package at.gv.egiz.eaaf.modules.sigverify.moasig.impl;

import at.gv.egiz.eaaf.modules.sigverify.moasig.api.ISignatureVerificationService;
import at.gv.egiz.eaaf.modules.sigverify.moasig.api.data.ICmsSignatureVerificationResponse;
import at.gv.egiz.eaaf.modules.sigverify.moasig.api.data.IXmlSignatureVerificationResponse;
import at.gv.egiz.eaaf.modules.sigverify.moasig.exceptions.MoaSigServiceBuilderException;
import at.gv.egiz.eaaf.modules.sigverify.moasig.exceptions.MoaSigServiceException;
import at.gv.egiz.eaaf.modules.sigverify.moasig.impl.data.VerifyCmsSignatureResponse;
import at.gv.egiz.eaaf.modules.sigverify.moasig.impl.parser.VerifyXmlSignatureResponseParser;
import at.gv.egovernment.moa.spss.MOAException;
import at.gv.egovernment.moa.spss.api.cmsverify.CMSDataObject;
import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureRequest;
import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponse;
import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponseElement;
import at.gv.egovernment.moa.spss.api.impl.VerifyCMSSignatureRequestImpl;
import at.gv.egovernment.moa.spss.api.xmlbind.VerifyXMLSignatureRequestParser;
import at.gv.egovernment.moa.spss.api.xmlbind.VerifyXMLSignatureResponseBuilder;
import at.gv.egovernment.moa.spss.server.invoke.CMSSignatureVerificationInvoker;
import at.gv.egovernment.moa.spss.server.invoke.XMLSignatureVerificationInvoker;
import java.io.ByteArrayInputStream;
import java.security.cert.CertificateEncodingException;
import java.util.Collections;
import java.util.Date;
import java.util.List;
import java.util.Map;
import javax.annotation.PostConstruct;
import org.apache.commons.lang3.time.DateFormatUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.lang.Nullable;
import org.springframework.stereotype.Service;
import org.springframework.util.Base64Utils;
import org.w3c.dom.Document;
import org.w3c.dom.Element;

@Service("moaSigVerifyService")
/* loaded from: input_file:at/gv/egiz/eaaf/modules/sigverify/moasig/impl/SignatureVerificationService.class */
public class SignatureVerificationService extends AbstractSignatureService implements ISignatureVerificationService {
    private static final Logger log = LoggerFactory.getLogger(SignatureVerificationService.class);
    private static final String XMLNS_NS_URI = "http://www.w3.org/2000/xmlns/";
    private static final String MOA_NS_URI = "http://reference.e-government.gv.at/namespace/moa/20020822#";
    private static final String DSIG = "dsig:";
    private static final String DEFAULT_XPATH_SIGNATURE_LOCATION = "//dsig:Signature";
    public static final String PATTERN_ISSUE_INSTANT = "yyyy-MM-dd'T'HH:mm:ssXXX";
    private CMSSignatureVerificationInvoker cadesInvoker;
    private XMLSignatureVerificationInvoker xadesInvocer;

    @Override // at.gv.egiz.eaaf.modules.sigverify.moasig.api.ISignatureVerificationService
    @Nullable
    public ICmsSignatureVerificationResponse verifyCmsSignature(byte[] bArr, String str) throws MoaSigServiceException {
        try {
            try {
                try {
                    setUpContexts(Thread.currentThread().getName());
                    ICmsSignatureVerificationResponse parseCmsVerificationResult = parseCmsVerificationResult(this.cadesInvoker.verifyCMSSignature(buildVerfifyCmsRequest(bArr, str, false, false)));
                    tearDownContexts();
                    return parseCmsVerificationResult;
                } catch (CertificateEncodingException e) {
                    log.warn("Can NOT serialize X509 certificate from CMS/CAdES signature-verification response", e);
                    throw new MoaSigServiceException("service.03", new Object[]{e.toString()}, e);
                }
            } catch (MOAException e2) {
                log.warn("CMS signature verification has an error.", e2);
                throw new MoaSigServiceException("service.03", new Object[]{e2.toString()}, e2);
            }
        } catch (Throwable th) {
            tearDownContexts();
            throw th;
        }
    }

    @Override // at.gv.egiz.eaaf.modules.sigverify.moasig.api.ISignatureVerificationService
    public IXmlSignatureVerificationResponse verifyXmlSignature(byte[] bArr, String str) throws MoaSigServiceException {
        return verifyXmlSignature(bArr, str, null, DEFAULT_XPATH_SIGNATURE_LOCATION, null, Collections.EMPTY_MAP);
    }

    @Override // at.gv.egiz.eaaf.modules.sigverify.moasig.api.ISignatureVerificationService
    public IXmlSignatureVerificationResponse verifyXmlSignature(byte[] bArr, String str, List<String> list) throws MoaSigServiceException {
        return verifyXmlSignature(bArr, str, list, DEFAULT_XPATH_SIGNATURE_LOCATION, null, Collections.EMPTY_MAP);
    }

    @Override // at.gv.egiz.eaaf.modules.sigverify.moasig.api.ISignatureVerificationService
    public IXmlSignatureVerificationResponse verifyXmlSignature(byte[] bArr, String str, String str2) throws MoaSigServiceException {
        return verifyXmlSignature(bArr, str, null, str2, null, Collections.EMPTY_MAP);
    }

    @Override // at.gv.egiz.eaaf.modules.sigverify.moasig.api.ISignatureVerificationService
    public IXmlSignatureVerificationResponse verifyXmlSignature(byte[] bArr, String str, Date date) throws MoaSigServiceException {
        return verifyXmlSignature(bArr, str, null, DEFAULT_XPATH_SIGNATURE_LOCATION, date, Collections.EMPTY_MAP);
    }

    @Override // at.gv.egiz.eaaf.modules.sigverify.moasig.api.ISignatureVerificationService
    public IXmlSignatureVerificationResponse verifyXmlSignature(byte[] bArr, String str, List<String> list, String str2, Date date) throws MoaSigServiceException {
        return verifyXmlSignature(bArr, str, list, str2, date, Collections.EMPTY_MAP);
    }

    @Override // at.gv.egiz.eaaf.modules.sigverify.moasig.api.ISignatureVerificationService
    public IXmlSignatureVerificationResponse verifyXmlSignature(byte[] bArr, String str, List<String> list, String str2, Date date, Map<String, byte[]> map) throws MoaSigServiceException {
        try {
            try {
                setUpContexts(Thread.currentThread().getName());
                IXmlSignatureVerificationResponse parseData = new VerifyXmlSignatureResponseParser(new VerifyXMLSignatureResponseBuilder(true).build(this.xadesInvocer.verifyXMLSignature(new VerifyXMLSignatureRequestParser().parse(buildVerifyXmlRequest(bArr, str, list, str2, date, map)))).getDocumentElement()).parseData();
                tearDownContexts();
                return parseData;
            } catch (MoaSigServiceException e) {
                throw e;
            } catch (MOAException e2) {
                log.warn("MOA-Sig signature-verification has an internal error. MsgCode: " + e2.getMessageId() + " Msg: " + e2.getMessage(), e2);
                throw new MoaSigServiceException("service.moasig.03", new Object[]{e2.getMessage()}, e2);
            }
        } catch (Throwable th) {
            tearDownContexts();
            throw th;
        }
    }

    private ICmsSignatureVerificationResponse parseCmsVerificationResult(VerifyCMSSignatureResponse verifyCMSSignatureResponse) throws CertificateEncodingException {
        if (verifyCMSSignatureResponse.getResponseElements() == null || verifyCMSSignatureResponse.getResponseElements().isEmpty()) {
            log.info("No CMS signature FOUND. ");
            return null;
        }
        if (verifyCMSSignatureResponse.getResponseElements().size() > 1) {
            log.warn("CMS or CAdES signature contains more than one technical signatures. Only validate the first signature");
        }
        VerifyCMSSignatureResponseElement verifyCMSSignatureResponseElement = (VerifyCMSSignatureResponseElement) verifyCMSSignatureResponse.getResponseElements().get(0);
        VerifyCmsSignatureResponse verifyCmsSignatureResponse = new VerifyCmsSignatureResponse();
        verifyCmsSignatureResponse.setSignatureCheckCode(verifyCMSSignatureResponseElement.getSignatureCheck().getCode());
        verifyCmsSignatureResponse.setCertificateCheckCode(verifyCMSSignatureResponseElement.getCertificateCheck().getCode());
        if (verifyCMSSignatureResponseElement.getSignerInfo() != null) {
            verifyCmsSignatureResponse.setSigningDateTime(verifyCMSSignatureResponseElement.getSignerInfo().getSigningTime());
            verifyCmsSignatureResponse.setX509CertificateEncoded(verifyCMSSignatureResponseElement.getSignerInfo().getSignerCertificate().getEncoded());
            verifyCmsSignatureResponse.setQualifiedCertificate(verifyCMSSignatureResponseElement.getSignerInfo().isQualifiedCertificate());
            verifyCmsSignatureResponse.setPublicAuthority(verifyCMSSignatureResponseElement.getSignerInfo().isPublicAuthority());
            verifyCmsSignatureResponse.setPublicAuthorityCode(verifyCMSSignatureResponseElement.getSignerInfo().getPublicAuhtorityID());
        } else {
            log.info("CMS or CAdES verification result contains no SignerInfo");
        }
        return verifyCmsSignatureResponse;
    }

    private VerifyCMSSignatureRequest buildVerfifyCmsRequest(byte[] bArr, String str, boolean z, boolean z2) {
        VerifyCMSSignatureRequestImpl verifyCMSSignatureRequestImpl = new VerifyCMSSignatureRequestImpl();
        verifyCMSSignatureRequestImpl.setDateTime((Date) null);
        verifyCMSSignatureRequestImpl.setCMSSignature(new ByteArrayInputStream(bArr));
        verifyCMSSignatureRequestImpl.setDataObject((CMSDataObject) null);
        verifyCMSSignatureRequestImpl.setTrustProfileId(str);
        verifyCMSSignatureRequestImpl.setSignatories(VerifyCMSSignatureRequest.ALL_SIGNATORIES);
        verifyCMSSignatureRequestImpl.setPDF(z);
        verifyCMSSignatureRequestImpl.setExtended(z2);
        return verifyCMSSignatureRequestImpl;
    }

    private Element buildVerifyXmlRequest(byte[] bArr, String str, List<String> list, String str2, Date date, Map<String, byte[]> map) throws MoaSigServiceBuilderException {
        try {
            Document newDocumentBuilder = getNewDocumentBuilder();
            Element createElementNS = newDocumentBuilder.createElementNS(MOA_NS_URI, "VerifyXMLSignatureRequest");
            createElementNS.setAttributeNS(XMLNS_NS_URI, "xmlns", MOA_NS_URI);
            createElementNS.setAttributeNS(XMLNS_NS_URI, "xmlns:dsig", "http://www.w3.org/2000/09/xmldsig#");
            newDocumentBuilder.appendChild(createElementNS);
            if (date != null) {
                Element createElementNS2 = newDocumentBuilder.createElementNS(MOA_NS_URI, "DateTime");
                createElementNS.appendChild(createElementNS2);
                createElementNS2.appendChild(newDocumentBuilder.createTextNode(DateFormatUtils.format(date, PATTERN_ISSUE_INSTANT)));
            }
            Element createElementNS3 = newDocumentBuilder.createElementNS(MOA_NS_URI, "VerifySignatureInfo");
            createElementNS.appendChild(createElementNS3);
            Element createElementNS4 = newDocumentBuilder.createElementNS(MOA_NS_URI, "VerifySignatureEnvironment");
            createElementNS3.appendChild(createElementNS4);
            Element createElementNS5 = newDocumentBuilder.createElementNS(MOA_NS_URI, "Base64Content");
            createElementNS4.appendChild(createElementNS5);
            String encodeToString = Base64Utils.encodeToString(bArr);
            StringBuffer stringBuffer = new StringBuffer();
            for (int i = 0; i < encodeToString.length(); i++) {
                char charAt = encodeToString.charAt(i);
                if (charAt != '\r') {
                    stringBuffer.append(charAt);
                }
            }
            createElementNS5.appendChild(newDocumentBuilder.createTextNode(stringBuffer.toString()));
            Element createElementNS6 = newDocumentBuilder.createElementNS(MOA_NS_URI, "VerifySignatureLocation");
            createElementNS3.appendChild(createElementNS6);
            createElementNS6.appendChild(newDocumentBuilder.createTextNode(str2));
            if (list != null && !list.isEmpty()) {
                Element createElementNS7 = newDocumentBuilder.createElementNS(MOA_NS_URI, "SignatureManifestCheckParams");
                createElementNS.appendChild(createElementNS7);
                createElementNS7.setAttribute("ReturnReferenceInputData", "false");
                Element createElementNS8 = newDocumentBuilder.createElementNS(MOA_NS_URI, "ReferenceInfo");
                createElementNS7.appendChild(createElementNS8);
                for (String str3 : list) {
                    Element createElementNS9 = newDocumentBuilder.createElementNS(MOA_NS_URI, "VerifyTransformsInfoProfileID");
                    createElementNS8.appendChild(createElementNS9);
                    createElementNS9.appendChild(newDocumentBuilder.createTextNode(str3));
                }
            }
            createElementNS.appendChild(newDocumentBuilder.createElementNS(MOA_NS_URI, "ReturnHashInputData"));
            Element createElementNS10 = newDocumentBuilder.createElementNS(MOA_NS_URI, "TrustProfileID");
            createElementNS10.appendChild(newDocumentBuilder.createTextNode(str));
            createElementNS.appendChild(createElementNS10);
            if (!map.isEmpty()) {
                Element createElementNS11 = newDocumentBuilder.createElementNS(MOA_NS_URI, "SupplementProfile");
                for (Map.Entry<String, byte[]> entry : map.entrySet()) {
                    String key = entry.getKey();
                    byte[] value = entry.getValue();
                    Element createElementNS12 = newDocumentBuilder.createElementNS(MOA_NS_URI, "Content");
                    createElementNS12.setAttribute("Reference", key);
                    Element createElementNS13 = newDocumentBuilder.createElementNS(MOA_NS_URI, "Base64Content");
                    createElementNS13.setTextContent(Base64Utils.encodeToString(value));
                    createElementNS12.appendChild(createElementNS13);
                    createElementNS11.appendChild(createElementNS12);
                }
                createElementNS.appendChild(createElementNS11);
            }
            return createElementNS;
        } catch (Throwable th) {
            log.warn("Can NOT build VerifyXML-Signature request for MOA-Sig", th);
            throw new MoaSigServiceBuilderException("service.moasig.03", new Object[]{th.getMessage()}, th);
        }
    }

    @PostConstruct
    protected void internalInitializer() {
        log.debug("Instanzing SignatureVerificationService implementation ... ");
        this.cadesInvoker = CMSSignatureVerificationInvoker.getInstance();
        this.xadesInvocer = XMLSignatureVerificationInvoker.getInstance();
        log.info("MOA-Sig signature-verification service initialized");
    }
}
