package at.gv.egovernment.moa.sig.tsl.engine;

import at.gv.egovernment.moa.sig.tsl.TslConstants;
import at.gv.egovernment.moa.sig.tsl.api.ITslConfiguration;
import at.gv.egovernment.moa.sig.tsl.database.AbstractDBService;
import at.gv.egovernment.moa.sig.tsl.database.IDBService;
import at.gv.egovernment.moa.sig.tsl.database.dao.DigitalIdContext;
import at.gv.egovernment.moa.sig.tsl.engine.data.BinaryHashCache;
import at.gv.egovernment.moa.sig.tsl.engine.data.DownloadDigestVerify;
import at.gv.egovernment.moa.sig.tsl.engine.data.ITslEvaluationResult;
import at.gv.egovernment.moa.sig.tsl.engine.data.PointerToNationalTsl;
import at.gv.egovernment.moa.sig.tsl.engine.data.TSLEvaluationResult;
import at.gv.egovernment.moa.sig.tsl.engine.data.TSLProcessingResultElement;
import at.gv.egovernment.moa.sig.tsl.engine.verify.TSLVerifier;
import at.gv.egovernment.moa.sig.tsl.exception.TslDatabaseException;
import at.gv.egovernment.moa.sig.tsl.exception.TslEvaluationException;
import at.gv.egovernment.moa.sig.tsl.exception.TslException;
import at.gv.egovernment.moa.sig.tsl.exception.TslInitializationException;
import at.gv.egovernment.moa.sig.tsl.exception.TslProcessingException;
import at.gv.egovernment.moa.sig.tsl.utils.DigestCopyTSLInputStream;
import at.gv.egovernment.moa.sig.tsl.utils.FileDownloadUtils;
import at.gv.egovernment.moa.sig.tsl.utils.MiscUtil;
import at.gv.egovernment.moa.sig.tsl.utils.TslCertificateUtils;
import at.gv.egovernment.moa.sig.tsl.utils.TspServiceParserUtils;
import iaik.utils.Util;
import iaik.xml.crypto.utils.DOMUtils;
import java.io.BufferedInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.net.MalformedURLException;
import java.net.URL;
import java.net.URLEncoder;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Date;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.ListIterator;
import java.util.Map;
import java.util.Objects;
import javax.xml.bind.JAXBElement;
import javax.xml.bind.JAXBException;
import javax.xml.bind.Unmarshaller;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.parsers.SAXParserFactory;
import javax.xml.transform.sax.SAXSource;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang3.StringUtils;
import org.etsi.uri._02231.v2_.AdditionalServiceInformationType;
import org.etsi.uri._02231.v2_.AnyType;
import org.etsi.uri._02231.v2_.DigitalIdentityListType;
import org.etsi.uri._02231.v2_.DigitalIdentityType;
import org.etsi.uri._02231.v2_.ExtensionType;
import org.etsi.uri._02231.v2_.ExtensionsListType;
import org.etsi.uri._02231.v2_.MultiLangNormStringType;
import org.etsi.uri._02231.v2_.OtherTSLPointerType;
import org.etsi.uri._02231.v2_.OtherTSLPointersType;
import org.etsi.uri._02231.v2_.TSLSchemeInformationType;
import org.etsi.uri._02231.v2_.TSPType;
import org.etsi.uri._02231.v2_.TrustServiceProviderListType;
import org.etsi.uri._02231.v2_.TrustStatusListType;
import org.etsi.uri.trstsvc.svcinfoext.esigdir_1999_93_ec_trustedlist.__.QualificationElementType;
import org.etsi.uri.trstsvc.svcinfoext.esigdir_1999_93_ec_trustedlist.__.QualificationsType;
import org.etsi.uri.trstsvc.svcinfoext.esigdir_1999_93_ec_trustedlist.__.QualifierType;
import org.etsi.uri.trstsvc.svcinfoext.esigdir_1999_93_ec_trustedlist.__.QualifiersType;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Document;
import org.xml.sax.InputSource;
import org.xml.sax.SAXException;
import org.xml.sax.XMLReader;
import org.xml.sax.helpers.XMLFilterImpl;

/* loaded from: input_file:at/gv/egovernment/moa/sig/tsl/engine/TslEngine.class */
public class TslEngine {
    private static final Logger log = LoggerFactory.getLogger(TslEngine.class);
    private ITslConfiguration config;
    private IDBService dbService;

    public TslEngine(ITslConfiguration iTslConfiguration, IDBService iDBService) {
        this.config = null;
        this.dbService = null;
        this.config = iTslConfiguration;
        this.dbService = iDBService;
    }

    public List<PointerToNationalTsl> processNationalTSL(PointerToNationalTsl pointerToNationalTsl) throws TslProcessingException {
        if (!TslConstants.MIMETYPE_TSL_PARSEABLE.equals(pointerToNationalTsl.getMimeType())) {
            log.debug("Pointer to other TSL:" + pointerToNationalTsl.getUrl().toString() + " has a not parseable MimeType:" + pointerToNationalTsl.getMimeType());
            return null;
        }
        if (this.dbService.isTslAlreadyProcessed(pointerToNationalTsl.getUrl())) {
            log.trace("TSL:" + pointerToNationalTsl.getUrl().toString() + " is processed already. Nothing do to any more ;) ");
            return null;
        }
        log.info("Start processing of national " + pointerToNationalTsl.getCountryCode() + " TSL with URL:" + pointerToNationalTsl.getUrl().toString());
        try {
            List<X509Certificate> loadCertificatesFromResource = loadCertificatesFromResource(this.config.getPathToTrustAnchorMS() + pointerToNationalTsl.getCountryCode().toLowerCase() + MiscUtil.DEFAULT_SLASH);
            if (pointerToNationalTsl.getTrustedCerts() == null || pointerToNationalTsl.getTrustedCerts().isEmpty()) {
                log.info("No allowed signer certificates on parent TSL for country:" + pointerToNationalTsl.getCountryCode() + " and TSL-URL:" + pointerToNationalTsl.getUrl().toString());
            } else {
                loadCertificatesFromResource.addAll(pointerToNationalTsl.getTrustedCerts());
            }
            DownloadDigestVerify downloadAndVerifyTSL = downloadAndVerifyTSL(pointerToNationalTsl.getUrl(), loadCertificatesFromResource.listIterator());
            if (!downloadAndVerifyTSL.getVerified().booleanValue()) {
                log.error("National " + pointerToNationalTsl.getCountryCode() + " TSL:" + pointerToNationalTsl.getUrl().toString() + " signature can not verified. TSL Update process stops!");
                throw new TslProcessingException("National TSL signature can not verified. TSL Update process stops!");
            }
            TrustStatusListType unmarshalTSL = unmarshalTSL(downloadAndVerifyTSL);
            this.dbService.cleanUpCertificateInformation(pointerToNationalTsl.getUrl().toString());
            parseTrustServiceProviderInformationIntoDatabase(unmarshalTSL.getTrustServiceProviderList(), pointerToNationalTsl);
            List<PointerToNationalTsl> parsePointerToNationalTslFromInputTsl = parsePointerToNationalTslFromInputTsl(unmarshalTSL.getSchemeInformation());
            this.dbService.writeTslDownloadInformation(downloadAndVerifyTSL, pointerToNationalTsl.getMimeType(), pointerToNationalTsl.getCountryCode(), true);
            return parsePointerToNationalTslFromInputTsl;
        } catch (TslDatabaseException e) {
            log.error("TSL service can not write to database.", e);
            throw new TslProcessingException("TSL service can not write to database.", e);
        } catch (TslProcessingException e2) {
            if (0 != 0) {
                try {
                    this.dbService.writeTslDownloadInformation(null, pointerToNationalTsl.getMimeType(), pointerToNationalTsl.getCountryCode(), false);
                } catch (TslDatabaseException e3) {
                    log.error("TSL service can not write to database.", e2);
                    throw new TslProcessingException("TSL service can not write to database.", e2);
                }
            }
            throw e2;
        } catch (TslException e4) {
            log.error("TSL service has a general error during national TSL processing. (URL:" + pointerToNationalTsl.getUrl().toString() + ")", e4);
            throw new TslProcessingException("TSL service has a general error during national TSL processing. (URL:" + pointerToNationalTsl.getUrl().toString() + ")", e4);
        }
    }

    public List<PointerToNationalTsl> processEUTSL() throws TslProcessingException {
        try {
            List<X509Certificate> loadCertificatesFromResource = loadCertificatesFromResource(this.config.getPathToTrustAnchorEU());
            this.dbService.cleanUpDownloadInformation();
            DownloadDigestVerify downloadAndVerifyTSL = downloadAndVerifyTSL(this.config.getEuTslUrl(), loadCertificatesFromResource.listIterator());
            if (!downloadAndVerifyTSL.getVerified().booleanValue()) {
                log.error("European TSL signature can not verified. TSL Update process stops!");
                throw new TslProcessingException("European TSL signature can not verified. TSL Update process stops!");
            }
            List<PointerToNationalTsl> parsePointerToNationalTslFromInputTsl = parsePointerToNationalTslFromInputTsl(unmarshalTSL(downloadAndVerifyTSL).getSchemeInformation());
            this.dbService.writeTslDownloadInformation(downloadAndVerifyTSL, "", "EU", true);
            return parsePointerToNationalTslFromInputTsl;
        } catch (TslDatabaseException e) {
            log.error("TSL service can not write to database.", e);
            throw new TslProcessingException("TSL service can not write to database.", e);
        } catch (TslProcessingException e2) {
            if (0 != 0) {
                try {
                    this.dbService.writeTslDownloadInformation(null, "", "EU", false);
                } catch (TslDatabaseException e3) {
                    log.error("TSL service can not write to database.", e2);
                    throw new TslProcessingException("TSL service can not write to database.", e2);
                }
            }
            throw e2;
        } catch (TslException e4) {
            log.error("TSL service has a general error during European TSL processing.", e4);
            throw new TslProcessingException("TSL service has a general error during European TSL processing.", e4);
        }
    }

    public LinkedHashMap<iaik.x509.X509Certificate, ITslEvaluationResult> evaluate(TslConstants.X509Model x509Model, List<iaik.x509.X509Certificate> list, Date date, Date date2) throws TslEvaluationException {
        Date date3 = null;
        LinkedHashMap<iaik.x509.X509Certificate, ITslEvaluationResult> linkedHashMap = new LinkedHashMap<>();
        try {
            for (iaik.x509.X509Certificate x509Certificate : Arrays.asList(Util.arrangeCertificateChain((iaik.x509.X509Certificate[]) list.toArray(new iaik.x509.X509Certificate[list.size()]), false))) {
                String fingerPrint = TslCertificateUtils.getFingerPrint(x509Certificate);
                if (date3 != null) {
                    date = date3;
                } else if (x509Model == TslConstants.CHAIN_MODEL) {
                    date3 = x509Certificate.getNotBefore();
                }
                PreparedStatement prepareStatement = this.dbService.connectToDatabase(AbstractDBService.MODE.READ_ONLY).prepareStatement(DigitalIdContext.EVALUATE_CERT);
                prepareStatement.setString(1, fingerPrint);
                prepareStatement.setDate(2, new java.sql.Date(date.getTime()));
                prepareStatement.setDate(3, new java.sql.Date(date2.getTime()));
                ResultSet executeQuery = prepareStatement.executeQuery();
                TSLEvaluationResult tSLEvaluationResult = new TSLEvaluationResult(x509Certificate, fingerPrint, date, date2);
                while (executeQuery.next()) {
                    Objects.requireNonNull(tSLEvaluationResult);
                    TSLEvaluationResult.TSLResultRow tSLResultRow = new TSLEvaluationResult.TSLResultRow();
                    tSLResultRow.setCertHash(executeQuery.getString(DigitalIdContext.COLS.hash.name()));
                    tSLResultRow.setCertNotAfter(executeQuery.getDate(DigitalIdContext.COLS.notAfter.name()));
                    tSLResultRow.setCertNotBefore(executeQuery.getDate(DigitalIdContext.COLS.notBefore.name()));
                    tSLResultRow.setCertSKI(executeQuery.getString(DigitalIdContext.COLS.ski.name()));
                    tSLResultRow.setCertSubjectName(executeQuery.getString(DigitalIdContext.COLS.subDN.name()));
                    tSLResultRow.setCertSubjectNameHash(executeQuery.getString(DigitalIdContext.COLS.subDNnormHash.name()));
                    tSLResultRow.setTerritory(executeQuery.getString(DigitalIdContext.COLS.territory.name()));
                    tSLResultRow.setTslURL(executeQuery.getString(DigitalIdContext.COLS.tslURL.name()));
                    tSLResultRow.setTspEndDate(executeQuery.getDate(DigitalIdContext.COLS.endDate.name()));
                    tSLResultRow.setTspStartDate(executeQuery.getDate(DigitalIdContext.COLS.startDate.name()));
                    tSLResultRow.setTspExtensions(TspServiceParserUtils.decodeServiceExtentsions(executeQuery.getBytes(DigitalIdContext.COLS.sExt.name())));
                    tSLResultRow.setTspStatus(executeQuery.getString(DigitalIdContext.COLS.status.name()));
                    tSLResultRow.setTspStatusType(executeQuery.getString(DigitalIdContext.COLS.sType.name()));
                    tSLEvaluationResult.addTslResult(tSLResultRow);
                }
                executeQuery.close();
                linkedHashMap.put(x509Certificate, tSLEvaluationResult);
            }
            checkEndEntity(linkedHashMap);
            return linkedHashMap;
        } catch (TslDatabaseException | SQLException e) {
            log.error("Certificate evaluation against TSL FAILED by reason of a Database interaction problem", e);
            throw new TslEvaluationException("Certificate evaluation against TSL FAILED by reason of a Database interaction problem", e);
        } catch (TslProcessingException e2) {
            log.warn("Certificate evaluation against TSL FAILED by reason of: " + e2.getMessage(), e2);
            throw new TslEvaluationException("Certificate evaluation against TSL FAILED by reason of: " + e2.getMessage(), e2);
        }
    }

    public List<TSLProcessingResultElement> getCurrentTSLClientStatus() {
        return this.dbService.getTSLProcessingStatus();
    }

    private void checkEndEntity(LinkedHashMap<iaik.x509.X509Certificate, ITslEvaluationResult> linkedHashMap) throws TslEvaluationException {
        TSLEvaluationResult.TSLResultRow.TSLEndEntityResult tSLEndEntityResult;
        Map.Entry<iaik.x509.X509Certificate, ITslEvaluationResult> entry = null;
        for (Map.Entry<iaik.x509.X509Certificate, ITslEvaluationResult> entry2 : linkedHashMap.entrySet()) {
            if (entry == null) {
                entry = entry2;
            }
            ITslEvaluationResult value = entry2.getValue();
            if (value != null) {
                for (TSLEvaluationResult.TSLResultRow tSLResultRow : value.getTslResults()) {
                    ExtensionsListType tspExtensions = tSLResultRow.getTspExtensions();
                    if (tspExtensions == null) {
                        Objects.requireNonNull(tSLResultRow);
                        entry.setValue(new TSLEvaluationResult.TSLResultRow.TSLEndEntityResult(tSLResultRow));
                    } else {
                        for (ExtensionType extensionType : tspExtensions.getExtension()) {
                            if (extensionType.isCritical()) {
                                for (Object obj : extensionType.getContent()) {
                                    if (obj instanceof String) {
                                        if (((String) obj).trim().length() != 0) {
                                            log.warn("Unexpected String in Trust-Service extentsion: " + obj);
                                            throw new TslEvaluationException("Unexpected String in Trust-Service extentsion: " + obj);
                                        }
                                        log.trace("Find whitespaces that can be ignored");
                                    } else if (obj instanceof JAXBElement) {
                                        Object value2 = ((JAXBElement) obj).getValue();
                                        if (value2 instanceof QualificationsType) {
                                            for (QualificationElementType qualificationElementType : ((QualificationsType) value2).getQualificationElement()) {
                                                QualifiersType qualifiers = qualificationElementType.getQualifiers();
                                                if (TslCertificateUtils.matchCriteriaList(entry, qualificationElementType.getCriteriaList())) {
                                                    List<QualifierType> qualifier = qualifiers.getQualifier();
                                                    ITslEvaluationResult value3 = entry.getValue();
                                                    if (value3 == null || !(value3 instanceof TSLEvaluationResult.TSLResultRow.TSLEndEntityResult)) {
                                                        Objects.requireNonNull(tSLResultRow);
                                                        entry.setValue(new TSLEvaluationResult.TSLResultRow.TSLEndEntityResult(qualifier));
                                                    } else {
                                                        TSLEvaluationResult.TSLResultRow.TSLEndEntityResult tSLEndEntityResult2 = (TSLEvaluationResult.TSLResultRow.TSLEndEntityResult) value3;
                                                        if (tSLEndEntityResult2.getQualifierList() != null && !tSLEndEntityResult2.getQualifierList().isEmpty()) {
                                                            log.info("More than one criteria list matches in critical TSP extentsion. Result includes set union of qualifiers!");
                                                        }
                                                        tSLEndEntityResult2.addQualifiers(qualifier);
                                                    }
                                                } else {
                                                    log.info("Certificate extensions does NOT match with Trust-Service extensions.");
                                                }
                                            }
                                        } else if (value2 instanceof AdditionalServiceInformationType) {
                                            log.debug("Trust-Service extentsion includes a 'AdditionalInformationType' --> use it as it is");
                                            ITslEvaluationResult value4 = entry.getValue();
                                            if (value4 == null || !(value4 instanceof TSLEvaluationResult.TSLResultRow.TSLEndEntityResult)) {
                                                Objects.requireNonNull(tSLResultRow);
                                                tSLEndEntityResult = new TSLEvaluationResult.TSLResultRow.TSLEndEntityResult(tSLResultRow);
                                                entry.setValue(tSLEndEntityResult);
                                            } else {
                                                tSLEndEntityResult = (TSLEvaluationResult.TSLResultRow.TSLEndEntityResult) value4;
                                            }
                                            AdditionalServiceInformationType additionalServiceInformationType = (AdditionalServiceInformationType) value2;
                                            if (additionalServiceInformationType.getURI() != null) {
                                                if (MiscUtil.isNotEmpty(additionalServiceInformationType.getURI().getValue())) {
                                                    tSLEndEntityResult.addAdditionalServiceInformation(additionalServiceInformationType.getURI().getValue());
                                                } else {
                                                    log.warn("Suspect EMPTY 'AdditionalServiceInformationType' on TSL:" + tSLEndEntityResult.getTslURL());
                                                }
                                            }
                                        }
                                    }
                                }
                            } else {
                                log.info("Ignore not-critical extensions on TSL");
                                Objects.requireNonNull(tSLResultRow);
                                entry.setValue(new TSLEvaluationResult.TSLResultRow.TSLEndEntityResult(tSLResultRow));
                            }
                        }
                    }
                }
            } else {
                log.error("Something goes WRONG, because 'TSLEvaluationResult' should never be NULL.");
            }
        }
    }

    private void parseTrustServiceProviderInformationIntoDatabase(TrustServiceProviderListType trustServiceProviderListType, PointerToNationalTsl pointerToNationalTsl) throws TslProcessingException {
        if (trustServiceProviderListType == null || trustServiceProviderListType.getTrustServiceProvider() == null) {
            return;
        }
        for (TSPType tSPType : trustServiceProviderListType.getTrustServiceProvider()) {
            String str = null;
            try {
                try {
                    List<MultiLangNormStringType> name = tSPType.getTSPInformation().getTSPName().getName();
                    Iterator<MultiLangNormStringType> it = name.iterator();
                    while (it.hasNext()) {
                        str = it.next().getValue();
                    }
                    if (str == null && !name.isEmpty()) {
                        str = name.get(0).getValue();
                    }
                    if (str == null) {
                        str = TslConstants.DEFAULT_TSPNAME_NOT_SET;
                    }
                } catch (NullPointerException e) {
                    log.info("Trust Service-Provider contains no TSPName Element");
                    if (str == null) {
                        str = TslConstants.DEFAULT_TSPNAME_NOT_SET;
                    }
                }
                TrustServiceProcessingRunner trustServiceProcessingRunner = new TrustServiceProcessingRunner(this.dbService, tSPType, pointerToNationalTsl, str);
                if (this.config.isMultiThreadedImportEnabled()) {
                    Thread thread = new Thread(trustServiceProcessingRunner);
                    thread.setName("Country:" + pointerToNationalTsl.getCountryCode() + " TSP:" + str);
                    thread.start();
                } else {
                    trustServiceProcessingRunner.run();
                }
            } catch (Throwable th) {
                if (str == null) {
                }
                throw th;
            }
        }
    }

    private List<PointerToNationalTsl> parsePointerToNationalTslFromInputTsl(TSLSchemeInformationType tSLSchemeInformationType) {
        ArrayList arrayList = new ArrayList();
        OtherTSLPointersType pointersToOtherTSL = tSLSchemeInformationType.getPointersToOtherTSL();
        if (pointersToOtherTSL != null && pointersToOtherTSL.getOtherTSLPointer() != null) {
            for (OtherTSLPointerType otherTSLPointerType : pointersToOtherTSL.getOtherTSLPointer()) {
                PointerToNationalTsl pointerToNationalTsl = new PointerToNationalTsl();
                try {
                    if (MiscUtil.isNotEmpty(otherTSLPointerType.getTSLLocation())) {
                        log.debug("Parse PointerToOtherTSL with URL:" + otherTSLPointerType.getTSLLocation());
                        pointerToNationalTsl.setUrl(new URL(otherTSLPointerType.getTSLLocation()));
                        if (otherTSLPointerType.getServiceDigitalIdentities() == null || otherTSLPointerType.getServiceDigitalIdentities().getServiceDigitalIdentity() == null) {
                            log.warn("Pointer to other TSL:" + pointerToNationalTsl.getUrl() + " contains NO trusted certificates for validation");
                        } else {
                            for (DigitalIdentityListType digitalIdentityListType : otherTSLPointerType.getServiceDigitalIdentities().getServiceDigitalIdentity()) {
                                if (digitalIdentityListType.getDigitalId() != null) {
                                    for (DigitalIdentityType digitalIdentityType : digitalIdentityListType.getDigitalId()) {
                                        if (digitalIdentityType.getX509Certificate() != null) {
                                            try {
                                                pointerToNationalTsl.addTrustedCert(new iaik.x509.X509Certificate(digitalIdentityType.getX509Certificate()));
                                            } catch (CertificateException e) {
                                                log.error("Pointer to other TSL:" + pointerToNationalTsl.getUrl() + " contains a non parsable certificate.", e);
                                            }
                                        } else {
                                            log.warn("Pointer to other TSL:" + pointerToNationalTsl.getUrl() + " contains no certificate information.");
                                        }
                                    }
                                }
                            }
                        }
                        if (otherTSLPointerType.getAdditionalInformation() != null && otherTSLPointerType.getAdditionalInformation().getTextualInformationOrOtherInformation() != null) {
                            for (Object obj : otherTSLPointerType.getAdditionalInformation().getTextualInformationOrOtherInformation()) {
                                if (obj instanceof AnyType) {
                                    AnyType anyType = (AnyType) obj;
                                    if (anyType.getContent() != null) {
                                        for (Object obj2 : anyType.getContent()) {
                                            if (obj2 instanceof JAXBElement) {
                                                JAXBElement jAXBElement = (JAXBElement) obj2;
                                                if (TslConstants.TSL_SCHEME_JAXBELEMENT_TERRITORY_NAME.equals(jAXBElement.getName().getLocalPart()) && "http://uri.etsi.org/02231/v2#".equals(jAXBElement.getName().getNamespaceURI())) {
                                                    pointerToNationalTsl.setCountryCode((String) jAXBElement.getValue());
                                                } else if (TslConstants.TSL_SCHEME_JAXBELEMENT_MIMETYPE_NAME.equals(jAXBElement.getName().getLocalPart()) && "http://uri.etsi.org/02231/v2/additionaltypes#".equals(jAXBElement.getName().getNamespaceURI())) {
                                                    pointerToNationalTsl.setMimeType((String) jAXBElement.getValue());
                                                } else {
                                                    log.trace("Additional information contains a not recognised JAXBElement with name:" + jAXBElement.getName().getLocalPart());
                                                }
                                            } else {
                                                log.trace("Additional information is not of Type JAXBElement<?>");
                                            }
                                        }
                                    }
                                } else {
                                    log.warn("Pointer to other TSL:" + pointerToNationalTsl.getUrl() + ". Additional information of Type:" + obj.getClass().getName() + " is not supported");
                                }
                            }
                        }
                        arrayList.add(pointerToNationalTsl);
                    } else {
                        log.warn("Found 'OtherTSLPointer' element that contains NO pointer URL");
                    }
                } catch (MalformedURLException e2) {
                    log.warn("Found 'OtherTSLPointer' element that contains a NOT valid URL", e2);
                }
            }
        }
        return arrayList;
    }

    private TrustStatusListType unmarshalTSL(DownloadDigestVerify downloadDigestVerify) throws TslProcessingException {
        try {
            InputSource inputSource = new InputSource(new BufferedInputStream(new FileInputStream(downloadDigestVerify.getImportedTsl())));
            inputSource.setSystemId(FileDownloadUtils.file2SysId(downloadDigestVerify.getImportedTsl()));
            SAXParserFactory newInstance = SAXParserFactory.newInstance();
            newInstance.setNamespaceAware(true);
            newInstance.setSchema(TslConstants.schema);
            newInstance.setValidating(true);
            XMLReader xMLReader = newInstance.newSAXParser().getXMLReader();
            SAXSource sAXSource = new SAXSource(inputSource);
            sAXSource.setXMLReader(new XMLFilterImpl(xMLReader));
            return (TrustStatusListType) ((JAXBElement) createTSLUnmarshaller(true).unmarshal(sAXSource)).getValue();
        } catch (TslInitializationException | ParserConfigurationException e) {
            log.error("TSL service found an internal configuration error.", e);
            throw new TslProcessingException("TSL service found an internal configuration error.", e);
        } catch (FileNotFoundException | MalformedURLException e2) {
            log.error("Supsect state! Can not find already downloaded file.", e2);
            throw new TslProcessingException("Supsect state! Can not find already downloaded file.", e2);
        } catch (SAXException e3) {
            log.error("TSL:" + downloadDigestVerify.getDldLoc() + " has an error during XML parsing", e3);
            throw new TslProcessingException("TSL:" + downloadDigestVerify.getDldLoc() + " has an error during XML parsing", e3);
        } catch (JAXBException e4) {
            log.error("TSL:" + downloadDigestVerify.getDldLoc() + " has an error during XML unmarshal", e4);
            throw new TslProcessingException("TSL:" + downloadDigestVerify.getDldLoc() + " has an error during XML unmarshal", e4);
        }
    }

    private DownloadDigestVerify downloadAndVerifyTSL(URL url, ListIterator<X509Certificate> listIterator) throws TslException {
        log.debug("Starting download process for TSL:" + url);
        DownloadDigestVerify downloadDigestVerify = new DownloadDigestVerify();
        downloadDigestVerify.setDldLoc(url);
        try {
            BinaryHashCache binaryHashCache = BinaryHashCache.getInstance();
            File createTemporaryFile = binaryHashCache.createTemporaryFile();
            File createTemporaryFile2 = binaryHashCache.createTemporaryFile(url2filename(url));
            InputStream processURLToInputStream = FileDownloadUtils.processURLToInputStream(url, createTemporaryFile2, this.config.getNetworkConnectionTimeout(), this.config.getNetworkReadTimeout());
            DigestCopyTSLInputStream digestCopyTSLInputStream = new DigestCopyTSLInputStream(processURLToInputStream, createDigest(), createTemporaryFile);
            IOUtils.closeQuietly(processURLToInputStream, iOException -> {
                log.warn("Can NOT close stream. Reason: {}", new Object[]{iOException.getMessage(), null, iOException});
            });
            try {
                try {
                    Document parse = DOMUtils.parse(digestCopyTSLInputStream, createTemporaryFile2.toURI().toString(), (String) null, (String) null, (Boolean) null, (Boolean) null, (Boolean) null, "http://www.w3.org/2001/XMLSchema", StringUtils.join(TslConstants.schemaSysId, " "), new MyLSResourceResolver(), (Object) null);
                    try {
                        digestCopyTSLInputStream.close();
                        downloadDigestVerify.setRawHash_(digestCopyTSLInputStream.digest());
                        downloadDigestVerify.setImportedTsl(digestCopyTSLInputStream.getImportedTSL());
                        log.debug("TSL download complete. Start verification process ...");
                        downloadDigestVerify.setVerified(TSLVerifier.verifyTSL(parse, listIterator));
                        return downloadDigestVerify;
                    } catch (IOException e) {
                        throw new TslProcessingException("Could not close TSL InputStream.", e);
                    }
                } catch (IOException | RuntimeException | ParserConfigurationException | SAXException e2) {
                    throw new TslProcessingException("Error DOM parsing TSL.", e2);
                }
            } catch (Throwable th) {
                try {
                    digestCopyTSLInputStream.close();
                    downloadDigestVerify.setRawHash_(digestCopyTSLInputStream.digest());
                    downloadDigestVerify.setImportedTsl(digestCopyTSLInputStream.getImportedTSL());
                    throw th;
                } catch (IOException e3) {
                    throw new TslProcessingException("Could not close TSL InputStream.", e3);
                }
            }
        } catch (TslInitializationException e4) {
            log.error("TSL service has an initialization error.", e4);
            throw e4;
        } catch (TslProcessingException e5) {
            log.error("TSL from URL:" + url.toString() + " can not loaded or is not valid.", e5);
            return downloadDigestVerify;
        }
    }

    private MessageDigest createDigest() throws TslInitializationException {
        try {
            return MessageDigest.getInstance(TslConstants.CERT_HASH_NAME);
        } catch (NoSuchAlgorithmException e) {
            throw new TslInitializationException(e);
        }
    }

    private String url2filename(URL url) {
        return URLEncoder.encode(url.toString()).replace('\\', '_').replace('/', '~');
    }

    private List<X509Certificate> loadCertificatesFromResource(String str) {
        iaik.x509.X509Certificate x509Certificate;
        ArrayList arrayList = new ArrayList();
        File[] listFiles = new File(str).listFiles();
        if (listFiles != null) {
            for (File file : listFiles) {
                FileInputStream fileInputStream = null;
                try {
                    try {
                        fileInputStream = new FileInputStream(file);
                        if (fileInputStream != null && (x509Certificate = new iaik.x509.X509Certificate(fileInputStream)) != null) {
                            arrayList.add(x509Certificate);
                        }
                        if (fileInputStream != null) {
                            try {
                                fileInputStream.close();
                            } catch (IOException e) {
                                log.error("Can not close FileInputStream!", e);
                            }
                        }
                    } catch (Throwable th) {
                        if (fileInputStream != null) {
                            try {
                                fileInputStream.close();
                            } catch (IOException e2) {
                                log.error("Can not close FileInputStream!", e2);
                            }
                        }
                        throw th;
                    }
                } catch (IOException e3) {
                    log.error("File: " + file.getAbsolutePath() + " is not loadable.");
                    if (fileInputStream != null) {
                        try {
                            fileInputStream.close();
                        } catch (IOException e4) {
                            log.error("Can not close FileInputStream!", e4);
                        }
                    }
                } catch (CertificateException e5) {
                    log.error("File: " + file.getAbsolutePath() + " is not a valid certificate.");
                    if (fileInputStream != null) {
                        try {
                            fileInputStream.close();
                        } catch (IOException e6) {
                            log.error("Can not close FileInputStream!", e6);
                        }
                    }
                }
            }
        }
        return arrayList;
    }

    private static Unmarshaller createTSLUnmarshaller(boolean z) throws TslInitializationException {
        return createTSLUnmarshaller(z, null);
    }

    private static Unmarshaller createTSLUnmarshaller(boolean z, Unmarshaller.Listener listener) throws TslInitializationException {
        try {
            Unmarshaller createUnmarshaller = TslConstants.JAXBCONTEXT.createUnmarshaller();
            if (z) {
                createUnmarshaller.setSchema(TslConstants.schema);
            }
            if (listener != null) {
                createUnmarshaller.setListener(listener);
            }
            return createUnmarshaller;
        } catch (JAXBException e) {
            throw new TslInitializationException("Error creating a TSL Unmarshaller.", e);
        }
    }
}
