package nl.clockwork.ebms.encryption;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Iterator;
import javax.mail.util.ByteArrayDataSource;
import javax.xml.parsers.ParserConfigurationException;
import nl.clockwork.ebms.Constants;
import nl.clockwork.ebms.common.CPAManager;
import nl.clockwork.ebms.common.KeyStoreManager;
import nl.clockwork.ebms.common.util.DOMUtils;
import nl.clockwork.ebms.common.util.SecurityUtils;
import nl.clockwork.ebms.model.CacheablePartyId;
import nl.clockwork.ebms.model.EbMSAttachment;
import nl.clockwork.ebms.model.EbMSMessage;
import nl.clockwork.ebms.processor.EbMSProcessingException;
import nl.clockwork.ebms.util.CPAUtils;
import nl.clockwork.ebms.util.EbMSMessageUtils;
import nl.clockwork.ebms.validation.EbMSValidationException;
import nl.clockwork.ebms.validation.ValidationException;
import nl.clockwork.ebms.validation.ValidatorException;
import org.apache.xml.security.encryption.XMLCipher;
import org.apache.xml.security.encryption.XMLEncryptionException;
import org.apache.xml.security.exceptions.XMLSecurityException;
import org.apache.xml.security.utils.EncryptionConstants;
import org.springframework.beans.factory.InitializingBean;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.xml.sax.SAXException;

/* loaded from: input_file:nl/clockwork/ebms/encryption/EbMSMessageDecrypter.class */
public class EbMSMessageDecrypter implements InitializingBean {
    private CPAManager cpaManager;
    private String keyStorePath;
    private String keyStorePassword;
    private KeyStore keyStore;

    @Override // org.springframework.beans.factory.InitializingBean
    public void afterPropertiesSet() throws Exception {
        this.keyStore = KeyStoreManager.getKeyStore(this.keyStorePath, this.keyStorePassword);
    }

    public void decrypt(EbMSMessage ebMSMessage) throws ValidatorException {
        try {
            if (this.cpaManager.isConfidential(ebMSMessage.getMessageHeader().getCPAId(), new CacheablePartyId(ebMSMessage.getMessageHeader().getFrom().getPartyId()), ebMSMessage.getMessageHeader().getFrom().getRole(), CPAUtils.toString(ebMSMessage.getMessageHeader().getService()), ebMSMessage.getMessageHeader().getAction())) {
                X509Certificate x509Certificate = CPAUtils.getX509Certificate(CPAUtils.getEncryptionCertificate(this.cpaManager.getReceiveDeliveryChannel(ebMSMessage.getMessageHeader().getCPAId(), new CacheablePartyId(ebMSMessage.getMessageHeader().getTo().getPartyId()), ebMSMessage.getMessageHeader().getTo().getRole(), CPAUtils.toString(ebMSMessage.getMessageHeader().getService()), ebMSMessage.getMessageHeader().getAction())));
                String certificateAlias = this.keyStore.getCertificateAlias(x509Certificate);
                if (certificateAlias == null) {
                    throw new ValidationException("No certificate found with subject \"" + x509Certificate.getSubjectDN().getName() + "\" (" + x509Certificate.getSerialNumber().toString(16) + ") in keystore \"" + this.keyStorePath + "\"");
                }
                KeyPair keyPair = SecurityUtils.getKeyPair(this.keyStore, certificateAlias, this.keyStorePassword);
                ArrayList arrayList = new ArrayList();
                Iterator<EbMSAttachment> it = ebMSMessage.getAttachments().iterator();
                while (it.hasNext()) {
                    arrayList.add(decrypt(keyPair, it.next()));
                }
                ebMSMessage.setAttachments(arrayList);
            }
        } catch (IOException | GeneralSecurityException | ParserConfigurationException e) {
            throw new ValidatorException(e);
        }
    }

    private XMLCipher createXmlCipher(KeyPair keyPair) throws XMLEncryptionException, GeneralSecurityException {
        XMLCipher xMLCipher = XMLCipher.getInstance();
        xMLCipher.init(2, null);
        xMLCipher.setKEK(keyPair.getPrivate());
        return xMLCipher;
    }

    private EbMSAttachment decrypt(KeyPair keyPair, EbMSAttachment ebMSAttachment) throws ParserConfigurationException, IOException, GeneralSecurityException, EbMSValidationException {
        try {
            Document read = DOMUtils.read(ebMSAttachment.getInputStream());
            if (read.getElementsByTagNameNS(EncryptionConstants.EncryptionSpecNS, EncryptionConstants._TAG_ENCRYPTEDDATA).getLength() == 0) {
                throw new EbMSProcessingException("Attachment " + ebMSAttachment.getContentId() + " not encrypted!");
            }
            Element element = (Element) read.getElementsByTagNameNS(EncryptionConstants.EncryptionSpecNS, EncryptionConstants._TAG_ENCRYPTEDDATA).item(0);
            ByteArrayDataSource byteArrayDataSource = new ByteArrayDataSource(new ByteArrayInputStream(createXmlCipher(keyPair).decryptToByteArray(element)), element.getAttribute("MimeType"));
            byteArrayDataSource.setName(ebMSAttachment.getName());
            return new EbMSAttachment(byteArrayDataSource, ebMSAttachment.getContentId());
        } catch (EbMSProcessingException | XMLSecurityException | SAXException e) {
            throw new EbMSValidationException(EbMSMessageUtils.createError(Constants.CID + ebMSAttachment.getContentId(), Constants.EbMSErrorCode.SECURITY_FAILURE, e.getMessage()));
        }
    }

    public void setCpaManager(CPAManager cPAManager) {
        this.cpaManager = cPAManager;
    }

    public void setKeyStorePath(String str) {
        this.keyStorePath = str;
    }

    public void setKeyStorePassword(String str) {
        this.keyStorePassword = str;
    }
}
