package com.helger.smpclient.httpclient;

import com.helger.commons.ValueEnforcer;
import com.helger.commons.collection.ArrayHelper;
import com.helger.commons.io.stream.NonBlockingByteArrayInputStream;
import com.helger.commons.io.stream.StreamHelper;
import com.helger.commons.state.ESuccess;
import com.helger.jaxb.GenericJAXBMarshaller;
import com.helger.smpclient.exception.SMPClientBadResponseException;
import com.helger.smpclient.security.TrustStoreBasedX509KeySelector;
import com.helger.xml.serialize.read.DOMReader;
import com.helger.xsds.xmldsig.CXMLDSig;
import java.io.IOException;
import java.io.InputStream;
import java.security.KeyStore;
import java.util.List;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.annotation.WillNotClose;
import javax.xml.crypto.KeySelector;
import javax.xml.crypto.MarshalException;
import javax.xml.crypto.dsig.Reference;
import javax.xml.crypto.dsig.XMLSignature;
import javax.xml.crypto.dsig.XMLSignatureException;
import javax.xml.crypto.dsig.XMLSignatureFactory;
import javax.xml.crypto.dsig.dom.DOMValidateContext;
import org.apache.http.HttpEntity;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Document;
import org.w3c.dom.NodeList;

/* loaded from: input_file:WEB-INF/lib/peppol-smp-client-8.6.4.jar:com/helger/smpclient/httpclient/SMPHttpResponseHandlerSigned.class */
public class SMPHttpResponseHandlerSigned<T> extends AbstractSMPResponseHandler<T> {
    public static final boolean DEFAULT_VERIFY_SIGNATURE = true;
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) SMPHttpResponseHandlerSigned.class);
    private final GenericJAXBMarshaller<T> m_aMarshaller;
    private boolean m_bVerifySignature = true;
    private KeyStore m_aTrustStore;

    public SMPHttpResponseHandlerSigned(@Nonnull GenericJAXBMarshaller<T> genericJAXBMarshaller, @Nullable KeyStore keyStore) {
        this.m_aMarshaller = (GenericJAXBMarshaller) ValueEnforcer.notNull(genericJAXBMarshaller, "Marshaller");
        this.m_aTrustStore = keyStore;
    }

    public final boolean isVerifySignature() {
        return this.m_bVerifySignature;
    }

    @Nonnull
    public final SMPHttpResponseHandlerSigned<T> setVerifySignature(boolean z) {
        this.m_bVerifySignature = z;
        return this;
    }

    @Nullable
    public final KeyStore getTrustStore() {
        return this.m_aTrustStore;
    }

    @Nonnull
    public final SMPHttpResponseHandlerSigned<T> setTrustStore(@Nonnull KeyStore keyStore) {
        ValueEnforcer.notNull(keyStore, "TrustStore");
        this.m_aTrustStore = keyStore;
        return this;
    }

    @Nonnull
    public static ESuccess checkSignature(@Nonnull Document document, @Nonnull KeySelector keySelector) throws MarshalException, XMLSignatureException {
        NodeList elementsByTagNameNS = document.getElementsByTagNameNS(CXMLDSig.NAMESPACE_URI, "Signature");
        if (elementsByTagNameNS == null || elementsByTagNameNS.getLength() == 0) {
            throw new IllegalArgumentException("Element <Signature> not found in SMP XML response");
        }
        int length = elementsByTagNameNS.getLength();
        if (LOGGER.isDebugEnabled()) {
            LOGGER.debug("Found " + length + " <Signature> elements to verify");
        }
        XMLSignatureFactory xMLSignatureFactory = XMLSignatureFactory.getInstance("DOM");
        ESuccess eSuccess = ESuccess.SUCCESS;
        for (int i = 0; i < length; i++) {
            DOMValidateContext dOMValidateContext = new DOMValidateContext(keySelector, elementsByTagNameNS.item(i));
            String str = (i + 1) + "/" + length;
            XMLSignature unmarshalXMLSignature = xMLSignatureFactory.unmarshalXMLSignature(dOMValidateContext);
            if (!unmarshalXMLSignature.validate(dOMValidateContext)) {
                eSuccess = ESuccess.FAILURE;
                if (LOGGER.isWarnEnabled()) {
                    LOGGER.warn("Signature[" + str + "] failed core validation");
                }
                if (unmarshalXMLSignature.getSignatureValue().validate(dOMValidateContext)) {
                    if (LOGGER.isInfoEnabled()) {
                        LOGGER.info("  Signature[" + str + "] SignatureValue validity status: valid");
                    }
                } else if (LOGGER.isWarnEnabled()) {
                    LOGGER.warn("  Signature[" + str + "] SignatureValue validity status: NOT valid!");
                }
                List<Reference> references = unmarshalXMLSignature.getSignedInfo().getReferences();
                int size = references.size();
                int i2 = 0;
                for (Reference reference : references) {
                    String str2 = (i2 + 1) + "/" + size;
                    if (reference.getTransforms().size() != 1 && LOGGER.isWarnEnabled()) {
                        LOGGER.warn("  Signature[" + str + "] Reference[" + str2 + "] has an invalid number of Transforms. Expected 1 but having " + reference.getTransforms().size());
                    }
                    if (reference.validate(dOMValidateContext)) {
                        if (LOGGER.isInfoEnabled()) {
                            LOGGER.info("  Signature[" + str + "] Reference[" + str2 + "] validity status: valid");
                        }
                    } else if (LOGGER.isWarnEnabled()) {
                        LOGGER.warn("  Signature[" + str + "] Reference[" + str2 + "] validity status: NOT valid!");
                    }
                    i2++;
                }
            } else if (LOGGER.isDebugEnabled()) {
                LOGGER.debug("Signature[" + str + "] validation was successful");
            }
        }
        return eSuccess;
    }

    @Nonnull
    private static ESuccess _checkSignature(@Nonnull @WillNotClose InputStream inputStream, @Nonnull KeyStore keyStore) throws MarshalException, XMLSignatureException {
        Document readXMLDOM = DOMReader.readXMLDOM(inputStream);
        if (readXMLDOM == null) {
            throw new IllegalArgumentException("The SMP response is not XML");
        }
        return checkSignature(readXMLDOM, new TrustStoreBasedX509KeySelector(keyStore));
    }

    /* JADX WARN: Failed to calculate best type for var: r8v3 ??
    java.lang.NullPointerException
     */
    /* JADX WARN: Failed to calculate best type for var: r9v0 ??
    java.lang.NullPointerException
     */
    /* JADX WARN: Multi-variable type inference failed. Error: java.lang.NullPointerException
     */
    /* JADX WARN: Not initialized variable reg: 8, insn: 0x00c6: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r8 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) A[TRY_LEAVE], block:B:49:0x00c6 */
    /* JADX WARN: Not initialized variable reg: 9, insn: 0x00ca: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r9 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]), block:B:51:0x00ca */
    /* JADX WARN: Type inference failed for: r8v3, types: [java.io.InputStream] */
    /* JADX WARN: Type inference failed for: r9v0, types: [java.lang.Throwable] */
    @Override // com.helger.smpclient.httpclient.AbstractSMPResponseHandler
    @Nonnull
    public T handleEntity(@Nonnull HttpEntity httpEntity) throws SMPClientBadResponseException, IOException {
        ?? r8;
        ?? r9;
        byte[] allBytes = StreamHelper.getAllBytes(httpEntity.getContent());
        if (ArrayHelper.isEmpty(allBytes)) {
            throw new SMPClientBadResponseException("SMP server response content is empty/could not be read");
        }
        if (LOGGER.isDebugEnabled()) {
            LOGGER.debug("Signed SMP response has " + allBytes.length + " bytes");
        }
        if (!this.m_bVerifySignature) {
            LOGGER.warn("SMP response signature verification is disabled. This should not happen in production systems!");
        } else {
            if (this.m_aTrustStore == null) {
                throw new SMPClientBadResponseException("No trust store was configured - cannot verify signatures");
            }
            try {
                try {
                    NonBlockingByteArrayInputStream nonBlockingByteArrayInputStream = new NonBlockingByteArrayInputStream(allBytes);
                    Throwable th = null;
                    if (_checkSignature(nonBlockingByteArrayInputStream, this.m_aTrustStore).isFailure()) {
                        throw new SMPClientBadResponseException("Signature returned from SMP server was not valid");
                    }
                    if (LOGGER.isDebugEnabled()) {
                        LOGGER.debug("Successfully verified signature of signed SMP response");
                    }
                    if (nonBlockingByteArrayInputStream != null) {
                        if (0 != 0) {
                            try {
                                nonBlockingByteArrayInputStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            nonBlockingByteArrayInputStream.close();
                        }
                    }
                } catch (Throwable th3) {
                    if (r8 != 0) {
                        if (r9 != 0) {
                            try {
                                r8.close();
                            } catch (Throwable th4) {
                                r9.addSuppressed(th4);
                            }
                        } else {
                            r8.close();
                        }
                    }
                    throw th3;
                }
            } catch (SMPClientBadResponseException e) {
                throw e;
            } catch (Exception e2) {
                throw new SMPClientBadResponseException("Error in validating signature returned from SMP server", e2);
            }
        }
        T read = this.m_aMarshaller.read(allBytes);
        if (read == null) {
            throw new SMPClientBadResponseException("Malformed XML document returned from SMP server");
        }
        if (LOGGER.isDebugEnabled()) {
            LOGGER.debug("Successfully parsed signed SMP HTTP response");
        }
        return read;
    }
}
