package es.gob.afirma.triphase.server;

import es.gob.afirma.core.AOException;
import es.gob.afirma.core.misc.AOUtil;
import es.gob.afirma.core.misc.Base64;
import es.gob.afirma.core.signers.AOSignConstants;
import es.gob.afirma.core.signers.AOTriphaseException;
import es.gob.afirma.core.signers.CounterSignTarget;
import es.gob.afirma.core.signers.ExtraParamsProcessor;
import es.gob.afirma.core.signers.TriphaseData;
import es.gob.afirma.signers.xml.XmlDSigProviderHelper;
import es.gob.afirma.triphase.server.document.DocumentManager;
import es.gob.afirma.triphase.signer.processors.AutoTriPhasePreProcessor;
import es.gob.afirma.triphase.signer.processors.CAdESASiCSTriPhasePreProcessor;
import es.gob.afirma.triphase.signer.processors.CAdESTriPhasePreProcessor;
import es.gob.afirma.triphase.signer.processors.FacturaETriPhasePreProcessor;
import es.gob.afirma.triphase.signer.processors.PAdESTriPhasePreProcessor;
import es.gob.afirma.triphase.signer.processors.Pkcs1TriPhasePreProcessor;
import es.gob.afirma.triphase.signer.processors.TriPhasePreProcessor;
import es.gob.afirma.triphase.signer.processors.XAdESASiCSTriPhasePreProcessor;
import es.gob.afirma.triphase.signer.processors.XAdESTriPhasePreProcessor;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.PrintWriter;
import java.net.URLDecoder;
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Locale;
import java.util.Properties;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.crypto.Cipher;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/* loaded from: input_file:WEB-INF/classes/es/gob/afirma/triphase/server/SignatureService.class */
public final class SignatureService extends HttpServlet {
    private static final long serialVersionUID = 1;
    private static DocumentManager DOC_MANAGER;
    private static final String URL_DEFAULT_CHARSET = "utf-8";
    private static final String PARAM_NAME_OPERATION = "op";
    private static final String PARAM_VALUE_OPERATION_PRESIGN = "pre";
    private static final String PARAM_VALUE_OPERATION_POSTSIGN = "post";
    private static final String PARAM_NAME_SUB_OPERATION = "cop";
    private static final String PARAM_VALUE_SUB_OPERATION_SIGN = "sign";
    private static final String PARAM_VALUE_SUB_OPERATION_COSIGN = "cosign";
    private static final String PARAM_VALUE_SUB_OPERATION_COUNTERSIGN = "countersign";
    private static final String PARAM_NAME_DOCID = "doc";
    private static final String PARAM_NAME_ALGORITHM = "algo";
    private static final String PARAM_NAME_FORMAT = "format";
    private static final String PARAM_NAME_EXTRA_PARAM = "params";
    private static final String PARAM_NAME_SESSION_DATA = "session";
    private static final String PARAM_NAME_CERT = "cert";
    private static final String PARAM_NAME_CERT_SEPARATOR = ",";
    private static final String PARAM_NAME_TARGET_TYPE = "target";
    private static final String SUCCESS = "OK NEWID=";
    private static final String EXTRA_PARAM_HEADLESS = "headless";
    private static final String EXTRA_PARAM_VALIDATE_PKCS1 = "validatePkcs1";
    private static final String HMAC_ALGORITHM = "HmacSHA256";
    private static final String TRIPHASE_PROP_PRESIGN = "PRE";
    private static final String TRIPHASE_PROP_PKCS1 = "PK1";
    private static final String TRIPHASE_PROP_HMAC = "HMAC";
    private static Logger LOGGER = Logger.getLogger("es.gob.afirma");
    private static final Charset CHARSET = StandardCharsets.UTF_8;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/classes/es/gob/afirma/triphase/server/SignatureService$InvalidVerificationCodeException.class */
    public static class InvalidVerificationCodeException extends GeneralSecurityException {
        private static final long serialVersionUID = -4647005073272724194L;

        public InvalidVerificationCodeException(String str) {
            super(str);
        }

        public InvalidVerificationCodeException(String str, Throwable th) {
            super(str, th);
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v22, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r0v9, types: [java.io.PrintWriter, int] */
    protected void service(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        TriPhasePreProcessor pAdESTriPhasePreProcessor;
        byte[] preProcessPostCounterSign;
        TriphaseData preProcessPreCounterSign;
        LOGGER.info("== INICIO FIRMA TRIFASICA ==");
        HashMap hashMap = new HashMap();
        try {
            String[] split = new String(AOUtil.getDataFromInputStream(httpServletRequest.getInputStream()), URL_DEFAULT_CHARSET).split("&");
            ?? length = split.length;
            int i = 0;
            while (i < length) {
                String str = split[i];
                if (str.indexOf(61) != -1) {
                    try {
                        hashMap.put(str.substring(0, str.indexOf(61)), URLDecoder.decode(str.substring(str.indexOf(61) + 1), URL_DEFAULT_CHARSET));
                    } catch (Exception e) {
                        LOGGER.warning("Error al decodificar un parametro de la peticion: " + e);
                    }
                }
                i++;
            }
            httpServletResponse.setHeader("Access-Control-Allow-Origin", ConfigManager.getAccessControlAllowOrigin());
            httpServletResponse.setContentType("text/plain");
            httpServletResponse.setCharacterEncoding(URL_DEFAULT_CHARSET);
            try {
                try {
                    try {
                        PrintWriter writer = httpServletResponse.getWriter();
                        Throwable th = null;
                        String str2 = (String) hashMap.get("op");
                        if (str2 == null) {
                            LOGGER.severe("No se ha indicado la operacion trifasica a realizar");
                            writer.print(ErrorManager.getErrorMessage(1));
                            writer.flush();
                            if (writer != null) {
                                if (0 == 0) {
                                    writer.close();
                                    return;
                                }
                                try {
                                    writer.close();
                                    return;
                                } catch (Throwable th2) {
                                    th.addSuppressed(th2);
                                    return;
                                }
                            }
                            return;
                        }
                        String str3 = (String) hashMap.get(PARAM_NAME_SUB_OPERATION);
                        if (str3 == null || !(PARAM_VALUE_SUB_OPERATION_SIGN.equalsIgnoreCase(str3) || PARAM_VALUE_SUB_OPERATION_COSIGN.equalsIgnoreCase(str3) || PARAM_VALUE_SUB_OPERATION_COUNTERSIGN.equalsIgnoreCase(str3))) {
                            writer.print(ErrorManager.getErrorMessage(13));
                            writer.flush();
                            if (writer != null) {
                                if (0 == 0) {
                                    writer.close();
                                    return;
                                }
                                try {
                                    writer.close();
                                    return;
                                } catch (Throwable th3) {
                                    th.addSuppressed(th3);
                                    return;
                                }
                            }
                            return;
                        }
                        String str4 = (String) hashMap.get("format");
                        LOGGER.info("Formato de firma seleccionado: " + str4);
                        if (str4 == null) {
                            LOGGER.warning("No se ha indicado formato de firma");
                            writer.print(ErrorManager.getErrorMessage(4));
                            writer.flush();
                            if (writer != null) {
                                if (0 == 0) {
                                    writer.close();
                                    return;
                                }
                                try {
                                    writer.close();
                                    return;
                                } catch (Throwable th4) {
                                    th.addSuppressed(th4);
                                    return;
                                }
                            }
                            return;
                        }
                        Properties properties = new Properties();
                        try {
                            if (hashMap.containsKey(PARAM_NAME_EXTRA_PARAM)) {
                                properties = AOUtil.base642Properties((String) hashMap.get(PARAM_NAME_EXTRA_PARAM));
                            }
                            properties.remove("validatePkcs1");
                            properties.setProperty(EXTRA_PARAM_HEADLESS, Boolean.TRUE.toString());
                            try {
                                properties = ExtraParamsProcessor.expandProperties(properties, null, str4);
                            } catch (Exception e2) {
                                LOGGER.severe("Se han indicado una politica de firma y un formato incompatibles: " + e2);
                            }
                            try {
                                byte[] decode = hashMap.containsKey(PARAM_NAME_SESSION_DATA) ? Base64.decode(((String) hashMap.get(PARAM_NAME_SESSION_DATA)).trim(), true) : null;
                                if (decode != null) {
                                    LOGGER.info("Recibidos los siguientes datos de sesion para '" + str2 + "':\n" + new String(decode));
                                }
                                String str5 = (String) hashMap.get(PARAM_NAME_CERT);
                                if (str5 == null) {
                                    LOGGER.warning("No se ha indicado certificado de firma");
                                    writer.print(ErrorManager.getErrorMessage(5));
                                    writer.flush();
                                    if (writer != null) {
                                        if (0 == 0) {
                                            writer.close();
                                            return;
                                        }
                                        try {
                                            writer.close();
                                            return;
                                        } catch (Throwable th5) {
                                            th.addSuppressed(th5);
                                            return;
                                        }
                                    }
                                    return;
                                }
                                String[] split2 = str5.split(PARAM_NAME_CERT_SEPARATOR);
                                X509Certificate[] x509CertificateArr = new X509Certificate[split2.length];
                                for (int i2 = 0; i2 < split2.length; i2++) {
                                    try {
                                        x509CertificateArr[i2] = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(Base64.decode(split2[i2], true)));
                                    } catch (Exception e3) {
                                        LOGGER.log(Level.SEVERE, "Error al decodificar el certificado: " + split2[i2], (Throwable) e3);
                                        writer.print(ErrorManager.getErrorMessage(7));
                                        writer.flush();
                                        if (writer != null) {
                                            if (0 == 0) {
                                                writer.close();
                                                return;
                                            }
                                            try {
                                                writer.close();
                                                return;
                                            } catch (Throwable th6) {
                                                th.addSuppressed(th6);
                                                return;
                                            }
                                        }
                                        return;
                                    }
                                }
                                byte[] bArr = null;
                                String str6 = (String) hashMap.get(PARAM_NAME_DOCID);
                                if (str6 != null) {
                                    try {
                                        LOGGER.info("Recuperamos el documento mediante el DocumentManager");
                                        bArr = DOC_MANAGER.getDocument(str6, x509CertificateArr, properties);
                                        LOGGER.info("Recuperado documento de " + bArr.length + " octetos");
                                    } catch (Throwable th7) {
                                        LOGGER.warning("Error al recuperar el documento: " + th7);
                                        writer.print(ErrorManager.getErrorMessage(14) + ": " + new AOTriphaseException(th7.toString(), th7));
                                        writer.flush();
                                        if (writer != null) {
                                            if (0 == 0) {
                                                writer.close();
                                                return;
                                            }
                                            try {
                                                writer.close();
                                                return;
                                            } catch (Throwable th8) {
                                                th.addSuppressed(th8);
                                                return;
                                            }
                                        }
                                        return;
                                    }
                                }
                                String str7 = (String) hashMap.get(PARAM_NAME_ALGORITHM);
                                if (str7 == null) {
                                    LOGGER.warning("No se ha indicado algoritmo de firma. Se utilizara SHA512withRSA");
                                    str7 = "SHA512withRSA";
                                } else if (str7.toUpperCase(Locale.US).startsWith("MD")) {
                                    throw new IllegalArgumentException("Las firmas electronicas no permiten huellas digitales MD2 o MD5 (Decision 130/2011 CE)");
                                }
                                if (AOSignConstants.SIGN_FORMAT_PADES.equalsIgnoreCase(str4) || AOSignConstants.SIGN_FORMAT_PADES_TRI.equalsIgnoreCase(str4)) {
                                    pAdESTriPhasePreProcessor = new PAdESTriPhasePreProcessor();
                                } else if ("CAdES".equalsIgnoreCase(str4) || AOSignConstants.SIGN_FORMAT_CADES_TRI.equalsIgnoreCase(str4)) {
                                    pAdESTriPhasePreProcessor = new CAdESTriPhasePreProcessor();
                                } else if (AOSignConstants.SIGN_FORMAT_XADES.equalsIgnoreCase(str4) || AOSignConstants.SIGN_FORMAT_XADES_TRI.equalsIgnoreCase(str4)) {
                                    pAdESTriPhasePreProcessor = new XAdESTriPhasePreProcessor();
                                } else if (AOSignConstants.SIGN_FORMAT_CADES_ASIC_S.equalsIgnoreCase(str4) || AOSignConstants.SIGN_FORMAT_CADES_ASIC_S_TRI.equalsIgnoreCase(str4)) {
                                    pAdESTriPhasePreProcessor = new CAdESASiCSTriPhasePreProcessor();
                                } else if (AOSignConstants.SIGN_FORMAT_XADES_ASIC_S.equalsIgnoreCase(str4) || AOSignConstants.SIGN_FORMAT_XADES_ASIC_S_TRI.equalsIgnoreCase(str4)) {
                                    pAdESTriPhasePreProcessor = new XAdESASiCSTriPhasePreProcessor();
                                } else if (AOSignConstants.SIGN_FORMAT_FACTURAE.equalsIgnoreCase(str4) || AOSignConstants.SIGN_FORMAT_FACTURAE_TRI.equalsIgnoreCase(str4) || AOSignConstants.SIGN_FORMAT_FACTURAE_ALT1.equalsIgnoreCase(str4)) {
                                    pAdESTriPhasePreProcessor = new FacturaETriPhasePreProcessor();
                                } else if (AOSignConstants.SIGN_FORMAT_PKCS1.equalsIgnoreCase(str4) || AOSignConstants.SIGN_FORMAT_PKCS1_TRI.equalsIgnoreCase(str4)) {
                                    pAdESTriPhasePreProcessor = new Pkcs1TriPhasePreProcessor();
                                } else {
                                    if (!AOSignConstants.SIGN_FORMAT_AUTO.equalsIgnoreCase(str4)) {
                                        LOGGER.severe("Formato de firma no soportado: " + str4);
                                        writer.print(ErrorManager.getErrorMessage(8));
                                        writer.flush();
                                        if (writer != null) {
                                            if (0 == 0) {
                                                writer.close();
                                                return;
                                            }
                                            try {
                                                writer.close();
                                                return;
                                            } catch (Throwable th9) {
                                                th.addSuppressed(th9);
                                                return;
                                            }
                                        }
                                        return;
                                    }
                                    pAdESTriPhasePreProcessor = new AutoTriPhasePreProcessor();
                                }
                                if ("pre".equalsIgnoreCase(str2)) {
                                    LOGGER.info(" == PREFIRMA en servidor");
                                    boolean parseBoolean = Boolean.parseBoolean(properties.getProperty("checkSignatures"));
                                    try {
                                        if (PARAM_VALUE_SUB_OPERATION_SIGN.equalsIgnoreCase(str3)) {
                                            preProcessPreCounterSign = pAdESTriPhasePreProcessor.preProcessPreSign(bArr, str7, x509CertificateArr, properties, parseBoolean);
                                        } else if (PARAM_VALUE_SUB_OPERATION_COSIGN.equalsIgnoreCase(str3)) {
                                            preProcessPreCounterSign = pAdESTriPhasePreProcessor.preProcessPreCoSign(bArr, str7, x509CertificateArr, properties, parseBoolean);
                                        } else {
                                            if (!PARAM_VALUE_SUB_OPERATION_COUNTERSIGN.equalsIgnoreCase(str3)) {
                                                throw new AOException("No se reconoce el codigo de sub-operacion: " + str3);
                                            }
                                            CounterSignTarget counterSignTarget = CounterSignTarget.LEAFS;
                                            if (properties.containsKey(PARAM_NAME_TARGET_TYPE)) {
                                                if (CounterSignTarget.TREE.toString().equalsIgnoreCase(properties.getProperty(PARAM_NAME_TARGET_TYPE).trim())) {
                                                    counterSignTarget = CounterSignTarget.TREE;
                                                }
                                            }
                                            preProcessPreCounterSign = pAdESTriPhasePreProcessor.preProcessPreCounterSign(bArr, str7, x509CertificateArr, properties, counterSignTarget, parseBoolean);
                                        }
                                        LOGGER.info("Se ha calculado el resultado de la prefirma y se devuelve");
                                        if (ConfigManager.getHMacKey() != null) {
                                            try {
                                                addVerificationCodes(preProcessPreCounterSign, x509CertificateArr[0]);
                                            } catch (Exception e4) {
                                                LOGGER.log(Level.SEVERE, "Error al generar los codigos de verificacion de las firmas: " + e4, (Throwable) e4);
                                                writer.print(ErrorManager.getErrorMessage(16) + ": " + e4);
                                                writer.flush();
                                                if (writer != null) {
                                                    if (0 == 0) {
                                                        writer.close();
                                                        return;
                                                    }
                                                    try {
                                                        writer.close();
                                                        return;
                                                    } catch (Throwable th10) {
                                                        th.addSuppressed(th10);
                                                        return;
                                                    }
                                                }
                                                return;
                                            }
                                        }
                                        writer.print(Base64.encode(preProcessPreCounterSign.toString().getBytes(), true));
                                        writer.flush();
                                        LOGGER.info("== FIN PREFIRMA");
                                    } catch (Exception e5) {
                                        LOGGER.log(Level.SEVERE, "Error en la prefirma: " + e5, (Throwable) e5);
                                        writer.print(ErrorManager.getErrorMessage(9) + ": " + e5);
                                        writer.flush();
                                        if (writer != null) {
                                            if (0 == 0) {
                                                writer.close();
                                                return;
                                            }
                                            try {
                                                writer.close();
                                                return;
                                            } catch (Throwable th11) {
                                                th.addSuppressed(th11);
                                                return;
                                            }
                                        }
                                        return;
                                    }
                                } else if (PARAM_VALUE_OPERATION_POSTSIGN.equalsIgnoreCase(str2)) {
                                    LOGGER.info(" == POSTFIRMA en servidor");
                                    try {
                                        TriphaseData parser = TriphaseData.parser(decode);
                                        if (ConfigManager.getHMacKey() != null) {
                                            try {
                                                checkSignaturesIntegrity(parser, x509CertificateArr[0], str7);
                                            } catch (InvalidVerificationCodeException e6) {
                                                LOGGER.log(Level.SEVERE, "Las prefirmas y/o el certificado obtenido no se corresponden con los generados en la prefirma", (Throwable) e6);
                                                writer.print(ErrorManager.getErrorMessage(17) + ": " + e6);
                                                writer.flush();
                                                if (writer != null) {
                                                    if (0 == 0) {
                                                        writer.close();
                                                        return;
                                                    }
                                                    try {
                                                        writer.close();
                                                        return;
                                                    } catch (Throwable th12) {
                                                        th.addSuppressed(th12);
                                                        return;
                                                    }
                                                }
                                                return;
                                            } catch (Exception e7) {
                                                LOGGER.log(Level.SEVERE, "Error al comprobar los codigos de verificacion de las firmas", (Throwable) e7);
                                                writer.print(ErrorManager.getErrorMessage(17) + ": " + e7);
                                                writer.flush();
                                                if (writer != null) {
                                                    if (0 == 0) {
                                                        writer.close();
                                                        return;
                                                    }
                                                    try {
                                                        writer.close();
                                                        return;
                                                    } catch (Throwable th13) {
                                                        th.addSuppressed(th13);
                                                        return;
                                                    }
                                                }
                                                return;
                                            }
                                        }
                                        try {
                                            if (PARAM_VALUE_SUB_OPERATION_SIGN.equals(str3)) {
                                                preProcessPostCounterSign = pAdESTriPhasePreProcessor.preProcessPostSign(bArr, str7, x509CertificateArr, properties, parser);
                                            } else if (PARAM_VALUE_SUB_OPERATION_COSIGN.equals(str3)) {
                                                preProcessPostCounterSign = pAdESTriPhasePreProcessor.preProcessPostCoSign(bArr, str7, x509CertificateArr, properties, parser);
                                            } else {
                                                if (!PARAM_VALUE_SUB_OPERATION_COUNTERSIGN.equals(str3)) {
                                                    throw new AOException("No se reconoce el codigo de sub-operacion: " + str3);
                                                }
                                                CounterSignTarget counterSignTarget2 = CounterSignTarget.LEAFS;
                                                if (properties.containsKey(PARAM_NAME_TARGET_TYPE)) {
                                                    if (CounterSignTarget.TREE.toString().equalsIgnoreCase(properties.getProperty(PARAM_NAME_TARGET_TYPE).trim())) {
                                                        counterSignTarget2 = CounterSignTarget.TREE;
                                                    }
                                                }
                                                preProcessPostCounterSign = pAdESTriPhasePreProcessor.preProcessPostCounterSign(bArr, str7, x509CertificateArr, properties, parser, counterSignTarget2);
                                            }
                                            if (!properties.containsKey("format")) {
                                                properties.setProperty("format", str4);
                                            }
                                            LOGGER.info(" Se ha calculado el resultado de la postfirma y se devuelve. Numero de bytes: " + preProcessPostCounterSign.length);
                                            LOGGER.info("Almacenamos la firma mediante el DocumentManager");
                                            try {
                                                String storeDocument = DOC_MANAGER.storeDocument(str6, x509CertificateArr, preProcessPostCounterSign, properties);
                                                LOGGER.info("Documento almacenado");
                                                writer.println(new StringBuilder(storeDocument.length() + SUCCESS.length()).append(SUCCESS).append(storeDocument).toString());
                                                writer.flush();
                                                LOGGER.info("== FIN POSTFIRMA");
                                            } catch (Throwable th14) {
                                                LOGGER.severe("Error al almacenar el documento: " + th14);
                                                writer.print(ErrorManager.getErrorMessage(10) + ": " + th14);
                                                writer.flush();
                                                if (writer != null) {
                                                    if (0 == 0) {
                                                        writer.close();
                                                        return;
                                                    }
                                                    try {
                                                        writer.close();
                                                        return;
                                                    } catch (Throwable th15) {
                                                        th.addSuppressed(th15);
                                                        return;
                                                    }
                                                }
                                                return;
                                            }
                                        } catch (Exception e8) {
                                            LOGGER.log(Level.SEVERE, "Error en la postfirma: " + e8, (Throwable) e8);
                                            writer.print(ErrorManager.getErrorMessage(12) + ": " + e8);
                                            writer.flush();
                                            if (writer != null) {
                                                if (0 == 0) {
                                                    writer.close();
                                                    return;
                                                }
                                                try {
                                                    writer.close();
                                                    return;
                                                } catch (Throwable th16) {
                                                    th.addSuppressed(th16);
                                                    return;
                                                }
                                            }
                                            return;
                                        }
                                    } catch (Exception e9) {
                                        LOGGER.log(Level.SEVERE, "El formato de los parametros de operacion requeridos incorrecto", (Throwable) e9);
                                        writer.print(ErrorManager.getErrorMessage(19) + ": " + e9);
                                        writer.flush();
                                        if (writer != null) {
                                            if (0 == 0) {
                                                writer.close();
                                                return;
                                            }
                                            try {
                                                writer.close();
                                                return;
                                            } catch (Throwable th17) {
                                                th.addSuppressed(th17);
                                                return;
                                            }
                                        }
                                        return;
                                    }
                                } else {
                                    writer.println(ErrorManager.getErrorMessage(11));
                                }
                                if (writer != null) {
                                    if (0 != 0) {
                                        try {
                                            writer.close();
                                        } catch (Throwable th18) {
                                            th.addSuppressed(th18);
                                        }
                                    } else {
                                        writer.close();
                                    }
                                }
                                return;
                            } catch (Exception e10) {
                                LOGGER.severe("El formato de los datos de sesion suministrados es erroneo: " + e10);
                                writer.print(ErrorManager.getErrorMessage(6) + ": " + e10);
                                writer.flush();
                                if (writer != null) {
                                    if (0 == 0) {
                                        writer.close();
                                        return;
                                    }
                                    try {
                                        writer.close();
                                        return;
                                    } catch (Throwable th19) {
                                        th.addSuppressed(th19);
                                        return;
                                    }
                                }
                                return;
                            }
                        } catch (Exception e11) {
                            LOGGER.severe("El formato de los parametros adicionales suministrado es erroneo: " + e11);
                            writer.print(ErrorManager.getErrorMessage(6) + ": " + e11);
                            writer.flush();
                            if (writer != null) {
                                if (0 == 0) {
                                    writer.close();
                                    return;
                                }
                                try {
                                    writer.close();
                                    return;
                                } catch (Throwable th20) {
                                    th.addSuppressed(th20);
                                    return;
                                }
                            }
                            return;
                        }
                    } finally {
                    }
                } catch (Exception e12) {
                    LOGGER.severe("No se pudo contestar a la peticion: " + e12);
                    httpServletResponse.sendError(500, "No se pude contestar a la peticion: " + e12);
                    return;
                }
                httpServletResponse.sendError(500, "No se pude contestar a la peticion: " + e12);
                return;
            } catch (IOException e13) {
                LOGGER.severe("No se pudo enviar un error HTTP 500: " + e13);
                return;
            }
            LOGGER.severe("No se pudo contestar a la peticion: " + e12);
        } catch (Error | Exception e14) {
            LOGGER.severe("No se pudieron leer los parametros de la peticion: " + e14);
            try {
                httpServletResponse.sendError(400);
            } catch (IOException e15) {
                LOGGER.log(Level.SEVERE, "No se pudo enviar un error al cliente", e14);
            }
        }
    }

    private static void addVerificationCodes(TriphaseData triphaseData, X509Certificate x509Certificate) throws NoSuchAlgorithmException, InvalidKeyException, CertificateEncodingException, IllegalStateException {
        SecretKeySpec secretKeySpec = new SecretKeySpec(ConfigManager.getHMacKey().getBytes(CHARSET), HMAC_ALGORITHM);
        for (TriphaseData.TriSign triSign : triphaseData.getTriSigns()) {
            String property = triSign.getProperty(TRIPHASE_PROP_PRESIGN);
            Mac mac = Mac.getInstance(HMAC_ALGORITHM);
            mac.init(secretKeySpec);
            mac.update(property.getBytes(CHARSET));
            mac.update(ConfigManager.getHMacKey().getBytes(CHARSET));
            mac.update(x509Certificate.getEncoded());
            triSign.addProperty(TRIPHASE_PROP_HMAC, Base64.encode(mac.doFinal()));
        }
    }

    private static void checkSignaturesIntegrity(TriphaseData triphaseData, X509Certificate x509Certificate, String str) throws InvalidVerificationCodeException, IOException {
        SecretKeySpec secretKeySpec = new SecretKeySpec(ConfigManager.getHMacKey().getBytes(CHARSET), HMAC_ALGORITHM);
        for (TriphaseData.TriSign triSign : triphaseData.getTriSigns()) {
            String property = triSign.getProperty(TRIPHASE_PROP_HMAC);
            if (property == null) {
                throw new InvalidVerificationCodeException("Alguna de las firmas no contenida el codigo de verificacion");
            }
            String property2 = triSign.getProperty(TRIPHASE_PROP_PRESIGN);
            try {
                Mac mac = Mac.getInstance(HMAC_ALGORITHM);
                mac.init(secretKeySpec);
                mac.update(property2.getBytes(CHARSET));
                mac.update(ConfigManager.getHMacKey().getBytes(CHARSET));
                mac.update(x509Certificate.getEncoded());
                if (!Arrays.equals(mac.doFinal(), Base64.decode(property))) {
                    throw new InvalidVerificationCodeException("Se ha detectado un error de integridad en los datos de firma");
                }
                String property3 = triSign.getProperty(TRIPHASE_PROP_PKCS1);
                if (property3 == null) {
                    throw new InvalidVerificationCodeException("No se ha proporcionado el PKCS#1 de la firma");
                }
                verifyPkcs1(Base64.decode(property3), x509Certificate.getPublicKey(), str);
            } catch (Exception e) {
                throw new InvalidVerificationCodeException("No se pudo completar la verificacion de integridad de la firma", e);
            }
        }
    }

    private static void verifyPkcs1(byte[] bArr, PublicKey publicKey, String str) throws InvalidVerificationCodeException {
        try {
            Cipher cipher = Cipher.getInstance(str.substring(str.lastIndexOf("with") + "with".length()).toUpperCase());
            cipher.init(2, publicKey);
            cipher.doFinal(bArr);
        } catch (Exception e) {
            throw new InvalidVerificationCodeException("El PKCS#1 de la firma no se ha generado con el certificado indicado", e);
        }
    }

    static {
        String docManagerClassName = ConfigManager.getDocManagerClassName();
        try {
            Class<?> cls = Class.forName(docManagerClassName);
            try {
                DOC_MANAGER = (DocumentManager) cls.getConstructor(Properties.class).newInstance(ConfigManager.getConfig());
            } catch (Exception e) {
                try {
                    DOC_MANAGER = (DocumentManager) cls.getConstructor(new Class[0]).newInstance(new Object[0]);
                } catch (Exception e2) {
                    throw new RuntimeException("No se ha podido inicializar el DocumentManager. Debe tener un constructor vacio o que reciba un Properties: " + e2, e);
                }
            }
            LOGGER.info("Se usara el siguiente 'DocumentManager' para firma trifasica: " + DOC_MANAGER.getClass().getName());
            XmlDSigProviderHelper.configureXmlDSigProvider();
        } catch (ClassNotFoundException e3) {
            throw new RuntimeException("La clase DocumentManager indicada no existe (" + docManagerClassName + "): " + e3, e3);
        }
    }
}
