package at.gv.egovernment.moa.spss.server.invoke;

import at.gv.egovernment.moa.sig.tsl.utils.MiscUtil;
import at.gv.egovernment.moa.spss.MOAApplicationException;
import at.gv.egovernment.moa.spss.MOAException;
import at.gv.egovernment.moa.spss.api.cmsverify.CMSContent;
import at.gv.egovernment.moa.spss.api.cmsverify.CMSContentExcplicit;
import at.gv.egovernment.moa.spss.api.cmsverify.CMSContentReference;
import at.gv.egovernment.moa.spss.api.cmsverify.CMSDataObject;
import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureRequest;
import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponse;
import at.gv.egovernment.moa.spss.api.common.ExtendedCertificateCheckResult;
import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
import at.gv.egovernment.moa.spss.server.config.TrustProfile;
import at.gv.egovernment.moa.spss.server.logging.IaikLog;
import at.gv.egovernment.moa.spss.server.logging.TransactionId;
import at.gv.egovernment.moa.spss.server.transaction.TransactionContext;
import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager;
import at.gv.egovernment.moa.spss.util.AdESResultUtils;
import at.gv.egovernment.moa.spss.util.CertificateUtils;
import at.gv.egovernment.moa.spss.util.QCSSCDResult;
import at.gv.egovernment.moaspss.logging.Logger;
import at.gv.egovernment.moaspss.logging.LoggingContext;
import at.gv.egovernment.moaspss.logging.LoggingContextManager;
import iaik.server.modules.IAIKException;
import iaik.server.modules.IAIKRuntimeException;
import iaik.server.modules.cmsverify.CMSSignatureVerificationModule;
import iaik.server.modules.cmsverify.CMSSignatureVerificationModuleFactory;
import iaik.server.modules.cmsverify.CMSSignatureVerificationProfile;
import iaik.server.modules.cmsverify.CMSSignatureVerificationResult;
import iaik.server.modules.cmsverify.ExtendedCMSSignatureVerificationResult;
import iaik.server.modules.pdfverify.ExtendedPDFSignatureVerificationResult;
import iaik.server.modules.pdfverify.PDFSignatureVerificationModule;
import iaik.server.modules.pdfverify.PDFSignatureVerificationModuleFactory;
import iaik.server.modules.pdfverify.PDFSignatureVerificationProfile;
import iaik.server.modules.pdfverify.PDFSignatureVerificationResult;
import iaik.x509.X509Certificate;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.math.BigDecimal;
import java.util.Date;
import java.util.Iterator;
import java.util.List;

/* loaded from: input_file:at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.class */
public class CMSSignatureVerificationInvoker {
    private static CMSSignatureVerificationInvoker instance = null;

    public static synchronized CMSSignatureVerificationInvoker getInstance() {
        if (instance == null) {
            instance = new CMSSignatureVerificationInvoker();
        }
        return instance;
    }

    protected CMSSignatureVerificationInvoker() {
    }

    public VerifyCMSSignatureResponse verifyCMSSignature(VerifyCMSSignatureRequest verifyCMSSignatureRequest) throws MOAException {
        List verifySignature;
        CMSSignatureVerificationProfileFactory cMSSignatureVerificationProfileFactory = new CMSSignatureVerificationProfileFactory(verifyCMSSignatureRequest);
        VerifyCMSSignatureResponseBuilder verifyCMSSignatureResponseBuilder = new VerifyCMSSignatureResponseBuilder();
        TransactionContext transactionContext = TransactionContextManager.getInstance().getTransactionContext();
        LoggingContext loggingContext = LoggingContextManager.getInstance().getLoggingContext();
        InputStream inputStream = null;
        byte[] bArr = new byte[2048];
        InputStream cMSSignature = verifyCMSSignatureRequest.getCMSSignature();
        TrustProfile trustProfile = transactionContext.getConfiguration().getTrustProfile(verifyCMSSignatureRequest.getTrustProfileId());
        try {
            try {
                try {
                    Date dateTime = verifyCMSSignatureRequest.getDateTime();
                    if (verifyCMSSignatureRequest.isPDF()) {
                        PDFSignatureVerificationProfile createPDFProfile = cMSSignatureVerificationProfileFactory.createPDFProfile();
                        Logger.debug("Sending PDFSignatureVerificationProfile to IAIK-MOA");
                        PDFSignatureVerificationModule pDFSignatureVerificationModuleFactory = PDFSignatureVerificationModuleFactory.getInstance();
                        pDFSignatureVerificationModuleFactory.setLog(new IaikLog(loggingContext.getNodeID()));
                        pDFSignatureVerificationModuleFactory.init(cMSSignature, createPDFProfile, new TransactionId(transactionContext.getTransactionID()));
                        if (verifyCMSSignatureRequest.isExtended()) {
                            Logger.info("Running extended validation");
                            verifySignature = pDFSignatureVerificationModuleFactory.verifyPAdESSignature(dateTime);
                        } else {
                            Logger.info("Running not extended validation");
                            verifySignature = pDFSignatureVerificationModuleFactory.verifySignature(dateTime);
                        }
                        pDFSignatureVerificationModuleFactory.closeModule();
                    } else {
                        inputStream = getSignedContent(verifyCMSSignatureRequest);
                        CMSSignatureVerificationProfile createProfile = cMSSignatureVerificationProfileFactory.createProfile();
                        Logger.debug("Sending CMSSignatureVerificationProfile to IAIK-MOA");
                        CMSSignatureVerificationModule cMSSignatureVerificationModuleFactory = CMSSignatureVerificationModuleFactory.getInstance();
                        cMSSignatureVerificationModuleFactory.setLog(new IaikLog(loggingContext.getNodeID()));
                        cMSSignatureVerificationModuleFactory.init(cMSSignature, inputStream, createProfile, new TransactionId(transactionContext.getTransactionID()));
                        do {
                        } while (cMSSignatureVerificationModuleFactory.getInputStream().read(bArr) > 0);
                        if (verifyCMSSignatureRequest.isExtended()) {
                            Logger.info("Running extended validation");
                            verifySignature = cMSSignatureVerificationModuleFactory.verifyCAdESSignature(dateTime);
                        } else {
                            Logger.info("Running not extended validation");
                            verifySignature = cMSSignatureVerificationModuleFactory.verifySignature(dateTime);
                        }
                    }
                    if (inputStream != null) {
                        try {
                            inputStream.close();
                        } catch (Throwable th) {
                        }
                    }
                    if (cMSSignature != null) {
                        cMSSignature.close();
                    }
                    new QCSSCDResult();
                    int[] signatories = verifyCMSSignatureRequest.getSignatories();
                    if (signatories == VerifyCMSSignatureRequest.ALL_SIGNATORIES) {
                        for (Object obj : verifySignature) {
                            if (verifyCMSSignatureRequest.isPDF()) {
                                handlePDFResult(obj, verifyCMSSignatureResponseBuilder, trustProfile);
                            } else {
                                handleCMSResult(obj, verifyCMSSignatureResponseBuilder, trustProfile);
                            }
                        }
                    } else {
                        for (int i = 0; i < signatories.length; i++) {
                            int i2 = signatories[i] - 1;
                            try {
                                Object obj2 = verifySignature.get(signatories[i] - 1);
                                if (verifyCMSSignatureRequest.isPDF()) {
                                    handlePDFResult(obj2, verifyCMSSignatureResponseBuilder, trustProfile);
                                } else {
                                    handleCMSResult(obj2, verifyCMSSignatureResponseBuilder, trustProfile);
                                }
                            } catch (IndexOutOfBoundsException e) {
                                throw new MOAApplicationException("2249", new Object[]{new Integer(i2)});
                            }
                        }
                    }
                    return verifyCMSSignatureResponseBuilder.getResponse();
                } catch (Throwable th2) {
                    if (0 != 0) {
                        try {
                            inputStream.close();
                        } catch (Throwable th3) {
                            throw th2;
                        }
                    }
                    if (cMSSignature != null) {
                        cMSSignature.close();
                    }
                    throw th2;
                }
            } catch (IAIKException e2) {
                throw IaikExceptionMapper.getInstance().map(e2);
            } catch (IAIKRuntimeException e3) {
                throw IaikExceptionMapper.getInstance().map(e3);
            }
        } catch (MOAException e4) {
            throw e4;
        } catch (IOException e5) {
            throw new MOAApplicationException("2244", null, e5);
        }
    }

    private void handleCMSResult(Object obj, VerifyCMSSignatureResponseBuilder verifyCMSSignatureResponseBuilder, TrustProfile trustProfile) throws MOAException {
        CMSSignatureVerificationResult cMSSignatureVerificationResult;
        List certificateChain;
        QCSSCDResult qCSSCDResult = new QCSSCDResult();
        if (obj == null) {
            Logger.warn("Result Object is null!");
            return;
        }
        List list = null;
        boolean z = false;
        ExtendedCertificateCheckResult extendedCertificateCheckResult = null;
        if (obj instanceof ExtendedCMSSignatureVerificationResult) {
            Logger.info("Got ExtendedCMSSignatureVerificationResult");
            z = true;
            ExtendedCMSSignatureVerificationResult extendedCMSSignatureVerificationResult = (ExtendedCMSSignatureVerificationResult) obj;
            cMSSignatureVerificationResult = extendedCMSSignatureVerificationResult.getCMSSignatureVerificationResult();
            list = AdESResultUtils.getAdESResult(extendedCMSSignatureVerificationResult.getFormVerificationResult());
            if (Logger.isDebugEnabled() && list != null) {
                Iterator it = list.iterator();
                while (it.hasNext()) {
                    Logger.debug("ADES Formresults: " + it.next().toString());
                }
            }
            try {
                Logger.debug("Extended Validation Code: " + extendedCMSSignatureVerificationResult.getResultCode().toString());
                Logger.debug("Extended Validation Info: " + extendedCMSSignatureVerificationResult.getInfo());
                extendedCertificateCheckResult = AdESResultUtils.getExtendedResult(extendedCMSSignatureVerificationResult.getResultCode());
            } catch (NullPointerException e) {
                Logger.info("No extendend validation result available.");
            }
        } else {
            Logger.debug("Got CMSSignatureVerificationResult");
            cMSSignatureVerificationResult = (CMSSignatureVerificationResult) obj;
        }
        String str = null;
        if (cMSSignatureVerificationResult.getCertificateValidationResult() != null && (certificateChain = cMSSignatureVerificationResult.getCertificateValidationResult().getCertificateChain()) != null) {
            X509Certificate[] x509CertificateArr = new X509Certificate[certificateChain.size()];
            Iterator it2 = certificateChain.iterator();
            int i = 0;
            while (it2.hasNext()) {
                x509CertificateArr[i] = (X509Certificate) it2.next();
                i++;
            }
            qCSSCDResult = CertificateUtils.checkQCSSCD(x509CertificateArr, cMSSignatureVerificationResult.getSigningTime(), trustProfile.isTSLEnabled(), ConfigurationProvider.getInstance());
            str = CertificateUtils.getIssuerCountry((X509Certificate) certificateChain.get(0));
        }
        verifyCMSSignatureResponseBuilder.addResult(cMSSignatureVerificationResult, trustProfile, qCSSCDResult.isQC(), qCSSCDResult.isQCSourceTSL(), qCSSCDResult.isSSCD(), qCSSCDResult.isSSCDSourceTSL(), str, list, extendedCertificateCheckResult, qCSSCDResult.getTslInfos(), z);
    }

    private void handlePDFResult(Object obj, VerifyCMSSignatureResponseBuilder verifyCMSSignatureResponseBuilder, TrustProfile trustProfile) throws MOAException {
        PDFSignatureVerificationResult pDFSignatureVerificationResult;
        List certificateChain;
        QCSSCDResult qCSSCDResult = new QCSSCDResult();
        if (obj == null) {
            Logger.warn("Result Object is null!");
            return;
        }
        List list = null;
        boolean z = false;
        ExtendedCertificateCheckResult extendedCertificateCheckResult = null;
        if (obj instanceof ExtendedPDFSignatureVerificationResult) {
            Logger.info("Got ExtendedPDFSignatureVerificationResult");
            z = true;
            ExtendedPDFSignatureVerificationResult extendedPDFSignatureVerificationResult = (ExtendedPDFSignatureVerificationResult) obj;
            pDFSignatureVerificationResult = extendedPDFSignatureVerificationResult.getPDFSignatureVerificationResult();
            list = AdESResultUtils.getAdESResult(extendedPDFSignatureVerificationResult.getFormVerificationResult());
            if (Logger.isDebugEnabled() && list != null) {
                Iterator it = list.iterator();
                while (it.hasNext()) {
                    Logger.debug("ADES Formresults: " + it.next().toString());
                }
            }
            try {
                Logger.debug("Extended Validation Code: " + extendedPDFSignatureVerificationResult.getResultCode().toString());
                if (extendedPDFSignatureVerificationResult.getDetailedExtendedReport() != null) {
                    Logger.debug("Extended Validation Info: " + extendedPDFSignatureVerificationResult.getDetailedExtendedReport().getMessage());
                } else {
                    Logger.debug("Extended Validation Info: " + extendedPDFSignatureVerificationResult.getInfo());
                }
                Logger.debug("Full extended Validation Infos: " + extendedPDFSignatureVerificationResult.getInfo());
                extendedCertificateCheckResult = AdESResultUtils.getExtendedResult(extendedPDFSignatureVerificationResult.getResultCode());
            } catch (NullPointerException e) {
                Logger.info("No extendend validation result available.");
            }
        } else {
            Logger.debug("Got PDFSignatureVerificationResult");
            pDFSignatureVerificationResult = (PDFSignatureVerificationResult) obj;
        }
        if (MiscUtil.isNotEmpty(pDFSignatureVerificationResult.getError())) {
            Logger.info("Signature validation stopped with an error: " + pDFSignatureVerificationResult.getError());
        }
        String str = null;
        if (pDFSignatureVerificationResult.getCertificateValidationResult() != null && (certificateChain = pDFSignatureVerificationResult.getCertificateValidationResult().getCertificateChain()) != null) {
            X509Certificate[] x509CertificateArr = new X509Certificate[certificateChain.size()];
            Iterator it2 = certificateChain.iterator();
            int i = 0;
            while (it2.hasNext()) {
                x509CertificateArr[i] = (X509Certificate) it2.next();
                i++;
            }
            qCSSCDResult = CertificateUtils.checkQCSSCD(x509CertificateArr, pDFSignatureVerificationResult.getSigningTime(), trustProfile.isTSLEnabled(), ConfigurationProvider.getInstance());
            str = CertificateUtils.getIssuerCountry((X509Certificate) certificateChain.get(0));
        }
        verifyCMSSignatureResponseBuilder.addResult(pDFSignatureVerificationResult, trustProfile, qCSSCDResult.isQC(), qCSSCDResult.isQCSourceTSL(), qCSSCDResult.isSSCD(), qCSSCDResult.isSSCDSourceTSL(), str, list, extendedCertificateCheckResult, qCSSCDResult.getTslInfos(), z);
    }

    private InputStream getSignedContent(VerifyCMSSignatureRequest verifyCMSSignatureRequest) throws MOAApplicationException {
        CMSDataObject dataObject = verifyCMSSignatureRequest.getDataObject();
        if (dataObject == null) {
            return null;
        }
        CMSContent content = dataObject.getContent();
        switch (content.getContentType()) {
            case 0:
                String reference = ((CMSContentReference) content).getReference();
                if ("".equals(reference)) {
                    return null;
                }
                return excludeByteRange(new ExternalURIResolver().resolve(reference), verifyCMSSignatureRequest);
            case 1:
                return excludeByteRange(((CMSContentExcplicit) content).getBinaryContent(), verifyCMSSignatureRequest);
            default:
                return null;
        }
    }

    private InputStream excludeByteRange(InputStream inputStream, VerifyCMSSignatureRequest verifyCMSSignatureRequest) throws MOAApplicationException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        CMSDataObject dataObject = verifyCMSSignatureRequest.getDataObject();
        BigDecimal excludeByteRangeFrom = dataObject.getExcludeByteRangeFrom();
        BigDecimal excludeByteRangeTo = dataObject.getExcludeByteRangeTo();
        if (excludeByteRangeFrom == null || excludeByteRangeTo == null) {
            return inputStream;
        }
        BigDecimal bigDecimal = new BigDecimal("0");
        BigDecimal bigDecimal2 = new BigDecimal("1");
        while (true) {
            try {
                int read = inputStream.read();
                if (read < 0) {
                    return new ByteArrayInputStream(byteArrayOutputStream.toByteArray());
                }
                if (inRange(bigDecimal, dataObject)) {
                    byteArrayOutputStream.write(0);
                } else {
                    byteArrayOutputStream.write(read);
                }
                bigDecimal = bigDecimal.add(bigDecimal2);
            } catch (IOException e) {
                throw new MOAApplicationException("2301", null, e);
            }
        }
    }

    private boolean inRange(BigDecimal bigDecimal, CMSDataObject cMSDataObject) {
        BigDecimal excludeByteRangeFrom = cMSDataObject.getExcludeByteRangeFrom();
        BigDecimal excludeByteRangeTo = cMSDataObject.getExcludeByteRangeTo();
        return (excludeByteRangeFrom == null || excludeByteRangeTo == null || bigDecimal.compareTo(excludeByteRangeFrom) == -1 || bigDecimal.compareTo(excludeByteRangeTo) == 1) ? false : true;
    }
}
