package com.helger.peppol.as2servlet;

import com.helger.as2lib.exception.OpenAS2Exception;
import com.helger.as2lib.exception.WrappedOpenAS2Exception;
import com.helger.as2lib.message.AS2Message;
import com.helger.as2lib.message.IMessage;
import com.helger.as2lib.processor.module.AbstractProcessorModule;
import com.helger.commons.ValueEnforcer;
import com.helger.commons.collection.impl.ICommonsList;
import com.helger.commons.http.HttpHeaderMap;
import com.helger.commons.lang.ServiceLoaderHelper;
import com.helger.commons.state.ETriState;
import com.helger.commons.string.StringHelper;
import com.helger.peppol.sbdh.PeppolSBDHDocument;
import com.helger.peppol.sbdh.read.PeppolSBDHDocumentReader;
import com.helger.peppol.smp.ESMPTransportProfile;
import com.helger.peppol.smp.EndpointType;
import com.helger.peppol.smpclient.SMPClientReadOnly;
import com.helger.peppolid.IDocumentTypeIdentifier;
import com.helger.peppolid.IParticipantIdentifier;
import com.helger.peppolid.IProcessIdentifier;
import com.helger.sbdh.SBDMarshaller;
import com.helger.security.certificate.CertificateHelper;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Iterator;
import java.util.Map;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.unece.cefact.namespaces.sbdh.StandardBusinessDocument;

/* loaded from: input_file:com/helger/peppol/as2servlet/AS2ServletSBDModule.class */
public class AS2ServletSBDModule extends AbstractProcessorModule {
    private static final Logger LOGGER = LoggerFactory.getLogger(AS2ServletSBDModule.class);
    private final EPeppolAS2Version m_eAS2Version;
    private final ICommonsList<IAS2IncomingSBDHandlerSPI> m_aHandlers;

    public AS2ServletSBDModule(@Nonnull EPeppolAS2Version ePeppolAS2Version) {
        ValueEnforcer.notNull(ePeppolAS2Version, "AS2Version");
        this.m_eAS2Version = ePeppolAS2Version;
        this.m_aHandlers = ServiceLoaderHelper.getAllSPIImplementations(IAS2IncomingSBDHandlerSPI.class);
        if (this.m_aHandlers.isEmpty()) {
            LOGGER.warn("No SPI handler of type " + IAS2IncomingSBDHandlerSPI.class.getName() + " for incoming SBD documents is registered. Therefore incoming documents will NOT be handled and maybe discarded if no other processors are active!");
        } else if (LOGGER.isDebugEnabled()) {
            LOGGER.debug("Loaded " + this.m_aHandlers.size() + " IAS2IncomingSBDHandlerSPI implementations");
        }
    }

    public boolean canHandle(@Nonnull String str, @Nonnull IMessage iMessage, @Nullable Map<String, Object> map) {
        return "store".equals(str) && (iMessage instanceof AS2Message);
    }

    @Nullable
    private static EndpointType _getReceiverEndpoint(@Nullable IParticipantIdentifier iParticipantIdentifier, @Nullable IDocumentTypeIdentifier iDocumentTypeIdentifier, @Nullable IProcessIdentifier iProcessIdentifier, @Nonnull String str) throws OpenAS2Exception {
        SMPClientReadOnly sMPClient = AS2PeppolServletConfiguration.getSMPClient();
        if (sMPClient == null) {
            throw new OpenAS2Exception(str + " No SMP client configured!");
        }
        if (iParticipantIdentifier == null || iDocumentTypeIdentifier == null || iProcessIdentifier == null) {
            return null;
        }
        try {
            if (LOGGER.isDebugEnabled()) {
                LOGGER.debug(str + " Looking up the endpoint of recipient " + iParticipantIdentifier.getURIEncoded() + " at SMP URL '" + sMPClient.getSMPHostURI() + "' for " + iParticipantIdentifier.getURIEncoded() + " and " + iDocumentTypeIdentifier.getURIEncoded() + " and " + iProcessIdentifier.getURIEncoded());
            }
            return sMPClient.getEndpoint(iParticipantIdentifier, iDocumentTypeIdentifier, iProcessIdentifier, ESMPTransportProfile.TRANSPORT_PROFILE_AS2);
        } catch (Throwable th) {
            throw new OpenAS2Exception(str + " Failed to retrieve endpoint of recipient " + iParticipantIdentifier.getURIEncoded(), th);
        }
    }

    private static void _checkIfReceiverEndpointURLMatches(@Nonnull EndpointType endpointType, @Nonnull String str) throws OpenAS2Exception {
        String aS2EndpointURL = AS2PeppolServletConfiguration.getAS2EndpointURL();
        if (StringHelper.hasNoText(aS2EndpointURL)) {
            throw new OpenAS2Exception("The endpoint URL of this AP is not configured!");
        }
        if (LOGGER.isDebugEnabled()) {
            LOGGER.debug(str + " Our AP URL is " + aS2EndpointURL);
        }
        String endpointAddress = SMPClientReadOnly.getEndpointAddress(endpointType);
        if (LOGGER.isDebugEnabled()) {
            LOGGER.debug(str + " Recipient AP URL is " + endpointAddress);
        }
        if (endpointAddress == null || !endpointAddress.contains(aS2EndpointURL)) {
            String str2 = str + " Internal error: The request is targeted for '" + endpointAddress + "' and is not for us (" + aS2EndpointURL + ")";
            LOGGER.error(str2);
            throw new OpenAS2Exception(str2);
        }
    }

    private static void _checkIfEndpointCertificateMatches(@Nonnull EndpointType endpointType, @Nonnull String str) throws OpenAS2Exception {
        X509Certificate aPCertificate = AS2PeppolServletConfiguration.getAPCertificate();
        if (aPCertificate == null) {
            throw new OpenAS2Exception("The certificate of this AP is not configured!");
        }
        String certificate = endpointType.getCertificate();
        try {
            X509Certificate convertStringToCertficate = CertificateHelper.convertStringToCertficate(certificate);
            if (convertStringToCertficate == null) {
                throw new OpenAS2Exception(str + " No certificate found in looked up endpoint! Is this AP maybe NOT contained in an SMP?");
            }
            if (LOGGER.isDebugEnabled()) {
                LOGGER.debug(str + " Conformant recipient certificate present: " + convertStringToCertficate.toString());
            }
            if (!aPCertificate.getSerialNumber().equals(convertStringToCertficate.getSerialNumber())) {
                String str2 = str + " Certificate retrieved from SMP lookup (" + convertStringToCertficate + ") does not match this APs configured Certificate (" + aPCertificate + ") - different serial numbers - ignoring document";
                LOGGER.error(str2);
                throw new OpenAS2Exception(str2);
            }
            if (LOGGER.isDebugEnabled()) {
                LOGGER.debug(str + " The certificate of the SMP lookup matches our certificate");
            }
        } catch (CertificateException e) {
            throw new OpenAS2Exception(str + " Internal error: Failed to convert looked up endpoint certificate string '" + certificate + "' to an X.509 certificate!", e);
        }
    }

    public void handle(@Nonnull String str, @Nonnull IMessage iMessage, @Nullable Map<String, Object> map) throws OpenAS2Exception {
        try {
            iMessage.partnership().setSigningAlgorithm(this.m_eAS2Version.getCryptoAlgorithmSign());
            iMessage.partnership().setVerifyUseCertificateInBodyPart(ETriState.TRUE);
            StandardBusinessDocument standardBusinessDocument = (StandardBusinessDocument) new SBDMarshaller().read(iMessage.getData().getInputStream());
            if (standardBusinessDocument == null) {
                throw new IllegalArgumentException("Failed to interpret the passed document as a Standard Business Document!");
            }
            if (AS2PeppolServletConfiguration.isReceiverCheckEnabled()) {
                PeppolSBDHDocument extractData = new PeppolSBDHDocumentReader().extractData(standardBusinessDocument);
                String instanceIdentifier = extractData.getInstanceIdentifier();
                EndpointType _getReceiverEndpoint = _getReceiverEndpoint(extractData.getReceiverAsIdentifier(), extractData.getDocumentTypeAsIdentifier(), extractData.getProcessAsIdentifier(), instanceIdentifier);
                if (_getReceiverEndpoint == null) {
                    throw new OpenAS2Exception(instanceIdentifier + " Failed to resolve endpoint for provided receiver/documentType/process - not handling document");
                }
                _checkIfReceiverEndpointURLMatches(_getReceiverEndpoint, instanceIdentifier);
                _checkIfEndpointCertificateMatches(_getReceiverEndpoint, instanceIdentifier);
            } else {
                LOGGER.info("Endpoint checks for the AS2 AP are disabled");
            }
            HttpHeaderMap clone = iMessage.headers().getClone();
            Iterator it = this.m_aHandlers.iterator();
            while (it.hasNext()) {
                ((IAS2IncomingSBDHandlerSPI) it.next()).handleIncomingSBD(clone, standardBusinessDocument);
            }
        } catch (Exception e) {
            throw WrappedOpenAS2Exception.wrap(e);
        }
    }
}
