package de.bos_bremen.vii;

import de.bos_bremen.ci.asn1.x509.Certificate;
import de.bos_bremen.vi.ArtifactVersionProvider;
import de.bos_bremen.vii.algo.AlgorithmChecker;
import de.bos_bremen.vii.common.AssertUtil;
import de.bos_bremen.vii.common.Signal;
import de.bos_bremen.vii.common.SignalReason;
import de.bos_bremen.vii.common.SignalReasons;
import de.bos_bremen.vii.doctype.VIICertEntry;
import de.bos_bremen.vii.doctype.VIIDocumentEntry;
import de.bos_bremen.vii.doctype.VIIEntry;
import de.bos_bremen.vii.doctype.VIIIdentityEntry;
import de.bos_bremen.vii.doctype.VIISignatureEntry;
import de.bos_bremen.vii.doctype.XKMSAttachingController;
import de.bos_bremen.vii.doctype.unparsable.UnparsableParser;
import de.bos_bremen.vii.doctype.unparsable.UnparsablePlugIn;
import de.bos_bremen.vii.validate.CertificateDatePair;
import de.bos_bremen.vii.validate.PairsMap;
import de.bos_bremen.vii.validate.en319102.ValidationBlocks;
import de.bos_bremen.vii.validate.en319102.ValidationException;
import de.bos_bremen.vii.xkms.ErroneousXKMSValidateResponse;
import de.bos_bremen.vii.xkms.XKMSException;
import de.bos_bremen.vii.xkms.XKMSValidateResponse;
import de.bos_bremen.vii.xkms.XKMSValidateResult;
import de.bos_bremen.vii.xkms.XKMSXMLUtilities;
import de.bos_bremen.vii.xkms.eu.EUExtensionXKMSValidateResult;
import de.bos_bremen.vii.xkms.eu.impl.EUExtensionRevokedSuppressedXKMSValidateResult;
import de.bos_bremen.vii.xkms.eu.impl.XKMSValidateResponseImpl;
import de.governikus.CompInfo.ComponentInfo;
import java.io.File;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.SortedSet;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.w3c.dom.Document;

/* loaded from: input_file:de/bos_bremen/vii/VIIRequest.class */
public class VIIRequest {
    private final Date creationTime;
    private final VIIConfiguration vii;
    private VIIResponse viiResponse;
    private final List<VIIParser> parsers;
    private final VIITempFileManager tempFileManager;
    private static final String componentFileName = "vi-framework.version";
    private static final Log LOG = LogFactory.getLog(VIIRequest.class);
    public static final Boolean DEFAULT_LTV_DISABLED = Boolean.TRUE;
    public static final String SYSPROP_VII_LTV = "vii.LTV2";
    public static final boolean LTV_DISABLED = Boolean.parseBoolean(System.getProperty(SYSPROP_VII_LTV, DEFAULT_LTV_DISABLED.toString()));
    private static ComponentInfo ci = new ComponentInfo("vi-framework.version");

    /* JADX INFO: Access modifiers changed from: package-private */
    public VIIRequest(VIIConfiguration vIIConfiguration) {
        this(vIIConfiguration, new Date());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public VIIRequest(VIIConfiguration vIIConfiguration, Date date) {
        AssertUtil.notNull(vIIConfiguration, "Parameter viiInstance must not be null");
        this.vii = vIIConfiguration;
        this.creationTime = date;
        this.parsers = new ArrayList();
        this.tempFileManager = vIIConfiguration.getTempFileManager().newSubManager();
    }

    public boolean canOpen(Object obj) {
        return canOpenAs(obj, VII.NAME);
    }

    public boolean canOpenAs(Object obj, String str) throws IllegalArgumentException {
        VIIPlugIn<?> plugInForName = this.vii.getPlugInForName(str);
        if (plugInForName instanceof UnparsablePlugIn) {
            throw new IllegalArgumentException("Type " + str + " unknown (no such plug-in registered");
        }
        return !(plugInForName.newParser(obj, this.tempFileManager) instanceof UnparsableParser);
    }

    public void add(Object obj) {
        addAs(obj, VII.NAME);
    }

    public void addAs(Object obj, String str) throws IllegalArgumentException {
        VIIPlugIn<?> plugInForName = this.vii.getPlugInForName(str);
        if (plugInForName instanceof UnparsablePlugIn) {
            throw new IllegalArgumentException("Type " + str + " unknown (no such plug-in registered");
        }
        this.parsers.add(plugInForName.newParser(obj, this.tempFileManager));
    }

    public VIIResponse perform() {
        LOG.info("Performing request");
        this.viiResponse = new VIIResponse(this.creationTime, this.tempFileManager);
        LOG.info("Parsing request");
        for (VIIParser vIIParser : this.parsers) {
            try {
                LOG.debug("Processing parser " + vIIParser);
                vIIParser.parse(this.viiResponse);
            } catch (Exception e) {
                LOG.error("Error processing parser " + vIIParser + ": " + e.getMessage());
            }
        }
        validate();
        checkAlgorithms();
        aggregateResults();
        postValidate();
        return this.viiResponse;
    }

    public void postValidate() {
        if (LTV_DISABLED) {
            LOG.debug("LTV disabled!!!");
            return;
        }
        List<VIIDocumentEntry> documentChilds = this.viiResponse.getDocumentChilds();
        if (documentChilds != null) {
            boolean z = false;
            for (VIIDocumentEntry vIIDocumentEntry : documentChilds) {
                List<VIISignatureEntry> collectSignatureEntries = collectSignatureEntries(vIIDocumentEntry);
                if (collectSignatureEntries != null) {
                    boolean z2 = false;
                    Iterator<VIISignatureEntry> it = collectSignatureEntries.iterator();
                    while (it.hasNext()) {
                        z2 |= postValidate(it.next());
                    }
                    if (z2) {
                        z = recalculateReasons(vIIDocumentEntry, collectSignatureEntries);
                    }
                }
            }
            if (z) {
                recalculateReasons(this.viiResponse, documentChilds);
            }
        }
    }

    private List<VIISignatureEntry> collectSignatureEntries(VIIDocumentEntry vIIDocumentEntry) {
        ArrayList arrayList = new ArrayList();
        List<VIIDocumentEntry> documentChilds = vIIDocumentEntry.getDocumentChilds();
        if (documentChilds == null) {
            documentChilds = Collections.emptyList();
        }
        List<VIISignatureEntry> signatureChilds = vIIDocumentEntry.getSignatureChilds();
        if (signatureChilds == null) {
            signatureChilds = Collections.emptyList();
        }
        arrayList.addAll(signatureChilds);
        Iterator<VIIDocumentEntry> it = documentChilds.iterator();
        while (it.hasNext()) {
            arrayList.addAll(collectSignatureEntries(it.next()));
        }
        return arrayList;
    }

    private boolean recalculateReasons(VIIEntry vIIEntry, List<? extends VIIEntry> list) {
        Signal cumulated = vIIEntry.getCumulated();
        SortedSet<SignalReason> cumulatedReasons = vIIEntry.getCumulatedReasons();
        vIIEntry.setCumulated(Signal.GREEN);
        cumulatedReasons.clear();
        Iterator<? extends VIIEntry> it = list.iterator();
        while (it.hasNext()) {
            for (SignalReason signalReason : it.next().getCumulatedReasons()) {
                vIIEntry.setCumulated(Signal.max(vIIEntry.getCumulated(), signalReason.getSignal()));
                if (!cumulatedReasons.contains(signalReason)) {
                    cumulatedReasons.add(signalReason);
                }
            }
        }
        return cumulated.ordinal() != vIIEntry.getCumulated().ordinal();
    }

    private static boolean postValidate(VIISignatureEntry vIISignatureEntry) {
        if (!vIISignatureEntry.isLTVRequired()) {
            return false;
        }
        try {
            if (vIISignatureEntry.getSignatureTimestamp() == null) {
                return false;
            }
            try {
                LOG.debug("==============================================================");
                LOG.debug("LongTermValidation: start");
                LOG.debug("==============================================================");
                new ValidationBlocks().longTermValidationProcess(vIISignatureEntry, null, null, null, null, null);
                resetRevocationState(vIISignatureEntry.getAuthor());
                resetRevocationState(vIISignatureEntry);
                if (vIISignatureEntry.getCumulatedReasons().contains(SignalReasons.LEVELT_INDETERMINATE_SIGNINGTIME_AFTER_SIGNATURETIMESTAMP)) {
                    LOG.debug("indeterminate signing time after signature timestamp - cumlated unchanged");
                    vIISignatureEntry.setCumulated(Signal.YELLOW);
                }
                LOG.debug("longtime validation successful");
                LOG.debug("==============================================================");
                LOG.debug("LongTermValidation: finished");
                LOG.debug("==============================================================");
                return true;
            } catch (ValidationException e) {
                LOG.debug("longtime validation failed", e);
                LOG.debug("==============================================================");
                LOG.debug("LongTermValidation: finished");
                LOG.debug("==============================================================");
                return false;
            }
        } catch (Throwable th) {
            LOG.debug("==============================================================");
            LOG.debug("LongTermValidation: finished");
            LOG.debug("==============================================================");
            throw th;
        }
    }

    private static void resetRevocationState(VIISignatureEntry vIISignatureEntry) {
        vIISignatureEntry.removeCumulatedReason(SignalReasons.IDrev_yellow);
        vIISignatureEntry.removeCumulatedReason(SignalReasons.IDrev_red);
        vIISignatureEntry.removeCumulatedReason(SignalReasons.IDtrust_yellow);
        vIISignatureEntry.removeCumulatedReason(SignalReasons.IDtrust_red);
        vIISignatureEntry.setCumulated(Signal.GREEN);
    }

    private static void resetRevocationState(VIICertEntry vIICertEntry) {
        VIICertEntry vIICertEntry2;
        VIICertEntry vIICertEntry3 = vIICertEntry;
        while (true) {
            vIICertEntry2 = vIICertEntry3;
            if (vIICertEntry2.getIssuer() == null) {
                break;
            } else {
                vIICertEntry3 = vIICertEntry2.getIssuer();
            }
        }
        do {
            resetRevocationState(vIICertEntry2.getReIdentityObject());
            resetRevocationState(vIICertEntry2.getIdentityObject());
            vIICertEntry2.setCumulated(Signal.GREEN);
            vIICertEntry2 = vIICertEntry2 == vIICertEntry ? null : (VIICertEntry) vIICertEntry2.getParent();
        } while (vIICertEntry2 != null);
        resetRevocationState(vIICertEntry.getParent());
    }

    private static void resetRevocationState(VIIEntry vIIEntry) {
        vIIEntry.setCumulated(Signal.GREEN);
        vIIEntry.removeCumulatedReason(SignalReasons.IDrev_yellow);
        vIIEntry.removeCumulatedReason(SignalReasons.IDtrust_yellow);
        vIIEntry.removeCumulatedReason(SignalReasons.IDrev_red);
        vIIEntry.removeCumulatedReason(SignalReasons.IDtrust_red);
    }

    private static void resetRevocationState(VIIIdentityEntry vIIIdentityEntry) {
        resetRevocationState((VIIEntry) vIIIdentityEntry);
        vIIIdentityEntry.setRevocationReason(null);
        vIIIdentityEntry.setRevocationState(Signal.GREEN);
        vIIIdentityEntry.setIssuerTrust(Signal.GREEN);
        XKMSValidateResult xKMSValidateResult = vIIIdentityEntry.getXKMSValidateResult();
        if (xKMSValidateResult instanceof EUExtensionXKMSValidateResult) {
            vIIIdentityEntry.setXKMSValidateResult(new EUExtensionRevokedSuppressedXKMSValidateResult((EUExtensionXKMSValidateResult) xKMSValidateResult));
        }
    }

    private void checkAlgorithms() {
        try {
            LOG.info("Checking request algorithms");
            AlgorithmChecker algorithmCheckerFor = this.vii.getAlgorithmCheckerFor(this.viiResponse);
            algorithmCheckerFor.checkDigestAlgorithm(this.viiResponse);
            algorithmCheckerFor.checkCipherAlgorithm(this.viiResponse);
            algorithmCheckerFor.checkPaddingAlgorithm(this.viiResponse);
        } catch (Exception e) {
            LOG.error("Error checking algorithms", e);
        }
    }

    private void aggregateResults() {
        try {
            LOG.info("Aggregating request results");
            this.vii.getAggregatorFor(this.viiResponse).aggregateResults(this.viiResponse);
        } catch (Exception e) {
            LOG.error("Error aggregating results", e);
        }
    }

    private void validate() {
        LOG.info("Validating request");
        PairsMap determineCertificates = this.vii.getDeterminatorFor(this.viiResponse).determineCertificates(this.viiResponse);
        XKMSValidateResponse attachedXKMSValidateResponse = getAttachedXKMSValidateResponse();
        if (attachedXKMSValidateResponse != null) {
            determineCertificates.applyValidationResults(attachedXKMSValidateResponse, this.vii.getSecurityProviderName());
        }
        determineCertificates.removeUndesired((VIIController) this.vii.getControllerFor(VIIController.class));
        if (determineCertificates.isEmpty()) {
            LOG.info("No more certificates found to validate or no certificate validation requested");
            return;
        }
        List<XKMSValidateResponse> transmitValidationRequest = transmitValidationRequest(determineCertificates.keySet());
        this.viiResponse.setXKMSResponses(transmitValidationRequest);
        this.viiResponse.setXKMSCertificate(this.vii.getXKMSServer().getSignatureCertificate());
        this.viiResponse.setXKMSServiceURL(this.vii.getXKMSServer().getURL());
        determineCertificates.applyReValidationResults(transmitValidationRequest, this.vii.getSecurityProviderName());
    }

    private XKMSValidateResponse getAttachedXKMSValidateResponse() {
        File xKMSValidationResponse;
        XKMSAttachingController xKMSAttachingController = (XKMSAttachingController) this.vii.getControllerFor(XKMSAttachingController.class);
        if (xKMSAttachingController == null || (xKMSValidationResponse = xKMSAttachingController.getXKMSValidationResponse()) == null) {
            return null;
        }
        Document newDocumentFor = XKMSXMLUtilities.newDocumentFor(xKMSValidationResponse);
        Certificate xKMSSignatureCertificate = xKMSAttachingController.getXKMSSignatureCertificate();
        if (xKMSSignatureCertificate == null || SignalReasons.VALID.equals(XKMSXMLUtilities.checkSignature(newDocumentFor, xKMSSignatureCertificate))) {
            return new XKMSValidateResponseImpl(null, newDocumentFor);
        }
        return null;
    }

    private List<XKMSValidateResponse> transmitValidationRequest(Set<CertificateDatePair> set) {
        try {
            LOG.debug("Invoking the XKMS-Server");
            return this.vii.getXKMSServer().validate2(set);
        } catch (XKMSException e) {
            LOG.error("Could not perform validation request", e);
            return Arrays.asList(new ErroneousXKMSValidateResponse(e));
        } catch (IOException e2) {
            LOG.error("Could not perform validation request", e2);
            return Arrays.asList(new ErroneousXKMSValidateResponse(e2));
        }
    }

    public VIIResponse getVIIResponse() {
        return this.viiResponse;
    }

    public static String getComponentVersion() {
        String componentVersion = ci.getComponentVersion();
        return componentVersion != null ? componentVersion : ArtifactVersionProvider.ARTIFACT_UNTAGGED_VERSION;
    }

    public static String getRevision() {
        String componentRevision = ci.getComponentRevision();
        return componentRevision != null ? componentRevision : "No revision available";
    }

    public static String getComponentName() {
        return ci.getComponentName();
    }

    public VIITempFileManager getTempFileManager() {
        return this.tempFileManager;
    }
}
