package at.gv.egiz.bku.slcommands.impl;

import at.buergerkarte.namespaces.securitylayer._1_2_3.BulkRequestType;
import at.buergerkarte.namespaces.securitylayer._1_2_3.CreateCMSSignatureRequestType;
import at.buergerkarte.namespaces.securitylayer._1_2_3.ExcludedByteRangeType;
import at.gv.egiz.bku.conf.MoccaConfigurationFacade;
import at.gv.egiz.bku.slcommands.BulkCommand;
import at.gv.egiz.bku.slcommands.SLCommandContext;
import at.gv.egiz.bku.slcommands.SLResult;
import at.gv.egiz.bku.slcommands.impl.cms.BulkCollectionSecurityProvider;
import at.gv.egiz.bku.slcommands.impl.cms.BulkSignature;
import at.gv.egiz.bku.slcommands.impl.cms.BulkSignatureInfo;
import at.gv.egiz.bku.slcommands.impl.cms.CMSHashDataInput;
import at.gv.egiz.bku.slexceptions.SLCommandException;
import at.gv.egiz.bku.slexceptions.SLException;
import at.gv.egiz.bku.slexceptions.SLRequestException;
import at.gv.egiz.bku.slexceptions.SLViewerException;
import at.gv.egiz.stal.BulkSignRequest;
import at.gv.egiz.stal.BulkSignResponse;
import at.gv.egiz.stal.ErrorResponse;
import at.gv.egiz.stal.HashDataInput;
import at.gv.egiz.stal.InfoboxReadRequest;
import at.gv.egiz.stal.STALResponse;
import at.gv.egiz.stal.SignRequest;
import iaik.asn1.DerCoder;
import iaik.asn1.INTEGER;
import iaik.asn1.SEQUENCE;
import iaik.asn1.structures.AlgorithmID;
import iaik.cms.CMSException;
import iaik.cms.CMSSignatureException;
import iaik.utils.Util;
import java.math.BigInteger;
import java.security.InvalidParameterException;
import java.security.SignatureException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collections;
import java.util.Date;
import java.util.LinkedList;
import java.util.List;
import org.apache.commons.configuration.Configuration;
import org.apache.commons.io.FilenameUtils;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:BKULocal.war:WEB-INF/lib/bkucommon-1.4.1.jar:at/gv/egiz/bku/slcommands/impl/BulkCommandImpl.class */
public class BulkCommandImpl extends SLCommandImpl<BulkRequestType> implements BulkCommand {
    private static final String ID_ECSIGTYPE = "1.2.840.10045.4";
    private static final Logger log = LoggerFactory.getLogger(BulkCommandImpl.class);
    protected X509Certificate signingCertificate;
    protected String keyboxIdentifier;
    private ConfigurationFacade configurationFacade = new ConfigurationFacade();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:BKULocal.war:WEB-INF/lib/bkucommon-1.4.1.jar:at/gv/egiz/bku/slcommands/impl/BulkCommandImpl$ConfigurationFacade.class */
    public class ConfigurationFacade implements MoccaConfigurationFacade {
        private Configuration configuration;
        public static final String USE_STRONG_HASH = "UseStrongHash";

        private ConfigurationFacade() {
        }

        public void setConfiguration(Configuration configuration) {
            this.configuration = configuration;
        }

        public boolean getUseStrongHash() {
            return this.configuration.getBoolean("UseStrongHash", true);
        }
    }

    @Override // at.gv.egiz.bku.slcommands.SLCommand
    public String getName() {
        return "BulkRequest";
    }

    public void setConfiguration(Configuration configuration) {
        this.configurationFacade.setConfiguration(configuration);
    }

    @Override // at.gv.egiz.bku.slcommands.SLCommand
    public SLResult execute(SLCommandContext sLCommandContext) {
        LinkedList linkedList = new LinkedList();
        try {
            List<BulkRequestType.CreateSignatureRequest> createSignatureRequest = getRequestValue().getCreateSignatureRequest();
            LinkedList linkedList2 = new LinkedList();
            if (createSignatureRequest == null || createSignatureRequest.size() == 0) {
                return null;
            }
            BulkCollectionSecurityProvider bulkCollectionSecurityProvider = new BulkCollectionSecurityProvider();
            log.debug("get keyboxIdentifier from BulkSingatureRequest");
            this.keyboxIdentifier = setKeyboxIdentifier(createSignatureRequest);
            log.info("Requesting signing certificate.");
            this.signingCertificate = requestSigningCertificate(this.keyboxIdentifier, sLCommandContext);
            log.debug("Got signing certificate. {}", this.signingCertificate);
            for (int i = 0; i < createSignatureRequest.size(); i++) {
                BulkRequestType.CreateSignatureRequest createSignatureRequest2 = createSignatureRequest.get(i);
                if (createSignatureRequest2.getCreateCMSSignatureRequest() != null) {
                    log.info("execute CMSSignature request.");
                    linkedList2.add(createSignatureRequest2.getId());
                    BulkSignature prepareCMSSignatureRequests = prepareCMSSignatureRequests(bulkCollectionSecurityProvider, createSignatureRequest2.getCreateCMSSignatureRequest(), sLCommandContext);
                    linkedList.add(prepareCMSSignatureRequests);
                    for (HashDataInput hashDataInput : bulkCollectionSecurityProvider.getBulkSignatureInfo().get(i).getHashDataInput()) {
                        if (hashDataInput instanceof CMSHashDataInput) {
                            CMSHashDataInput cMSHashDataInput = (CMSHashDataInput) hashDataInput;
                            log.debug("setting fileName {}", getFileName(createSignatureRequest2, i + 1));
                            cMSHashDataInput.setFilename(getFileName(createSignatureRequest2, i + 1));
                            cMSHashDataInput.setDigest(prepareCMSSignatureRequests.getSignerInfo().getDigest());
                        }
                    }
                } else if (createSignatureRequest2.getCreateXMLSignatureRequest() != null) {
                    log.error("XML signature requests are currently not supported in bulk signature requests.");
                    throw new SLCommandException(4124);
                }
            }
            return new BulkSignatureResultImpl(signBulkRequest(bulkCollectionSecurityProvider.getBulkSignatureInfo(), sLCommandContext, linkedList), linkedList2);
        } catch (SLException e) {
            return new ErrorResultImpl(e, sLCommandContext.getLocale());
        } catch (CMSException e2) {
            log.error("Error reading message digest.", (Throwable) e2);
            return null;
        }
    }

    private String getFileName(BulkRequestType.CreateSignatureRequest createSignatureRequest, int i) {
        String str = null;
        if (createSignatureRequest.getCreateCMSSignatureRequest().getDataObject() != null && createSignatureRequest.getCreateCMSSignatureRequest().getDataObject().getContent() != null) {
            str = createSignatureRequest.getCreateCMSSignatureRequest().getDataObject().getContent().getReference();
        }
        if (StringUtils.isNotEmpty(str)) {
            return FilenameUtils.getBaseName(str);
        }
        StringBuilder sb = new StringBuilder();
        if (StringUtils.isNotEmpty(createSignatureRequest.getDisplayName())) {
            sb.append(createSignatureRequest.getDisplayName());
        } else {
            sb.append("SignatureData");
            sb.append("_");
            sb.append(i);
        }
        return sb.toString();
    }

    private List<byte[]> signBulkRequest(List<BulkSignatureInfo> list, SLCommandContext sLCommandContext, List<BulkSignature> list2) throws SLCommandException, SLRequestException {
        try {
            List<STALResponse> handleRequest = sLCommandContext.getSTAL().handleRequest(Collections.singletonList(getSTALSignRequest(list)));
            if (handleRequest == null || handleRequest.size() != 1) {
                throw new SignatureException("Failed to access STAL.");
            }
            STALResponse sTALResponse = handleRequest.get(0);
            if (!(sTALResponse instanceof BulkSignResponse)) {
                if (!(sTALResponse instanceof ErrorResponse)) {
                    return null;
                }
                ErrorResponse errorResponse = (ErrorResponse) sTALResponse;
                log.debug("Error signing bulk request. Error response code: " + errorResponse.getErrorCode() + " (" + errorResponse.getErrorMessage() + ").");
                throw new SLCommandException(errorResponse.getErrorCode());
            }
            BulkSignResponse bulkSignResponse = (BulkSignResponse) sTALResponse;
            LinkedList linkedList = new LinkedList();
            for (int i = 0; i < bulkSignResponse.getSignResponse().size(); i++) {
                byte[] signatureValue = ((BulkSignResponse) sTALResponse).getSignResponse().get(i).getSignatureValue();
                log.debug("Got signature response: " + Util.toBase64String(signatureValue));
                list2.get(i).getSignerInfo().setSignatureValue(wrapSignatureValue(signatureValue, list.get(i).getSignatureAlgorithm()));
                linkedList.add(list2.get(i).getEncoded());
            }
            return linkedList;
        } catch (CMSException e) {
            log.error("Error creating CMSSignature", (Throwable) e);
            return null;
        } catch (SignatureException e2) {
            log.error("Error creating CMSSignature", (Throwable) e2);
            throw new SLCommandException(ErrorResponse.ERR_4000);
        }
    }

    private String setKeyboxIdentifier(List<BulkRequestType.CreateSignatureRequest> list) throws SLCommandException {
        String str = null;
        for (BulkRequestType.CreateSignatureRequest createSignatureRequest : list) {
            if (createSignatureRequest.getCreateCMSSignatureRequest() != null) {
                if (str == null) {
                    str = createSignatureRequest.getCreateCMSSignatureRequest().getKeyboxIdentifier();
                } else {
                    if (createSignatureRequest.getCreateCMSSignatureRequest().getKeyboxIdentifier() == null) {
                        log.error("No keyboxIdentifier has been specified for this signature request.");
                        throw new SLCommandException(3003);
                    }
                    if (!createSignatureRequest.getCreateCMSSignatureRequest().getKeyboxIdentifier().equals(str)) {
                        log.error("Error creating bulk signature. The bulkSignature value has to be the same fo all signature requests.");
                        throw new SLCommandException(3003);
                    }
                }
            }
        }
        return str;
    }

    private BulkSignature prepareCMSSignatureRequests(BulkCollectionSecurityProvider bulkCollectionSecurityProvider, CreateCMSSignatureRequestType createCMSSignatureRequestType, SLCommandContext sLCommandContext) throws SLCommandException, SLRequestException, SLViewerException {
        log.debug("Preparing CMS signature.");
        BulkSignature prepareCMSSignature = prepareCMSSignature(createCMSSignatureRequestType, sLCommandContext);
        try {
            bulkCollectionSecurityProvider.updateBulkCollectionSecurityProvider(this.keyboxIdentifier, prepareCMSSignature.getHashDataInput(), prepareCMSSignature.getExcludedByteRange());
            log.debug("Signing CMS signature.");
            return prepareStalRequest(bulkCollectionSecurityProvider, prepareCMSSignature, sLCommandContext);
        } catch (Exception e) {
            log.error("Error creating CMS Signature.", (Throwable) e);
            throw new SLCommandException(ErrorResponse.ERR_4000);
        }
    }

    private BulkSignature prepareCMSSignature(CreateCMSSignatureRequestType createCMSSignatureRequestType, SLCommandContext sLCommandContext) throws SLCommandException, SLRequestException {
        try {
            return new BulkSignature(createCMSSignatureRequestType.getDataObject() != null ? createCMSSignatureRequestType.getDataObject() : createCMSSignatureRequestType.getReferenceObject(), createCMSSignatureRequestType.getStructure(), this.signingCertificate, new Date(), sLCommandContext.getURLDereferencer(), this.configurationFacade.getUseStrongHash());
        } catch (SLCommandException e) {
            log.error("Error creating CMS Signature.", (Throwable) e);
            throw e;
        } catch (InvalidParameterException e2) {
            log.error("Error creating CMS Signature.", (Throwable) e2);
            throw new SLCommandException(3004);
        } catch (Exception e3) {
            log.error("Error creating CMS Signature.", (Throwable) e3);
            throw new SLCommandException(ErrorResponse.ERR_4000);
        }
    }

    private BulkSignature prepareStalRequest(BulkCollectionSecurityProvider bulkCollectionSecurityProvider, BulkSignature bulkSignature, SLCommandContext sLCommandContext) throws SLCommandException, SLViewerException {
        try {
            bulkSignature.sign(bulkCollectionSecurityProvider, sLCommandContext.getSTAL(), this.keyboxIdentifier);
            return bulkSignature;
        } catch (CMSException e) {
            log.error("Error creating CMSSignature", (Throwable) e);
            throw new SLCommandException(ErrorResponse.ERR_4000);
        } catch (CMSSignatureException e2) {
            log.error("Error creating CMSSignature", (Throwable) e2);
            throw new SLCommandException(ErrorResponse.ERR_4000);
        }
    }

    private X509Certificate requestSigningCertificate(String str, SLCommandContext sLCommandContext) throws SLCommandException {
        InfoboxReadRequest infoboxReadRequest = new InfoboxReadRequest();
        infoboxReadRequest.setInfoboxIdentifier(str);
        STALHelper sTALHelper = new STALHelper(sLCommandContext.getSTAL());
        sTALHelper.transmitSTALRequest(Collections.singletonList(infoboxReadRequest));
        List<X509Certificate> certificatesFromResponses = sTALHelper.getCertificatesFromResponses();
        if (certificatesFromResponses == null || certificatesFromResponses.size() != 1) {
            log.info("Got an unexpected number of certificates from STAL.");
            throw new SLCommandException(ErrorResponse.ERR_4000);
        }
        X509Certificate x509Certificate = certificatesFromResponses.get(0);
        this.signingCertificate = x509Certificate;
        return x509Certificate;
    }

    private static BulkSignRequest getSTALSignRequest(List<BulkSignatureInfo> list) {
        BulkSignRequest bulkSignRequest = new BulkSignRequest();
        for (int i = 0; i < list.size(); i++) {
            BulkSignatureInfo bulkSignatureInfo = list.get(i);
            SignRequest signRequest = new SignRequest();
            signRequest.setKeyIdentifier(bulkSignatureInfo.getKeyboxIdentifier());
            log.debug("SignedAttributes: " + Util.toBase64String(bulkSignatureInfo.getSignedAttributes()));
            SignRequest.SignedInfo signedInfo = new SignRequest.SignedInfo();
            signedInfo.setValue(bulkSignatureInfo.getSignedAttributes());
            signedInfo.setIsCMSSignedAttributes(true);
            signRequest.setSignedInfo(signedInfo);
            log.info("set displayName for Request {}", bulkSignatureInfo.getHashDataInput().get(0).getFilename());
            signRequest.setDisplayName(bulkSignatureInfo.getHashDataInput().get(0).getFilename());
            signRequest.setMimeType(bulkSignatureInfo.getHashDataInput().get(0).getMimeType());
            signRequest.setSignatureMethod(bulkSignatureInfo.getSignatureMethod());
            signRequest.setDigestMethod(bulkSignatureInfo.getDigestMethod());
            signRequest.setHashDataInput(bulkSignatureInfo.getHashDataInput());
            ExcludedByteRangeType excludedByteRange = bulkSignatureInfo.getExcludedByteRange();
            if (excludedByteRange != null) {
                SignRequest.ExcludedByteRange excludedByteRange2 = new SignRequest.ExcludedByteRange();
                excludedByteRange2.setFrom(excludedByteRange.getFrom());
                excludedByteRange2.setTo(excludedByteRange.getTo());
                signRequest.setExcludedByteRange(excludedByteRange2);
            }
            bulkSignRequest.getSignRequests().add(signRequest);
        }
        return bulkSignRequest;
    }

    private static byte[] wrapSignatureValue(byte[] bArr, AlgorithmID algorithmID) {
        if (!algorithmID.getAlgorithm().getID().startsWith(ID_ECSIGTYPE)) {
            return bArr;
        }
        byte[] copyOfRange = Arrays.copyOfRange(bArr, 0, bArr.length / 2);
        byte[] copyOfRange2 = Arrays.copyOfRange(bArr, bArr.length / 2, bArr.length);
        SEQUENCE sequence = new SEQUENCE();
        sequence.addComponent(new INTEGER(new BigInteger(1, copyOfRange)));
        sequence.addComponent(new INTEGER(new BigInteger(1, copyOfRange2)));
        return DerCoder.encode(sequence);
    }
}
