package com.mulesoft.connector.as2.internal.operation;

import com.mulesoft.connector.as2.api.AS2MdnAttributes;
import com.mulesoft.connector.as2.internal.crypto.AS2PEMParser;
import com.mulesoft.connector.as2.internal.crypto.ValidCertificate;
import com.mulesoft.connector.as2.internal.enums.HashAlgorithm;
import com.mulesoft.connector.as2.internal.error.AS2ErrorType;
import com.mulesoft.connector.as2.internal.error.DispositionType;
import com.mulesoft.connector.as2.internal.error.exception.AS2ExtensionException;
import com.mulesoft.connector.as2.internal.error.provider.MDNHandlerErrorTypeProvider;
import com.mulesoft.connector.as2.internal.mime.MDNReport;
import com.mulesoft.connector.as2.internal.mime.MimePart;
import com.mulesoft.connector.as2.internal.mime.parse.MimeParserController;
import com.mulesoft.connector.as2.internal.mime.validate.MimeValidatorController;
import com.mulesoft.connector.as2.internal.mime.validate.SignedMimeMultipartValidator;
import com.mulesoft.connector.as2.internal.model.builder.AS2MdnAttributesBuilder;
import com.mulesoft.connector.as2.internal.param.MdnHandlerParameters;
import com.mulesoft.connector.as2.internal.stream.InputStreamResource;
import java.io.IOException;
import java.io.InputStream;
import java.security.cert.Certificate;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.util.Collections;
import org.mule.runtime.api.util.MultiMap;
import org.mule.runtime.core.api.util.CaseInsensitiveHashMap;
import org.mule.runtime.extension.api.annotation.error.Throws;
import org.mule.runtime.extension.api.annotation.param.Content;
import org.mule.runtime.extension.api.annotation.param.MediaType;
import org.mule.runtime.extension.api.annotation.param.ParameterGroup;
import org.mule.runtime.extension.api.annotation.param.display.DisplayName;
import org.mule.runtime.extension.api.runtime.operation.Result;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/mulesoft/connector/as2/internal/operation/AS2MDNHandlerOperation.class */
public class AS2MDNHandlerOperation {
    private static final Logger LOGGER = LoggerFactory.getLogger(AS2MDNHandlerOperation.class);

    @Throws({MDNHandlerErrorTypeProvider.class})
    @MediaType(value = "*/*", strict = false)
    public Result<InputStream, AS2MdnAttributes> receivedMDN(@ParameterGroup(name = "MDN Handler Parameters") MdnHandlerParameters mdnHandlerParameters, @DisplayName("Http Headers") MultiMap<String, String> multiMap, @Content(primary = true) InputStream inputStream) {
        InputStreamResource saveToResource = InputStreamResource.saveToResource(inputStream);
        CaseInsensitiveHashMap<String, String> caseInsensitiveMap = getCaseInsensitiveMap(multiMap);
        MimePart multipartPart = getMultipartPart(saveToResource, caseInsensitiveMap);
        verifySignedMessage(caseInsensitiveMap, mdnHandlerParameters.getPartnerPemContent(), multipartPart, mdnHandlerParameters.getValidateCertificate());
        MDNReport findMDNReport = MDNReport.findMDNReport(multipartPart);
        AS2MdnAttributesBuilder buildAs2MdnAttributes = buildAs2MdnAttributes(mdnHandlerParameters.getFromName(), mdnHandlerParameters.getToName(), caseInsensitiveMap);
        if (findMDNReport == null) {
            throw new AS2ExtensionException("The mdn block was not found", AS2ErrorType.MIME_PARSE);
        }
        HashAlgorithm digestAlgorithm = findMDNReport.getDigestAlgorithm();
        com.mulesoft.connector.as2.api.HashAlgorithm hashAlgorithm = null;
        if (digestAlgorithm != null) {
            hashAlgorithm = com.mulesoft.connector.as2.api.HashAlgorithm.findByAlgorithm(digestAlgorithm.algorithm());
        }
        buildAs2MdnAttributes.withOriginalAS2MessageId(findMDNReport.getOriginalMessageId()).withMdnProcessed(findMDNReport.isProcessed()).withDispositionContent(findMDNReport.getDispositionNotificationContent()).withMdnAlg(hashAlgorithm).withReportText(findMDNReport.getReportText());
        if (findMDNReport.getReceivedContentMic() != null) {
            buildAs2MdnAttributes.withMdnMic(findMDNReport.getReceivedContentMic());
        } else {
            LOGGER.debug("No Calculated Digest was found. MDN mic wont be returned.");
        }
        return Result.builder().attributes(buildAs2MdnAttributes.build()).output(saveToResource.asInputStream()).build();
    }

    private MimePart getMultipartPart(InputStreamResource inputStreamResource, CaseInsensitiveHashMap<String, String> caseInsensitiveHashMap) {
        try {
            return new MimeParserController(false, true).parse(caseInsensitiveHashMap, inputStreamResource.asInputStream());
        } catch (IOException e) {
            throw new AS2ExtensionException("Could not parse the received MDN report", AS2ErrorType.MIME_PARSE, e);
        }
    }

    private CaseInsensitiveHashMap<String, String> getCaseInsensitiveMap(MultiMap multiMap) {
        CaseInsensitiveHashMap<String, String> caseInsensitiveHashMap = new CaseInsensitiveHashMap<>();
        caseInsensitiveHashMap.putAll(multiMap);
        return caseInsensitiveHashMap;
    }

    private void verifySignedMessage(CaseInsensitiveHashMap<String, String> caseInsensitiveHashMap, String str, MimePart mimePart, boolean z) {
        if (isMultipartSigned(caseInsensitiveHashMap)) {
            LOGGER.debug("Retrieving key information from Partner Pem content.");
            AS2PEMParser build = new AS2PEMParser().withPemContent(str).build();
            if (z) {
                checkCertValidity(build.getCertificateWithExpirationValidation());
            }
            new MimeValidatorController().withValidator(new SignedMimeMultipartValidator().withPublicKey(build.getPublicKey())).validate(mimePart);
        }
    }

    private void checkCertValidity(Certificate certificate) {
        try {
            ((ValidCertificate) certificate).checkValidity();
        } catch (CertificateExpiredException e) {
            throw new AS2ExtensionException(DispositionType.PROCESSED_ERROR_AUTHENTICATION_FAILED, "The Certificate is expired. Signature Validation for the incoming MDN has failed!", AS2ErrorType.CONFIGURATION);
        } catch (CertificateNotYetValidException e2) {
            throw new AS2ExtensionException(DispositionType.PROCESSED_ERROR_AUTHENTICATION_FAILED, "The Certificate is not valid yet. Signature Validation for the incoming MDN has failed!", AS2ErrorType.CONFIGURATION);
        }
    }

    private boolean isMultipartSigned(CaseInsensitiveHashMap<String, String> caseInsensitiveHashMap) {
        if (caseInsensitiveHashMap.get("Content-Type") == null) {
            return false;
        }
        return ((String) caseInsensitiveHashMap.get("Content-Type")).trim().startsWith("multipart/signed");
    }

    private AS2MdnAttributesBuilder buildAs2MdnAttributes(String str, String str2, CaseInsensitiveHashMap<String, String> caseInsensitiveHashMap) {
        MultiMap<String, String> multiMap = new MultiMap<>();
        caseInsensitiveHashMap.forEach((str3, str4) -> {
            multiMap.put(str3, Collections.singletonList(str4));
        });
        return new AS2MdnAttributesBuilder().withHeaders(multiMap).withFromName(str).withToName(str2).withAs2MessageId((String) caseInsensitiveHashMap.get("Message-ID"));
    }
}
