package eu.europa.ec.markt.dss.validation102853.tsl;

import eu.europa.ec.markt.dss.DSSUtils;
import eu.europa.ec.markt.dss.DSSXMLUtils;
import eu.europa.ec.markt.dss.exception.DSSException;
import eu.europa.ec.markt.dss.exception.DSSNullReturnedException;
import eu.europa.ec.markt.dss.exception.EncodingException;
import eu.europa.ec.markt.dss.exception.NotETSICompliantException;
import eu.europa.ec.markt.dss.validation.certificate.CertificateSourceType;
import eu.europa.ec.markt.dss.validation.https.HTTPDataLoader;
import eu.europa.ec.markt.dss.validation102853.CertificateToken;
import eu.europa.ec.markt.dss.validation102853.CommonTrustedCertificateSource;
import eu.europa.ec.markt.dss.validation102853.condition.ServiceInfo;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.InputStream;
import java.io.PrintWriter;
import java.io.StringWriter;
import java.net.URL;
import java.security.Security;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.logging.Level;
import java.util.logging.Logger;
import java.util.zip.ZipEntry;
import java.util.zip.ZipInputStream;
import javax.xml.crypto.KeySelector;
import javax.xml.crypto.dsig.XMLSignatureFactory;
import javax.xml.crypto.dsig.dom.DOMValidateContext;
import org.apache.commons.io.IOUtils;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.NodeList;

/* loaded from: input_file:applet/signature-client.jar:eu/europa/ec/markt/dss/validation102853/tsl/TrustedListsCertificateSource.class */
public class TrustedListsCertificateSource extends CommonTrustedCertificateSource {
    private static final Logger LOG = Logger.getLogger(TrustedListsCertificateSource.class.getName());
    private static final String CP = "classpath://";
    private static final String FILE = "file://";
    protected String lotlUrl;
    protected transient HTTPDataLoader dataLoader;
    private Map<String, String> diagnosticInfo = new HashMap();
    protected boolean checkSignature = true;
    protected String lotlCertificate;

    public TrustedListsCertificateSource() {
    }

    public TrustedListsCertificateSource(TrustedListsCertificateSource trustedListsCertificateSource) {
        setDataLoader(trustedListsCertificateSource.dataLoader);
        setCheckSignature(trustedListsCertificateSource.checkSignature);
        setLotlCertificate(trustedListsCertificateSource.lotlCertificate);
        setLotlUrl(trustedListsCertificateSource.lotlUrl);
    }

    @Override // eu.europa.ec.markt.dss.validation102853.CommonTrustedCertificateSource, eu.europa.ec.markt.dss.validation102853.CommonCertificateSource
    protected CertificateSourceType getCertificateSourceType() {
        return CertificateSourceType.TRUSTED_LIST;
    }

    @Override // eu.europa.ec.markt.dss.validation102853.CommonTrustedCertificateSource, eu.europa.ec.markt.dss.validation102853.CommonCertificateSource
    public CertificateToken addCertificate(X509Certificate x509Certificate, ServiceInfo serviceInfo) {
        return super.addCertificate(x509Certificate, serviceInfo);
    }

    @Override // eu.europa.ec.markt.dss.validation102853.CommonCertificateSource, eu.europa.ec.markt.dss.validation102853.CertificateSource
    public CertificateToken addCertificate(X509Certificate x509Certificate) {
        throw new DSSException("This method method is not applicable for this kind of certificates source. You should use {@link #addCertificate(java.security.signingCert.X509Certificate, eu.europa.ec.markt.dss.validation102853.condition.ServiceInfo)}");
    }

    private void addCertificate(X509Certificate x509Certificate, AbstractTrustService abstractTrustService, TrustServiceProvider trustServiceProvider, boolean z) {
        try {
            super.addCertificate(x509Certificate, getServiceInfo(abstractTrustService, trustServiceProvider, z));
        } catch (NotETSICompliantException e) {
            LOG.log(Level.SEVERE, "The entry for " + abstractTrustService.getServiceName() + " doesn't respect ESTI specification " + e.getLocalizedMessage());
        }
    }

    private ServiceInfo getServiceInfo(AbstractTrustService abstractTrustService, TrustServiceProvider trustServiceProvider, boolean z) {
        ServiceInfo createServiceInfo = abstractTrustService.createServiceInfo();
        createServiceInfo.setServiceName(abstractTrustService.getServiceName());
        createServiceInfo.setStatus(abstractTrustService.getStatus());
        createServiceInfo.setStatusStartDate(abstractTrustService.getStatusStartDate());
        createServiceInfo.setStatusEndDate(abstractTrustService.getStatusEndDate());
        createServiceInfo.setType(abstractTrustService.getType());
        createServiceInfo.setTspElectronicAddress(trustServiceProvider.getElectronicAddress());
        createServiceInfo.setTspName(trustServiceProvider.getName());
        createServiceInfo.setTspPostalAddress(trustServiceProvider.getPostalAddress());
        createServiceInfo.setTspTradeName(trustServiceProvider.getTradeName());
        createServiceInfo.setTlWellSigned(z);
        return createServiceInfo;
    }

    public Map<String, String> getDiagnosticInfo() {
        return Collections.unmodifiableMap(this.diagnosticInfo);
    }

    private InputStream getLotlCertificateInputStream() throws DSSException {
        try {
            return this.lotlCertificate.toLowerCase().startsWith(CP) ? getClass().getResourceAsStream(this.lotlCertificate.substring(CP.length() - 1)) : this.lotlCertificate.toLowerCase().startsWith(FILE) ? new File(this.lotlCertificate.substring(FILE.length())).toURI().toURL().openStream() : new URL(this.lotlCertificate).openStream();
        } catch (Exception e) {
            IOUtils.closeQuietly((InputStream) null);
            throw new DSSException(e);
        }
    }

    private TrustStatusList getTrustStatusList(String str, X509Certificate x509Certificate) {
        try {
            try {
                InputStream inputStream = this.dataLoader.get(str);
                if (inputStream == null) {
                    throw new DSSNullReturnedException("The loader returned a null InputStream for: " + str);
                }
                if (str.toLowerCase().endsWith(".zip")) {
                    inputStream = getZippedData(inputStream);
                }
                Document buildDOM = DSSXMLUtils.buildDOM(inputStream);
                boolean z = true;
                if (this.checkSignature) {
                    z = false;
                    if (x509Certificate != null) {
                        NodeList elementsByTagNameNS = buildDOM.getElementsByTagNameNS("http://www.w3.org/2000/09/xmldsig#", "Signature");
                        if (elementsByTagNameNS.getLength() == 0) {
                            throw new DSSException("Not ETSI compliant signature. The Xml is not signed.");
                        }
                        if (elementsByTagNameNS.getLength() > 1) {
                            throw new DSSException("Not ETSI compliant signature. There is more than one signature.");
                        }
                        Element element = (Element) elementsByTagNameNS.item(0);
                        DOMValidateContext dOMValidateContext = new DOMValidateContext(KeySelector.singletonKeySelector(x509Certificate.getPublicKey()), element);
                        dOMValidateContext.setURIDereferencer(new TSLURIDereferencer(element));
                        z = XMLSignatureFactory.getInstance("DOM").unmarshalXMLSignature(dOMValidateContext).validate(dOMValidateContext);
                        LOG.info("The TSL signature validity: " + z);
                    }
                }
                TrustStatusList newInstance = TrustServiceListFactory.newInstance(buildDOM);
                newInstance.setWellSigned(z);
                DSSUtils.closeQuietly(inputStream);
                return newInstance;
            } catch (DSSException e) {
                throw e;
            } catch (Exception e2) {
                throw new DSSException(e2);
            }
        } catch (Throwable th) {
            DSSUtils.closeQuietly((InputStream) null);
            throw th;
        }
    }

    private InputStream getZippedData(InputStream inputStream) {
        ZipEntry nextEntry;
        byte[] bArr = null;
        ZipInputStream zipInputStream = null;
        try {
            bArr = IOUtils.toByteArray(inputStream);
            IOUtils.closeQuietly(inputStream);
            zipInputStream = new ZipInputStream(new ByteArrayInputStream(bArr));
        } catch (Exception e) {
            LOG.log(Level.WARNING, "The data is assumed to be zip format; cannot not be read; continue as xml.", (Throwable) e);
        }
        do {
            nextEntry = zipInputStream.getNextEntry();
            if (nextEntry == null) {
                if (zipInputStream != null) {
                    IOUtils.closeQuietly(zipInputStream);
                }
                return new ByteArrayInputStream(bArr);
            }
        } while (!nextEntry.getName().toLowerCase().endsWith(".xml"));
        return zipInputStream;
    }

    public void init() {
        this.diagnosticInfo.clear();
        X509Certificate readLOTLCertificate = this.checkSignature ? readLOTLCertificate() : null;
        try {
            if (LOG.isLoggable(Level.INFO)) {
                LOG.info("Downloading LOTL from url= " + this.lotlUrl);
            }
            TrustStatusList trustStatusList = getTrustStatusList(this.lotlUrl, readLOTLCertificate);
            this.diagnosticInfo.put(this.lotlUrl, "Loaded " + new Date().toString());
            for (PointerToOtherTSL pointerToOtherTSL : trustStatusList.getOtherTSLPointers()) {
                try {
                    loadTSL(pointerToOtherTSL.getTslLocation(), pointerToOtherTSL.getTerritory(), pointerToOtherTSL.getDigitalIdentity());
                } catch (DSSException e) {
                }
            }
            loadAdditionalLists(new String[0]);
        } catch (DSSException e2) {
            LOG.log(Level.SEVERE, "The LOTL cannot be loaded: " + e2.getMessage(), (Throwable) e2);
            throw e2;
        }
    }

    private X509Certificate readLOTLCertificate() throws DSSException {
        if (this.lotlCertificate == null) {
            this.diagnosticInfo.put(this.lotlUrl, "The LOTL signing certificate property must contain a reference to a certificate.");
            throw new DSSException("The LOTL signing certificate property must contain a reference to a certificate.");
        }
        InputStream inputStream = null;
        try {
            try {
                inputStream = getLotlCertificateInputStream();
                X509Certificate loadCertificate = DSSUtils.loadCertificate(inputStream);
                DSSUtils.closeQuietly(inputStream);
                return loadCertificate;
            } catch (DSSException e) {
                this.diagnosticInfo.put(this.lotlUrl, "Cannot read LOTL signing certificate.");
                throw e;
            }
        } catch (Throwable th) {
            DSSUtils.closeQuietly(inputStream);
            throw th;
        }
    }

    protected void loadAdditionalLists(String... strArr) {
    }

    protected void loadTSL(String str, String str2, X509Certificate x509Certificate) {
        try {
            this.diagnosticInfo.put(str, "Loading");
            if (LOG.isLoggable(Level.INFO)) {
                LOG.info("Downloading TrustStatusList for '" + str2 + "' from url= " + str);
            }
            loadAllCertificatesFromOneTSL(getTrustStatusList(str, x509Certificate));
            this.diagnosticInfo.put(str, "Loaded " + new Date().toString());
        } catch (DSSNullReturnedException e) {
            LOG.info("Download skipped.");
        } catch (DSSException e2) {
            throw e2;
        } catch (RuntimeException e3) {
            makeATrace(str, "Other problem: " + e3.toString(), e3);
        }
    }

    private void makeATrace(String str, String str2, Exception exc) {
        LOG.log(Level.SEVERE, str2, (Throwable) exc);
        StringWriter stringWriter = new StringWriter();
        exc.printStackTrace(new PrintWriter(stringWriter));
        this.diagnosticInfo.put(str, stringWriter.toString());
    }

    private void loadAllCertificatesFromOneTSL(TrustStatusList trustStatusList) {
        for (TrustServiceProvider trustServiceProvider : trustStatusList.getTrustServicesProvider()) {
            for (AbstractTrustService abstractTrustService : trustServiceProvider.getTrustServiceList()) {
                try {
                    Iterator<X509Certificate> it2 = abstractTrustService.getDigitalIdentity().iterator();
                    while (it2.hasNext()) {
                        addCertificate(it2.next(), abstractTrustService, trustServiceProvider, trustStatusList.isWellSigned());
                    }
                } catch (EncodingException e) {
                    LOG.warning(e.getLocalizedMessage());
                }
            }
        }
    }

    public void setCheckSignature(boolean z) {
        this.checkSignature = z;
    }

    public void setLotlCertificate(String str) {
        this.lotlCertificate = str;
    }

    public void setLotlUrl(String str) {
        this.lotlUrl = str;
    }

    public void setDataLoader(HTTPDataLoader hTTPDataLoader) {
        this.dataLoader = hTTPDataLoader;
    }

    static {
        Security.addProvider(new BouncyCastleProvider());
    }
}
