package no.digipost.api.client.filters.response;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import javax.ws.rs.client.ClientRequestContext;
import javax.ws.rs.client.ClientResponseContext;
import javax.ws.rs.client.ClientResponseFilter;
import javax.ws.rs.ext.Provider;
import no.digipost.api.client.Headers;
import no.digipost.api.client.errorhandling.DigipostClientException;
import no.digipost.api.client.errorhandling.ErrorCode;
import no.digipost.api.client.util.LoggingUtil;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang3.StringUtils;
import org.bouncycastle.crypto.digests.SHA256Digest;
import org.bouncycastle.util.encoders.Base64;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Provider
/* loaded from: input_file:no/digipost/api/client/filters/response/ResponseContentSHA256Filter.class */
public class ResponseContentSHA256Filter implements ClientResponseFilter {
    private static final Logger LOG = LoggerFactory.getLogger(ResponseContentSHA256Filter.class);
    private boolean shouldThrow = true;

    public void setThrowOnError(boolean z) {
        this.shouldThrow = z;
    }

    public void filter(ClientRequestContext clientRequestContext, ClientResponseContext clientResponseContext) throws IOException {
        if (clientResponseContext.hasEntity()) {
            try {
                validerContentHash(clientResponseContext);
            } catch (Exception e) {
                LoggingUtil.logResponse(clientResponseContext);
                logOrThrow("Det skjedde en feil under signatursjekk: " + e.getMessage(), e);
            }
        }
    }

    private void validerContentHash(ClientResponseContext clientResponseContext) {
        try {
            String str = (String) clientResponseContext.getHeaders().getFirst(Headers.X_Content_SHA256);
            if (StringUtils.isBlank(str)) {
                throw new DigipostClientException(ErrorCode.SERVER_SIGNATURE_ERROR, "Mangler X-Content-SHA256-header - server-signatur kunne ikke valideres");
            }
            byte[] byteArray = IOUtils.toByteArray(clientResponseContext.getEntityStream());
            validerBytesMotHashHeader(str, byteArray);
            clientResponseContext.setEntityStream(new ByteArrayInputStream(byteArray));
        } catch (IOException e) {
            throw new DigipostClientException(ErrorCode.SERVER_SIGNATURE_ERROR, "Det skjedde en feil under uthenting av innhold for validering av X-Content-SHA256-header - server-signatur kunne ikke valideres");
        }
    }

    private void validerBytesMotHashHeader(String str, byte[] bArr) {
        SHA256Digest sHA256Digest = new SHA256Digest();
        sHA256Digest.update(bArr, 0, bArr.length);
        byte[] bArr2 = new byte[sHA256Digest.getDigestSize()];
        sHA256Digest.doFinal(bArr2, 0);
        if (!str.equals(new String(Base64.encode(bArr2)))) {
            throw new DigipostClientException(ErrorCode.SERVER_SIGNATURE_ERROR, "X-Content-SHA256-header matchet ikke innholdet - server-signatur er feil.");
        }
    }

    private void logOrThrow(String str, Exception exc) {
        if (this.shouldThrow) {
            if (!(exc instanceof DigipostClientException)) {
                throw new DigipostClientException(ErrorCode.SERVER_SIGNATURE_ERROR, str);
            }
            throw ((DigipostClientException) exc);
        }
        LOG.warn("Feil under validering av server signatur: '" + exc.getMessage() + "'. " + (LOG.isDebugEnabled() ? "" : "Konfigurer debug-logging for " + LOG.getName() + " for å se full stacktrace."));
        LOG.debug(exc.getMessage(), exc);
    }
}
