package dev.dsf.bpe.spring.config;

import de.rwh.utils.crypto.CertificateHelper;
import de.rwh.utils.crypto.io.CertificateReader;
import de.rwh.utils.crypto.io.PemIo;
import dev.dsf.bpe.client.FhirClientProvider;
import dev.dsf.bpe.client.FhirClientProviderImpl;
import dev.dsf.fhir.service.ReferenceCleaner;
import dev.dsf.fhir.service.ReferenceCleanerImpl;
import dev.dsf.fhir.service.ReferenceExtractor;
import dev.dsf.fhir.service.ReferenceExtractorImpl;
import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.UUID;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.pkcs.PKCSException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

@Configuration
/* loaded from: input_file:dev/dsf/bpe/spring/config/FhirClientConfig.class */
public class FhirClientConfig implements InitializingBean {
    private static final Logger logger = LoggerFactory.getLogger(FhirClientConfig.class);
    private static final BouncyCastleProvider provider = new BouncyCastleProvider();

    @Autowired
    private PropertiesConfig propertiesConfig;

    @Autowired
    private FhirConfig fhirConfig;

    public void afterPropertiesSet() throws Exception {
        Logger logger2 = logger;
        Object[] objArr = new Object[6];
        objArr[0] = this.propertiesConfig.getClientCertificateTrustStoreFile();
        objArr[1] = this.propertiesConfig.getClientCertificateFile();
        objArr[2] = this.propertiesConfig.getClientCertificatePrivateKeyFile();
        objArr[3] = this.propertiesConfig.getClientCertificatePrivateKeyFilePassword() != null ? "***" : "null";
        objArr[4] = this.propertiesConfig.getServerBaseUrl();
        objArr[5] = this.propertiesConfig.proxyConfig().isEnabled(this.propertiesConfig.getServerBaseUrl()) ? "enabled" : "disabled";
        logger2.info("Local webservice client config: {trustStorePath: {}, certificatePath: {}, privateKeyPath: {}, privateKeyPassword: {}, url: {}, proxy: {}}", objArr);
        Logger logger3 = logger;
        Object[] objArr2 = new Object[6];
        objArr2[0] = this.propertiesConfig.getClientCertificateTrustStoreFile();
        objArr2[1] = this.propertiesConfig.getClientCertificateFile();
        objArr2[2] = this.propertiesConfig.getClientCertificatePrivateKeyFile();
        objArr2[3] = this.propertiesConfig.getClientCertificatePrivateKeyFilePassword() != null ? "***" : "null";
        objArr2[4] = getWebsocketUrl();
        objArr2[5] = this.propertiesConfig.proxyConfig().isEnabled(getWebsocketUrl()) ? "enabled" : "disabled";
        logger3.info("Local websocket client config: {trustStorePath: {}, certificatePath: {}, privateKeyPath: {}, privateKeyPassword: {}, url: {}, proxy: {}}", objArr2);
        Logger logger4 = logger;
        Object[] objArr3 = new Object[5];
        objArr3[0] = this.propertiesConfig.getClientCertificateTrustStoreFile();
        objArr3[1] = this.propertiesConfig.getClientCertificateFile();
        objArr3[2] = this.propertiesConfig.getClientCertificatePrivateKeyFile();
        objArr3[3] = this.propertiesConfig.getClientCertificatePrivateKeyFilePassword() != null ? "***" : "null";
        objArr3[4] = this.propertiesConfig.proxyConfig().isEnabled() ? "enabled if remote server not in " + this.propertiesConfig.proxyConfig().getNoProxyUrls() : "disabled";
        logger4.info("Remote webservice client config: {trustStorePath: {}, certificatePath: {}, privateKeyPath: {}, privateKeyPassword: {}, proxy: {}}", objArr3);
    }

    @Bean
    public ReferenceCleaner referenceCleaner() {
        return new ReferenceCleanerImpl(referenceExtractor());
    }

    @Bean
    public ReferenceExtractor referenceExtractor() {
        return new ReferenceExtractorImpl();
    }

    @Bean
    public FhirClientProvider clientProvider() {
        char[] charArray = UUID.randomUUID().toString().toCharArray();
        try {
            KeyStore createKeyStore = createKeyStore(this.propertiesConfig.getClientCertificateFile(), this.propertiesConfig.getClientCertificatePrivateKeyFile(), this.propertiesConfig.getClientCertificatePrivateKeyFilePassword(), charArray);
            KeyStore createTrustStore = createTrustStore(this.propertiesConfig.getClientCertificateTrustStoreFile());
            return new FhirClientProviderImpl(this.fhirConfig.fhirContext(), referenceCleaner(), this.propertiesConfig.getServerBaseUrl(), this.propertiesConfig.getWebserviceClientLocalReadTimeout(), this.propertiesConfig.getWebserviceClientLocalConnectTimeout(), this.propertiesConfig.getWebserviceClientLocalVerbose(), createTrustStore, createKeyStore, charArray, this.propertiesConfig.getWebserviceClientRemoteReadTimeout(), this.propertiesConfig.getWebserviceClientRemoteConnectTimeout(), this.propertiesConfig.getWebserviceClientRemoteVerbose(), getWebsocketUrl(), createTrustStore, createKeyStore, charArray, this.propertiesConfig.proxyConfig());
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException | PKCSException e) {
            throw new RuntimeException(e);
        }
    }

    private String getWebsocketUrl() {
        String serverBaseUrl = this.propertiesConfig.getServerBaseUrl();
        if (serverBaseUrl.startsWith("https://")) {
            return serverBaseUrl.replace("https://", "wss://") + "/ws";
        }
        if (serverBaseUrl.startsWith("http://")) {
            return serverBaseUrl.replace("http://", "ws://") + "/ws";
        }
        throw new RuntimeException("server base url (" + serverBaseUrl + ") does not start with https:// or http://");
    }

    private KeyStore createTrustStore(String str) throws IOException, NoSuchAlgorithmException, CertificateException, KeyStoreException {
        Path path = Paths.get(str, new String[0]);
        if (Files.isReadable(path)) {
            return CertificateReader.allFromCer(path);
        }
        throw new IOException("Trust store file '" + path.toString() + "' not readable");
    }

    private KeyStore createKeyStore(String str, String str2, char[] cArr, char[] cArr2) throws IOException, PKCSException, CertificateException, KeyStoreException, NoSuchAlgorithmException {
        Path path = Paths.get(str, new String[0]);
        Path path2 = Paths.get(str2, new String[0]);
        if (!Files.isReadable(path)) {
            throw new IOException("Certificate file '" + path.toString() + "' not readable");
        }
        if (!Files.isReadable(path)) {
            throw new IOException("Private key file '" + path2.toString() + "' not readable");
        }
        X509Certificate readX509CertificateFromPem = PemIo.readX509CertificateFromPem(path);
        return CertificateHelper.toJksKeyStore(PemIo.readPrivateKeyFromPem(provider, path2, cArr), new Certificate[]{readX509CertificateFromPem}, CertificateHelper.getSubjectCommonName(readX509CertificateFromPem), cArr2);
    }
}
