package no.difi.asic;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.DigestOutputStream;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.HashMap;
import java.util.Map;
import java.util.zip.ZipEntry;
import no.difi.xsd.asic.model._1.AsicManifest;
import no.difi.xsd.asic.model._1.Certificate;
import oasis.names.tc.opendocument.xmlns.manifest._1.Manifest;
import org.apache.commons.io.IOUtils;
import org.bouncycastle.util.encoders.Base64;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:no/difi/asic/AbstractAsicReader.class */
class AbstractAsicReader {
    private static final Logger log = LoggerFactory.getLogger(AbstractAsicReader.class);
    private MessageDigest messageDigest;
    private AsicInputStream zipInputStream;
    private ZipEntry currentZipEntry;
    private ManifestVerifier manifestVerifier;
    private Manifest manifest;
    private Map<String, Object> signingContent = new HashMap();

    /* JADX INFO: Access modifiers changed from: package-private */
    public AbstractAsicReader(MessageDigestAlgorithm messageDigestAlgorithm, InputStream inputStream) throws IOException {
        this.manifestVerifier = new ManifestVerifier(messageDigestAlgorithm);
        try {
            this.messageDigest = MessageDigest.getInstance(messageDigestAlgorithm.getAlgorithm());
            this.messageDigest.reset();
            this.zipInputStream = new AsicInputStream(inputStream);
        } catch (NoSuchAlgorithmException e) {
            throw new IllegalStateException(String.format("Algorithm %s not supported", messageDigestAlgorithm.getAlgorithm()), e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String getNextFile() throws IOException {
        while (true) {
            ZipEntry nextEntry = this.zipInputStream.getNextEntry();
            this.currentZipEntry = nextEntry;
            if (nextEntry == null) {
                this.manifestVerifier.verifyAllVerified();
                if (this.signingContent.size() > 0) {
                    throw new IllegalStateException(String.format("Signature not verified: %s", this.signingContent.keySet().iterator().next()));
                }
                return null;
            }
            log.info(String.format("Found file: %s", this.currentZipEntry.getName()));
            if (!this.currentZipEntry.getName().startsWith("META-INF/")) {
                return this.currentZipEntry.getName();
            }
            handleMetadataEntry();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void writeFile(OutputStream outputStream) throws IOException {
        if (this.currentZipEntry == null) {
            throw new IllegalStateException("No file to read.");
        }
        this.messageDigest.reset();
        IOUtils.copy(this.zipInputStream, new DigestOutputStream(outputStream, this.messageDigest));
        this.zipInputStream.closeEntry();
        byte[] digest = this.messageDigest.digest();
        log.debug(String.format("Digest: %s", new String(Base64.encode(digest))));
        this.manifestVerifier.update(this.currentZipEntry.getName(), digest, null);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void close() throws IOException {
        if (this.zipInputStream != null) {
            this.zipInputStream.close();
            this.zipInputStream = null;
        }
    }

    private void handleMetadataEntry() throws IOException {
        String lowerCase = this.currentZipEntry.getName().substring(9).toLowerCase();
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        IOUtils.copy(this.zipInputStream, byteArrayOutputStream);
        if (AsicUtils.PATTERN_CADES_MANIFEST.matcher(this.currentZipEntry.getName()).matches()) {
            handleCadesSigning(CadesAsicManifest.extractAndVerify(byteArrayOutputStream.toString(), this.manifestVerifier), byteArrayOutputStream.toString());
            return;
        }
        if (AsicUtils.PATTERN_XADES_SIGNATURES.matcher(this.currentZipEntry.getName()).matches()) {
            XadesAsicManifest.extractAndVerify(byteArrayOutputStream.toString(), this.manifestVerifier);
        } else if (AsicUtils.PATTERN_CADES_SIGNATURE.matcher(this.currentZipEntry.getName()).matches()) {
            handleCadesSigning(this.currentZipEntry.getName(), byteArrayOutputStream);
        } else {
            if (!lowerCase.equals("manifest.xml")) {
                throw new IllegalStateException(String.format("Contains unknown metadata file: %s", this.currentZipEntry.getName()));
            }
            this.manifest = OasisManifest.read(new ByteArrayInputStream(byteArrayOutputStream.toByteArray()));
        }
    }

    private void handleCadesSigning(String str, Object obj) {
        if (!this.signingContent.containsKey(str)) {
            this.signingContent.put(str, obj);
            return;
        }
        Certificate validate = SignatureHelper.validate(obj instanceof String ? ((String) obj).getBytes() : ((String) this.signingContent.get(str)).getBytes(), obj instanceof ByteArrayOutputStream ? ((ByteArrayOutputStream) obj).toByteArray() : ((ByteArrayOutputStream) this.signingContent.get(str)).toByteArray());
        validate.setCert(this.currentZipEntry.getName());
        this.manifestVerifier.addCertificate(validate);
        this.signingContent.remove(str);
    }

    public AsicManifest getAsicManifest() {
        return this.manifestVerifier.getAsicManifest();
    }

    public Manifest getOasisManifest() {
        return this.manifest;
    }
}
