package be.ehealth.businessconnector.mycarenet.attestv2.builders.impl;

import be.cin.encrypted.EncryptedKnownContent;
import be.ehealth.business.mycarenetcommons.mapper.v3.BlobMapper;
import be.ehealth.business.mycarenetdomaincommons.domain.Blob;
import be.ehealth.businessconnector.mycarenet.attestv2.builders.ResponseObjectBuilder;
import be.ehealth.businessconnector.mycarenet.attestv2.domain.SendAttestBuilderRequest;
import be.ehealth.businessconnector.mycarenet.attestv2.domain.SignedBuilderResponse;
import be.ehealth.businessconnector.mycarenet.attestv2.domain.SignedEncryptedBuilderResponse;
import be.ehealth.technicalconnector.config.impl.ConfigurationModuleBootstrap;
import be.ehealth.technicalconnector.exception.TechnicalConnectorException;
import be.ehealth.technicalconnector.exception.TechnicalConnectorExceptionValues;
import be.ehealth.technicalconnector.service.etee.Crypto;
import be.ehealth.technicalconnector.utils.ConnectorXmlUtils;
import be.ehealth.technicalconnector.utils.MarshallerHelper;
import be.ehealth.technicalconnector.utils.SessionUtil;
import be.ehealth.technicalconnector.utils.impl.JaxbContextFactory;
import be.fgov.ehealth.mycarenet.attest.protocol.v2.CancelAttestationRequest;
import be.fgov.ehealth.mycarenet.attest.protocol.v2.CancelAttestationResponse;
import be.fgov.ehealth.mycarenet.attest.protocol.v2.SendAttestationResponse;
import be.fgov.ehealth.mycarenet.commons.core.v3.BlobType;
import be.fgov.ehealth.mycarenet.commons.protocol.v3.SendResponseType;
import be.fgov.ehealth.standards.kmehr.mycarenet.schema.v1.Kmehrmessage;
import be.fgov.ehealth.technicalconnector.signature.AdvancedElectronicSignatureEnumeration;
import be.fgov.ehealth.technicalconnector.signature.SignatureBuilderFactory;
import be.fgov.ehealth.technicalconnector.signature.domain.SignatureVerificationError;
import be.fgov.ehealth.technicalconnector.signature.domain.SignatureVerificationResult;
import java.util.HashMap;
import org.apache.commons.lang.ArrayUtils;
import org.w3c.dom.Document;

/* loaded from: input_file:be/ehealth/businessconnector/mycarenet/attestv2/builders/impl/ResponseObjectBuilderImpl.class */
public class ResponseObjectBuilderImpl implements ResponseObjectBuilder, ConfigurationModuleBootstrap.ModuleBootstrapHook {
    @Override // be.ehealth.businessconnector.mycarenet.attestv2.builders.ResponseObjectBuilder
    public final SignedEncryptedBuilderResponse handleSendResponseType(SendResponseType sendResponseType, SendAttestBuilderRequest sendAttestBuilderRequest) throws TechnicalConnectorException {
        if (sendResponseType == null) {
            throw new TechnicalConnectorException(TechnicalConnectorExceptionValues.ERROR_INPUT_PARAMETER_NULL, new Object[]{"sendResponse"});
        }
        if (sendAttestBuilderRequest == null) {
            throw new TechnicalConnectorException(TechnicalConnectorExceptionValues.ERROR_INPUT_PARAMETER_NULL, new Object[]{"builderRequest"});
        }
        if (sendAttestBuilderRequest.getBusinessContent() == null) {
            throw new TechnicalConnectorException(TechnicalConnectorExceptionValues.ERROR_INPUT_PARAMETER_NULL, new Object[]{"builderRequest.getBusinessContent"});
        }
        byte[] unsealedData = getUnsealedData(BlobMapper.mapBlobfromBlobType(sendResponseType.getReturn().getDetail()));
        EncryptedKnownContent encryptedKnownContent = (EncryptedKnownContent) new MarshallerHelper(EncryptedKnownContent.class, EncryptedKnownContent.class).toObject(unsealedData);
        if (encryptedKnownContent.getXades() != null) {
            byte[] xades = encryptedKnownContent.getXades();
            return new SignedEncryptedBuilderResponse(encryptedKnownContent, verifySignature(xades, appendRequestToDataToVerify(encryptedKnownContent, sendAttestBuilderRequest.getBusinessContent())), unsealedData, ArrayUtils.clone(xades));
        }
        SignatureVerificationResult signatureVerificationResult = new SignatureVerificationResult();
        signatureVerificationResult.getErrors().add(SignatureVerificationError.SIGNATURE_NOT_PRESENT);
        return new SignedEncryptedBuilderResponse(encryptedKnownContent, signatureVerificationResult, unsealedData, null);
    }

    @Override // be.ehealth.businessconnector.mycarenet.attestv2.builders.ResponseObjectBuilder
    public SignedBuilderResponse handleCancelResponseType(SendResponseType sendResponseType, CancelAttestationRequest cancelAttestationRequest) throws TechnicalConnectorException {
        if (sendResponseType == null) {
            throw new TechnicalConnectorException(TechnicalConnectorExceptionValues.ERROR_INPUT_PARAMETER_NULL, new Object[]{"sendResponse"});
        }
        if (cancelAttestationRequest == null) {
            throw new TechnicalConnectorException(TechnicalConnectorExceptionValues.ERROR_INPUT_PARAMETER_NULL, new Object[]{"cancelAttestationRequest"});
        }
        if (sendResponseType.getReturn().getXadesT() != null && sendResponseType.getReturn().getXadesT().getValue() != null) {
            byte[] value = sendResponseType.getReturn().getXadesT().getValue();
            return new SignedBuilderResponse(value, sendResponseType.getReturn().getDetail().getValue(), verifySignature(value, appendRequestToDataToVerify(sendResponseType, cancelAttestationRequest)));
        }
        SignatureVerificationResult signatureVerificationResult = new SignatureVerificationResult();
        signatureVerificationResult.getErrors().add(SignatureVerificationError.SIGNATURE_NOT_PRESENT);
        return new SignedBuilderResponse(sendResponseType.getReturn().getDetail().getValue(), signatureVerificationResult);
    }

    private byte[] appendRequestToDataToVerify(Object obj, Object obj2) throws TechnicalConnectorException {
        Document document = ConnectorXmlUtils.toDocument(obj);
        ConnectorXmlUtils.getFirstChildElement(document).appendChild(document.importNode(ConnectorXmlUtils.toElement(ConnectorXmlUtils.toByteArray(obj2)), true));
        return ConnectorXmlUtils.toByteArray(document);
    }

    private byte[] getUnsealedData(Blob blob) throws TechnicalConnectorException {
        return SessionUtil.getHolderOfKeyCrypto().unseal(Crypto.SigningPolicySelector.WITHOUT_NON_REPUDIATION, blob.getContent()).getContentAsByte();
    }

    private SignatureVerificationResult verifySignature(byte[] bArr, byte[] bArr2) throws TechnicalConnectorException {
        HashMap hashMap = new HashMap();
        hashMap.put("followNestedManifest", true);
        return SignatureBuilderFactory.getSignatureBuilder(AdvancedElectronicSignatureEnumeration.XAdES_T).verify(bArr2, bArr, hashMap);
    }

    public void bootstrap() {
        JaxbContextFactory.initJaxbContext(new Class[]{BlobType.class});
        JaxbContextFactory.initJaxbContext(new Class[]{SendAttestationResponse.class});
        JaxbContextFactory.initJaxbContext(new Class[]{CancelAttestationResponse.class});
        JaxbContextFactory.initJaxbContext(new Class[]{SendResponseType.class});
        JaxbContextFactory.initJaxbContext(new Class[]{Kmehrmessage.class});
    }
}
