package be.fgov.ehealth.technicalconnector.signature.impl.tsa.impl;

import be.ehealth.technicalconnector.config.ConfigFactory;
import be.ehealth.technicalconnector.exception.TechnicalConnectorException;
import be.ehealth.technicalconnector.exception.TechnicalConnectorExceptionValues;
import be.ehealth.technicalconnector.service.sts.security.Credential;
import be.ehealth.technicalconnector.session.Session;
import be.ehealth.technicalconnector.utils.ConfigurableImplementation;
import be.ehealth.technicalconnector.utils.ConnectorCryptoUtils;
import be.ehealth.technicalconnector.ws.ServiceFactory;
import be.ehealth.technicalconnector.ws.domain.GenericRequest;
import be.fgov.ehealth.technicalconnector.signature.domain.XadesOption;
import be.fgov.ehealth.technicalconnector.signature.impl.SignatureUtils;
import be.fgov.ehealth.technicalconnector.signature.impl.tsa.TimestampGenerator;
import java.util.Map;
import javax.xml.soap.SOAPException;
import javax.xml.ws.soap.SOAPFaultException;
import oasis.names.tc.dss._1_0.core.schema.DocumentHash;
import oasis.names.tc.dss._1_0.core.schema.InputDocuments;
import oasis.names.tc.dss._1_0.core.schema.SignRequest;
import oasis.names.tc.dss._1_0.core.schema.SignResponse;
import oasis.names.tc.dss._1_0.core.schema.Timestamp;
import org.apache.xml.security.algorithms.JCEMapper;
import org.w3._2000._09.xmldsig.DigestMethod;

/* loaded from: input_file:be/fgov/ehealth/technicalconnector/signature/impl/tsa/impl/TimeStampGeneratorImpl.class */
public class TimeStampGeneratorImpl implements ConfigurableImplementation, TimestampGenerator {
    private static final String ENDPOINT_TS_AUTHORITY_V2 = "endpoint.ts.authority.v2";
    private Map<String, Object> options;

    @Override // be.fgov.ehealth.technicalconnector.signature.impl.tsa.TimestampGenerator
    public byte[] generate(String str, String str2, byte[] bArr) throws TechnicalConnectorException {
        GenericRequest genericRequest = new GenericRequest();
        genericRequest.setPayload(generateSignRequest(str, str2, bArr));
        Credential credential = (Credential) SignatureUtils.getOption(XadesOption.SIGNATURETIMESTAMP_CREDENTIAL, this.options, Session.getInstance().getSession().getHolderOfKeyCredential());
        if (credential == null) {
            throw new TechnicalConnectorException(TechnicalConnectorExceptionValues.ERROR_GENERAL, new Object[]{"SignatureTimestampCredentialis empty or no active session."});
        }
        genericRequest.setCertificateSecured(credential.getCertificate(), credential.getPrivateKey());
        String str3 = (String) SignatureUtils.getOption(XadesOption.SIGNATURETIMESTAMP_TSA_URL, this.options, ConfigFactory.getConfigValidator().getProperty(ENDPOINT_TS_AUTHORITY_V2));
        if (str3 == null || str3.isEmpty()) {
            throw new TechnicalConnectorException(TechnicalConnectorExceptionValues.ERROR_GENERAL, new Object[]{"SignatureTimestampEndpointTimestampAuthorityis empty or property endpoint.ts.authority.v2 is not present in the properties."});
        }
        genericRequest.setEndpoint(str3);
        genericRequest.setSoapAction("urn:be:fgov:ehealth:timestamping:protocol:v2:stamp");
        genericRequest.setDefaultHandlerChain();
        try {
            SignResponse signResponse = (SignResponse) ServiceFactory.getGenericWsSender().send(genericRequest).asObject(SignResponse.class);
            if (!"urn:oasis:names:tc:dss:1.0:resultmajor:Success".equals(signResponse.getResult().getResultMajor())) {
                throw new TechnicalConnectorException(TechnicalConnectorExceptionValues.ERROR_GENERAL, new Object[]{signResponse.getResult().getResultMajor() + " : minor result : " + signResponse.getResult().getResultMinor() + " message: " + signResponse.getResult().getResultMessage()});
            }
            Timestamp timestamp = signResponse.getSignatureObject().getTimestamp();
            if (timestamp.getOther() != null) {
                throw new UnsupportedOperationException("Only RFC3161 TimeStampToken is supported.");
            }
            return timestamp.getRFC3161TimeStampToken();
        } catch (SOAPException e) {
            throw new TechnicalConnectorException(TechnicalConnectorExceptionValues.ERROR_GENERAL, e, new Object[]{"Unable to invoke TimestampAuthority"});
        } catch (SOAPFaultException e2) {
            throw new TechnicalConnectorException(TechnicalConnectorExceptionValues.ERROR_GENERAL, e2, new Object[]{"Unable to invoke TimestampAuthority"});
        }
    }

    private SignRequest generateSignRequest(String str, String str2, byte[] bArr) throws TechnicalConnectorException {
        SignRequest signRequest = new SignRequest();
        signRequest.setRequestID(str);
        signRequest.setProfile((String) SignatureUtils.getOption(XadesOption.SIGNATURETIMESTAMP_PROFILE, this.options, "urn:ehealth:profiles:timestamping:2.1-cert"));
        InputDocuments inputDocuments = new InputDocuments();
        DocumentHash documentHash = new DocumentHash();
        documentHash.setDigestMethod(new DigestMethod());
        documentHash.getDigestMethod().setAlgorithm(str2);
        documentHash.setDigestValue(ConnectorCryptoUtils.calculateDigest(JCEMapper.translateURItoJCEID(str2), bArr));
        inputDocuments.getDocumentHash().add(documentHash);
        signRequest.setInputDocuments(inputDocuments);
        return signRequest;
    }

    public void initialize(Map<String, Object> map) throws TechnicalConnectorException {
        this.options = map;
    }
}
