package asia.dbt.thundercrypt.osgi.services;

import asia.dbt.thundercrypt.core.exceptions.CRLVerificationException;
import asia.dbt.thundercrypt.core.exceptions.DownloadCertificateException;
import asia.dbt.thundercrypt.core.exceptions.KeyLoadException;
import asia.dbt.thundercrypt.core.exceptions.UnknownCaException;
import asia.dbt.thundercrypt.core.exceptions.UnknownOcspAddressException;
import asia.dbt.thundercrypt.core.exceptions.UnknownTspAddressException;
import asia.dbt.thundercrypt.core.exceptions.WrongPasswordException;
import asia.dbt.thundercrypt.core.exceptions.certificates.IssuerCertificateNotFoundException;
import asia.dbt.thundercrypt.core.exceptions.verification.CertificateForAuthenticationException;
import asia.dbt.thundercrypt.core.exceptions.verification.CertificateNoHavePermissionsForSignException;
import asia.dbt.thundercrypt.core.exceptions.verification.CertificatePermissionException;
import asia.dbt.thundercrypt.core.exceptions.verification.CertificateStatusException;
import asia.dbt.thundercrypt.core.exceptions.verification.TimeStampValidationException;
import asia.dbt.thundercrypt.core.generators.DefaultSignatureGenerator;
import asia.dbt.thundercrypt.core.keys.FileKeyLoader;
import asia.dbt.thundercrypt.core.keys.KeyLoader;
import asia.dbt.thundercrypt.core.keys.TokenKeyLoader;
import asia.dbt.thundercrypt.core.utils.CertificatePolicy;
import asia.dbt.thundercrypt.core.verificators.DefaultSignVerification;
import asia.dbt.thundercrypt.osgi.ErrorResponses;
import asia.dbt.thundercrypt.osgi.exceptions.AbortException;
import asia.dbt.thundercrypt.osgi.responses.Response;
import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.security.NoSuchProviderException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.util.ArrayList;
import java.util.Base64;
import java.util.List;
import java.util.stream.Collectors;
import kz.gov.pki.osgi.layer.api.ModuleService;
import org.json.JSONArray;
import org.json.JSONObject;
import org.osgi.service.log.LogService;

/* loaded from: input_file:asia/dbt/thundercrypt/osgi/services/SignModuleService.class */
public class SignModuleService implements ModuleService {
    private LogService logService;
    private GuiService guiService;

    @Override // kz.gov.pki.osgi.layer.api.ModuleService
    public String process(String str, String str2) {
        this.logService.log(3, "Start signing.");
        JSONObject jSONObject = new JSONObject(str);
        Response response = new Response();
        try {
            KeyLoader createKeyLoader = createKeyLoader(jSONObject);
            String validateStringArgument = validateStringArgument(jSONObject, "filesNames");
            byte[] validateBase64Argument = validateBase64Argument(jSONObject, "dataForSign");
            boolean z = jSONObject.has("skipCheckPermissions") && jSONObject.getBoolean("skipCheckPermissions");
            List<String> validateArrayArgument = validateArrayArgument(jSONObject, "policies", true);
            String makeSignature = makeSignature(createKeyLoader, validateStringArgument, validateBase64Argument);
            this.logService.log(3, "Success signing.");
            Thread.sleep(200L);
            try {
                verifySignature(makeSignature, validateBase64Argument, z, validateArrayArgument);
                response.setResult(makeSignature);
            } catch (Exception e) {
                this.logService.log(1, makeSignature);
                throw e;
            }
        } catch (Exception e2) {
            processError(e2, response);
        }
        return JSONObject.wrap(response).toString();
    }

    private void processError(Exception exc, Response response) {
        this.logService.log(1, "Could not sign.", exc);
        if (exc instanceof AbortException) {
            response.setErrorCode(ErrorResponses.ABORT);
            return;
        }
        if (exc instanceof CertificateStatusException) {
            if (exc.getMessage().equals(CertificateStatusException.CERTIFICATE_REVOKED_MESSAGE)) {
                response.setErrorCode(ErrorResponses.CERTIFICATE_REVOKED);
            }
            if (exc.getMessage().equals(CertificateStatusException.CERTIFICATE_UNKNOWN_MESSAGE)) {
                response.setErrorCode(ErrorResponses.CERTIFICATE_UNKNOWN);
                return;
            }
            return;
        }
        if (exc instanceof WrongPasswordException) {
            response.setErrorCode(ErrorResponses.WRONG_PASSWORD);
            return;
        }
        if (exc instanceof CertificateExpiredException) {
            response.setErrorCode(ErrorResponses.CERTIFICATE_EXPIRED);
            return;
        }
        if (exc instanceof CertificateNotYetValidException) {
            response.setErrorCode(ErrorResponses.CERTIFICATE_NOT_YET_VALID);
            return;
        }
        if (exc instanceof CertificateForAuthenticationException) {
            response.setErrorCode(ErrorResponses.CERTIFICATE_FOR_AUTHENTICATION);
            return;
        }
        if (exc instanceof CertificateNoHavePermissionsForSignException) {
            response.setErrorCode(ErrorResponses.CERTIFICATE_NO_HAVE_PERM_FOR_SIGN);
            return;
        }
        if (exc instanceof UnknownTspAddressException) {
            response.setErrorCode(ErrorResponses.UNKNOWN_TSP_ADDRESS);
            response.addParam("address", ((UnknownTspAddressException) exc).getTspAddress());
            return;
        }
        if (exc instanceof UnknownOcspAddressException) {
            response.setErrorCode(ErrorResponses.UNKNOWN_OCSP_ADDRESS);
            response.addParam("address", ((UnknownOcspAddressException) exc).getOcspAddress());
            return;
        }
        if ((exc instanceof UnknownCaException) || (exc instanceof IssuerCertificateNotFoundException)) {
            response.setErrorCode(ErrorResponses.UNKNOWN_CA);
            return;
        }
        if (exc instanceof DownloadCertificateException) {
            response.setErrorCode(ErrorResponses.DOWNLOAD_CERTIFICATE_EXCEPTION);
            response.addParam("address", ((DownloadCertificateException) exc).getCertificateAddress());
            return;
        }
        if (exc instanceof TimeStampValidationException) {
            response.setErrorCode(ErrorResponses.TSP_NOT_VALID);
            return;
        }
        if (exc instanceof CRLVerificationException) {
            response.setErrorCode(ErrorResponses.CRL_VERIFICATION_FAILED);
            return;
        }
        if (exc.getCause() != null && (exc.getCause() instanceof UnknownTspAddressException)) {
            response.setErrorCode(ErrorResponses.UNKNOWN_TSP_ADDRESS);
            response.addParam("address", ((UnknownTspAddressException) exc.getCause()).getTspAddress());
        } else if (exc instanceof CertificatePermissionException) {
            response.setErrorCode(ErrorResponses.CERTIFICATE_NO_HAVE_PERM);
        } else {
            response.setErrorCode(exc.getMessage());
        }
    }

    private void verifySignature(String str, byte[] bArr, boolean z, List<String> list) throws Exception {
        DefaultSignVerification defaultSignVerification = new DefaultSignVerification();
        if (z) {
            defaultSignVerification.setPermissionsForCheck(new ArrayList());
        }
        if (list != null) {
            defaultSignVerification.setAllowedCertificatePolicies(convertStringsToPolicies(list));
        }
        defaultSignVerification.verify(Base64.getDecoder().decode(str), bArr);
    }

    private List<CertificatePolicy> convertStringsToPolicies(List<String> list) {
        return (List) list.stream().map(CertificatePolicy::valueOf).collect(Collectors.toList());
    }

    private String makeSignature(KeyLoader keyLoader, String str, byte[] bArr) throws Exception {
        return new DefaultSignatureGenerator(str).sign(keyLoader, bArr);
    }

    private byte[] validateBase64Argument(JSONObject jSONObject, String str) throws Exception {
        String string = jSONObject.getString(str);
        if (string == null || string.length() == 0) {
            throw new Exception("\"" + str + "\" argument could not be empty or NULL!");
        }
        try {
            return Base64.getDecoder().decode(string);
        } catch (Exception e) {
            throw new Exception("\"" + str + "\" argument should use BASE64 format!");
        }
    }

    private String validateStringArgument(JSONObject jSONObject, String str) throws Exception {
        String string = jSONObject.getString(str);
        if (string == null || string.length() == 0) {
            throw new Exception("\"" + str + "\" argument could not be empty or NULL!");
        }
        return string;
    }

    private List<String> validateArrayArgument(JSONObject jSONObject, String str, boolean z) {
        if (!jSONObject.has(str)) {
            if (z) {
                return null;
            }
            return new ArrayList();
        }
        ArrayList arrayList = new ArrayList();
        JSONArray jSONArray = jSONObject.getJSONArray(str);
        for (int i = 0; i < jSONArray.length(); i++) {
            arrayList.add(jSONArray.getString(i));
        }
        return arrayList;
    }

    private KeyLoader createKeyLoader(JSONObject jSONObject) throws IOException, NoSuchProviderException, KeyLoadException, WrongPasswordException, AbortException {
        String string = jSONObject.getString("keyType");
        String openSignDataDialog = this.guiService.openSignDataDialog();
        if (openSignDataDialog == null) {
            throw new AbortException();
        }
        if (string.equals("file")) {
            return new FileKeyLoader(Files.readAllBytes(Paths.get(jSONObject.getString("filePath"), new String[0])), openSignDataDialog);
        }
        if (string.equals("token")) {
            return new TokenKeyLoader(jSONObject.getString("tokenName"), openSignDataDialog);
        }
        throw new RuntimeException("KeyType: \"" + string + "\" is not allowed! Required \"file\" or \"token\".");
    }

    public void setLogService(LogService logService) {
        this.logService = logService;
    }

    public void setGuiService(GuiService guiService) {
        this.guiService = guiService;
    }
}
