package com.helger.peppol.httpclient;

import com.helger.commons.ValueEnforcer;
import com.helger.commons.collection.ArrayHelper;
import com.helger.commons.io.stream.NonBlockingByteArrayInputStream;
import com.helger.commons.io.stream.StreamHelper;
import com.helger.jaxb.AbstractJAXBMarshaller;
import com.helger.xml.serialize.read.DOMReader;
import java.io.IOException;
import java.io.InputStream;
import java.util.Iterator;
import javax.annotation.Nonnull;
import javax.annotation.WillNotClose;
import javax.xml.crypto.dsig.Reference;
import javax.xml.crypto.dsig.XMLSignature;
import javax.xml.crypto.dsig.XMLSignatureFactory;
import javax.xml.crypto.dsig.dom.DOMValidateContext;
import org.apache.http.HttpEntity;
import org.apache.http.client.ClientProtocolException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.NodeList;

/* loaded from: input_file:com/helger/peppol/httpclient/SMPHttpResponseHandlerSigned.class */
public class SMPHttpResponseHandlerSigned<T> extends AbstractSMPResponseHandler<T> {
    private static final Logger s_aLogger = LoggerFactory.getLogger(SMPHttpResponseHandlerSigned.class);
    private final AbstractJAXBMarshaller<T> m_aMarshaller;

    public SMPHttpResponseHandlerSigned(@Nonnull AbstractJAXBMarshaller<T> abstractJAXBMarshaller) {
        this.m_aMarshaller = (AbstractJAXBMarshaller) ValueEnforcer.notNull(abstractJAXBMarshaller, "Marshaller");
    }

    private static boolean _checkSignature(@Nonnull @WillNotClose InputStream inputStream) throws Exception {
        NodeList elementsByTagNameNS = DOMReader.readXMLDOM(inputStream).getElementsByTagNameNS("http://www.w3.org/2000/09/xmldsig#", "Signature");
        if (elementsByTagNameNS == null || elementsByTagNameNS.getLength() == 0) {
            throw new IllegalArgumentException("Element <Signature> not found in SMP XML response");
        }
        DOMValidateContext dOMValidateContext = new DOMValidateContext(new TrustStoreBasedX509KeySelector(), elementsByTagNameNS.item(0));
        XMLSignature unmarshalXMLSignature = XMLSignatureFactory.getInstance("DOM").unmarshalXMLSignature(dOMValidateContext);
        boolean validate = unmarshalXMLSignature.validate(dOMValidateContext);
        if (!validate) {
            s_aLogger.info("Signature failed core validation");
            boolean validate2 = unmarshalXMLSignature.getSignatureValue().validate(dOMValidateContext);
            s_aLogger.info("  Signature value valid: " + validate2);
            if (!validate2) {
                int i = 0;
                Iterator it = unmarshalXMLSignature.getSignedInfo().getReferences().iterator();
                while (it.hasNext()) {
                    s_aLogger.info("  Reference[" + i + "] validity status: " + (((Reference) it.next()).validate(dOMValidateContext) ? "valid" : "NOT valid!"));
                    i++;
                }
            }
        }
        return validate;
    }

    @Override // com.helger.peppol.httpclient.AbstractSMPResponseHandler
    @Nonnull
    public T handleEntity(@Nonnull HttpEntity httpEntity) throws IOException {
        byte[] allBytes = StreamHelper.getAllBytes(httpEntity.getContent());
        if (ArrayHelper.isEmpty(allBytes)) {
            throw new ClientProtocolException("Could not read SMP server response content");
        }
        try {
            NonBlockingByteArrayInputStream nonBlockingByteArrayInputStream = new NonBlockingByteArrayInputStream(allBytes);
            Throwable th = null;
            try {
                try {
                    if (!_checkSignature(nonBlockingByteArrayInputStream)) {
                        throw new ClientProtocolException("Signature returned from SMP server was not valid");
                    }
                    if (nonBlockingByteArrayInputStream != null) {
                        if (0 != 0) {
                            try {
                                nonBlockingByteArrayInputStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            nonBlockingByteArrayInputStream.close();
                        }
                    }
                    T t = (T) this.m_aMarshaller.read(allBytes);
                    if (t == null) {
                        throw new ClientProtocolException("Malformed XML document returned from SMP server");
                    }
                    return t;
                } finally {
                }
            } finally {
            }
        } catch (Exception e) {
            throw new ClientProtocolException("Error in validating signature returned from SMP server", e);
        }
    }
}
