package at.gv.egovernment.moa.spss.server.invoke;

import at.gv.egovernment.moa.spss.MOAApplicationException;
import at.gv.egovernment.moa.spss.MOAException;
import at.gv.egovernment.moa.spss.MOASystemException;
import at.gv.egovernment.moa.spss.api.cmssign.CreateCMSSignatureRequest;
import at.gv.egovernment.moa.spss.api.cmssign.CreateCMSSignatureResponse;
import at.gv.egovernment.moa.spss.api.cmssign.DataObjectInfo;
import at.gv.egovernment.moa.spss.api.cmssign.SingleSignatureInfo;
import at.gv.egovernment.moa.spss.api.cmsverify.CMSContent;
import at.gv.egovernment.moa.spss.api.cmsverify.CMSContentExcplicit;
import at.gv.egovernment.moa.spss.api.cmsverify.CMSContentReference;
import at.gv.egovernment.moa.spss.api.cmsverify.CMSDataObject;
import at.gv.egovernment.moa.spss.api.common.MetaInfo;
import at.gv.egovernment.moa.spss.api.impl.CreateCMSSignatureResponseImpl;
import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
import at.gv.egovernment.moa.spss.server.config.KeyGroupEntry;
import at.gv.egovernment.moa.spss.server.iaik.cmssign.CMSSignatureCreationProfileImpl;
import at.gv.egovernment.moa.spss.server.logging.TransactionId;
import at.gv.egovernment.moa.spss.server.transaction.TransactionContext;
import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager;
import at.gv.egovernment.moa.spss.util.FilteredOutputStream;
import at.gv.egovernment.moa.spss.util.MessageProvider;
import at.gv.egovernment.moaspss.logging.LogMsg;
import at.gv.egovernment.moaspss.logging.Logger;
import iaik.server.modules.cmssign.CMSSignature;
import iaik.server.modules.cmssign.CMSSignatureCreationException;
import iaik.server.modules.cmssign.CMSSignatureCreationModule;
import iaik.server.modules.cmssign.CMSSignatureCreationModuleFactory;
import iaik.server.modules.keys.KeyEntryID;
import iaik.server.modules.keys.KeyModuleFactory;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.math.BigDecimal;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.apache.commons.io.IOUtils;

/* loaded from: input_file:at/gv/egovernment/moa/spss/server/invoke/CMSSignatureCreationInvoker.class */
public class CMSSignatureCreationInvoker {
    private static Map HASH_ALGORITHM_MAPPING = new HashMap();
    private static CMSSignatureCreationInvoker instance;

    public static synchronized CMSSignatureCreationInvoker getInstance() {
        if (instance == null) {
            instance = new CMSSignatureCreationInvoker();
        }
        return instance;
    }

    protected CMSSignatureCreationInvoker() {
    }

    public CreateCMSSignatureResponse createCMSSignature(CreateCMSSignatureRequest createCMSSignatureRequest, Set set) throws MOAException {
        InputStream resolve;
        TransactionContext transactionContext = TransactionContextManager.getInstance().getTransactionContext();
        CreateCMSSignatureResponseBuilder createCMSSignatureResponseBuilder = new CreateCMSSignatureResponseBuilder();
        new CreateCMSSignatureResponseImpl();
        String str = null;
        for (SingleSignatureInfo singleSignatureInfo : createCMSSignatureRequest.getSingleSignatureInfos()) {
            boolean isSecurityLayerConform = singleSignatureInfo.isSecurityLayerConform();
            boolean isPAdESConform = singleSignatureInfo.isPAdESConform();
            if (isPAdESConform && !isSecurityLayerConform) {
                isSecurityLayerConform = isPAdESConform;
                Logger.debug("Set SecurityLayerConformity to 'true' because PAdES conformity is requested");
            }
            DataObjectInfo dataObjectInfo = singleSignatureInfo.getDataObjectInfo();
            String structure = dataObjectInfo.getStructure();
            CMSDataObject dataObject = dataObjectInfo.getDataObject();
            MetaInfo metaInfo = dataObject.getMetaInfo();
            if (isPAdESConform) {
                Logger.debug("PAdES conformity requested. Does not set mimetype into CAdES signature");
            } else {
                str = metaInfo.getMimeType();
            }
            CMSContent content = dataObject.getContent();
            switch (content.getContentType()) {
                case 0:
                    String reference = ((CMSContentReference) content).getReference();
                    if ("".equals(reference)) {
                        throw new MOAApplicationException("2301", null);
                    }
                    resolve = new ExternalURIResolver().resolve(reference);
                    break;
                case 1:
                    resolve = ((CMSContentExcplicit) content).getBinaryContent();
                    break;
                default:
                    throw new MOAApplicationException("2301", null);
            }
            CMSSignatureCreationModule cMSSignatureCreationModuleFactory = CMSSignatureCreationModuleFactory.getInstance();
            boolean z = structure.compareTo("enveloping") == 0 ? true : true;
            if (structure.compareTo("detached") == 0) {
                z = false;
            }
            ConfigurationProvider configuration = transactionContext.getConfiguration();
            String keyIdentifier = createCMSSignatureRequest.getKeyIdentifier();
            Set buildKeySet = buildKeySet(keyIdentifier);
            if (buildKeySet == null) {
                throw new MOAApplicationException("2231", null);
            }
            if (buildKeySet.size() == 0) {
                throw new MOAApplicationException("2232", null);
            }
            try {
                CMSSignature createSignature = cMSSignatureCreationModuleFactory.createSignature(new CMSSignatureCreationProfileImpl(buildKeySet, getDigestAlgorithm(configuration, keyIdentifier), null, isSecurityLayerConform, z, str, isPAdESConform), buildAdditionalSignedProperties(), new TransactionId(transactionContext.getTransactionID()));
                ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                OutputStream signature = createSignature.getSignature(byteArrayOutputStream, true);
                FilteredOutputStream filteredOutputStream = new FilteredOutputStream(signature, 4096, dataObject.getExcludeByteRangeFrom(), dataObject.getExcludeByteRangeTo());
                IOUtils.copyLarge(resolve, filteredOutputStream);
                filteredOutputStream.flush();
                signature.close();
                createCMSSignatureResponseBuilder.addCMSSignature(byteArrayOutputStream.toString());
            } catch (IOException e) {
                throw new MOAApplicationException("2301", null, e);
            } catch (CMSSignatureCreationException e2) {
                MOAException map = IaikExceptionMapper.getInstance().map(e2);
                createCMSSignatureResponseBuilder.addError(map.getMessageId(), map.getMessage());
                Logger.warn(map.getMessage(), e2);
            }
        }
        return createCMSSignatureResponseBuilder.getResponse();
    }

    private boolean inRange(BigDecimal bigDecimal, CMSDataObject cMSDataObject) {
        BigDecimal excludeByteRangeFrom = cMSDataObject.getExcludeByteRangeFrom();
        BigDecimal excludeByteRangeTo = cMSDataObject.getExcludeByteRangeTo();
        return (excludeByteRangeFrom == null || excludeByteRangeTo == null || bigDecimal.compareTo(excludeByteRangeFrom) == -1 || bigDecimal.compareTo(excludeByteRangeTo) == 1) ? false : true;
    }

    private String getDigestAlgorithm(ConfigurationProvider configurationProvider, String str) throws MOASystemException {
        String str2;
        String digestMethodAlgorithm = configurationProvider.getKeyGroup(str).getDigestMethodAlgorithm();
        String digestMethodAlgorithmName = configurationProvider.getDigestMethodAlgorithmName();
        if (digestMethodAlgorithm != null) {
            str2 = (String) HASH_ALGORITHM_MAPPING.get(digestMethodAlgorithm);
            if (str2 == null) {
                error("config.17", new Object[]{digestMethodAlgorithm});
                throw new MOASystemException("2900", null);
            }
            Logger.debug("Digest algorithm: " + str2 + "(configured in KeyGroup)");
        } else {
            str2 = (String) HASH_ALGORITHM_MAPPING.get(digestMethodAlgorithmName);
            if (str2 == null) {
                error("config.17", new Object[]{digestMethodAlgorithmName});
                throw new MOASystemException("2900", null);
            }
            Logger.debug("Digest algorithm: " + str2 + "(default)");
        }
        return str2;
    }

    private static void error(String str, Object[] objArr) {
        Logger.error(new LogMsg(MessageProvider.getInstance().getMessage(str, objArr)));
    }

    private Set buildKeySet(String str) {
        Set keyGroupEntries;
        TransactionContext transactionContext = TransactionContextManager.getInstance().getTransactionContext();
        ConfigurationProvider configuration = transactionContext.getConfiguration();
        if (transactionContext.getClientCertificate() != null) {
            X509Certificate x509Certificate = transactionContext.getClientCertificate()[0];
            keyGroupEntries = configuration.getKeyGroupEntries(x509Certificate.getIssuerDN(), x509Certificate.getSerialNumber(), str);
        } else {
            keyGroupEntries = configuration.getKeyGroupEntries(null, null, str);
        }
        if (keyGroupEntries == null) {
            return null;
        }
        if (keyGroupEntries.size() == 0) {
            return Collections.EMPTY_SET;
        }
        Set<KeyEntryID> privateKeyEntryIDs = KeyModuleFactory.getInstance(new TransactionId(transactionContext.getTransactionID())).getPrivateKeyEntryIDs();
        HashSet hashSet = new HashSet();
        for (KeyEntryID keyEntryID : privateKeyEntryIDs) {
            if (keyGroupEntries.contains(new KeyGroupEntry(keyEntryID.getModuleID(), keyEntryID.getCertificateIssuer(), keyEntryID.getCertificateSerialNumber()))) {
                hashSet.add(keyEntryID);
            }
        }
        return hashSet;
    }

    private List buildAdditionalSignedProperties() {
        TransactionContextManager.getInstance().getTransactionContext().getConfiguration();
        return Collections.EMPTY_LIST;
    }

    static {
        HASH_ALGORITHM_MAPPING.put("http://www.w3.org/2000/09/xmldsig#sha1", "SHA-1");
        HASH_ALGORITHM_MAPPING.put("http://www.w3.org/2000/09/xmldsig#sha256", "SHA-256");
        HASH_ALGORITHM_MAPPING.put("http://www.w3.org/2000/09/xmldsig#sha384", "SHA-384");
        HASH_ALGORITHM_MAPPING.put("http://www.w3.org/2000/09/xmldsig#sha512", "SHA-512");
        instance = null;
    }
}
