package org.openprovenance.prov.service.signature;

import io.swagger.v3.oas.annotations.Operation;
import io.swagger.v3.oas.annotations.Parameter;
import io.swagger.v3.oas.annotations.responses.ApiResponse;
import io.swagger.v3.oas.annotations.tags.Tag;
import jakarta.servlet.http.HttpServletResponse;
import jakarta.ws.rs.GET;
import jakarta.ws.rs.HeaderParam;
import jakarta.ws.rs.Path;
import jakarta.ws.rs.PathParam;
import jakarta.ws.rs.core.Context;
import jakarta.ws.rs.core.Request;
import jakarta.ws.rs.core.Response;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.LinkedList;
import java.util.List;
import java.util.Optional;
import javax.xml.namespace.QName;
import org.apache.coheigea.santuario.xml.signature.TestSecurityEventListener;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.openprovenance.prov.interop.InteropMediaType;
import org.openprovenance.prov.model.exception.ParserException;
import org.openprovenance.prov.scala.immutable.ProvFactory;
import org.openprovenance.prov.scala.nf.DocumentProxyFromStatements;
import org.openprovenance.prov.scala.nf.Normalizer;
import org.openprovenance.prov.scala.nf.xml.XmlNfBean;
import org.openprovenance.prov.scala.nf.xml.XmlSignature;
import org.openprovenance.prov.service.core.ActionPerformer;
import org.openprovenance.prov.service.core.Constants;
import org.openprovenance.prov.service.core.EmptyOtherActionPerformer;
import org.openprovenance.prov.service.core.OtherActionPerformer;
import org.openprovenance.prov.service.core.PostService;
import org.openprovenance.prov.service.core.ServiceUtils;
import org.openprovenance.prov.storage.api.DocumentResource;
import org.openprovenance.prov.storage.api.ResourceIndex;
import scala.Tuple4;
import scala.collection.immutable.$colon;
import scala.collection.immutable.List$;

@Path("")
/* loaded from: input_file:org/openprovenance/prov/service/signature/SignatureService.class */
public class SignatureService implements Constants, InteropMediaType {
    private final ServiceUtils utils;
    String store;
    String storepass;
    String key;
    String keypass;
    static Logger logger = LogManager.getLogger(SignatureService.class);
    private static final String KEYSTORE_PATH = "keystore_path";
    static String keystorePathProperty = System.getProperty(KEYSTORE_PATH);
    private static final String KEYSTORE_PASS = "keystore_pass";
    static String keystorePassProperty = System.getProperty(KEYSTORE_PASS);
    private static final String KEYSTORE_KEY = "keystore_key";
    static String keystoreKeyProperty = System.getProperty(KEYSTORE_KEY);
    private static final String KEYSTORE_KEYPASS = "keystore_keypass";
    static String keystoreKeyPassProperty = System.getProperty(KEYSTORE_KEYPASS);

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/openprovenance/prov/service/signature/SignatureService$KeyAndCert.class */
    public static class KeyAndCert {
        public Key cryptoKey;
        public X509Certificate cert;

        public KeyAndCert(Key key, X509Certificate x509Certificate) {
            this.cryptoKey = key;
            this.cert = x509Certificate;
        }
    }

    public SignatureService(PostService postService) {
        this(postService, new LinkedList(), Optional.empty());
    }

    public SignatureService(PostService postService, List<ActionPerformer> list, Optional<OtherActionPerformer> optional) {
        this.store = keystorePathProperty == null ? "src/main/resources/clientstore.jks" : keystorePathProperty;
        this.storepass = keystorePassProperty == null ? "cspass" : keystorePassProperty;
        this.key = keystoreKeyProperty == null ? "myclientkey" : keystoreKeyProperty;
        this.keypass = keystoreKeyPassProperty == null ? "ckpass" : keystoreKeyPassProperty;
        this.utils = postService.getServiceUtils();
        postService.addToPerformers(PostService.addToList(new ActionNormalForm(this.utils), PostService.addToList(new ActionSignature(this.utils), PostService.addToList(new ActionCheck(this.utils), PostService.addToList(new ActionSign(this.utils), list)))));
        postService.addOtherPerformer(Optional.of(optional.orElse(new EmptyOtherActionPerformer())));
    }

    @Operation(summary = "Normal form Document", description = "", responses = {@ApiResponse(responseCode = "404", description = "Document not found")})
    @GET
    @Path("/documents/{docId}/nf")
    @Tag(name = "sig")
    public Response nf(@Context HttpServletResponse httpServletResponse, @Context Request request, @PathParam("docId") String str, @HeaderParam("Accept") @Parameter(name = "Accept", description = "Accept header parameter", example = "application/json,text/xml,application/xml", required = false) String str2) {
        ResourceIndex index = this.utils.getDocumentResourceIndex().getIndex();
        try {
            DocumentResource documentResource = index.get(str);
            if (documentResource == null) {
                Response composeResponseNotFoundResource = this.utils.composeResponseNotFoundResource(str);
                index.close();
                return composeResponseNotFoundResource;
            }
            try {
                Response build = ServiceUtils.composeResponseOK(getNormalFormDocumentProxy(documentResource)).type("text/xml").build();
                index.close();
                return build;
            } catch (ParserException e) {
                logger.throwing(e);
                Response composeResponseBadRequest = this.utils.composeResponseBadRequest("Not parsable input", e);
                index.close();
                return composeResponseBadRequest;
            } catch (Throwable th) {
                logger.throwing(th);
                Response composeResponseInternalServerError = this.utils.composeResponseInternalServerError("Failed to create a normal form", th);
                index.close();
                return composeResponseInternalServerError;
            }
        } catch (Throwable th2) {
            index.close();
            throw th2;
        }
    }

    @Operation(summary = "Signed Document", description = "", responses = {@ApiResponse(responseCode = "404", description = "Document not found")})
    @GET
    @Path("/documents/{docId}/signed")
    @Tag(name = "sig")
    public Response sign(@Context HttpServletResponse httpServletResponse, @Context Request request, @PathParam("docId") String str, @HeaderParam("Accept") @Parameter(name = "Accept", description = "Accept header parameter", example = "application/json,text/xml,application/xml", required = false) String str2) throws IOException {
        ResourceIndex index = this.utils.getDocumentResourceIndex().getIndex();
        try {
            DocumentResource documentResource = index.get(str);
            if (documentResource == null) {
                Response composeResponseNotFoundResource = this.utils.composeResponseNotFoundResource(str);
                index.close();
                return composeResponseNotFoundResource;
            }
            try {
                ByteArrayOutputStream signatureForNormalFormDocumentProxy = signatureForNormalFormDocumentProxy(getNormalFormDocumentProxy(documentResource), getKeyAndCertificate());
                ServiceUtils serviceUtils = this.utils;
                Response build = ServiceUtils.composeResponseOK(signatureForNormalFormDocumentProxy).type("text/xml").build();
                index.close();
                return build;
            } catch (IOException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException | CertificateException e) {
                e.printStackTrace();
                Response composeResponseNotFOUND = this.utils.composeResponseNotFOUND("problem with signature", e);
                index.close();
                return composeResponseNotFOUND;
            } catch (ParserException e2) {
                e2.printStackTrace();
                Response composeResponseBadRequest = this.utils.composeResponseBadRequest("Not parsable input", e2);
                index.close();
                return composeResponseBadRequest;
            }
        } catch (Throwable th) {
            index.close();
            throw th;
        }
    }

    public ByteArrayOutputStream signatureForNormalFormDocumentProxy(DocumentProxyFromStatements documentProxyFromStatements, KeyAndCert keyAndCert) throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException, FileNotFoundException, UnrecoverableKeyException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        XmlSignature.doSign(XmlSignature.toStreamReader(XmlNfBean.serializeToPipe(documentProxyFromStatements, "123")), byteArrayOutputStream, keyAndCert.cryptoKey, keyAndCert.cert);
        return byteArrayOutputStream;
    }

    public KeyAndCert getKeyAndCertificate() throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException, FileNotFoundException, UnrecoverableKeyException {
        KeyStore keyStore = KeyStore.getInstance("jks");
        keyStore.load(new FileInputStream(this.store), this.storepass.toCharArray());
        return new KeyAndCert(keyStore.getKey(this.key, this.keypass.toCharArray()), (X509Certificate) keyStore.getCertificate(this.key));
    }

    public DocumentProxyFromStatements getNormalFormDocumentProxy(DocumentResource documentResource) throws IOException {
        return Normalizer.fusion(ProvFactory.pf().newDocument(this.utils.getDocumentFromCacheOrStore(documentResource.getStorageId())));
    }

    @Operation(summary = "Signature object", description = "", responses = {@ApiResponse(responseCode = "404", description = "Document not found")})
    @GET
    @Path("/documents/{docId}/signature")
    @Tag(name = "sig")
    public Response signature(@Context HttpServletResponse httpServletResponse, @Context Request request, @PathParam("docId") String str, @HeaderParam("Accept") @Parameter(name = "Accept", description = "Accept header parameter", example = "application/json,text/xml,application/xml", required = false) String str2) throws IOException {
        ResourceIndex index = this.utils.getDocumentResourceIndex().getIndex();
        try {
            DocumentResource documentResource = index.get(str);
            if (documentResource == null) {
                Response composeResponseNotFoundResource = this.utils.composeResponseNotFoundResource(str);
                index.close();
                return composeResponseNotFoundResource;
            }
            DocumentProxyFromStatements normalFormDocumentProxy = getNormalFormDocumentProxy(documentResource);
            try {
                try {
                    KeyAndCert keyAndCertificate = getKeyAndCertificate();
                    byte[] byteArray = signatureForNormalFormDocumentProxy(normalFormDocumentProxy, keyAndCertificate).toByteArray();
                    $colon.colon colonVar = new $colon.colon(new QName("document"), List$.MODULE$.empty());
                    Tuple4 extractSignature = XmlSignature.extractSignature(XmlSignature.getEventListenerUsingStAX(new ByteArrayInputStream(byteArray), colonVar, keyAndCertificate.cert), colonVar);
                    System.err.println((String) extractSignature._1());
                    System.err.println(extractSignature._2());
                    System.err.println(extractSignature._3());
                    System.err.println(extractSignature._4());
                    ServiceUtils serviceUtils = this.utils;
                    Response build = ServiceUtils.composeResponseOK(extractSignature._1()).type("text/plain").build();
                    index.close();
                    return build;
                } catch (Throwable th) {
                    th.printStackTrace();
                    Response composeResponseNotFOUND = this.utils.composeResponseNotFOUND("problem with signature", th);
                    index.close();
                    return composeResponseNotFOUND;
                }
            } catch (ParserException e) {
                e.printStackTrace();
                Response composeResponseBadRequest = this.utils.composeResponseBadRequest("Not parsable input", e);
                index.close();
                return composeResponseBadRequest;
            }
        } catch (Throwable th2) {
            index.close();
            throw th2;
        }
    }

    @Operation(summary = "Signed Document", description = "", responses = {@ApiResponse(responseCode = "404", description = "Document not found")})
    @GET
    @Path("/documents/{docId}/check")
    @Tag(name = "sig")
    public Response check(@Context HttpServletResponse httpServletResponse, @Context Request request, @PathParam("docId") String str, @HeaderParam("Accept") @Parameter(name = "Accept", description = "Accept header parameter", example = "application/json,text/xml,application/xml", required = false) String str2) throws IOException {
        ResourceIndex index = this.utils.getDocumentResourceIndex().getIndex();
        try {
            DocumentResource documentResource = index.get(str);
            if (documentResource == null) {
                Response composeResponseNotFoundResource = this.utils.composeResponseNotFoundResource(str);
                index.close();
                return composeResponseNotFoundResource;
            }
            if (!(documentResource instanceof SignedDocumentResource)) {
                Response composeResponseNotFoundType = this.utils.composeResponseNotFoundType(str);
                index.close();
                return composeResponseNotFoundType;
            }
            SignedDocumentResource signedDocumentResource = (SignedDocumentResource) documentResource;
            DocumentProxyFromStatements normalFormDocumentProxy = getNormalFormDocumentProxy(documentResource);
            System.out.println("debug 1 --> " + normalFormDocumentProxy.toString());
            System.out.println("debug 2--> " + signedDocumentResource.getSignedfilepath());
            SignatureCheck signatureCheck = new SignatureCheck();
            signatureCheck.samesig = "false";
            try {
                KeyAndCert keyAndCertificate = getKeyAndCertificate();
                byte[] byteArray = signatureForNormalFormDocumentProxy(normalFormDocumentProxy, keyAndCertificate).toByteArray();
                System.out.println("debug 3 --> " + new String(byteArray));
                $colon.colon colonVar = new $colon.colon(new QName("document"), List$.MODULE$.empty());
                signatureCheck.sig1 = (String) XmlSignature.extractSignature(XmlSignature.getEventListenerUsingStAX(new ByteArrayInputStream(byteArray), colonVar, keyAndCertificate.cert), colonVar)._1();
                System.out.println("debug 4");
                TestSecurityEventListener eventListenerUsingStAX = XmlSignature.getEventListenerUsingStAX(new FileInputStream(signedDocumentResource.getSignedfilepath()), colonVar, keyAndCertificate.cert);
                System.out.println("debug 5");
                signatureCheck.sig2 = (String) XmlSignature.extractSignature(eventListenerUsingStAX, colonVar)._1();
                signatureCheck.samesig = Boolean.toString(signatureCheck.sig1.equals(signatureCheck.sig2));
                System.out.println("debug 6 --> " + signatureCheck);
                ServiceUtils serviceUtils = this.utils;
                Response build = ServiceUtils.composeResponseOK(signatureCheck).type("application/json").build();
                index.close();
                return build;
            } catch (IOException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException | CertificateException e) {
                e.printStackTrace();
                signatureCheck.status = "problem with signature";
                ServiceUtils serviceUtils2 = this.utils;
                Response build2 = ServiceUtils.composeResponseOK(signatureCheck).type("application/json").build();
                index.close();
                return build2;
            }
        } catch (Throwable th) {
            index.close();
            throw th;
        }
    }
}
