package at.gv.egiz.pdfas.moa;

import at.gv.e_government.reference.namespace.moa._20020822_.CMSContentBaseType;
import at.gv.e_government.reference.namespace.moa._20020822_.CMSDataObjectInfoType;
import at.gv.e_government.reference.namespace.moa._20020822_.CreateCMSSignatureRequest;
import at.gv.e_government.reference.namespace.moa._20020822_.CreateCMSSignatureRequestType;
import at.gv.e_government.reference.namespace.moa._20020822_.CreateCMSSignatureResponseType;
import at.gv.e_government.reference.namespace.moa._20020822_.ErrorResponseType;
import at.gv.e_government.reference.namespace.moa._20020822_.MOAFault;
import at.gv.e_government.reference.namespace.moa._20020822_.MetaInfoType;
import at.gv.e_government.reference.namespace.moa._20020822_.SignatureCreationService;
import at.gv.egiz.pdfas.common.exceptions.PDFASError;
import at.gv.egiz.pdfas.common.exceptions.PdfAsErrorCarrier;
import at.gv.egiz.pdfas.common.exceptions.PdfAsException;
import at.gv.egiz.pdfas.common.exceptions.PdfAsMOAException;
import at.gv.egiz.pdfas.common.exceptions.PdfAsSignatureException;
import at.gv.egiz.pdfas.common.exceptions.PdfAsWrappedIOException;
import at.gv.egiz.pdfas.common.settings.ISettings;
import at.gv.egiz.pdfas.common.utils.SettingsUtils;
import at.gv.egiz.pdfas.common.utils.StreamUtils;
import at.gv.egiz.pdfas.lib.api.Configuration;
import at.gv.egiz.pdfas.lib.api.IConfigurationConstants;
import at.gv.egiz.pdfas.lib.api.sign.SignParameter;
import at.gv.egiz.pdfas.lib.api.verify.VerifyResult;
import at.gv.egiz.pdfas.lib.impl.status.RequestedSignature;
import at.gv.egiz.pdfas.lib.util.SignatureUtils;
import at.gv.egiz.sl.util.ISignatureConnector;
import iaik.x509.X509Certificate;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import javax.xml.ws.BindingProvider;
import javax.xml.ws.soap.SOAPBinding;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:at/gv/egiz/pdfas/moa/MOAConnector.class */
public class MOAConnector implements ISignatureConnector, IConfigurationConstants {
    private static final Logger logger = LoggerFactory.getLogger(MOAConnector.class);
    public static final String SIGNATURE_DEVICE = "MOA";
    private X509Certificate certificate;
    private String moaEndpoint;
    private String keyIdentifier;
    private boolean mtomEnabled;

    public MOAConnector(Configuration configuration, Certificate certificate) throws CertificateException, FileNotFoundException, IOException {
        if (certificate != null) {
            if (certificate instanceof X509Certificate) {
                this.certificate = (X509Certificate) certificate;
            } else {
                this.certificate = new X509Certificate(certificate.getEncoded());
            }
        }
        init(configuration);
    }

    public MOAConnector(Configuration configuration) throws CertificateException, FileNotFoundException, IOException {
        init(configuration);
    }

    /* JADX WARN: Finally extract failed */
    private void init(Configuration configuration) throws CertificateException, FileNotFoundException, IOException {
        if (this.certificate == null) {
            if (configuration.getValue("moa.sign.Certificate") == null) {
                logger.error("moa.sign.Certificate not configured for MOA connector");
                throw new PdfAsWrappedIOException(new PdfAsException("Please configure: moa.sign.Certificate to use MOA connector"));
            }
            if (!(configuration instanceof ISettings)) {
                logger.error("Configuration is no instance of ISettings");
                throw new PdfAsWrappedIOException(new PdfAsException("Configuration is no instance of ISettings"));
            }
            ISettings iSettings = (ISettings) configuration;
            String value = configuration.getValue("moa.sign.Certificate");
            if (value.startsWith("http")) {
                logger.debug("Loading certificate from url: " + value);
                InputStream inputStream = null;
                try {
                    try {
                        inputStream = new URL(value).openStream();
                        this.certificate = new X509Certificate(inputStream);
                        if (inputStream != null) {
                            inputStream.close();
                        }
                    } catch (MalformedURLException e) {
                        logger.error(value + " is not a valid url but starts with http!");
                        throw new PdfAsWrappedIOException(new PdfAsException(value + " is not a valid url but!"));
                    }
                } catch (Throwable th) {
                    if (inputStream != null) {
                        inputStream.close();
                    }
                    throw th;
                }
            } else {
                File file = new File(value);
                if (!file.isAbsolute()) {
                    value = iSettings.getWorkingDirectory() + "/" + configuration.getValue("moa.sign.Certificate");
                    file = new File(value);
                }
                logger.debug("Loading certificate from file: " + value);
                this.certificate = new X509Certificate(new FileInputStream(file));
            }
        }
        this.moaEndpoint = configuration.getValue("moa.sign.url");
        this.keyIdentifier = configuration.getValue("moa.sign.KeyIdentifier");
        this.mtomEnabled = parseConfigToBoolean(configuration.getValue("moa.sign.soap.mtom.enable"), false);
        logger.info("MOA client {} SOAP with MTOM", this.mtomEnabled ? "enabled" : "disabled");
    }

    public X509Certificate getCertificate(SignParameter signParameter) throws PdfAsException {
        return this.certificate;
    }

    public byte[] sign(byte[] bArr, int[] iArr, SignParameter signParameter, RequestedSignature requestedSignature) throws PdfAsException {
        logger.info("signing with MOA @ " + this.moaEndpoint);
        BindingProvider signatureCreationPort = new SignatureCreationService().getSignatureCreationPort();
        BindingProvider bindingProvider = signatureCreationPort;
        bindingProvider.getRequestContext().put("javax.xml.ws.service.endpoint.address", this.moaEndpoint);
        if (this.mtomEnabled && (bindingProvider.getBinding() instanceof SOAPBinding)) {
            bindingProvider.getBinding().setMTOMEnabled(true);
        }
        CreateCMSSignatureRequest createCMSSignatureRequest = new CreateCMSSignatureRequest();
        createCMSSignatureRequest.setKeyIdentifier(this.keyIdentifier.trim());
        CreateCMSSignatureRequestType.SingleSignatureInfo singleSignatureInfo = new CreateCMSSignatureRequestType.SingleSignatureInfo();
        singleSignatureInfo.setSecurityLayerConformity(Boolean.TRUE);
        CreateCMSSignatureRequestType.SingleSignatureInfo.DataObjectInfo dataObjectInfo = new CreateCMSSignatureRequestType.SingleSignatureInfo.DataObjectInfo();
        dataObjectInfo.setStructure("detached");
        CMSDataObjectInfoType.DataObject dataObject = new CMSDataObjectInfoType.DataObject();
        MetaInfoType metaInfoType = new MetaInfoType();
        if (!signParameter.getConfiguration().hasValue("sig_obj.PAdESCompatibility")) {
            metaInfoType.setMimeType("application/pdf");
        } else if ("true".equalsIgnoreCase(signParameter.getConfiguration().getValue("sig_obj.PAdESCompatibility"))) {
            metaInfoType.setMimeType("application/pdf");
            singleSignatureInfo.setPAdESConformity(true);
        } else {
            metaInfoType.setMimeType("application/pdf");
        }
        dataObject.setMetaInfo(metaInfoType);
        CMSContentBaseType cMSContentBaseType = new CMSContentBaseType();
        cMSContentBaseType.setBase64Content(bArr);
        dataObject.setContent(cMSContentBaseType);
        dataObjectInfo.setDataObject(dataObject);
        singleSignatureInfo.setDataObjectInfo(dataObjectInfo);
        createCMSSignatureRequest.getSingleSignatureInfo().add(singleSignatureInfo);
        requestedSignature.getStatus().getMetaInformations().put("SigDevice", SIGNATURE_DEVICE);
        requestedSignature.getStatus().getMetaInformations().put("SigDeviceVersion", "UNKNOWN");
        try {
            CreateCMSSignatureResponseType createCMSSignature = signatureCreationPort.createCMSSignature(createCMSSignatureRequest);
            if (createCMSSignature.getCMSSignatureOrErrorResponse().size() != 1) {
                throw new PdfAsException("Invalid Response Count [" + createCMSSignature.getCMSSignatureOrErrorResponse().size() + "] from MOA!");
            }
            Object obj = createCMSSignature.getCMSSignatureOrErrorResponse().get(0);
            if (!(obj instanceof byte[])) {
                if (!(obj instanceof ErrorResponseType)) {
                    throw new PdfAsException("MOA response is not byte[] nor error but: " + obj.getClass().getName());
                }
                ErrorResponseType errorResponseType = (ErrorResponseType) obj;
                throw new PdfAsMOAException("", "", errorResponseType.getInfo(), errorResponseType.getErrorCode().toString());
            }
            byte[] bArr2 = (byte[]) obj;
            try {
                VerifyResult verifySignature = SignatureUtils.verifySignature(bArr2, bArr);
                if (SettingsUtils.getBooleanValue(requestedSignature.getStatus().getSettings(), "report.invalidSign", false)) {
                    requestedSignature.getStatus().getMetaInformations().put("InvalidSignature", new Base64().encodeToString(bArr2));
                }
                if (StreamUtils.dataCompare(requestedSignature.getCertificate().getFingerprintSHA(), verifySignature.getSignerCertificate().getFingerprintSHA())) {
                    return bArr2;
                }
                throw new PdfAsSignatureException("Certificates missmatch!");
            } catch (PDFASError e) {
                throw new PdfAsErrorCarrier(e);
            }
        } catch (MOAFault e2) {
            logger.warn("MOA signing failed!", e2);
            if (e2.getFaultInfo() != null) {
                throw new PdfAsMOAException(e2.getFaultInfo().getErrorCode().toString(), e2.getFaultInfo().getInfo(), "", "");
            }
            throw new PdfAsMOAException("", e2.getMessage(), "", "");
        }
    }

    private boolean parseConfigToBoolean(String str, boolean z) {
        return StringUtils.isNotEmpty(str) ? Boolean.valueOf(str).booleanValue() : z;
    }
}
