package at.gv.egovernment.moa.spss.server.invoke;

import at.gv.egovernment.moa.spss.MOAApplicationException;
import at.gv.egovernment.moa.spss.MOAException;
import at.gv.egovernment.moa.spss.MOASystemException;
import at.gv.egovernment.moa.spss.api.SPSSFactory;
import at.gv.egovernment.moa.spss.api.common.CheckResult;
import at.gv.egovernment.moa.spss.api.common.XMLDataObjectAssociation;
import at.gv.egovernment.moa.spss.api.xmlverify.ReferenceInfo;
import at.gv.egovernment.moa.spss.api.xmlverify.ReferencesCheckResult;
import at.gv.egovernment.moa.spss.api.xmlverify.ReferencesCheckResultInfo;
import at.gv.egovernment.moa.spss.api.xmlverify.SupplementProfileExplicit;
import at.gv.egovernment.moa.spss.api.xmlverify.TransformParameter;
import at.gv.egovernment.moa.spss.api.xmlverify.TransformParameterHash;
import at.gv.egovernment.moa.spss.api.xmlverify.VerifyTransformsInfoProfileExplicit;
import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureRequest;
import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureResponse;
import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
import at.gv.egovernment.moa.spss.server.config.TrustProfile;
import at.gv.egovernment.moa.spss.server.iaik.xml.XMLSignatureImpl;
import at.gv.egovernment.moa.spss.server.logging.IaikLog;
import at.gv.egovernment.moa.spss.server.logging.TransactionId;
import at.gv.egovernment.moa.spss.server.transaction.TransactionContext;
import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager;
import at.gv.egovernment.moa.spss.util.AdESResultUtils;
import at.gv.egovernment.moa.spss.util.CertificateUtils;
import at.gv.egovernment.moa.spss.util.MessageProvider;
import at.gv.egovernment.moa.spss.util.QCSSCDResult;
import at.gv.egovernment.moaspss.logging.LogMsg;
import at.gv.egovernment.moaspss.logging.Logger;
import at.gv.egovernment.moaspss.logging.LoggingContext;
import at.gv.egovernment.moaspss.logging.LoggingContextManager;
import at.gv.egovernment.moaspss.util.CollectionUtils;
import iaik.server.ConfigurationException;
import iaik.server.modules.IAIKException;
import iaik.server.modules.IAIKRuntimeException;
import iaik.server.modules.xml.DataObject;
import iaik.server.modules.xml.XMLDataObject;
import iaik.server.modules.xml.XMLSignature;
import iaik.server.modules.xmlverify.ExtendedXMLSignatureVerificationResult;
import iaik.server.modules.xmlverify.ReferenceData;
import iaik.server.modules.xmlverify.XMLSignatureVerificationModule;
import iaik.server.modules.xmlverify.XMLSignatureVerificationModuleFactory;
import iaik.server.modules.xmlverify.XMLSignatureVerificationProfile;
import iaik.server.modules.xmlverify.XMLSignatureVerificationResult;
import iaik.x509.X509Certificate;
import iaik.xml.crypto.utils.URI;
import iaik.xml.crypto.utils.URIException;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Date;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.w3c.dom.Element;
import org.w3c.dom.Node;

/* loaded from: input_file:at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.class */
public class XMLSignatureVerificationInvoker {
    private static XMLSignatureVerificationInvoker instance = null;
    private static Set FILTERED_REF_TYPES = new HashSet();

    public static synchronized XMLSignatureVerificationInvoker getInstance() {
        if (instance == null) {
            instance = new XMLSignatureVerificationInvoker();
        }
        return instance;
    }

    protected XMLSignatureVerificationInvoker() {
    }

    public VerifyXMLSignatureResponse verifyXMLSignature(VerifyXMLSignatureRequest verifyXMLSignatureRequest) throws MOAException {
        XMLSignatureVerificationResult verifySignature;
        TransactionContext transactionContext = TransactionContextManager.getInstance().getTransactionContext();
        LoggingContext loggingContext = LoggingContextManager.getInstance().getLoggingContext();
        XMLSignatureVerificationProfileFactory xMLSignatureVerificationProfileFactory = new XMLSignatureVerificationProfileFactory(verifyXMLSignatureRequest);
        VerifyXMLSignatureResponseBuilder verifyXMLSignatureResponseBuilder = new VerifyXMLSignatureResponseBuilder();
        ExtendedXMLSignatureVerificationResult extendedXMLSignatureVerificationResult = null;
        Node node = null;
        List supplements = getSupplements(verifyXMLSignatureRequest);
        XMLDataObject createSignatureEnvironment = DataObjectFactory.getInstance().createSignatureEnvironment(verifyXMLSignatureRequest.getSignatureInfo().getVerifySignatureEnvironment(), supplements);
        XMLSignature buildXMLSignature = buildXMLSignature(createSignatureEnvironment, verifyXMLSignatureRequest);
        List buildDataObjectList = buildDataObjectList(supplements);
        XMLSignatureVerificationProfile createProfile = xMLSignatureVerificationProfileFactory.createProfile();
        Date dateTime = verifyXMLSignatureRequest.getDateTime();
        Element documentElement = createSignatureEnvironment.getElement().getOwnerDocument().getDocumentElement();
        if (documentElement != createSignatureEnvironment.getElement()) {
            node = createSignatureEnvironment.getElement().getParentNode();
            documentElement.getOwnerDocument().replaceChild(createSignatureEnvironment.getElement(), documentElement);
        }
        QCSSCDResult qCSSCDResult = new QCSSCDResult();
        String id = createProfile.getCertificateValidationProfile().getTrustStoreProfile().getId();
        ConfigurationProvider configurationProvider = ConfigurationProvider.getInstance();
        TrustProfile trustProfile = configurationProvider.getTrustProfile(id);
        try {
            XMLSignatureVerificationModule xMLSignatureVerificationModuleFactory = XMLSignatureVerificationModuleFactory.getInstance();
            xMLSignatureVerificationModuleFactory.setLog(new IaikLog(loggingContext.getNodeID()));
            if (verifyXMLSignatureRequest.getExtendedValidaiton()) {
                extendedXMLSignatureVerificationResult = xMLSignatureVerificationModuleFactory.verifyXAdESSignature(buildXMLSignature, buildDataObjectList, createProfile, dateTime, new TransactionId(transactionContext.getTransactionID()));
                verifySignature = extendedXMLSignatureVerificationResult.getXMLSignatureVerificationResult();
            } else {
                verifySignature = xMLSignatureVerificationModuleFactory.verifySignature(buildXMLSignature, buildDataObjectList, createProfile, dateTime, new TransactionId(transactionContext.getTransactionID()));
            }
            if (extendedXMLSignatureVerificationResult != null) {
                List adESResult = AdESResultUtils.getAdESResult(extendedXMLSignatureVerificationResult.getFormVerificationResult());
                if (Logger.isDebugEnabled() && adESResult != null) {
                    Iterator it = adESResult.iterator();
                    while (it.hasNext()) {
                        Logger.debug("ADES Formresults: " + it.next().toString());
                    }
                }
                verifyXMLSignatureResponseBuilder.setAdESFormResults(adESResult);
                try {
                    Logger.debug("Extended Validation Code: " + extendedXMLSignatureVerificationResult.getResultCode().toString());
                    Logger.debug("Extended Validation Info: " + extendedXMLSignatureVerificationResult.getInfo());
                    verifyXMLSignatureResponseBuilder.setExtendedCertificateCheckResult(AdESResultUtils.getExtendedResult(extendedXMLSignatureVerificationResult.getResultCode()));
                } catch (NullPointerException e) {
                    Logger.info("No extendend validation result available.");
                }
            }
            List certificateChain = verifySignature.getCertificateValidationResult().getCertificateChain();
            if (certificateChain != null) {
                X509Certificate[] x509CertificateArr = new X509Certificate[certificateChain.size()];
                Iterator it2 = certificateChain.iterator();
                int i = 0;
                while (it2.hasNext()) {
                    x509CertificateArr[i] = (X509Certificate) it2.next();
                    i++;
                }
                qCSSCDResult = CertificateUtils.checkQCSSCD(x509CertificateArr, verifySignature.getSigningTime(), trustProfile.isTSLEnabled(), configurationProvider);
            }
            String issuerCountry = CertificateUtils.getIssuerCountry((X509Certificate) certificateChain.get(0));
            if (documentElement != createSignatureEnvironment.getElement()) {
                documentElement.getOwnerDocument().replaceChild(documentElement, createSignatureEnvironment.getElement());
                node.appendChild(createSignatureEnvironment.getElement());
            }
            verifyXMLSignatureResponseBuilder.setResult(verifySignature, createProfile, validateSignatureManifest(verifyXMLSignatureRequest, verifySignature, createProfile), validateSignerCertificate(verifySignature, transactionContext.getConfiguration().getTrustProfile(verifyXMLSignatureRequest.getTrustProfileId())), qCSSCDResult.isQC(), qCSSCDResult.isQCSourceTSL(), qCSSCDResult.isSSCD(), qCSSCDResult.isSSCDSourceTSL(), trustProfile.isTSLEnabled(), issuerCountry, qCSSCDResult.getTslInfos(), verifyXMLSignatureRequest.getExtendedValidaiton());
            return verifyXMLSignatureResponseBuilder.getResponse();
        } catch (IAIKRuntimeException e2) {
            throw IaikExceptionMapper.getInstance().map(e2);
        } catch (IAIKException e3) {
            throw IaikExceptionMapper.getInstance().map(e3);
        }
    }

    private CheckResult validateSignerCertificate(XMLSignatureVerificationResult xMLSignatureVerificationResult, TrustProfile trustProfile) throws MOAException {
        MessageProvider messageProvider = MessageProvider.getInstance();
        int intValue = xMLSignatureVerificationResult.getCertificateValidationResult().getValidationResultCode().intValue();
        if (intValue == 0 && trustProfile.getSignerCertsUri() != null) {
            X509Certificate x509Certificate = (X509Certificate) xMLSignatureVerificationResult.getCertificateValidationResult().getCertificateChain().get(0);
            try {
                File[] listFiles = new File(new URI(trustProfile.getSignerCertsUri()).getPath()).listFiles();
                if (listFiles == null) {
                    intValue = 1;
                }
                int i = 0;
                while (i < listFiles.length) {
                    if (!listFiles[i].isDirectory()) {
                        try {
                            FileInputStream fileInputStream = new FileInputStream(listFiles[i]);
                            try {
                                X509Certificate x509Certificate2 = new X509Certificate(fileInputStream);
                                fileInputStream.close();
                                if (x509Certificate2.equals(x509Certificate)) {
                                    break;
                                }
                            } catch (Exception e) {
                                Logger.warn(messageProvider.getMessage("invoker.03", new Object[]{trustProfile.getId(), listFiles[i].getName()}));
                                try {
                                    fileInputStream.close();
                                } catch (IOException e2) {
                                }
                            }
                        } catch (FileNotFoundException e3) {
                            throw new MOASystemException("2900", null, e3);
                        }
                    }
                    i++;
                }
                if (i >= listFiles.length) {
                    intValue = 1;
                }
            } catch (URIException e4) {
                throw new MOASystemException("2900", null, e4);
            }
        }
        return SPSSFactory.getInstance().createCheckResult(intValue, null);
    }

    private XMLSignature buildXMLSignature(XMLDataObject xMLDataObject, VerifyXMLSignatureRequest verifyXMLSignatureRequest) throws MOAApplicationException {
        Element evaluateSignatureLocation = InvokerUtils.evaluateSignatureLocation(xMLDataObject.getElement(), verifyXMLSignatureRequest.getSignatureInfo().getVerifySignatureLocation());
        if ("Signature".equals(evaluateSignatureLocation.getLocalName()) && "http://www.w3.org/2000/09/xmldsig#".equals(evaluateSignatureLocation.getNamespaceURI())) {
            return new XMLSignatureImpl(evaluateSignatureLocation);
        }
        throw new MOAApplicationException("2266", null);
    }

    private List buildDataObjectList(List list) throws MOASystemException, MOAApplicationException {
        ArrayList arrayList = new ArrayList();
        DataObjectFactory dataObjectFactory = DataObjectFactory.getInstance();
        if (list != null) {
            Iterator it = list.iterator();
            while (it.hasNext()) {
                arrayList.add(dataObjectFactory.createFromXmlDataObjectAssociation((XMLDataObjectAssociation) it.next(), true, false));
            }
        }
        return arrayList;
    }

    private List getSupplements(VerifyXMLSignatureRequest verifyXMLSignatureRequest) throws MOAApplicationException {
        ConfigurationProvider configuration = TransactionContextManager.getInstance().getTransactionContext().getConfiguration();
        List supplementProfiles = verifyXMLSignatureRequest.getSupplementProfiles();
        ArrayList arrayList = new ArrayList();
        if (supplementProfiles != null) {
            Iterator it = ProfileMapper.mapSupplementProfiles(supplementProfiles, configuration).iterator();
            while (it.hasNext()) {
                arrayList.add(((SupplementProfileExplicit) it.next()).getSupplementProfile());
            }
        }
        return arrayList;
    }

    private ReferencesCheckResult validateSignatureManifest(VerifyXMLSignatureRequest verifyXMLSignatureRequest, XMLSignatureVerificationResult xMLSignatureVerificationResult, XMLSignatureVerificationProfile xMLSignatureVerificationProfile) throws MOAApplicationException {
        SPSSFactory sPSSFactory = SPSSFactory.getInstance();
        MessageProvider messageProvider = MessageProvider.getInstance();
        if (verifyXMLSignatureRequest.getSignatureManifestCheckParams() != null) {
            List<ReferenceInfo> referenceInfos = verifyXMLSignatureRequest.getSignatureManifestCheckParams().getReferenceInfos();
            List filterReferenceInfos = filterReferenceInfos(xMLSignatureVerificationResult.getReferenceDataList());
            ArrayList arrayList = new ArrayList();
            if (referenceInfos.size() != filterReferenceInfos.size()) {
                return sPSSFactory.createReferencesCheckResult(1, null);
            }
            Iterator it = filterReferenceInfos(xMLSignatureVerificationResult.getReferenceDataList()).iterator();
            for (ReferenceInfo referenceInfo : referenceInfos) {
                ReferenceData referenceData = (ReferenceData) it.next();
                boolean z = false;
                Iterator it2 = buildTransformsList(referenceInfo).iterator();
                while (it2.hasNext() && !z) {
                    z = it2.next().equals(referenceData.getTransformationList());
                }
                if (!z) {
                    Integer num = new Integer(referenceData.getReferenceIndex());
                    String message = messageProvider.getMessage("invoker.01", new Object[]{num});
                    arrayList.add(num);
                    Logger.debug(new LogMsg(message));
                }
            }
            if (!arrayList.isEmpty()) {
                return sPSSFactory.createReferencesCheckResult(1, sPSSFactory.createReferencesCheckResultInfo(null, CollectionUtils.toIntArray(arrayList)));
            }
        }
        if (verifyXMLSignatureRequest.getSignatureManifestCheckParams() != null && xMLSignatureVerificationResult.containsSecurityLayerManifest()) {
            Map buildTransformParameterHashValues = buildTransformParameterHashValues(verifyXMLSignatureRequest);
            Set buildTransformParameterURIs = buildTransformParameterURIs(xMLSignatureVerificationProfile.getTransformationSupplements());
            for (iaik.server.modules.xmlverify.ReferenceInfo referenceInfo2 : xMLSignatureVerificationResult.getSecurityLayerManifest().getReferenceDataList()) {
                byte[] bArr = (byte[]) buildTransformParameterHashValues.get(referenceInfo2.getURI());
                if (!buildTransformParameterURIs.contains(referenceInfo2.getURI()) || (bArr != null && !Arrays.equals(bArr, referenceInfo2.getHashValue()))) {
                    ReferencesCheckResultInfo createReferencesCheckResultInfo = sPSSFactory.createReferencesCheckResultInfo(null, new int[]{referenceInfo2.getReferenceIndex()});
                    Logger.debug(new LogMsg(messageProvider.getMessage("invoker.02", new Object[]{new Integer(referenceInfo2.getReferenceIndex())})));
                    return sPSSFactory.createReferencesCheckResult(1, createReferencesCheckResultInfo);
                }
            }
        }
        return sPSSFactory.createReferencesCheckResult(0, null);
    }

    private List buildTransformsList(ReferenceInfo referenceInfo) throws MOAApplicationException {
        List mapVerifyTransformsInfoProfiles = ProfileMapper.mapVerifyTransformsInfoProfiles(referenceInfo.getVerifyTransformsInfoProfiles(), TransactionContextManager.getInstance().getTransactionContext().getConfiguration());
        ArrayList arrayList = new ArrayList();
        TransformationFactory transformationFactory = TransformationFactory.getInstance();
        Iterator it = mapVerifyTransformsInfoProfiles.iterator();
        while (it.hasNext()) {
            List transforms = ((VerifyTransformsInfoProfileExplicit) it.next()).getTransforms();
            if (transforms != null) {
                arrayList.add(transformationFactory.createTransformationList(transforms));
            }
        }
        return arrayList;
    }

    private Set buildTransformParameterURIs(List list) {
        HashSet hashSet = new HashSet();
        Iterator it = list.iterator();
        while (it.hasNext()) {
            hashSet.add(((DataObject) it.next()).getURI());
        }
        return hashSet;
    }

    private Map buildTransformParameterHashValues(VerifyXMLSignatureRequest verifyXMLSignatureRequest) throws MOAApplicationException {
        ConfigurationProvider configuration = TransactionContextManager.getInstance().getTransactionContext().getConfiguration();
        HashMap hashMap = new HashMap();
        Iterator it = verifyXMLSignatureRequest.getSignatureManifestCheckParams().getReferenceInfos().iterator();
        while (it.hasNext()) {
            Iterator it2 = ProfileMapper.mapVerifyTransformsInfoProfiles(((ReferenceInfo) it.next()).getVerifyTransformsInfoProfiles(), configuration).iterator();
            while (it2.hasNext()) {
                for (TransformParameter transformParameter : ((VerifyTransformsInfoProfileExplicit) it2.next()).getTransformParameters()) {
                    String uri = transformParameter.getURI();
                    if (transformParameter.getTransformParameterType() == 2) {
                        hashMap.put(uri, ((TransformParameterHash) transformParameter).getDigestValue());
                    }
                }
            }
        }
        return hashMap;
    }

    private List filterReferenceInfos(List list) {
        ArrayList arrayList = new ArrayList();
        Iterator it = list.iterator();
        while (it.hasNext()) {
            iaik.server.modules.xmlverify.ReferenceInfo referenceInfo = (iaik.server.modules.xmlverify.ReferenceInfo) it.next();
            String referenceType = referenceInfo.getReferenceType();
            if (referenceType == null || !FILTERED_REF_TYPES.contains(referenceType)) {
                arrayList.add(referenceInfo);
            }
        }
        return arrayList;
    }

    private List getAdESResult(ExtendedXMLSignatureVerificationResult extendedXMLSignatureVerificationResult) throws ConfigurationException {
        if (extendedXMLSignatureVerificationResult == null) {
            return null;
        }
        ArrayList arrayList = new ArrayList();
        AdESResultUtils.checkSubResult(extendedXMLSignatureVerificationResult.getSubResult("Long Term Validation"), "B-LT", arrayList);
        AdESResultUtils.checkSubResult(extendedXMLSignatureVerificationResult.getSubResult("Signature with time validation"), "B-T", arrayList);
        AdESResultUtils.checkSubResult(extendedXMLSignatureVerificationResult.getSubResult("basic report"), "B-B", arrayList);
        return arrayList;
    }

    static {
        FILTERED_REF_TYPES.add("http://www.w3.org/2000/09/xmldsig#Manifest");
        FILTERED_REF_TYPES.add("http://www.buergerkarte.at/specifications/Security-Layer/20020225#SignatureManifest");
        FILTERED_REF_TYPES.add("http://www.buergerkarte.at/specifications/Securitylayer/20020225#SignatureManifest");
        FILTERED_REF_TYPES.add("http://uri.etsi.org/01903/v1.1.1#SignedProperties");
        FILTERED_REF_TYPES.add("http://uri.etsi.org/01903#SignedProperties");
    }
}
