package no.digipost.signature.client.core.internal;

import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.UncheckedIOException;
import java.nio.charset.StandardCharsets;
import java.util.Objects;
import java.util.Optional;
import java.util.function.Supplier;
import javax.net.ssl.SSLHandshakeException;
import no.digipost.signature.api.xml.XMLError;
import no.digipost.signature.client.core.exceptions.BrokerNotAuthorizedException;
import no.digipost.signature.client.core.exceptions.SignatureException;
import no.digipost.signature.client.core.exceptions.UnexpectedResponseException;
import no.digipost.signature.client.core.internal.http.ResponseStatus;
import no.digipost.signature.client.core.internal.http.StatusCode;
import no.digipost.signature.jaxb.JaxbMarshaller;
import org.apache.hc.core5.http.ClassicHttpResponse;
import org.apache.hc.core5.http.ContentType;
import org.apache.hc.core5.http.ProtocolException;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:no/digipost/signature/client/core/internal/ClientExceptionMapper.class */
public class ClientExceptionMapper {
    ClientExceptionMapper() {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static SignatureException exceptionForGeneralError(ClassicHttpResponse classicHttpResponse) {
        XMLError extractError = extractError(classicHttpResponse);
        return ErrorCodes.BROKER_NOT_AUTHORIZED.sameAs(extractError.getErrorCode()) ? new BrokerNotAuthorizedException(extractError) : new UnexpectedResponseException(extractError, ResponseStatus.fromHttpResponse(classicHttpResponse).get(), StatusCode.OK);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static XMLError extractError(ClassicHttpResponse classicHttpResponse) {
        InputStream content;
        try {
            Optional map = Optional.ofNullable(classicHttpResponse.getHeader("Content-Type")).map((v0) -> {
                return v0.getValue();
            }).map((v0) -> {
                return ContentType.parse(v0);
            });
            ContentType contentType = ContentType.APPLICATION_XML;
            Objects.requireNonNull(contentType);
            if (map.filter(contentType::isSameMimeType).isPresent()) {
                try {
                    content = classicHttpResponse.getEntity().getContent();
                    try {
                        XMLError xMLError = (XMLError) JaxbMarshaller.ForResponsesOfAllApis.singleton().unmarshal(content, XMLError.class);
                        if (content != null) {
                            content.close();
                        }
                        return xMLError;
                    } finally {
                    }
                } catch (IOException e) {
                    throw new UncheckedIOException("Could not extract error from body.", e);
                }
            }
            try {
                content = classicHttpResponse.getEntity().getContent();
                try {
                    ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                    byte[] bArr = new byte[1024];
                    while (true) {
                        int read = content.read(bArr);
                        if (read == -1) {
                            break;
                        }
                        byteArrayOutputStream.write(bArr, 0, read);
                    }
                    String byteArrayOutputStream2 = byteArrayOutputStream.toString(StandardCharsets.UTF_8.name());
                    if (content != null) {
                        content.close();
                    }
                    throw new UnexpectedResponseException("Content-Type " + ((String) map.map((v0) -> {
                        return v0.getMimeType();
                    }).orElse("unknown")) + ": " + ((String) Optional.ofNullable(byteArrayOutputStream2).filter(str -> {
                        return !str.trim().isEmpty();
                    }).orElse("<no content in response>")), ResponseStatus.fromHttpResponse(classicHttpResponse).get(), StatusCode.OK);
                } finally {
                }
            } catch (IOException e2) {
                throw new UncheckedIOException("Could not read body as string.", e2);
            }
        } catch (ProtocolException e3) {
            throw new RuntimeException((Throwable) e3);
        }
        throw new RuntimeException((Throwable) e3);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void doWithMappedClientException(Runnable runnable) {
        doWithMappedClientException(() -> {
            runnable.run();
            return null;
        });
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static <T> T doWithMappedClientException(Supplier<T> supplier) {
        try {
            return supplier.get();
        } catch (RuntimeException e) {
            throw map(e);
        }
    }

    private static RuntimeException map(RuntimeException runtimeException) {
        return runtimeException.getCause() instanceof SSLHandshakeException ? new SignatureException("Unable to perform SSL handshake with remote server. Some possible causes (could be others, see underlying error): \n* A certificate with the wrong KeyUsage was used. The keyUsage should be DigitalSignature\n* Erroneous configuration of the trust store\n* Intermediate network devices interfering with traffic (e.g. proxies)\n* An attacker impersonating the server (man in the middle).* Wrong TLS version. For Java 7, see 'JSSE tuning parameters' at https://blogs.oracle.com/java-platform-group/entry/diagnosing_tls_ssl_and_https for information about enabling the latest TLS versions.* Incorrect certificate. If none of the errors above fixes the issue, it may be because wrong certificate is being used. Please see the Posten signering documentation for buying and installing enterprise certificates. \n", runtimeException) : runtimeException;
    }
}
