package at.gv.egiz.bku.local.stal;

import at.gv.egiz.bku.gui.BKUGUIFacade;
import at.gv.egiz.bku.gui.hashdata.HashDataInputLoader;
import at.gv.egiz.bku.gui.viewer.SecureViewer;
import at.gv.egiz.bku.slcommands.impl.DataObjectHashDataInput;
import at.gv.egiz.bku.slcommands.impl.cms.ReferencedHashDataInput;
import at.gv.egiz.stal.HashDataInput;
import at.gv.egiz.stal.SignatureInfo;
import at.gv.egiz.stal.hashdata.StubHashDataInput;
import at.gv.egiz.stal.impl.ByteArrayHashDataInput;
import at.gv.egiz.stal.signedinfo.ReferenceType;
import iaik.cms.SecurityProvider;
import iaik.me.security.CryptoException;
import iaik.me.security.MessageDigest;
import iaik.xml.crypto.XmldsigMore;
import java.awt.event.ActionListener;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.DigestException;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import org.apache.commons.configuration.tree.DefaultExpressionEngine;
import org.apache.commons.io.IOUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:BKULocal.war:WEB-INF/classes/at/gv/egiz/bku/local/stal/LocalSecureViewer.class */
public class LocalSecureViewer implements SecureViewer, HashDataInputLoader {
    private final Logger log = LoggerFactory.getLogger(LocalSecureViewer.class);
    private List<HashDataInput> hashDataInputs = Collections.emptyList();
    protected BKUGUIFacade gui;

    public LocalSecureViewer(BKUGUIFacade bKUGUIFacade) {
        this.gui = bKUGUIFacade;
    }

    public void setDataToBeSigned(List<HashDataInput> list) {
        this.hashDataInputs = list;
    }

    @Override // at.gv.egiz.bku.gui.viewer.SecureViewer
    public void displayDataToBeSigned(SignatureInfo signatureInfo, ActionListener actionListener, String str) throws Exception {
        this.log.info("Retrieve data to be signed for dsig:SignedInfo {}.", signatureInfo.getId());
        List<HashDataInput> verifyHashDataInput = verifyHashDataInput(signatureInfo.getReference(), getHashDataInputs(signatureInfo).get(0));
        ArrayList arrayList = new ArrayList();
        arrayList.addAll(verifyHashDataInput);
        if (arrayList.size() < 1) {
            this.log.error("dsig:SignedInfo does not contain a data reference.");
            throw new Exception("dsig:SignedInfo does not contain a data reference.");
        }
        this.gui.showSecureViewer(arrayList, actionListener, str, this);
    }

    private HashDataInput ensureCachedHashDataInput(HashDataInput hashDataInput) throws IOException {
        if (!(hashDataInput instanceof DataObjectHashDataInput)) {
            this.log.warn("Expected DataObjectHashDataInput for LocalSignRequestHandler, got {}.", hashDataInput.getClass().getName());
            InputStream hashDataInput2 = hashDataInput.getHashDataInput();
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(hashDataInput2.available());
            while (true) {
                int read = hashDataInput2.read();
                if (read == -1) {
                    break;
                }
                byteArrayOutputStream.write(read);
            }
            hashDataInput = new ByteArrayHashDataInput(byteArrayOutputStream.toByteArray(), hashDataInput.getReferenceId(), hashDataInput.getMimeType(), hashDataInput.getEncoding(), hashDataInput.getFilename());
        }
        return hashDataInput;
    }

    @Override // at.gv.egiz.bku.gui.viewer.SecureViewer
    public void displayDataToBeSigned(List<SignatureInfo> list, ActionListener actionListener, String str) throws DigestException, Exception {
        this.log.warn("Called displayDataToBeSigned");
        ArrayList arrayList = new ArrayList();
        Iterator<SignatureInfo> it = list.iterator();
        while (it.hasNext()) {
            arrayList.addAll(addEmptyHashDataInputs(it.next()));
        }
        this.gui.showSecureViewer(arrayList, actionListener, str, this);
    }

    private Collection<? extends HashDataInput> addEmptyHashDataInputs(SignatureInfo signatureInfo) throws Exception {
        if (signatureInfo.getReference().size() == 0) {
            this.log.error("No hashdata input selected to be displayed: null.");
            throw new Exception("No HashData Input selected to be displayed.");
        }
        ArrayList arrayList = new ArrayList();
        for (ReferenceType referenceType : signatureInfo.getReference()) {
            if (referenceType.getType() == null) {
                arrayList.add(new StubHashDataInput(referenceType, signatureInfo.getDisplayName(), signatureInfo.getMimeType()));
            }
        }
        return arrayList;
    }

    @Override // at.gv.egiz.bku.gui.hashdata.HashDataInputLoader
    public HashDataInput getHashDataInput(HashDataInput hashDataInput) throws Exception {
        if (hashDataInput instanceof StubHashDataInput) {
            String referenceId = hashDataInput.getReferenceId();
            byte[] digest = hashDataInput.getDigest();
            if (referenceId == null && digest == null) {
                throw new Exception("Cannot get HashDataInput for dsig:Reference without Id or digest attribute");
            }
            for (HashDataInput hashDataInput2 : this.hashDataInputs) {
                if (Arrays.equals(digest, hashDataInput2.getDigest())) {
                    this.log.debug("Display hashdata input for dsig:SignedReference {}.", referenceId);
                    return hashDataInput2 instanceof ReferencedHashDataInput ? verifyHashDataInput(Arrays.asList(((StubHashDataInput) hashDataInput).getReference()), hashDataInput2).get(0) : ensureCachedHashDataInput(hashDataInput2);
                }
            }
            if (0 == 0) {
                for (HashDataInput hashDataInput3 : this.hashDataInputs) {
                    if (referenceId.equals(hashDataInput.getReferenceId())) {
                        this.log.debug("Display hashdata input for dsig:SignedReference {}.", referenceId);
                        return hashDataInput3 instanceof ReferencedHashDataInput ? verifyHashDataInput(Arrays.asList(((StubHashDataInput) hashDataInput).getReference()), hashDataInput3).get(0) : ensureCachedHashDataInput(hashDataInput3);
                    }
                }
            }
            if (0 == 0) {
                this.log.error("No hashdata input for dsig:SignedReference {}.", referenceId);
                throw new Exception("No HashDataInput available for dsig:SignedReference " + referenceId);
            }
        }
        return hashDataInput;
    }

    public List<HashDataInput> getHashDataInputs(SignatureInfo signatureInfo) throws Exception {
        ArrayList arrayList = new ArrayList();
        if (signatureInfo.getReference().size() == 0) {
            this.log.error("No hashdata input selected to be displayed: null.");
            throw new Exception("No HashData Input selected to be displayed.");
        }
        for (ReferenceType referenceType : signatureInfo.getReference()) {
            if (referenceType.getType() == null) {
                arrayList.add(getHashDataInput(new StubHashDataInput(referenceType, signatureInfo.getDisplayName(), signatureInfo.getMimeType())));
            }
        }
        return arrayList;
    }

    private List<HashDataInput> verifyHashDataInput(List<ReferenceType> list, HashDataInput hashDataInput) throws DigestException, NoSuchAlgorithmException, Exception {
        byte[] digest;
        ArrayList arrayList = new ArrayList();
        for (ReferenceType referenceType : list) {
            if (referenceType.getType() == null) {
                this.log.info("Verifying digest for signed reference {}.", referenceType.getId());
                String id = referenceType.getId();
                byte[] digestValue = referenceType.getDigestValue();
                if (referenceType.getDigestMethod() == null) {
                    throw new NoSuchAlgorithmException("Failed to verify digest value for reference " + id + ": no digest algorithm");
                }
                String algorithm = referenceType.getDigestMethod().getAlgorithm();
                if (hashDataInput == null) {
                    throw new Exception("No hashdata input for reference " + id + " returned by service");
                }
                try {
                    byte[] byteArray = IOUtils.toByteArray(hashDataInput.getHashDataInput());
                    String mimeType = hashDataInput.getMimeType();
                    String encoding = hashDataInput.getEncoding();
                    String filename = hashDataInput.getFilename();
                    if (this.log.isDebugEnabled()) {
                        this.log.debug("Digesting reference " + id + " (" + mimeType + ";" + encoding + DefaultExpressionEngine.DEFAULT_INDEX_END);
                    }
                    if (referenceType.getURI() == null || !referenceType.getURI().startsWith("CMSExcludedByteRange:")) {
                        digest = digest(byteArray, algorithm);
                    } else {
                        String substring = referenceType.getURI().substring(21);
                        int indexOf = substring.indexOf(45);
                        int parseInt = Integer.parseInt(substring.substring(0, indexOf));
                        int parseInt2 = Integer.parseInt(substring.substring(indexOf + 1));
                        Arrays.fill(byteArray, parseInt, parseInt2 + 1, (byte) 0);
                        byte[] bArr = new byte[byteArray.length - ((parseInt2 + 1) - parseInt)];
                        if (parseInt > 0) {
                            System.arraycopy(byteArray, 0, bArr, 0, parseInt);
                        }
                        if (parseInt2 + 1 < byteArray.length) {
                            System.arraycopy(byteArray, parseInt2 + 1, bArr, parseInt, byteArray.length - (parseInt2 + 1));
                        }
                        digest = digest(bArr, algorithm);
                    }
                    this.log.debug("Comparing digest to claimed digest value for reference {}.", id);
                    if (!Arrays.equals(digest, digestValue)) {
                        this.log.error("Bad digest value for reference {}.", id);
                        throw new DigestException("Bad digest value for reference " + id);
                    }
                    arrayList.add(new ByteArrayHashDataInput(byteArray, id, mimeType, encoding, filename));
                } catch (IOException e) {
                    throw new Exception("No hashdata input for reference " + id + " provided by service.", e);
                }
            }
        }
        return arrayList;
    }

    private byte[] digest(byte[] bArr, String str) throws NoSuchAlgorithmException {
        String str2;
        if ("http://www.w3.org/2000/09/xmldsig#sha1".equals(str)) {
            str2 = "SHA-1";
        } else if ("http://www.w3.org/2001/04/xmlenc#sha256".equals(str)) {
            str2 = "SHA-256";
        } else if ("http://www.w3.org/2001/04/xmlenc#sha224".equals(str)) {
            str2 = "SHA-224";
        } else if (XmldsigMore.DIGEST_SHA224.equals(str)) {
            str2 = "SHA-224";
        } else if (XmldsigMore.DIGEST_SHA384.equals(str)) {
            str2 = "SHA-384";
        } else if ("http://www.w3.org/2001/04/xmlenc#sha512".equals(str)) {
            str2 = "SHA-512";
        } else if ("http://www.w3.org/2001/04/xmldsig-more#md2".equals(str)) {
            str2 = "MD2";
        } else if (XmldsigMore.DIGEST_MD5.equals(str)) {
            str2 = SecurityProvider.ALG_DIGEST_MD5;
        } else {
            if (!"http://www.w3.org/2001/04/xmlenc#ripemd160".equals(str)) {
                throw new NoSuchAlgorithmException("Failed to verify digest value: unsupported digest algorithm " + str);
            }
            str2 = "RIPEMD160";
        }
        try {
            return MessageDigest.getInstance(str2).digest(bArr);
        } catch (CryptoException e) {
            throw new NoSuchAlgorithmException(e);
        }
    }
}
