package com.bssys.kan.unp.service.handler;

import com.bssys.kan.dbaccess.dao.SystemPropertiesDao;
import com.bssys.kan.dbaccess.model.SecurityProtocols;
import com.bssys.kan.dbaccess.model.SystemProperties;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.StringWriter;
import java.util.HashSet;
import java.util.Set;
import javax.annotation.PostConstruct;
import javax.xml.namespace.QName;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.soap.SOAPBody;
import javax.xml.soap.SOAPMessage;
import javax.xml.transform.Source;
import javax.xml.transform.TransformerException;
import javax.xml.transform.TransformerFactory;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
import javax.xml.validation.SchemaFactory;
import javax.xml.validation.Validator;
import javax.xml.ws.handler.MessageContext;
import javax.xml.ws.handler.soap.SOAPMessageContext;
import oracle.jdbc.driver.DatabaseError;
import org.apache.commons.codec.binary.Base64;
import org.apache.cxf.message.Message;
import org.aspectj.lang.JoinPoint;
import org.aspectj.runtime.reflect.Factory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.transaction.aspectj.AnnotationTransactionAspect;
import org.w3c.dom.Document;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
import org.xml.sax.SAXException;
import ru.bss_s.cryptoservice._1.CryptoServicePortType;
import ru.bss_s.cryptoservice.desktop._1.ICryptoMethods;

/* loaded from: input_file:WEB-INF/lib/kan-unp-ws-client-jar-3.0.1.jar:com/bssys/kan/unp/service/handler/SecurityHandler.class */
public class SecurityHandler extends BaseHandler {
    private Logger logger = LoggerFactory.getLogger(getClass().getName());
    private static final String HTTP_WWW_W3_ORG_2001_XMLSCHEMA = "http://www.w3.org/2001/XMLSchema";
    private static final String UNP_SERVICE_NAME = "SmevUnifoServiceService";
    private static final String UNP_REQUEST_OPERATION_NAME_TRANSFER_MSG = "UnifoTransferMsg";
    private static final String UNP_RESPONSE_OPERATION_NAME_TRANSFER_MSG = "UnifoTransferMsg";
    private static final String UNP_SERVICE_MESSAGES_V1_NAMESPACE = "http://roskazna.ru/SmevUnifoService/";
    private static final String UNP_SERVICE_MESSAGE_DATA_XSD = "wsdl/xsd/request/smev.unifo.rev111111.xsd";
    private static final String UNP_SERVICE_MESSAGE_DATA_NS = "http://smev.gosuslugi.ru/rev111111";
    private static final String UNP_SERVICE_MESSAGE_DATA_ELEMENT = "MessageData";
    private static final String UNP_SERVICE_RESPONSE_TICKET_ELEMENT = "Ticket";
    private static final String UNP_SERVICE_RESPONSE_TICKET_NS = "http://roskazna.ru/xsd/Ticket";
    private static final String UNP_REQUEST_IMPORT_DATA_INCOME_ELEMENT = "Income";
    private static final String UNP_REQUEST_IMPORT_DATA_FINAL_PAYMENT_ELEMENT = "FinalPayment";
    private static final String UNP_REQUEST_IMPORT_DATA_SERVICE_CATALOG_ELEMENT = "ServiceCatalog";
    private static final String UNP_REQUEST_IMPORT_DATA_SERVICE_CATALOG_CHANGES_ELEMENT = "Changes";
    private static final String UNP_REQUEST_IMPORT_DATA_CHARGE_ELEMENT = "Charge";
    private static final String UNP_REQUEST_EXPORT_DATA_ELEMENT = "exportData";
    private static final String UNP_SERVICE_SIGNATURE_NAMESPACE = "http://www.w3.org/2000/09/xmldsig#";
    private static final String UNP_RESPONSE_OPERATION_SIGNATURE_ELEMENT = "Signature";

    @Autowired
    private CryptoServicePortType cryptoServiceClient;

    @Autowired
    private ICryptoMethods cryptoBssDeServiceClient;

    @Autowired
    private SystemPropertiesDao systemPropertiesDao;
    private DocumentBuilderFactory dbfDoc;
    private ClassLoader classLoader;
    private Validator unpSchemaValidator;
    private String PROTOCOL_SECURITY;
    private static final /* synthetic */ JoinPoint.StaticPart ajc$tjp_0 = null;
    private static final /* synthetic */ JoinPoint.StaticPart ajc$tjp_1 = null;

    @Transactional
    @PostConstruct
    public void init() {
        try {
            try {
                AnnotationTransactionAspect.aspectOf().ajc$before$org_springframework_transaction_aspectj_AbstractTransactionAspect$1$2a73e96c(this, ajc$tjp_0);
                this.dbfDoc = DocumentBuilderFactory.newInstance();
                this.dbfDoc.setNamespaceAware(true);
                this.classLoader = Thread.currentThread().getContextClassLoader();
                initUnpValidationSchema();
                SystemProperties next = this.systemPropertiesDao.getAll().iterator().next();
                if (next != null) {
                    this.PROTOCOL_SECURITY = next.getSecurityProtocols().getProtocol();
                }
                AnnotationTransactionAspect.aspectOf().ajc$afterReturning$org_springframework_transaction_aspectj_AbstractTransactionAspect$3$2a73e96c(this);
            } catch (Throwable th) {
                AnnotationTransactionAspect.aspectOf().ajc$afterThrowing$org_springframework_transaction_aspectj_AbstractTransactionAspect$2$2a73e96c(this, th);
                throw th;
            }
        } finally {
            AnnotationTransactionAspect.aspectOf().ajc$after$org_springframework_transaction_aspectj_AbstractTransactionAspect$4$2a73e96c(this);
        }
    }

    @Override // com.bssys.kan.unp.service.handler.BaseHandler
    public Set<QName> getHeaders() {
        return new HashSet();
    }

    public boolean handleMessage(SOAPMessageContext sOAPMessageContext) {
        byte[] decodeBase64;
        NodeList elementsByTagNameNS;
        NodeList elementsByTagNameNS2;
        NodeList elementsByTagNameNS3;
        NodeList elementsByTagNameNS4;
        NodeList elementsByTagNameNS5;
        try {
            String localPart = ((QName) sOAPMessageContext.get(Message.WSDL_SERVICE)).getLocalPart();
            Boolean bool = (Boolean) sOAPMessageContext.get("javax.xml.ws.handler.message.outbound");
            SOAPMessage message = sOAPMessageContext.getMessage();
            if (message == null) {
                return true;
            }
            SOAPBody sOAPBody = message.getSOAPBody();
            String operationName = getOperationName(sOAPBody);
            if (!UNP_SERVICE_NAME.equals(localPart)) {
                return true;
            }
            if (!bool.booleanValue()) {
                if (!"UnifoTransferMsg".equals(operationName)) {
                    throw new RuntimeException("Wrong UNP Service response.");
                }
                validateUnpServiceMessage(sOAPBody.getElementsByTagNameNS(UNP_SERVICE_MESSAGE_DATA_NS, UNP_SERVICE_MESSAGE_DATA_ELEMENT).item(0));
                Node item = sOAPBody.getElementsByTagNameNS(UNP_SERVICE_RESPONSE_TICKET_NS, UNP_SERVICE_RESPONSE_TICKET_ELEMENT).item(0);
                NodeList elementsByTagNameNS6 = sOAPBody.getElementsByTagNameNS("http://www.w3.org/2000/09/xmldsig#", "Signature");
                if (elementsByTagNameNS6 == null || elementsByTagNameNS6.getLength() <= 0) {
                    return true;
                }
                checkMessageSignature(item);
                return true;
            }
            if (!"UnifoTransferMsg".equals(operationName)) {
                throw new RuntimeException("Wrong UNP Service request.");
            }
            Document parse = this.dbfDoc.newDocumentBuilder().parse(new ByteArrayInputStream(nodeToString(sOAPBody.getElementsByTagNameNS(UNP_SERVICE_MESSAGES_V1_NAMESPACE, "UnifoTransferMsg").item(0)).getBytes("UTF-8")));
            Document document = null;
            NodeList elementsByTagNameNS7 = sOAPBody.getElementsByTagNameNS((String) null, UNP_REQUEST_IMPORT_DATA_INCOME_ELEMENT);
            if (elementsByTagNameNS7 != null && elementsByTagNameNS7.getLength() > 0) {
                document = signNodeByCriteriaNS(parse, null, UNP_REQUEST_IMPORT_DATA_INCOME_ELEMENT);
            }
            if (document == null && (elementsByTagNameNS5 = sOAPBody.getElementsByTagNameNS((String) null, UNP_REQUEST_IMPORT_DATA_FINAL_PAYMENT_ELEMENT)) != null && elementsByTagNameNS5.getLength() > 0) {
                document = signNodeByCriteriaNS(parse, null, UNP_REQUEST_IMPORT_DATA_FINAL_PAYMENT_ELEMENT);
            }
            if (document == null && (elementsByTagNameNS4 = sOAPBody.getElementsByTagNameNS((String) null, UNP_REQUEST_IMPORT_DATA_SERVICE_CATALOG_ELEMENT)) != null && elementsByTagNameNS4.getLength() > 0) {
                document = signNodeByCriteriaNS(parse, null, UNP_REQUEST_IMPORT_DATA_SERVICE_CATALOG_ELEMENT);
            }
            if (document == null && (elementsByTagNameNS3 = sOAPBody.getElementsByTagNameNS((String) null, UNP_REQUEST_IMPORT_DATA_SERVICE_CATALOG_CHANGES_ELEMENT)) != null && elementsByTagNameNS3.getLength() > 0) {
                document = signNodeByCriteriaNS(parse, null, UNP_REQUEST_IMPORT_DATA_SERVICE_CATALOG_CHANGES_ELEMENT);
            }
            if (document == null && (elementsByTagNameNS2 = sOAPBody.getElementsByTagNameNS((String) null, UNP_REQUEST_IMPORT_DATA_CHARGE_ELEMENT)) != null && elementsByTagNameNS2.getLength() > 0) {
                document = signNodeByCriteriaNS(parse, null, UNP_REQUEST_IMPORT_DATA_CHARGE_ELEMENT);
            }
            if (document == null && (elementsByTagNameNS = sOAPBody.getElementsByTagNameNS((String) null, UNP_REQUEST_EXPORT_DATA_ELEMENT)) != null && elementsByTagNameNS.getLength() > 0) {
                document = signNodeByCriteriaNS(parse, null, UNP_REQUEST_EXPORT_DATA_ELEMENT);
            }
            if (document == null) {
                document = parse;
            }
            validateUnpServiceMessage(sOAPBody.getElementsByTagNameNS(UNP_SERVICE_MESSAGE_DATA_NS, UNP_SERVICE_MESSAGE_DATA_ELEMENT).item(0));
            sOAPBody.removeContents();
            sOAPBody.addDocument(document);
            if (this.PROTOCOL_SECURITY.equals(SecurityProtocols.PROTOCOL_BSS_SERVER)) {
                this.cryptoServiceClient.getRequestContext().put("javax.xml.ws.service.endpoint.address", getCryptoServiceUrl());
                decodeBase64 = this.cryptoServiceClient.createSmevHeaderSecurity(nodeToString(message.getSOAPPart().getEnvelope()).getBytes("UTF-8"));
            } else {
                if (!this.PROTOCOL_SECURITY.equals(SecurityProtocols.PROTOCOL_BSS_DESKTOP)) {
                    throw new RuntimeException("Неподдерживаемый протокол взаимодействия с крипто сервисом.");
                }
                this.cryptoBssDeServiceClient.getRequestContext().put("javax.xml.ws.service.endpoint.address", getCryptoServiceUrl());
                String createSmevHeaderSecurity = this.cryptoBssDeServiceClient.createSmevHeaderSecurity(new String(Base64.encodeBase64(nodeToString(message.getSOAPPart().getEnvelope()).getBytes("UTF-8")), "UTF-8"));
                if (createSmevHeaderSecurity == null) {
                    throw new RuntimeException("КС DE вернул пустой ответ на подписание createSmevHeaderSecurity.");
                }
                decodeBase64 = Base64.decodeBase64(createSmevHeaderSecurity.getBytes("UTF-8"));
            }
            this.logger.debug("ServiceName: '{}', operationName: '{}', Outbound SOAP message after SignXML:", localPart, operationName);
            this.logger.debug(new String(decodeBase64, "UTF-8"));
            sOAPMessageContext.getMessage().getSOAPPart().setContent(new DOMSource(parse(decodeBase64)));
            sOAPMessageContext.getMessage().saveChanges();
            return true;
        } catch (Exception e) {
            this.logger.error(e.getMessage(), (Throwable) e);
            throw new RuntimeException("SOAPException was thrown.", e);
        }
    }

    private Document parse(byte[] bArr) throws SAXException, IOException, ParserConfigurationException {
        DocumentBuilderFactory newInstance = DocumentBuilderFactory.newInstance();
        newInstance.setNamespaceAware(true);
        return newInstance.newDocumentBuilder().parse(new ByteArrayInputStream(bArr));
    }

    private void initUnpValidationSchema() {
        try {
            this.unpSchemaValidator = SchemaFactory.newInstance("http://www.w3.org/2001/XMLSchema").newSchema(this.classLoader.getResource(UNP_SERVICE_MESSAGE_DATA_XSD)).newValidator();
        } catch (SAXException e) {
            this.logger.error(e.getMessage(), (Throwable) e);
            throw new RuntimeException(e);
        }
    }

    public void checkMessageSignature(Node node) throws Exception {
        if (this.PROTOCOL_SECURITY.equals(SecurityProtocols.PROTOCOL_BSS_SERVER)) {
            this.cryptoServiceClient.getRequestContext().put("javax.xml.ws.service.endpoint.address", getCryptoServiceUrl());
            if (!"VALID".equalsIgnoreCase(this.cryptoServiceClient.checkXml(nodeToString(node).getBytes("UTF-8")).getResultCode())) {
                throw new RuntimeException("Неверная ЭЦП.");
            }
        } else {
            if (!this.PROTOCOL_SECURITY.equals(SecurityProtocols.PROTOCOL_BSS_DESKTOP)) {
                throw new RuntimeException("Неподдерживаемый протокол взаимодействия с крипто сервисом.");
            }
            this.cryptoBssDeServiceClient.getRequestContext().put("javax.xml.ws.service.endpoint.address", getCryptoServiceUrl());
            if (!"VALID".equalsIgnoreCase(this.cryptoBssDeServiceClient.checkXmlTagEx(new String(Base64.encodeBase64(nodeToString(node).getBytes("UTF-8")), "UTF-8"), null, null))) {
                throw new RuntimeException("Неверная ЭЦП.");
            }
        }
    }

    private Document signNodeByCriteriaNS(Document document, String str, String str2) throws Exception {
        byte[] decodeBase64;
        NodeList elementsByTagNameNS = document.getElementsByTagNameNS(str, str2);
        int length = elementsByTagNameNS.getLength();
        for (int i = 0; i < length; i++) {
            Node item = elementsByTagNameNS.item(i);
            this.logger.debug("Подписываем исходящее сообщение. Протакол [{}], Адрес крипто-сервиса [{}]", this.PROTOCOL_SECURITY, getCryptoServiceUrl());
            if (this.PROTOCOL_SECURITY.equals(SecurityProtocols.PROTOCOL_BSS_SERVER)) {
                this.cryptoServiceClient.getRequestContext().put("javax.xml.ws.service.endpoint.address", getCryptoServiceUrl());
                decodeBase64 = this.cryptoServiceClient.signXml(nodeToString(item).getBytes("UTF-8"));
            } else {
                if (!this.PROTOCOL_SECURITY.equals(SecurityProtocols.PROTOCOL_BSS_DESKTOP)) {
                    throw new RuntimeException("Неподдерживаемый протокол взаимодействия с крипто сервисом.");
                }
                this.cryptoBssDeServiceClient.getRequestContext().put("javax.xml.ws.service.endpoint.address", getCryptoServiceUrl());
                String signXmlTagEx = this.cryptoBssDeServiceClient.signXmlTagEx(new String(Base64.encodeBase64(nodeToString(item).getBytes("UTF-8")), "UTF-8"), "/*", "1", "UTF-8");
                if (signXmlTagEx == null) {
                    throw new RuntimeException("КС DE вернул пустой ответ на подписание signXmlTagEx.");
                }
                decodeBase64 = Base64.decodeBase64(signXmlTagEx.getBytes("UTF-8"));
            }
            item.getParentNode().replaceChild(document.importNode(this.dbfDoc.newDocumentBuilder().parse(new ByteArrayInputStream(decodeBase64)).getChildNodes().item(0), true), item);
        }
        return document;
    }

    public String sourceToString(Source source) {
        try {
            StringWriter stringWriter = new StringWriter();
            TransformerFactory.newInstance().newTransformer().transform(source, new StreamResult(stringWriter));
            return stringWriter.toString();
        } catch (TransformerException e) {
            e.printStackTrace();
            return null;
        }
    }

    private synchronized void validateUnpServiceMessage(Node node) throws Exception {
        try {
            this.unpSchemaValidator.validate(new DOMSource(node));
        } catch (Exception e) {
            this.logger.error("Validation exception.");
            throw e;
        }
    }

    @Override // com.bssys.kan.unp.service.handler.BaseHandler
    public void close(MessageContext messageContext) {
    }

    @Transactional(readOnly = true)
    private String getCryptoServiceUrl() {
        try {
            try {
                AnnotationTransactionAspect.aspectOf().ajc$before$org_springframework_transaction_aspectj_AbstractTransactionAspect$1$2a73e96c(this, ajc$tjp_1);
                SystemProperties next = this.systemPropertiesDao.getAll().iterator().next();
                String cryptoServiceUrl = next != null ? next.getCryptoServiceUrl() : null;
                AnnotationTransactionAspect.aspectOf().ajc$afterReturning$org_springframework_transaction_aspectj_AbstractTransactionAspect$3$2a73e96c(this);
                return cryptoServiceUrl;
            } catch (Throwable th) {
                AnnotationTransactionAspect.aspectOf().ajc$afterThrowing$org_springframework_transaction_aspectj_AbstractTransactionAspect$2$2a73e96c(this, th);
                throw th;
            }
        } finally {
            AnnotationTransactionAspect.aspectOf().ajc$after$org_springframework_transaction_aspectj_AbstractTransactionAspect$4$2a73e96c(this);
        }
    }

    static {
        ajc$preClinit();
    }

    private static /* synthetic */ void ajc$preClinit() {
        Factory factory = new Factory("SecurityHandler.java", SecurityHandler.class);
        ajc$tjp_0 = factory.makeSJP(JoinPoint.METHOD_EXECUTION, factory.makeMethodSig("1", "init", "com.bssys.kan.unp.service.handler.SecurityHandler", "", "", "", "void"), 92);
        ajc$tjp_1 = factory.makeSJP(JoinPoint.METHOD_EXECUTION, factory.makeMethodSig("2", "getCryptoServiceUrl", "com.bssys.kan.unp.service.handler.SecurityHandler", "", "", "", "java.lang.String"), DatabaseError.EOJ_JRS_CANT_CREATE_OBJ_COPY);
    }
}
