package be.ehealth.businessconnector.genericasync.encrypt;

import be.cin.encrypted.BusinessContent;
import be.cin.encrypted.EncryptedKnownContent;
import be.ehealth.technicalconnector.config.ConfigFactory;
import be.ehealth.technicalconnector.config.Configuration;
import be.ehealth.technicalconnector.exception.TechnicalConnectorException;
import be.ehealth.technicalconnector.exception.TechnicalConnectorExceptionValues;
import be.ehealth.technicalconnector.idgenerator.IdGeneratorFactory;
import be.ehealth.technicalconnector.service.etee.Crypto;
import be.ehealth.technicalconnector.service.etee.domain.EncryptionToken;
import be.ehealth.technicalconnector.service.keydepot.KeyDepotManager;
import be.ehealth.technicalconnector.service.keydepot.KeyDepotManagerFactory;
import be.ehealth.technicalconnector.session.Session;
import be.ehealth.technicalconnector.utils.ConnectorIOUtils;
import be.ehealth.technicalconnector.utils.ConnectorXmlUtils;
import be.ehealth.technicalconnector.utils.IdentifierType;
import be.ehealth.technicalconnector.utils.SessionUtil;
import be.fgov.ehealth.technicalconnector.signature.AdvancedElectronicSignatureEnumeration;
import be.fgov.ehealth.technicalconnector.signature.SignatureBuilder;
import be.fgov.ehealth.technicalconnector.signature.SignatureBuilderFactory;
import java.io.StringWriter;
import java.io.UnsupportedEncodingException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Set;
import javax.xml.transform.Transformer;
import javax.xml.transform.TransformerException;
import javax.xml.transform.TransformerFactory;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
import org.w3c.dom.Document;
import org.w3c.dom.NodeList;

/* loaded from: input_file:be/ehealth/businessconnector/genericasync/encrypt/BusinessContentEncryptor.class */
public final class BusinessContentEncryptor {
    private static final String IDENTIFIER_TYPE_PROPERTY = ".keydepot.identifiertype";
    private static final String IDENTIFIER_VALUE_PROPERTY = ".keydepot.identifiervalue";
    private static final String APPLICATION_ID_PROPERTY = ".keydepot.application";
    private static final long ETK_IDENTIFIER_DEFAULT_VALUE = 820563481;
    private static Configuration config = ConfigFactory.getConfigValidator();
    private static final String CIN_NAMESPACE = "urn:be:cin:encrypted";
    private static final String ENCRYPTED_KNOWN_CONTENT = "EncryptedKnownContent";

    private BusinessContentEncryptor() {
    }

    public static byte[] encrypt(String str, byte[] bArr, String str2, String str3) throws TechnicalConnectorException {
        return handleEncryption(bArr, SessionUtil.getHolderOfKeyCrypto(), str, str2, str3);
    }

    private static byte[] handleEncryption(byte[] bArr, Crypto crypto, String str, String str2, String str3) throws TechnicalConnectorException {
        EncryptedKnownContent encryptedKnownContent = new EncryptedKnownContent();
        encryptedKnownContent.setReplyToEtk(KeyDepotManagerFactory.getKeyDepotManager().getETK(KeyDepotManager.EncryptionTokenType.HOLDER_OF_KEY).getEncoded());
        BusinessContent businessContent = new BusinessContent();
        String str4 = "_" + IdGeneratorFactory.getIdGenerator("uuid").generateId();
        businessContent.setId(str4);
        businessContent.setValue(bArr);
        businessContent.setContentEncoding("deflate");
        businessContent.setContentType(getContentType(str, str2, str3));
        encryptedKnownContent.setBusinessContent(businessContent);
        try {
            return encrypt(ConnectorXmlUtils.toDocument(encryptedKnownContent), crypto, str4, str);
        } catch (Exception e) {
            throw new TechnicalConnectorException(TechnicalConnectorExceptionValues.ERROR_TECHNICAL, e, new Object[]{e.getMessage()});
        }
    }

    private static String getContentType(String str, String str2, String str3) {
        String property = config.getProperty(str2 + ".blobbuilder." + str + "." + str3 + ".contenttype");
        if (property == null) {
            property = config.getProperty(str2 + ".blobbuilder." + str + ".contenttype");
        }
        return property;
    }

    private static byte[] encrypt(Document document, Crypto crypto, String str, String str2) throws TechnicalConnectorException, TransformerException, UnsupportedEncodingException {
        String stringOmittingXmlDeclaration = toStringOmittingXmlDeclaration(document.getElementsByTagNameNS(CIN_NAMESPACE, ENCRYPTED_KNOWN_CONTENT));
        SignatureBuilder signatureBuilder = SignatureBuilderFactory.getSignatureBuilder(AdvancedElectronicSignatureEnumeration.XAdES);
        HashMap hashMap = new HashMap();
        ArrayList arrayList = new ArrayList();
        arrayList.add("http://www.w3.org/2000/09/xmldsig#base64");
        arrayList.add("urn:nippin:xml:sig:transform:optional-deflate");
        hashMap.put("transformerList", arrayList);
        hashMap.put("baseURI", str);
        EncryptedKnownContent encryptedKnownContent = (EncryptedKnownContent) ConnectorXmlUtils.toObject(stringOmittingXmlDeclaration.getBytes("UTF-8"), EncryptedKnownContent.class);
        encryptedKnownContent.getBusinessContent().setValue(ConnectorIOUtils.compress(encryptedKnownContent.getBusinessContent().getValue(), "deflate"));
        encryptedKnownContent.setXades(signatureBuilder.sign(Session.getInstance().getSession().getEncryptionCredential(), ConnectorXmlUtils.toByteArray(encryptedKnownContent.getBusinessContent()), hashMap));
        return seal(crypto, ConnectorXmlUtils.toByteArray(encryptedKnownContent), str2);
    }

    private static String toStringOmittingXmlDeclaration(NodeList nodeList) throws TransformerException {
        StringBuilder sb = new StringBuilder();
        Transformer newTransformer = TransformerFactory.newInstance().newTransformer();
        newTransformer.setOutputProperty("omit-xml-declaration", "yes");
        for (int i = 0; i < nodeList.getLength(); i++) {
            StringWriter stringWriter = new StringWriter();
            newTransformer.transform(new DOMSource(nodeList.item(i)), new StreamResult(stringWriter));
            sb.append(stringWriter.toString());
        }
        return sb.toString();
    }

    private static byte[] seal(Crypto crypto, byte[] bArr, String str) throws TechnicalConnectorException {
        return crypto.seal(Crypto.SigningPolicySelector.WITH_NON_REPUDIATION, getHubEtk(str), bArr);
    }

    private static Set<EncryptionToken> getHubEtk(String str) throws TechnicalConnectorException {
        String property = config.getProperty(str + IDENTIFIER_TYPE_PROPERTY, "CBE");
        Long longProperty = config.getLongProperty(str + IDENTIFIER_VALUE_PROPERTY, Long.valueOf(ETK_IDENTIFIER_DEFAULT_VALUE));
        String property2 = config.getProperty(str + APPLICATION_ID_PROPERTY, "");
        if (IdentifierType.lookup(property, (String) null, 48) == null) {
            throw new IllegalStateException("invalid configuration : identifier with type ]" + property + "[ for source ETKDEPOT not found");
        }
        return KeyDepotManagerFactory.getKeyDepotManager().getEtkSet(IdentifierType.CBE, longProperty, property2);
    }
}
