package com.bssys.spg.sp.service.handler;

import com.bssys.spg.common.service.handler.BaseHandler;
import com.bssys.spg.merchant.util.MerchantServiceMessagesConstants;
import com.otr.sufd.cryptowebservice.CheckResultResponse;
import com.otr.sufd.cryptowebservice.SignWebServicePortType;
import java.io.ByteArrayInputStream;
import java.io.StringWriter;
import java.util.HashSet;
import java.util.Set;
import javax.annotation.PostConstruct;
import javax.xml.namespace.QName;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.soap.SOAPBody;
import javax.xml.soap.SOAPMessage;
import javax.xml.transform.Transformer;
import javax.xml.transform.TransformerException;
import javax.xml.transform.TransformerFactory;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
import javax.xml.validation.SchemaFactory;
import javax.xml.validation.Validator;
import javax.xml.ws.handler.MessageContext;
import javax.xml.ws.handler.soap.SOAPMessageContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.w3c.dom.Document;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
import org.xml.sax.SAXException;
import ru.bss_s.cryptoservice._1.CheckXmlResponse;
import ru.bss_s.cryptoservice._1.CryptoServicePortType;

/* loaded from: input_file:WEB-INF/lib/spg-common-service-client-jar-3.0.13.jar:com/bssys/spg/sp/service/handler/ServiceProviderSecurityHandler.class */
public class ServiceProviderSecurityHandler extends BaseHandler {
    private Logger logger = LoggerFactory.getLogger(getClass().getName());
    private static final String HTTP_WWW_W3_ORG_2001_XMLSCHEMA = "http://www.w3.org/2001/XMLSchema";
    private static final String SERVICE_PROVIDER_SERVICE_NAME = "ServiceProviderServiceInterfaceService";
    private static final String SERVICE_PROVIDER_REQUEST_OPERATION_NAME_CONFIRM_PAYMENT = "confirmPaymentRequest";
    private static final String SERVICE_PROVIDER_RESPONSE_OPERATION_NAME_CONFIRM_PAYMENT = "confirmPaymentResponse";
    private static final String SERVICE_PROVIDER_SERVICE_XSD = "wsdl/xsd/sp/spg-sp-service-messages-v1.xsd";
    private static final String SERVICE_PROVIDER_SERVICE_MESSAGES_V1_NAMESPACE = "http://schemas.bssys.com/spg/sp/service/messages/v1";
    private static final String SERVICE_MERCHANT_SERVICE_MESSAGES_V1_NAMESPACE = "http://schemas.bssys.com/spg/merchant/service/messages/v1";
    private static final String SERVICE_PROVIDER_REQUEST_CONFIRM_PAYMENT_PAYMENT_CONFIRM_ELEMENT = "FinalPayment";
    private static final String SERVICE_PROVIDER_REQUEST_CONFIRM_PAYMENT_PAYMENT_CONFIRM_ELEMENT_NS = "http://roskazna.ru/xsd/PaymentInfo";
    private static final String SERVICE_PROVIDER_REQUEST_CONFIRM_PAYMENT_INCOME_CONFIRM_ELEMENT = "Income";
    private static final String SERVICE_PROVIDER_REQUEST_CONFIRM_PAYMENT_INCOME_CONFIRM_ELEMENT_NS = "http://roskazna.ru/xsd/PaymentInfo";
    private static final String SERVICE_PROVIDER_SERVICE_SIGNATURE_NAMESPACE = "http://www.w3.org/2000/09/xmldsig#";
    private static final String SERVICE_PROVIDER_RESPONSE_OPERATION_CONFIRM_PAYMENT_SIGNATURE_ELEMENT = "Signature";

    @Autowired
    private SignWebServicePortType securityService;

    @Autowired
    private CryptoServicePortType securityService2;
    private DocumentBuilderFactory dbfDoc;
    private ClassLoader classLoader;
    private Validator spSchemaValidator;
    private boolean signOutXML;
    private boolean checkSignature;
    private String cryptoServiceType;
    private int csReqQuantity;
    private long csReqDelay;

    @PostConstruct
    public void init() {
        this.dbfDoc = DocumentBuilderFactory.newInstance();
        this.dbfDoc.setNamespaceAware(true);
        this.classLoader = Thread.currentThread().getContextClassLoader();
        initServiceProviderValidationSchema();
    }

    public ServiceProviderSecurityHandler(boolean z, boolean z2, String str) {
        this.signOutXML = z;
        this.checkSignature = z2;
        this.cryptoServiceType = str;
    }

    @Override // com.bssys.spg.common.service.handler.BaseHandler, javax.xml.ws.handler.soap.SOAPHandler
    public Set<QName> getHeaders() {
        return new HashSet();
    }

    @Override // javax.xml.ws.handler.Handler
    public boolean handleMessage(SOAPMessageContext sOAPMessageContext) {
        NodeList elementsByTagNameNS;
        NodeList elementsByTagNameNS2;
        try {
            String localPart = ((QName) sOAPMessageContext.get("javax.xml.ws.wsdl.service")).getLocalPart();
            Boolean bool = (Boolean) sOAPMessageContext.get(MessageContext.MESSAGE_OUTBOUND_PROPERTY);
            SOAPMessage message = sOAPMessageContext.getMessage();
            SOAPBody sOAPBody = message.getSOAPBody();
            NodeList childNodes = sOAPBody.getChildNodes();
            String str = null;
            if (childNodes != null) {
                int length = childNodes.getLength();
                for (int i = 0; i < length; i++) {
                    Node item = childNodes.item(i);
                    if (item.getNodeType() == 1) {
                        str = item.getLocalName();
                    }
                }
            }
            if (bool.booleanValue()) {
                this.logger.debug("ServiceName: '{}', operationName: '{}', Outbound SOAP message:", localPart, str);
            } else {
                this.logger.debug("ServiceName: '{}', operationName: '{}', Inbound SOAP message:", localPart, str);
            }
            logSoapMessage(message);
            if (!SERVICE_PROVIDER_SERVICE_NAME.equals(localPart)) {
                return true;
            }
            initServiceProviderValidationSchema();
            if (!bool.booleanValue()) {
                if (!SERVICE_PROVIDER_RESPONSE_OPERATION_NAME_CONFIRM_PAYMENT.equals(str)) {
                    throw new RuntimeException("Wrong Service Provider Service response.");
                }
                Node item2 = sOAPBody.getElementsByTagNameNS(SERVICE_PROVIDER_SERVICE_MESSAGES_V1_NAMESPACE, SERVICE_PROVIDER_RESPONSE_OPERATION_NAME_CONFIRM_PAYMENT).item(0);
                validateServiceProviderServiceMessage(item2);
                if (this.checkSignature && (elementsByTagNameNS = sOAPBody.getElementsByTagNameNS("http://www.w3.org/2000/09/xmldsig#", "Signature")) != null && elementsByTagNameNS.getLength() > 0) {
                    checkMessageSignature(item2);
                }
                return true;
            }
            if (!SERVICE_PROVIDER_REQUEST_OPERATION_NAME_CONFIRM_PAYMENT.equals(str)) {
                throw new RuntimeException("Wrong Service Provider Service request.");
            }
            Node item3 = sOAPBody.getElementsByTagNameNS(SERVICE_PROVIDER_SERVICE_MESSAGES_V1_NAMESPACE, SERVICE_PROVIDER_REQUEST_OPERATION_NAME_CONFIRM_PAYMENT).item(0);
            this.dbfDoc.setNamespaceAware(true);
            Document parse = this.dbfDoc.newDocumentBuilder().parse(new ByteArrayInputStream(nodeToString(item3).getBytes("UTF-8")));
            Document document = null;
            NodeList elementsByTagNameNS3 = sOAPBody.getElementsByTagNameNS("http://roskazna.ru/xsd/PaymentInfo", SERVICE_PROVIDER_REQUEST_CONFIRM_PAYMENT_PAYMENT_CONFIRM_ELEMENT);
            if (elementsByTagNameNS3 != null && elementsByTagNameNS3.getLength() > 0) {
                document = signNodeByCriteriaNS(parse, "http://roskazna.ru/xsd/PaymentInfo", SERVICE_PROVIDER_REQUEST_CONFIRM_PAYMENT_PAYMENT_CONFIRM_ELEMENT);
            }
            if (document == null && (elementsByTagNameNS2 = sOAPBody.getElementsByTagNameNS("http://roskazna.ru/xsd/PaymentInfo", SERVICE_PROVIDER_REQUEST_CONFIRM_PAYMENT_INCOME_CONFIRM_ELEMENT)) != null && elementsByTagNameNS2.getLength() > 0) {
                document = signNodeByCriteriaNS(parse, "http://roskazna.ru/xsd/PaymentInfo", SERVICE_PROVIDER_REQUEST_CONFIRM_PAYMENT_INCOME_CONFIRM_ELEMENT);
            }
            if (document == null) {
                document = parse;
            }
            validateServiceProviderServiceMessage(document);
            if (this.signOutXML) {
                document = signNodeByCriteriaNS(this.dbfDoc.newDocumentBuilder().parse(new ByteArrayInputStream(nodeToString(document).getBytes("UTF-8"))), SERVICE_PROVIDER_SERVICE_MESSAGES_V1_NAMESPACE, SERVICE_PROVIDER_REQUEST_OPERATION_NAME_CONFIRM_PAYMENT);
            }
            sOAPBody.removeContents();
            sOAPBody.addDocument(document);
            message.saveChanges();
            this.logger.debug("ServiceName: '{}', operationName: '{}', Outbound SOAP message after SignXML:", localPart, str);
            logSoapMessage(message);
            return true;
        } catch (Exception e) {
            this.logger.error(e.getMessage(), (Throwable) e);
            throw new RuntimeException("SOAPException was thrown.", e);
        }
    }

    private void initServiceProviderValidationSchema() {
        try {
            this.spSchemaValidator = SchemaFactory.newInstance("http://www.w3.org/2001/XMLSchema").newSchema(this.classLoader.getResource(SERVICE_PROVIDER_SERVICE_XSD)).newValidator();
        } catch (SAXException e) {
            this.logger.error(e.getMessage(), (Throwable) e);
            throw new RuntimeException(e);
        }
    }

    public void checkMessageSignature(Node node) throws Exception {
        if ("OTR".equals(this.cryptoServiceType)) {
            CheckResultResponse checkResultResponse = null;
            for (int i = 0; i < this.csReqQuantity; i++) {
                try {
                    this.logger.debug("Выполнение вызова метода checkSignXml крипто-сервиса. Попытка '{}'.", Integer.valueOf(i + 1));
                    checkResultResponse = this.securityService.checkSignXml(nodeToString(node).getBytes("UTF-8"));
                    break;
                } catch (Exception e) {
                    this.logger.error("Во время выполнения метода checkSignXml крипто-сервиса на попытке '{}' возникла ошибка.", Integer.valueOf(i + 1));
                    this.logger.error(e.getMessage(), (Throwable) e);
                    if (i + 1 == this.csReqQuantity) {
                        throw e;
                    }
                    this.logger.debug("Выполнение задержки в '{}' секунд, перед повторным вызовом крипто-сервиса.", Long.valueOf(this.csReqDelay / 1000));
                    Thread.sleep(this.csReqDelay);
                }
            }
            if (checkResultResponse == null) {
                throw new RuntimeException("Неверная ЭЦП. checkResult = null.");
            }
            if (!MerchantServiceMessagesConstants.Signature.SIGNATURE_RESPONSE_SUCCESS.equalsIgnoreCase(checkResultResponse.getResultCode())) {
                throw new RuntimeException("Неверная ЭЦП.");
            }
            return;
        }
        if (!"BSS".equals(this.cryptoServiceType)) {
            throw new RuntimeException("Не определен крипто-сервис. Убедитесь в правильности системных настроек.");
        }
        CheckXmlResponse checkXmlResponse = null;
        for (int i2 = 0; i2 < this.csReqQuantity; i2++) {
            try {
                this.logger.debug("Выполнение вызова метода checkSignXml крипто-сервиса. Попытка '{}'.", Integer.valueOf(i2 + 1));
                checkXmlResponse = this.securityService2.checkXml(nodeToString(node).getBytes("UTF-8"));
                break;
            } catch (Exception e2) {
                this.logger.error("Во время выполнения метода checkSignXml крипто-сервиса на попытке '{}' возникла ошибка.", Integer.valueOf(i2 + 1));
                this.logger.error(e2.getMessage(), (Throwable) e2);
                if (i2 + 1 == this.csReqQuantity) {
                    throw e2;
                }
                this.logger.debug("Выполнение задержки в '{}' секунд, перед повторным вызовом крипто-сервиса.", Long.valueOf(this.csReqDelay / 1000));
                Thread.sleep(this.csReqDelay);
            }
        }
        if (checkXmlResponse == null) {
            throw new RuntimeException("Неверная ЭЦП. checkResult = null.");
        }
        if (!MerchantServiceMessagesConstants.Signature.SIGNATURE_RESPONSE_SUCCESS.equalsIgnoreCase(checkXmlResponse.getResultCode())) {
            throw new RuntimeException("Неверная ЭЦП.");
        }
    }

    private Document signNodeByCriteriaNS(Document document, String str, String str2) throws Exception {
        NodeList elementsByTagNameNS = document.getElementsByTagNameNS(str, str2);
        int length = elementsByTagNameNS.getLength();
        for (int i = 0; i < length; i++) {
            Node item = elementsByTagNameNS.item(i);
            byte[] bArr = null;
            if ("OTR".equals(this.cryptoServiceType)) {
                for (int i2 = 0; i2 < this.csReqQuantity; i2++) {
                    try {
                        this.logger.debug("Выполнение вызова метода signXml крипто-сервиса. Попытка '{}'.", Integer.valueOf(i2 + 1));
                        bArr = this.securityService.signXml(nodeToString(item).getBytes("UTF-8"));
                        break;
                    } catch (Exception e) {
                        this.logger.error("Во время выполнения метода signXml крипто-сервиса на попытке '{}' возникла ошибка.", Integer.valueOf(i2 + 1));
                        this.logger.error(e.getMessage(), (Throwable) e);
                        if (i2 + 1 == this.csReqQuantity) {
                            throw e;
                        }
                        this.logger.debug("Выполнение задержки в '{}' секунд, перед повторным вызовом крипто-сервиса.", Long.valueOf(this.csReqDelay / 1000));
                        Thread.sleep(this.csReqDelay);
                    }
                }
            } else {
                if (!"BSS".equals(this.cryptoServiceType)) {
                    throw new RuntimeException("Не определен крипто-сервис. Убедитесь в правильности системных настроек.");
                }
                for (int i3 = 0; i3 < this.csReqQuantity; i3++) {
                    try {
                        this.logger.debug("Выполнение вызова метода signXml крипто-сервиса. Попытка '{}'.", Integer.valueOf(i3 + 1));
                        bArr = this.securityService2.signXml(nodeToString(item).getBytes("UTF-8"));
                        break;
                    } catch (Exception e2) {
                        this.logger.error("Во время выполнения метода signXml крипто-сервиса на попытке '{}' возникла ошибка.", Integer.valueOf(i3 + 1));
                        this.logger.error(e2.getMessage(), (Throwable) e2);
                        if (i3 + 1 == this.csReqQuantity) {
                            throw e2;
                        }
                        this.logger.debug("Выполнение задержки в '{}' секунд, перед повторным вызовом крипто-сервиса.", Long.valueOf(this.csReqDelay / 1000));
                        Thread.sleep(this.csReqDelay);
                    }
                }
            }
            item.getParentNode().replaceChild(document.importNode(this.dbfDoc.newDocumentBuilder().parse(new ByteArrayInputStream(bArr)).getChildNodes().item(0), true), item);
        }
        return document;
    }

    private String nodeToString(Node node) {
        StringWriter stringWriter = new StringWriter();
        try {
            Transformer newTransformer = TransformerFactory.newInstance().newTransformer();
            newTransformer.setOutputProperty("omit-xml-declaration", "yes");
            newTransformer.transform(new DOMSource(node), new StreamResult(stringWriter));
        } catch (TransformerException e) {
            this.logger.error("nodeToString Transformer Exception");
        }
        return stringWriter.toString();
    }

    private synchronized void validateServiceProviderServiceMessage(Node node) throws Exception {
        try {
            this.spSchemaValidator.validate(new DOMSource(node));
        } catch (Exception e) {
            this.logger.error("Validation exception.");
            throw e;
        }
    }

    @Override // com.bssys.spg.common.service.handler.BaseHandler, javax.xml.ws.handler.Handler
    public void close(MessageContext messageContext) {
    }

    public void setCsReqQuantity(int i) {
        this.csReqQuantity = i;
    }

    public void setCsReqDelay(long j) {
        this.csReqDelay = j;
    }
}
