package de.governikus.bea.beaToolkit.validator;

import de.bos_bremen.ci.BSource;
import de.bos_bremen.ci.QLevel;
import de.bos_bremen.ci.asn1.ParseException;
import de.bos_bremen.ci.asn1.x509.Certificate;
import de.bos_bremen.ci.asn1.x509.FlatCertificate;
import de.bos_bremen.ci.asn1.x509.JX509Certificate;
import de.bos_bremen.observable_server.SimpleServiceData;
import de.bos_bremen.server.VerificationServer;
import de.bos_bremen.verfication.CustomResultBlock;
import de.bos_bremen.verfication.OriginatorTransportsignaturUtils;
import de.bos_bremen.verfication.VIIUtils;
import de.bos_bremen.verfication.Verification;
import de.bos_bremen.vii.VIIResponse;
import de.bos_bremen.vii.common.Signal;
import de.bos_bremen.vii.doctype.VIICertEntry;
import de.bos_bremen.vii.doctype.VIIDocumentEntry;
import de.bos_bremen.vii.doctype.osci.OSCIDocument;
import de.brak.bea.application.dto.rest.MessageDTO;
import de.brak.bea.application.dto.rest.VerificationResultDTO;
import de.governikus.bea.beaToolkit.io.Utils;
import de.governikus.bea.beaToolkit.ui.ConfirmKey;
import de.governikus.bea.beaToolkit.ui.DialogFactory;
import de.governikus.bea.beaToolkit.ui.DialogResult;
import de.governikus.bea.beaToolkit.util.Messages;
import de.governikus.bea.beaToolkit.util.Vhn2Util;
import de.governikus.bea.beaToolkit.validator.vhn2.Vhn2ValidationService;
import de.governikus.bea.beaToolkit.validator.vhn2.Vhn2ValidationServiceImpl;
import de.governikus.bea.clientSecurity.util.Configuration;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import java.nio.file.CopyOption;
import java.nio.file.Files;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Calendar;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import java.util.Optional;
import javafx.scene.control.Alert;
import org.apache.commons.io.FileUtils;
import org.apache.commons.io.FilenameUtils;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;

/* loaded from: input_file:de/governikus/bea/beaToolkit/validator/SignatureValidator.class */
public class SignatureValidator {
    private static final Logger LOG = LogManager.getLogger(SignatureValidator.class);
    private static final String[] SIGNATURE_FILES = {"vhn.xml.p7", "vhn.xml.p7s", "vhn.xml.p7m", "vhn.xml.pkcs7"};
    private static volatile SignatureValidator instance;
    private static List<QLevel> qeSQLevel;
    private Vhn2ValidationService vhn2ValidatorService = new Vhn2ValidationServiceImpl();

    public static SignatureValidator getInstance() throws IOException {
        if (instance == null) {
            synchronized (SignatureValidator.class) {
                if (instance == null) {
                    instance = new SignatureValidator();
                    init();
                }
            }
        }
        return instance;
    }

    private static void init() {
        qeSQLevel = new ArrayList();
        qeSQLevel.add(QLevel.QCP);
        qeSQLevel.add(QLevel.QCP_ACCREDITED);
        qeSQLevel.add(QLevel.QCPPLUS);
        qeSQLevel.add(QLevel.QCPPLUS_ACCREDITED);
        qeSQLevel.add(QLevel.QCPPLUS_DE);
        qeSQLevel.add(QLevel.QCPPLUS_DE_ACCREDITED);
    }

    public static String getSignatureReference(String str) {
        int indexOf = str.indexOf("URI=\"#", str.indexOf("<ds:RetrievalMethod")) + "URI=\"#".length();
        return str.substring(indexOf, str.indexOf("\"", indexOf + 1));
    }

    public SignatureValidationResult checkCertificate(X509Certificate x509Certificate, String str, byte[] bArr) throws ParseException, IOException, URISyntaxException {
        ArrayList arrayList = new ArrayList();
        try {
            arrayList.add(Certificate.forX509(x509Certificate));
        } catch (CertificateEncodingException e) {
            LOG.error(e.toString(), e);
        }
        return checkCertificate(arrayList, str, bArr, null, true);
    }

    public SignatureValidationResult checkCertificateDoNotConsiderQualifiedCert(X509Certificate x509Certificate, String str, byte[] bArr) throws ParseException, IOException, URISyntaxException {
        ArrayList arrayList = new ArrayList();
        try {
            arrayList.add(Certificate.forX509(x509Certificate));
        } catch (CertificateEncodingException e) {
            LOG.error(e.toString(), e);
        }
        return checkCertificate(arrayList, str, bArr, null, false);
    }

    private SignatureValidationResult checkCertificate(List<FlatCertificate> list, String str, byte[] bArr, Date date, boolean z) throws ParseException, IOException, URISyntaxException {
        Certificate certificate = new Certificate(new BSource(bArr));
        File createTempDirectory = Utils.createTempDirectory("checkCertificate");
        SignatureValidationResult signatureValidationResult = new SignatureValidationResult();
        Verification verification = Verification.getInstance();
        SimpleServiceData simpleServiceData = new SimpleServiceData();
        simpleServiceData.setCertificate(new JX509Certificate(certificate));
        simpleServiceData.setURI(new URI(str));
        VerificationServer verificationServer = new VerificationServer(simpleServiceData, (String) null);
        verificationServer.setName(VerificationServer.class.getSimpleName());
        Calendar calendar = Calendar.getInstance();
        calendar.add(12, -5);
        VIIResponse process = verification.process(createTempDirectory, verificationServer, list, date != null ? date : calendar.getTime());
        File createTempFile = File.createTempFile("checkCertificate.", ".html", createTempDirectory);
        Verification.getInstance().createCertHTMLIS(process, createTempFile);
        String readFileToString = FileUtils.readFileToString(createTempFile);
        File createTempFile2 = File.createTempFile("checkCertificate.", ".xml", createTempDirectory);
        Verification.getInstance().createXMLIS(process, createTempFile2);
        String readFileToString2 = FileUtils.readFileToString(createTempFile2);
        signatureValidationResult.setValidationResultType(process.getCumulated().light);
        signatureValidationResult.setValidationContentHTML(readFileToString);
        signatureValidationResult.setValidationContentXML(readFileToString2);
        Signal signal = Signal.NONE;
        List<VIIDocumentEntry> documentChilds = process.getDocumentChilds();
        boolean z2 = true;
        boolean z3 = false;
        boolean z4 = false;
        if (documentChilds == null || documentChilds.isEmpty()) {
            z3 = true;
            if (z) {
                z2 = false;
            }
        } else {
            for (VIIDocumentEntry vIIDocumentEntry : documentChilds) {
                Iterator it = vIIDocumentEntry.getOtherCertificates().iterator();
                while (it.hasNext()) {
                    FlatCertificate certificate2 = ((VIICertEntry) it.next()).getCertificate();
                    Signal cumulated = vIIDocumentEntry.getOtherCertificate(certificate2).getCumulated();
                    LOG.info("signature: " + certificate2.getSubjectCommonName());
                    z3 |= cumulated == Signal.NONE || cumulated == Signal.YELLOW;
                    z4 |= cumulated == Signal.RED;
                    if (z) {
                        z2 &= qeSQLevel.contains(vIIDocumentEntry.getOtherCertificate(certificate2).getQuality()) && cumulated == Signal.GREEN;
                    }
                }
                LOG.info("is qualified? " + z2);
            }
        }
        signatureValidationResult.setqES(z2);
        Utils.deleteRecursively(createTempDirectory.toPath());
        ConfirmKey confirmKey = null;
        if (z4) {
            confirmKey = ConfirmKey.SIGN_ACTION_ALERT_CERT_REVOKED_MSG;
        } else if (z3) {
            confirmKey = ConfirmKey.SIGN_ACTION_ALERT_CERT_VALIDATION_FAILED_MSG;
        } else if (!z2) {
            confirmKey = ConfirmKey.SIGN_ACTION_ALERT_NO_QES_MSG;
        }
        if (confirmKey != null) {
            if (DialogFactory.getInstance().popConfirmationAlertYesNo(confirmKey, Alert.AlertType.CONFIRMATION).getReason() == DialogResult.Reason.CMD_CANCEL) {
                signatureValidationResult = null;
            }
        }
        return signatureValidationResult;
    }

    public VerificationResultDTO checkOSCIFile(File file, List<File> list, MessageDTO messageDTO, String str) throws IOException, ParseException, URISyntaxException {
        String customResultBlock;
        byte[] bArr = (byte[]) Configuration.getInstance(str).getConfiguration(Configuration.ConfigurationEnum.SERVER_CERTIFICATE);
        String str2 = (String) Configuration.getInstance(str).getConfiguration(Configuration.ConfigurationEnum.SERVER_URL);
        Certificate certificate = new Certificate(new BSource(bArr));
        SimpleServiceData simpleServiceData = new SimpleServiceData();
        simpleServiceData.setCertificate(new JX509Certificate(certificate));
        simpleServiceData.setURI(new URI(str2));
        VerificationServer verificationServer = new VerificationServer(simpleServiceData, (String) null);
        verificationServer.setName(VerificationServer.class.getSimpleName());
        Verification verification = Verification.getInstance();
        File createTempDirectory = Utils.createTempDirectory("checkSignature");
        VIIResponse process = verification.process(createTempDirectory, verificationServer, new OSCIDocument(file), list);
        if (process == null) {
            return null;
        }
        File file2 = new File(createTempDirectory, "verificationresult.html");
        if (Vhn2Util.checkForVhn2Content(messageDTO)) {
            customResultBlock = this.vhn2ValidatorService.getCustomResultBlockForVhn2(messageDTO, getVhn2SignatureValidationResult(process), list);
        } else {
            customResultBlock = getCustomResultBlock(messageDTO, process.getCumulated());
        }
        Verification.getInstance().createHtml(process, customResultBlock, file2, Messages.get("inspectionsheet.title"));
        String readFileToString = FileUtils.readFileToString(file2);
        File file3 = new File(createTempDirectory, "verificationresult.xml");
        Verification.getInstance().createXMLIS(process, file3);
        String readFileToString2 = FileUtils.readFileToString(file3);
        SignatureValidationResult signatureValidationResult = new SignatureValidationResult();
        signatureValidationResult.setValidationResultType(process.getCumulated().light);
        signatureValidationResult.setValidationContentHTML(readFileToString);
        signatureValidationResult.setValidationContentXML(readFileToString2);
        Utils.deleteRecursively(createTempDirectory.toPath());
        return getValidationResult(messageDTO.getMessageId(), signatureValidationResult);
    }

    private Signal getVhn2SignatureValidationResult(VIIResponse vIIResponse) {
        Optional findAny = vIIResponse.getDocumentChilds().stream().filter(vIIDocumentEntry -> {
            return Arrays.asList(SIGNATURE_FILES).contains(vIIDocumentEntry.getFilename());
        }).findAny();
        return findAny.isPresent() ? ((VIIDocumentEntry) findAny.get()).getCumulated() : Signal.NONE;
    }

    private VerificationResultDTO getValidationResult(Long l, SignatureValidationResult signatureValidationResult) {
        VerificationResultDTO.VerificationResultStatus verificationResultStatus = null;
        if (signatureValidationResult.getValidationResultType().equalsIgnoreCase("green")) {
            verificationResultStatus = VerificationResultDTO.VerificationResultStatus.SUCCESS;
        } else if (signatureValidationResult.getValidationResultType().equalsIgnoreCase("red")) {
            verificationResultStatus = VerificationResultDTO.VerificationResultStatus.FAILED;
        } else if (signatureValidationResult.getValidationResultType().equalsIgnoreCase("yellow")) {
            verificationResultStatus = VerificationResultDTO.VerificationResultStatus.PARTIAL;
        }
        VerificationResultDTO verificationResultDTO = new VerificationResultDTO();
        verificationResultDTO.setStatus(verificationResultStatus);
        verificationResultDTO.setMessageId(l);
        verificationResultDTO.setHtml(signatureValidationResult.getValidationContentHTML());
        verificationResultDTO.setXml(signatureValidationResult.getValidationContentXML());
        return verificationResultDTO;
    }

    public List<VerificationResultDTO> checkSignature(Long l, List<File> list, String str, byte[] bArr) throws ParseException, IOException, URISyntaxException {
        Certificate certificate = new Certificate(new BSource(bArr));
        File createTempDirectory = Utils.createTempDirectory("checkSignature");
        List<File> copyFilesToTempDir = copyFilesToTempDir(list, createTempDirectory);
        SimpleServiceData simpleServiceData = new SimpleServiceData();
        simpleServiceData.setCertificate(new JX509Certificate(certificate));
        simpleServiceData.setURI(new URI(str));
        VerificationServer verificationServer = new VerificationServer(simpleServiceData, (String) null);
        verificationServer.setName(VerificationServer.class.getSimpleName());
        VIIResponse process = Verification.getInstance().process(createTempDirectory, verificationServer, (OSCIDocument) null, copyFilesToTempDir);
        ArrayList arrayList = new ArrayList();
        if (process != null && VIIUtils.containsSignedAttachments(process.getDocumentChilds())) {
            List<VIIDocumentEntry> copyOf = List.copyOf(process.getDocumentChilds());
            ArrayList arrayList2 = new ArrayList();
            for (int i = 0; i < copyOf.size(); i++) {
                try {
                    String baseFilenameFromSignatureFilename = getBaseFilenameFromSignatureFilename(((VIIDocumentEntry) copyOf.get(i)).getFilename());
                    if (!arrayList2.contains(baseFilenameFromSignatureFilename)) {
                        arrayList2.add(baseFilenameFromSignatureFilename);
                        VIIResponse vIIResponse = new VIIResponse(process.getCreationTime(), process.getTempFileManager());
                        vIIResponse.copy(process);
                        ArrayList arrayList3 = new ArrayList();
                        for (VIIDocumentEntry vIIDocumentEntry : copyOf) {
                            if (baseFilenameFromSignatureFilename.equals(getBaseFilenameFromSignatureFilename(vIIDocumentEntry.getFilename()))) {
                                arrayList3.add(vIIDocumentEntry);
                            }
                        }
                        if (VIIUtils.containsSignedAttachments(arrayList3)) {
                            vIIResponse.getDocumentChilds().clear();
                            vIIResponse.getDocumentChilds().addAll(arrayList3);
                            File createTempFile = File.createTempFile("checkSignature.", ".html", createTempDirectory);
                            Verification.getInstance().createHtml(vIIResponse, (String) null, createTempFile, Messages.get("inspectionsheet.title"));
                            String readFileToString = FileUtils.readFileToString(createTempFile);
                            File createTempFile2 = File.createTempFile("checkSignature.", ".xml", createTempDirectory);
                            Verification.getInstance().createXMLIS(vIIResponse, createTempFile2);
                            String readFileToString2 = FileUtils.readFileToString(createTempFile2);
                            SignatureValidationResult signatureValidationResult = new SignatureValidationResult();
                            if (vIIResponse.getDocument(0) != null) {
                                signatureValidationResult.setValidationResultType(vIIResponse.getDocument(0).getCumulated().light.toString());
                            } else {
                                signatureValidationResult.setValidationResultType(vIIResponse.getCumulated().light.toString());
                            }
                            signatureValidationResult.setValidationContentHTML(readFileToString);
                            signatureValidationResult.setValidationContentXML(readFileToString2);
                            QLevel qLevel = QLevel.NONE;
                            if (vIIResponse.getDocument(0) != null && vIIResponse.getDocument(0).hasSignatureChilds()) {
                                qLevel = vIIResponse.getDocument(0).getSignature(0).getQuality();
                            }
                            signatureValidationResult.setqES(qeSQLevel.contains(qLevel));
                            VerificationResultDTO validationResult = getValidationResult(l, signatureValidationResult);
                            validationResult.setAttachmentId(baseFilenameFromSignatureFilename);
                            arrayList.add(validationResult);
                        }
                    }
                } finally {
                    Utils.deleteRecursively(createTempDirectory.toPath());
                }
            }
            return arrayList;
        }
        return arrayList;
    }

    private String getBaseFilenameFromSignatureFilename(String str) {
        return Utils.isSignatureFile(str) ? FilenameUtils.removeExtension(str) : str;
    }

    private List<File> copyFilesToTempDir(List<File> list, File file) throws IOException {
        ArrayList arrayList = new ArrayList();
        for (File file2 : list) {
            File file3 = new File(file, file2.getName());
            if (!file3.exists()) {
                Files.copy(file2.toPath(), file.toPath().resolve(file2.getName()), new CopyOption[0]);
            }
            arrayList.add(file3);
        }
        return arrayList;
    }

    private String getCustomResultBlock(MessageDTO messageDTO, Signal signal) {
        if (signal == Signal.NONE) {
            LOG.info("state is none -> no custom result block");
            return null;
        }
        byte[] originatorSignatureCertificate = messageDTO.getMetaData().getOriginatorSignatureCertificate();
        if (originatorSignatureCertificate == null) {
            LOG.info("OriginatorTransportsignatur is not found -> no custom result block");
            return null;
        }
        try {
            CustomResultBlock bCustomResultBlock = OriginatorTransportsignaturUtils.getBCustomResultBlock((X509Certificate) CertificateFactory.getInstance("X509").generateCertificate(new ByteArrayInputStream(originatorSignatureCertificate)));
            if (bCustomResultBlock == null) {
                return null;
            }
            return bCustomResultBlock.getHtmlString(signal);
        } catch (Exception e) {
            LOG.error("", e);
            return null;
        }
    }
}
