package de.governikus.autent.sdk.eidservice.config;

import com.sun.xml.ws.api.security.CallbackHandlerFeature;
import com.sun.xml.wss.XWSSecurityException;
import de.bos_bremen.gov.autent.common.WebServiceCallbackHandler;
import de.governikus.autent.sdk.eidservice.exceptions.SecurityParameterException;
import de.governikus.autent.sdk.eidservice.exceptions.SslConfigException;
import de.governikus.autent.sdk.eidservice.wrapper.KeyStoreAccessor;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.X509Certificate;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.xml.ws.BindingProvider;
import javax.xml.ws.WebServiceFeature;

/* loaded from: input_file:de/governikus/autent/sdk/eidservice/config/EidServiceConfiguration.class */
public interface EidServiceConfiguration {
    String getEidServiceWsdlUrl();

    String getEidServiceUrl();

    KeyStore getTruststore();

    X509Certificate getXmlSignatureVerificationCertificate();

    KeyStoreAccessor getXmlSignatureCreationKeystore();

    KeyStoreAccessor getSslKeystoreForMutualTlsAuthentication();

    default String getTcTokenBinding() {
        return "urn:liberty:paos:2006-08";
    }

    default String getTcTokenPathSecurityProtocol() {
        return "urn:ietf:rfc:4279";
    }

    void configureEidPort(BindingProvider bindingProvider);

    default WebServiceFeature[] getEidWebServiceFeatures() {
        KeyStoreAccessor.KeyEntry defaultEntry = getXmlSignatureCreationKeystore().getDefaultEntry();
        try {
            return new WebServiceFeature[]{new CallbackHandlerFeature(new WebServiceCallbackHandler(getXmlSignatureVerificationCertificate(), defaultEntry.getPrivateKey(), defaultEntry.getCertificate()))};
        } catch (XWSSecurityException e) {
            throw new SecurityParameterException("could not create webservice-callback-handler", e);
        }
    }

    default SSLSocketFactory getSslContextForEidWebservice() {
        try {
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            try {
                sSLContext.init(getKeyManagers(), getTrustManagers(), null);
                return sSLContext.getSocketFactory();
            } catch (KeyManagementException e) {
                throw new SslConfigException(e);
            }
        } catch (NoSuchAlgorithmException e2) {
            throw new SslConfigException(e2);
        }
    }

    default KeyManager[] getKeyManagers() {
        KeyStoreAccessor sslKeystoreForMutualTlsAuthentication = getSslKeystoreForMutualTlsAuthentication();
        if (sslKeystoreForMutualTlsAuthentication == null || sslKeystoreForMutualTlsAuthentication.getKeyStore() == null) {
            return null;
        }
        try {
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            try {
                keyManagerFactory.init(sslKeystoreForMutualTlsAuthentication.getKeyStore(), sslKeystoreForMutualTlsAuthentication.getKeystorePassword().toCharArray());
                return keyManagerFactory.getKeyManagers();
            } catch (KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException e) {
                throw new SslConfigException("keystore could not be accessed", e);
            }
        } catch (NoSuchAlgorithmException e2) {
            throw new SslConfigException(e2);
        }
    }

    default TrustManager[] getTrustManagers() {
        KeyStore truststore = getTruststore();
        if (truststore == null) {
            return null;
        }
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(truststore);
            return trustManagerFactory.getTrustManagers();
        } catch (KeyStoreException | NoSuchAlgorithmException e) {
            throw new SslConfigException(e);
        }
    }
}
