package de.governikus.bea.beaToolkit.validator.vhn2;

import de.bos_bremen.vii.common.Signal;
import de.brak.bea.application.dto.rest.AttachmentDTO;
import de.brak.bea.application.dto.rest.MessageDTO;
import de.brak.bea.application.dto.rest.Vhn2AttachmentDTO;
import de.brak.bea.osci.vhn2.service.Vhn2Validator;
import de.brak.bea.osci.vhn2.service.VhnXmlParser;
import de.brak.bea.osci.vhn2.service.impl.IntegrityResult;
import de.brak.bea.osci.vhn2.service.impl.Vhn2ValidatorImpl;
import de.brak.bea.osci.vhn2.service.impl.VhnXmlParserImpl;
import de.brak.bea.osci.vhn2.xml.JaNeinType;
import de.governikus.bea.beaToolkit.BeaToolkitContext;
import de.governikus.bea.beaToolkit.util.Vhn2Util;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.IOException;
import java.nio.file.Files;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import org.apache.commons.collections4.CollectionUtils;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.cms.SignerInformation;
import org.bouncycastle.util.Store;

/* loaded from: input_file:de/governikus/bea/beaToolkit/validator/vhn2/Vhn2ValidationServiceImpl.class */
public class Vhn2ValidationServiceImpl implements Vhn2ValidationService {
    private static final Logger LOG = LogManager.getLogger(Vhn2ValidationServiceImpl.class);
    private Vhn2Validator vhn2Validator = new Vhn2ValidatorImpl();
    private VhnXmlParser vhn2Parser = new VhnXmlParserImpl();
    private CustomBlockGenerator customBlockGenerator = new CustomBlockGeneratorImpl();
    private Vhn2SignatureValidationService signatureValidationService = new Vhn2SignatureValidationServiceImpl();

    @Override // de.governikus.bea.beaToolkit.validator.vhn2.Vhn2ValidationService
    public String getCustomResultBlockForVhn2(MessageDTO messageDTO, Signal signal, List<File> list) {
        if (isNotSentMessage(messageDTO)) {
            LOG.debug("The message to check is a draft message. Nothing to check");
            return "";
        }
        if (signal == Signal.NONE) {
            LOG.info("State of signatur file is none -> issuer is unknown. MessageId {}", messageDTO.getMessageId());
            return this.customBlockGenerator.getCustomBlockForInvalidSignature();
        }
        if (!Vhn2Util.checkForVhn2Signature(messageDTO) || !Vhn2Util.checkForVhn2Content(messageDTO)) {
            LOG.info("Vhn file or the signatur is not found. MessageId {}", messageDTO.getMessageId());
            return this.customBlockGenerator.getCustomBlockForInvalidSignature();
        }
        Vhn2AttachmentDTO vhn2AttachmentDTO = Vhn2Util.getVhnFile(messageDTO.getVhn2Attachments()).get();
        boolean validateFileSchema = this.vhn2Validator.validateFileSchema(new String(vhn2AttachmentDTO.getData(), BeaToolkitContext.getInstance().getDefaultEncoding()));
        if (!validateFileSchema) {
            LOG.info("Vhn file is not schema-compliant. MessageId {}", messageDTO.getMessageId());
            return this.customBlockGenerator.getCustomBlockForInvalidVhnFile();
        }
        byte[] data = Vhn2Util.getVhnFileSignature(messageDTO.getVhn2Attachments()).get().getData();
        if (!this.signatureValidationService.checkIfSignatureIsDetached(data)) {
            LOG.info("The signature file encapsulates the signed content. It is not trustworthy. MessageId {}", messageDTO.getMessageId());
            return this.customBlockGenerator.getCustomBlockForInlineSignature();
        }
        X509Certificate extractSignatureFromCms = extractSignatureFromCms(data);
        if (extractSignatureFromCms == null) {
            LOG.info("Certificate for signatur could not be extracted from signature file. MessageId {}", messageDTO.getMessageId());
            return this.customBlockGenerator.getCustomBlockForInvalidSignature();
        }
        boolean checkForSecureTransmission = checkForSecureTransmission(vhn2AttachmentDTO.getData());
        IntegrityResult checkVhn2Integrity = checkVhn2Integrity(messageDTO, list);
        try {
            return this.customBlockGenerator.getCustomBlock(getCertificateIssuer(extractSignatureFromCms), validateFileSchema, checkForSecureTransmission, signal, checkVhn2Integrity);
        } catch (Exception e) {
            LOG.error("Catch exception during generation of custom block for Pruefprotokoll. MessageId {}", messageDTO.getMessageId(), e);
            return null;
        }
    }

    private boolean isNotSentMessage(MessageDTO messageDTO) {
        return messageDTO.getDraftMessage().booleanValue() || Objects.isNull(messageDTO.getMetaData().getZugegangen());
    }

    X509Certificate extractSignatureFromCms(byte[] bArr) {
        try {
            CMSSignedData cMSSignedData = new CMSSignedData(bArr);
            Store certificates = cMSSignedData.getCertificates();
            Collection signers = cMSSignedData.getSignerInfos().getSigners();
            ArrayList arrayList = new ArrayList();
            Iterator it = signers.iterator();
            while (it.hasNext()) {
                Iterator it2 = certificates.getMatches(((SignerInformation) it.next()).getSID()).iterator();
                while (it2.hasNext()) {
                    try {
                        arrayList.add(new JcaX509CertificateConverter().setProvider("BC").getCertificate((X509CertificateHolder) it2.next()));
                    } catch (CertificateException e) {
                        LOG.warn("Can't create X509 certificate from vhn.xml signature file. Message {}", e.getMessage());
                        return null;
                    }
                }
            }
            return (X509Certificate) arrayList.get(0);
        } catch (CMSException e2) {
            LOG.warn("Can't create CMS content from vhn.xml signature file. Message {}", e2.getMessage());
            return null;
        }
    }

    private boolean checkForSecureTransmission(byte[] bArr) {
        Optional secureTransmission = this.vhn2Parser.getSecureTransmission(new ByteArrayInputStream(bArr));
        return secureTransmission.isPresent() && secureTransmission.get() == JaNeinType.JA;
    }

    private IntegrityResult checkVhn2Integrity(MessageDTO messageDTO, List<File> list) {
        return this.vhn2Validator.checkVhn2Integrity(new String(Vhn2Util.getVhnFile(messageDTO.getVhn2Attachments()).get().getData(), BeaToolkitContext.getInstance().getDefaultEncoding()), getAttachmentsAsMap(messageDTO.getAttachments(), list));
    }

    Map<String, byte[]> getAttachmentsAsMap(List<AttachmentDTO> list, List<File> list2) {
        if (CollectionUtils.isEmpty(list)) {
            return Collections.EMPTY_MAP;
        }
        HashMap hashMap = new HashMap(list.size());
        for (AttachmentDTO attachmentDTO : list) {
            byte[] bArr = new byte[0];
            try {
                bArr = getDecryptedAttachmentData(attachmentDTO.getReference(), list2);
            } catch (IOException e) {
                LOG.error("Attachment content could not be read", e);
            }
            hashMap.put(attachmentDTO.getReference(), bArr);
        }
        return hashMap;
    }

    byte[] getDecryptedAttachmentData(String str, List<File> list) throws IOException {
        Optional<File> findAny = list.stream().filter(file -> {
            return file.getName().equals(str);
        }).findAny();
        return findAny.isEmpty() ? new byte[0] : Files.readAllBytes(findAny.get().toPath());
    }

    private Vhn2CertificateIssuer getCertificateIssuer(X509Certificate x509Certificate) {
        return this.signatureValidationService.getCertificateIssuer(x509Certificate);
    }
}
