package org.openscdp.pkiapi.subject;

import de.cardcontact.opencard.service.smartcardhsm.SmartCardHSMCardService;
import de.cardcontact.smartcardhsmprovider.SmartCardHSMProvider;
import de.cardcontact.tlv.HexString;
import jakarta.ws.rs.Consumes;
import jakarta.ws.rs.GET;
import jakarta.ws.rs.HeaderParam;
import jakarta.ws.rs.NotFoundException;
import jakarta.ws.rs.NotSupportedException;
import jakarta.ws.rs.POST;
import jakarta.ws.rs.Path;
import jakarta.ws.rs.PathParam;
import jakarta.ws.rs.Produces;
import jakarta.ws.rs.ServerErrorException;
import jakarta.ws.rs.core.Response;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.security.SecureRandom;
import java.security.cert.CertPathBuilderException;
import java.util.List;
import opencard.core.service.CardServiceException;
import opencard.core.terminal.CardTerminalException;
import opencard.opt.security.SecurityDomain;
import org.jdbi.v3.core.Handle;
import org.openscdp.pkidb.dao.SubjectDAO;
import org.openscdp.pkidb.dao.TokenDAO;
import org.openscdp.pkidb.dto.SubjectDTO;
import org.openscdp.pkidb.dto.TokenDTO;
import org.openscdp.pkidm.PKIDMContext;
import org.openscdp.pkidm.json.JSONAction;
import org.openscdp.pkidm.subject.Subject;
import org.openscdp.pkidm.subject.SubjectFactoryRegistry;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Path("/subject")
/* loaded from: input_file:org/openscdp/pkiapi/subject/SubjectResource.class */
public class SubjectResource {
    private final Logger logger = LoggerFactory.getLogger(SubjectResource.class);

    @Produces({"application/json"})
    @GET
    @Path("/{id}/token")
    public Response getTokenList(@PathParam("id") Long l, @HeaderParam("UserId") Long l2) {
        this.logger.debug("GET /subject/" + l + "/token");
        loadSubject(l, l2);
        return Response.ok(new GetTokenListResponse(loadTokenList(l.longValue()))).build();
    }

    @Produces({"application/json"})
    @GET
    @Path("/{id}/token/{tokenId}")
    public Response getToken(@PathParam("id") Long l, @PathParam("tokenId") Long l2, @HeaderParam("UserId") Long l3) {
        this.logger.debug("GET /subject/" + l + "/token/" + l2);
        loadSubject(l, l3);
        TokenDTO loadToken = loadToken(l2.longValue());
        if (loadToken == null) {
            this.logger.error("Token " + l + " not found");
            throw new NotFoundException();
        }
        GetTokenResponse getTokenResponse = new GetTokenResponse(loadToken);
        SmartCardHSMProvider provider = PKIDMContext.getHSMService().getProvider(loadToken.getPath());
        if (provider != null) {
            getTokenResponse.updateTokenStatus(provider.getSmartCardHSMCardService());
        }
        return Response.ok(getTokenResponse).build();
    }

    @Produces({"application/json"})
    @POST
    @Path("/{id}/token/{tokenId}")
    @Consumes({"application/json"})
    public Response handlePost(@PathParam("id") Long l, @PathParam("tokenId") Long l2, @HeaderParam("UserId") Long l3, JSONAction jSONAction) {
        GetPKAChallengeResponse performExternalAuthentication;
        this.logger.debug("POST /subject/" + l + "/token/" + l2);
        loadSubject(l, l3);
        TokenDTO loadToken = loadToken(l2.longValue());
        if (loadToken == null) {
            this.logger.error("Token " + l + " not found");
            throw new NotFoundException();
        }
        SmartCardHSMProvider provider = PKIDMContext.getHSMService().getProvider(loadToken.getPath());
        if (provider == null) {
            this.logger.error("HSM " + loadToken.getPath() + " not online");
            throw new NotFoundException();
        }
        if (jSONAction.action.equals("pkaChallenge")) {
            performExternalAuthentication = getPKAChallenge(provider);
        } else {
            if (!jSONAction.action.equals("externalAuthenticate")) {
                if (jSONAction.action.equals("logout")) {
                    logout(provider.getSmartCardHSMCardService());
                    return Response.ok().build();
                }
                this.logger.error("Action " + jSONAction.action + " not supported for subject");
                throw new NotSupportedException();
            }
            performExternalAuthentication = performExternalAuthentication(jSONAction, provider.getSmartCardHSMCardService());
        }
        return Response.ok(performExternalAuthentication).build();
    }

    private GetPKAChallengeResponse getPKAChallenge(SmartCardHSMProvider smartCardHSMProvider) {
        try {
            byte[] bArr = new byte[8];
            SecureRandom.getInstance("NativePRNG", (Provider) smartCardHSMProvider).nextBytes(bArr);
            return new GetPKAChallengeResponse(bArr, smartCardHSMProvider.getSmartCardHSMCardService().getDeviceId());
        } catch (NoSuchAlgorithmException e) {
            e.printStackTrace();
            throw new ServerErrorException(Response.serverError().build(), e);
        }
    }

    private void logout(SmartCardHSMCardService smartCardHSMCardService) {
        try {
            smartCardHSMCardService.closeApplication((SecurityDomain) null);
            smartCardHSMCardService.initSecureMessaging();
        } catch (CardServiceException | CardTerminalException | CertPathBuilderException e) {
            e.printStackTrace();
            throw new ServerErrorException(Response.serverError().build(), e);
        }
    }

    private PKAStatus performExternalAuthentication(JSONAction jSONAction, SmartCardHSMCardService smartCardHSMCardService) {
        try {
            smartCardHSMCardService.selectPubKeyForAuthentication(jSONAction.args.get("chr").textValue().getBytes());
            smartCardHSMCardService.externalAuthenticate(HexString.parseHexString(jSONAction.args.get("signature").textValue()));
            return PKAStatus.getStatusFromService(smartCardHSMCardService);
        } catch (CardTerminalException | CardServiceException e) {
            e.printStackTrace();
            throw new ServerErrorException(Response.serverError().build(), e);
        }
    }

    private Subject loadSubject(Long l, Long l2) {
        Handle open = PKIDMContext.getJDBI().open();
        try {
            SubjectDTO subject = ((SubjectDAO) open.attach(SubjectDAO.class)).getSubject(l.longValue());
            if (subject == null) {
                this.logger.error("Subject " + l + " not found");
                throw new NotFoundException();
            }
            SubjectFactoryRegistry subjectFactoryRegistry = PKIDMContext.getSubjectFactoryRegistry();
            if (!subjectFactoryRegistry.isSupported(subject)) {
                this.logger.error("Service request " + l + " not support by API");
                throw new NotSupportedException();
            }
            Subject byDTO = subjectFactoryRegistry.getByDTO(subject);
            if (open != null) {
                open.close();
            }
            return byDTO;
        } catch (Throwable th) {
            if (open != null) {
                try {
                    open.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    private List<TokenDTO> loadTokenList(long j) {
        Handle open = PKIDMContext.getJDBI().open();
        try {
            List<TokenDTO> tokenList = ((TokenDAO) open.attach(TokenDAO.class)).getTokenList(Long.valueOf(j));
            if (open != null) {
                open.close();
            }
            return tokenList;
        } catch (Throwable th) {
            if (open != null) {
                try {
                    open.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    private TokenDTO loadToken(long j) {
        Handle open = PKIDMContext.getJDBI().open();
        try {
            TokenDTO token = ((TokenDAO) open.attach(TokenDAO.class)).getToken(Long.valueOf(j));
            if (open != null) {
                open.close();
            }
            return token;
        } catch (Throwable th) {
            if (open != null) {
                try {
                    open.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }
}
