package cz.tomasdvorak.eet.client.security;

import cz.etrzby.xml.EET;
import cz.etrzby.xml.EETService;
import cz.tomasdvorak.eet.client.config.EndpointType;
import cz.tomasdvorak.eet.client.dto.WebserviceConfiguration;
import cz.tomasdvorak.eet.client.exceptions.DnsLookupFailedException;
import cz.tomasdvorak.eet.client.exceptions.DnsTimeoutException;
import cz.tomasdvorak.eet.client.logging.WebserviceLogging;
import cz.tomasdvorak.eet.client.networking.DnsResolverWithTimeout;
import cz.tomasdvorak.eet.client.timing.TimingReceiveInterceptor;
import cz.tomasdvorak.eet.client.timing.TimingSendInterceptor;
import java.util.HashMap;
import javax.xml.ws.BindingProvider;
import org.apache.cxf.endpoint.Client;
import org.apache.cxf.frontend.ClientProxy;
import org.apache.cxf.jaxws.JaxWsProxyFactoryBean;
import org.apache.cxf.transport.http.HTTPConduit;
import org.apache.cxf.transports.http.configuration.HTTPClientPolicy;
import org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor;
import org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:cz/tomasdvorak/eet/client/security/SecureEETCommunication.class */
public class SecureEETCommunication {
    private static final String CRYPTO_INSTANCE_KEY = "eetCryptoInstance";
    private static final String JAVAX_NET_SSL_KEY_STORE_PASSWORD = "javax.net.ssl.keyStorePassword";
    public static final String SUBJECT_CERT_CONSTRAINTS = ".*O=Česká republika - Generální finanční ředitelství.*";
    private final ClientKey clientKey;
    private final ServerKey serverRootCa;
    private final WebserviceConfiguration wsConfiguration;
    private static final Logger logger = LoggerFactory.getLogger(SecureEETCommunication.class);
    private static final EETService WEBSERVICE = new EETService();

    /* JADX INFO: Access modifiers changed from: protected */
    public SecureEETCommunication(ClientKey clientKey, ServerKey serverKey, WebserviceConfiguration webserviceConfiguration) {
        this.clientKey = clientKey;
        this.serverRootCa = serverKey;
        this.wsConfiguration = webserviceConfiguration;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public EET getPort(EndpointType endpointType) throws DnsTimeoutException, DnsLookupFailedException {
        if (this.wsConfiguration.getDnsLookupTimeout() > 0) {
            logger.info(String.format("DNS lookup resolved %s to %s", endpointType, new DnsResolverWithTimeout(this.wsConfiguration.getDnsLookupTimeout()).resolveAddress(endpointType.getWebserviceUrl())));
        }
        JaxWsProxyFactoryBean jaxWsProxyFactoryBean = new JaxWsProxyFactoryBean();
        jaxWsProxyFactoryBean.setServiceClass(EET.class);
        jaxWsProxyFactoryBean.getClientFactoryBean().getServiceFactory().setWsdlURL(WEBSERVICE.getWSDLDocumentLocation());
        jaxWsProxyFactoryBean.setServiceName(WEBSERVICE.getServiceName());
        EET eet = (EET) jaxWsProxyFactoryBean.create();
        Client client = ClientProxy.getClient(eet);
        ensureHTTPSKeystorePassword();
        configureEndpointUrl(eet, endpointType.getWebserviceUrl());
        configureSchemaValidation(eet);
        configureTimeout(client);
        configureLogging(client);
        configureSigning(client);
        return eet;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public ClientKey getClientKey() {
        return this.clientKey;
    }

    private void ensureHTTPSKeystorePassword() {
        if (System.getProperty(JAVAX_NET_SSL_KEY_STORE_PASSWORD) == null) {
            System.setProperty(JAVAX_NET_SSL_KEY_STORE_PASSWORD, "changeit");
        }
    }

    private void configureSigning(Client client) {
        client.getOutInterceptors().add(createSigningInterceptor());
        client.getInInterceptors().add(createValidatingInterceptor());
        client.getInInterceptors().add(new SignatureFaultInterceptor());
    }

    private WSS4JInInterceptor createValidatingInterceptor() {
        HashMap hashMap = new HashMap();
        hashMap.put("action", "Signature");
        hashMap.put(CRYPTO_INSTANCE_KEY, this.serverRootCa.getCrypto());
        hashMap.put("signaturePropRefId", CRYPTO_INSTANCE_KEY);
        hashMap.put("sigSubjectCertConstraints", SUBJECT_CERT_CONSTRAINTS);
        hashMap.put("enableRevocation", "true");
        return new WSS4JEetInInterceptor(hashMap);
    }

    private WSS4JOutInterceptor createSigningInterceptor() {
        HashMap hashMap = new HashMap();
        hashMap.put("action", "Signature");
        hashMap.put("passwordCallbackRef", this.clientKey.getClientPasswordCallback());
        hashMap.put("signatureUser", this.clientKey.getAlias());
        hashMap.put(CRYPTO_INSTANCE_KEY, this.clientKey.getCrypto());
        hashMap.put("signaturePropRefId", CRYPTO_INSTANCE_KEY);
        hashMap.put("signatureKeyIdentifier", "DirectReference");
        hashMap.put("signatureAlgorithm", "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256");
        hashMap.put("signatureDigestAlgorithm", "http://www.w3.org/2001/04/xmlenc#sha256");
        return new WSS4JEetOutInterceptor(hashMap);
    }

    private void configureTimeout(Client client) {
        HTTPConduit conduit = client.getConduit();
        HTTPClientPolicy hTTPClientPolicy = new HTTPClientPolicy();
        hTTPClientPolicy.setReceiveTimeout(this.wsConfiguration.getReceiveTimeout());
        hTTPClientPolicy.setConnectionTimeout(this.wsConfiguration.getReceiveTimeout());
        hTTPClientPolicy.setAsyncExecuteTimeout(this.wsConfiguration.getReceiveTimeout());
        conduit.setClient(hTTPClientPolicy);
    }

    private void configureEndpointUrl(EET eet, String str) {
        ((BindingProvider) eet).getRequestContext().put("javax.xml.ws.service.endpoint.address", str);
    }

    private void configureSchemaValidation(EET eet) {
        ((BindingProvider) eet).getRequestContext().put("schema-validation-enabled", "true");
    }

    private void configureLogging(Client client) {
        client.getInInterceptors().add(WebserviceLogging.LOGGING_IN_INTERCEPTOR);
        client.getOutInterceptors().add(WebserviceLogging.LOGGING_OUT_INTERCEPTOR);
        client.getOutInterceptors().add(TimingSendInterceptor.INSTANCE);
        client.getInInterceptors().add(TimingReceiveInterceptor.INSTANCE);
    }
}
