package no.digipost.api.client.filters.response;

import com.sun.jersey.api.client.ClientHandlerException;
import com.sun.jersey.api.client.ClientRequest;
import com.sun.jersey.api.client.ClientResponse;
import com.sun.jersey.api.client.filter.ClientFilter;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import no.digipost.api.client.DigipostClientException;
import no.digipost.api.client.ErrorType;
import no.digipost.api.client.Headers;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang.StringUtils;
import org.bouncycastle.crypto.digests.SHA256Digest;

/* loaded from: input_file:no/digipost/api/client/filters/response/ResponseContentSHA256Filter.class */
public class ResponseContentSHA256Filter extends ClientFilter {
    public ClientResponse handle(ClientRequest clientRequest) throws ClientHandlerException {
        ClientResponse handle = getNext().handle(clientRequest);
        if (handle.hasEntity()) {
            validerContentHash(handle);
        }
        return handle;
    }

    private void validerContentHash(ClientResponse clientResponse) {
        try {
            String str = (String) clientResponse.getHeaders().getFirst(Headers.X_Content_SHA256);
            if (StringUtils.isBlank(str)) {
                throw new DigipostClientException(ErrorType.SERVER_SIGNATURE_ERROR, "Ikke definert X-Content-SHA256-header, så server-signatur kunne ikke sjekkes");
            }
            byte[] byteArray = IOUtils.toByteArray(clientResponse.getEntityInputStream());
            validerBytesMotHashHeader(str, byteArray);
            clientResponse.setEntityInputStream(new ByteArrayInputStream(byteArray));
        } catch (IOException e) {
            throw new DigipostClientException(ErrorType.SERVER_SIGNATURE_ERROR, "Det skjedde en feil under uthenting av innhold for validering av X-Content-SHA256-header, så server-signatur kunne ikke sjekkes");
        }
    }

    private void validerBytesMotHashHeader(String str, byte[] bArr) {
        SHA256Digest sHA256Digest = new SHA256Digest();
        sHA256Digest.update(bArr, 0, bArr.length);
        byte[] bArr2 = new byte[sHA256Digest.getDigestSize()];
        sHA256Digest.doFinal(bArr2, 0);
        if (!str.equals(new String(Base64.encodeBase64(bArr2)))) {
            throw new DigipostClientException(ErrorType.SERVER_SIGNATURE_ERROR, "X-Content-SHA256-header matchet ikke innholdet, så server-signatur er feil.");
        }
    }
}
