package ru.ftc.cucu.ws.security;

import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.List;
import java.util.Properties;
import javax.security.auth.callback.CallbackHandler;
import javax.xml.namespace.QName;
import org.apache.ws.security.WSDataRef;
import org.apache.ws.security.WSSConfig;
import org.apache.ws.security.WSSecurityEngine;
import org.apache.ws.security.WSSecurityEngineResult;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.components.crypto.Merlin;
import org.apache.ws.security.handler.RequestData;
import org.apache.ws.security.handler.WSHandler;
import org.apache.ws.security.util.WSSecurityUtil;
import org.apache.ws.security.validate.NoOpValidator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import ru.ftc.cucu.security.CMSecurityException;

/* loaded from: input_file:ru/ftc/cucu/ws/security/WSVerifier.class */
public class WSVerifier extends WSHandler {
    private static final Logger logger = LoggerFactory.getLogger(WSVerifier.class);
    private final Crypto crypto = new Merlin();

    public void verifySOAP(Document document, List<X509Certificate> list) throws CMSecurityException {
        unsafe_verifySOAP(document, list, false);
    }

    public void unsafe_verifySOAP(Document document, List<X509Certificate> list, boolean z) throws CMSecurityException {
        if (logger.isDebugEnabled()) {
            logger.debug("verifySOAP: <- ");
        }
        Element documentElement = document.getDocumentElement();
        String namespaceURI = documentElement.getNamespaceURI();
        String localName = documentElement.getLocalName();
        if (!SOAPUtils.isEnvelope(namespaceURI, localName)) {
            String str = "Non-SOAP envelope element - " + localName + "{" + namespaceURI + "}";
            logger.error("verifySOAP: {}", str);
            throw new CMSecurityException.SecurityNotValidException(str);
        }
        try {
            RequestData requestData = new RequestData();
            requestData.setMsgContext(new Properties());
            this.secEngine.setWssConfig(WSSConfig.getNewInstance());
            if (logger.isDebugEnabled()) {
                logger.debug("verifySOAP: Action={}", "Signature Timestamp");
            }
            ArrayList arrayList = new ArrayList();
            doReceiverAction(WSSecurityUtil.decodeAction("Signature Timestamp", arrayList), requestData);
            requestData.setSoapConstants(WSSecurityUtil.getSOAPConstants(document.getDocumentElement()));
            decodeSignatureParameter(requestData);
            requestData.getWssConfig().setValidator(WSSecurityEngine.SIGNATURE, NoOpValidator.class);
            if (z) {
                if (logger.isDebugEnabled()) {
                    logger.debug("verifySOAP: skipTimestampValidation");
                }
                requestData.getWssConfig().setValidator(WSSecurityEngine.TIMESTAMP, (credential, requestData2) -> {
                    logger.warn("verifySOAP: Skipped Timestamp validation");
                    return credential;
                });
            }
            List processSecurityHeader = this.secEngine.processSecurityHeader(document, (String) null, (CallbackHandler) null, this.crypto, (Crypto) null);
            if (processSecurityHeader == null) {
                logger.error("verifySOAP: No security headers found");
                throw new CMSecurityException.NoSecurityFoundException("No security headers found");
            }
            if (!checkReceiverResultsAnyOrder(processSecurityHeader, arrayList)) {
                logger.error("verifySOAP: Actions mismatch");
                throw new CMSecurityException.SecurityNotValidException("Actions mismatch");
            }
            WSSecurityEngineResult fetchActionResult = WSSecurityUtil.fetchActionResult(processSecurityHeader, 2);
            if (fetchActionResult == null) {
                logger.error("verifySOAP: No signature result");
                throw new CMSecurityException.SecurityNotValidException("No signature result");
            }
            List list2 = (List) fetchActionResult.get("data-ref-uris");
            boolean z2 = false;
            int i = 0;
            while (true) {
                if (list2 == null || i >= list2.size()) {
                    break;
                }
                QName name = ((WSDataRef) list2.get(i)).getName();
                if (SOAPUtils.isBody(name.getNamespaceURI(), name.getLocalPart())) {
                    z2 = true;
                    break;
                }
                i++;
            }
            if (!z2) {
                logger.error("verifySOAP: Unsigned soap:Body");
                throw new CMSecurityException.SecurityNotValidException("Unsigned soap:Body");
            }
            X509Certificate x509Certificate = (X509Certificate) fetchActionResult.get("x509-certificate");
            if (x509Certificate != null) {
                if (logger.isInfoEnabled()) {
                    logger.info("verifySOAP: Signer serial={}, issuer=[{}], subject=[{}]", new Object[]{x509Certificate.getSerialNumber(), x509Certificate.getIssuerDN(), x509Certificate.getSubjectDN()});
                }
                if (list != null) {
                    list.add(x509Certificate);
                }
            }
            if (logger.isDebugEnabled()) {
                logger.debug("verifySOAP: -> ");
            }
        } catch (WSSecurityException e) {
            logger.error("verifySOAP: ", e);
            throw new CMSecurityException.SecurityNotValidException("WSSecurityException", e);
        }
    }

    public Object getOption(String str) {
        return null;
    }

    public Object getProperty(Object obj, String str) {
        return null;
    }

    public void setProperty(Object obj, String str, Object obj2) {
    }

    public String getPassword(Object obj) {
        return null;
    }

    public void setPassword(Object obj, String str) {
    }
}
