package de.governikus.bea.beaToolkit.crypto.util;

import de.bos_bremen.ci.asn1.x509.Certificate;
import de.bos_bremen.ci.asn1.x509.FlatCertificate;
import de.bos_bremen.commons.base64.Base64;
import de.bos_bremen.gov2.server.fastsoap.XmlTagExtractor;
import de.brak.bea.application.dto.encryption.EncryptedObject;
import de.brak.bea.application.dto.rest.AttachmentDTO;
import de.brak.bea.application.dto.rest.MessageDTO;
import de.brak.bea.application.dto.rest.RecipientDTO;
import de.brak.bea.application.dto.rest.Vhn2AttachmentDTO;
import de.brak.bea.osci.vhn2.service.Vhn2CoCoCreator;
import de.brak.bea.osci.vhn2.service.impl.Vhn2CoCoCreatorImpl;
import de.governikus.bea.beaToolkit.BeaConstants;
import de.governikus.bea.beaToolkit.BeaToolkitContext;
import de.governikus.bea.beaToolkit.communication.CommunicatorFactory;
import de.governikus.bea.beaToolkit.crypto.HandleCrypto;
import de.governikus.bea.beaToolkit.crypto.handler.AESHandler;
import de.governikus.bea.beaToolkit.crypto.sign.CoCoUtils;
import de.governikus.bea.beaToolkit.crypto.sign.MIMEAttachment;
import de.governikus.bea.beaToolkit.crypto.sign.TemplateProcessor;
import de.governikus.bea.beaToolkit.exceptions.BeaException;
import de.governikus.bea.beaToolkit.io.Utils;
import de.governikus.bea.beaToolkit.osci.OSCIUtils;
import de.governikus.bea.beaToolkit.validator.SignatureValidator;
import de.governikus.bea.clientSecurity.util.Configuration;
import freemarker.template.TemplateException;
import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.io.OutputStreamWriter;
import java.io.StringReader;
import java.io.StringWriter;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.security.GeneralSecurityException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import java.util.concurrent.FutureTask;
import java.util.regex.Pattern;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.transform.Transformer;
import javax.xml.transform.TransformerException;
import javax.xml.transform.TransformerFactory;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
import org.apache.commons.collections4.CollectionUtils;
import org.apache.commons.io.FileUtils;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.w3c.dom.Document;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
import org.xml.sax.InputSource;

/* loaded from: input_file:de/governikus/bea/beaToolkit/crypto/util/VerificationUtil.class */
public class VerificationUtil {
    private static final Logger LOG = LogManager.getLogger(VerificationUtil.class);
    private static final Pattern XMLENC_PATTERN = Pattern.compile("<xenc:EncryptedData.*?</xenc:EncryptedData>", 34);
    private static VerificationUtil instance;
    private final Vhn2CoCoCreator vhn2CoCoCreator = new Vhn2CoCoCreatorImpl(BeaToolkitContext.getInstance().getDefaultEncoding());

    /* loaded from: input_file:de/governikus/bea/beaToolkit/crypto/util/VerificationUtil$OSCIMessage.class */
    public static class OSCIMessage {
        File osciFile;
        List<File> attachments = new ArrayList();

        public File getOsciFile() {
            return this.osciFile;
        }

        public void setOsciFile(File file) {
            this.osciFile = file;
        }

        public List<File> getAttachments() {
            return this.attachments;
        }

        public void addAttachment(File file) {
            this.attachments.add(file);
        }
    }

    /* loaded from: input_file:de/governikus/bea/beaToolkit/crypto/util/VerificationUtil$SignatureCertificate.class */
    public static class SignatureCertificate {
        final String refId;
        final X509Certificate cert;

        public SignatureCertificate(String str, X509Certificate x509Certificate) {
            this.refId = str;
            this.cert = x509Certificate;
        }

        public String getRefId() {
            return this.refId;
        }

        public X509Certificate getCert() {
            return this.cert;
        }

        public FlatCertificate getFlatCertificate() {
            try {
                return Certificate.forX509(this.cert);
            } catch (Exception e) {
                VerificationUtil.LOG.error(e.toString(), e);
                return null;
            }
        }
    }

    private VerificationUtil() {
    }

    public static synchronized VerificationUtil getInstance() {
        if (instance == null) {
            instance = new VerificationUtil();
        }
        return instance;
    }

    public EncryptedObject getEncObject(String str, MessageDTO messageDTO) {
        LOG.info("search for: " + str);
        for (EncryptedObject encryptedObject : messageDTO.getEncryptedObject()) {
            LOG.info("found: " + encryptedObject.getEnc_name());
            if (str.equals(encryptedObject.getEnc_name())) {
                return encryptedObject;
            }
        }
        return null;
    }

    private static Document convertStringToXMLDocument(String str) {
        try {
            return DocumentBuilderFactory.newInstance().newDocumentBuilder().parse(new InputSource(new StringReader(str)));
        } catch (Exception e) {
            LOG.error("Error processing xml content of encrypted objects", e);
            return null;
        }
    }

    private static void manageDraftXML(Document document, String str, boolean z) {
        NodeList elementsByTagName = document.getElementsByTagName("osci:Content");
        ArrayList arrayList = new ArrayList();
        for (int i = 0; i < elementsByTagName.getLength(); i++) {
            String str2 = (String) Optional.ofNullable(elementsByTagName.item(i).getAttributes().getNamedItem("Id")).map((v0) -> {
                return v0.getNodeValue();
            }).orElse("");
            if ((str2.equalsIgnoreCase(BeaConstants.XJUSTICE_FILE_NAME) && !z) || str2.equalsIgnoreCase(BeaConstants.MESSAGE_BODY_TXT) || str2.startsWith(getExternalJusticePrefix(str))) {
                arrayList.add(elementsByTagName.item(i));
            }
        }
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            document.getFirstChild().removeChild((Node) it.next());
        }
    }

    private static String convertXMLDocumentToString(Document document) throws TransformerException {
        StringWriter stringWriter = new StringWriter();
        Transformer newTransformer = TransformerFactory.newInstance().newTransformer();
        newTransformer.setOutputProperty("omit-xml-declaration", "no");
        newTransformer.setOutputProperty("method", "xml");
        newTransformer.setOutputProperty("indent", "yes");
        newTransformer.setOutputProperty("encoding", "UTF-8");
        newTransformer.transform(new DOMSource(document), new StreamResult(stringWriter));
        return stringWriter.toString();
    }

    public static String getExternalJusticePrefix(String str) {
        return "xjustiz_nachricht_" + str + "_";
    }

    public OSCIMessage createOSCIMessage(MessageDTO messageDTO, EncryptedObject encryptedObject, AESHandler aESHandler, String str, boolean z) throws Exception {
        Document convertStringToXMLDocument;
        String l = messageDTO.getMessageId().toString();
        LOG.info("verify signed message " + l);
        File tempFolder = getTempFolder(l);
        OSCIMessage oSCIMessage = new OSCIMessage();
        String str2 = new String(encryptedObject.getEnc_data(), BeaToolkitContext.getInstance().getDefaultEncoding());
        if ((messageDTO.getDraftMessage().booleanValue() || null == messageDTO.getMetaData().getZugegangen()) && (convertStringToXMLDocument = convertStringToXMLDocument(str2)) != null) {
            manageDraftXML(convertStringToXMLDocument, l, messageDTO.getStructureType() == MessageDTO.StructureTypeDTO.EEB_ABGABE || messageDTO.getStructureType() == MessageDTO.StructureTypeDTO.EEB_ZURUECKWEISUNG);
            str2 = convertXMLDocumentToString(convertStringToXMLDocument);
        }
        ArrayList arrayList = new ArrayList();
        int i = 0;
        while (i >= 0) {
            XmlTagExtractor.TagDescription extract = XmlTagExtractor.extract(str2, "Signature", i + 1, Collections.singletonList(CoCoUtils.DS_NS));
            i = extract.pos;
            if (extract.content != null) {
                fillAttachmentHashValues(str2, i, messageDTO);
                SignatureCertificate extractSignCertificate = extractSignCertificate(messageDTO, extract.content);
                if (extractSignCertificate != null) {
                    arrayList.add(extractSignCertificate);
                }
            }
        }
        if (arrayList.isEmpty()) {
            LOG.info("die OSCI-Nachricht ist nicht signiert.");
        }
        ArrayList arrayList2 = new ArrayList();
        byte[] decrypt = aESHandler.decrypt(messageDTO.getEncryptedObject()[0].getEncKeyInfo()[0].getEncKey());
        if (messageDTO.getAttachments() != null) {
            ExecutorService newFixedThreadPool = Executors.newFixedThreadPool(((Integer) Configuration.getInstance(str).getConfiguration(Configuration.ConfigurationEnum.ATTACHMENT_SIGNATURE_VERIFY_NO_THREADS, Integer.class)).intValue());
            ArrayList<FutureTask> arrayList3 = new ArrayList();
            for (AttachmentDTO attachmentDTO : messageDTO.getAttachments()) {
                FutureTask futureTask = new FutureTask(() -> {
                    return decryptAttachmentToFile(messageDTO, tempFolder, decrypt, attachmentDTO);
                });
                newFixedThreadPool.execute(futureTask);
                arrayList3.add(futureTask);
            }
            do {
                ArrayList arrayList4 = new ArrayList();
                for (FutureTask futureTask2 : arrayList3) {
                    if (!futureTask2.isDone()) {
                        break;
                    }
                    if (futureTask2.get() != null) {
                        oSCIMessage.addAttachment(((VerificationAttachmentContainer) futureTask2.get()).getFile());
                        if (z) {
                            arrayList2.add(new MIMEAttachment(((VerificationAttachmentContainer) futureTask2.get()).getReference(), new FileInputStream(((VerificationAttachmentContainer) futureTask2.get()).getFile())));
                        }
                        arrayList4.add(futureTask2);
                    } else {
                        LOG.warn("decrypt task contains null result: " + futureTask2);
                    }
                }
                arrayList3.removeAll(arrayList4);
                if (!arrayList3.isEmpty()) {
                    Thread.sleep(1000L);
                }
            } while (!arrayList3.isEmpty());
        }
        String str3 = "";
        if (CollectionUtils.isNotEmpty(messageDTO.getVhn2Attachments())) {
            for (Vhn2AttachmentDTO vhn2AttachmentDTO : messageDTO.getVhn2Attachments()) {
                ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(vhn2AttachmentDTO.getData());
                File createFile = createFile(tempFolder, vhn2AttachmentDTO.getReference());
                FileUtils.copyInputStreamToFile(byteArrayInputStream, createFile);
                oSCIMessage.addAttachment(createFile);
                if (z) {
                    arrayList2.add(new MIMEAttachment(vhn2AttachmentDTO.getReference(), new FileInputStream(createFile)));
                }
            }
            str3 = this.vhn2CoCoCreator.getVhnCoco(OSCIUtils.getVhn2AttachmentsMetaData(messageDTO.getVhn2Attachments()));
        }
        byte[] originatorCertificate = messageDTO.getMetaData().getOriginatorCertificate();
        X509Certificate x509Certificate = originatorCertificate != null ? (X509Certificate) CertificateFactory.getInstance("X509").generateCertificate(new ByteArrayInputStream(originatorCertificate)) : null;
        if (x509Certificate == null) {
            x509Certificate = getCertificate(messageDTO.getMetaData().getSender(), str);
        }
        byte[] originatorSignatureCertificate = messageDTO.getMetaData().getOriginatorSignatureCertificate();
        X509Certificate x509Certificate2 = originatorSignatureCertificate != null ? (X509Certificate) CertificateFactory.getInstance("X509").generateCertificate(new ByteArrayInputStream(originatorSignatureCertificate)) : null;
        X509Certificate x509Certificate3 = null;
        Iterator it = messageDTO.getMetaData().getAddressee().iterator();
        while (it.hasNext()) {
            x509Certificate3 = getCertificate((RecipientDTO) it.next(), str);
            if (x509Certificate3 != null) {
                break;
            }
        }
        if (x509Certificate3 == null) {
            LOG.info("draft message -> receiver list is empty");
            x509Certificate3 = x509Certificate;
        }
        String osciSubject = messageDTO.getOsciSubject();
        try {
            osciSubject = MessageDTO.OSCISubjectTypeDTO.valueOf(messageDTO.getOsciSubject()).getDisplayName();
        } catch (IllegalArgumentException e) {
        }
        File file = new File(tempFolder, l + ".xml");
        createOSCI(str2, str3, arrayList2, arrayList, x509Certificate, x509Certificate2, x509Certificate3, messageDTO.getOsciMessageId(), messageDTO.getMetaData().getReceptionTime(), osciSubject, l, file);
        oSCIMessage.setOsciFile(file);
        return oSCIMessage;
    }

    private VerificationAttachmentContainer decryptAttachmentToFile(MessageDTO messageDTO, File file, byte[] bArr, AttachmentDTO attachmentDTO) throws GeneralSecurityException, IOException {
        VerificationAttachmentContainer verificationAttachmentContainer = new VerificationAttachmentContainer();
        verificationAttachmentContainer.setAttachment(attachmentDTO);
        attachmentDTO.setSymEncAlgorithm(messageDTO.getSymEncAlgorithm());
        String symEncAlgorithm = attachmentDTO.getSymEncAlgorithm();
        InputStream decrypt = new AESHandler(bArr).decrypt(attachmentDTO.getIv(), (symEncAlgorithm == null || !symEncAlgorithm.endsWith("gcm")) ? new ByteArrayInputStream(attachmentDTO.getData()) : new HandleCrypto.TagAppendingInputStream(new ByteArrayInputStream(attachmentDTO.getData()), attachmentDTO.getTag()), attachmentDTO.getSymEncAlgorithm());
        File createFile = createFile(file, attachmentDTO.getReference());
        FileUtils.copyInputStreamToFile(decrypt, createFile);
        verificationAttachmentContainer.setFile(createFile);
        return verificationAttachmentContainer;
    }

    private File createFile(File file, String str) {
        File file2 = new File(file, str);
        if (!file2.getParentFile().exists() && !file2.getParentFile().mkdirs()) {
            LOG.warn("could not create dir: " + file2.getParentFile());
        }
        return file2;
    }

    private File getTempFolder(String str) {
        File file = new File(new File(Utils.getTempFolder(), "create-osci"), str);
        if (file.exists() && !file.delete()) {
            LOG.debug("could not delete file: " + file);
        }
        if (!file.mkdirs()) {
            LOG.debug("could not create folder: " + file);
        }
        return file;
    }

    private X509Certificate getCertificate(RecipientDTO recipientDTO, String str) {
        try {
            return recipientDTO.getCertificate() != null ? (X509Certificate) CertificateFactory.getInstance("X509").generateCertificate(new ByteArrayInputStream(recipientDTO.getCertificate())) : (X509Certificate) CertificateFactory.getInstance("X509").generateCertificate(new ByteArrayInputStream(getCertificate(recipientDTO.getSafeId(), str)));
        } catch (BeaException | CertificateException e) {
            LOG.error(e.toString(), e);
            return null;
        }
    }

    private byte[] getCertificate(String str, String str2) throws BeaException {
        return CommunicatorFactory.getCommunicator().loadCertificate(str, str2);
    }

    private SignatureCertificate extractSignCertificate(MessageDTO messageDTO, String str) throws CertificateException {
        String signatureReference = SignatureValidator.getSignatureReference(str);
        Optional findAny = messageDTO.getCertificateMap().entrySet().stream().filter(entry -> {
            return ((String) entry.getKey()).equals(signatureReference);
        }).findAny();
        if (findAny.isPresent()) {
            return new SignatureCertificate(signatureReference, (X509Certificate) CertificateFactory.getInstance("X509", BeaToolkitContext.getSecurityProvider()).generateCertificate(new ByteArrayInputStream((byte[]) ((Map.Entry) findAny.get()).getValue())));
        }
        return null;
    }

    private void fillAttachmentHashValues(String str, int i, MessageDTO messageDTO) {
        LOG.info(messageDTO.getMessageId());
        HashMap hashMap = new HashMap();
        int i2 = i;
        while (i >= 0) {
            XmlTagExtractor.TagDescription extract = XmlTagExtractor.extract(str, "Reference", i2 + 1, Collections.singletonList(CoCoUtils.DS_NS));
            i2 = extract.pos;
            if (extract.content == null) {
                break;
            }
            String str2 = (String) extract.attributes.get("URI");
            String str3 = XmlTagExtractor.extract(str, "DigestValue", i2 + 1, Collections.singletonList(CoCoUtils.DS_NS)).content;
            if (str2 != null && str2.startsWith("cid:")) {
                if (str3 != null) {
                    hashMap.put(str2.substring(4), str3);
                } else {
                    LOG.error("Fehler beim Einlesen der Attachment-Hash " + str2);
                }
            }
        }
        if (messageDTO.getAttachments() != null) {
            messageDTO.getAttachments().forEach(attachmentDTO -> {
                attachmentDTO.setHashValue((String) hashMap.get(attachmentDTO.getReference()));
            });
        }
    }

    private void createOSCI(String str, String str2, List<MIMEAttachment> list, List<SignatureCertificate> list2, X509Certificate x509Certificate, X509Certificate x509Certificate2, X509Certificate x509Certificate3, String str3, Date date, String str4, String str5, File file) throws IOException, CertificateEncodingException {
        String prepareOSCIMessage = prepareOSCIMessage(str);
        try {
            String str6 = "";
            ArrayList arrayList = new ArrayList();
            if (!list2.isEmpty()) {
                arrayList.addAll(list2);
            }
            if (x509Certificate2 != null) {
                arrayList.add(new SignatureCertificate("originatorTransportsignatur", x509Certificate2));
                str6 = Base64.toBase64String(x509Certificate2.getEncoded());
            }
            String processInspectionReportTemplate = arrayList.isEmpty() ? "" : TemplateProcessor.processInspectionReportTemplate(arrayList, date);
            String base64String = Base64.toBase64String(str3 == null ? str5.getBytes(BeaToolkitContext.getInstance().getDefaultEncoding()) : str3.getBytes(BeaToolkitContext.getInstance().getDefaultEncoding()));
            File file2 = new File(file.getCanonicalPath() + ".tmp");
            OutputStreamWriter outputStreamWriter = new OutputStreamWriter(new FileOutputStream(file2), StandardCharsets.UTF_8);
            TemplateProcessor.processOSCIContentDataTemplate(prepareOSCIMessage, str2, list2, Base64.toBase64String(x509Certificate.getEncoded()), str6, Base64.toBase64String(x509Certificate3.getEncoded()), base64String, processInspectionReportTemplate, date, str4, list, outputStreamWriter);
            outputStreamWriter.close();
            rewriteOsciFile(file2, file);
            file2.delete();
        } catch (TemplateException e) {
            LOG.error(e.toString(), e);
        }
    }

    private String prepareOSCIMessage(String str) {
        String str2 = str;
        if (str2.startsWith("<?xml")) {
            str2 = str2.substring(str2.indexOf(">") + 1);
        }
        return XMLENC_PATTERN.matcher(str2).replaceAll("");
    }

    private void rewriteOsciFile(File file, File file2) throws IOException {
        Path path = Paths.get(file2.toURI());
        FileInputStream fileInputStream = new FileInputStream(file);
        try {
            BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(fileInputStream, StandardCharsets.UTF_8));
            try {
                OutputStream newOutputStream = Files.newOutputStream(path, new OpenOption[0]);
                while (true) {
                    try {
                        String readLine = bufferedReader.readLine();
                        if (readLine == null) {
                            break;
                        }
                        newOutputStream.write(readLine.getBytes(StandardCharsets.UTF_8));
                        newOutputStream.write("\r\n".getBytes(StandardCharsets.UTF_8));
                    } catch (Throwable th) {
                        if (newOutputStream != null) {
                            try {
                                newOutputStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        }
                        throw th;
                    }
                }
                if (newOutputStream != null) {
                    newOutputStream.close();
                }
                bufferedReader.close();
                fileInputStream.close();
            } finally {
            }
        } catch (Throwable th3) {
            try {
                fileInputStream.close();
            } catch (Throwable th4) {
                th3.addSuppressed(th4);
            }
            throw th3;
        }
    }
}
