package com.mulesoft.connector.as2.internal.receive;

import com.mulesoft.connector.as2.internal.enums.HashAlgorithm;
import com.mulesoft.connector.as2.internal.enums.RequiredSecurityLevel;
import com.mulesoft.connector.as2.internal.error.AS2ErrorType;
import com.mulesoft.connector.as2.internal.error.DispositionType;
import com.mulesoft.connector.as2.internal.error.exception.AS2ExtensionException;
import com.mulesoft.connector.as2.internal.mime.MimeHeaders;
import com.mulesoft.connector.as2.internal.mime.MimePart;
import com.mulesoft.connector.as2.internal.mime.MimePartFinder;
import com.mulesoft.connector.as2.internal.mime.SignedMimeMultipart;
import com.mulesoft.connector.as2.internal.mime.builder.AS2MessageIdGeneratorFactory;
import com.mulesoft.connector.as2.internal.mime.builder.BoundaryIdentifierGeneratorFactory;
import com.mulesoft.connector.as2.internal.mime.parse.EncryptedMimeParser;
import com.mulesoft.connector.as2.internal.mime.parse.MimeParserController;
import com.mulesoft.connector.as2.internal.mime.validate.MimeValidatorController;
import com.mulesoft.connector.as2.internal.mime.validate.SignedMimeMultipartValidator;
import com.mulesoft.connector.as2.internal.utils.AS2HeaderConstants;
import com.mulesoft.connector.as2.internal.utils.AS2PatternMatchers;
import java.io.IOException;
import java.io.InputStream;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.util.Base64;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import org.mule.runtime.api.util.MultiMap;
import org.mule.runtime.http.api.domain.CaseInsensitiveMultiMap;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/mulesoft/connector/as2/internal/receive/ReceiveHandler.class */
public abstract class ReceiveHandler {
    private static final Logger LOGGER = LoggerFactory.getLogger(ReceiveHandler.class);
    protected boolean useServerInfoForMdnResponse;
    protected boolean useSourceIdForMdnResponse;
    private BoundaryIdentifierGeneratorFactory boundaryIdentifierGeneratorFactory = new BoundaryIdentifierGeneratorFactory();
    private AS2MessageIdGeneratorFactory as2MessageIdGeneratorFactory = new AS2MessageIdGeneratorFactory();
    private boolean isEncrypted = false;
    private boolean isSigned = false;

    /* loaded from: input_file:com/mulesoft/connector/as2/internal/receive/ReceiveHandler$ReceiveHandlerFactory.class */
    public static class ReceiveHandlerFactory {
        public ReceiveHandler createReceiveHandler(CaseInsensitiveMultiMap caseInsensitiveMultiMap, boolean z, boolean z2) {
            return createReceiveHandler(caseInsensitiveMultiMap, z, z2, false);
        }

        public ReceiveHandler createReceiveHandler(CaseInsensitiveMultiMap caseInsensitiveMultiMap, boolean z, boolean z2, boolean z3) {
            ReceiveHandler withAS2MessageIdGeneratorFactory = (ReceiveHandler.isMdnRequired(caseInsensitiveMultiMap) || z3) ? ReceiveHandler.isAsyncMdnRequested(caseInsensitiveMultiMap) ? new ReceiveAsyncMDNHandler().withBoundaryIdentifierGeneratorFactory(new BoundaryIdentifierGeneratorFactory()).withAS2MessageIdGeneratorFactory(new AS2MessageIdGeneratorFactory()) : new ReceiveSyncMDNHandler().withBoundaryIdentifierGeneratorFactory(new BoundaryIdentifierGeneratorFactory()).withAS2MessageIdGeneratorFactory(new AS2MessageIdGeneratorFactory()) : new ReceiveNoMDNHandler().withBoundaryIdentifierGeneratorFactory(new BoundaryIdentifierGeneratorFactory()).withAS2MessageIdGeneratorFactory(new AS2MessageIdGeneratorFactory());
            withAS2MessageIdGeneratorFactory.useServerInfoForMdnResponse = z;
            withAS2MessageIdGeneratorFactory.useSourceIdForMdnResponse = z2;
            return withAS2MessageIdGeneratorFactory;
        }
    }

    void setEncrypted(boolean z) {
        this.isEncrypted = z;
    }

    void setSigned(boolean z) {
        this.isSigned = z;
    }

    public boolean isEncrypted() {
        return this.isEncrypted;
    }

    public boolean isSigned() {
        return this.isSigned;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public BoundaryIdentifierGeneratorFactory getBoundaryIdentifierGeneratorFactory() {
        return this.boundaryIdentifierGeneratorFactory;
    }

    public ReceiveHandler withBoundaryIdentifierGeneratorFactory(BoundaryIdentifierGeneratorFactory boundaryIdentifierGeneratorFactory) {
        this.boundaryIdentifierGeneratorFactory = boundaryIdentifierGeneratorFactory;
        return this;
    }

    public ReceiveHandler withAS2MessageIdGeneratorFactory(AS2MessageIdGeneratorFactory aS2MessageIdGeneratorFactory) {
        this.as2MessageIdGeneratorFactory = aS2MessageIdGeneratorFactory;
        return this;
    }

    protected abstract void notifyResultMDN(RequestKeyStore requestKeyStore, ReceiveHandlerCallback receiveHandlerCallback, ReceivedMessageInfo receivedMessageInfo, SignedMimeMessageAttributes signedMimeMessageAttributes, DispositionType dispositionType, boolean z, MimePart mimePart);

    public void receiveAS2Message(CaseInsensitiveMultiMap caseInsensitiveMultiMap, InputStream inputStream, AbstractReceiveAttributesBuilder abstractReceiveAttributesBuilder, RequestKeyStore requestKeyStore, ReceiveHandlerCallback receiveHandlerCallback, boolean z, RequiredSecurityLevel requiredSecurityLevel, boolean z2) {
        ReceivedMessageInfo receivedMessageInfo = new ReceivedMessageInfo();
        receivedMessageInfo.setContent(inputStream);
        receivedMessageInfo.setHttpHeaders(caseInsensitiveMultiMap);
        receiveAS2Message(receivedMessageInfo, abstractReceiveAttributesBuilder, requestKeyStore, receiveHandlerCallback, z, requiredSecurityLevel, z2);
    }

    public void validateCertificate(Certificate certificate) throws CertificateNotYetValidException, CertificateExpiredException {
        if (certificate != null) {
            ((X509Certificate) certificate).checkValidity();
        }
    }

    MimePart parseReceivedMessage(Map<String, String> map, InputStream inputStream, PrivateKey privateKey, Certificate certificate, boolean z) {
        LOGGER.trace("parsing Received Message");
        MimeParserController mimeParserController = new MimeParserController(z);
        EncryptedMimeParser encryptedMimeParser = new EncryptedMimeParser();
        if (encryptedMimeParser.canParseContentType(map.get(AS2HeaderConstants.CONTENT_TYPE))) {
            this.isEncrypted = true;
            try {
                validateCertificate(certificate);
                if (privateKey == null) {
                    LOGGER.error("Received message requiring decryption, but private key was null, please provide a valid private key.");
                    throw new AS2ExtensionException(DispositionType.PROCESSED_ERROR_DECRYPTION_FAILED, "Received message requiring decryption, but private key was null, please provide a valid private key.", AS2ErrorType.DECRYPTION);
                }
                encryptedMimeParser.withPrivateKey(privateKey);
                mimeParserController.withContentParser(encryptedMimeParser);
            } catch (CertificateExpiredException e) {
                throw new AS2ExtensionException(DispositionType.PROCESSED_ERROR_DECRYPTION_FAILED, "The Certificate is expired. The received message cannot be decrypted.", AS2ErrorType.DECRYPTION);
            } catch (CertificateNotYetValidException e2) {
                throw new AS2ExtensionException(DispositionType.PROCESSED_ERROR_DECRYPTION_FAILED, "The Certificate is not valid yet. The received message cannot be decrypted.", AS2ErrorType.DECRYPTION);
            }
        }
        try {
            return mimeParserController.parse(map, inputStream);
        } catch (IOException e3) {
            throw new AS2ExtensionException("Error parsing the received Content Stream", AS2ErrorType.MIME_PARSE, e3);
        }
    }

    String findFileNameFrom(MimeHeaders mimeHeaders) {
        String str = null;
        if (mimeHeaders.containsKey(AS2HeaderConstants.CONTENT_DISPOSITION)) {
            str = AS2PatternMatchers.findFileNameFrom(mimeHeaders.getContentDisposition());
        }
        LOGGER.debug(String.format("FileName value is: %s", str));
        return str;
    }

    protected abstract boolean shouldAddReceiptDeliveryOption();

    void validateReceivedMessageSignature(MimePart mimePart, PublicKey publicKey) {
        LOGGER.debug("Starting validate Received Message Signature.");
        new MimeValidatorController().withValidator(new SignedMimeMultipartValidator().withPublicKey(publicKey)).validate(mimePart);
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r19v1, types: [java.lang.Throwable, com.mulesoft.connector.as2.internal.error.exception.AS2ExtensionException] */
    private void receiveAS2Message(ReceivedMessageInfo receivedMessageInfo, AbstractReceiveAttributesBuilder abstractReceiveAttributesBuilder, RequestKeyStore requestKeyStore, ReceiveHandlerCallback receiveHandlerCallback, boolean z, RequiredSecurityLevel requiredSecurityLevel, boolean z2) {
        LOGGER.trace("Receiving AS2Message.");
        try {
            HashAlgorithm signingAlgorithm = getSigningAlgorithm(receivedMessageInfo);
            if (signingAlgorithm != HashAlgorithm.UNSIGNED) {
                try {
                    validateCertificate(requestKeyStore.getSelfCertificateForMDN());
                } catch (CertificateExpiredException e) {
                    receivedMessageInfo.setMdnSigningAlgorithm(HashAlgorithm.UNSIGNED);
                    throw new AS2ExtensionException(DispositionType.PROCESSED_ERROR_UNEXPECTED_PROCESSING_ERROR, "The Certificate is expired. The MDN cannot be signed.", AS2ErrorType.CONFIGURATION);
                } catch (CertificateNotYetValidException e2) {
                    receivedMessageInfo.setMdnSigningAlgorithm(HashAlgorithm.UNSIGNED);
                    throw new AS2ExtensionException(DispositionType.PROCESSED_ERROR_UNEXPECTED_PROCESSING_ERROR, "The Certificate is not valid yet. The MDN cannot be signed.", AS2ErrorType.CONFIGURATION);
                }
            }
            receivedMessageInfo.setMdnSigningAlgorithm(signingAlgorithm);
            if (z2) {
                throw new AS2ExtensionException(DispositionType.DUPLICATE_DOCUMENT, String.format("The message with the message ID '%s' is duplicated.", receivedMessageInfo.getHttpHeaders().get("message-id")), AS2ErrorType.DUPLICATED_MESSAGE);
            }
            LOGGER.debug(String.format("Calling loadReceiveAttributesBuilderWithReceivedHttpHeaders with mimeType value: %s ", abstractReceiveAttributesBuilder.mimeType));
            loadReceiveAttributesBuilderWithReceivedHttpHeaders(abstractReceiveAttributesBuilder, receivedMessageInfo.getHttpHeaders());
            MimePart parseReceivedMessage = parseReceivedMessage(receivedMessageInfo.getHttpHeaders(), receivedMessageInfo.getContent(), requestKeyStore.getSelfPrivateKey(), requestKeyStore.getSelfCertificate(), z);
            SignedMimeMessageAttributes signedMimeMessageAttributes = new SignedMimeMessageAttributes();
            if (z) {
                LOGGER.debug("Do Non repudiation is true");
                validateNRExecution(parseReceivedMessage, receivedMessageInfo);
                LOGGER.debug("Creating signedMimeMultipart object");
                SignedMimeMultipart signedMimeMultipart = (SignedMimeMultipart) parseReceivedMessage;
                signedMimeMessageAttributes.setSignedMimeContent(signedMimeMultipart.getSignedMimeContent());
                signedMimeMessageAttributes.setMicAlg(signedMimeMultipart.getContentDigest().getAlgorithm().algorithm());
                signedMimeMessageAttributes.setMic(Base64.getEncoder().encodeToString(signedMimeMultipart.getContentDigest().getHash()));
                signedMimeMessageAttributes.setContentType(signedMimeMultipart.getHeaders().getContentType());
            }
            if (isMultipartSignedMessage(parseReceivedMessage)) {
                LOGGER.debug("The message is Multipart Signed Message.");
                this.isSigned = true;
                PublicKey partnerPublicKey = requestKeyStore.getPartnerPublicKey();
                if (partnerPublicKey == null) {
                    LOGGER.error("Expected to be provided a Partners Public key to validate an incoming signed message!");
                    throw new AS2ExtensionException(DispositionType.PROCESSED_ERROR_AUTHENTICATION_FAILED, "Expected to be provided a Partners Public key to validate an incoming signed message!", AS2ErrorType.SIGNATURE_VERIFY);
                }
                try {
                    validateCertificate(requestKeyStore.getPartnerCertificate());
                    LOGGER.trace("Processing SignedMessage");
                    processedSignedMessage(receivedMessageInfo, abstractReceiveAttributesBuilder, partnerPublicKey, parseReceivedMessage);
                } catch (CertificateExpiredException e3) {
                    throw new AS2ExtensionException(DispositionType.PROCESSED_ERROR_AUTHENTICATION_FAILED, "The Certificate is expired. Signature cannot be validated.", AS2ErrorType.SIGNATURE_VERIFY);
                } catch (CertificateNotYetValidException e4) {
                    throw new AS2ExtensionException(DispositionType.PROCESSED_ERROR_AUTHENTICATION_FAILED, "The Certificate is not valid yet. Signature cannot be validated.", AS2ErrorType.SIGNATURE_VERIFY);
                }
            } else {
                LOGGER.trace("Processing UnSignedMessage");
                processUnsignedMessage(receivedMessageInfo, abstractReceiveAttributesBuilder, parseReceivedMessage);
            }
            if (requiredSecurityLevel != null) {
                LOGGER.debug("Security Level is required");
                validateSecurityLevelOfReceivedMessage(requiredSecurityLevel);
            }
            notifyResultMDN(requestKeyStore, receiveHandlerCallback, receivedMessageInfo, signedMimeMessageAttributes, DispositionType.PROCESSED, true, parseReceivedMessage);
        } catch (AS2ExtensionException e5) {
            LOGGER.error(e5.getMessage(), (Throwable) e5);
            doErrorMdnResponse(requestKeyStore, receiveHandlerCallback, receivedMessageInfo, e5.getDisposition(), null, e5);
        } catch (Throwable th) {
            LOGGER.error(th.getMessage(), th);
            doErrorMdnResponse(requestKeyStore, receiveHandlerCallback, receivedMessageInfo, null, null, th);
        }
    }

    void validateSecurityLevelOfReceivedMessage(RequiredSecurityLevel requiredSecurityLevel) throws AS2ExtensionException {
        switch (requiredSecurityLevel) {
            case SIGNED:
                if (!this.isSigned) {
                    throw new AS2ExtensionException(DispositionType.INSUFFICIENT_MESSAGE_SECURITY, "Expected a signed message, but it was not.", AS2ErrorType.SECURITY_LEVEL);
                }
                return;
            case ENCRYPTED:
                if (!this.isEncrypted) {
                    throw new AS2ExtensionException(DispositionType.INSUFFICIENT_MESSAGE_SECURITY, "Expected an Encrypted message, but it was not.", AS2ErrorType.SECURITY_LEVEL);
                }
                return;
            case SIGNED_ENCRYPTED:
                if (!this.isSigned || !this.isEncrypted) {
                    throw new AS2ExtensionException(DispositionType.INSUFFICIENT_MESSAGE_SECURITY, "Expected an Encrypted and signed message, but it was not.", AS2ErrorType.SECURITY_LEVEL);
                }
                return;
            default:
                return;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void closeContentStream(ReceivedMessageInfo receivedMessageInfo) {
        if (receivedMessageInfo.getContent() != null) {
            try {
                receivedMessageInfo.getContent().close();
            } catch (IOException e) {
                LOGGER.warn("Error closing message input stream", e);
            }
            receivedMessageInfo.setContent(null);
        }
    }

    private void processUnsignedMessage(ReceivedMessageInfo receivedMessageInfo, AbstractReceiveAttributesBuilder abstractReceiveAttributesBuilder, MimePart mimePart) {
        MimePart find = new MimePartFinder((v0) -> {
            return v0.hasDigest();
        }).find(mimePart);
        LOGGER.trace("Start to process unsigned message. The received mime Part is: {}", mimePart);
        if (find != null) {
            receivedMessageInfo.setAs2Digest(find.getAs2Digest());
        }
        receivedMessageInfo.setFileName(findFileNameFrom(mimePart.getHeaders()));
        String contentType = mimePart.getHeaders().getContentType();
        abstractReceiveAttributesBuilder.withFileName(receivedMessageInfo.getFileName()).withMimeType(contentType);
        LOGGER.debug("Content type of received mime part is {}", contentType);
        receivedMessageInfo.setContent(mimePart.getContent());
    }

    private void processedSignedMessage(ReceivedMessageInfo receivedMessageInfo, AbstractReceiveAttributesBuilder abstractReceiveAttributesBuilder, PublicKey publicKey, MimePart mimePart) {
        LOGGER.trace("Start to process signed message. The received mime Part is: {}", mimePart);
        validateReceivedMessageSignature(mimePart, publicKey);
        receivedMessageInfo.setAs2Digest(((SignedMimeMultipart) mimePart).getContentDigest());
        MimePart mimePart2 = mimePart.getMimeParts().get(0);
        receivedMessageInfo.setFileName(findFileNameFrom(mimePart2.getHeaders()));
        abstractReceiveAttributesBuilder.withFileName(receivedMessageInfo.getFileName()).withMimeType(mimePart2.getHeaders().getContentType());
        LOGGER.debug("Content type of received mime part is {}", mimePart2.getHeaders().getContentType());
        receivedMessageInfo.setContent(mimePart2.getContent());
    }

    private boolean isMultipartSignedMessage(MimePart mimePart) {
        return ((String) mimePart.getHeaders().get(AS2HeaderConstants.CONTENT_TYPE)).startsWith(AS2HeaderConstants.CONTENT_TYPE_MULTIPART_SIGNED);
    }

    protected void doErrorMdnResponse(RequestKeyStore requestKeyStore, ReceiveHandlerCallback receiveHandlerCallback, ReceivedMessageInfo receivedMessageInfo, DispositionType dispositionType, MimePart mimePart, Throwable th) {
        LOGGER.debug("Error handling request. Attempting to generate response error mdn.");
        closeContentStream(receivedMessageInfo);
        LOGGER.debug("MDN is required into doErrorMdnResponse");
        if (dispositionType == null) {
            LOGGER.debug(String.format("Setting errorDisposition with value %s", DispositionType.PROCESSED_ERROR_UNEXPECTED_PROCESSING_ERROR));
            dispositionType = DispositionType.PROCESSED_ERROR_UNEXPECTED_PROCESSING_ERROR;
        }
        notifyResultMDN(requestKeyStore, receiveHandlerCallback, receivedMessageInfo, new SignedMimeMessageAttributes(), dispositionType, false, mimePart);
    }

    private void loadReceiveAttributesBuilderWithReceivedHttpHeaders(AbstractReceiveAttributesBuilder abstractReceiveAttributesBuilder, Map<String, String> map) {
        MultiMap<String, String> multiMap = new MultiMap<>();
        LOGGER.trace("Making newHttpHeaders: ");
        for (Map.Entry<String, String> entry : map.entrySet()) {
            List singletonList = Collections.singletonList(entry.getValue());
            multiMap.put(entry.getKey(), singletonList);
            LOGGER.debug(String.format("NewHeaderKey %s : NewHeaderValue %s", entry.getKey(), singletonList));
        }
        abstractReceiveAttributesBuilder.withFromName(map.get(AS2HeaderConstants.AS2_FROM)).withToName(map.get(AS2HeaderConstants.AS2_TO)).withAs2MessageId(map.get(AS2HeaderConstants.MESSAGE_ID)).withHeaders(multiMap);
        LOGGER.trace("Finished  the build new HTTP headers..");
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static boolean isMdnRequired(final MultiMap<String, String> multiMap) {
        return new CaseInsensitiveMultiMap() { // from class: com.mulesoft.connector.as2.internal.receive.ReceiveHandler.1
            {
                putAll(multiMap);
            }
        }.get(AS2HeaderConstants.DISPOSITION_NOTIFICATION_TO) != null;
    }

    private HashAlgorithm getSigningAlgorithm(ReceivedMessageInfo receivedMessageInfo) {
        LOGGER.trace("Getting SigningAlgorithm.");
        String str = (String) receivedMessageInfo.getHttpHeaders().get(AS2HeaderConstants.DISPOSITION_NOTIFICATION_OPTIONS);
        LOGGER.trace("Finished getting SigningAlgorithm.");
        return AS2PatternMatchers.findMicAlgorithmFrom(str);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static boolean isAsyncMdnRequested(CaseInsensitiveMultiMap caseInsensitiveMultiMap) {
        return caseInsensitiveMultiMap.containsKey(AS2HeaderConstants.RECEIPT_DELIVERY_OPTION);
    }

    private void validateNRExecution(MimePart mimePart, ReceivedMessageInfo receivedMessageInfo) {
        if (!(mimePart instanceof SignedMimeMultipart)) {
            throw new AS2ExtensionException(DispositionType.INSUFFICIENT_MESSAGE_SECURITY, String.format("Attempting to do Non Repudiation, but parsed Message was not Multipart Signed! Message id was: %s \n will attempt to send error MDN.", receivedMessageInfo.getHttpHeaders().get(AS2HeaderConstants.CONTENT_TYPE)), AS2ErrorType.NON_REPUDIATION_FAILURE);
        }
        String str = (String) receivedMessageInfo.getHttpHeaders().get(AS2HeaderConstants.DISPOSITION_NOTIFICATION_OPTIONS);
        if (str == null || str.isEmpty()) {
            throw new AS2ExtensionException(DispositionType.INSUFFICIENT_MESSAGE_SECURITY, "Attempting to do Non Repudiation, but Disposition-Notification-Options is missing.\n will attempt to send error MDN.", AS2ErrorType.NON_REPUDIATION_FAILURE);
        }
    }
}
