package org.cdoc4j;

import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.io.PushbackInputStream;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.util.ArrayList;
import java.util.Base64;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.zip.ZipEntry;
import java.util.zip.ZipFile;
import java.util.zip.ZipInputStream;
import javax.crypto.Cipher;
import javax.crypto.CipherOutputStream;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.IvParameterSpec;
import javax.xml.xpath.XPathException;
import javax.xml.xpath.XPathExpressionException;
import org.apache.commons.io.IOUtils;
import org.apache.commons.io.input.CountingInputStream;
import org.bouncycastle.util.encoders.Hex;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Document;

/* loaded from: input_file:org/cdoc4j/CDOC.class */
public final class CDOC implements AutoCloseable {
    public static final String MIMETYPE = "application/x-cdoc+zip";
    public static final String RECIPIENTS_XML = "META-INF/recipients.xml";
    public static final String PAYLOAD_ZIP = "payload.zip";
    static final SecureRandom random;
    private static final Logger log = LoggerFactory.getLogger(CDOC.class);
    public CountingInputStream counter;
    private Document xml;
    private transient SecretKey key;
    private ZipFile zf;
    private ZipInputStream zis;
    private ZipEntry currentEntry;
    private ArrayList<Recipient> recipients;
    private Version version;
    private transient Map<String, byte[]> files = null;
    private EncryptionMethod algorithm;
    private boolean singleFile;

    /* loaded from: input_file:org/cdoc4j/CDOC$Version.class */
    public enum Version {
        CDOC_V1_0("CDOC-1.0"),
        CDOC_V1_1("CDOC-1.1"),
        CDOC_V2_0("CDOC-2.0");

        private final String name;

        Version(String str) {
            this.name = str;
        }

        @Override // java.lang.Enum
        public String toString() {
            return this.name;
        }
    }

    private CDOC(Document document, Version version, Collection<Recipient> collection) {
        this.singleFile = false;
        this.xml = document;
        this.recipients = new ArrayList<>(collection);
        this.version = version;
        if (document.getDocumentElement().hasAttribute("MimeType") && !document.getDocumentElement().getAttribute("MimeType").equals("http://www.sk.ee/DigiDoc/v1.3.0/digidoc.xsd")) {
            this.singleFile = true;
        }
        log.trace("Loaded CDOC with {} recipients", Integer.valueOf(collection.size()));
    }

    public static String getLibraryVersion() {
        String str = "unknown-development";
        try {
            InputStream resourceAsStream = CDOC.class.getResourceAsStream("pro_version.txt");
            if (resourceAsStream != null) {
                try {
                    BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(resourceAsStream, "UTF-8"));
                    try {
                        str = bufferedReader.readLine();
                        bufferedReader.close();
                    } catch (Throwable th) {
                        try {
                            bufferedReader.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                        throw th;
                    }
                } finally {
                }
            }
            if (resourceAsStream != null) {
                resourceAsStream.close();
            }
        } catch (IOException e) {
            str = "unknown-error";
        }
        return str;
    }

    public static CDOCBuilder builder() {
        return new CDOCBuilder();
    }

    public static CDOC open(File file) throws IOException, CertificateException {
        PushbackInputStream pushbackInputStream = new PushbackInputStream(new FileInputStream(file), 2);
        try {
            byte[] bArr = new byte[2];
            if (pushbackInputStream.read(bArr, 0, bArr.length) != bArr.length) {
                throw new IOException("Not enough bytes to read file magic!");
            }
            pushbackInputStream.unread(bArr);
            if (bArr[0] != 80 || bArr[1] != 75) {
                CDOC from = from(pushbackInputStream);
                pushbackInputStream.close();
                return from;
            }
            ZipFile zipFile = new ZipFile(file);
            ZipEntry entry = zipFile.getEntry(RECIPIENTS_XML);
            if (entry == null) {
                zipFile.close();
                throw new IOException("META-INF/recipients.xml not found!");
            }
            try {
                InputStream inputStream = zipFile.getInputStream(entry);
                try {
                    Document stream2dom = XML.stream2dom(inputStream);
                    CDOC cdoc = new CDOC(stream2dom, Version.CDOC_V2_0, XMLENC.parseRecipientsXML(stream2dom));
                    cdoc.zf = zipFile;
                    if (inputStream != null) {
                        inputStream.close();
                    }
                    pushbackInputStream.close();
                    return cdoc;
                } catch (Throwable th) {
                    if (inputStream != null) {
                        try {
                            inputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    }
                    throw th;
                }
            } catch (IOException e) {
                zipFile.close();
                throw new IOException("META-INF/recipients.xml reading failed!", e);
            }
        } catch (Throwable th3) {
            try {
                pushbackInputStream.close();
            } catch (Throwable th4) {
                th3.addSuppressed(th4);
            }
            throw th3;
        }
    }

    public static boolean isCDOC(File file) throws IOException {
        boolean z;
        if (file.isFile() && file.getName().toLowerCase().endsWith(".cdoc")) {
            return true;
        }
        FileInputStream fileInputStream = new FileInputStream(file);
        try {
            byte[] bArr = new byte[38 + MIMETYPE.length()];
            if (fileInputStream.read(bArr, 0, bArr.length) < bArr.length) {
                fileInputStream.close();
                return false;
            }
            String str = new String(bArr, 0, 2, StandardCharsets.US_ASCII.name());
            String str2 = new String(bArr, 30, 8, StandardCharsets.US_ASCII.name());
            String str3 = new String(bArr, 38, MIMETYPE.length(), StandardCharsets.US_ASCII.name());
            if (str.equals("PK") && str2.equals("mimetype")) {
                if (str3.equals(MIMETYPE)) {
                    z = true;
                    boolean z2 = z;
                    fileInputStream.close();
                    return z2;
                }
            }
            z = false;
            boolean z22 = z;
            fileInputStream.close();
            return z22;
        } catch (Throwable th) {
            try {
                fileInputStream.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    private static CDOC fromXMLStream(InputStream inputStream) throws IOException, CertificateException {
        Document stream2dom = XML.stream2dom(inputStream);
        try {
            EncryptionMethod fromURI = EncryptionMethod.fromURI(XML.xPath.evaluate("/xenc:EncryptedData/xenc:EncryptionMethod/@Algorithm", stream2dom));
            if (fromURI == null) {
                throw new IOException("EncryptionMethod/@Algorithm not found");
            }
            return new CDOC(stream2dom, fromURI == EncryptionMethod.AES256_GCM ? Version.CDOC_V1_1 : Version.CDOC_V1_0, XMLENC.parseRecipientsXML(stream2dom));
        } catch (XPathExpressionException e) {
            throw new IOException("Could not extract EncryptionMethod/@Algorithm", e);
        }
    }

    private static CDOC fromZIPStream(InputStream inputStream) throws IOException, CertificateException {
        ZipInputStream zipInputStream = new ZipInputStream(inputStream, StandardCharsets.UTF_8);
        while (true) {
            ZipEntry nextEntry = zipInputStream.getNextEntry();
            if (nextEntry == null) {
                throw new IOException("META-INF/recipients.xml not found!");
            }
            if (!nextEntry.isDirectory() && nextEntry.getName().equals(RECIPIENTS_XML)) {
                Document stream2dom = XML.stream2dom(zipInputStream);
                CDOC cdoc = new CDOC(stream2dom, Version.CDOC_V2_0, XMLENC.parseRecipientsXML(stream2dom));
                cdoc.zis = zipInputStream;
                cdoc.currentEntry = nextEntry;
                return cdoc;
            }
        }
    }

    public static CDOC from(InputStream inputStream) throws IOException, CertificateException {
        PushbackInputStream pushbackInputStream = new PushbackInputStream(inputStream, 2);
        byte[] bArr = new byte[2];
        if (pushbackInputStream.read(bArr, 0, bArr.length) != bArr.length) {
            throw new IOException("Not enough bytes to read file magic!");
        }
        pushbackInputStream.unread(bArr);
        return (bArr[0] == 80 && bArr[1] == 75) ? fromZIPStream(pushbackInputStream) : fromXMLStream(pushbackInputStream);
    }

    public List<Recipient> getRecipients() {
        return Collections.unmodifiableList(this.recipients);
    }

    public EncryptionMethod getAlgorithm() {
        if (this.algorithm == null) {
            try {
                this.algorithm = EncryptionMethod.fromURI(XML.xPath.evaluate("/xenc:EncryptedData/xenc:EncryptionMethod/@Algorithm", this.xml));
            } catch (XPathExpressionException e) {
                log.error("EncryptionMethod/@Algorithm not found: {} ", e.getMessage());
            }
        }
        return this.algorithm;
    }

    public String preSharedKey() {
        try {
            return XML.xPath.evaluate("/xenc:EncryptedData/ds:KeyInfo/ds:KeyName", this.xml);
        } catch (XPathExpressionException e) {
            log.error("KeyInfo/KeyName not found: {}", e.getMessage(), e);
            return null;
        }
    }

    private InputStream getPayloadStream() throws IOException {
        if (this.version == Version.CDOC_V1_1 || this.version == Version.CDOC_V1_0) {
            return new ByteArrayInputStream(getPayloadBytes());
        }
        if (this.version != Version.CDOC_V2_0) {
            throw new IllegalStateException("Unknown version: " + this.version);
        }
        if (this.zf != null) {
            ZipEntry entry = this.zf.getEntry(PAYLOAD_ZIP);
            if (entry == null) {
                throw new IOException("payload.zip not found!");
            }
            return this.zf.getInputStream(entry);
        }
        while (this.currentEntry != null) {
            if (!this.currentEntry.isDirectory() && this.currentEntry.getName().equals(PAYLOAD_ZIP)) {
                return this.zis;
            }
            this.currentEntry = this.zis.getNextEntry();
        }
        throw new IOException("payload.zip not found!");
    }

    private byte[] getPayloadBytes() throws IOException {
        byte[] decode;
        if (this.version == Version.CDOC_V1_1 || this.version == Version.CDOC_V1_0) {
            try {
                decode = Base64.getMimeDecoder().decode(XML.xPath.evaluate("/xenc:EncryptedData/xenc:CipherData/xenc:CipherValue", this.xml));
            } catch (XPathException e) {
                throw new IOException("Could not extract payload", e);
            }
        } else {
            if (this.version != Version.CDOC_V2_0) {
                throw new IllegalStateException("Unknown version: " + this.version);
            }
            decode = IOUtils.toByteArray(getPayloadStream());
        }
        log.trace("getPayloadBytes size: {}", Integer.valueOf(decode.length));
        return decode;
    }

    public void decrypt(SecretKey secretKey, OutputStream outputStream) throws IOException, GeneralSecurityException {
        InputStream payloadStream = getPayloadStream();
        try {
            if (this.version == Version.CDOC_V1_0) {
                byte[] bArr = new byte[16];
                if (payloadStream.read(bArr, 0, bArr.length) != bArr.length) {
                    throw new IOException("Not enought bytes to read IV");
                }
                Cipher cipher = Cipher.getInstance(getAlgorithm().getCipherName());
                cipher.init(2, secretKey, new IvParameterSpec(bArr));
                ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                CipherOutputStream cipherOutputStream = new CipherOutputStream(byteArrayOutputStream, cipher);
                try {
                    IOUtils.copy(payloadStream, cipherOutputStream);
                    cipherOutputStream.close();
                    IOUtils.copy(new ByteArrayInputStream(Legacy.unpad(byteArrayOutputStream.toByteArray())), outputStream);
                } finally {
                }
            } else {
                byte[] bArr2 = new byte[12];
                if (payloadStream.read(bArr2, 0, bArr2.length) != bArr2.length) {
                    throw new IOException("Not enought bytes to read IV");
                }
                log.trace("IV: {}", Hex.toHexString(bArr2));
                Cipher cipher2 = Cipher.getInstance(getAlgorithm().getCipherName());
                cipher2.init(2, secretKey, new GCMParameterSpec(128, bArr2));
                byte[] doFinal = cipher2.doFinal(IOUtils.toByteArray(payloadStream));
                log.trace("Plaintext is {} bytes", Integer.valueOf(doFinal.length));
                IOUtils.copy(new ByteArrayInputStream(doFinal), outputStream);
            }
            if (payloadStream != null) {
                payloadStream.close();
            }
        } catch (Throwable th) {
            if (payloadStream != null) {
                try {
                    payloadStream.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    public ZipInputStream getZipInputStream(SecretKey secretKey) throws IOException, GeneralSecurityException {
        if (this.version != Version.CDOC_V2_0) {
            throw new IllegalStateException("ZIP input stream is only available for CDOC 2.0");
        }
        InputStream payloadStream = getPayloadStream();
        try {
            byte[] bArr = new byte[12];
            if (payloadStream.read(bArr, 0, bArr.length) != bArr.length) {
                throw new IOException("Not enought bytes to read IV");
            }
            log.trace("IV: {}", Hex.toHexString(bArr));
            Cipher cipher = Cipher.getInstance(getAlgorithm().getCipherName());
            cipher.init(2, secretKey, new GCMParameterSpec(128, bArr));
            byte[] doFinal = cipher.doFinal(IOUtils.toByteArray(payloadStream));
            log.trace("Plaintext is {} bytes", Integer.valueOf(doFinal.length));
            ZipInputStream zipInputStream = new ZipInputStream(new ByteArrayInputStream(doFinal));
            if (payloadStream != null) {
                payloadStream.close();
            }
            return zipInputStream;
        } catch (Throwable th) {
            if (payloadStream != null) {
                try {
                    payloadStream.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    public Map<String, byte[]> getFiles(SecretKey secretKey) throws IOException, GeneralSecurityException {
        if (this.files == null) {
            if (this.version == Version.CDOC_V1_0 || this.version == Version.CDOC_V1_1) {
                ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                decrypt(secretKey, byteArrayOutputStream);
                if (this.singleFile) {
                    this.files = new HashMap();
                    this.files.put("payload.blah", byteArrayOutputStream.toByteArray());
                } else {
                    this.files = Legacy.extractPayload(byteArrayOutputStream.toByteArray());
                }
            } else {
                if (this.version != Version.CDOC_V2_0) {
                    throw new IllegalStateException("Unknown version");
                }
                ZipInputStream zipInputStream = getZipInputStream(secretKey);
                try {
                    this.files = new HashMap();
                    while (true) {
                        ZipEntry nextEntry = zipInputStream.getNextEntry();
                        if (nextEntry == null) {
                            break;
                        }
                        log.trace("Extracting {}", nextEntry.getName());
                        this.files.put(nextEntry.getName(), IOUtils.toByteArray(zipInputStream));
                    }
                    if (zipInputStream != null) {
                        zipInputStream.close();
                    }
                } catch (Throwable th) {
                    if (zipInputStream != null) {
                        try {
                            zipInputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    }
                    throw th;
                }
            }
        }
        return this.files;
    }

    public Version getVersion() {
        return this.version;
    }

    @Override // java.lang.AutoCloseable
    public void close() throws IOException {
        if (this.zf != null) {
            this.zf.close();
        }
        if (this.zis != null) {
            this.zis.close();
        }
    }

    static {
        try {
            random = SecureRandom.getInstanceStrong();
            random.nextBytes(new byte[2]);
            log.info("Using {} from {} for random (IV, keys)", random.getAlgorithm(), random.getProvider());
        } catch (NoSuchAlgorithmException e) {
            throw new IllegalStateException("Can't run", e);
        }
    }
}
