package be.fedict.eid.applet.service.impl.handler;

import be.fedict.eid.applet.service.impl.AuthenticationChallenge;
import be.fedict.eid.applet.service.impl.RequestContext;
import be.fedict.eid.applet.service.impl.ServiceLocator;
import be.fedict.eid.applet.service.spi.AuthenticationService;
import be.fedict.eid.applet.service.spi.AuthorizationException;
import be.fedict.eid.applet.service.spi.DigestInfo;
import be.fedict.eid.applet.service.spi.IdentityIntegrityService;
import be.fedict.eid.applet.service.spi.IdentityRequest;
import be.fedict.eid.applet.service.spi.IdentityService;
import be.fedict.eid.applet.service.spi.InsecureClientEnvironmentException;
import be.fedict.eid.applet.service.spi.PrivacyService;
import be.fedict.eid.applet.service.spi.SecureCardReaderService;
import be.fedict.eid.applet.service.spi.SecureClientEnvironmentService;
import be.fedict.eid.applet.service.spi.SignatureService;
import be.fedict.eid.applet.shared.AdministrationMessage;
import be.fedict.eid.applet.shared.AuthenticationRequestMessage;
import be.fedict.eid.applet.shared.ClientEnvironmentMessage;
import be.fedict.eid.applet.shared.ErrorCode;
import be.fedict.eid.applet.shared.FilesDigestRequestMessage;
import be.fedict.eid.applet.shared.FinishedMessage;
import be.fedict.eid.applet.shared.IdentificationRequestMessage;
import be.fedict.eid.applet.shared.InsecureClientMessage;
import be.fedict.eid.applet.shared.SignCertificatesRequestMessage;
import be.fedict.eid.applet.shared.SignRequestMessage;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.Map;
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

@HandlesMessage(ClientEnvironmentMessage.class)
/* loaded from: input_file:be/fedict/eid/applet/service/impl/handler/ClientEnvironmentMessageHandler.class */
public class ClientEnvironmentMessageHandler implements MessageHandler<ClientEnvironmentMessage> {
    private static final Log LOG = LogFactory.getLog(ClientEnvironmentMessageHandler.class);

    @InitParam(HelloMessageHandler.SECURE_CLIENT_ENV_SERVICE_INIT_PARAM_NAME)
    private ServiceLocator<SecureClientEnvironmentService> secureClientEnvServiceLocator;

    @InitParam(HelloMessageHandler.INCLUDE_PHOTO_INIT_PARAM_NAME)
    private boolean includePhoto;

    @InitParam(HelloMessageHandler.INCLUDE_ADDRESS_INIT_PARAM_NAME)
    private boolean includeAddress;

    @InitParam(HelloMessageHandler.INCLUDE_IDENTITY_INIT_PARAM_NAME)
    private boolean includeIdentity;

    @InitParam(HelloMessageHandler.IDENTITY_INTEGRITY_SERVICE_INIT_PARAM_NAME)
    private ServiceLocator<IdentityIntegrityService> identityIntegrityServiceLocator;

    @InitParam(AuthenticationDataMessageHandler.AUTHN_SERVICE_INIT_PARAM_NAME)
    private ServiceLocator<AuthenticationService> authenticationServiceLocator;

    @InitParam(HelloMessageHandler.PRIVACY_SERVICE_INIT_PARAM_NAME)
    private ServiceLocator<PrivacyService> privacyServiceLocator;
    private SecureRandom secureRandom;

    @InitParam(HelloMessageHandler.REMOVE_CARD_INIT_PARAM_NAME)
    private boolean removeCard;

    @InitParam(HelloMessageHandler.CHANGE_PIN_INIT_PARAM_NAME)
    private boolean changePin;

    @InitParam(HelloMessageHandler.UNBLOCK_PIN_INIT_PARAM_NAME)
    private boolean unblockPin;
    private boolean includeHostname;
    private boolean includeInetAddress;

    @InitParam(HelloMessageHandler.LOGOFF_INIT_PARAM_NAME)
    private boolean logoff;

    @InitParam(HelloMessageHandler.PRE_LOGOFF_INIT_PARAM_NAME)
    private boolean preLogoff;

    @InitParam(HelloMessageHandler.INCLUDE_CERTS_INIT_PARAM_NAME)
    private boolean includeCertificates;

    @InitParam(HelloMessageHandler.SESSION_ID_CHANNEL_BINDING_INIT_PARAM_NAME)
    private boolean sessionIdChannelBinding;
    private boolean serverCertificateChannelBinding;

    @InitParam(HelloMessageHandler.REQUIRE_SECURE_READER_INIT_PARAM_NAME)
    private boolean requireSecureReader;

    @InitParam(HelloMessageHandler.SIGNATURE_SERVICE_INIT_PARAM_NAME)
    private ServiceLocator<SignatureService> signatureServiceLocator;

    @InitParam(HelloMessageHandler.IDENTITY_SERVICE_INIT_PARAM_NAME)
    private ServiceLocator<IdentityService> identityServiceLocator;

    @InitParam(HelloMessageHandler.SECURE_CARD_READER_SERVICE_INIT_PARAM_NAME)
    private ServiceLocator<SecureCardReaderService> secureCardReaderServiceLocator;

    /* renamed from: handleMessage, reason: avoid collision after fix types in other method */
    public Object handleMessage2(ClientEnvironmentMessage clientEnvironmentMessage, Map<String, String> map, HttpServletRequest httpServletRequest, HttpSession httpSession) throws ServletException {
        boolean z;
        boolean z2;
        boolean z3;
        boolean z4;
        boolean z5;
        boolean z6;
        boolean z7;
        boolean z8;
        boolean z9;
        boolean z10;
        boolean z11;
        boolean z12;
        SecureClientEnvironmentService locateService = this.secureClientEnvServiceLocator.locateService();
        if (null == locateService) {
            throw new ServletException("no secure client env service configured");
        }
        try {
            locateService.checkSecureClientEnvironment(clientEnvironmentMessage.javaVersion, clientEnvironmentMessage.javaVendor, clientEnvironmentMessage.osName, clientEnvironmentMessage.osArch, clientEnvironmentMessage.osVersion, map.get("user-agent"), clientEnvironmentMessage.navigatorAppName, clientEnvironmentMessage.navigatorAppVersion, clientEnvironmentMessage.navigatorUserAgent, httpServletRequest.getRemoteAddr(), (Integer) httpServletRequest.getAttribute("javax.servlet.request.key_size"), (String) httpServletRequest.getAttribute("javax.servlet.request.cipher_suite"), clientEnvironmentMessage.readerList);
            if (this.changePin || this.unblockPin) {
                return new AdministrationMessage(this.changePin, this.unblockPin, this.logoff, this.removeCard, this.requireSecureReader);
            }
            SignatureService locateService2 = this.signatureServiceLocator.locateService();
            if (null != locateService2) {
                String filesDigestAlgorithm = locateService2.getFilesDigestAlgorithm();
                if (null != filesDigestAlgorithm) {
                    LOG.debug("files digest algo: " + filesDigestAlgorithm);
                    FilesDigestRequestMessage filesDigestRequestMessage = new FilesDigestRequestMessage();
                    filesDigestRequestMessage.digestAlgo = filesDigestAlgorithm;
                    return filesDigestRequestMessage;
                }
                if (true != this.includeCertificates) {
                    try {
                        DigestInfo preSign = locateService2.preSign(null, null, null, null, null);
                        SignatureDataMessageHandler.setDigestValue(preSign.digestValue, preSign.digestAlgo, httpSession);
                        IdentityService locateService3 = this.identityServiceLocator.locateService();
                        return new SignRequestMessage(preSign.digestValue, preSign.digestAlgo, preSign.description, this.logoff, null != locateService3 ? locateService3.getIdentityRequest().removeCard() : this.removeCard, this.requireSecureReader);
                    } catch (AuthorizationException e) {
                        return new FinishedMessage(ErrorCode.AUTHORIZATION);
                    } catch (NoSuchAlgorithmException e2) {
                        throw new ServletException("no such algo: " + e2.getMessage(), e2);
                    }
                }
                LOG.debug("include signing certificate chain during pre-sign");
                boolean z13 = null != this.identityIntegrityServiceLocator.locateService();
                IdentityService locateService4 = this.identityServiceLocator.locateService();
                if (null != locateService4) {
                    IdentityRequest identityRequest = locateService4.getIdentityRequest();
                    z10 = identityRequest.includeIdentity();
                    z11 = identityRequest.includeAddress();
                    z12 = identityRequest.includePhoto();
                } else {
                    z10 = this.includeIdentity;
                    z11 = this.includeAddress;
                    z12 = this.includePhoto;
                }
                RequestContext requestContext = new RequestContext(httpSession);
                requestContext.setIncludeIdentity(z10);
                requestContext.setIncludeAddress(z11);
                requestContext.setIncludePhoto(z12);
                return new SignCertificatesRequestMessage(z10, z11, z12, z13);
            }
            if (null == this.authenticationServiceLocator.locateService()) {
                boolean z14 = null != this.identityIntegrityServiceLocator.locateService();
                PrivacyService locateService5 = this.privacyServiceLocator.locateService();
                String identityDataUsage = null != locateService5 ? locateService5.getIdentityDataUsage(HelloMessageHandler.getClientLanguage(httpSession)) : null;
                IdentityService locateService6 = this.identityServiceLocator.locateService();
                if (null != locateService6) {
                    IdentityRequest identityRequest2 = locateService6.getIdentityRequest();
                    z = identityRequest2.includeAddress();
                    z2 = identityRequest2.includePhoto();
                    z3 = identityRequest2.includeCertificates();
                    z4 = identityRequest2.removeCard();
                } else {
                    z = this.includeAddress;
                    z2 = this.includePhoto;
                    z3 = this.includeCertificates;
                    z4 = this.removeCard;
                }
                RequestContext requestContext2 = new RequestContext(httpSession);
                requestContext2.setIncludeAddress(z);
                requestContext2.setIncludePhoto(z2);
                requestContext2.setIncludeCertificates(z3);
                return new IdentificationRequestMessage(z, z2, z14, z3, z4, identityDataUsage);
            }
            byte[] generateChallenge = AuthenticationChallenge.generateChallenge(httpSession);
            boolean z15 = null != this.identityIntegrityServiceLocator.locateService();
            IdentityService locateService7 = this.identityServiceLocator.locateService();
            if (null != locateService7) {
                IdentityRequest identityRequest3 = locateService7.getIdentityRequest();
                z5 = identityRequest3.includeIdentity();
                z6 = identityRequest3.includeAddress();
                z7 = identityRequest3.includePhoto();
                z8 = identityRequest3.includeCertificates();
                z9 = identityRequest3.removeCard();
            } else {
                z5 = this.includeIdentity;
                z6 = this.includeAddress;
                z7 = this.includePhoto;
                z8 = this.includeCertificates;
                z9 = this.removeCard;
            }
            RequestContext requestContext3 = new RequestContext(httpSession);
            requestContext3.setIncludeIdentity(z5);
            requestContext3.setIncludeAddress(z6);
            requestContext3.setIncludePhoto(z7);
            requestContext3.setIncludeCertificates(z8);
            String str = null;
            SecureCardReaderService locateService8 = this.secureCardReaderServiceLocator.locateService();
            if (null != locateService8) {
                str = locateService8.getTransactionMessage();
                if (null != str && str.length() > 64) {
                    str = str.substring(0, 64);
                }
                LOG.debug("transaction message: " + str);
            }
            requestContext3.setTransactionMessage(str);
            return new AuthenticationRequestMessage(generateChallenge, this.includeHostname, this.includeInetAddress, this.logoff, this.preLogoff, z9, this.sessionIdChannelBinding, this.serverCertificateChannelBinding, z5, z8, z6, z7, z15, this.requireSecureReader, str);
        } catch (InsecureClientEnvironmentException e3) {
            return new InsecureClientMessage(e3.isWarnOnly());
        }
    }

    @Override // be.fedict.eid.applet.service.impl.handler.MessageHandler
    public void init(ServletConfig servletConfig) throws ServletException {
        this.secureRandom = new SecureRandom();
        this.secureRandom.setSeed(System.currentTimeMillis());
        if (null != servletConfig.getInitParameter(HelloMessageHandler.HOSTNAME_INIT_PARAM_NAME)) {
            this.includeHostname = true;
        }
        if (null != servletConfig.getInitParameter(HelloMessageHandler.INET_ADDRESS_INIT_PARAM_NAME)) {
            this.includeInetAddress = true;
        }
        if (null != servletConfig.getInitParameter(HelloMessageHandler.CHANNEL_BINDING_SERVER_CERTIFICATE)) {
            this.serverCertificateChannelBinding = true;
        }
        if (null != servletConfig.getInitParameter(HelloMessageHandler.CHANNEL_BINDING_SERVICE)) {
            this.serverCertificateChannelBinding = true;
        }
    }

    @Override // be.fedict.eid.applet.service.impl.handler.MessageHandler
    public /* bridge */ /* synthetic */ Object handleMessage(ClientEnvironmentMessage clientEnvironmentMessage, Map map, HttpServletRequest httpServletRequest, HttpSession httpSession) throws ServletException {
        return handleMessage2(clientEnvironmentMessage, (Map<String, String>) map, httpServletRequest, httpSession);
    }
}
