package net.jsign.jca;

import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.util.LinkedHashMap;
import java.util.Map;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import net.jsign.KeyStoreBuilder;

/* loaded from: input_file:net/jsign/jca/GaraSignCredentials.class */
public class GaraSignCredentials {
    public String username;
    public String password;
    public KeyStore.Builder keystore;
    public String sessionToken;

    public GaraSignCredentials(String str, String str2, String str3, String str4) {
        this(str, str2, new KeyStoreBuilder().keystore(str3).storepass(str4).builder());
    }

    public GaraSignCredentials(String str, String str2, KeyStore.Builder builder) {
        this.username = str;
        this.password = str2;
        this.keystore = builder;
    }

    public String getSessionToken(String str) throws IOException {
        if (this.sessionToken == null) {
            RESTClient authentication = new RESTClient(str).authentication((httpURLConnection, bArr) -> {
                if (!(httpURLConnection instanceof HttpsURLConnection) || this.keystore == null) {
                    return;
                }
                try {
                    KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
                    keyManagerFactory.init(this.keystore.getKeyStore(), ((KeyStore.PasswordProtection) this.keystore.getProtectionParameter("")).getPassword());
                    SSLContext sSLContext = SSLContext.getInstance("TLS");
                    sSLContext.init(keyManagerFactory.getKeyManagers(), null, new SecureRandom());
                    ((HttpsURLConnection) httpURLConnection).setSSLSocketFactory(sSLContext.getSocketFactory());
                } catch (GeneralSecurityException e) {
                    throw new RuntimeException("Unable to load the GaraSign client certificate", e);
                }
            });
            LinkedHashMap linkedHashMap = new LinkedHashMap();
            linkedHashMap.put("api_version", "1.0");
            if (this.username != null && this.password != null) {
                linkedHashMap.put("username", this.username);
                linkedHashMap.put("password", this.password);
            }
            Map<String, ?> post = authentication.post("/authenticate", linkedHashMap);
            if (!"SUCCESS".equals((String) post.get("status"))) {
                throw new IOException("Failed to authenticate with GaraSign: " + post.get("message"));
            }
            this.sessionToken = (String) post.get("sessionToken");
        }
        return this.sessionToken;
    }
}
