package de.bos_bremen.vii.doctype.osci;

import de.bos_bremen.algorithm_identifier.AlgorithmService;
import de.bos_bremen.algorithm_identifier.SignatureAlgorithm;
import de.bos_bremen.vii.common.AssertUtil;
import de.osci.osci12.OSCIException;
import de.osci.osci12.common.Constants;
import de.osci.osci12.messageparts.Content;
import de.osci.osci12.messageparts.ContentContainer;
import de.osci.osci12.messageparts.EncryptedDataOSCI;
import de.osci.osci12.messageparts.MessagePart;
import de.osci.osci12.messageparts.MessagePartsFactory;
import de.osci.osci12.messageparts.OSCISignature;
import de.osci.osci12.roles.OSCIRoleException;
import de.osci.osci12.signature.OSCISignatureException;
import java.io.IOException;
import java.security.NoSuchAlgorithmException;
import java.security.Signature;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

/* loaded from: input_file:de/bos_bremen/vii/doctype/osci/OSCICoCoDescriptor.class */
class OSCICoCoDescriptor {
    private static final Log LOG = LogFactory.getLog(OSCICoCoDescriptor.class);
    private static final boolean FAILURE = false;
    private final ContentContainer delegateCoCo;
    private Map<String, MessagePart> id2MessagePartsMap;

    public OSCICoCoDescriptor(ContentContainer contentContainer) {
        AssertUtil.notNull(contentContainer, "ContentContainer must not be null");
        this.delegateCoCo = contentContainer;
        createID2MessagePartsMap(this.delegateCoCo);
    }

    private void createID2MessagePartsMap(ContentContainer contentContainer) {
        this.id2MessagePartsMap = new HashMap();
        MessagePart[] contents = contentContainer.getContents();
        int length = contents.length;
        for (int i = FAILURE; i < length; i++) {
            MessagePart messagePart = contents[i];
            this.id2MessagePartsMap.put("#" + messagePart.getRefID(), messagePart);
        }
        MessagePart[] encryptedData = contentContainer.getEncryptedData();
        int length2 = encryptedData.length;
        for (int i2 = FAILURE; i2 < length2; i2++) {
            MessagePart messagePart2 = encryptedData[i2];
            this.id2MessagePartsMap.put("#" + messagePart2.getRefID(), messagePart2);
        }
        MessagePart[] attachments = contentContainer.getAttachments();
        if (attachments != null) {
            int length3 = attachments.length;
            for (int i3 = FAILURE; i3 < length3; i3++) {
                MessagePart messagePart3 = attachments[i3];
                this.id2MessagePartsMap.put("cid:" + messagePart3.getRefID(), messagePart3);
            }
        }
    }

    public OSCISignature[] getSignatures() {
        return this.delegateCoCo.getSignatures();
    }

    public EncryptedDataOSCI[] getEncryptedData() {
        return this.delegateCoCo.getEncryptedData();
    }

    public Content[] getContents() {
        return this.delegateCoCo.getContents();
    }

    public SignatureAlgorithm getSignatureAlgorithmOf(OSCISignature oSCISignature) {
        try {
            return AlgorithmService.getSignatureForURI(oSCISignature.signatureAlgorithm);
        } catch (Exception e) {
            LOG.error("Cannot get signature algorithm of OSCISignature, returning null", e);
            return null;
        }
    }

    public SignatureChecks checkSignature(OSCISignature oSCISignature, String str) throws OSCIRoleException, OSCISignatureException {
        if (isSigningCertificateNotSuitableForSigning(oSCISignature)) {
            SignatureChecks signatureChecks = new SignatureChecks();
            signatureChecks.result = false;
            signatureChecks.wrongKeyUsage = true;
            signatureChecks.refID = this.delegateCoCo.getRefID();
            return signatureChecks;
        }
        try {
            List<MessagePart> asList = Arrays.asList(OSCIUtil.getReferences(oSCISignature));
            for (MessagePart messagePart : asList) {
                if (isNotPartOfThisContentContainer(messagePart)) {
                    SignatureChecks signatureChecks2 = new SignatureChecks();
                    signatureChecks2.result = false;
                    signatureChecks2.digestNotFound = true;
                    signatureChecks2.refID = messagePart.getRefID();
                    return signatureChecks2;
                }
                if (!verifyMsgPartDigestValue(messagePart, oSCISignature)) {
                    SignatureChecks signatureChecks3 = new SignatureChecks();
                    signatureChecks3.result = false;
                    signatureChecks3.corruptedContent = true;
                    signatureChecks3.refID = messagePart.getRefID();
                    return signatureChecks3;
                }
            }
            HashSet hashSet = new HashSet(this.id2MessagePartsMap.keySet());
            Iterator it = asList.iterator();
            while (it.hasNext()) {
                hashSet.remove(((MessagePart) it.next()).getRefID());
            }
            if (!hashSet.isEmpty()) {
                SignatureChecks signatureChecks4 = new SignatureChecks();
                signatureChecks4.result = false;
                signatureChecks4.corruptedContentCount = true;
                signatureChecks4.refID = (String) hashSet.iterator().next();
                return signatureChecks4;
            }
            try {
                Signature signature = Signature.getInstance((String) Constants.JCA_JCE_MAP.get(oSCISignature.signatureAlgorithm), str);
                signature.initVerify(oSCISignature.getSigner().getSignatureCertificate().getPublicKey());
                signature.update(oSCISignature.getSignedInfoBytes());
                if (signature.verify(oSCISignature.signatureValue)) {
                    return new SignatureChecks();
                }
                SignatureChecks signatureChecks5 = new SignatureChecks();
                signatureChecks5.result = false;
                signatureChecks5.corruptedSignature = true;
                signatureChecks5.refID = oSCISignature.getRefID();
                return signatureChecks5;
            } catch (NoSuchAlgorithmException e) {
                SignatureChecks signatureChecks6 = new SignatureChecks();
                signatureChecks6.result = false;
                signatureChecks6.noSuchAlgorithm = true;
                signatureChecks6.refID = this.delegateCoCo.getRefID();
                return signatureChecks6;
            }
        } catch (Exception e2) {
            throw new OSCISignatureException("signature_check_error");
        }
    }

    private boolean isSigningCertificateNotSuitableForSigning(OSCISignature oSCISignature) throws OSCIRoleException {
        X509Certificate signatureCertificate = oSCISignature.getSigner().getSignatureCertificate();
        return (signatureCertificate.getKeyUsage() == null || signatureCertificate.getKeyUsage()[FAILURE] || signatureCertificate.getKeyUsage()[1]) ? false : true;
    }

    private boolean isNotPartOfThisContentContainer(MessagePart messagePart) {
        return this.id2MessagePartsMap == null || !this.id2MessagePartsMap.containsKey(messagePart.getRefID());
    }

    private boolean verifyMsgPartDigestValue(MessagePart messagePart, OSCISignature oSCISignature) throws NoSuchAlgorithmException, IOException, OSCIException {
        return Arrays.equals(OSCIUtil.getDigestValue(messagePart, oSCISignature), MessagePartsFactory.getDigestValue(this.id2MessagePartsMap.get(messagePart.getRefID()), OSCIUtil.getDigestMethodAlgorithm(messagePart, oSCISignature)));
    }
}
