package de.gzim.papp.impl;

import de.gzim.papp.api.exception.PappException;
import de.gzim.papp.api.exception.PappExceptionType;
import de.gzim.papp.api.model.Coupling;
import de.gzim.papp.api.model.CouplingState;
import de.gzim.papp.api.model.NounceId;
import de.gzim.papp.api.model.PappAccount;
import de.gzim.papp.api.stores.CouplingStore;
import de.gzim.papp.api.stores.NonceStore;
import de.gzim.papp.api.stores.TmpFileFactory;
import de.gzim.papp.server.model.hateoas.PappLabelResourceContainer;
import de.gzim.papp.server.model.hateoas.PappMessagesResourceContainer;
import de.gzim.papp.server.util.PappUtil;
import de.papp.model.content.ContentXmlConverter;
import de.papp.model.content.MessageAcknowledgement;
import de.papp.model.messages.PappLabelDTO;
import de.papp.model.messages.PappMessageDTO;
import de.papp.model.messages.PappMessageHeader;
import de.papp.model.messages.attachment.AttachmentDTO;
import de.papp.model.messages.attachment.AttachmentHeader;
import de.papp.model.messages.attachment.KnownAttachmentMetadata;
import de.papp.model.messages.metadata.KnownMetadata;
import de.papp.model.util.PappMessageEncryptionTool;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileOutputStream;
import java.io.InputStream;
import java.net.URLEncoder;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.List;
import java.util.Optional;
import java.util.Set;
import java.util.UUID;
import org.apache.commons.io.IOUtils;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import org.joda.time.DateTime;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:de/gzim/papp/impl/PappServerMessagesAdapter.class */
public class PappServerMessagesAdapter {

    @NotNull
    private final PappServerBaseAdapter pappServerBaseAdapter;

    @NotNull
    private final PappServerUserAdapter userAdapter;

    @NotNull
    private final CouplingStore couplingStore;

    @NotNull
    private final TmpFileFactory tmpFileFactory;

    @NotNull
    private final NonceStore nonceStore;

    @NotNull
    private final Logger log = LoggerFactory.getLogger(getClass());
    private final ContentXmlConverter contentXmlConverter = new ContentXmlConverter();

    @NotNull
    private final Set<UUID> checkedUsers = new HashSet();

    public PappServerMessagesAdapter(@NotNull PappServerUserAdapter pappServerUserAdapter, @NotNull PappServerBaseAdapter pappServerBaseAdapter, @NotNull CouplingStore couplingStore, @NotNull NonceStore nonceStore, @NotNull TmpFileFactory tmpFileFactory) {
        this.pappServerBaseAdapter = pappServerBaseAdapter;
        this.userAdapter = pappServerUserAdapter;
        this.couplingStore = couplingStore;
        this.tmpFileFactory = tmpFileFactory;
        this.nonceStore = nonceStore;
    }

    @NotNull
    public Optional<AttachmentDTO> uploadAttachment(@NotNull PappAccount pappAccount, @NotNull UUID uuid, @NotNull String str, @NotNull InputStream inputStream) {
        X509Certificate queryPublicCertificate = queryPublicCertificate(pappAccount, uuid);
        validatePublicCertificate(pappAccount, uuid);
        X509Certificate x509Certificate = (X509Certificate) pappAccount.getPrivateKey().getCertificate();
        try {
            KeyStore.PrivateKeyEntry privateKey = pappAccount.getPrivateKey();
            KeyPair keyPair = new KeyPair(privateKey.getCertificate().getPublicKey(), privateKey.getPrivateKey());
            File createTmpFile = this.tmpFileFactory.createTmpFile();
            FileOutputStream fileOutputStream = new FileOutputStream(createTmpFile);
            Throwable th = null;
            try {
                try {
                    IOUtils.copy(inputStream, fileOutputStream);
                    if (fileOutputStream != null) {
                        if (0 != 0) {
                            try {
                                fileOutputStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            fileOutputStream.close();
                        }
                    }
                    byte[] signAndEncryptFile = PappMessageEncryptionTool.signAndEncryptFile(createTmpFile, queryPublicCertificate.getPublicKey(), keyPair, x509Certificate);
                    if (!createTmpFile.delete()) {
                        createTmpFile.deleteOnExit();
                    }
                    return this.pappServerBaseAdapter.streamingRequest(String.format("/attachments/upload?&header=%s", URLEncoder.encode(PappMessageEncryptionTool.encryptAttachmentHeaderToBase64(AttachmentHeader.builder().addMetadata(KnownAttachmentMetadata.FILE_NAME, str).build(), queryPublicCertificate.getPublicKey(), keyPair, x509Certificate), "UTF-8").replace("+", "%20")), "POST", pappAccount.getCredentials(), new ByteArrayInputStream(signAndEncryptFile), AttachmentDTO.class);
                } finally {
                }
            } finally {
            }
        } catch (Throwable th3) {
            throw PappUtil.convertToPappException(th3);
        }
    }

    public byte[] downloadAttachmentToByteArray(@NotNull PappAccount pappAccount, @NotNull UUID uuid, @NotNull UUID uuid2) {
        KeyPair keyPair = new KeyPair(queryPublicCertificate(pappAccount, uuid).getPublicKey(), pappAccount.getPrivateKey().getPrivateKey());
        AttachmentDTO attachmentDTO = (AttachmentDTO) this.pappServerBaseAdapter.request(String.format("/attachments/%s", uuid2), "GET", pappAccount.getCredentials(), null, AttachmentDTO.class).orElse(null);
        if (attachmentDTO == null) {
            throw new PappException(PappExceptionType.ATTACHMENT_NOT_FOUND, "Attachment with id " + uuid2 + " not found.");
        }
        try {
            PappMessageEncryptionTool.decryptAttachmentHeader(attachmentDTO.getHeader(), keyPair);
            InputStream inputStream = (InputStream) this.pappServerBaseAdapter.request(String.format("/attachments/download?id=%s", uuid2), "GET", pappAccount.getCredentials(), null, InputStream.class).orElse(null);
            if (inputStream == null) {
                throw new PappException(PappExceptionType.ATTACHMENT_NOT_FOUND, "Attachment-Content with id " + uuid2 + " not found.");
            }
            try {
                byte[] byteArray = IOUtils.toByteArray(inputStream);
                ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                PappMessageEncryptionTool.decryptFile(byteArrayOutputStream, keyPair, byteArray);
                return byteArrayOutputStream.toByteArray();
            } catch (Exception e) {
                throw new PappException(PappExceptionType.DecryptionFailed, e);
            }
        } catch (Throwable th) {
            throw PappUtil.convertToPappException(th);
        }
    }

    public void addLabel(@NotNull PappAccount pappAccount, @NotNull UUID uuid, @NotNull String str) {
        this.pappServerBaseAdapter.request(String.format("/labels/addLabel?messageId=%s&label=%s", uuid, str), "POST", pappAccount.getCredentials(), null, null);
    }

    public void removeLabel(@NotNull PappAccount pappAccount, @NotNull UUID uuid, @NotNull String str) {
        this.pappServerBaseAdapter.request(String.format("/labels/removeLabel?messageId=%s&label=%s", uuid, str), "POST", pappAccount.getCredentials(), null, null);
    }

    public void sendMessage(@NotNull PappAccount pappAccount, @NotNull PappMessageDTO pappMessageDTO) {
        sendMessage(pappAccount, pappMessageDTO, true);
    }

    private void sendMessageWithoutCertValidation(@NotNull PappAccount pappAccount, @NotNull PappMessageDTO pappMessageDTO) {
        sendMessage(pappAccount, pappMessageDTO, false);
    }

    private void sendMessage(@NotNull PappAccount pappAccount, @NotNull PappMessageDTO pappMessageDTO, boolean z) {
        X509Certificate queryPublicCertificate = queryPublicCertificate(pappAccount, pappMessageDTO.getReceiverIdentifier());
        if (z) {
            validatePublicCertificate(pappAccount, pappMessageDTO.getReceiverIdentifier());
        }
        X509Certificate x509Certificate = (X509Certificate) pappAccount.getPrivateKey().getCertificate();
        try {
            this.pappServerBaseAdapter.request("/messages/createMessage", "POST", pappAccount.getCredentials(), PappMessageEncryptionTool.encryptMessage(pappMessageDTO, queryPublicCertificate.getPublicKey(), x509Certificate, new KeyPair(x509Certificate.getPublicKey(), pappAccount.getPrivateKey().getPrivateKey())), null);
        } catch (Throwable th) {
            throw PappUtil.convertToPappException(th);
        }
    }

    public void deleteMessage(@NotNull PappAccount pappAccount, @NotNull PappMessageDTO pappMessageDTO) {
        this.pappServerBaseAdapter.request(String.format("/messages/%s", pappMessageDTO.getIdentifier()), "DELETE", pappAccount.getCredentials(), null, null);
    }

    @NotNull
    public Optional<PappMessageDTO> getMessage(@NotNull PappAccount pappAccount, @NotNull UUID uuid) {
        return this.pappServerBaseAdapter.request(String.format("/messages/%s", uuid), "GET", pappAccount.getCredentials(), null, PappMessageDTO.class).map(pappMessageDTO -> {
            return decryptMessage(pappAccount, pappMessageDTO);
        });
    }

    @NotNull
    public Collection<PappMessageDTO> waitForNewIncomingMessages(@NotNull PappAccount pappAccount) {
        this.log.debug("waitIncomingMessages start .. ");
        PappMessagesResourceContainer pappMessagesResourceContainer = (PappMessagesResourceContainer) this.pappServerBaseAdapter.getRequest("/messages/waitIncomingMessages", pappAccount.getCredentials(), PappMessagesResourceContainer.class).orElse(null);
        this.log.debug("waitIncomingMessages end.");
        return pappMessagesResourceContainer == null ? Collections.emptyList() : processMessages(pappAccount, (Collection) pappMessagesResourceContainer.getEmbedded().map((v0) -> {
            return v0.getContent();
        }).orElse(Collections.emptyList()));
    }

    @NotNull
    public Collection<PappMessageDTO> findNewIncomingMessages(@NotNull PappAccount pappAccount) {
        this.log.debug("findIncomingMessages start .. ");
        PappMessagesResourceContainer pappMessagesResourceContainer = (PappMessagesResourceContainer) this.pappServerBaseAdapter.getRequest("/messages/findIncomingMessages", pappAccount.getCredentials(), PappMessagesResourceContainer.class).orElse(null);
        this.log.debug("findIncomingMessages end.");
        return pappMessagesResourceContainer == null ? Collections.emptyList() : processMessages(pappAccount, (Collection) pappMessagesResourceContainer.getEmbedded().map((v0) -> {
            return v0.getContent();
        }).orElse(Collections.emptyList()));
    }

    @NotNull
    public Collection<PappMessageDTO> findNewIncomingMessagesWithLabel(@NotNull PappAccount pappAccount, @NotNull String str) {
        this.log.debug("findNewIncomingMessagesWithLabel start .. ");
        PappMessagesResourceContainer pappMessagesResourceContainer = (PappMessagesResourceContainer) this.pappServerBaseAdapter.getRequest(String.format("/messages/findIncomingMessagesByLabel?label=%s", str), pappAccount.getCredentials(), PappMessagesResourceContainer.class).orElse(null);
        this.log.debug("findNewIncomingMessagesWithLabel end.");
        return pappMessagesResourceContainer == null ? Collections.emptyList() : processMessages(pappAccount, (Collection) pappMessagesResourceContainer.getEmbedded().map((v0) -> {
            return v0.getContent();
        }).orElse(Collections.emptyList()));
    }

    @NotNull
    public Collection<PappMessageDTO> waitForNewIncomingMessagesWithLabel(@NotNull PappAccount pappAccount, @NotNull String str) {
        this.log.debug("waitForNewIncomingMessagesWithLabel start .. ");
        PappMessagesResourceContainer pappMessagesResourceContainer = (PappMessagesResourceContainer) this.pappServerBaseAdapter.getRequest(String.format("/messages/waitIncomingMessagesByLabel?label=%s", str), pappAccount.getCredentials(), PappMessagesResourceContainer.class).orElse(null);
        this.log.debug("waitForNewIncomingMessagesWithLabel end.");
        return pappMessagesResourceContainer == null ? Collections.emptyList() : processMessages(pappAccount, (Collection) pappMessagesResourceContainer.getEmbedded().map((v0) -> {
            return v0.getContent();
        }).orElse(Collections.emptyList()));
    }

    @NotNull
    public Collection<PappLabelDTO> findLabelsByMessageIdentifier(@NotNull PappAccount pappAccount, @NotNull UUID uuid) {
        this.log.debug("findLabelsByMessageIdentifier start .. ");
        PappLabelResourceContainer pappLabelResourceContainer = (PappLabelResourceContainer) this.pappServerBaseAdapter.getRequest(String.format("/labels/search/findByMessageIdentifier?messageIdentifier=%s", uuid), pappAccount.getCredentials(), PappLabelResourceContainer.class).orElse(null);
        this.log.debug("findLabelsByMessageIdentifier end.");
        return pappLabelResourceContainer == null ? Collections.emptyList() : (Collection) pappLabelResourceContainer.getEmbedded().map((v0) -> {
            return v0.getContent();
        }).orElse(Collections.emptyList());
    }

    @NotNull
    private List<PappMessageDTO> processMessages(@NotNull PappAccount pappAccount, @NotNull Collection<PappMessageDTO> collection) {
        ArrayList arrayList = new ArrayList();
        for (PappMessageDTO pappMessageDTO : collection) {
            try {
                PappMessageDTO decryptMessage = decryptMessage(pappAccount, pappMessageDTO);
                checkNonce(decryptMessage);
                arrayList.add(decryptMessage);
                try {
                    sendAck(pappAccount, decryptMessage);
                } catch (Throwable th) {
                    this.log.error(th.toString(), th);
                }
            } catch (Throwable th2) {
                this.log.error(th2.toString(), th2);
                deleteMessage(pappAccount, pappMessageDTO);
            }
        }
        return arrayList;
    }

    private void checkNonce(@NotNull PappMessageDTO pappMessageDTO) {
        PappMessageHeader messageHeader = pappMessageDTO.getMessageHeader();
        NounceId nounceId = (NounceId) messageHeader.getNounce().map(str -> {
            return new NounceId(messageHeader.getSenderId(), str);
        }).orElse(null);
        if (nounceId != null) {
            if (this.nonceStore.isStored(nounceId)) {
                throw new PappException(PappExceptionType.NONCE_FAILED, "nounce already existing");
            }
            this.nonceStore.store(nounceId);
        }
    }

    @NotNull
    private PappMessageDTO decryptMessage(@NotNull PappAccount pappAccount, @NotNull PappMessageDTO pappMessageDTO) {
        try {
            KeyStore.PrivateKeyEntry privateKey = pappAccount.getPrivateKey();
            PappMessageDTO decryptMessage = PappMessageEncryptionTool.decryptMessage(pappMessageDTO, privateKey.getPrivateKey());
            UUID senderId = decryptMessage.getMessageHeader().getSenderId();
            Coupling orElse = this.couplingStore.find(pappAccount.getIdentifier(), senderId).orElse(null);
            X509Certificate certificate = orElse != null ? orElse.getCertificate() : this.userAdapter.getRemotePappUsersOnlinePublicCert(pappAccount.getCredentials(), senderId);
            if (PappMessageEncryptionTool.verifyMessage(pappMessageDTO, privateKey.getPrivateKey(), certificate.getPublicKey())) {
                return decryptMessage;
            }
            if (orElse != null && Arrays.equals(this.userAdapter.getRemotePappUsersOnlinePublicCert(pappAccount.getCredentials(), senderId).getEncoded(), certificate.getEncoded())) {
                this.couplingStore.invalidate(orElse);
            }
            throw new PappException(PappExceptionType.EncryptionFailed, "Die Nachricht konnte nicht verifiziert werden!");
        } catch (Throwable th) {
            throw PappUtil.convertToPappException(th);
        }
    }

    private void sendAck(@NotNull PappAccount pappAccount, @NotNull PappMessageDTO pappMessageDTO) {
        sendAck(pappAccount, pappMessageDTO, 200, null);
    }

    private void sendAck(@NotNull PappAccount pappAccount, @NotNull PappMessageDTO pappMessageDTO, int i, @Nullable String str) {
        if (((Boolean) pappMessageDTO.getMessageHeader().getMetadata(KnownMetadata.TYPE).map(cls -> {
            return Boolean.valueOf(cls.equals(MessageAcknowledgement.class));
        }).orElse(true)).booleanValue()) {
            return;
        }
        UUID senderId = pappMessageDTO.getMessageHeader().getSenderId();
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        this.contentXmlConverter.write(byteArrayOutputStream, new MessageAcknowledgement(pappMessageDTO.getIdentifier(), i, str));
        sendMessageWithoutCertValidation(pappAccount, PappMessageDTO.builder().receive(senderId).expirationDateTime(DateTime.now().plusDays(7)).body(byteArrayOutputStream.toByteArray()).header(PappMessageHeader.builder().sender(pappMessageDTO.getReceiverIdentifier()).nounce(UUID.randomUUID().toString()).addMetadata(KnownMetadata.TYPE, MessageAcknowledgement.class).build()).attachments(Collections.emptyList()).build());
    }

    @NotNull
    private X509Certificate queryPublicCertificate(@NotNull PappAccount pappAccount, @NotNull UUID uuid) {
        return (X509Certificate) this.couplingStore.find(pappAccount.getIdentifier(), uuid).map((v0) -> {
            return v0.getCertificate();
        }).orElseGet(() -> {
            return this.userAdapter.getRemotePappUsersOnlinePublicCert(pappAccount.getCredentials(), uuid);
        });
    }

    private void validatePublicCertificate(@NotNull PappAccount pappAccount, @NotNull UUID uuid) {
        try {
            try {
                if (Arrays.equals(this.userAdapter.getRemotePappUsersOnlinePublicCert(pappAccount.getCredentials(), uuid).getEncoded(), ((X509Certificate) this.couplingStore.find(pappAccount.getIdentifier(), uuid).map((v0) -> {
                    return v0.getCertificate();
                }).orElseThrow(() -> {
                    return new PappException(PappExceptionType.NoPublicKey, "office without certificate");
                })).getEncoded())) {
                    this.checkedUsers.add(uuid);
                } else {
                    this.couplingStore.find(pappAccount.getIdentifier(), uuid).ifPresent(coupling -> {
                        coupling.setState(CouplingState.WRONG_CERT);
                        this.couplingStore.store(coupling);
                    });
                    throw new PappException(PappExceptionType.PAPP_CERTIFICATE_HAS_CHANGED, "users certificate has changed.");
                }
            } catch (Throwable th) {
                this.log.warn("User has no certificate {}", uuid);
            }
        } catch (Throwable th2) {
            throw PappUtil.convertToPappException(th2);
        }
    }
}
