package at.gv.egiz.bku.slcommands.impl;

import at.buergerkarte.namespaces.securitylayer._1_2_3.CreateXMLSignatureRequestType;
import at.buergerkarte.namespaces.securitylayer._1_2_3.DataObjectInfoType;
import at.gv.egiz.bku.conf.MoccaConfigurationFacade;
import at.gv.egiz.bku.slcommands.CreateXMLSignatureCommand;
import at.gv.egiz.bku.slcommands.SLCommandContext;
import at.gv.egiz.bku.slcommands.SLResult;
import at.gv.egiz.bku.slcommands.impl.xsect.AlgorithmMethodFactoryImpl;
import at.gv.egiz.bku.slcommands.impl.xsect.IdValueFactoryImpl;
import at.gv.egiz.bku.slcommands.impl.xsect.Signature;
import at.gv.egiz.bku.slexceptions.SLCommandException;
import at.gv.egiz.bku.slexceptions.SLException;
import at.gv.egiz.bku.slexceptions.SLRequestException;
import at.gv.egiz.bku.slexceptions.SLViewerException;
import at.gv.egiz.dom.DOMUtils;
import at.gv.egiz.stal.ErrorResponse;
import at.gv.egiz.stal.InfoboxReadRequest;
import java.net.URL;
import java.net.URLConnection;
import java.security.NoSuchAlgorithmException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import java.util.Scanner;
import javax.xml.crypto.MarshalException;
import javax.xml.crypto.URIReferenceException;
import javax.xml.crypto.dsig.XMLSignatureException;
import org.apache.commons.configuration.Configuration;
import org.apache.commons.lang.time.DateUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:BKULocal.war:WEB-INF/lib/bkucommon-1.4.1.jar:at/gv/egiz/bku/slcommands/impl/CreateXMLSignatureCommandImpl.class */
public class CreateXMLSignatureCommandImpl extends SLCommandImpl<CreateXMLSignatureRequestType> implements CreateXMLSignatureCommand {
    protected X509Certificate signingCertificate;
    protected String keyboxIdentifier;
    protected Signature signature;
    protected ConfigurationFacade configurationFacade = new ConfigurationFacade();
    protected static long XADES_1_4_BLACKLIST_TS;
    protected static final Logger log = LoggerFactory.getLogger(CreateXMLSignatureCommandImpl.class);
    protected static final List<String> XADES_1_4_BLACKLIST = new ArrayList();

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: input_file:BKULocal.war:WEB-INF/lib/bkucommon-1.4.1.jar:at/gv/egiz/bku/slcommands/impl/CreateXMLSignatureCommandImpl$ConfigurationFacade.class */
    public class ConfigurationFacade implements MoccaConfigurationFacade {
        protected Configuration configuration;
        public static final String USE_STRONG_HASH = "UseStrongHash";
        public static final String USE_XADES_1_4 = "UseXAdES14";
        public static final String USE_XADES_1_4_BLACKLIST = "UseXAdES14Blacklist";
        public static final String XADES_1_4_BLACKLIST_URL = "http://www.buergerkarte.at/BKU_XAdES_14_blacklist.txt";
        public static final int XADES_1_4_BLACKLIST_EXPIRY = 86400;

        protected ConfigurationFacade() {
        }

        public void setConfiguration(Configuration configuration) {
            this.configuration = configuration;
        }

        public boolean getUseStrongHash() {
            return this.configuration.getBoolean("UseStrongHash", true);
        }

        public boolean getUseXAdES14() {
            return this.configuration.getBoolean("UseXAdES14", true);
        }

        public boolean getUseXAdES14Blacklist() {
            return this.configuration.getBoolean("UseXAdES14Blacklist", true);
        }
    }

    protected static void loadXAdES14Blacklist() {
        XADES_1_4_BLACKLIST_TS = System.currentTimeMillis();
        XADES_1_4_BLACKLIST.clear();
        try {
            URLConnection openConnection = new URL("http://www.buergerkarte.at/BKU_XAdES_14_blacklist.txt").openConnection();
            openConnection.setUseCaches(false);
            Scanner scanner = new Scanner(openConnection.getInputStream());
            while (scanner.hasNext()) {
                XADES_1_4_BLACKLIST.add(scanner.next());
            }
            scanner.close();
        } catch (Exception e) {
            log.error("Blacklist load error", (Throwable) e);
        }
    }

    protected static boolean matchesXAdES14Blacklist(String str) {
        log.debug("Checking DataURL against XAdES14 blacklist: {}", str);
        if (System.currentTimeMillis() - XADES_1_4_BLACKLIST_TS > DateUtils.MILLIS_PER_DAY) {
            log.debug("Updating XAdES14 blacklist");
            loadXAdES14Blacklist();
        }
        if (str == null) {
            return false;
        }
        Iterator<String> it = XADES_1_4_BLACKLIST.iterator();
        while (it.hasNext()) {
            if (str.matches(it.next())) {
                log.debug("XAdES14 blacklist match");
                return true;
            }
        }
        return false;
    }

    public void setConfiguration(Configuration configuration) {
        this.configurationFacade.setConfiguration(configuration);
    }

    @Override // at.gv.egiz.bku.slcommands.CreateXMLSignatureCommand
    public void prepareXMLSignature(SLCommandContext sLCommandContext) throws SLCommandException, SLRequestException {
        CreateXMLSignatureRequestType requestValue = getRequestValue();
        IdValueFactoryImpl idValueFactoryImpl = new IdValueFactoryImpl();
        try {
            AlgorithmMethodFactoryImpl algorithmMethodFactoryImpl = new AlgorithmMethodFactoryImpl(this.signingCertificate, this.configurationFacade.getUseStrongHash());
            boolean useXAdES14 = this.configurationFacade.getUseXAdES14();
            if (useXAdES14 && this.configurationFacade.getUseXAdES14Blacklist() && matchesXAdES14Blacklist(sLCommandContext.getDataURL())) {
                useXAdES14 = false;
            }
            this.signature = new Signature(sLCommandContext.getURLDereferencer(), idValueFactoryImpl, algorithmMethodFactoryImpl, useXAdES14);
            this.signature.setSigningTime(new Date());
            this.signature.setSignerCertificate(this.signingCertificate);
            if (requestValue.getSignatureInfo() != null) {
                this.signature.setSignatureInfo(requestValue.getSignatureInfo());
            }
            Iterator<DataObjectInfoType> it = requestValue.getDataObjectInfo().iterator();
            while (it.hasNext()) {
                this.signature.addDataObject(it.next());
            }
            this.signature.buildXMLSignature();
        } catch (NoSuchAlgorithmException e) {
            log.error("Failed to get DigestMethod.", (Throwable) e);
            throw new SLCommandException(4006);
        }
    }

    protected void getSigningCertificate(SLCommandContext sLCommandContext) throws SLCommandException {
        this.keyboxIdentifier = getRequestValue().getKeyboxIdentifier();
        InfoboxReadRequest infoboxReadRequest = new InfoboxReadRequest();
        infoboxReadRequest.setInfoboxIdentifier(this.keyboxIdentifier);
        STALHelper sTALHelper = new STALHelper(sLCommandContext.getSTAL());
        sTALHelper.transmitSTALRequest(Collections.singletonList(infoboxReadRequest));
        List<X509Certificate> certificatesFromResponses = sTALHelper.getCertificatesFromResponses();
        if (certificatesFromResponses == null || certificatesFromResponses.size() != 1) {
            log.info("Got an unexpected number of certificates from STAL.");
            throw new SLCommandException(ErrorResponse.ERR_4000);
        }
        this.signingCertificate = certificatesFromResponses.get(0);
    }

    protected void signXMLSignature(SLCommandContext sLCommandContext) throws SLCommandException, SLViewerException {
        try {
            this.signature.sign(sLCommandContext.getSTAL(), this.keyboxIdentifier);
        } catch (XMLSignatureException e) {
            if (e.getCause() instanceof URIReferenceException) {
                URIReferenceException cause = e.getCause();
                if (cause.getCause() instanceof SLCommandException) {
                    throw ((SLCommandException) cause.getCause());
                }
            }
            log.error("Failed to sign XMLSignature.", e);
            throw new SLCommandException(ErrorResponse.ERR_4000);
        } catch (MarshalException e2) {
            log.error("Failed to marshall XMLSignature.", e2);
            throw new SLCommandException(ErrorResponse.ERR_4000);
        }
    }

    @Override // at.gv.egiz.bku.slcommands.SLCommand
    public SLResult execute(SLCommandContext sLCommandContext) {
        try {
            log.info("Requesting signing certificate.");
            getSigningCertificate(sLCommandContext);
            if (log.isDebugEnabled()) {
                log.debug("Got signing certificate. {}", this.signingCertificate);
            } else {
                log.info("Got signing certificate.");
            }
            log.info("Preparing XML signature.");
            prepareXMLSignature(sLCommandContext);
            log.info("Signing XML signature.");
            signXMLSignature(sLCommandContext);
            if (log.isDebugEnabled()) {
                log.debug(DOMUtils.getDOMImplementationLS().createLSSerializer().writeToString(this.signature.getDocument()));
            } else {
                log.info("XML signature signed.");
            }
            return new CreateXMLSignatureResultImpl(this.signature.getDocument());
        } catch (SLException e) {
            return new ErrorResultImpl(e, sLCommandContext.getLocale());
        }
    }

    @Override // at.gv.egiz.bku.slcommands.SLCommand
    public String getName() {
        return "CreateXMLSignatureRequest";
    }

    static {
        loadXAdES14Blacklist();
    }
}
