package org.openoces.securitypackage;

import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import org.bouncycastle.util.encoders.Base64;
import org.openoces.ooapi.certificate.CertificateStatus;
import org.openoces.ooapi.certificate.OcesCertificate;
import org.openoces.ooapi.exceptions.AppletException;
import org.openoces.ooapi.exceptions.InternalException;
import org.openoces.ooapi.exceptions.NonOpensignSignatureException;
import org.openoces.ooapi.signatures.OpensignAbstractSignature;
import org.openoces.ooapi.signatures.OpensignSignature;
import org.openoces.ooapi.signatures.OpensignSignatureFactory;
import org.openoces.ooapi.signatures.SignatureProperty;
import org.openoces.ooapi.utils.Base64Handler;
import org.openoces.ooapi.validation.ErrorCodeChecker;
import org.openoces.serviceprovider.ServiceProviderException;
import org.openoces.serviceprovider.ServiceProviderSetup;

/* loaded from: input_file:org/openoces/securitypackage/SignHandler.class */
public class SignHandler {
    public static SignatureValidationStatus validateSignatureAgainstAgreement(String str, String str2, String str3, String str4) throws ServiceProviderException, AppletException {
        return validateSignatureAgainstAgreement(str, str2, null, str3, str4);
    }

    public static SignatureValidationStatus validateSignatureAgainstAgreement(String str, String str2, String str3, String str4, String str5) throws ServiceProviderException, AppletException {
        if (ErrorCodeChecker.isError(str)) {
            throw new AppletException(ErrorCodeChecker.extractError(str));
        }
        try {
            OpensignSignature createOpensignSignature = createOpensignSignature(Base64Handler.decode(str));
            validateSignatureParameters(str4, createOpensignSignature, str5);
            String encodeSignature = encodeSignature(createOpensignSignature);
            String encode = Base64Handler.encode(str2);
            OcesCertificate signingCertificate = createOpensignSignature.getSigningCertificate();
            CertificateStatus validityStatus = signingCertificate.validityStatus();
            if (validityStatus == CertificateStatus.VALID && ServiceProviderSetup.getCurrentChecker().isRevoked(signingCertificate)) {
                validityStatus = CertificateStatus.REVOKED;
            }
            return new SignatureValidationStatus(createOpensignSignature, validityStatus, signatureMatches(encodeSignature, encode, str3, createOpensignSignature), getRuidTokenProperty(createOpensignSignature));
        } catch (InternalException e) {
            throw new ServiceProviderException(e);
        } catch (NonOpensignSignatureException e2) {
            throw new ServiceProviderException(e2);
        }
    }

    public static SignatureValidationStatus validateSignatureAgainstAgreementPDF(String str, String str2, String str3, String str4) throws IOException, ServiceProviderException, AppletException {
        if (ErrorCodeChecker.isError(str)) {
            throw new AppletException(ErrorCodeChecker.extractError(str));
        }
        try {
            OpensignSignature createOpensignSignature = createOpensignSignature(new String(Base64.decode(str)));
            validateSignatureParametersPDF(str3, createOpensignSignature, str4);
            String str5 = new String(Base64.encode(createOpensignSignature.getSignedDocument().getSignedContent()));
            OcesCertificate signingCertificate = createOpensignSignature.getSigningCertificate();
            CertificateStatus validityStatus = signingCertificate.validityStatus();
            if (validityStatus == CertificateStatus.VALID && ServiceProviderSetup.getCurrentChecker().isRevoked(signingCertificate)) {
                validityStatus = CertificateStatus.REVOKED;
            }
            return new SignatureValidationStatus(createOpensignSignature, validityStatus, signatureMatches(str5, str2, null, createOpensignSignature), getRuidTokenProperty(createOpensignSignature));
        } catch (InternalException e) {
            throw new ServiceProviderException(e);
        } catch (NonOpensignSignatureException e2) {
            throw new ServiceProviderException(e2);
        }
    }

    private static String getRuidTokenProperty(OpensignSignature opensignSignature) throws InternalException {
        SignatureProperty signatureProperty = opensignSignature.getSignatureProperties().get("rememberUseridToken");
        return signatureProperty == null ? null : signatureProperty.getValue();
    }

    private static boolean signatureMatches(String str, String str2, String str3, OpensignSignature opensignSignature) {
        try {
            if (!str2.equals(str)) {
                return false;
            }
            String stylesheetDigest = opensignSignature.getStylesheetDigest();
            if (stylesheetDigest == null) {
                return true;
            }
            if (str3 == null) {
                throw new IllegalArgumentException("signTextTransformation is required for XML signing");
            }
            return stylesheetDigest.equals(Base64Handler.encode(MessageDigest.getInstance("SHA256", "BC").digest(str3.getBytes("UTF-8"))));
        } catch (UnsupportedEncodingException e) {
            throw new RuntimeException(e);
        } catch (NoSuchAlgorithmException e2) {
            throw new RuntimeException(e2);
        } catch (NoSuchProviderException e3) {
            throw new RuntimeException(e3);
        } catch (InternalException e4) {
            throw new RuntimeException(e4);
        }
    }

    private static OpensignSignature createOpensignSignature(String str) throws NonOpensignSignatureException, InternalException {
        OpensignAbstractSignature generateOpensignSignature = OpensignSignatureFactory.getInstance().generateOpensignSignature(str);
        if (!(generateOpensignSignature instanceof OpensignSignature)) {
            throw new IllegalArgumentException("argument of type " + generateOpensignSignature.getClass() + " is not valid output from the sign applet");
        }
        verifySignature(generateOpensignSignature);
        return (OpensignSignature) generateOpensignSignature;
    }

    private static void verifySignature(OpensignAbstractSignature opensignAbstractSignature) throws InternalException {
        if (!opensignAbstractSignature.verify()) {
            throw new IllegalArgumentException("sign signature is not valid");
        }
    }

    private static String encodeSignature(OpensignSignature opensignSignature) throws ServiceProviderException {
        try {
            return Base64Handler.encode(opensignSignature.getSigntext().getBytes("UTF-8"));
        } catch (IOException e) {
            throw new IllegalStateException(e);
        } catch (InternalException e2) {
            throw new ServiceProviderException("Could not encode signature", e2);
        }
    }

    private static void validateSignatureParameters(String str, OpensignSignature opensignSignature, String str2) throws InternalException, ServiceProviderException {
        validateChallenge(opensignSignature, str);
        validateVisibleToSignerForSignText(opensignSignature);
        if (str2 != null) {
            validateLogonTo(opensignSignature, str2);
        }
    }

    private static void validateSignatureParametersPDF(String str, OpensignSignature opensignSignature, String str2) throws InternalException, ServiceProviderException {
        validateChallenge(opensignSignature, str);
        if (str2 != null) {
            validateLogonTo(opensignSignature, str2);
        }
    }

    private static void validateChallenge(OpensignSignature opensignSignature, String str) throws InternalException {
        ChallengeVerifier.verifyChallenge(opensignSignature, str);
    }

    private static void validateVisibleToSignerForSignText(OpensignSignature opensignSignature) throws InternalException, ServiceProviderException {
        SignatureProperty signatureProperty = opensignSignature.getSignatureProperties().get("signtext");
        if (isNotSignedXmlDocument(opensignSignature) && !signatureProperty.isVisibleToSigner()) {
            throw new ServiceProviderException("Invalid sign signature - the parameter signtext in the signature must have the attribute visibleToSigner set to true");
        }
    }

    private static boolean isNotSignedXmlDocument(OpensignSignature opensignSignature) throws InternalException {
        return opensignSignature.getStylesheetDigest() == null;
    }

    private static void validateLogonTo(OpensignSignature opensignSignature, String str) throws ServiceProviderException, InternalException {
        SignatureProperty signatureProperty = opensignSignature.getSignatureProperties().get("logonto");
        SignatureProperty signatureProperty2 = opensignSignature.getSignatureProperties().get("RequestIssuer");
        if (signatureProperty != null && signatureProperty2 != null) {
            throw new IllegalStateException("Invalid signature logonto and RequestIssuer parameters cannot both be set");
        }
        if (signatureProperty == null && signatureProperty2 == null) {
            throw new IllegalStateException("Invalid signature either logonto or RequestIssuer parameters must be set");
        }
        if (signatureProperty != null) {
            verifyLogontoOrRequestIssuer(signatureProperty.getValue(), str);
        }
        if (signatureProperty2 != null) {
            verifyLogontoOrRequestIssuer(signatureProperty2.getValue(), str);
        }
    }

    private static void verifyLogontoOrRequestIssuer(String str, String str2) throws ServiceProviderException {
        boolean z = false;
        for (String str3 : extractValidLogontos(str2)) {
            if (str.equals(str3)) {
                z = true;
            }
        }
        if (!z) {
            throw new ServiceProviderException("Invalid signature logonto or RequestIssuer parameter does not match expected value. Expected: " + str2 + " actual: " + str);
        }
    }

    public static String[] extractValidLogontos(String str) {
        return str.split(";");
    }
}
