package eu.cec.digit.ecas.client.script;

import eu.cec.digit.ecas.client.configuration.ClassLoaderLocal;
import eu.cec.digit.ecas.client.configuration.EcasConfiguration;
import eu.cec.digit.ecas.client.configuration.EcasConfigurationIntf;
import eu.cec.digit.ecas.client.configuration.EcasServerLocator;
import eu.cec.digit.ecas.client.constants.RequestConstant;
import eu.cec.digit.ecas.util.NameValuePair;
import eu.cec.digit.ecas.util.httpclient.HttpResponse;
import eu.cec.digit.ecas.util.httpclient.TwoWaySSLClient;
import java.io.IOException;
import java.security.KeyStore;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.List;
import java.util.regex.Matcher;
import java.util.regex.Pattern;

/* loaded from: input_file:eu/cec/digit/ecas/client/script/ScriptClient.class */
public final class ScriptClient {
    private static final Pattern SERVICE_TICKET_PATTERN = Pattern.compile("<(.+:)?serviceTicket>(.+)</\\1?serviceTicket>", 66);
    private static final Pattern ERROR_PATTERN = Pattern.compile("<(.+:)?error>(.+)</\\1?error>", 66);
    private final String ecasServerCertLoginUrl;
    private final TwoWaySSLClient twoWaySSLClient;

    /* loaded from: input_file:eu/cec/digit/ecas/client/script/ScriptClient$Builder.class */
    public static final class Builder {
        private String ecasServerCertLoginUrl;
        private int maxConnections;
        private boolean verifyHostname;
        private int connectTimeoutMillis;
        private int readTimeoutMillis;
        private List<X509Certificate> additionalTrustedCertificates;
        private final KeyStore keyStore;
        private final String keyAlias;
        private char[] keyPassPhrase;
        private boolean keyPassPhraseCleaned;

        public Builder(KeyStore keyStore, String str, char[] cArr) {
            this.keyStore = keyStore;
            this.keyAlias = str;
            this.keyPassPhrase = (char[]) cArr.clone();
            EcasConfigurationIntf configuration = ClassLoaderLocal.getConfiguration();
            if (null != configuration) {
                EcasServerLocator build = new EcasServerLocator.Builder(configuration).build();
                this.ecasServerCertLoginUrl = "https://" + build.getEcasBackendHostname() + ":" + build.getEcasBackEndTwoWaySslPort() + "/cas/ws/CertLoginService/http/post";
                this.maxConnections = configuration.getMaxConnections().intValue();
                this.verifyHostname = null == configuration.getStrictSSLHostnameVerification() || configuration.getStrictSSLHostnameVerification().booleanValue();
                this.connectTimeoutMillis = null == configuration.getConnectionTimeout() ? EcasConfiguration.CONNECTION_TIMEOUT_DEFAULT_VALUE : configuration.getConnectionTimeout().intValue();
                this.readTimeoutMillis = this.connectTimeoutMillis;
                this.additionalTrustedCertificates = configuration.getTrustedCertificates();
            }
        }

        public Builder additionalTrustedCertificates(List<X509Certificate> list) {
            this.additionalTrustedCertificates = list;
            return this;
        }

        public ScriptClient build() {
            validate();
            try {
                ScriptClient scriptClient = new ScriptClient(this);
                Arrays.fill(this.keyPassPhrase, (char) 0);
                this.keyPassPhrase = null;
                this.keyPassPhraseCleaned = true;
                return scriptClient;
            } catch (Throwable th) {
                Arrays.fill(this.keyPassPhrase, (char) 0);
                this.keyPassPhrase = null;
                this.keyPassPhraseCleaned = true;
                throw th;
            }
        }

        public Builder connectTimeoutMillis(int i) {
            this.connectTimeoutMillis = i;
            return this;
        }

        public Builder ecasServerCertLoginUrl(String str) {
            this.ecasServerCertLoginUrl = str;
            return this;
        }

        public Builder maxConnections(int i) {
            this.maxConnections = i;
            return this;
        }

        public Builder readTimeoutMillis(int i) {
            this.readTimeoutMillis = i;
            return this;
        }

        private void validate() {
            if (null == this.ecasServerCertLoginUrl || this.ecasServerCertLoginUrl.trim().length() == 0) {
                throw new IllegalArgumentException("ecasServerCertLoginUrl cannot be empty");
            }
            if (null == this.keyStore) {
                throw new IllegalArgumentException("keyStore cannot be null");
            }
            if (null == this.keyAlias || this.keyAlias.trim().length() == 0) {
                throw new IllegalArgumentException("keyAlias cannot be null");
            }
            if (this.keyPassPhraseCleaned) {
                throw new IllegalStateException("This Builder cannot be reused, you must create a new one");
            }
            if (null == this.keyPassPhrase) {
                throw new IllegalArgumentException("keyPassPhrase cannot be null");
            }
        }

        public Builder verifyHostname(boolean z) {
            this.verifyHostname = z;
            return this;
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    private ScriptClient(Builder builder) {
        this.ecasServerCertLoginUrl = builder.ecasServerCertLoginUrl;
        this.twoWaySSLClient = (TwoWaySSLClient) ((TwoWaySSLClient.Builder) ((TwoWaySSLClient.Builder) ((TwoWaySSLClient.Builder) ((TwoWaySSLClient.Builder) ((TwoWaySSLClient.Builder) ((TwoWaySSLClient.Builder) ((TwoWaySSLClient.Builder) ((TwoWaySSLClient.Builder) new TwoWaySSLClient.Builder().maxConnections(builder.maxConnections)).connectTimeoutMillis(builder.connectTimeoutMillis)).readTimeoutMillis(builder.readTimeoutMillis)).verifyHostname(builder.verifyHostname)).additionalTrustedCertificates(builder.additionalTrustedCertificates)).keyStore(builder.keyStore)).keyAlias(builder.keyAlias)).keyPassPhrase(builder.keyPassPhrase)).build();
    }

    public String getServiceTicket(String str) throws IOException {
        HttpResponse post = this.twoWaySSLClient.post(this.ecasServerCertLoginUrl, new NameValuePair(RequestConstant.SERVICE.toString(), str));
        if (post.getCode() != 200) {
            throw new IOException("Unable to get Service Ticket, received response: " + post);
        }
        Matcher matcher = SERVICE_TICKET_PATTERN.matcher(post.getResponse());
        if (matcher.find()) {
            return matcher.group(2);
        }
        Matcher matcher2 = ERROR_PATTERN.matcher(post.getResponse());
        if (matcher2.find()) {
            throw new IOException(matcher2.group(2));
        }
        throw new IOException("Service Ticket cannot be found in SOAP response: " + post);
    }
}
