package at.gv.egiz.pdfas.web.servlets;

import at.gv.egiz.pdfas.lib.util.StreamUtils;
import at.gv.egiz.pdfas.web.config.WebConfiguration;
import at.gv.egiz.pdfas.web.helper.PdfAsHelper;
import at.gv.egiz.pdfas.web.sl20.JsonSecurityUtils;
import at.gv.egiz.pdfas.web.sl20.X509Utils;
import at.gv.egiz.sl20.data.VerificationResult;
import at.gv.egiz.sl20.exceptions.SL20Exception;
import at.gv.egiz.sl20.exceptions.SL20SecurityException;
import at.gv.egiz.sl20.exceptions.SLCommandoParserException;
import at.gv.egiz.sl20.utils.SL20JSONExtractorUtils;
import com.google.gson.JsonObject;
import com.google.gson.JsonParser;
import com.google.gson.JsonSyntaxException;
import iaik.x509.X509Certificate;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Base64;
import java.util.Iterator;
import java.util.List;
import javax.servlet.ServletException;
import javax.servlet.annotation.MultipartConfig;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.jose4j.base64url.Base64Url;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@MultipartConfig
/* loaded from: input_file:at/gv/egiz/pdfas/web/servlets/SLDataURLServlet.class */
public class SLDataURLServlet extends HttpServlet {
    private static final Logger logger = LoggerFactory.getLogger(SLDataURLServlet.class);
    private static final long serialVersionUID = 1;

    protected void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        process(httpServletRequest, httpServletResponse);
    }

    protected void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        process(httpServletRequest, httpServletResponse);
    }

    protected void process(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        JsonObject jsonObject = null;
        try {
            if (!PdfAsHelper.checkDataUrlAccess(httpServletRequest)) {
                throw new Exception("No valid dataURL access");
            }
            PdfAsHelper.setFromDataUrl(httpServletRequest);
            String parameter = httpServletRequest.getParameter("slcommand");
            if (StringUtils.isEmpty(parameter)) {
                String readStream = StreamUtils.readStream(httpServletRequest.getInputStream(), "UTF-8");
                if (!StringUtils.isNotEmpty(readStream)) {
                    logger.info("NO SL2.0 commando or result FOUND.");
                    throw new SL20Exception("sl20.04", (Throwable) null);
                }
                logger.info("Use SIC Handy-Signature work-around!");
                parameter = readStream.substring("slcommand=".length());
            }
            logger.trace("Received SL2.0 command: " + parameter);
            try {
                jsonObject = new JsonParser().parse(Base64Url.decodeToUtf8String(parameter)).getAsJsonObject();
                String stringValue = SL20JSONExtractorUtils.getStringValue(jsonObject, "transactionID", false);
                if (StringUtils.isNotEmpty(stringValue)) {
                    httpServletRequest.setAttribute("PDF_SESSION_transactionID", stringValue);
                }
                String str = (String) httpServletRequest.getSession(false).getAttribute("PDF_SESSION_reqID");
                String stringValue2 = SL20JSONExtractorUtils.getStringValue(jsonObject, "inResponseTo", true);
                if (str == null || !str.equals(stringValue2)) {
                    logger.debug("SL20 'reqId': " + str + " does NOT match to 'inResponseTo':" + stringValue2);
                    throw new SL20SecurityException("SL20 'reqId': " + str + " does NOT match to 'inResponseTo':" + stringValue2);
                }
                JsonSecurityUtils jsonSecurityUtils = JsonSecurityUtils.getInstance();
                if (!jsonSecurityUtils.isInitialized()) {
                    jsonSecurityUtils = null;
                }
                VerificationResult extractSL20PayLoad = SL20JSONExtractorUtils.extractSL20PayLoad(jsonObject, jsonSecurityUtils, WebConfiguration.isSL20SigningRequired());
                if (extractSL20PayLoad.isValidSigned() == null || !extractSL20PayLoad.isValidSigned().booleanValue()) {
                    if (WebConfiguration.isSL20SigningRequired()) {
                        logger.info("SL20 result from VDA was not valid signed");
                        throw new SL20SecurityException("Signature on SL20 result NOT valid.");
                    }
                    logger.warn("SL20 result from VDA is NOT valid signed, but signatures-verification is DISABLED by configuration!");
                }
                JsonObject payload = extractSL20PayLoad.getPayload();
                logger.trace("SL2.0 payLoad on DataURL: " + payload.toString());
                if (SL20JSONExtractorUtils.getStringValue(payload, "name", true).equals("getCertificate")) {
                    logger.debug("Find getCertificate result .... ");
                    List listOfStringElements = SL20JSONExtractorUtils.getListOfStringElements(SL20JSONExtractorUtils.extractSL20Result(payload, jsonSecurityUtils, WebConfiguration.isSL20EncryptionRequired()).getAsJsonObject(), "x5c", true);
                    if (listOfStringElements.isEmpty()) {
                        logger.warn("SL20 'getCertificate' result contains NO certificate");
                        throw new SLCommandoParserException();
                    }
                    if (listOfStringElements.size() == 1) {
                        logger.debug("SL20 'getCertificate' result contains only one certificate");
                        PdfAsHelper.injectCertificate(httpServletRequest, httpServletResponse, Base64.getDecoder().decode((String) listOfStringElements.get(0)), getServletContext());
                    } else {
                        logger.debug("SL20 'getCertificate' result contains more than one certificate. Certificates must be sorted ... ");
                        ArrayList arrayList = new ArrayList();
                        Iterator it = listOfStringElements.iterator();
                        while (it.hasNext()) {
                            arrayList.add(new X509Certificate(Base64.getDecoder().decode((String) it.next())));
                        }
                        List<java.security.cert.X509Certificate> sortCertificates = X509Utils.sortCertificates(arrayList);
                        logger.debug("Sorting of certificate completed. Select end-user certificate ... ");
                        PdfAsHelper.injectCertificate(httpServletRequest, httpServletResponse, sortCertificates.get(0).getEncoded(), getServletContext());
                    }
                } else {
                    if (!SL20JSONExtractorUtils.getStringValue(payload, "name", true).equals("createCAdES")) {
                        logger.info("SL20 response is NOT a qualifiedeID result");
                        throw new SLCommandoParserException();
                    }
                    logger.debug("Find createCAdES result .... ");
                    String stringValue3 = SL20JSONExtractorUtils.getStringValue(SL20JSONExtractorUtils.extractSL20Result(payload, jsonSecurityUtils, WebConfiguration.isSL20EncryptionRequired()).getAsJsonObject(), "signature", true);
                    if (StringUtils.isEmpty(stringValue3)) {
                        logger.warn("SL20 'createCAdES' result contains NO signature");
                        throw new SLCommandoParserException();
                    }
                    PdfAsHelper.injectSignature(httpServletRequest, httpServletResponse, Base64.getDecoder().decode(stringValue3), getServletContext());
                }
            } catch (JsonSyntaxException e) {
                logger.warn("SL2.0 command or result is NOT valid JSON.", e);
                logger.debug("SL2.0 msg: " + parameter);
                throw new SL20Exception("sl20.02", e);
            }
        } catch (Exception e2) {
            logger.warn("Error in DataURL Servlet. ", e2);
            PdfAsHelper.setSessionException(httpServletRequest, httpServletResponse, e2.getMessage(), e2);
            if (!PdfAsHelper.getFromDataUrl(httpServletRequest)) {
                PdfAsHelper.gotoError(getServletContext(), httpServletRequest, httpServletResponse);
                return;
            }
            String generateErrorURL = PdfAsHelper.generateErrorURL(httpServletRequest, httpServletResponse);
            String str2 = null;
            if (jsonObject != null) {
                try {
                    str2 = SL20JSONExtractorUtils.getStringValue(jsonObject, "transactionID", false);
                } catch (SL20Exception e3) {
                    logger.error("SL20 error-handling FAILED", e2);
                    httpServletResponse.sendError(500, "Internal Server Error.");
                    return;
                }
            }
            PdfAsHelper.buildSL20RedirectResponse(httpServletRequest, httpServletResponse, str2, generateErrorURL);
        }
    }
}
