package org.warlock.tk.internalservices;

import java.io.BufferedReader;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileReader;
import java.io.StringReader;
import java.io.StringWriter;
import java.security.KeyStore;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateKey;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Properties;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
import javax.xml.xpath.XPathConstants;
import javax.xml.xpath.XPathExpression;
import org.hsqldb.Tokens;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.warlock.itk.distributionenvelope.Address;
import org.warlock.itk.distributionenvelope.DistributionEnvelope;
import org.warlock.itk.distributionenvelope.DistributionEnvelopeHelper;
import org.warlock.itk.distributionenvelope.Identity;
import org.warlock.itk.distributionenvelope.Payload;
import org.warlock.tk.boot.ServiceResponse;
import org.warlock.tk.boot.ToolkitService;
import org.warlock.tk.boot.ToolkitSimulator;
import org.warlock.util.ConfigurationStringTokeniser;
import org.warlock.util.Logger;
import org.warlock.util.xpath.XPathManager;
import org.warlock.util.xsltransform.TransformManager;
import org.xml.sax.InputSource;

/* loaded from: input_file:tkwinstaller/TKW.zip:TKW/TKW.jar:org/warlock/tk/internalservices/XMLEncryptionAdapter.class */
public class XMLEncryptionAdapter implements ToolkitService {
    public static final String WRITEMODE = "write";
    public static final String READMODE = "read";
    private static final String DEEXTRACTOR = "//soap:Body";
    private static final String PAYEXTRACTOR = "//*[name()='Object']/*[1]";
    private static final String CERT = "tks.xmlencryption.cert.";
    private static final String KEY = "tks.xmlencryption.key.";
    private static final String PASSWORD = "tks.xmlencryption.password.";
    private static final String SUBJECT = "tks.xmlencryption.subject.";
    private static final String ALIAS = "tks.xmlencryption.alias.";
    private static final String REFCOMPRESS = "tks.xmlencryption.encrypt.ref.compress.";
    private static final String REFB64 = "tks.xmlencryption.encrypt.ref.b64.";
    private static final String REFSIGN = "tks.xmlencryption.encrypt.ref.sign.";
    private static final String REFALIAS = "tks.xmlencryption.encrypt.ref.alias.";
    private static final String SIGN = "signing";
    private static final String PAYLOADWRITELIST = "tks.xmlencryption.payloadwritelist";
    private Properties bootProperties = null;
    private String serviceName = null;
    private ToolkitSimulator simulator = null;
    private XPathExpression DEExtractorXpath = null;
    private XPathExpression payloadExtractorXpath = null;
    private String signKey = null;
    private String signAlias = null;
    private char[] signPassword = null;
    private String payloadWriteList = null;
    private ConfigurationStringTokeniser refListTokeniser = null;
    private X509Certificate signingCert = null;
    private RSAPrivateKey signingKey = null;
    private final List<CertData> certsList = new ArrayList();
    private final List<RefData> refsList = new ArrayList();

    @Override // org.warlock.tk.boot.ToolkitService
    public Properties getBootProperties() {
        return this.bootProperties;
    }

    @Override // org.warlock.tk.boot.ToolkitService
    public void boot(ToolkitSimulator toolkitSimulator, Properties properties, String str) throws Exception {
        this.bootProperties = properties;
        this.serviceName = str;
        this.simulator = toolkitSimulator;
        this.DEExtractorXpath = XPathManager.getXpathExtractor(DEEXTRACTOR);
        this.payloadExtractorXpath = XPathManager.getXpathExtractor(PAYEXTRACTOR);
        for (int i = 0; properties.getProperty(CERT + i) != null; i++) {
            CertData certData = new CertData();
            if (properties.getProperty(CERT + i) != null) {
                certData.setCertDir(properties.getProperty(CERT + i));
                if (properties.getProperty(KEY + i) != null) {
                    certData.setKeyDir(properties.getProperty(KEY + i));
                    if (properties.getProperty(PASSWORD + i) != null) {
                        certData.setPassword(properties.getProperty(PASSWORD + i).toCharArray());
                        if (properties.getProperty(SUBJECT + i) != null) {
                            certData.setSubject(properties.getProperty(SUBJECT + i));
                            if (properties.getProperty(ALIAS + i) != null) {
                                certData.setAlias(properties.getProperty(ALIAS + i));
                                certData.loadKeys();
                                certData.loadCerts();
                                this.certsList.add(certData);
                            } else {
                                Logger.getInstance().log("Warning: Property tks.xmlencryption.alias." + i + " not set");
                            }
                        } else {
                            Logger.getInstance().log("Warning: Property tks.xmlencryption.subject." + i + " not set");
                        }
                    } else {
                        Logger.getInstance().log("Warning: Property tks.xmlencryption.password." + i + " not set");
                    }
                } else {
                    Logger.getInstance().log("Warning: Property tks.xmlencryption.key." + i + " not set");
                }
            } else {
                Logger.getInstance().log("Warning: Property tks.xmlencryption.cert." + i + " not set");
            }
        }
        if (properties.getProperty(PAYLOADWRITELIST) != null) {
            this.payloadWriteList = properties.getProperty(PAYLOADWRITELIST);
            for (int i2 = 0; properties.getProperty(REFALIAS + i2) != null; i2++) {
                RefData refData = new RefData();
                refData.setAlias(properties.getProperty(REFALIAS + i2));
                if (properties.getProperty(REFCOMPRESS + i2) != null && properties.getProperty(REFCOMPRESS + i2).trim().toLowerCase().startsWith("y")) {
                    refData.setCompress(true);
                }
                if (properties.getProperty(REFB64 + i2) != null && properties.getProperty(REFB64 + i2).trim().toLowerCase().startsWith("y")) {
                    refData.setB64(true);
                }
                if (properties.getProperty(REFSIGN + i2) != null && properties.getProperty(REFSIGN + i2).trim().toLowerCase().startsWith("y")) {
                    refData.setSign(true);
                }
                refData.setArbitaryId(i2);
                this.refsList.add(refData);
            }
        } else {
            Logger.getInstance().log("Warning: Property tks.xmlencryption.payloadwritelist not set");
        }
        if (properties.getProperty("tks.xmlencryption.key.signing") == null) {
            Logger.getInstance().log("Warning: Property tks.xmlencryption.key.signing not set");
            return;
        }
        this.signKey = properties.getProperty("tks.xmlencryption.key.signing");
        if (properties.getProperty("tks.xmlencryption.alias.signing") == null) {
            Logger.getInstance().log("Warning: Property tks.xmlencryption.alias.signing not set");
            return;
        }
        this.signAlias = properties.getProperty("tks.xmlencryption.alias.signing");
        if (properties.getProperty("tks.xmlencryption.password.signing") == null) {
            Logger.getInstance().log("Warning: Property tks.xmlencryption.password.signing not set");
        } else {
            this.signPassword = properties.getProperty("tks.xmlencryption.password.signing").toCharArray();
            loadSignKeys();
        }
    }

    private List<X509Certificate> nextCert(String str) throws Exception {
        ArrayList arrayList = new ArrayList();
        for (String str2 : str.split(Tokens.T_COMMA)) {
            if (str2.toUpperCase().equals(Tokens.T_NONE)) {
                return null;
            }
            Iterator<CertData> it = this.certsList.iterator();
            while (true) {
                if (it.hasNext()) {
                    CertData next = it.next();
                    if (next.getAlias().equals(str2)) {
                        arrayList.add(next.getCert());
                        break;
                    }
                }
            }
        }
        return arrayList;
    }

    private RefData nextRef() throws Exception {
        if (this.refListTokeniser == null) {
            this.refListTokeniser = new ConfigurationStringTokeniser(this.payloadWriteList);
        } else if (!this.refListTokeniser.hasMoreTokens()) {
            this.refListTokeniser = new ConfigurationStringTokeniser(this.payloadWriteList);
        }
        Integer valueOf = Integer.valueOf(Integer.parseInt(this.refListTokeniser.nextToken()));
        for (RefData refData : this.refsList) {
            if (refData.getArbitaryId() == valueOf.intValue()) {
                return refData;
            }
        }
        throw new Exception("Payload Reference not found in certs alias list");
    }

    private void loadSignKeys() {
        try {
            KeyStore.PasswordProtection passwordProtection = new KeyStore.PasswordProtection(this.signPassword);
            KeyStore keyStore = KeyStore.getInstance("PKCS12");
            keyStore.load(new FileInputStream(this.signKey), this.signPassword);
            this.signingKey = (RSAPrivateKey) ((KeyStore.PrivateKeyEntry) keyStore.getEntry(this.signAlias, passwordProtection)).getPrivateKey();
            this.signingCert = (X509Certificate) keyStore.getCertificate(this.signAlias);
        } catch (Exception e) {
            e.printStackTrace();
        }
    }

    @Override // org.warlock.tk.boot.ToolkitService
    public ServiceResponse execute(String str, Object obj) throws Exception {
        return new ServiceResponse(0, "Toolkit Simulator XML Encryption Adapter Service");
    }

    @Override // org.warlock.tk.boot.ToolkitService
    public ServiceResponse execute(String str, String str2) throws Exception {
        ServiceResponse serviceResponse = new ServiceResponse();
        if (str2.equals(READMODE)) {
            try {
                DistributionEnvelopeHelper distributionEnvelopeHelper = DistributionEnvelopeHelper.getInstance();
                DistributionEnvelope distributionEnvelope = distributionEnvelopeHelper.getDistributionEnvelope(str);
                DistributionEnvelope copyDE = copyDE(distributionEnvelope, DistributionEnvelope.newInstance());
                for (Payload payload : distributionEnvelopeHelper.getPayloads(distributionEnvelope)) {
                    copyDE.addPayload(returnPayloadInClear(payload, distributionEnvelopeHelper));
                }
                serviceResponse.setCode(0);
                serviceResponse.setResponse(replaceDE(str, copyDE.toString()));
            } catch (Exception e) {
                e.printStackTrace();
            }
        } else if (str2.equals(WRITEMODE)) {
            DistributionEnvelopeHelper distributionEnvelopeHelper2 = DistributionEnvelopeHelper.getInstance();
            DistributionEnvelope distributionEnvelope2 = distributionEnvelopeHelper2.getDistributionEnvelope(str);
            DistributionEnvelope copyDE2 = copyDE(distributionEnvelope2, DistributionEnvelope.newInstance());
            try {
                for (Payload payload2 : distributionEnvelopeHelper2.getPayloads(distributionEnvelope2)) {
                    Payload returnPayloadInClear = returnPayloadInClear(payload2, distributionEnvelopeHelper2);
                    RefData nextRef = nextRef();
                    if (nextRef.isCompress()) {
                        returnPayloadInClear.setContent(returnPayloadInClear.getRawContent(), true);
                    } else if (nextRef.isB64()) {
                        returnPayloadInClear.setContent(returnPayloadInClear.getRawContent(), false);
                    }
                    List<X509Certificate> nextCert = nextCert(nextRef.getAlias());
                    if (nextCert == null) {
                        copyDE2.addPayload(returnPayloadInClear);
                    } else {
                        Iterator<X509Certificate> it = nextCert.iterator();
                        while (it.hasNext()) {
                            returnPayloadInClear.addReaderCertificate(it.next());
                        }
                        if (nextRef.isSign()) {
                            returnPayloadInClear.encrypt(this.signingKey, this.signingCert);
                        } else {
                            returnPayloadInClear.encrypt();
                        }
                        copyDE2.addPayload(returnPayloadInClear);
                    }
                }
                String distributionEnvelope3 = copyDE2.toString();
                serviceResponse.setCode(0);
                serviceResponse.setResponse(replaceDE(str, distributionEnvelope3));
            } catch (Exception e2) {
                e2.printStackTrace();
            }
        } else {
            serviceResponse = new ServiceResponse(0, "Toolkit Simulator XML Encryption Adapter Service");
        }
        return serviceResponse;
    }

    private Payload returnPayloadInClear(Payload payload, DistributionEnvelopeHelper distributionEnvelopeHelper) throws Exception {
        String str = null;
        if (payload.isEncrypted()) {
            distributionEnvelopeHelper.unpackEncryptedPayload(payload);
            Iterator<CertData> it = this.certsList.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                CertData next = it.next();
                if (payload.hasKeyForReader(next.getSubject())) {
                    try {
                        str = payload.decryptTextContent(next.getSubject(), next.getKey());
                        break;
                    } catch (Exception e) {
                        str = new String(payload.decryptRawContent(next.getSubject(), next.getKey()));
                    }
                }
            }
        } else {
            str = payload.getContent();
        }
        Payload payload2 = new Payload(payload.getMimeType());
        payload2.setContent(str);
        payload2.setBase64(false);
        payload2.setCompressed(false);
        payload2.setEncrypted(false);
        payload2.setProfileId(payload.getProfileId());
        return payload2;
    }

    private DistributionEnvelope copyDE(DistributionEnvelope distributionEnvelope, DistributionEnvelope distributionEnvelope2) throws Exception {
        distributionEnvelope2.setService(distributionEnvelope.getService());
        Address[] to = distributionEnvelope.getTo();
        if (to[0] != null) {
            for (Address address : to) {
                String str = null;
                if (address.getOID() != null) {
                    str = address.getOID();
                }
                distributionEnvelope2.addRecipient(str, address.getUri());
            }
        }
        Identity[] audit = distributionEnvelope.getAudit();
        if (audit[0] != null) {
            for (Identity identity : audit) {
                String str2 = null;
                if (identity.getOID() != null) {
                    str2 = identity.getOID();
                }
                distributionEnvelope2.addIdentity(str2, identity.getUri());
            }
        }
        distributionEnvelope2.addSender(distributionEnvelope.getSender().getOID(), distributionEnvelope.getSender().getUri());
        distributionEnvelope2.setInteractionId(distributionEnvelope.getInteractionId());
        if (distributionEnvelope.getHandlingSpecification("urn:nhs-itk:ns:201005:ackrequested") != null) {
            distributionEnvelope2.setHandlingSpecification("urn:nhs-itk:ns:201005:ackrequested", distributionEnvelope.getHandlingSpecification("urn:nhs-itk:ns:201005:ackrequested"));
        }
        return distributionEnvelope2;
    }

    private String replaceDE(String str, String str2) throws Exception {
        InputSource inputSource = new InputSource(new StringReader(str));
        DocumentBuilderFactory newInstance = DocumentBuilderFactory.newInstance();
        newInstance.setNamespaceAware(true);
        Document parse = newInstance.newDocumentBuilder().parse(inputSource);
        parse.normalizeDocument();
        if (parse.getFirstChild().getNodeName().toLowerCase().contains("distributionenvelope")) {
            return str2;
        }
        Node node = (Node) this.DEExtractorXpath.evaluate(parse, XPathConstants.NODE);
        DocumentBuilderFactory newInstance2 = DocumentBuilderFactory.newInstance();
        newInstance2.setNamespaceAware(true);
        Node importNode = node.getOwnerDocument().importNode(newInstance2.newDocumentBuilder().parse(new InputSource(new StringReader(str2))).getDocumentElement(), true);
        node.setTextContent(null);
        node.appendChild(importNode);
        StringWriter stringWriter = new StringWriter();
        TransformManager.getInstance().getTransformerFactory().newTransformer().transform(new DOMSource(parse), new StreamResult(stringWriter));
        return stringWriter.toString();
    }

    private String extractPayload(String str) throws Exception {
        InputSource inputSource = new InputSource(new StringReader(str));
        DocumentBuilderFactory newInstance = DocumentBuilderFactory.newInstance();
        newInstance.setNamespaceAware(true);
        Document parse = newInstance.newDocumentBuilder().parse(inputSource);
        parse.normalizeDocument();
        Node node = (Node) this.payloadExtractorXpath.evaluate(parse, XPathConstants.NODE);
        StringWriter stringWriter = new StringWriter();
        try {
            TransformManager.getInstance().getTransformerFactory().newTransformer().transform(new DOMSource((Element) node), new StreamResult(stringWriter));
            return stringWriter.toString().indexOf("<?xml ") == 0 ? stringWriter.toString().substring(stringWriter.toString().indexOf("?>") + "?>".length()) : stringWriter.toString();
        } catch (NullPointerException e) {
            return str;
        }
    }

    @Override // org.warlock.tk.boot.ToolkitService
    public ServiceResponse execute(Object obj) throws Exception {
        return new ServiceResponse(0, "Toolkit Simulator XML Encryption Adapter Service");
    }

    public static byte[] binaryLoad(String str) throws Exception {
        File file = new File(str);
        int length = (int) file.length();
        byte[] bArr = new byte[length];
        int i = 0;
        FileInputStream fileInputStream = new FileInputStream(file);
        do {
            int read = fileInputStream.read(bArr, i, length);
            if (read == -1) {
                break;
            }
            i += read;
        } while (i != length);
        fileInputStream.close();
        return bArr;
    }

    public static String load(String str) throws Exception {
        BufferedReader bufferedReader = new BufferedReader(new FileReader(str));
        Throwable th = null;
        try {
            StringBuilder sb = new StringBuilder();
            while (true) {
                String readLine = bufferedReader.readLine();
                if (readLine == null) {
                    break;
                }
                sb.append(readLine);
                sb.append("\r");
            }
            return sb.toString();
        } finally {
            if (bufferedReader != null) {
                if (0 != 0) {
                    try {
                        bufferedReader.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                } else {
                    bufferedReader.close();
                }
            }
        }
    }
}
