package de.gematik.test.tiger.proxy;

import de.gematik.rbellogger.converter.HttpPairingInBinaryChannelConverter;
import de.gematik.rbellogger.util.RbelMessagesSupplier;
import de.gematik.test.tiger.TigerAgent;
import de.gematik.test.tiger.common.config.RbelModificationDescription;
import de.gematik.test.tiger.common.data.config.tigerproxy.TigerProxyConfiguration;
import de.gematik.test.tiger.common.data.config.tigerproxy.TigerRoute;
import de.gematik.test.tiger.common.data.config.tigerproxy.TigerTlsConfiguration;
import de.gematik.test.tiger.common.pki.TigerPkiIdentity;
import de.gematik.test.tiger.mockserver.ExpectationBuilder;
import de.gematik.test.tiger.mockserver.configuration.MockServerConfiguration;
import de.gematik.test.tiger.mockserver.mock.Expectation;
import de.gematik.test.tiger.mockserver.model.HttpRequest;
import de.gematik.test.tiger.mockserver.netty.MockServer;
import de.gematik.test.tiger.mockserver.proxyconfiguration.ProxyConfiguration;
import de.gematik.test.tiger.mockserver.socket.tls.KeyAndCertificateFactorySupplier;
import de.gematik.test.tiger.proxy.client.TigerRemoteProxyClient;
import de.gematik.test.tiger.proxy.configuration.ProxyConfigurationConverter;
import de.gematik.test.tiger.proxy.data.TigerConnectionStatus;
import de.gematik.test.tiger.proxy.exceptions.TigerProxySslException;
import de.gematik.test.tiger.proxy.exceptions.TigerProxyStartupException;
import de.gematik.test.tiger.proxy.handler.BinaryExchangeHandler;
import de.gematik.test.tiger.proxy.handler.ForwardAllCallback;
import de.gematik.test.tiger.proxy.handler.ForwardProxyCallback;
import de.gematik.test.tiger.proxy.handler.ReverseProxyCallback;
import de.gematik.test.tiger.proxy.tls.DynamicTigerKeyAndCertificateFactory;
import de.gematik.test.tiger.proxy.tls.OcspUtils;
import de.gematik.test.tiger.proxy.tls.StaticTigerKeyAndCertificateFactory;
import de.gematik.test.tiger.proxy.tls.TlsCertificateGenerator;
import io.netty.handler.ssl.SslProvider;
import jakarta.annotation.PreDestroy;
import java.net.MalformedURLException;
import java.net.SocketAddress;
import java.net.URI;
import java.net.URL;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.UUID;
import java.util.function.Consumer;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLException;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import lombok.Generated;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.SystemProperties;
import org.apache.fop.render.java2d.Java2DFontMetrics;
import org.apache.tomcat.util.buf.UriUtil;
import org.bouncycastle.jsse.provider.BouncyCastleJsseProvider;

/* loaded from: input_file:BOOT-INF/classes/de/gematik/test/tiger/proxy/TigerProxy.class */
public class TigerProxy extends AbstractTigerProxy implements AutoCloseable, RbelMessagesSupplier {
    private static final String CA_CERT_ALIAS = "caCert";
    private final List<DynamicTigerKeyAndCertificateFactory> tlsFactories;
    private final List<Consumer<Throwable>> exceptionListeners;
    private final MockServerToRbelConverter mockServerToRbelConverter;
    private final Map<String, TigerRoute> tigerRouteMap;
    private final List<TigerRemoteProxyClient> remoteProxyClients;
    private final UUID healthEndpointRequestUuid;
    private MockServer mockServer;
    private TigerPkiIdentity generatedRootCa;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:BOOT-INF/classes/de/gematik/test/tiger/proxy/TigerProxy$TigerProxyTrustManagerBuildingException.class */
    public static class TigerProxyTrustManagerBuildingException extends RuntimeException {
        public TigerProxyTrustManagerBuildingException(String str, Exception exc) {
            super(str, exc);
        }

        public TigerProxyTrustManagerBuildingException(String str) {
            super(str);
        }
    }

    public TigerProxy(TigerProxyConfiguration tigerProxyConfiguration) {
        super(tigerProxyConfiguration);
        this.tlsFactories = new ArrayList();
        this.exceptionListeners = new ArrayList();
        this.tigerRouteMap = new HashMap();
        this.remoteProxyClients = new ArrayList();
        this.healthEndpointRequestUuid = UUID.randomUUID();
        this.mockServerToRbelConverter = new MockServerToRbelConverter(getRbelLogger().getRbelConverter());
        bootMockServer();
        if (tigerProxyConfiguration.getModifications() != null) {
            int i = 0;
            for (RbelModificationDescription rbelModificationDescription : tigerProxyConfiguration.getModifications()) {
                if (rbelModificationDescription.getName() == null) {
                    int i2 = i;
                    i++;
                    rbelModificationDescription.setName("TigerModification #" + i2);
                }
                getRbelLogger().getRbelModifier().addModification(rbelModificationDescription);
            }
        }
    }

    private static void customizeServerBuilderCustomizer(MockServerConfiguration mockServerConfiguration, TigerTlsConfiguration tigerTlsConfiguration) {
        mockServerConfiguration.sslServerContextBuilderCustomizer(sslContextBuilder -> {
            if (tigerTlsConfiguration.getServerSslSuites() != null) {
                sslContextBuilder.ciphers(tigerTlsConfiguration.getServerSslSuites());
            }
            if (tigerTlsConfiguration.getServerTlsProtocols() != null) {
                sslContextBuilder.protocols(tigerTlsConfiguration.getServerTlsProtocols());
            }
            if (tigerTlsConfiguration.getOcspSignerIdentity() != null) {
                sslContextBuilder.enableOcsp(true);
                mockServerConfiguration.ocspResponseSupplier(x509Certificate -> {
                    return OcspUtils.buildOcspResponse(x509Certificate, tigerTlsConfiguration.getOcspSignerIdentity());
                });
                sslContextBuilder.sslProvider(SslProvider.OPENSSL);
            } else {
                sslContextBuilder.sslProvider(SslProvider.JDK);
                sslContextBuilder.sslContextProvider(new BouncyCastleJsseProvider());
            }
            return sslContextBuilder;
        });
    }

    private static void customizeClientBuilderCustomizer(MockServerConfiguration mockServerConfiguration, TigerTlsConfiguration tigerTlsConfiguration) {
        mockServerConfiguration.sslClientContextBuilderCustomizer(sslContextBuilder -> {
            if (tigerTlsConfiguration.getClientSslSuites() != null) {
                sslContextBuilder.ciphers(tigerTlsConfiguration.getClientSslSuites());
            }
            sslContextBuilder.sslProvider(SslProvider.JDK);
            return sslContextBuilder;
        });
    }

    private static URL buildUrlSafe(TigerRoute tigerRoute) {
        try {
            return new URL(tigerRoute.getFrom());
        } catch (MalformedURLException e) {
            throw new TigerProxyStartupException("Error while building route", e);
        }
    }

    public void restartMockserver() {
        if (getTigerProxyConfiguration().getProxyPort() == null) {
            getTigerProxyConfiguration().setProxyPort(Integer.valueOf(this.mockServer.getLocalPort()));
        }
        this.mockServer.stop();
        Map unmodifiableMap = Collections.unmodifiableMap(this.tigerRouteMap);
        this.tigerRouteMap.clear();
        bootMockServer();
        unmodifiableMap.values().stream().filter(tigerRoute -> {
            return !tigerRoute.isInternalRoute();
        }).forEach(tigerRoute2 -> {
            try {
                addRoute(tigerRoute2);
            } catch (RuntimeException e) {
                this.log.trace("Ignored exception during re-adding of routes", (Throwable) e);
            }
        });
    }

    private void bootMockServer() {
        createNewMockServer();
        if (getTigerProxyConfiguration().isActivateForwardAllLogging()) {
            this.mockServer.addRoute(ExpectationBuilder.when(HttpRequest.request().setPath(".*").setForwardProxyRequest(true), Integer.MIN_VALUE, List.of()).forward(new ForwardAllCallback(this)));
        }
        addRoutesToTigerProxy();
    }

    private void createNewMockServer() {
        MockServerConfiguration configuration = MockServerConfiguration.configuration();
        configuration.mockServerName(getName().orElse("MockServer"));
        configuration.customKeyAndCertificateFactorySupplier(buildKeyAndCertificateFactory());
        customizeSslIfApplicable(configuration);
        configuration.enableTlsTermination(getTigerProxyConfiguration().isActivateTlsTermination());
        Optional<ProxyConfiguration> convertForwardProxyConfigurationToMockServerConfiguration = ProxyConfigurationConverter.convertForwardProxyConfigurationToMockServerConfiguration(getTigerProxyConfiguration());
        outputForwardProxyConfigLogs(convertForwardProxyConfigurationToMockServerConfiguration);
        if (getTigerProxyConfiguration().getDirectReverseProxy() == null) {
            this.mockServer = (MockServer) convertForwardProxyConfigurationToMockServerConfiguration.map(proxyConfiguration -> {
                return new MockServer(configuration, (List<ProxyConfiguration>) List.of(proxyConfiguration), getTigerProxyConfiguration().getPortAsArray());
            }).orElseGet(() -> {
                return new MockServer(configuration, getTigerProxyConfiguration().getPortAsArray());
            });
        } else {
            this.mockServer = spawnDirectInverseTigerProxy(configuration, convertForwardProxyConfigurationToMockServerConfiguration);
        }
        this.log.info("Proxy '{}' started on port {}", getName().orElse("?"), Integer.valueOf(this.mockServer.getLocalPort()));
    }

    private void addRoutesToTigerProxy() {
        if (getTigerProxyConfiguration().getProxyRoutes() != null) {
            Iterator<TigerRoute> it = getTigerProxyConfiguration().getProxyRoutes().iterator();
            while (it.hasNext()) {
                addRoute(it.next());
            }
        }
    }

    private MockServer spawnDirectInverseTigerProxy(MockServerConfiguration mockServerConfiguration, Optional<ProxyConfiguration> optional) {
        mockServerConfiguration.binaryProxyListener(new BinaryExchangeHandler(this));
        if (optional.isPresent()) {
            throw new TigerProxyStartupException("DirectForwardProxy configured with additional forwardProxy: Not possible! (forwardProxy is always HTTP!)");
        }
        MockServer mockServer = new MockServer(mockServerConfiguration, getTigerProxyConfiguration().getDirectReverseProxy().getPort(), getTigerProxyConfiguration().getDirectReverseProxy().getHostname(), getTigerProxyConfiguration().getPortAsArray());
        addReverseProxyRouteIfNotPresent();
        getRbelLogger().getRbelConverter().addFirstPostConversionListener(new HttpPairingInBinaryChannelConverter());
        return mockServer;
    }

    private void addReverseProxyRouteIfNotPresent() {
        if (getTigerProxyConfiguration().getProxyRoutes() == null) {
            getTigerProxyConfiguration().setProxyRoutes(new ArrayList());
        }
        getTigerProxyConfiguration().getProxyRoutes().add(TigerRoute.builder().from("/").to("http://" + getTigerProxyConfiguration().getDirectReverseProxy().getHostname() + ":" + getTigerProxyConfiguration().getDirectReverseProxy().getPort()).build());
    }

    private void customizeSslIfApplicable(MockServerConfiguration mockServerConfiguration) {
        TigerTlsConfiguration tls = getTigerProxyConfiguration().getTls();
        customizeServerBuilderCustomizer(mockServerConfiguration, tls);
        customizeClientBuilderCustomizer(mockServerConfiguration, tls);
        customizeClientBuilderFunction(mockServerConfiguration, tls);
        if (getTigerProxyConfiguration().getTls() == null || getTigerProxyConfiguration().getTls().getMasterSecretsFile() == null) {
            return;
        }
        TigerAgent.addListener(new TigerProxyMasterSecretListener(getTigerProxyConfiguration().getTls().getMasterSecretsFile()));
    }

    private void customizeClientBuilderFunction(MockServerConfiguration mockServerConfiguration, TigerTlsConfiguration tigerTlsConfiguration) {
        if (tigerTlsConfiguration.getClientSupportedGroups() == null || tigerTlsConfiguration.getClientSupportedGroups().isEmpty()) {
            return;
        }
        mockServerConfiguration.clientSslContextBuilderFunction(sslContextBuilder -> {
            try {
                System.setProperty(SystemProperties.JDK_TLS_NAMED_GROUPS, String.join(",", tigerTlsConfiguration.getClientSupportedGroups()));
                sslContextBuilder.sslProvider(SslProvider.JDK);
                return sslContextBuilder.build();
            } catch (SSLException e) {
                throw new TigerProxySslException("Error while building SSL context in Tiger-Proxy " + getName().orElse(""), e);
            }
        });
    }

    private KeyAndCertificateFactorySupplier buildKeyAndCertificateFactory() {
        return (z, mockServerConfiguration) -> {
            if (!z) {
                return (getTigerProxyConfiguration().getTls() == null || getTigerProxyConfiguration().getTls().getForwardMutualTlsIdentity() == null) ? new DynamicTigerKeyAndCertificateFactory(getTigerProxyConfiguration(), new TigerPkiIdentity("CertificateAuthorityCertificate.pem;CertificateAuthorityPrivateKey.pem;PKCS1"), mockServerConfiguration) : new StaticTigerKeyAndCertificateFactory(getTigerProxyConfiguration().getTls().getForwardMutualTlsIdentity());
            }
            if (getTigerProxyConfiguration().getTls() != null && getTigerProxyConfiguration().getTls().getServerIdentity() != null) {
                return new StaticTigerKeyAndCertificateFactory(getTigerProxyConfiguration().getTls().getServerIdentity());
            }
            DynamicTigerKeyAndCertificateFactory dynamicTigerKeyAndCertificateFactory = new DynamicTigerKeyAndCertificateFactory(getTigerProxyConfiguration(), determineServerRootCa().orElseThrow(() -> {
                return new TigerProxyStartupException("Unrecoverable TLS startup state");
            }), mockServerConfiguration);
            this.tlsFactories.add(dynamicTigerKeyAndCertificateFactory);
            return dynamicTigerKeyAndCertificateFactory;
        };
    }

    private Optional<TigerPkiIdentity> determineServerRootCa() {
        if (getTigerProxyConfiguration().getTls().getServerRootCa() != null) {
            return Optional.of(getTigerProxyConfiguration().getTls().getServerRootCa());
        }
        if (this.generatedRootCa == null) {
            this.generatedRootCa = TlsCertificateGenerator.generateNewCaCertificate();
        }
        return Optional.of(this.generatedRootCa);
    }

    public void subscribeToTrafficEndpoints() {
        Optional.of(getTigerProxyConfiguration()).map((v0) -> {
            return v0.getTrafficEndpoints();
        }).ifPresent(this::subscribeToTrafficEndpoints);
    }

    public void subscribeToTrafficEndpoints(List<String> list) {
        if (this.log.isInfoEnabled()) {
            this.log.info("Subscribing to traffic endpoints for Tiger Proxy '{}'. Found {} endpoints", getName().orElse("?"), Integer.valueOf(list.size()));
        }
        Stream map = ((Stream) Optional.of(list).stream().flatMap((v0) -> {
            return v0.stream();
        }).parallel()).map(str -> {
            return new TigerRemoteProxyClient(str, TigerProxyConfiguration.builder().downloadInitialTrafficFromEndpoints(getTigerProxyConfiguration().isDownloadInitialTrafficFromEndpoints()).trafficEndpointFilterString(getTigerProxyConfiguration().getTrafficEndpointFilterString()).name(getTigerProxyConfiguration().getName()).failOnOfflineTrafficEndpoints(getTigerProxyConfiguration().isFailOnOfflineTrafficEndpoints()).connectionTimeoutInSeconds(getTigerProxyConfiguration().getConnectionTimeoutInSeconds()).build(), this);
        });
        List<TigerRemoteProxyClient> list2 = this.remoteProxyClients;
        Objects.requireNonNull(list2);
        map.forEach((v1) -> {
            r1.add(v1);
        });
        this.remoteProxyClients.parallelStream().forEach((v0) -> {
            v0.connect();
        });
    }

    @Override // de.gematik.test.tiger.proxy.ITigerProxy
    public String getBaseUrl() {
        return "http://localhost:" + this.mockServer.getLocalPort();
    }

    @Override // de.gematik.test.tiger.proxy.ITigerProxy
    public int getProxyPort() {
        return this.mockServer.getLocalPort();
    }

    public int getAdminPort() {
        return getTigerProxyConfiguration().getAdminPort();
    }

    @Override // de.gematik.test.tiger.proxy.ITigerProxy
    public List<TigerRoute> getRoutes() {
        return this.tigerRouteMap.values().stream().toList();
    }

    @Override // de.gematik.test.tiger.proxy.ITigerProxy
    public RbelModificationDescription addModificaton(RbelModificationDescription rbelModificationDescription) {
        getRbelLogger().getRbelModifier().addModification(rbelModificationDescription);
        return rbelModificationDescription;
    }

    @Override // de.gematik.test.tiger.proxy.ITigerProxy
    public List<RbelModificationDescription> getModifications() {
        return getRbelLogger().getRbelModifier().getModifications();
    }

    @Override // de.gematik.test.tiger.proxy.ITigerProxy
    public void removeModification(String str) {
        getRbelLogger().getRbelModifier().deleteModification(str);
    }

    @Override // de.gematik.test.tiger.proxy.ITigerProxy
    public synchronized TigerRoute addRoute(TigerRoute tigerRoute) {
        this.log.info("Adding route {} -> {}", tigerRoute.getFrom(), tigerRoute.getTo());
        Expectation buildRouteAndReturnExpectation = buildRouteAndReturnExpectation(tigerRoute);
        buildRouteAndReturnExpectation.setTigerRoute(tigerRoute);
        TigerRoute withId = tigerRoute.withId(buildRouteAndReturnExpectation.getId());
        this.tigerRouteMap.put(buildRouteAndReturnExpectation.getId(), withId);
        this.log.debug("Created route from {} to {}", tigerRoute.getFrom(), tigerRoute.getTo());
        return withId;
    }

    private Expectation buildRouteAndReturnExpectation(TigerRoute tigerRoute) {
        return UriUtil.hasScheme(tigerRoute.getFrom()) ? buildForwardProxyRoute(tigerRoute) : buildReverseProxyRoute(tigerRoute);
    }

    private Expectation buildReverseProxyRoute(TigerRoute tigerRoute) {
        Expectation forward = ExpectationBuilder.when(HttpRequest.request().setPath(tigerRoute.getFrom() + ".*").setForwardProxyRequest(false), 0, tigerRoute.getHosts()).id(tigerRoute.getId()).forward(new ReverseProxyCallback(this, tigerRoute));
        this.mockServer.addRoute(forward);
        return forward;
    }

    private Expectation buildForwardProxyRoute(TigerRoute tigerRoute) {
        URL buildUrlSafe = buildUrlSafe(tigerRoute);
        Expectation forward = ExpectationBuilder.when(HttpRequest.request().withHeader("Host", buildUrlSafe.getAuthority()).setForwardProxyRequest(true).setSecure(Boolean.valueOf(buildUrlSafe.getProtocol().equals("https"))).setPath(extractPath(tigerRoute.getFrom()) + ".*"), Integer.valueOf(Java2DFontMetrics.FONT_FACTOR), tigerRoute.getHosts()).id(tigerRoute.getId()).forward(new ForwardProxyCallback(this, tigerRoute));
        this.mockServer.addRoute(forward);
        return forward;
    }

    private static String extractPath(String str) {
        return new URI(str).getPath();
    }

    public void addAlternativeName(String str) {
        if (StringUtils.isBlank(str)) {
            return;
        }
        ArrayList arrayList = new ArrayList();
        if (getTigerProxyConfiguration().getTls() != null && getTigerProxyConfiguration().getTls().getAlternativeNames() != null) {
            arrayList.addAll(getTigerProxyConfiguration().getTls().getAlternativeNames());
        }
        arrayList.add(str);
        ((TigerTlsConfiguration) Objects.requireNonNull(getTigerProxyConfiguration().getTls())).setAlternativeNames(arrayList);
        for (DynamicTigerKeyAndCertificateFactory dynamicTigerKeyAndCertificateFactory : this.tlsFactories) {
            dynamicTigerKeyAndCertificateFactory.addAlternativeName(str);
            dynamicTigerKeyAndCertificateFactory.resetEeCertificate();
        }
    }

    @Override // de.gematik.test.tiger.proxy.ITigerProxy
    public void removeRoute(String str) {
        if (this.mockServer.isRunning()) {
            this.mockServer.removeExpectation(str);
            this.log.info("Deleted route {} (id {}). Current # expectations {}", this.tigerRouteMap.remove(str), str, Integer.valueOf(this.mockServer.retrieveActiveExpectations().size()));
        }
    }

    public SSLContext getConfiguredTigerProxySslContext() {
        try {
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(null, new TrustManager[]{buildTrustManagerForTigerProxy()}, null);
            SSLContext.setDefault(sSLContext);
            return sSLContext;
        } catch (Exception e) {
            throw new TigerProxyTrustManagerBuildingException("Error while configuring SSL Context for Tiger Proxy", e);
        }
    }

    public X509TrustManager buildTrustManagerForTigerProxy() {
        try {
            final X509TrustManager extractTrustManager = extractTrustManager(null);
            final X509TrustManager extractTrustManager2 = extractTrustManager(buildTruststore());
            return new X509TrustManager() { // from class: de.gematik.test.tiger.proxy.TigerProxy.1
                @Override // javax.net.ssl.X509TrustManager
                public X509Certificate[] getAcceptedIssuers() {
                    return extractTrustManager.getAcceptedIssuers();
                }

                @Override // javax.net.ssl.X509TrustManager
                public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
                    try {
                        extractTrustManager2.checkServerTrusted(x509CertificateArr, str);
                    } catch (CertificateException e) {
                        extractTrustManager.checkServerTrusted(x509CertificateArr, str);
                    }
                }

                @Override // javax.net.ssl.X509TrustManager
                public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
                    extractTrustManager.checkClientTrusted(x509CertificateArr, str);
                }
            };
        } catch (Exception e) {
            throw new TigerProxyTrustManagerBuildingException("Error while building TrustManager for Tiger Proxy", e);
        }
    }

    private X509TrustManager extractTrustManager(KeyStore keyStore) throws NoSuchAlgorithmException, KeyStoreException {
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(keyStore);
        Stream stream = Arrays.stream(trustManagerFactory.getTrustManagers());
        Class<X509TrustManager> cls = X509TrustManager.class;
        Objects.requireNonNull(X509TrustManager.class);
        return (X509TrustManager) stream.filter((v1) -> {
            return r1.isInstance(v1);
        }).findAny().orElseThrow(() -> {
            return new TigerProxyTrustManagerBuildingException("Error while configuring TrustManager for Tiger Proxy");
        });
    }

    public KeyStore buildTruststore() {
        try {
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore.load(null);
            Optional map = Optional.ofNullable(getTigerProxyConfiguration().getTls()).map((v0) -> {
                return v0.getServerIdentity();
            });
            Class<TigerPkiIdentity> cls = TigerPkiIdentity.class;
            Objects.requireNonNull(TigerPkiIdentity.class);
            TigerPkiIdentity tigerPkiIdentity = (TigerPkiIdentity) map.map((v1) -> {
                return r1.cast(v1);
            }).or(this::determineServerRootCa).orElseThrow(() -> {
                return new TigerProxyTrustManagerBuildingException("Unrecoverable state: Server-Identity null and Server-CA empty");
            });
            keyStore.setCertificateEntry(CA_CERT_ALIAS, tigerPkiIdentity.getCertificate());
            int i = 0;
            Iterator<X509Certificate> it = tigerPkiIdentity.getCertificateChain().iterator();
            while (it.hasNext()) {
                int i2 = i;
                i++;
                keyStore.setCertificateEntry("chainCert" + i2, it.next());
            }
            if (getTigerProxyConfiguration().getTls().getOcspSignerIdentity() != null) {
                keyStore.setCertificateEntry("ocspSignerCert", getTigerProxyConfiguration().getTls().getOcspSignerIdentity().getCertificate());
            }
            return keyStore;
        } catch (Exception e) {
            throw new TigerProxyTrustManagerBuildingException("Error while building SSL-Context for Tiger Proxy", e);
        }
    }

    public SSLContext buildSslContext() {
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(buildTruststore());
            TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
            SSLContext sSLContext = SSLContext.getInstance("TLS", new BouncyCastleJsseProvider());
            sSLContext.init(null, trustManagers, null);
            return sSLContext;
        } catch (RuntimeException | KeyManagementException | KeyStoreException | NoSuchAlgorithmException e) {
            throw new TigerProxyTrustManagerBuildingException("Error while building SSL-Context for Tiger Proxy", e);
        }
    }

    private void outputForwardProxyConfigLogs(Optional<ProxyConfiguration> optional) {
        if (optional.isEmpty()) {
            this.log.info("Tigerproxy has NO forward proxy configured!");
            return;
        }
        ProxyConfiguration proxyConfiguration = optional.get();
        if (proxyConfiguration.getUsername() == null) {
            this.log.info("Forward proxy is set to {}://{}:{}", proxyConfiguration.getType(), proxyConfiguration.getProxyAddress().getHostName(), Integer.valueOf(proxyConfiguration.getProxyAddress().getPort()));
        } else if (proxyConfiguration.getUsername() != null) {
            this.log.info("Forward proxy is set to {}://{}:{}@{}:{}", proxyConfiguration.getType(), proxyConfiguration.getProxyAddress().getHostName(), Integer.valueOf(proxyConfiguration.getProxyAddress().getPort()), proxyConfiguration.getUsername(), proxyConfiguration.getPassword());
        }
    }

    public void propagateException(Throwable th) {
        this.exceptionListeners.forEach(consumer -> {
            consumer.accept(th);
        });
    }

    public void addNewExceptionConsumer(Consumer<Throwable> consumer) {
        this.exceptionListeners.add(consumer);
    }

    @Override // de.gematik.test.tiger.proxy.AbstractTigerProxy, java.lang.AutoCloseable
    @PreDestroy
    public void close() {
        this.log.info("Shutting down Tiger-Proxy {}", getName().orElse(""));
        super.close();
        this.remoteProxyClients.forEach((v0) -> {
            v0.close();
        });
        this.mockServer.stop();
    }

    public Map<SocketAddress, TigerConnectionStatus> getOpenConnections() {
        return getOpenConnections(TigerConnectionStatus.OPEN_TCP);
    }

    public Map<SocketAddress, TigerConnectionStatus> getOpenConnections(TigerConnectionStatus tigerConnectionStatus) {
        return (Map) this.mockServer.getOpenConnections().entrySet().stream().filter(entry -> {
            return ((TigerConnectionStatus) entry.getValue()).getValue() >= tigerConnectionStatus.getValue();
        }).collect(Collectors.toMap((v0) -> {
            return v0.getKey();
        }, (v0) -> {
            return v0.getValue();
        }));
    }

    public void waitForAllCurrentMessagesToBeParsed() {
        if (getRbelLogger().getMessageHistory().isEmpty()) {
            return;
        }
        getRbelLogger().getRbelConverter().waitForAllCurrentMessagesToBeParsed();
    }

    @Override // de.gematik.test.tiger.proxy.AbstractTigerProxy
    @Generated
    public boolean equals(Object obj) {
        if (obj == this) {
            return true;
        }
        if (!(obj instanceof TigerProxy)) {
            return false;
        }
        TigerProxy tigerProxy = (TigerProxy) obj;
        if (!tigerProxy.canEqual(this) || !super.equals(obj)) {
            return false;
        }
        List<DynamicTigerKeyAndCertificateFactory> list = this.tlsFactories;
        List<DynamicTigerKeyAndCertificateFactory> list2 = tigerProxy.tlsFactories;
        if (list == null) {
            if (list2 != null) {
                return false;
            }
        } else if (!list.equals(list2)) {
            return false;
        }
        List<Consumer<Throwable>> list3 = this.exceptionListeners;
        List<Consumer<Throwable>> list4 = tigerProxy.exceptionListeners;
        if (list3 == null) {
            if (list4 != null) {
                return false;
            }
        } else if (!list3.equals(list4)) {
            return false;
        }
        MockServerToRbelConverter mockServerToRbelConverter = getMockServerToRbelConverter();
        MockServerToRbelConverter mockServerToRbelConverter2 = tigerProxy.getMockServerToRbelConverter();
        if (mockServerToRbelConverter == null) {
            if (mockServerToRbelConverter2 != null) {
                return false;
            }
        } else if (!mockServerToRbelConverter.equals(mockServerToRbelConverter2)) {
            return false;
        }
        Map<String, TigerRoute> map = this.tigerRouteMap;
        Map<String, TigerRoute> map2 = tigerProxy.tigerRouteMap;
        if (map == null) {
            if (map2 != null) {
                return false;
            }
        } else if (!map.equals(map2)) {
            return false;
        }
        List<TigerRemoteProxyClient> list5 = this.remoteProxyClients;
        List<TigerRemoteProxyClient> list6 = tigerProxy.remoteProxyClients;
        if (list5 == null) {
            if (list6 != null) {
                return false;
            }
        } else if (!list5.equals(list6)) {
            return false;
        }
        UUID healthEndpointRequestUuid = getHealthEndpointRequestUuid();
        UUID healthEndpointRequestUuid2 = tigerProxy.getHealthEndpointRequestUuid();
        if (healthEndpointRequestUuid == null) {
            if (healthEndpointRequestUuid2 != null) {
                return false;
            }
        } else if (!healthEndpointRequestUuid.equals(healthEndpointRequestUuid2)) {
            return false;
        }
        MockServer mockServer = this.mockServer;
        MockServer mockServer2 = tigerProxy.mockServer;
        if (mockServer == null) {
            if (mockServer2 != null) {
                return false;
            }
        } else if (!mockServer.equals(mockServer2)) {
            return false;
        }
        TigerPkiIdentity tigerPkiIdentity = this.generatedRootCa;
        TigerPkiIdentity tigerPkiIdentity2 = tigerProxy.generatedRootCa;
        return tigerPkiIdentity == null ? tigerPkiIdentity2 == null : tigerPkiIdentity.equals(tigerPkiIdentity2);
    }

    @Override // de.gematik.test.tiger.proxy.AbstractTigerProxy
    @Generated
    protected boolean canEqual(Object obj) {
        return obj instanceof TigerProxy;
    }

    @Override // de.gematik.test.tiger.proxy.AbstractTigerProxy
    @Generated
    public int hashCode() {
        int hashCode = super.hashCode();
        List<DynamicTigerKeyAndCertificateFactory> list = this.tlsFactories;
        int hashCode2 = (hashCode * 59) + (list == null ? 43 : list.hashCode());
        List<Consumer<Throwable>> list2 = this.exceptionListeners;
        int hashCode3 = (hashCode2 * 59) + (list2 == null ? 43 : list2.hashCode());
        MockServerToRbelConverter mockServerToRbelConverter = getMockServerToRbelConverter();
        int hashCode4 = (hashCode3 * 59) + (mockServerToRbelConverter == null ? 43 : mockServerToRbelConverter.hashCode());
        Map<String, TigerRoute> map = this.tigerRouteMap;
        int hashCode5 = (hashCode4 * 59) + (map == null ? 43 : map.hashCode());
        List<TigerRemoteProxyClient> list3 = this.remoteProxyClients;
        int hashCode6 = (hashCode5 * 59) + (list3 == null ? 43 : list3.hashCode());
        UUID healthEndpointRequestUuid = getHealthEndpointRequestUuid();
        int hashCode7 = (hashCode6 * 59) + (healthEndpointRequestUuid == null ? 43 : healthEndpointRequestUuid.hashCode());
        MockServer mockServer = this.mockServer;
        int hashCode8 = (hashCode7 * 59) + (mockServer == null ? 43 : mockServer.hashCode());
        TigerPkiIdentity tigerPkiIdentity = this.generatedRootCa;
        return (hashCode8 * 59) + (tigerPkiIdentity == null ? 43 : tigerPkiIdentity.hashCode());
    }

    @Generated
    public MockServerToRbelConverter getMockServerToRbelConverter() {
        return this.mockServerToRbelConverter;
    }

    @Generated
    public UUID getHealthEndpointRequestUuid() {
        return this.healthEndpointRequestUuid;
    }
}
