package org.openecard.control.module.tctoken;

import generated.TCTokenType;
import iso.std.iso_iec._24727.tech.schema.CardApplicationConnect;
import iso.std.iso_iec._24727.tech.schema.CardApplicationConnectResponse;
import iso.std.iso_iec._24727.tech.schema.CardApplicationPath;
import iso.std.iso_iec._24727.tech.schema.CardApplicationPathResponse;
import iso.std.iso_iec._24727.tech.schema.ConnectionHandleType;
import java.io.IOException;
import java.io.InputStream;
import java.io.UnsupportedEncodingException;
import java.lang.reflect.InvocationTargetException;
import java.math.BigInteger;
import java.net.MalformedURLException;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URL;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.Future;
import java.util.concurrent.FutureTask;
import org.openecard.apache.http.HttpException;
import org.openecard.bouncycastle.crypto.tls.Certificate;
import org.openecard.common.DynamicContext;
import org.openecard.common.ECardConstants;
import org.openecard.common.I18n;
import org.openecard.common.TR03112Keys;
import org.openecard.common.WSHelper;
import org.openecard.common.interfaces.Dispatcher;
import org.openecard.common.interfaces.DispatcherException;
import org.openecard.common.sal.state.CardStateEntry;
import org.openecard.common.sal.state.CardStateMap;
import org.openecard.common.util.HttpRequestLineUtils;
import org.openecard.common.util.Pair;
import org.openecard.control.module.tctoken.gui.InsertCardDialog;
import org.openecard.control.module.tctoken.hacks.ObjectTag;
import org.openecard.gui.UserConsent;
import org.openecard.recognition.CardRecognition;
import org.openecard.transport.paos.PAOS;
import org.openecard.transport.paos.PAOSException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/openecard/control/module/tctoken/GenericTCTokenHandler.class */
public class GenericTCTokenHandler {
    private static final Logger logger = LoggerFactory.getLogger(GenericTCTokenHandler.class);
    private final I18n lang = I18n.getTranslation("tctoken");
    private final CardStateMap cardStates;
    private final Dispatcher dispatcher;
    private final UserConsent gui;
    private final CardRecognition rec;

    public GenericTCTokenHandler(CardStateMap cardStateMap, Dispatcher dispatcher, UserConsent userConsent, CardRecognition cardRecognition) {
        this.cardStates = cardStateMap;
        this.dispatcher = dispatcher;
        this.gui = userConsent;
        this.rec = cardRecognition;
    }

    public TCTokenRequest parseRequestURI(URI uri) throws UnsupportedEncodingException, TCTokenException {
        Map<String, String> transform = HttpRequestLineUtils.transform(uri.getRawQuery());
        if (transform.containsKey("tcTokenURL")) {
            TCTokenRequest parseTCTokenRequestURI = parseTCTokenRequestURI(transform);
            parseTCTokenRequestURI.setTokenFromObject(false);
            return parseTCTokenRequestURI;
        }
        if (!transform.containsKey("activationObject")) {
            throw new TCTokenException("No suitable set of parameters given in the request.");
        }
        TCTokenRequest parseObjectURI = parseObjectURI(transform);
        parseObjectURI.setTokenFromObject(true);
        return parseObjectURI;
    }

    private TCTokenRequest parseTCTokenRequestURI(Map<String, String> map) throws TCTokenException {
        TCTokenRequest tCTokenRequest = new TCTokenRequest();
        for (Map.Entry<String, String> entry : map.entrySet()) {
            String key = entry.getKey();
            String value = entry.getValue();
            if (key.equals("tcTokenURL")) {
                if (value == null || value.isEmpty()) {
                    throw new TCTokenException("Parameter tcTokenURL contains no value.");
                }
                try {
                    URL url = new URL(value);
                    Pair<TCTokenType, List<Pair<URL, Certificate>>> generateTCToken = TCTokenFactory.generateTCToken(url);
                    tCTokenRequest.setTCToken(generateTCToken.p1);
                    tCTokenRequest.setCertificates(generateTCToken.p2);
                    tCTokenRequest.setTCTokenURL(url);
                } catch (MalformedURLException e) {
                    throw new TCTokenException("The tcTokenURL parameter contains an invalid URL: " + value, e);
                } catch (IOException e2) {
                    throw new TCTokenException("Failed to fetch TCToken.", e2);
                }
            } else if (key.equals("ifdName")) {
                if (value == null || value.isEmpty()) {
                    throw new TCTokenException("Parameter ifdName contains no value.");
                }
                tCTokenRequest.setIFDName(value);
            } else if (key.equals("contextHandle")) {
                if (value == null || value.isEmpty()) {
                    throw new TCTokenException("Parameter contextHandle contains no value.");
                }
                tCTokenRequest.setContextHandle(value);
            } else if (key.equals("slotIndex")) {
                if (value == null || value.isEmpty()) {
                    throw new TCTokenException("Parameter slotIndex contains no value.");
                }
                tCTokenRequest.setSlotIndex(value);
            } else if (!key.equals("cardType")) {
                logger.info("Unknown query element: {}", key);
            } else {
                if (value == null || value.isEmpty()) {
                    throw new TCTokenException("Parameter cardType contains no value.");
                }
                tCTokenRequest.setCardType(value);
            }
        }
        return tCTokenRequest;
    }

    private TCTokenRequest parseObjectURI(Map<String, String> map) throws TCTokenException {
        TCTokenRequest tCTokenRequest = new TCTokenRequest();
        for (Map.Entry<String, String> entry : map.entrySet()) {
            String key = entry.getKey();
            String value = entry.getValue();
            if ("activationObject".equals(key)) {
                tCTokenRequest.setTCToken(TCTokenFactory.generateTCToken(value));
            } else if ("serverCertificate".equals(key)) {
            }
        }
        return tCTokenRequest;
    }

    private ConnectionHandleType getFirstHandle(String str) {
        String translatedCardName = this.rec.getTranslatedCardName(str);
        ConnectionHandleType connectionHandleType = new ConnectionHandleType();
        ConnectionHandleType.RecognitionInfo recognitionInfo = new ConnectionHandleType.RecognitionInfo();
        recognitionInfo.setCardType(str);
        connectionHandleType.setRecognitionInfo(recognitionInfo);
        Set<CardStateEntry> matchingEntries = this.cardStates.getMatchingEntries(connectionHandleType);
        return matchingEntries.isEmpty() ? new InsertCardDialog(this.gui, this.cardStates, str, translatedCardName).show() : matchingEntries.iterator().next().handleCopy();
    }

    private TCTokenResponse doPAOS(TCTokenRequest tCTokenRequest, ConnectionHandleType connectionHandleType) throws PAOSException, DispatcherException {
        TCTokenType tCToken = tCTokenRequest.getTCToken();
        try {
            CardApplicationPath cardApplicationPath = new CardApplicationPath();
            cardApplicationPath.setCardAppPathRequest(connectionHandleType);
            CardApplicationPathResponse cardApplicationPathResponse = (CardApplicationPathResponse) this.dispatcher.deliver(cardApplicationPath);
            WSHelper.checkResult(cardApplicationPathResponse);
            CardApplicationConnect cardApplicationConnect = new CardApplicationConnect();
            cardApplicationConnect.setCardApplicationPath(cardApplicationPathResponse.getCardAppPathResultSet().getCardApplicationPathResult().get(0));
            CardApplicationConnectResponse cardApplicationConnectResponse = (CardApplicationConnectResponse) this.dispatcher.deliver(cardApplicationConnect);
            ConnectionHandleType connectionHandle = cardApplicationConnectResponse.getConnectionHandle();
            WSHelper.checkResult(cardApplicationConnectResponse);
            FutureTask futureTask = new FutureTask(new PAOSTask(this.dispatcher, connectionHandle, tCTokenRequest));
            new Thread(futureTask, PAOS.HEADER_KEY_PAOS).start();
            if (!tCTokenRequest.isTokenFromObject()) {
                waitForTask(futureTask);
            }
            TCTokenResponse tCTokenResponse = new TCTokenResponse();
            tCTokenResponse.setRefreshAddress(new URL(tCToken.getRefreshAddress()));
            tCTokenResponse.setPAOSTask(futureTask);
            tCTokenResponse.setResult(WSHelper.makeResultOK());
            return tCTokenResponse;
        } catch (InvocationTargetException e) {
            logger.error(e.getMessage(), (Throwable) e);
            throw new DispatcherException(e);
        } catch (MalformedURLException e2) {
            logger.error(e2.getMessage(), (Throwable) e2);
            throw new PAOSException(e2);
        } catch (WSHelper.WSException e3) {
            logger.error("Failed to connect to card.", (Throwable) e3);
            throw new DispatcherException("Failed to connect to card.", e3);
        }
    }

    public TCTokenResponse handleActivate(TCTokenRequest tCTokenRequest) {
        DynamicContext dynamicContext = DynamicContext.getInstance(TR03112Keys.INSTANCE_KEY);
        boolean isPerformTR03112Checks = ObjectTag.isPerformTR03112Checks(tCTokenRequest);
        if (!isPerformTR03112Checks) {
            logger.warn("Checks according to BSI TR03112 3.4.2, 3.4.4 (TCToken specific) and 3.4.5 are disabled.");
        }
        boolean z = tCTokenRequest.getTCTokenURL() == null;
        if (z) {
            logger.warn("Checks according to BSI TR03112 3.4.4 (TCToken specific) are disabled.");
        }
        dynamicContext.put(TR03112Keys.TCTOKEN_CHECKS, Boolean.valueOf(isPerformTR03112Checks));
        dynamicContext.put(TR03112Keys.OBJECT_ACTIVATION, Boolean.valueOf(z));
        dynamicContext.put(TR03112Keys.TCTOKEN_SERVER_CERTIFICATES, tCTokenRequest.getCertificates());
        dynamicContext.put(TR03112Keys.TCTOKEN_URL, tCTokenRequest.getTCTokenURL());
        ConnectionHandleType connectionHandleType = null;
        TCTokenResponse tCTokenResponse = new TCTokenResponse();
        byte[] contextHandle = tCTokenRequest.getContextHandle();
        String iFDName = tCTokenRequest.getIFDName();
        BigInteger slotIndex = tCTokenRequest.getSlotIndex();
        if (contextHandle == null || iFDName == null || slotIndex == null) {
            connectionHandleType = getFirstHandle(tCTokenRequest.getCardType());
        } else {
            ConnectionHandleType connectionHandleType2 = new ConnectionHandleType();
            connectionHandleType2.setContextHandle(contextHandle);
            connectionHandleType2.setIFDName(iFDName);
            connectionHandleType2.setSlotIndex(slotIndex);
            Set<CardStateEntry> matchingEntries = this.cardStates.getMatchingEntries(connectionHandleType2);
            if (!matchingEntries.isEmpty()) {
                connectionHandleType = ((CardStateEntry[]) matchingEntries.toArray(new CardStateEntry[0]))[0].handleCopy();
            }
        }
        if (connectionHandleType == null) {
            logger.error("No card available for the given ConnectionHandle.");
            tCTokenResponse.setResult(WSHelper.makeResultError(ECardConstants.Minor.SAL.CANCELLATION_BY_USER, "No card available for the given ConnectionHandle."));
            return tCTokenResponse;
        }
        try {
            tCTokenResponse = determineRefreshURL(tCTokenRequest, doPAOS(tCTokenRequest, connectionHandleType));
            return tCTokenResponse;
        } catch (IOException e) {
            logger.error(e.getMessage(), (Throwable) e);
            tCTokenResponse.setResult(WSHelper.makeResultUnknownError(e.getMessage()));
            return tCTokenResponse;
        } catch (DispatcherException e2) {
            logger.error(e2.getMessage(), (Throwable) e2);
            tCTokenResponse.setResult(WSHelper.makeResultError(ECardConstants.Minor.App.INCORRECT_PARM, e2.getMessage()));
            return tCTokenResponse;
        } catch (PAOSException e3) {
            logger.error(e3.getMessage(), (Throwable) e3);
            Throwable cause = e3.getCause();
            if (cause instanceof WSHelper.WSException) {
                tCTokenResponse.setResult(((WSHelper.WSException) cause).getResult());
            } else {
                tCTokenResponse.setResult(WSHelper.makeResultError(ECardConstants.Minor.App.INCORRECT_PARM, e3.getMessage()));
            }
            return tCTokenResponse;
        }
    }

    private static void waitForTask(Future<?> future) throws PAOSException, DispatcherException {
        try {
            future.get();
        } catch (InterruptedException e) {
            logger.error(e.getMessage(), (Throwable) e);
            throw new PAOSException(e);
        } catch (ExecutionException e2) {
            logger.error(e2.getMessage(), (Throwable) e2);
            if (e2.getCause() instanceof PAOSException) {
                throw ((PAOSException) e2.getCause());
            }
            if (!(e2.getCause() instanceof DispatcherException)) {
                throw new PAOSException(e2);
            }
            throw ((DispatcherException) e2.getCause());
        }
    }

    private TCTokenResponse determineRefreshURL(TCTokenRequest tCTokenRequest, TCTokenResponse tCTokenResponse) throws IOException {
        try {
            URL refreshAddress = tCTokenResponse.getRefreshAddress();
            DynamicContext dynamicContext = DynamicContext.getInstance(TR03112Keys.INSTANCE_KEY);
            Object obj = dynamicContext.get(TR03112Keys.OBJECT_ACTIVATION);
            if ((obj instanceof Boolean) && ((Boolean) obj).booleanValue()) {
                return tCTokenResponse;
            }
            Pair<InputStream, List<Pair<URL, Certificate>>> stream = TCTokenGrabber.getStream(refreshAddress, new RedirectCertificateVerifier(ObjectTag.isPerformTR03112Checks(tCTokenRequest)));
            if (stream.p1 != null) {
                throw new IOException("Return-To-Websession yielded a non-redirect response.");
            }
            List<Pair<URL, Certificate>> list = stream.p2;
            URL url = list.get(list.size() - 1).p1;
            dynamicContext.clear();
            DynamicContext.remove();
            logger.debug("Setting redirect address to '{}'.", url);
            tCTokenResponse.setRefreshAddress(url);
            return tCTokenResponse;
        } catch (URISyntaxException e) {
            throw new IOException(e);
        } catch (HttpException e2) {
            throw new IOException(e2);
        }
    }
}
