package org.kapott.hbci.security;

import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Random;
import org.kapott.hbci.exceptions.HBCI_Exception;
import org.kapott.hbci.manager.HBCIUtils;
import org.kapott.hbci.passport.HBCIPassportInternal;
import org.kapott.hbci.protocol.Message;
import org.kapott.hbci.protocol.MultipleSEGs;
import org.kapott.hbci.protocol.MultipleSyntaxElements;
import org.kapott.hbci.protocol.SEG;
import org.kapott.hbci.protocol.SyntaxElement;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Element;

/* loaded from: input_file:org/kapott/hbci/security/Sig.class */
public final class Sig {
    private static final Logger log = LoggerFactory.getLogger(Sig.class);
    public static final String SECFUNC_HBCI_SIG_RDH = "1";
    public static final String SECFUNC_HBCI_SIG_DDV = "2";
    public static final String SECFUNC_FINTS_SIG_DIG = "1";
    public static final String SECFUNC_FINTS_SIG_SIG = "2";
    public static final String SECFUNC_SIG_PT_1STEP = "999";
    public static final String SECFUNC_SIG_PT_2STEP_MIN = "900";
    public static final String SECFUNC_SIG_PT_2STEP_MAX = "997";
    public static final String HASHALG_SHA1 = "1";
    public static final String HASHALG_SHA256 = "3";
    public static final String HASHALG_SHA384 = "4";
    public static final String HASHALG_SHA512 = "5";
    public static final String HASHALG_SHA256_SHA256 = "6";
    public static final String HASHALG_RIPEMD160 = "999";
    public static final String SIGALG_DES = "1";
    public static final String SIGALG_RSA = "10";
    public static final String SIGMODE_ISO9796_1 = "16";
    public static final String SIGMODE_ISO9796_2 = "17";
    public static final String SIGMODE_PKCS1 = "18";
    public static final String SIGMODE_PSS = "19";
    public static final String SIGMODE_RETAIL_MAC = "999";
    private String u_secfunc;
    private String u_cid;
    private String u_role;
    private String u_range;
    private String u_keyblz;
    private String u_keycountry;
    private String u_keyuserid;
    private String u_keynum;
    private String u_keyversion;
    private String u_sysid;
    private String u_sigid;
    private String u_sigalg;
    private String u_sigmode;
    private String u_hashalg;
    private String sigstring;

    public boolean signIt(Message message, HBCIPassportInternal hBCIPassportInternal) {
        if (((Element) message.getSyntaxDef(message.getName(), hBCIPassportInternal.getSyntaxDocument())).getAttribute("dontsign").length() != 0) {
            log.debug("did not sign - message does not want to be signed");
            return true;
        }
        try {
            List<MultipleSyntaxElements> childContainers = message.getChildContainers();
            List<SyntaxElement> elements = childContainers.get(1).getElements();
            List<SyntaxElement> elements2 = childContainers.get(childContainers.size() - 2).getElements();
            SEG seg = new SEG("SigHeadUser", "SigHead", message.getName(), 0, hBCIPassportInternal.getSyntaxDocument());
            elements.set(0, seg);
            SEG seg2 = new SEG("SigTailUser", "SigTail", message.getName(), 0, hBCIPassportInternal.getSyntaxDocument());
            elements2.set(0, seg2);
            this.u_secfunc = hBCIPassportInternal.getSigFunction();
            this.u_cid = "";
            this.u_role = "1";
            this.u_range = "1";
            this.u_keyblz = hBCIPassportInternal.getBLZ();
            this.u_keycountry = hBCIPassportInternal.getCountry();
            this.u_keyuserid = hBCIPassportInternal.getMySigKeyName();
            this.u_keynum = hBCIPassportInternal.getMySigKeyNum();
            this.u_keyversion = hBCIPassportInternal.getMySigKeyVersion();
            this.u_sysid = hBCIPassportInternal.getSysId();
            this.u_sigid = hBCIPassportInternal.getSigId().toString();
            this.u_sigalg = hBCIPassportInternal.getSigAlg();
            this.u_sigmode = hBCIPassportInternal.getSigMode();
            this.u_hashalg = hBCIPassportInternal.getHashAlg();
            hBCIPassportInternal.incSigId();
            fillSigHead(seg, hBCIPassportInternal.getProfileMethod(), hBCIPassportInternal.getProfileVersion(), message.getName().endsWith("Res"));
            fillSigTail(seg, seg2);
            message.enumerateSegs(0, true);
            message.validate();
            message.enumerateSegs(1, true);
            List<MultipleSyntaxElements> childContainers2 = message.getChildContainers();
            SEG seg3 = (SEG) childContainers2.get(childContainers2.size() - 2).getElements().get(0);
            message.propagateValue(seg3.getPath() + ".UserSig.pin", hBCIPassportInternal.getPIN(), false, false);
            String needTAN = hBCIPassportInternal.getCallback().needTAN();
            if (needTAN != null) {
                message.propagateValue(seg3.getPath() + ".UserSig.tan", needTAN, false, false);
            }
            message.validate();
            message.enumerateSegs(1, true);
            message.autoSetMsgSize();
            return true;
        } catch (Exception e) {
            throw new HBCI_Exception("*** error while signing", e);
        }
    }

    private void fillSigHead(SEG seg, String str, String str2, boolean z) {
        String path = seg.getPath();
        String num = Integer.toString(Math.abs(new Random().nextInt()));
        Date date = new Date();
        seg.propagateValue(path + ".secfunc", this.u_secfunc, false, false);
        seg.propagateValue(path + ".seccheckref", num, false, false);
        seg.propagateValue(path + ".role", this.u_role, false, false);
        seg.propagateValue(path + ".SecIdnDetails.func", z ? "2" : "1", false, false);
        if (this.u_cid.length() != 0) {
            seg.propagateValue(path + ".SecIdnDetails.cid", "B" + this.u_cid, false, false);
        } else {
            seg.propagateValue(path + ".SecIdnDetails.sysid", this.u_sysid, false, false);
        }
        seg.propagateValue(path + ".SecTimestamp.date", HBCIUtils.date2StringISO(date), false, false);
        seg.propagateValue(path + ".SecTimestamp.time", HBCIUtils.time2StringISO(date), false, false);
        seg.propagateValue(path + ".secref", this.u_sigid, false, false);
        seg.propagateValue(path + ".HashAlg.alg", this.u_hashalg, false, false);
        seg.propagateValue(path + ".SigAlg.alg", this.u_sigalg, false, false);
        seg.propagateValue(path + ".SigAlg.mode", this.u_sigmode, false, false);
        seg.propagateValue(path + ".KeyName.KIK.country", this.u_keycountry, false, false);
        seg.propagateValue(path + ".KeyName.KIK.blz", this.u_keyblz, false, false);
        seg.propagateValue(path + ".KeyName.userid", this.u_keyuserid, false, false);
        seg.propagateValue(path + ".KeyName.keynum", this.u_keynum, false, false);
        seg.propagateValue(path + ".KeyName.keyversion", this.u_keyversion, false, false);
        seg.propagateValue(path + ".SecProfile.method", str, false, false);
        seg.propagateValue(path + ".SecProfile.version", str2, false, false);
    }

    private void fillSigTail(SEG seg, SEG seg2) {
        seg2.propagateValue(seg2.getPath() + ".seccheckref", seg.getValueOfDE(seg.getPath() + ".seccheckref"), false, false);
    }

    private void readSigHead(Message message, HBCIPassportInternal hBCIPassportInternal) {
        String str = message.getName() + ".SigHead";
        this.u_secfunc = message.getValueOfDE(str + ".secfunc");
        this.u_role = message.getValueOfDE(str + ".role");
        this.u_range = message.getValueOfDE(str + ".range");
        this.u_keycountry = message.getValueOfDE(str + ".KeyName.KIK.country");
        this.u_keyuserid = message.getValueOfDE(str + ".KeyName.userid");
        this.u_keynum = message.getValueOfDE(str + ".KeyName.keynum");
        this.u_keyversion = message.getValueOfDE(str + ".KeyName.keyversion");
        this.u_sigid = message.getValueOfDE(str + ".secref");
        this.u_sigalg = message.getValueOfDE(str + ".SigAlg.alg");
        this.u_sigmode = message.getValueOfDE(str + ".SigAlg.mode");
        this.u_hashalg = message.getValueOfDE(str + ".HashAlg.alg");
        try {
            this.u_keyblz = message.getValueOfDE(str + ".KeyName.KIK.blz");
        } catch (Exception e) {
            log.warn("missing bank code in message signature, ignoring...");
        }
        if (hBCIPassportInternal.needUserSig()) {
            HashMap<String, String> hashMap = new HashMap<>();
            message.extractValues(hashMap);
            String str2 = hashMap.get(message.getName() + ".SigTail.UserSig.pin");
            String str3 = hashMap.get(message.getName() + ".SigTail.UserSig.tan");
            this.sigstring = (str2 != null ? str2 : "") + "|" + (str3 != null ? str3 : "");
        } else {
            this.sigstring = message.getValueOfDE(message.getName() + ".SigTail.sig");
        }
        String valueOfDE = message.getValueOfDE(message.getName() + ".SigHead.seccheckref");
        String valueOfDE2 = message.getValueOfDE(message.getName() + ".SigTail.seccheckref");
        if (valueOfDE == null || !valueOfDE.equals(valueOfDE2)) {
            throw new HBCI_Exception(HBCIUtils.getLocMsg("EXCMSG_SIGREFFAIL"));
        }
    }

    private boolean hasSig(Message message) {
        boolean z = true;
        MultipleSyntaxElements multipleSyntaxElements = message.getChildContainers().get(1);
        if (multipleSyntaxElements instanceof MultipleSEGs) {
            SEG seg = null;
            try {
                seg = (SEG) multipleSyntaxElements.getElements().get(0);
            } catch (IndexOutOfBoundsException e) {
                z = false;
            }
            if (z && !seg.getCode().equals("HNSHK")) {
                z = false;
            }
        } else {
            z = false;
        }
        return z;
    }

    public boolean verify(Message message, HBCIPassportInternal hBCIPassportInternal) {
        if (!hBCIPassportInternal.hasInstSigKey()) {
            log.warn("can not check signature - no signature key available");
            return true;
        }
        if (((Element) message.getSyntaxDef(message.getName(), hBCIPassportInternal.getSyntaxDocument())).getAttribute("dontsign").length() != 0) {
            log.debug("message does not need a signature");
            return true;
        }
        if (hasSig(message)) {
            readSigHead(message, hBCIPassportInternal);
            return true;
        }
        log.warn("message has no signature");
        return true;
    }
}
