package org.nuxeo.ecm.platform.signature.web.sign;

import java.io.IOException;
import java.io.Serializable;
import javax.faces.application.FacesMessage;
import javax.faces.context.FacesContext;
import javax.faces.validator.ValidatorException;
import javax.servlet.ServletOutputStream;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.jboss.seam.ScopeType;
import org.jboss.seam.annotations.In;
import org.jboss.seam.annotations.Name;
import org.jboss.seam.annotations.Scope;
import org.jboss.seam.faces.FacesMessages;
import org.jboss.seam.international.StatusMessage;
import org.nuxeo.ecm.core.api.CoreSession;
import org.nuxeo.ecm.core.api.DocumentModel;
import org.nuxeo.ecm.core.api.NuxeoPrincipal;
import org.nuxeo.ecm.directory.PasswordHelper;
import org.nuxeo.ecm.platform.signature.api.exception.CertException;
import org.nuxeo.ecm.platform.signature.api.pki.CertService;
import org.nuxeo.ecm.platform.signature.api.user.CUserService;
import org.nuxeo.ecm.platform.ui.web.api.NavigationContext;
import org.nuxeo.ecm.platform.ui.web.api.WebActions;
import org.nuxeo.ecm.platform.usermanager.UserManager;
import org.nuxeo.ecm.webapp.helpers.ResourcesAccessor;

@Name("certActions")
@Scope(ScopeType.CONVERSATION)
/* loaded from: input_file:org/nuxeo/ecm/platform/signature/web/sign/CertActions.class */
public class CertActions implements Serializable {
    private static final long serialVersionUID = 2;
    private static final Log LOG = LogFactory.getLog(CertActions.class);
    private static final int MINIMUM_PASSWORD_LENGTH = 8;
    private static final String USER_FIELD_FIRSTNAME = "user:firstName";
    private static final String USER_FIELD_LASTNAME = "user:lastName";
    private static final String USER_FIELD_EMAIL = "user:email";
    private static final String HOME_TAB = "MAIN_TABS:home";
    private static final String CERTIFICATE_TAB = "USER_CENTER:Certificate";

    @In(create = true)
    protected transient CertService certService;

    @In(create = true)
    protected transient CUserService cUserService;

    @In(create = true)
    protected transient NavigationContext navigationContext;

    @In(create = true, required = false)
    protected FacesMessages facesMessages;

    @In(create = true)
    protected ResourcesAccessor resourcesAccessor;

    @In(create = true, required = false)
    protected transient CoreSession documentManager;

    @In(create = true)
    protected transient NuxeoPrincipal currentUser;

    @In(create = true)
    protected transient UserManager userManager;

    @In(create = true, required = false)
    protected WebActions webActions;
    protected DocumentModel lastVisitedDocument;
    protected DocumentModel certificate;
    private static final String LOCAL_CA_CERTIFICATE_FILE_NAME = "LOCAL_CA_.crt";

    public DocumentModel getCertificate() {
        return this.cUserService.getCertificate((String) getCurrentUserModel().getPropertyValue("user:username"));
    }

    public boolean hasCertificate(DocumentModel documentModel) {
        return this.cUserService.hasCertificate((String) documentModel.getPropertyValue("user:username"));
    }

    public boolean hasCertificate(String str) {
        return this.cUserService.hasCertificate(str);
    }

    public boolean hasCertificate() {
        return hasCertificate(getCurrentUserModel());
    }

    public boolean canGenerateCertificate() {
        return true;
    }

    public void createCertificate(String str, String str2) {
        boolean z = false;
        try {
            validatePasswords(str, str2);
            validateRequiredUserFields();
            z = true;
        } catch (ValidatorException e) {
            this.facesMessages.add(StatusMessage.Severity.ERROR, e.getFacesMessage().getDetail(), new Object[0]);
        }
        if (z) {
            try {
                this.cUserService.createCertificate(getCurrentUserModel(), str);
                this.facesMessages.add(StatusMessage.Severity.INFO, (String) this.resourcesAccessor.getMessages().get("label.cert.created"), new Object[0]);
            } catch (CertException e2) {
                LOG.error(e2);
                this.facesMessages.add(StatusMessage.Severity.ERROR, ((String) this.resourcesAccessor.getMessages().get("label.cert.generate.problem")) + e2.getMessage(), new Object[0]);
            }
        }
    }

    public void deleteCertificate() {
        try {
            this.cUserService.deleteCertificate((String) getCurrentUserModel().getPropertyValue("user:username"));
            this.facesMessages.add(StatusMessage.Severity.INFO, (String) this.resourcesAccessor.getMessages().get("label.cert.deleted"), new Object[0]);
        } catch (CertException e) {
            LOG.error("Digital signature certificate deletion issue", e);
            this.facesMessages.add(StatusMessage.Severity.ERROR, ((String) this.resourcesAccessor.getMessages().get("label.cert.delete.problem")) + e.getMessage(), new Object[0]);
        }
    }

    public void validatePasswords(String str, String str2) {
        if (str == null || str2 == null) {
            FacesMessage facesMessage = new FacesMessage(FacesMessage.SEVERITY_ERROR, (String) this.resourcesAccessor.getMessages().get("label.review.added.reviewer"), (String) null);
            this.facesMessages.add(StatusMessage.Severity.ERROR, "ABC" + facesMessage.getDetail(), new Object[0]);
            throw new ValidatorException(facesMessage);
        }
        if (!str.equals(str2)) {
            throw new ValidatorException(new FacesMessage(FacesMessage.SEVERITY_ERROR, (String) this.resourcesAccessor.getMessages().get("label.cert.password.mismatch"), (String) null));
        }
        if (str.length() < MINIMUM_PASSWORD_LENGTH) {
            throw new ValidatorException(new FacesMessage(FacesMessage.SEVERITY_ERROR, (String) this.resourcesAccessor.getMessages().get("label.cert.password.too.short"), (String) null));
        }
        String str3 = (String) getCurrentUserModel().getPropertyValue("user:password");
        if (str3 != null && PasswordHelper.verifyPassword(str, str3)) {
            throw new ValidatorException(new FacesMessage(FacesMessage.SEVERITY_ERROR, (String) this.resourcesAccessor.getMessages().get("label.cert.password.is.login.password"), (String) null));
        }
    }

    public void validateRequiredUserFields() {
        DocumentModel userModel = this.userManager.getUserModel(this.currentUser.getName());
        String str = (String) userModel.getPropertyValue(USER_FIELD_FIRSTNAME);
        if (null == str || str.length() == 0) {
            throw new ValidatorException(new FacesMessage(FacesMessage.SEVERITY_ERROR, (String) this.resourcesAccessor.getMessages().get("label.cert.user.firstname.missing"), (String) null));
        }
        String str2 = (String) userModel.getPropertyValue(USER_FIELD_LASTNAME);
        if (null == str2 || str2.length() == 0) {
            throw new ValidatorException(new FacesMessage(FacesMessage.SEVERITY_ERROR, (String) this.resourcesAccessor.getMessages().get("label.cert.user.lastname.missing"), (String) null));
        }
        String str3 = (String) userModel.getPropertyValue(USER_FIELD_EMAIL);
        if (null == str3 || str3.length() == 0 || !str3.matches(".+@.+")) {
            throw new ValidatorException(new FacesMessage(FacesMessage.SEVERITY_ERROR, (String) this.resourcesAccessor.getMessages().get("label.cert.user.email.problem"), (String) null));
        }
    }

    public void downloadRootCertificate() throws CertException {
        try {
            byte[] rootCertificateData = this.cUserService.getRootCertificateData();
            HttpServletResponse httpServletResponse = (HttpServletResponse) FacesContext.getCurrentInstance().getExternalContext().getResponse();
            httpServletResponse.setContentType("application/octet-stream");
            httpServletResponse.addHeader("Content-Disposition", "attachment;filename=LOCAL_CA_.crt");
            httpServletResponse.setContentLength(rootCertificateData.length);
            ServletOutputStream outputStream = httpServletResponse.getOutputStream();
            outputStream.write(rootCertificateData);
            outputStream.flush();
            outputStream.close();
            FacesContext.getCurrentInstance().responseComplete();
        } catch (IOException e) {
            throw new CertException(e);
        }
    }

    public String goToCertificateManagement() {
        this.lastVisitedDocument = this.navigationContext.getCurrentDocument();
        this.webActions.setCurrentTabIds(HOME_TAB);
        this.webActions.setCurrentTabIds(CERTIFICATE_TAB);
        return "view_home";
    }

    public String backToDocument() {
        if (this.lastVisitedDocument == null) {
            return this.navigationContext.goHome();
        }
        this.webActions.setCurrentTabIds("sign_view");
        return this.navigationContext.navigateToDocument(this.lastVisitedDocument);
    }

    protected DocumentModel getCurrentUserModel() {
        return this.userManager.getUserModel(this.currentUser.getName());
    }
}
