package no.digipost.signature.client;

import java.net.Socket;
import java.net.URI;
import java.nio.file.Path;
import java.security.KeyManagementException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.time.Clock;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.function.Consumer;
import javax.net.ssl.SSLContext;
import javax.ws.rs.core.Configurable;
import javax.ws.rs.core.Configuration;
import no.digipost.signature.client.asice.ASiCEConfiguration;
import no.digipost.signature.client.asice.DocumentBundleProcessor;
import no.digipost.signature.client.asice.DumpDocumentBundleToDisk;
import no.digipost.signature.client.core.Sender;
import no.digipost.signature.client.core.exceptions.KeyException;
import no.digipost.signature.client.core.internal.http.AddRequestHeaderFilter;
import no.digipost.signature.client.core.internal.http.HttpIntegrationConfiguration;
import no.digipost.signature.client.core.internal.http.PostenEnterpriseCertificateStrategy;
import no.digipost.signature.client.core.internal.security.ProvidesCertificateResourcePaths;
import no.digipost.signature.client.core.internal.security.TrustStoreLoader;
import no.digipost.signature.client.core.internal.xml.JaxbMessageReaderWriterProvider;
import no.digipost.signature.client.security.KeyStoreConfig;
import org.apache.commons.lang3.StringUtils;
import org.apache.http.ssl.PrivateKeyDetails;
import org.apache.http.ssl.PrivateKeyStrategy;
import org.apache.http.ssl.SSLContexts;
import org.glassfish.jersey.client.ClientConfig;
import org.glassfish.jersey.filter.LoggingFilter;
import org.glassfish.jersey.media.multipart.MultiPartFeature;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:no/digipost/signature/client/ClientConfiguration.class */
public final class ClientConfiguration implements ProvidesCertificateResourcePaths, HttpIntegrationConfiguration, ASiCEConfiguration {
    private static final Logger LOG = LoggerFactory.getLogger(ClientConfiguration.class);
    private static final String JAVA_DESCRIPTION = System.getProperty("java.vendor", "unknown Java") + ", " + System.getProperty("java.version", "unknown version");
    public static final String MANDATORY_USER_AGENT = "Posten signering Java API Client/" + ClientMetadata.VERSION + " (" + JAVA_DESCRIPTION + ")";
    public static final String HTTP_REQUEST_RESPONSE_LOGGER_NAME = "no.digipost.signature.client.http.requestresponse";
    public static final int DEFAULT_SOCKET_TIMEOUT_MS = 10000;
    public static final int DEFAULT_CONNECT_TIMEOUT_MS = 10000;
    private final Configurable<? extends Configuration> jaxrsConfig;
    private final KeyStoreConfig keyStoreConfig;
    private final Iterable<String> certificatePaths;
    private final Optional<Sender> sender;
    private final URI signatureServiceRoot;
    private final Iterable<DocumentBundleProcessor> documentBundleProcessors;
    private final Clock clock;

    /* loaded from: input_file:no/digipost/signature/client/ClientConfiguration$Builder.class */
    public static class Builder {
        private final Configurable<? extends Configuration> jaxrsConfig;
        private final KeyStoreConfig keyStoreConfig;
        private int socketTimeoutMs;
        private int connectTimeoutMs;
        private Optional<String> customUserAgentPart;
        private URI serviceRoot;
        private Optional<Sender> globalSender;
        private Iterable<String> certificatePaths;
        private Optional<LoggingFilter> loggingFilter;
        private List<DocumentBundleProcessor> documentBundleProcessors;
        private Clock clock;

        private Builder(KeyStoreConfig keyStoreConfig) {
            this.socketTimeoutMs = 10000;
            this.connectTimeoutMs = 10000;
            this.customUserAgentPart = Optional.empty();
            this.serviceRoot = ServiceUri.PRODUCTION.uri;
            this.globalSender = Optional.empty();
            this.certificatePaths = Certificates.PRODUCTION.certificatePaths;
            this.loggingFilter = Optional.empty();
            this.documentBundleProcessors = new ArrayList();
            this.clock = Clock.systemDefaultZone();
            this.keyStoreConfig = keyStoreConfig;
            this.jaxrsConfig = new ClientConfig();
        }

        public Builder serviceUri(ServiceUri serviceUri) {
            return serviceUri(serviceUri.uri);
        }

        public Builder serviceUri(URI uri) {
            this.serviceRoot = uri;
            return this;
        }

        public Builder socketTimeoutMillis(int i) {
            this.socketTimeoutMs = i;
            return this;
        }

        public Builder connectTimeoutMillis(int i) {
            this.connectTimeoutMs = i;
            return this;
        }

        public Builder trustStore(Certificates certificates) {
            if (certificates == Certificates.TEST) {
                ClientConfiguration.LOG.warn("Using test certificates in trust store. This should never be done for production environments.");
            }
            return trustStore(certificates.certificatePaths);
        }

        public Builder trustStore(String... strArr) {
            return trustStore(Arrays.asList(strArr));
        }

        public Builder trustStore(Iterable<String> iterable) {
            this.certificatePaths = iterable;
            return this;
        }

        public Builder globalSender(Sender sender) {
            this.globalSender = Optional.of(sender);
            return this;
        }

        public Builder includeInUserAgent(String str) {
            this.customUserAgentPart = Optional.of(str).filter(charSequence -> {
                return StringUtils.isNoneBlank(new CharSequence[]{charSequence});
            });
            return this;
        }

        public Builder enableRequestAndResponseLogging() {
            this.loggingFilter = Optional.of(new LoggingFilter(java.util.logging.Logger.getLogger(ClientConfiguration.HTTP_REQUEST_RESPONSE_LOGGER_NAME), 16384));
            return this;
        }

        public Builder enableDocumentBundleDiskDump(Path path) {
            return addDocumentBundleProcessor(new DumpDocumentBundleToDisk(path, this.clock));
        }

        public Builder addDocumentBundleProcessor(DocumentBundleProcessor documentBundleProcessor) {
            this.documentBundleProcessors.add(documentBundleProcessor);
            return this;
        }

        public Builder customizeJaxRs(Consumer<? super Configurable<? extends Configuration>> consumer) {
            consumer.accept(this.jaxrsConfig);
            return this;
        }

        public Builder usingClock(Clock clock) {
            this.clock = clock;
            return this;
        }

        public ClientConfiguration build() {
            this.jaxrsConfig.property("jersey.config.client.readTimeout", Integer.valueOf(this.socketTimeoutMs));
            this.jaxrsConfig.property("jersey.config.client.connectTimeout", Integer.valueOf(this.connectTimeoutMs));
            this.jaxrsConfig.register(MultiPartFeature.class);
            this.jaxrsConfig.register(JaxbMessageReaderWriterProvider.class);
            this.jaxrsConfig.register(new AddRequestHeaderFilter("User-Agent", createUserAgentString()));
            Optional<LoggingFilter> optional = this.loggingFilter;
            Configurable<? extends Configuration> configurable = this.jaxrsConfig;
            configurable.getClass();
            optional.ifPresent((v1) -> {
                r1.register(v1);
            });
            return new ClientConfiguration(this.keyStoreConfig, this.jaxrsConfig, this.globalSender, this.serviceRoot, this.certificatePaths, this.documentBundleProcessors, this.clock);
        }

        String createUserAgentString() {
            return ClientConfiguration.MANDATORY_USER_AGENT + ((String) this.customUserAgentPart.map(str -> {
                return String.format(" (%s)", str);
            }).orElse(""));
        }
    }

    private ClientConfiguration(KeyStoreConfig keyStoreConfig, Configurable<? extends Configuration> configurable, Optional<Sender> optional, URI uri, Iterable<String> iterable, Iterable<DocumentBundleProcessor> iterable2, Clock clock) {
        this.keyStoreConfig = keyStoreConfig;
        this.jaxrsConfig = configurable;
        this.sender = optional;
        this.signatureServiceRoot = uri;
        this.certificatePaths = iterable;
        this.documentBundleProcessors = iterable2;
        this.clock = clock;
    }

    @Override // no.digipost.signature.client.asice.ASiCEConfiguration
    public KeyStoreConfig getKeyStoreConfig() {
        return this.keyStoreConfig;
    }

    @Override // no.digipost.signature.client.asice.ASiCEConfiguration
    public Optional<Sender> getGlobalSender() {
        return this.sender;
    }

    @Override // no.digipost.signature.client.asice.ASiCEConfiguration
    public Iterable<DocumentBundleProcessor> getDocumentBundleProcessors() {
        return this.documentBundleProcessors;
    }

    @Override // no.digipost.signature.client.asice.ASiCEConfiguration
    public Clock getClock() {
        return this.clock;
    }

    @Override // no.digipost.signature.client.core.internal.http.HttpIntegrationConfiguration
    public URI getServiceRoot() {
        return this.signatureServiceRoot;
    }

    @Override // no.digipost.signature.client.core.internal.security.ProvidesCertificateResourcePaths
    public Iterable<String> getCertificatePaths() {
        return this.certificatePaths;
    }

    @Override // no.digipost.signature.client.core.internal.http.HttpIntegrationConfiguration
    public Configuration getJaxrsConfiguration() {
        return this.jaxrsConfig.getConfiguration();
    }

    @Override // no.digipost.signature.client.core.internal.http.HttpIntegrationConfiguration
    public SSLContext getSSLContext() {
        try {
            return SSLContexts.custom().loadKeyMaterial(this.keyStoreConfig.keyStore, this.keyStoreConfig.privatekeyPassword.toCharArray(), new PrivateKeyStrategy() { // from class: no.digipost.signature.client.ClientConfiguration.1
                public String chooseAlias(Map<String, PrivateKeyDetails> map, Socket socket) {
                    return ClientConfiguration.this.keyStoreConfig.alias;
                }
            }).loadTrustMaterial(TrustStoreLoader.build(this), new PostenEnterpriseCertificateStrategy()).build();
        } catch (KeyManagementException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException e) {
            if ((e instanceof UnrecoverableKeyException) && "Given final block not properly padded".equals(e.getMessage())) {
                throw new KeyException("Unable to load key from keystore, because " + e.getClass().getSimpleName() + ": '" + e.getMessage() + "'. Possible causes:\n* Wrong password for private key (the password for the keystore and the private key may not be the same)\n* Multiple private keys in the keystore with different passwords (private keys in the same key store must have the same password)", e);
            }
            throw new KeyException("Unable to create the SSLContext, because " + e.getClass().getSimpleName() + ": '" + e.getMessage() + "'", e);
        }
    }

    public static Builder builder(KeyStoreConfig keyStoreConfig) {
        return new Builder(keyStoreConfig);
    }
}
