package com.bssys.unp.main.service.interceptor;

import com.bssys.unp.main.service.exception.SigntureElementCheckException;
import com.bssys.unp.main.service.exception.SmevHeaderCheckException;
import com.bssys.unp.main.service.exception.ValidationException;
import com.bssys.unp.main.service.gisgmp.GisGmpServiceUtilConstants;
import com.bssys.unp.main.service.interceptor.common.BaseInterceptor;
import com.bssys.unp.main.service.util.ErrorBean;
import java.util.LinkedList;
import javax.xml.soap.SOAPBody;
import javax.xml.soap.SOAPMessage;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.codec.binary.StringUtils;
import org.apache.cxf.binding.soap.SoapMessage;
import org.apache.cxf.binding.soap.interceptor.SoapActionInInterceptor;
import org.apache.cxf.interceptor.Fault;
import org.apache.cxf.phase.Phase;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
import ru.bss_s.cryptoservice._1.SignXmlTagRequest;

/* loaded from: input_file:unp-main-service-war-8.0.9.war:WEB-INF/classes/com/bssys/unp/main/service/interceptor/SecurityInInterceptor.class */
public class SecurityInInterceptor extends BaseInterceptor {
    private static final String UNIFO_TRANSFER_MSG_MESSAGE_SENDER_ELEMENT = "Sender";
    private static final String UNIFO_TRANSFER_MSG_MESSAGE_SENDER_CODE_ELEMENT = "Code";
    private static final String UNIFO_TRANSFER_MSG_MESSAGE_SENDER_NAME_ELEMENT = "Name";
    private static final String IMPORT_REQUEST_ELEMENT = "ImportRequest";
    private static final String PACKAGE_STATUS_REQUEST_ELEMENT = "PackageStatusRequest";
    private static final String IMPORT_CERTIFICATE_REQUEST_ELEMENT = "ImportCertificateRequest";
    private static final String EXPORT_REQUEST_ELEMENT = "ExportRequest";
    private static final String DO_ACKNOWLEDGEMENT_REQUEST_ELEMENT = "DoAcknowledgmentRequest";
    private static final String CHARGE_CREATION_REQUEST_ELEMENT = "ChargeCreationRequest";
    private static final String IMPORT_REQUEST_ELEMENT_NS = "http://roskazna.ru/gisgmp/xsd/116/MessageData";
    private static final String IMPORT_CATALOG_REQUEST_ELEMENT = "ImportCatalogRequest";
    private static final String IMPORT_CATALOG_REQUEST_CHILD_CHANGES = "Changes";
    private static final String IMPORT_CATALOG_REQUEST_CHILD_SERVICE_CATALOG = "ServiceCatalog";
    private static final String IMPORT_CATALOG_REQUEST_ELEMENT_NS = "http://roskazna.ru/gisgmp/xsd/116/MessageData";
    private static final String UNIFO_TRANSFER_MSG_CHARGE_DATA_ELEMENT = "Charge";
    private static final String UNIFO_TRANSFER_MSG_CHARGE_DATA_ELEMENT_NS = "http://roskazna.ru/gisgmp/xsd/116/Charge";
    private static final String FINAL_PAYMENT_ELEMENT = "FinalPayment";
    private static final String FINAL_PAYMENT_ELEMENT_NS = "http://roskazna.ru/gisgmp/xsd/116/PaymentInfo";
    private static final String INCOME_ELEMENT = "Income";
    private static final String INCOME_ELEMENT_NS = "http://roskazna.ru/gisgmp/xsd/116/Income";
    private static final String REQ_MESSAGE_SIGNATURE_ELEMENT = "Signature";
    private static final String REQ_MESSAGE_SIGNATURE_ELEMENT_NS = "http://www.w3.org/2000/09/xmldsig#";
    private static final String INCOME_SIGNATURE_ELEMENT = "Signature";
    private static final String INCOME_SIGNATURE_ELEMENT_NS = "http://www.w3.org/2000/09/xmldsig#";
    private static final String REQ_MESSAGE_SIGNATURE_XADES_BES_ELEMENT = "QualifyingProperties";
    private static final String REQ_MESSAGE_SIGNATURE_XADES_BES_ELEMENT_NS = "http://uri.etsi.org/01903/v1.1.1#";
    private static final String REQ_MESSAGE_SIGNATURE_XADES_T_ELEMENT = "SignatureTimeStamp";
    private static final String REQ_MESSAGE_SIGNATURE_XADES_T_ELEMENT_NS = "http://uri.etsi.org/01903/v1.1.1#";
    public static final String ENVELOPE_SRC = "ENVELOPE_SRC";
    public static final String MESSAGE_DATA_SRC = "MESSAGE_DATA_SRC";
    public static final String CHARGES_SRC = "CHARGES_SRC";
    public static final String PAYMENTS_SRC = "PAYMENTS_SRC";
    public static final String INCOMES_SRC = "INCOMES_SRC";
    public static final String IMPORT_CATALOG_SRC = "IMPORT_CATALOG_SRC";

    public SecurityInInterceptor() {
        super(Phase.UNMARSHAL);
    }

    @Override // org.apache.cxf.interceptor.Interceptor
    public void handleMessage(SoapMessage soapMessage) throws Fault {
        try {
            String soapAction = SoapActionInInterceptor.getSoapAction(soapMessage);
            this.logger.debug("Operation name is {}", soapAction);
            SOAPMessage sOAPMessage = (SOAPMessage) soapMessage.getContent(SOAPMessage.class);
            if (sOAPMessage != null) {
                byte[] bytesUtf8 = StringUtils.getBytesUtf8(nodeToString(sOAPMessage.getSOAPPart().getEnvelope()));
                soapMessage.put(ENVELOPE_SRC, Base64.encodeBase64String(bytesUtf8));
                SOAPBody sOAPBody = sOAPMessage.getSOAPBody();
                if (!"http://roskazna.ru/gisgmp/02000000/SmevGISGMPService/GISGMPTransferMsg".equals(soapAction)) {
                    createErrorResponse(soapMessage, ErrorBean.SOAP_ACTION_WRONG, null, null, null);
                    return;
                }
                Node validateNodeFirstChildRequired = validateNodeFirstChildRequired("GISGMPTransferMsg", "http://roskazna.ru/gisgmp/02000000/SmevGISGMPService/", sOAPBody);
                Node item = getNodeListByNameNS(UNIFO_TRANSFER_MSG_MESSAGE_SENDER_ELEMENT, "http://smev.gosuslugi.ru/rev120315", validateNodeRequired("Message", "http://smev.gosuslugi.ru/rev120315", validateNodeFirstChildRequired)).item(0);
                String textContent = getNodeListByNameNS("Code", "http://smev.gosuslugi.ru/rev120315", item).item(0).getTextContent();
                String textContent2 = getNodeListByNameNS("Name", "http://smev.gosuslugi.ru/rev120315", item).item(0).getTextContent();
                Node validateNodeRequired = validateNodeRequired("MessageData", "http://smev.gosuslugi.ru/rev120315", validateNodeFirstChildRequired);
                Node item2 = getNodeListByNameNS(GisGmpServiceUtilConstants.GISGMP_TRANSFER_MSG_REQUEST_MESSAGE_ELEMENT, GisGmpServiceUtilConstants.GISGMP_TRANSFER_MSG_REQUEST_MESSAGE_ELEMENT_NS, validateNodeRequired).item(0);
                String textContent3 = item2.getAttributes().getNamedItem("Id").getTextContent();
                if (!checkSmevHeaderSignature(bytesUtf8)) {
                    this.logger.error("Invalid Smev Header Signature.");
                    throw new SmevHeaderCheckException("Invalid Smev Header Signature.");
                }
                if (this.IS_CHECK_SIGNATURE && getNodeOnlyChildrenByNameNS("Signature", GisGmpServiceUtilConstants.GISGMP_TRANSFER_MSG_SIGNATURE_ELEMENT_NS, item2) != null && !checkNodeSignature(item2)) {
                    this.logger.error("Invalid RequestMessage Signature.");
                    throw new SigntureElementCheckException("Invalid RequestMessage Signature.");
                }
                Node firstChildNode = getFirstChildNode(item2);
                String localName = firstChildNode.getLocalName();
                if (!IMPORT_REQUEST_ELEMENT.equals(localName)) {
                    if (IMPORT_CATALOG_REQUEST_ELEMENT.equals(localName)) {
                        if (this.IS_CHECK_SIGNATURE) {
                            Node firstChildNode2 = getFirstChildNode(firstChildNode);
                            String nodeName = firstChildNode2.getNodeName();
                            if ((IMPORT_CATALOG_REQUEST_CHILD_CHANGES.equals(nodeName) || IMPORT_CATALOG_REQUEST_CHILD_SERVICE_CATALOG.equals(nodeName)) && getNodeOnlyChildrenByNameNS("Signature", GisGmpServiceUtilConstants.GISGMP_TRANSFER_MSG_SIGNATURE_ELEMENT_NS, firstChildNode2) != null && !checkNodeSignature(firstChildNode2)) {
                                this.logger.error("Invalid {} Signature.", nodeName);
                                throw new SigntureElementCheckException("Invalid " + nodeName + " Signature.");
                            }
                        }
                        soapMessage.put(IMPORT_CATALOG_SRC, Base64.encodeBase64String(StringUtils.getBytesUtf8(nodeToString(firstChildNode))));
                        return;
                    }
                    if (PACKAGE_STATUS_REQUEST_ELEMENT.equals(localName)) {
                        soapMessage.put(MESSAGE_DATA_SRC, (Object) validateNodeRequired);
                        return;
                    }
                    if (IMPORT_CERTIFICATE_REQUEST_ELEMENT.equals(localName)) {
                        soapMessage.put(MESSAGE_DATA_SRC, (Object) validateNodeRequired);
                        return;
                    }
                    if ("ExportRequest".equals(localName)) {
                        soapMessage.put(MESSAGE_DATA_SRC, (Object) validateNodeRequired);
                        if (!this.IS_CHECK_SIGNATURE || getNodeOnlyChildrenByNameNS("Signature", GisGmpServiceUtilConstants.GISGMP_TRANSFER_MSG_SIGNATURE_ELEMENT_NS, firstChildNode) == null || checkNodeSignature(firstChildNode)) {
                            return;
                        }
                        this.logger.error("Invalid ExportRequest Signature.");
                        throw new SigntureElementCheckException("Invalid ExportRequest Signature.");
                    }
                    if ("DoAcknowledgmentRequest".equals(localName)) {
                        soapMessage.put(MESSAGE_DATA_SRC, (Object) validateNodeRequired);
                        if (!this.IS_CHECK_SIGNATURE || getNodeOnlyChildrenByNameNS("Signature", GisGmpServiceUtilConstants.GISGMP_TRANSFER_MSG_SIGNATURE_ELEMENT_NS, firstChildNode) == null || checkNodeSignature(firstChildNode)) {
                            return;
                        }
                        this.logger.error("Invalid DoAcknowledgmentRequest Signature.");
                        throw new SigntureElementCheckException("Invalid DoAcknowledgmentRequest Signature.");
                    }
                    if ("ChargeCreationRequest".equals(localName)) {
                        soapMessage.put(MESSAGE_DATA_SRC, (Object) validateNodeRequired);
                        if (!this.IS_CHECK_SIGNATURE || getNodeOnlyChildrenByNameNS("Signature", GisGmpServiceUtilConstants.GISGMP_TRANSFER_MSG_SIGNATURE_ELEMENT_NS, firstChildNode) == null || checkNodeSignature(firstChildNode)) {
                            return;
                        }
                        this.logger.error("Invalid ChargeCreationRequest Signature.");
                        throw new SigntureElementCheckException("Invalid ChargeCreationRequest Signature.");
                    }
                    return;
                }
                boolean z = false;
                boolean z2 = false;
                boolean z3 = false;
                NodeList nodeListByNameNS = getNodeListByNameNS(UNIFO_TRANSFER_MSG_CHARGE_DATA_ELEMENT, UNIFO_TRANSFER_MSG_CHARGE_DATA_ELEMENT_NS, validateNodeFirstChildRequired);
                if (nodeListByNameNS != null && nodeListByNameNS.getLength() > 0) {
                    z = true;
                }
                NodeList nodeListByNameNS2 = getNodeListByNameNS(FINAL_PAYMENT_ELEMENT, FINAL_PAYMENT_ELEMENT_NS, validateNodeFirstChildRequired);
                if (nodeListByNameNS2 != null && nodeListByNameNS2.getLength() > 0) {
                    z2 = true;
                }
                NodeList nodeListByNameNS3 = getNodeListByNameNS(INCOME_ELEMENT, INCOME_ELEMENT_NS, validateNodeFirstChildRequired);
                if (nodeListByNameNS3 != null && nodeListByNameNS3.getLength() > 0) {
                    z3 = true;
                }
                if ((z && z2) || ((z2 && z3) || (z && z3))) {
                    createErrorResponse(soapMessage, ErrorBean.IMPORT_BOTH_WRONG, textContent, textContent2, textContent3);
                }
                if (z) {
                    LinkedList linkedList = new LinkedList();
                    for (int i = 0; i < nodeListByNameNS.getLength(); i++) {
                        Node item3 = nodeListByNameNS.item(i);
                        DocumentSrcBean documentSrcBean = new DocumentSrcBean();
                        documentSrcBean.setSrc(nodeToString(item3).getBytes("UTF-8"));
                        if (this.IS_CHECK_SIGNATURE && !checkNodeSignature(item3)) {
                            this.logger.error("Invalid Charge Signature.");
                            throw new SigntureElementCheckException("Invalid Charge Signature.");
                        }
                        NodeList nodeListByNameNS4 = getNodeListByNameNS(REQ_MESSAGE_SIGNATURE_XADES_T_ELEMENT, "http://uri.etsi.org/01903/v1.1.1#", item3);
                        if (nodeListByNameNS4 == null || nodeListByNameNS4.getLength() != 1) {
                            NodeList nodeListByNameNS5 = getNodeListByNameNS(REQ_MESSAGE_SIGNATURE_XADES_BES_ELEMENT, "http://uri.etsi.org/01903/v1.1.1#", item3);
                            if (nodeListByNameNS5 != null && nodeListByNameNS5.getLength() == 1) {
                                SignXmlTagRequest signXmlTagRequest = new SignXmlTagRequest();
                                signXmlTagRequest.setMethod("xades_t");
                                signXmlTagRequest.setBase64Data(nodeToString(item3).getBytes("UTF-8"));
                                try {
                                    documentSrcBean.setSrcT(this.cryptoServiceClient.signXmlTag(signXmlTagRequest));
                                } catch (Exception e) {
                                    this.logger.error(e.getMessage(), (Throwable) e);
                                }
                            }
                        } else {
                            documentSrcBean.setSrcT(documentSrcBean.getSrc());
                        }
                        linkedList.add(documentSrcBean);
                    }
                    soapMessage.put(CHARGES_SRC, (Object) linkedList);
                }
                if (z2) {
                    LinkedList linkedList2 = new LinkedList();
                    for (int i2 = 0; i2 < nodeListByNameNS2.getLength(); i2++) {
                        Node item4 = nodeListByNameNS2.item(i2);
                        DocumentSrcBean documentSrcBean2 = new DocumentSrcBean();
                        documentSrcBean2.setSrc(nodeToString(item4).getBytes("UTF-8"));
                        if (this.IS_CHECK_SIGNATURE && !checkNodeSignature(item4)) {
                            this.logger.error("Invalid FinalPayment Signature.");
                            throw new SigntureElementCheckException("Invalid FinalPayment Signature.");
                        }
                        NodeList nodeListByNameNS6 = getNodeListByNameNS(REQ_MESSAGE_SIGNATURE_XADES_T_ELEMENT, "http://uri.etsi.org/01903/v1.1.1#", item4);
                        if (nodeListByNameNS6 == null || nodeListByNameNS6.getLength() != 1) {
                            NodeList nodeListByNameNS7 = getNodeListByNameNS(REQ_MESSAGE_SIGNATURE_XADES_BES_ELEMENT, "http://uri.etsi.org/01903/v1.1.1#", item4);
                            if (nodeListByNameNS7 != null && nodeListByNameNS7.getLength() == 1) {
                                SignXmlTagRequest signXmlTagRequest2 = new SignXmlTagRequest();
                                signXmlTagRequest2.setMethod("xades_t");
                                signXmlTagRequest2.setBase64Data(nodeToString(item4).getBytes("UTF-8"));
                                try {
                                    documentSrcBean2.setSrcT(this.cryptoServiceClient.signXmlTag(signXmlTagRequest2));
                                } catch (Exception e2) {
                                    this.logger.error(e2.getMessage(), (Throwable) e2);
                                }
                            }
                        } else {
                            documentSrcBean2.setSrcT(documentSrcBean2.getSrc());
                        }
                        linkedList2.add(documentSrcBean2);
                    }
                    soapMessage.put(PAYMENTS_SRC, (Object) linkedList2);
                    soapMessage.put(MESSAGE_DATA_SRC, (Object) validateNodeRequired);
                }
                if (z3) {
                    LinkedList linkedList3 = new LinkedList();
                    for (int i3 = 0; i3 < nodeListByNameNS3.getLength(); i3++) {
                        Node item5 = nodeListByNameNS3.item(i3);
                        DocumentSrcBean documentSrcBean3 = new DocumentSrcBean();
                        documentSrcBean3.setSrc(nodeToString(item5).getBytes("UTF-8"));
                        if (this.IS_CHECK_SIGNATURE && getNodeOnlyChildrenByNameNS("Signature", GisGmpServiceUtilConstants.GISGMP_TRANSFER_MSG_SIGNATURE_ELEMENT_NS, item5) != null && !checkNodeSignature(item5)) {
                            this.logger.error("Invalid Income Signature.");
                            throw new SigntureElementCheckException("Invalid Income Signature.");
                        }
                        linkedList3.add(documentSrcBean3);
                    }
                    soapMessage.put(INCOMES_SRC, (Object) linkedList3);
                }
            }
        } catch (SigntureElementCheckException unused) {
            createErrorResponse(soapMessage, ErrorBean.INVALID_EP_SP, null, null, null);
        } catch (SmevHeaderCheckException unused2) {
            createErrorResponse(soapMessage, ErrorBean.INVALID_CHECK_SMEV_SIGN, null, null, null);
        } catch (ValidationException unused3) {
            createErrorResponse(soapMessage, ErrorBean.INVALID_FORMAT, null, null, null);
        } catch (Exception unused4) {
            createErrorResponse(soapMessage, ErrorBean.SYSTEM_EXCEPTION, null, null, null);
        }
    }
}
