package de.osci.osci12.messagetypes;

import de.osci.helper.Base64InputStream;
import de.osci.helper.Canonizer;
import de.osci.helper.MIMEParser;
import de.osci.helper.MIMEPartInputStream;
import de.osci.helper.ParserHelper;
import de.osci.helper.StoreInputStream;
import de.osci.helper.SymCipherInputStream;
import de.osci.osci12.OSCIException;
import de.osci.osci12.common.Constants;
import de.osci.osci12.common.DialogHandler;
import de.osci.osci12.common.OSCIErrorException;
import de.osci.osci12.common.OSCIExceptionCodes;
import de.osci.osci12.common.SoapClientException;
import de.osci.osci12.common.SoapServerException;
import de.osci.osci12.encryption.Crypto;
import de.osci.osci12.encryption.EncryptedData;
import de.osci.osci12.encryption.OSCICipherException;
import de.osci.osci12.messageparts.Attachment;
import de.osci.osci12.messageparts.MessagePartsFactory;
import de.osci.osci12.messageparts.OSCISignature;
import de.osci.osci12.roles.OSCIRoleException;
import de.osci.osci12.roles.Role;
import de.osci.osci12.soapheader.FeatureDescriptionH;
import java.io.ByteArrayOutputStream;
import java.io.FilterInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.Signature;
import java.security.cert.X509Certificate;
import java.util.HashSet;
import java.util.Hashtable;
import javax.xml.parsers.FactoryConfigurationError;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.parsers.SAXParserFactory;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.xml.sax.InputSource;
import org.xml.sax.SAXException;
import org.xml.sax.SAXParseException;
import org.xml.sax.XMLReader;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:de/osci/osci12/messagetypes/IncomingMSGParser.class */
public abstract class IncomingMSGParser {
    private static Log log = LogFactory.getLog(IncomingMSGParser.class);
    protected static Role[] defaultSupplier;
    protected int searchPointer;

    abstract OSCIEnvelopeBuilder getParser(XMLReader xMLReader, DialogHandler dialogHandler);

    OSCIMessage parse(InputStream inputStream, DialogHandler dialogHandler, StoreInputStream storeInputStream) throws IOException, OSCIException, NoSuchAlgorithmException {
        OSCIEnvelopeBuilder oSCIEnvelopeBuilder = null;
        try {
            try {
                try {
                    SAXParserFactory newInstance = SAXParserFactory.newInstance();
                    newInstance.setNamespaceAware(true);
                    newInstance.setValidating(false);
                    XMLReader xMLReader = newInstance.newSAXParser().getXMLReader();
                    ParserHelper.setFeatures(xMLReader);
                    oSCIEnvelopeBuilder = getParser(xMLReader, dialogHandler);
                    xMLReader.setContentHandler(oSCIEnvelopeBuilder);
                    xMLReader.setErrorHandler(oSCIEnvelopeBuilder);
                    oSCIEnvelopeBuilder.hashNCanStream = new Canonizer(inputStream, storeInputStream);
                    if (log.isDebugEnabled()) {
                        log.debug("Aktivierung des SAXParsers. ");
                    }
                    xMLReader.parse(new InputSource(oSCIEnvelopeBuilder.hashNCanStream));
                    if (oSCIEnvelopeBuilder.hashNCanStream.getCanException() != null) {
                        throw new IOException();
                    }
                    if (null != oSCIEnvelopeBuilder) {
                        do {
                        } while (oSCIEnvelopeBuilder.hashNCanStream.read(new byte[64]) > -1);
                    }
                    return oSCIEnvelopeBuilder.childBuilder.msg;
                } catch (SAXException e) {
                    if (e.getException() != null && (e.getException() instanceof IllegalStateException)) {
                        throw ((IllegalStateException) e.getException());
                    }
                    if (e.getException() != null && (e.getException() instanceof OSCIException)) {
                        throw ((OSCIException) e.getException());
                    }
                    log.error("", e);
                    if (e instanceof SAXParseException) {
                        log.error("\nSPALTE: " + ((SAXParseException) e).getColumnNumber() + "\nZEILE: " + ((SAXParseException) e).getLineNumber(), e);
                    }
                    throw new SoapClientException(OSCIExceptionCodes.OSCIErrorCodes.OSCIMsgStructureNotValid);
                }
            } catch (IOException e2) {
                Exception canException = oSCIEnvelopeBuilder.hashNCanStream.getCanException();
                if (canException == null) {
                    throw e2;
                }
                if (!(canException instanceof SAXException)) {
                    throw ((IOException) canException);
                }
                if (((SAXException) canException).getException() == null || !(((SAXException) canException).getException() instanceof OSCIException)) {
                    throw new SoapClientException(OSCIExceptionCodes.OSCIErrorCodes.OSCIMsgStructureNotValid);
                }
                throw ((OSCIException) ((SAXException) canException).getException());
            } catch (FactoryConfigurationError | ParserConfigurationException e3) {
                throw new IllegalStateException(e3);
            }
        } catch (Throwable th) {
            if (null != oSCIEnvelopeBuilder) {
                do {
                } while (oSCIEnvelopeBuilder.hashNCanStream.read(new byte[64]) > -1);
            }
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public OSCIMessage parseStream(InputStream inputStream, DialogHandler dialogHandler, boolean z, OutputStream outputStream) throws IOException, OSCIException, NoSuchAlgorithmException {
        return parseStream(inputStream, dialogHandler, z, false, outputStream);
    }

    OSCIMessage parseStream(InputStream inputStream, DialogHandler dialogHandler, boolean z, boolean z2, OutputStream outputStream) throws IOException, OSCIException, NoSuchAlgorithmException {
        MIMEParser mIMEParser;
        if (log.isDebugEnabled()) {
            log.debug("Starte Parser: " + inputStream.available());
        }
        StoreInputStream storeInputStream = null;
        if (outputStream != null) {
            storeInputStream = new StoreInputStream(inputStream, outputStream);
            mIMEParser = new MIMEParser(storeInputStream);
        } else {
            mIMEParser = new MIMEParser(inputStream);
        }
        OSCIMessage parse = parse(mIMEParser.getNextStream(), dialogHandler, storeInputStream);
        parse.boundary_string = mIMEParser.boundary;
        if (log.isDebugEnabled()) {
            log.debug("Fertig mit Parsen des Transport Objektes. Msgtype: " + parse.getClass().toString());
        }
        if (parse.getMessageType() != 256) {
            if (!z && parse.dialogHandler.isEncryption() && !z2 && parse.getMessageType() != 176) {
                throw new OSCICipherException(DialogHandler.text.getString("unencrypted_msg"));
            }
            parse.dialogHandler.setEncryption(false);
            if (log.isDebugEnabled()) {
                log.debug("Es handelte sich um eine nicht Verschlüsselte Nachricht");
            }
            if (log.isDebugEnabled()) {
                log.debug("Nächster Schritt: Verarbeitung der Attachments");
            }
            readAttachment(parse, mIMEParser);
            if (log.isDebugEnabled()) {
                log.debug("Die Signaturen werden überprüft.");
            }
            if (!parse.dialogHandler.isCheckSignatures() || parse.signatureHeader == null) {
                if (log.isDebugEnabled()) {
                    log.debug("Unsignierte-Nachricht");
                }
            } else if (!checkMsgHashes(parse)) {
                log.error("Die Signaturen der XML-OSCI-Daten sind fehlerhaft.");
                throw new OSCIErrorException(OSCIExceptionCodes.OSCIErrorCodes.SignatureInvalid, parse);
            }
            if (log.isDebugEnabled()) {
                log.debug("Alles ist Fertig " + parse.getMessageType());
            }
            return parse;
        }
        try {
            try {
                try {
                    try {
                        EncryptedData encryptedData = ((SOAPMessageEncrypted) parse).encData;
                        MIMEPartInputStream nextStream = mIMEParser.getNextStream();
                        if (log.isDebugEnabled()) {
                            log.debug("Mime ID:  " + nextStream.getContentID() + " Encrypted ID: " + encryptedData.getCipherData().getCipherReference().getURI());
                        }
                        String str = "cid:" + nextStream.getContentID();
                        if (!str.equals(encryptedData.getCipherData().getCipherReference().getURI())) {
                            throw new IllegalArgumentException(DialogHandler.text.getString("msg_format_error") + str);
                        }
                        Role role = null;
                        if (dialogHandler == null) {
                            role = null;
                            int i = 0;
                            while (true) {
                                if (i >= defaultSupplier.length) {
                                    break;
                                }
                                if (defaultSupplier[i].getCipherCertificate().equals(encryptedData.getKeyInfo().getEncryptedKeys()[0].getKeyInfo().getX509Data().getX509Certificate())) {
                                    role = defaultSupplier[i];
                                    break;
                                }
                                i++;
                            }
                            if (role == null) {
                                throw new SoapClientException(OSCIExceptionCodes.OSCIErrorCodes.NoEncKeyPresentOnMessgeLevel);
                            }
                        } else {
                            try {
                                if ((z ? dialogHandler.getSupplier().getCipherCertificate() : dialogHandler.getClient().getCipherCertificate()).equals(encryptedData.getKeyInfo().getEncryptedKeys()[0].getKeyInfo().getX509Data().getX509Certificate())) {
                                    role = z ? dialogHandler.getSupplier() : dialogHandler.getClient();
                                }
                            } catch (OSCIRoleException e) {
                            }
                        }
                        if (role == null) {
                            throw new OSCIRoleException("no_private_key");
                        }
                        if (!encryptedData.getKeyInfo().getEncryptedKeys()[0].getEncryptionMethodAlgorithm().equals(Constants.ASYMMETRIC_CIPHER_ALGORITHM_RSA_1_5) && !encryptedData.getKeyInfo().getEncryptedKeys()[0].getEncryptionMethodAlgorithm().equals("http://www.w3.org/2009/xmlenc11#rsa-oaep")) {
                            throw new NoSuchAlgorithmException(DialogHandler.text.getString("encryption_algorithm_not_supported") + encryptedData.getKeyInfo().getEncryptedKeys()[0].getEncryptionMethodAlgorithm());
                        }
                        if (!Constants.JCA_JCE_MAP.containsKey(encryptedData.getEncryptionMethodAlgorithm())) {
                            throw new NoSuchAlgorithmException(DialogHandler.text.getString("encryption_algorithm_not_supported") + encryptedData.getEncryptionMethodAlgorithm());
                        }
                        InputStream cipherValueStream = encryptedData.getKeyInfo().getEncryptedKeys()[0].getCipherData().getCipherValue().getCipherValueStream();
                        cipherValueStream.reset();
                        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                        byte[] bArr = new byte[OSCIMessage.SOAP_MESSAGE_ENCRYPTED];
                        while (true) {
                            int read = cipherValueStream.read(bArr);
                            if (read <= -1) {
                                break;
                            }
                            byteArrayOutputStream.write(bArr, 0, read);
                        }
                        cipherValueStream.close();
                        byte[] decrypt = encryptedData.getKeyInfo().getEncryptedKeys()[0].getEncryptionMethodAlgorithm().equals("http://www.w3.org/2009/xmlenc11#rsa-oaep") ? role.getDecrypter().decrypt(byteArrayOutputStream.toByteArray(), encryptedData.getKeyInfo().getEncryptedKeys()[0].mgfAlgorithm, encryptedData.getKeyInfo().getEncryptedKeys()[0].digestAlgorithm) : role.getDecrypter().decrypt(byteArrayOutputStream.toByteArray());
                        boolean z3 = nextStream.getEncoding().equalsIgnoreCase("base64") || nextStream.getContentType().equalsIgnoreCase("text/base64");
                        FilterInputStream base64InputStream = z3 ? new Base64InputStream(nextStream) : nextStream;
                        String encryptionMethodAlgorithm = encryptedData.getEncryptionMethodAlgorithm();
                        if (!encryptedData.isIvLengthParsed()) {
                            encryptedData.setIvLength(16);
                        }
                        SymCipherInputStream symCipherInputStream = new SymCipherInputStream(base64InputStream, Crypto.createSymKey(decrypt, encryptionMethodAlgorithm), encryptionMethodAlgorithm, encryptedData.getIvLength(), false);
                        if (log.isDebugEnabled()) {
                            log.debug("#################### Encrypted OSCI-Msg wurde komplett verarbeitet, nun wird der Transportumschlag geöffnet und die eigentliche OSCI-Nachricht betrachtet ####################");
                        }
                        OSCIMessage parseStream = parseStream(symCipherInputStream, dialogHandler, z, true, outputStream);
                        parseStream.setBase64Encoding(z3);
                        parseStream.dialogHandler.setEncryption(true);
                        FeatureDescriptionH featureDescription = parseStream.getFeatureDescription();
                        if (encryptionMethodAlgorithm.endsWith("-cbc") && featureDescription != null && featureDescription.getSupportedFeatures() != null && featureDescription.getSupportedFeatures().contains(Constants.OSCIFeatures.GCMPaddingModus) && ParserHelper.isSwitchToGCM()) {
                            if (log.isDebugEnabled()) {
                                log.debug("GCM wird in aktueller OSCI-Kommunikation unterstützt, benutze GCM für symmetrische Transportverschlüsselung");
                            }
                            parseStream.dialogHandler.setSymmetricCipherAlgorithm("http://www.w3.org/2009/xmlenc11#aes256-gcm");
                        } else {
                            parseStream.dialogHandler.setSymmetricCipherAlgorithm(encryptionMethodAlgorithm);
                        }
                        parseStream.dialogHandler.setAsymmetricCipherAlgorithm(encryptedData.getKeyInfo().getEncryptedKeys()[0].getEncryptionMethodAlgorithm());
                        mIMEParser.getNextStream();
                        return parseStream;
                    } catch (SoapClientException e2) {
                        throw e2;
                    }
                } catch (Exception e3) {
                    log.error("SOAP", e3);
                    throw new SoapClientException(OSCIExceptionCodes.OSCIErrorCodes.CouldNotDecryptRequestData);
                }
            } catch (IllegalStateException e4) {
                throw e4;
            }
        } catch (SoapServerException e5) {
            throw e5;
        } catch (OSCIException e6) {
            log.error("SOAP", e6);
            throw e6;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean checkMsgHashes(OSCIMessage oSCIMessage) throws OSCIErrorException {
        try {
            OSCISignature oSCISignature = oSCIMessage.signatureHeader;
            if (oSCISignature.getDigestMethods().containsValue(Constants.DIGEST_ALGORITHM_SHA1)) {
                log.info("SHA-1 used as digest algorithm for message signature.");
            }
            if (oSCISignature.signatureAlgorithm.equals(Constants.SIGNATURE_ALGORITHM_RSA_SHA1)) {
                log.info("SHA-1 with RSA used as signature algorithm for message signature.");
            }
            for (String str : oSCIMessage.parsedMsgPartsIds.keySet()) {
                if (!oSCIMessage.hashableMsgPart.containsKey(str)) {
                    log.error("MessagePart with id:  " + str + " not hashed");
                    throw new OSCIErrorException(OSCIExceptionCodes.OSCIErrorCodes.NotAllRelevantPartsSigned, oSCIMessage);
                }
            }
            Hashtable<String, byte[]> digests = oSCISignature.getDigests();
            if (digests.size() != oSCIMessage.hashableMsgPart.size()) {
                log.error("The number of references and hashed parts are not equil");
                return false;
            }
            for (String str2 : digests.keySet()) {
                if (oSCIMessage.hashableMsgPart.get(str2) == null) {
                    log.error("Element zur Signatur-Referenz '" + str2 + "' nicht in Nachricht gefunden.");
                    return false;
                }
                if (!MessageDigest.isEqual(oSCIMessage.hashableMsgPart.get(str2), digests.get(str2))) {
                    log.error("Hashwerte der Signatur-Referenz '" + str2 + "' stimmen nicht überein.");
                    return false;
                }
                oSCIMessage.hashableMsgPart.remove(str2);
            }
            if (oSCIMessage.hashableMsgPart.size() > 0) {
                log.error("Nachricht enthält " + oSCIMessage.hashableMsgPart.size() + "unsignierte Elemente.");
                throw new OSCIErrorException(OSCIExceptionCodes.OSCIErrorCodes.NotAllRelevantPartsSigned, oSCIMessage);
            }
            Signature signature = DialogHandler.getSecurityProvider() == null ? Signature.getInstance(Constants.JCA_JCE_MAP.get(oSCISignature.signatureAlgorithm)) : Signature.getInstance(Constants.JCA_JCE_MAP.get(oSCISignature.signatureAlgorithm), DialogHandler.getSecurityProvider());
            X509Certificate signatureCertificate = oSCIMessage instanceof OSCIRequest ? oSCIMessage.dialogHandler.getClient().getSignatureCertificate() : oSCIMessage.dialogHandler.getSupplier().getSignatureCertificate();
            oSCIMessage.signerCert = signatureCertificate;
            if (signatureCertificate.getKeyUsage() != null && !signatureCertificate.getKeyUsage()[0] && !signatureCertificate.getKeyUsage()[1]) {
                log.error("Signature certificate has wrong key usage.");
                return false;
            }
            signature.initVerify(signatureCertificate.getPublicKey());
            signature.update(oSCISignature.getSignedInfoBytes());
            if (log.isDebugEnabled()) {
                log.debug("vor check signature" + new String(oSCISignature.getSignedInfoBytes()));
            }
            if (!signature.verify(oSCISignature.signatureValue)) {
                return false;
            }
            if (!log.isDebugEnabled()) {
                return true;
            }
            log.debug("Nach check Signature");
            return true;
        } catch (OSCIErrorException e) {
            log.error("Es ist ein Fehler beim überprüfen der Hashwerte aufgetreten.", e);
            throw e;
        } catch (Exception e2) {
            log.error("Es ist ein Fehler beim überprüfen der Hashwerte aufgetreten.", e2);
            return false;
        }
    }

    private void readAttachment(OSCIMessage oSCIMessage, MIMEParser mIMEParser) throws IOException, NoSuchAlgorithmException {
        Attachment[] attachments = oSCIMessage.getAttachments();
        HashSet hashSet = new HashSet();
        while (true) {
            MIMEPartInputStream nextStream = mIMEParser.getNextStream();
            if (nextStream == null) {
                return;
            }
            Attachment attachment = null;
            String contentID = nextStream.getContentID();
            if (hashSet.contains(contentID)) {
                throw new IllegalArgumentException(DialogHandler.text.getString("unexpected_entry") + ": " + contentID);
            }
            hashSet.add(contentID);
            boolean z = nextStream.getEncoding().equalsIgnoreCase("base64") || nextStream.getContentType().equalsIgnoreCase("text/base64");
            if (log.isDebugEnabled()) {
                log.debug("Attachment RefId: " + contentID);
            }
            int i = 0;
            while (true) {
                if (i >= attachments.length) {
                    break;
                }
                if (attachments[i].getRefID().equals(contentID)) {
                    if (log.isDebugEnabled()) {
                        log.debug("Vorbereitetes Attachment gefunden. Der Stream wird nun hinzugefügt.");
                    }
                    attachment = attachments[i];
                    attachment.setBase64Encoding(z);
                    attachment.setBoundary(mIMEParser.boundary);
                    MessagePartsFactory.attachmentSetState(attachment, 1, false);
                } else {
                    i++;
                }
            }
            String str = null;
            if (oSCIMessage.isSigned()) {
                str = oSCIMessage.signatureHeader.getDigestMethods().get("cid:" + contentID);
            }
            if (attachment == null) {
                if (log.isDebugEnabled()) {
                    log.debug("Verschlüsseltes Attachment gefunden.");
                }
                attachment = z ? MessagePartsFactory.attachment(new Base64InputStream(nextStream), contentID, nextStream.getLength(), str) : MessagePartsFactory.attachment(nextStream, contentID, nextStream.getLength(), str);
                attachment.setBase64Encoding(z);
                attachment.setBoundary(mIMEParser.boundary);
                oSCIMessage.addAttachment(attachment);
                MessagePartsFactory.attachmentSetState(attachment, 2, true);
            } else {
                if (log.isDebugEnabled()) {
                    log.debug("Unverschlüsseltes Attachment gefunden.");
                }
                if (z) {
                    MessagePartsFactory.attachmentSetStream(attachment, new Base64InputStream(nextStream), false, nextStream.getLength(), str);
                } else {
                    MessagePartsFactory.attachmentSetStream(attachment, nextStream, false, nextStream.getLength(), str);
                }
            }
            if (log.isDebugEnabled()) {
                log.debug("Es wurde ein Attachment hinzugefügt!RefID: " + attachment.getRefID());
            }
            attachment.setContentType(nextStream.getContentType());
            attachment.setMimeHeaders(nextStream.mime_headers);
            if (oSCIMessage.isSigned()) {
                oSCIMessage.hashableMsgPart.put("cid:" + attachment.getRefID(), attachment.getEncryptedDigestValue(str));
            }
        }
    }
}
