package com.helger.as4.servlet.soap;

import com.helger.as4.attachment.WSS4JAttachment;
import com.helger.as4.attachment.WSS4JAttachmentCallbackHandler;
import com.helger.as4.crypto.ECryptoAlgorithmSign;
import com.helger.as4.crypto.ECryptoAlgorithmSignDigest;
import com.helger.as4.error.EEbmsError;
import com.helger.as4.model.pmode.config.IPModeConfig;
import com.helger.as4.servlet.AS4MessageState;
import com.helger.as4.servlet.mgr.AS4ServerSettings;
import com.helger.as4lib.ebms3header.Ebms3UserMessage;
import com.helger.commons.collection.ext.CommonsHashSet;
import com.helger.commons.collection.ext.ICommonsList;
import com.helger.commons.error.list.ErrorList;
import com.helger.commons.io.file.FileHelper;
import com.helger.commons.io.stream.StreamHelper;
import com.helger.commons.state.ESuccess;
import com.helger.xml.XMLHelper;
import java.io.File;
import java.io.InputStream;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.List;
import java.util.Locale;
import javax.annotation.Nonnull;
import org.apache.wss4j.dom.engine.WSSConfig;
import org.apache.wss4j.dom.engine.WSSecurityEngine;
import org.apache.wss4j.dom.handler.RequestData;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Document;
import org.w3c.dom.Element;

/* loaded from: input_file:com/helger/as4/servlet/soap/SOAPHeaderElementProcessorWSS4J.class */
public class SOAPHeaderElementProcessorWSS4J implements ISOAPHeaderElementProcessor {
    private static final Logger s_aLogger = LoggerFactory.getLogger(SOAPHeaderElementProcessorWSS4J.class);

    @Override // com.helger.as4.servlet.soap.ISOAPHeaderElementProcessor
    @Nonnull
    public ESuccess processHeaderElement(@Nonnull Document document, @Nonnull Element element, @Nonnull ICommonsList<WSS4JAttachment> iCommonsList, @Nonnull AS4MessageState aS4MessageState, @Nonnull ErrorList errorList, @Nonnull Locale locale) {
        IPModeConfig pModeConfig = aS4MessageState.getPModeConfig();
        if (pModeConfig == null) {
            throw new IllegalStateException("No PMode contained in AS4 state - seems like Ebms3 Messaging header is missing!");
        }
        if (pModeConfig.getLeg1().getSecurity() != null) {
            Element firstChildElementOfName = XMLHelper.getFirstChildElementOfName(element, "http://www.w3.org/2000/09/xmldsig#", "Signature");
            if (firstChildElementOfName != null) {
                Element firstChildElementOfName2 = XMLHelper.getFirstChildElementOfName(firstChildElementOfName, "http://www.w3.org/2000/09/xmldsig#", "SignedInfo");
                Element firstChildElementOfName3 = XMLHelper.getFirstChildElementOfName(firstChildElementOfName2, "http://www.w3.org/2000/09/xmldsig#", "SignatureMethod");
                String attribute = firstChildElementOfName3 == null ? null : firstChildElementOfName3.getAttribute("Algorithm");
                ECryptoAlgorithmSign fromURIOrNull = ECryptoAlgorithmSign.getFromURIOrNull(attribute);
                if (fromURIOrNull == null) {
                    s_aLogger.info("Error processing the Security Header, your signing algorithm '" + attribute + "' is incorrect. Expected one of the following '" + Arrays.asList(ECryptoAlgorithmSign.values()) + "' algorithms");
                    errorList.add(EEbmsError.EBMS_FAILED_AUTHENTICATION.getAsError(locale));
                    return ESuccess.FAILURE;
                }
                if (s_aLogger.isDebugEnabled()) {
                    s_aLogger.debug("Using signature algorithm " + fromURIOrNull);
                }
                Element firstChildElementOfName4 = XMLHelper.getFirstChildElementOfName(XMLHelper.getFirstChildElementOfName(firstChildElementOfName2, "http://www.w3.org/2000/09/xmldsig#", "Reference"), "http://www.w3.org/2000/09/xmldsig#", "DigestMethod");
                ECryptoAlgorithmSignDigest fromURIOrNull2 = ECryptoAlgorithmSignDigest.getFromURIOrNull(firstChildElementOfName4 == null ? null : firstChildElementOfName4.getAttribute("Algorithm"));
                if (fromURIOrNull2 == null) {
                    s_aLogger.info("Error processing the Security Header, your signing digest algorithm is incorrect. Expected one of the following'" + Arrays.toString(ECryptoAlgorithmSignDigest.values()) + "' algorithms");
                    errorList.add(EEbmsError.EBMS_FAILED_AUTHENTICATION.getAsError(locale));
                    return ESuccess.FAILURE;
                }
                if (s_aLogger.isDebugEnabled()) {
                    s_aLogger.debug("Using signature digest algorithm " + fromURIOrNull2);
                }
            }
            if (XMLHelper.getFirstChildElementOfName(element, "http://www.w3.org/2001/04/xmlenc#", "EncryptedKey") != null) {
            }
            Ebms3UserMessage ebms3UserMessage = (Ebms3UserMessage) aS4MessageState.getMessaging().getUserMessage().get(0);
            boolean isSoapBodyPayloadPresent = aS4MessageState.isSoapBodyPayloadPresent();
            for (int i = 0; i < iCommonsList.size(); i++) {
                String str = (String) ((WSS4JAttachment) iCommonsList.get(i)).getHeaders().get("Content-ID");
                String substring = str.substring("<attachment=".length(), str.length() - 1);
                String href = ebms3UserMessage.getPayloadInfo().getPartInfoAtIndex((isSoapBodyPayloadPresent ? 1 : 0) + i).getHref();
                if (!href.contains(substring)) {
                    s_aLogger.info("Error processing the Attachments, the attachment '" + href + "' is not valid with what is specified in the usermessage ('" + substring + "')");
                    errorList.add(EEbmsError.EBMS_VALUE_INCONSISTENT.getAsError(locale));
                    return ESuccess.FAILURE;
                }
            }
            WSSecurityEngine wSSecurityEngine = new WSSecurityEngine();
            try {
                KeyStoreCallbackHandler keyStoreCallbackHandler = new KeyStoreCallbackHandler();
                WSS4JAttachmentCallbackHandler wSS4JAttachmentCallbackHandler = new WSS4JAttachmentCallbackHandler(iCommonsList, aS4MessageState.getResourceMgr());
                RequestData requestData = new RequestData();
                requestData.setCallbackHandler(keyStoreCallbackHandler);
                if (iCommonsList.isNotEmpty()) {
                    requestData.setAttachmentCallbackHandler(wSS4JAttachmentCallbackHandler);
                }
                requestData.setSigVerCrypto(AS4ServerSettings.getAS4CryptoFactory().getCrypto());
                requestData.setDecCrypto(AS4ServerSettings.getAS4CryptoFactory().getCrypto());
                requestData.setWssConfig(WSSConfig.getNewInstance());
                List results = wSSecurityEngine.processSecurityHeader(document, requestData).getResults();
                CommonsHashSet commonsHashSet = new CommonsHashSet();
                results.forEach(wSSecurityEngineResult -> {
                    X509Certificate x509Certificate = (X509Certificate) wSSecurityEngineResult.get("x509-certificate");
                    if (x509Certificate != null) {
                        commonsHashSet.add(x509Certificate);
                    }
                });
                if (commonsHashSet.size() > 1) {
                    s_aLogger.warn("Found " + commonsHashSet.size() + " different certificates in message: " + commonsHashSet);
                }
                aS4MessageState.setUsedCertificate((X509Certificate) commonsHashSet.getAtIndex(0));
                aS4MessageState.setDecryptedSOAPDocument(document);
                ICommonsList<WSS4JAttachment> allResponseAttachments = wSS4JAttachmentCallbackHandler.getAllResponseAttachments();
                for (WSS4JAttachment wSS4JAttachment : allResponseAttachments) {
                    InputStream sourceStream = wSS4JAttachment.getSourceStream();
                    File createTempFile = aS4MessageState.getResourceMgr().createTempFile();
                    StreamHelper.copyInputStreamToOutputStreamAndCloseOS(sourceStream, StreamHelper.getBuffered(FileHelper.getOutputStream(createTempFile)));
                    wSS4JAttachment.setSourceStreamProvider(() -> {
                        return StreamHelper.getBuffered(FileHelper.getInputStream(createTempFile));
                    });
                }
                aS4MessageState.setDecryptedAttachments(allResponseAttachments);
            } catch (Exception e) {
                s_aLogger.info("Error processing the WSSSecurity Header", e);
                errorList.add(EEbmsError.EBMS_FAILED_AUTHENTICATION.getAsError(locale));
                return ESuccess.FAILURE;
            }
        }
        return ESuccess.SUCCESS;
    }
}
