package com.suncode.plugin.plusksef.api.service;

import com.google.common.io.ByteStreams;
import com.google.common.io.Resources;
import com.google.gson.Gson;
import com.suncode.plugin.plusksef.api.enums.KsefSystemType;
import com.suncode.plugin.plusksef.api.enums.SessionStatus;
import com.suncode.plugin.plusksef.api.model.ExceptionResponse;
import com.suncode.plugin.plusksef.api.model.auth.AuthorisationChallengeRequest;
import com.suncode.plugin.plusksef.api.model.auth.AuthorisationChallengeResponse;
import com.suncode.plugin.plusksef.api.model.auth.ContextIdentifier;
import com.suncode.plugin.plusksef.api.model.auth.InitSignedResponse;
import com.suncode.plugin.plusksef.api.model.auth.ReferenceNumberStatus;
import com.suncode.plugin.plusksef.api.model.invoice.InvoiceStatusResponse;
import com.suncode.plugin.plusksef.api.model.invoice.SendInvoiceRequest;
import com.suncode.plugin.plusksef.api.model.invoice.SendInvoiceResponse;
import com.suncode.plugin.plusksef.api.model.query.InvoiceQueryRequest;
import com.suncode.plugin.plusksef.api.model.query.InvoiceQueryResponse;
import com.suncode.plugin.plusksef.api.model.session.SessionTerminateResponse;
import com.suncode.plugin.plusksef.api.service.dto.SessionInfo;
import com.suncode.plugin.plusksef.configuration.dto.KsefImportConfig;
import java.io.IOException;
import java.io.InputStream;
import java.nio.charset.StandardCharsets;
import java.security.KeyFactory;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.X509EncodedKeySpec;
import java.text.SimpleDateFormat;
import java.util.Base64;
import java.util.Date;
import java.util.LinkedList;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.concurrent.TimeUnit;
import javax.crypto.Cipher;
import net.sf.saxon.om.StandardNames;
import okhttp3.MediaType;
import okhttp3.OkHttpClient;
import okhttp3.Request;
import okhttp3.RequestBody;
import okhttp3.Response;
import okhttp3.ResponseBody;
import org.apache.commons.lang3.StringUtils;
import org.jetbrains.annotations.NotNull;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Service;

@Service
/* loaded from: input_file:com/suncode/plugin/plusksef/api/service/KsEFServiceImpl.class */
public class KsEFServiceImpl implements KSeFService {
    public static final String UNSUCCESSFUL_RESPONSE_MSG = "Unsuccessful response from KSeF";
    public static final String TOKEN_HEADER_NAME = "SessionToken";
    public static final String APPLICATION_JSON = "application/json";
    public static final String RSA_ECB_PKCS_1_PADDING = "RSA/ECB/PKCS1Padding";
    private static final String TOKEN_REQUEST_TEMPLATE_PATH = "xml/InitSessionTokenRequest_template.xml";
    private static final String PUBLIC_KEY_PATH = "publickey/<SYSTEM_TYPE>/publicKey.der";
    private static final String POST = "POST";
    private static final String RSA = "RSA";
    private static final String PUT = "PUT";
    private static final String ACCEPT = "accept";
    private static final String SHA_256 = "SHA-256";
    private static final String BASE64 = "Base64";
    private final Gson gson = new Gson();
    private final SimpleDateFormat dateFormat = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss.SSSXXX");
    private static final Logger log = LoggerFactory.getLogger(KsEFServiceImpl.class);
    private static final ClassLoader CLASS_LOADER = KsEFServiceImpl.class.getClassLoader();
    private static final MediaType OCTET = MediaType.get("application/octet-stream; charset=utf-8");
    private static final List<SessionInfo> activeSessions = new LinkedList();
    private static final OkHttpClient client = new OkHttpClient.Builder().connectTimeout(40, TimeUnit.SECONDS).readTimeout(40, TimeUnit.SECONDS).build();

    @Override // com.suncode.plugin.plusksef.api.service.KSeFService
    public AuthorisationChallengeResponse authorisationChallenge(String str, String str2, AuthorisationChallengeRequest.IdentifierType identifierType) throws IOException, ApiException {
        return (AuthorisationChallengeResponse) executeRequest(new Request.Builder().url(str + "/online/Session/AuthorisationChallenge").method(POST, jsonRequestBody(getAuthorisationChallengeRequest(str2, identifierType))).build(), AuthorisationChallengeResponse.class);
    }

    @NotNull
    private AuthorisationChallengeRequest getAuthorisationChallengeRequest(String str, AuthorisationChallengeRequest.IdentifierType identifierType) {
        return AuthorisationChallengeRequest.builder().contextIdentifier(ContextIdentifier.builder().type(identifierType).identifier(str).build()).build();
    }

    @Override // com.suncode.plugin.plusksef.api.service.KSeFService
    public InitSignedResponse initToken(String str, byte[] bArr) throws IOException, ApiException {
        return (InitSignedResponse) executeRequest(new Request.Builder().url(str + "/online/Session/InitToken").method(POST, octetRequestBody(bArr)).build(), InitSignedResponse.class);
    }

    @Override // com.suncode.plugin.plusksef.api.service.KSeFService
    public InvoiceQueryResponse invoiceQuery(String str, String str2, Date date, Date date2, int i, int i2) throws IOException, ApiException {
        InvoiceQueryRequest invoiceQueryRequest = getInvoiceQueryRequest("subject2", "incremental", date, date2);
        String format = String.format("/online/Query/Invoice/Sync?PageSize=%d&PageOffset=%d", Integer.valueOf(i), Integer.valueOf(i2));
        log.debug(jsonRequestBody(invoiceQueryRequest).toString());
        return (InvoiceQueryResponse) executeRequest(new Request.Builder().url(str + format).method(POST, jsonRequestBody(invoiceQueryRequest)).addHeader(TOKEN_HEADER_NAME, str2).build(), InvoiceQueryResponse.class);
    }

    @NotNull
    private InvoiceQueryRequest getInvoiceQueryRequest(String str, String str2, Date date, Date date2) {
        return InvoiceQueryRequest.builder().queryCriteria(InvoiceQueryRequest.QueryCriteria.builder().subjectType(str).type(str2).acquisitionTimestampThresholdFrom(this.dateFormat.format(date)).acquisitionTimestampThresholdTo(this.dateFormat.format(date2)).build()).build();
    }

    @Override // com.suncode.plugin.plusksef.api.service.KSeFService
    @NotNull
    public byte[] getInvoice(String str, String str2, String str3) throws ApiException {
        return getDocumentByteArray(new Request.Builder().url(str + String.format("/online/Invoice/Get/%s", str2)).addHeader(TOKEN_HEADER_NAME, str3).build());
    }

    @Override // com.suncode.plugin.plusksef.api.service.KSeFService
    public SessionInfo getSession(KsefImportConfig ksefImportConfig) throws Exception {
        Optional<SessionInfo> findFirst = activeSessions.stream().filter(sessionInfo -> {
            return sessionInfo.getNip().equals(ksefImportConfig.getNip()) && sessionInfo.getKsefSystemType().equals(ksefImportConfig.getKsefSystemType());
        }).findFirst();
        if (findFirst.isPresent()) {
            if (isSessionActive(ksefImportConfig.getKsefUrl(), findFirst.get().getReferenceNumber())) {
                return findFirst.get();
            }
            activeSessions.remove(findFirst.get());
        }
        SessionInfo createNewSession = createNewSession(ksefImportConfig);
        activeSessions.add(createNewSession);
        waitingForSessionActivation(ksefImportConfig.getKsefUrl(), createNewSession.getReferenceNumber(), StandardNames.XSL_NUMBER);
        return createNewSession;
    }

    private SessionInfo createNewSession(KsefImportConfig ksefImportConfig) throws Exception {
        log.info("Generate new SessionToken");
        AuthorisationChallengeResponse authorisationChallenge = authorisationChallenge(ksefImportConfig.getKsefUrl(), ksefImportConfig.getNip(), AuthorisationChallengeRequest.IdentifierType.onip);
        InitSignedResponse initToken = initToken(ksefImportConfig.getKsefUrl(), getTokenRequestMessage(authorisationChallenge.getChallenge(), authorisationChallenge.getTimestamp(), ksefImportConfig.getNip(), ksefImportConfig.getTokenAuth(), KsefSystemType.valueOf(ksefImportConfig.getKsefSystemType())).getBytes());
        return SessionInfo.builder().nip(ksefImportConfig.getNip()).sessionToken(initToken.getSessionToken().getToken()).referenceNumber(initToken.getReferenceNumber()).ksefSystemType(ksefImportConfig.getKsefSystemType()).build();
    }

    @Override // com.suncode.plugin.plusksef.api.service.KSeFService
    public SessionTerminateResponse terminateSession(String str, String str2) throws IOException, ApiException {
        return (SessionTerminateResponse) executeRequest(new Request.Builder().url(str + "/online/Session/Terminate").addHeader(TOKEN_HEADER_NAME, str2).build(), SessionTerminateResponse.class);
    }

    @Override // com.suncode.plugin.plusksef.api.service.KSeFService
    public void waitingForUPOGenerated(String str, String str2, int i) throws IOException, ApiException, InterruptedException {
        int i2 = 0;
        while (i2 < i) {
            Thread.sleep(5 * 1000);
            i2 += 5;
            if (getReferenceNumberStatus(str, str2).getProcessingCode() == SessionStatus.GENERATE_UPO.getSuccessStatus()) {
                return;
            }
        }
        throw new ApiException("Session activation timed out");
    }

    @Override // com.suncode.plugin.plusksef.api.service.KSeFService
    public Optional<byte[]> getUPO(String str, String str2) throws IOException, ApiException {
        ReferenceNumberStatus referenceNumberStatus = getReferenceNumberStatus(str, str2);
        return (referenceNumberStatus == null || StringUtils.isBlank(referenceNumberStatus.getUpo())) ? Optional.empty() : Optional.of(Base64.getDecoder().decode(referenceNumberStatus.getUpo()));
    }

    private String getTokenRequestMessage(String str, String str2, String str3, String str4, KsefSystemType ksefSystemType) throws Exception {
        return Resources.toString(CLASS_LOADER.getResource(TOKEN_REQUEST_TEMPLATE_PATH), StandardCharsets.UTF_8).replace("timestamp_to_replace", str2).replace("challenge_to_replace", str).replace("identifier_to_replace", str3).replace("token_to_replace", encryptAuthorizationToken(str2, str4, getPublicKey(ksefSystemType)));
    }

    private boolean isSessionActive(String str, String str2) throws IOException, ApiException {
        int processingCode = getReferenceNumberStatus(str, str2).getProcessingCode();
        return processingCode == SessionStatus.AUTHORISE.getSuccessStatus() || processingCode == SessionStatus.SECURITY.getSuccessStatus();
    }

    private void waitingForSessionActivation(String str, String str2, int i) throws InterruptedException, IOException, ApiException {
        int i2 = 0;
        while (i2 < i) {
            Thread.sleep(10 * 1000);
            i2 += 10;
            if (isSessionActive(str, str2)) {
                return;
            }
        }
        throw new ApiException("Session activation timed out");
    }

    private PublicKey getPublicKey(KsefSystemType ksefSystemType) throws NoSuchAlgorithmException, InvalidKeySpecException, IOException {
        return KeyFactory.getInstance(RSA).generatePublic(new X509EncodedKeySpec(Resources.toByteArray(CLASS_LOADER.getResource(PUBLIC_KEY_PATH.replace("<SYSTEM_TYPE>", ksefSystemType.toString())))));
    }

    private ReferenceNumberStatus getReferenceNumberStatus(String str, String str2) throws IOException, ApiException {
        return (ReferenceNumberStatus) executeRequest(new Request.Builder().url(str + String.format("/common/Status/%s", str2)).build(), ReferenceNumberStatus.class);
    }

    @NotNull
    private <T> RequestBody jsonRequestBody(T t) {
        return RequestBody.create(this.gson.toJson(t), MediaType.parse(APPLICATION_JSON));
    }

    @NotNull
    private RequestBody octetRequestBody(byte[] bArr) {
        return RequestBody.create(bArr, OCTET);
    }

    @NotNull
    private <T> T executeRequest(Request request, Class<T> cls) throws ApiException, IOException {
        log.debug(this.gson.toJson(request));
        Response execute = client.newCall(request).execute();
        Throwable th = null;
        try {
            String string = ((ResponseBody) Objects.requireNonNull(execute.body())).string();
            if (!execute.isSuccessful()) {
                log.warn(string);
                ExceptionResponse exceptionResponse = (ExceptionResponse) this.gson.fromJson(string, (Class) ExceptionResponse.class);
                throw new ApiException(UNSUCCESSFUL_RESPONSE_MSG, exceptionResponse.getException().getExceptionDetailList().get(0).getExceptionCode(), exceptionResponse.getException().getExceptionDetailList().get(0).getExceptionDescription());
            }
            log.debug(string);
            T t = (T) this.gson.fromJson(string, (Class) cls);
            if (execute != null) {
                if (0 != 0) {
                    try {
                        execute.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                } else {
                    execute.close();
                }
            }
            return t;
        } catch (Throwable th3) {
            if (execute != null) {
                if (0 != 0) {
                    try {
                        execute.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    execute.close();
                }
            }
            throw th3;
        }
    }

    private byte[] getDocumentByteArray(Request request) throws ApiException {
        Response execute;
        Throwable th;
        try {
            execute = client.newCall(request).execute();
            th = null;
            try {
            } finally {
                if (execute != null) {
                    if (0 != 0) {
                        try {
                            execute.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        execute.close();
                    }
                }
            }
        } catch (IOException e) {
            throw new ApiException(e);
        }
        if (!execute.isSuccessful()) {
            throw new ApiException(UNSUCCESSFUL_RESPONSE_MSG, execute.code(), execute.message());
        }
        if (execute.body() == null) {
            if (execute != null) {
                if (0 != 0) {
                    try {
                        execute.close();
                    } catch (Throwable th3) {
                        th.addSuppressed(th3);
                    }
                } else {
                    execute.close();
                }
            }
            return new byte[0];
        }
        InputStream byteStream = execute.body().byteStream();
        Throwable th4 = null;
        try {
            try {
                byte[] byteArray = ByteStreams.toByteArray(byteStream);
                if (byteStream != null) {
                    if (0 != 0) {
                        try {
                            byteStream.close();
                        } catch (Throwable th5) {
                            th4.addSuppressed(th5);
                        }
                    } else {
                        byteStream.close();
                    }
                }
                return byteArray;
            } finally {
            }
        } catch (Throwable th6) {
            if (byteStream != null) {
                if (th4 != null) {
                    try {
                        byteStream.close();
                    } catch (Throwable th7) {
                        th4.addSuppressed(th7);
                    }
                } else {
                    byteStream.close();
                }
            }
            throw th6;
        }
        throw new ApiException(e);
    }

    @Override // com.suncode.plugin.plusksef.api.service.KSeFService
    public String encryptAuthorizationToken(String str, String str2, PublicKey publicKey) throws Exception {
        Cipher cipher = Cipher.getInstance(RSA_ECB_PKCS_1_PADDING);
        cipher.init(1, publicKey);
        return Base64.getEncoder().encodeToString(cipher.doFinal((str2 + "|" + this.dateFormat.parse(str).getTime()).getBytes(StandardCharsets.UTF_8)));
    }

    @Override // com.suncode.plugin.plusksef.api.service.KSeFService
    public SendInvoiceResponse sendInvoice(String str, String str2, byte[] bArr) throws IOException, ApiException {
        return (SendInvoiceResponse) executeRequest(new Request.Builder().url(str + "/online/Invoice/Send").method(PUT, jsonRequestBody(prepareSendInvoiceRequest(bArr))).addHeader(TOKEN_HEADER_NAME, str2).build(), SendInvoiceResponse.class);
    }

    @Override // com.suncode.plugin.plusksef.api.service.KSeFService
    public InvoiceStatusResponse loadInvoiceStatus(String str, String str2, String str3) throws IOException, ApiException {
        return (InvoiceStatusResponse) executeRequest(new Request.Builder().url(str + String.format("/online/Invoice/Status/%s", str3)).addHeader(TOKEN_HEADER_NAME, str2).addHeader(ACCEPT, APPLICATION_JSON).build(), InvoiceStatusResponse.class);
    }

    private SendInvoiceRequest prepareSendInvoiceRequest(byte[] bArr) {
        try {
            return SendInvoiceRequest.builder().invoiceHash(SendInvoiceRequest.InvoiceHash.builder().fileSize(bArr.length).hashSHA(SendInvoiceRequest.InvoiceHash.HashSHA.builder().algorithm(SHA_256).encoding(BASE64).value(Base64.getEncoder().encodeToString(MessageDigest.getInstance(SHA_256).digest(bArr))).build()).build()).invoicePayload(SendInvoiceRequest.InvoicePayload.builder().type("plain").invoiceBody(Base64.getEncoder().encodeToString(bArr)).build()).build();
        } catch (NoSuchAlgorithmException e) {
            throw new IllegalStateException("No SHA-256 checksum calculation algorithm ", e);
        }
    }
}
