package se.vgregion.security.sign;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.SignatureException;
import java.security.cert.X509Certificate;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Collection;
import javax.ws.rs.Consumes;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.Response;
import javax.xml.crypto.MarshalException;
import javax.xml.crypto.dom.DOMStructure;
import javax.xml.crypto.dsig.XMLSignatureFactory;
import javax.xml.crypto.dsig.keyinfo.X509Data;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.xpath.XPath;
import javax.xml.xpath.XPathConstants;
import javax.xml.xpath.XPathExpressionException;
import javax.xml.xpath.XPathFactory;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.util.Selector;
import org.bouncycastle.util.encoders.Base64;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.ResponseBody;
import org.w3c.dom.Document;
import org.xml.sax.SAXException;
import se.vgregion.dao.domain.patterns.repository.Repository;
import se.vgregion.domain.security.pkiclient.ELegType;
import se.vgregion.domain.security.pkiclient.PkiClient;
import se.vgregion.signera.signature._1.CertificateInfo;
import se.vgregion.signera.signature._1.CertificateInfos;
import se.vgregion.signera.signature._1.SignatureFormat;
import se.vgregion.signera.signature._1.SignatureStatus;
import se.vgregion.signera.signature._1.SignatureVerificationRequest;
import se.vgregion.signera.signature._1.SignatureVerificationResponse;
import se.vgregion.ticket.TicketException;
import se.vgregion.ticket.TicketManager;
import se.vgregion.web.dto.TicketDto;
import se.vgregion.web.security.services.SignatureData;
import se.vgregion.web.security.services.SignatureService;

@Produces({"application/json"})
@Path("/")
/* loaded from: input_file:se/vgregion/security/sign/RestSignController.class */
public class RestSignController extends AbstractSignController {
    private static final Logger LOGGER = LoggerFactory.getLogger(RestSignController.class);
    private final SimpleDateFormat simpleDateFormat;

    @Autowired
    public RestSignController(SignatureService signatureService, Repository<ELegType, String> repository, TicketManager ticketManager) {
        super(signatureService, repository, ticketManager);
        this.simpleDateFormat = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ssZ");
    }

    @Override // se.vgregion.security.sign.AbstractSignController
    @ResponseBody
    public Collection<ELegType> getClientTypes() {
        return super.getClientTypes();
    }

    @Override // se.vgregion.security.sign.AbstractSignController
    public String prepareSign(@RequestBody SignatureData signatureData) throws SignatureException {
        return super.prepareSign(signatureData);
    }

    @Path("/verifySignature")
    @Consumes({"application/xml"})
    @POST
    @Produces({"application/xml"})
    public SignatureVerificationResponse verifySignature(SignatureVerificationRequest signatureVerificationRequest) {
        SignatureVerificationResponse signatureVerificationResponse = new SignatureVerificationResponse();
        signatureVerificationResponse.setCertificateInfos(new CertificateInfos());
        boolean z = false;
        String str = null;
        try {
            SignatureFormat signatureFormat = signatureVerificationRequest.getSignatureFormat();
            if (SignatureFormat.XMLDIGSIG.equals(signatureFormat)) {
                try {
                    z = super.verifySignature(getFromXmlDigSigSignature(signatureVerificationRequest, signatureVerificationResponse));
                } catch (SignatureException e) {
                    e.printStackTrace();
                    str = e.getMessage();
                }
            } else if (SignatureFormat.CMS.equals(signatureFormat)) {
                try {
                    z = super.verifySignature(getFromCmsSignature(signatureVerificationRequest, signatureVerificationResponse));
                } catch (SignatureException e2) {
                    e2.printStackTrace();
                    str = e2.getMessage();
                }
            }
            signatureVerificationResponse.setStatus(z ? SignatureStatus.SUCCESS : SignatureStatus.FAILURE);
            if (str != null) {
                signatureVerificationResponse.setMessage(str);
            }
            return signatureVerificationResponse;
        } catch (CMSException e3) {
            throw new WebApplicationException(e3, Response.Status.INTERNAL_SERVER_ERROR);
        } catch (MarshalException e4) {
            throw new WebApplicationException(e4, Response.Status.INTERNAL_SERVER_ERROR);
        } catch (IOException e5) {
            throw new WebApplicationException(e5, Response.Status.INTERNAL_SERVER_ERROR);
        } catch (ParserConfigurationException e6) {
            throw new WebApplicationException(e6, Response.Status.INTERNAL_SERVER_ERROR);
        } catch (SAXException e7) {
            throw new WebApplicationException(e7, Response.Status.INTERNAL_SERVER_ERROR);
        }
    }

    private SignatureData getFromXmlDigSigSignature(SignatureVerificationRequest signatureVerificationRequest, SignatureVerificationResponse signatureVerificationResponse) throws ParserConfigurationException, SAXException, IOException, MarshalException, SignatureException {
        String str = new String(Base64.decode(signatureVerificationRequest.getSignature()));
        for (Object obj : XMLSignatureFactory.getInstance().unmarshalXMLSignature(new DOMStructure(createDocument(new ByteArrayInputStream(str.getBytes()), true))).getKeyInfo().getContent()) {
            if (obj instanceof X509Data) {
                for (Object obj2 : ((X509Data) obj).getContent()) {
                    if (obj2 instanceof X509Certificate) {
                        X509Certificate x509Certificate = (X509Certificate) obj2;
                        CertificateInfo certificateInfo = new CertificateInfo();
                        certificateInfo.setSubjectDn(x509Certificate.getSubjectDN().getName());
                        certificateInfo.setValidTo(this.simpleDateFormat.format(x509Certificate.getNotAfter()));
                        signatureVerificationResponse.getCertificateInfos().getCertificateInfo().add(certificateInfo);
                    }
                }
            }
        }
        return createSignatureDataFromXmlDigSig(str);
    }

    private SignatureData getFromCmsSignature(SignatureVerificationRequest signatureVerificationRequest, SignatureVerificationResponse signatureVerificationResponse) throws CMSException {
        String signature = signatureVerificationRequest.getSignature();
        CMSSignedData cMSSignedData = new CMSSignedData(Base64.decode(signature));
        String str = new String((byte[]) cMSSignedData.getSignedContent().getContent());
        ArrayList arrayList = new ArrayList();
        for (X509CertificateHolder x509CertificateHolder : cMSSignedData.getCertificates().getMatches((Selector) null)) {
            arrayList.add(x509CertificateHolder.getSubject().toString());
            CertificateInfo certificateInfo = new CertificateInfo();
            certificateInfo.setSubjectDn(x509CertificateHolder.getSubject().toString());
            certificateInfo.setValidTo(this.simpleDateFormat.format(x509CertificateHolder.getNotAfter()));
            signatureVerificationResponse.getCertificateInfos().getCertificateInfo().add(certificateInfo);
        }
        signatureVerificationResponse.setSignatureDate(this.simpleDateFormat.format(findTimestamp(cMSSignedData)));
        SignatureData signatureData = new SignatureData();
        signatureData.setEncodedTbs(str);
        signatureData.setSignature(signature);
        signatureData.setClientType(new ELegType("test", "test", PkiClient.NETMAKER_NETID_4));
        return signatureData;
    }

    private Document createDocument(InputStream inputStream, boolean z) throws ParserConfigurationException, SAXException, IOException {
        DocumentBuilderFactory newInstance = DocumentBuilderFactory.newInstance();
        newInstance.setNamespaceAware(z);
        return newInstance.newDocumentBuilder().parse(inputStream);
    }

    /* JADX WARN: Code restructure failed: missing block: B:23:0x000d, code lost:
    
        continue;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private java.util.Date findTimestamp(org.bouncycastle.cms.CMSSignedData r4) {
        /*
            r3 = this;
            r0 = r4
            org.bouncycastle.cms.SignerInformationStore r0 = r0.getSignerInfos()
            java.util.Collection r0 = r0.getSigners()
            java.util.Iterator r0 = r0.iterator()
            r5 = r0
        Ld:
            r0 = r5
            boolean r0 = r0.hasNext()
            if (r0 == 0) goto L98
            r0 = r5
            java.lang.Object r0 = r0.next()
            org.bouncycastle.cms.SignerInformation r0 = (org.bouncycastle.cms.SignerInformation) r0
            r6 = r0
            r0 = r6
            org.bouncycastle.asn1.cms.AttributeTable r0 = r0.getSignedAttributes()
            r7 = r0
            r0 = r7
            if (r0 != 0) goto L2e
            goto Ld
        L2e:
            r0 = r7
            org.bouncycastle.asn1.ASN1ObjectIdentifier r1 = org.bouncycastle.asn1.cms.CMSAttributes.signingTime
            org.bouncycastle.asn1.ASN1EncodableVector r0 = r0.getAll(r1)
            r8 = r0
            r0 = r8
            int r0 = r0.size()
            switch(r0) {
                case 0: goto L58;
                case 1: goto L5b;
                default: goto L95;
            }
        L58:
            goto Ld
        L5b:
            r0 = r8
            r1 = 0
            org.bouncycastle.asn1.DEREncodable r0 = r0.get(r1)
            org.bouncycastle.asn1.cms.Attribute r0 = (org.bouncycastle.asn1.cms.Attribute) r0
            r9 = r0
            r0 = r9
            org.bouncycastle.asn1.ASN1Set r0 = r0.getAttrValues()
            r10 = r0
            r0 = r10
            int r0 = r0.size()
            r1 = 1
            if (r0 == r1) goto L79
            goto Ld
        L79:
            r0 = r10
            r1 = 0
            org.bouncycastle.asn1.DEREncodable r0 = r0.getObjectAt(r1)     // Catch: java.text.ParseException -> L8b
            org.bouncycastle.asn1.DERObject r0 = r0.getDERObject()     // Catch: java.text.ParseException -> L8b
            org.bouncycastle.asn1.ASN1UTCTime r0 = (org.bouncycastle.asn1.ASN1UTCTime) r0     // Catch: java.text.ParseException -> L8b
            java.util.Date r0 = r0.getDate()     // Catch: java.text.ParseException -> L8b
            return r0
        L8b:
            r11 = move-exception
            r0 = r11
            r0.printStackTrace()
            goto Ld
        L95:
            goto Ld
        L98:
            r0 = 0
            return r0
        */
        throw new UnsupportedOperationException("Method not decompiled: se.vgregion.security.sign.RestSignController.findTimestamp(org.bouncycastle.cms.CMSSignedData):java.util.Date");
    }

    private SignatureData createSignatureDataFromXmlDigSig(String str) throws SignatureException {
        SignatureData signatureData = new SignatureData();
        signatureData.setClientType(new ELegType("test", "test", PkiClient.NEXUS_PERSONAL_4X));
        signatureData.setSignature(new String(Base64.encode(str.getBytes())));
        try {
            Document createDocument = createDocument(new ByteArrayInputStream(str.getBytes()), false);
            XPath newXPath = XPathFactory.newInstance().newXPath();
            signatureData.setNonce(new String(Base64.decode((String) newXPath.compile("/Signature/Object/bankIdSignedData/srvInfo/nonce/text()").evaluate(createDocument, XPathConstants.STRING))));
            String str2 = (String) newXPath.compile("/Signature/Object/bankIdSignedData/usrVisibleData/text()").evaluate(createDocument, XPathConstants.STRING);
            String str3 = new String(Base64.decode(str2));
            signatureData.setEncodedTbs(str2);
            signatureData.setTbs(str3);
            return signatureData;
        } catch (IOException e) {
            throw new SignatureException(e);
        } catch (ParserConfigurationException e2) {
            throw new SignatureException(e2);
        } catch (XPathExpressionException e3) {
            throw new SignatureException(e3);
        } catch (SAXException e4) {
            throw new SignatureException(e4);
        }
    }

    @GET
    @Path("/solveTicket/{serviceId}")
    public String solveTicket(@PathParam("serviceId") String str) {
        LOGGER.info("Client with serviceId=" + str + " requests a ticket.");
        try {
            return new TicketDto(getTicketManager().solveTicket(str)).toString();
        } catch (TicketException e) {
            throw new WebApplicationException(e, Response.Status.FORBIDDEN);
        }
    }
}
