
        if (!SimpleDocumentTypeIdentifier.wrap(serviceMetadataType.getID()).hasSameContent(iDocumentTypeIdentifier)) {
            throw new SMPClientException("Requested document type '" + iDocumentTypeIdentifier.getURIEncoded() + "' and received '" + CIdentifier.getURIEncoded(serviceMetadataType.getID()) + "' - mismatch. Ignoring request.");
        }
        if (isFollowSMPRedirects()) {
            Iterator<ProcessMetadataType> it = serviceMetadataType.getProcessMetadata().iterator();
            while (it.hasNext()) {
                RedirectType redirect = it.next().getRedirect();
                if (redirect != null) {
                    LOGGER.info("Following a redirect from '" + str + "' to '" + redirect.getPublisherURIValue() + "'");
                    HttpGet httpGet2 = new HttpGet(redirect.getPublisherURIValue());
                    customizeMarshaller(new BDXR2MarshallerServiceMetadata(isXMLSchemaValidation));
                    serviceMetadataType = (ServiceMetadataType) executeGenericRequest(httpGet2, new SMPHttpResponseHandlerSigned(new BDXR2MarshallerServiceMetadata(isXMLSchemaValidation), trustStore).setVerifySignature(isVerifySignature));
                    boolean z = false;
                    if (serviceMetadataType.hasSignatureEntries()) {
                        Iterator<Object> it2 = serviceMetadataType.getSignatureAtIndex(0).getKeyInfo().getContent().iterator();
                        while (true) {
                            if (!it2.hasNext()) {
                                break;
                            }
                            Object value = ((JAXBElement) it2.next()).getValue();
                            if (value instanceof X509DataType) {
                                Iterator<Object> it3 = ((X509DataType) value).getX509IssuerSerialOrX509SKIOrX509SubjectName().iterator();
                                while (it3.hasNext()) {
                                    JAXBElement jAXBElement = (JAXBElement) it3.next();
                                    if (jAXBElement.getValue() instanceof X509Certificate) {
                                        X509Certificate x509Certificate = (X509Certificate) jAXBElement.getValue();
                                        boolean z2 = false;
                                        CommonsArrayList commonsArrayList = new CommonsArrayList();
                                        Iterator<CertificateType> it4 = redirect.getCertificate().iterator();
                                        while (true) {
                                            if (!it4.hasNext()) {
                                                break;
                                            }
                                            try {
                                                X509Certificate convertByteArrayToCertficate = CertificateHelper.convertByteArrayToCertficate(it4.next().getContentBinaryObjectValue());
                                                if (convertByteArrayToCertficate != null) {
                                                    commonsArrayList.add(convertByteArrayToCertficate);
                                                    if (convertByteArrayToCertficate.equals(x509Certificate)) {
                                                        z2 = true;
                                                        break;
                                                    }
                                                } else {
                                                    continue;
                                                }
                                            } catch (CertificateException e) {
                                                LOGGER.error("SMP Redirect contains an invalid certificate", (Throwable) e);
                                            }
                                        }
                                        if (!z2) {
                                            throw new SMPClientException("No certificate of the redirect matched the provided certificate. Retrieved certificate is '" + x509Certificate + "'. Allowed certificates according to the redirect are: " + commonsArrayList);
                                        }
                                        z = true;
                                    }
                                }
                            }
                        }
                    }
                    if (!z) {
                        throw new SMPClientException("The X509 certificate did not contain a certificate subject.");
                    }
                }
            }
        } else if (LOGGER.isDebugEnabled()) {
            LOGGER.debug("Following SMP redirects is disabled");
        }
        return serviceMetadataType;
    }

    @Override // com.helger.smpclient.bdxr2.IBDXR2ServiceMetadataProvider
    @Nullable
    public ServiceMetadataType getServiceMetadataOrNull(@Nonnull IParticipantIdentifier iParticipantIdentifier, @Nonnull IDocumentTypeIdentifier iDocumentTypeIdentifier) throws SMPClientException {
        try {
            return getServiceMetadata(iParticipantIdentifier, iDocumentTypeIdentifier);
        } catch (SMPClientNotFoundException e) {
            if (!LOGGER.isDebugEnabled()) {
                return null;
            }
            LOGGER.debug("Found no ServiceMetadata");
            return null;
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Nullable
    public static EndpointType getEndpoint(@Nonnull ServiceMetadataType serviceMetadataType, @Nonnull IProcessIdentifier iProcessIdentifier, @Nonnull ISMPTransportProfile iSMPTransportProfile) {
        ValueEnforcer.notNull(serviceMetadataType, "SignedServiceMetadata");
        ValueEnforcer.notNull(iProcessIdentifier, "ProcessID");
        ValueEnforcer.notNull(iSMPTransportProfile, "TransportProfile");
        for (ProcessMetadataType processMetadataType : serviceMetadataType.getProcessMetadata()) {
            boolean z = false;
            Iterator<ProcessType> it = processMetadataType.getProcess().iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                if (SimpleProcessIdentifier.wrap(it.next().getID()).hasSameContent(iProcessIdentifier)) {
                    z = true;
                    break;
                }
            }
            if (z) {
                CommonsArrayList commonsArrayList = new CommonsArrayList();
                for (EndpointType endpointType : processMetadataType.getEndpoint()) {
                    if (iSMPTransportProfile.getID().equals(endpointType.getTransportProfileIDValue())) {
                        commonsArrayList.add(endpointType);
                    }
                }
                if (commonsArrayList.size() != 1) {
                    LOGGER.warn("Found " + commonsArrayList.size() + " endpoints for process '" + iProcessIdentifier.getURIEncoded() + "' and transport profile '" + iSMPTransportProfile.getID() + "'" + (commonsArrayList.isEmpty() ? "" : HttpHeaderMap.SEPARATOR_KEY_VALUE + commonsArrayList.toString() + " - using the first one"));
                }
                EndpointType endpointType2 = (EndpointType) commonsArrayList.getFirst();
                if (LOGGER.isDebugEnabled()) {
                    LOGGER.debug("Found matching endpoint: " + endpointType2);
                }
                return endpointType2;
            }
        }
        if (!LOGGER.isDebugEnabled()) {
            return null;
        }
        LOGGER.debug("Found no matching SMP endpoint");
        return null;
    }

    @Nullable
    public static String getEndpointAddress(@Nullable EndpointType endpointType) {
        if (endpointType == null) {
            return null;
        }
        return endpointType.getAddressURIValue();
    }

    @Nullable
    public static byte[] getEndpointCertificateBytes(@Nullable EndpointType endpointType) {
        if (endpointType == null || endpointType.getCertificateCount() == 0) {
            return null;
        }
        return endpointType.getCertificateAtIndex(0).getContentBinaryObjectValue();
    }

    @Nullable
    public static X509Certificate getEndpointCertificate(@Nullable EndpointType endpointType) throws CertificateException {
        return CertificateHelper.convertByteArrayToCertficateDirect(getEndpointCertificateBytes(endpointType));
    }

    @Nonnull
    public static ServiceGroupType getServiceGroupByDNS(@Nonnull ISMPURLProvider iSMPURLProvider, @Nonnull ISMLInfo iSMLInfo, @Nonnull IParticipantIdentifier iParticipantIdentifier) throws SMPClientException, SMPDNSResolutionException {
        return new BDXR2ClientReadOnly(iSMPURLProvider, iParticipantIdentifier, iSMLInfo).getServiceGroup(iParticipantIdentifier);
    }

    @Nonnull
    public static ServiceMetadataType getServiceRegistrationByDNS(@Nonnull ISMPURLProvider iSMPURLProvider, @Nonnull ISMLInfo iSMLInfo, @Nonnull IParticipantIdentifier iParticipantIdentifier, @Nonnull IDocumentTypeIdentifier iDocumentTypeIdentifier) throws SMPClientException, SMPDNSResolutionException {
        return new BDXR2ClientReadOnly(iSMPURLProvider, iParticipantIdentifier, iSMLInfo).getServiceMetadata(iParticipantIdentifier, iDocumentTypeIdentifier);
    }
}
