package de.authada.eid.core.authentication;

import de.authada.eid.core.ConnectionBuilderException;
import de.authada.eid.core.api.process.AuthContext;
import de.authada.eid.core.api.process.Config;
import de.authada.eid.core.authentication.paos.PAOSUtils;
import de.authada.eid.core.http.URLUtils;
import de.authada.eid.core.support.Function;
import de.authada.eid.core.support.Optional;
import de.authada.eid.core.support.Supplier;
import de.authada.eid.core.tls.EserviceConnection;
import de.authada.eid.core.tls.EserviceConnectionBuilder;
import java.io.IOException;
import java.net.InetSocketAddress;
import java.net.URL;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: classes3.dex */
public class RefreshAddressValidationStep {
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) RefreshAddressValidationStep.class);

    EserviceConnection createEserviceConnection(URL url, Config config) throws ConnectionBuilderException {
        return new EserviceConnectionBuilder().connectionTimeoutMs(config.getConnectionTimeoutMS()).connectionRetries(config.getConnectionRetries()).connectionRetryInterval(config.getConnectionRetryIntervalMs()).targetAddress(new InetSocketAddress(url.getHost(), URLUtils.getPort(url))).build();
    }

    public /* synthetic */ Boolean lambda$processStep$0$RefreshAddressValidationStep(URL url, AuthContext authContext, AdditionalEACInfo additionalEACInfo) {
        LOGGER.info("Using additional eac info");
        try {
            EserviceConnection createEserviceConnection = createEserviceConnection(url, authContext.config());
            Throwable th = null;
            try {
                if (!additionalEACInfo.getCertificateHashes().contains(PAOSUtils.hash(additionalEACInfo.getDigest(), createEserviceConnection.getPeerCertificate()))) {
                    if (createEserviceConnection != null) {
                        createEserviceConnection.close();
                    }
                    return false;
                }
                LOGGER.debug("refresh url certificate hashes are valid");
                boolean validateSameOrigin = URLUtils.validateSameOrigin(additionalEACInfo.getSubjectURL(), url);
                LOGGER.debug("same origin check result: {}", Boolean.valueOf(validateSameOrigin));
                Boolean valueOf = Boolean.valueOf(validateSameOrigin);
                if (createEserviceConnection != null) {
                    createEserviceConnection.close();
                }
                return valueOf;
            } catch (Throwable th2) {
                if (createEserviceConnection != null) {
                    if (0 != 0) {
                        try {
                            createEserviceConnection.close();
                        } catch (Throwable th3) {
                            th.addSuppressed(th3);
                        }
                    } else {
                        createEserviceConnection.close();
                    }
                }
                throw th2;
            }
        } catch (ConnectionBuilderException | IOException e) {
            LOGGER.debug("RefreshUrl Validation failed with exception", e);
            return false;
        }
    }

    public /* synthetic */ Boolean lambda$processStep$1$RefreshAddressValidationStep(URL url, AuthContext authContext) {
        try {
            EserviceConnection createEserviceConnection = createEserviceConnection(url, authContext.config());
            Throwable th = null;
            try {
                boolean validateSameOrigin = URLUtils.validateSameOrigin(url, authContext.getTCTokenURL());
                LOGGER.debug("no additional eac info, only same origin check result: {}", Boolean.valueOf(validateSameOrigin));
                Boolean valueOf = Boolean.valueOf(validateSameOrigin);
                if (createEserviceConnection != null) {
                    createEserviceConnection.close();
                }
                return valueOf;
            } catch (Throwable th2) {
                if (createEserviceConnection != null) {
                    if (0 != 0) {
                        try {
                            createEserviceConnection.close();
                        } catch (Throwable th3) {
                            th.addSuppressed(th3);
                        }
                    } else {
                        createEserviceConnection.close();
                    }
                }
                throw th2;
            }
        } catch (ConnectionBuilderException | IOException e) {
            LOGGER.debug("RefreshUrl Validation failed with exception", e);
            return false;
        }
    }

    public boolean processStep(final URL url, final AuthContext authContext, Optional<AdditionalEACInfo> optional) {
        LOGGER.info("Validating RefreshAddress");
        return ((Boolean) optional.map(new Function() { // from class: de.authada.eid.core.authentication.-$$Lambda$RefreshAddressValidationStep$lf6Y825geE-pOpEiHSPQcHF288I
            @Override // de.authada.eid.core.support.Function
            public final Object apply(Object obj) {
                return RefreshAddressValidationStep.this.lambda$processStep$0$RefreshAddressValidationStep(url, authContext, (AdditionalEACInfo) obj);
            }
        }).orElseGet(new Supplier() { // from class: de.authada.eid.core.authentication.-$$Lambda$RefreshAddressValidationStep$mzw8z1KCNQm_crGNdhwNtl_76e4
            @Override // de.authada.eid.core.support.Supplier
            public final Object get() {
                return RefreshAddressValidationStep.this.lambda$processStep$1$RefreshAddressValidationStep(url, authContext);
            }
        })).booleanValue();
    }
}
