package com.bssys.unp.main.service.gisgmp.interceptor;

import com.bssys.unp.main.service.exception.ValidationException;
import com.bssys.unp.main.service.interceptor.common.BaseInterceptor;
import javax.annotation.PostConstruct;
import javax.xml.soap.SOAPBody;
import javax.xml.soap.SOAPMessage;
import javax.xml.transform.dom.DOMSource;
import javax.xml.validation.SchemaFactory;
import javax.xml.validation.Validator;
import javax.xml.xpath.XPathConstants;
import org.apache.commons.codec.binary.StringUtils;
import org.apache.cxf.binding.soap.SoapMessage;
import org.apache.cxf.interceptor.Fault;
import org.apache.cxf.phase.Phase;
import org.springframework.beans.factory.annotation.Value;
import org.w3c.dom.Node;
import org.xml.sax.SAXException;

/* loaded from: input_file:unp-main-service-war-8.0.9.war:WEB-INF/classes/com/bssys/unp/main/service/gisgmp/interceptor/SecurityInInterceptor.class */
public class SecurityInInterceptor extends BaseInterceptor {
    private static final String GISGMP_SERVICE_MESSAGE_XSD = "gisgmp_wsdl/request/smev.unifo.rev120315.xsd";
    private static final String GISGMP_TRANSFER_MSG_ROOT_ELEMENT = "GISGMPTransferMsg";
    private static final String GISGMP_TRANSFER_MSG_ROOT_ELEMENT_NS = "http://roskazna.ru/gisgmp/02000000/SmevGISGMPService/";
    private static final String GISGMP_SERVICE_MESSAGE_ELEMENT = "Message";
    private static final String GISGMP_SERVICE_MESSAGE_ELEMENT_NS = "http://smev.gosuslugi.ru/rev120315";
    private static final String GISGMP_SERVICE_MESSAGE_DATA_ELEMENT = "MessageData";
    private static final String GISGMP_SERVICE_MESSAGE_DATA_ELEMENT_NS = "http://smev.gosuslugi.ru/rev120315";
    private Validator gisgmpSchemaValidator;

    @Value("${rnip.gisgmp.service.validation.check}")
    protected boolean GISGMP_IS_VALIDATION_ON;

    @Value("${rnip.gisgmp.service.sign.smev.response.check}")
    protected boolean GISGMP_IS_SMEV_CHECK_SIGNATURE;
    private static final String UNIFO_TRANSFER_MSG_MESSAGE_SENDER_ELEMENT = "Sender";
    private static final String UNIFO_TRANSFER_MSG_MESSAGE_SENDER_CODE_ELEMENT = "Code";
    private static final String UNIFO_TRANSFER_MSG_MESSAGE_SENDER_NAME_ELEMENT = "Name";

    public SecurityInInterceptor() {
        super(Phase.UNMARSHAL);
    }

    @PostConstruct
    public void init() {
        initGisGmpValidationSchema();
    }

    @Override // org.apache.cxf.interceptor.Interceptor
    public void handleMessage(SoapMessage soapMessage) throws Fault {
        try {
            SOAPMessage sOAPMessage = (SOAPMessage) soapMessage.getContent(SOAPMessage.class);
            if (sOAPMessage == null) {
                throw new ValidationException("Wrong GIS GMP Service SOAP response. [can`t unmarshalling].");
            }
            SOAPBody sOAPBody = sOAPMessage.getSOAPBody();
            if (this.GISGMP_IS_VALIDATION_ON) {
                Node validateNodeFirstChildRequired = validateNodeFirstChildRequired(GISGMP_TRANSFER_MSG_ROOT_ELEMENT, GISGMP_TRANSFER_MSG_ROOT_ELEMENT_NS, sOAPBody);
                validateGisGmpServiceMessage(getNodeByNameNS(GISGMP_SERVICE_MESSAGE_ELEMENT, "http://smev.gosuslugi.ru/rev120315", validateNodeFirstChildRequired));
                validateGisGmpServiceMessage(getNodeByNameNS(GISGMP_SERVICE_MESSAGE_DATA_ELEMENT, "http://smev.gosuslugi.ru/rev120315", validateNodeFirstChildRequired));
            }
            if (this.GISGMP_IS_SMEV_CHECK_SIGNATURE && !checkGisGmpSmevHeaderSignature(StringUtils.getBytesUtf8(nodeToString(sOAPMessage.getSOAPPart().getEnvelope())))) {
                this.logger.error("Wrong GisGMP response signature.");
                throw new Exception("Wrong GisGMP response signature.");
            }
            Node node = (Node) this.xpath.compile("//*[local-name()='ResponseMessage']/*[local-name()='Signature']").evaluate(sOAPBody, XPathConstants.NODE);
            if (node != null) {
                node.getParentNode().removeChild(node);
            }
        } catch (ValidationException e) {
            throw new Fault(e);
        } catch (Exception e2) {
            this.logger.error(e2.getMessage(), (Throwable) e2);
            throw new Fault(e2);
        }
    }

    private void initGisGmpValidationSchema() {
        try {
            this.gisgmpSchemaValidator = SchemaFactory.newInstance("http://www.w3.org/2001/XMLSchema").newSchema(this.classLoader.getResource(GISGMP_SERVICE_MESSAGE_XSD)).newValidator();
        } catch (SAXException e) {
            this.logger.error(e.getMessage(), (Throwable) e);
            throw new RuntimeException(e);
        }
    }

    private synchronized void validateGisGmpServiceMessage(Node node) throws ValidationException {
        try {
            this.gisgmpSchemaValidator.validate(new DOMSource(node));
        } catch (Exception e) {
            this.logger.error(e.getMessage(), (Throwable) e);
            throw new ValidationException(e);
        }
    }

    private boolean checkGisGmpSmevHeaderSignature(byte[] bArr) throws Exception {
        return "VALID".equalsIgnoreCase(this.cryptoServiceClient.checkSmevHeaderSecurity(bArr).getResultCode());
    }
}
