package ee.sk.xmlenc.factory;

import ee.sk.digidoc.Base64Util;
import ee.sk.digidoc.DigiDocException;
import ee.sk.digidoc.SignedDoc;
import ee.sk.digidoc.TokenKeyInfo;
import ee.sk.digidoc.factory.DigiDocServiceFactory;
import ee.sk.digidoc.factory.PKCS11SignatureFactory;
import ee.sk.digidoc.factory.Pkcs12SignatureFactory;
import ee.sk.digidoc.factory.SAXDigiDocException;
import ee.sk.digidoc.factory.SignatureFactory;
import ee.sk.utils.ConfigManager;
import ee.sk.xmlenc.EncryptedData;
import ee.sk.xmlenc.EncryptedKey;
import ee.sk.xmlenc.EncryptionProperty;
import java.io.ByteArrayOutputStream;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.Provider;
import java.security.Security;
import java.security.cert.X509Certificate;
import java.util.Stack;
import java.util.zip.Inflater;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import javax.xml.parsers.SAXParserFactory;
import org.apache.log4j.Logger;
import org.xml.sax.Attributes;
import org.xml.sax.SAXException;
import org.xml.sax.helpers.DefaultHandler;

/* loaded from: input_file:ee/sk/xmlenc/factory/EncryptedStreamSAXParser.class */
public class EncryptedStreamSAXParser extends DefaultHandler implements EncryptedStreamParser {
    private TokenKeyInfo m_tki;
    private Logger m_logger;
    private StringBuffer m_sbParseBuf;
    private StringBuffer m_sbB64Buf;
    private static final int ENC_BLOCK_SIZE = 256;
    private int m_nBlockType;
    private static int DENC_BLOCK_FIRST = 1;
    private static int DENC_BLOCK_MIDDLE = 2;
    private static int DENC_BLOCK_LAST = 3;
    private static final int DECBLOCK_SIZE = 8192;
    private byte[] m_lblock = null;
    private Stack m_tags = new Stack();
    private EncryptedData m_doc = null;
    private String m_pin = null;
    private Cipher m_cipher = null;
    private OutputStream m_outStream = null;
    private X509Certificate m_decCert = null;
    private String m_recvName = null;
    private boolean m_bDecrypting = false;
    private int m_totalDecrypted = 0;
    private int m_totalDecompressed = 0;
    private int m_totalInput = 0;
    private int m_token = 0;
    private StringBuffer m_sbCollectChars = null;
    private Inflater m_decompressor = null;
    private SecretKey m_transportKey = null;
    private byte[] m_transpkey = null;
    private SignatureFactory m_sigFac = null;

    public EncryptedStreamSAXParser() {
        this.m_logger = null;
        this.m_logger = Logger.getLogger(EncryptedStreamSAXParser.class);
    }

    @Override // ee.sk.xmlenc.factory.EncryptedStreamParser
    public void init() throws DigiDocException {
        try {
            Security.addProvider((Provider) Class.forName(ConfigManager.instance().getProperty("DIGIDOC_SECURITY_PROVIDER")).newInstance());
        } catch (Exception e) {
            DigiDocException.handleException(e, 67);
        }
    }

    public void setRecipientName(String str) {
        this.m_recvName = str;
    }

    public void setOutputStream(OutputStream outputStream) {
        this.m_outStream = outputStream;
    }

    public void setPin(String str) {
        this.m_pin = str;
    }

    public void setToken(int i) {
        this.m_token = i;
    }

    @Override // ee.sk.xmlenc.factory.EncryptedStreamParser
    public EncryptedData getCdoc() {
        return this.m_doc;
    }

    @Override // ee.sk.xmlenc.factory.EncryptedStreamParser
    public int decryptStreamUsingRecipientName(InputStream inputStream, OutputStream outputStream, int i, String str, String str2) throws DigiDocException {
        setRecipientName(str2);
        setOutputStream(outputStream);
        setPin(str);
        setToken(i);
        try {
            this.m_sigFac = ConfigManager.instance().getSignatureFactory();
            this.m_decCert = this.m_sigFac.getAuthCertificate(i, str);
            SAXParserFactory newInstance = SAXParserFactory.newInstance();
            try {
                newInstance.setFeature("http://xml.org/sax/features/external-general-entities", false);
                newInstance.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
                newInstance.newSAXParser().parse(inputStream, this);
            } catch (SAXDigiDocException e) {
                throw e.getDigiDocException();
            } catch (Exception e2) {
                DigiDocException.handleException(e2, 75);
            }
            if (this.m_doc == null) {
                throw new DigiDocException(13, "This document is not in EncryptedData format", null);
            }
            return this.m_totalDecrypted;
        } catch (Exception e3) {
            throw new DigiDocException(13, "Error loading decryption cert!", null);
        }
    }

    @Override // ee.sk.xmlenc.factory.EncryptedStreamParser
    public int decryptStreamUsingRecipientSlotIdAndTokenLabel(InputStream inputStream, OutputStream outputStream, int i, String str, String str2) throws DigiDocException {
        setOutputStream(outputStream);
        setPin(str2);
        ConfigManager instance = ConfigManager.instance();
        SignatureFactory signatureFactory = instance.getSignatureFactory();
        PKCS11SignatureFactory pKCS11SignatureFactory = signatureFactory instanceof PKCS11SignatureFactory ? (PKCS11SignatureFactory) signatureFactory : (PKCS11SignatureFactory) instance.getSignatureFactoryOfType(SignatureFactory.SIGFAC_TYPE_PKCS11);
        if (pKCS11SignatureFactory == null) {
            this.m_logger.error("No PKCS11 signature factory");
            return 0;
        }
        this.m_sigFac = pKCS11SignatureFactory;
        TokenKeyInfo tokenWithSlotIdAndLabel = pKCS11SignatureFactory.getTokenWithSlotIdAndLabel(i, str);
        if (tokenWithSlotIdAndLabel == null) {
            this.m_logger.error("No token with slot: " + i + " and label: " + str);
            return 0;
        }
        if (tokenWithSlotIdAndLabel != null && !tokenWithSlotIdAndLabel.isEncryptKey()) {
            this.m_logger.error("Token with slot: " + i + " and label: " + str + " is not an encryption key!");
            return 0;
        }
        this.m_decCert = tokenWithSlotIdAndLabel.getCert();
        this.m_tki = tokenWithSlotIdAndLabel;
        if (this.m_logger.isDebugEnabled()) {
            this.m_logger.debug("Decrypt with slot: " + i + " label: " + str + " token: " + (this.m_tki != null ? "OK" : "NULL") + " cert: " + (this.m_decCert != null ? "OK" : "NULL"));
        }
        if (this.m_decCert == null) {
            throw new DigiDocException(13, "Error loading decryption cert!", null);
        }
        SAXParserFactory newInstance = SAXParserFactory.newInstance();
        try {
            newInstance.setFeature("http://xml.org/sax/features/external-general-entities", false);
            newInstance.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
            newInstance.newSAXParser().parse(inputStream, this);
        } catch (SAXDigiDocException e) {
            throw e.getDigiDocException();
        } catch (Exception e2) {
            DigiDocException.handleException(e2, 75);
        }
        if (this.m_doc == null) {
            throw new DigiDocException(13, "This document is not in EncryptedData format", null);
        }
        return this.m_totalDecrypted;
    }

    @Override // ee.sk.xmlenc.factory.EncryptedStreamParser
    public int decryptStreamUsingTokenType(InputStream inputStream, OutputStream outputStream, int i, String str, String str2, String str3) throws DigiDocException {
        setOutputStream(outputStream);
        setPin(str);
        setToken(i);
        if (str2 == null || !(str2.equals(SignatureFactory.SIGFAC_TYPE_PKCS11) || str2.equals(SignatureFactory.SIGFAC_TYPE_PKCS12))) {
            throw new DigiDocException(DigiDocException.ERR_XMLENC_DECRYPT, "Invalid token type. Must be PKCS11 or PKCS12!", null);
        }
        try {
            this.m_sigFac = ConfigManager.instance().getSignatureFactoryOfType(str2);
            if (this.m_sigFac != null && (this.m_sigFac instanceof Pkcs12SignatureFactory)) {
                Pkcs12SignatureFactory pkcs12SignatureFactory = (Pkcs12SignatureFactory) this.m_sigFac;
                if (this.m_logger.isDebugEnabled()) {
                    this.m_logger.debug("Loading pkcs12 keystore: " + str3);
                }
                pkcs12SignatureFactory.load(str3, str2, str);
            }
            if (this.m_sigFac != null) {
                this.m_decCert = this.m_sigFac.getAuthCertificate(i, str);
            }
            if (this.m_decCert == null) {
                throw new DigiDocException(DigiDocException.ERR_XMLENC_DECRYPT, "Error loading decryption cert!", null);
            }
            SAXParserFactory newInstance = SAXParserFactory.newInstance();
            try {
                newInstance.setFeature("http://xml.org/sax/features/external-general-entities", false);
                newInstance.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
                newInstance.newSAXParser().parse(inputStream, this);
            } catch (SAXDigiDocException e) {
                throw e.getDigiDocException();
            } catch (Exception e2) {
                DigiDocException.handleException(e2, 75);
            }
            if (this.m_doc == null) {
                throw new DigiDocException(13, "This document is not in EncryptedData format", null);
            }
            return this.m_totalDecrypted;
        } catch (Exception e3) {
            this.m_logger.error("Error loading decryption cert: " + e3);
            throw new DigiDocException(DigiDocException.ERR_XMLENC_DECRYPT, "Error loading decryption cert!", e3);
        }
    }

    @Override // ee.sk.xmlenc.factory.EncryptedStreamParser
    public int decryptStreamUsingRecipientNameAndKey(InputStream inputStream, OutputStream outputStream, byte[] bArr, String str) throws DigiDocException {
        setRecipientName(str);
        setOutputStream(outputStream);
        this.m_transpkey = bArr;
        this.m_transportKey = new SecretKeySpec(this.m_transpkey, EncryptedData.DIGIDOC_ENCRYPTION_ALOGORITHM);
        if (this.m_logger.isDebugEnabled()) {
            this.m_logger.debug("Transport key: " + (this.m_transportKey == null ? DigiDocServiceFactory.STAT_ERROR : "OK") + " len: " + this.m_transpkey.length);
        }
        SAXParserFactory newInstance = SAXParserFactory.newInstance();
        try {
            newInstance.setFeature("http://xml.org/sax/features/external-general-entities", false);
            newInstance.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
            newInstance.newSAXParser().parse(inputStream, this);
        } catch (SAXDigiDocException e) {
            throw e.getDigiDocException();
        } catch (Exception e2) {
            DigiDocException.handleException(e2, 75);
        }
        if (this.m_doc == null) {
            throw new DigiDocException(13, "This document is not in EncryptedData format", null);
        }
        return this.m_totalDecrypted;
    }

    @Override // org.xml.sax.helpers.DefaultHandler, org.xml.sax.ContentHandler
    public void startDocument() throws SAXException {
        this.m_doc = null;
        this.m_sbCollectChars = null;
        this.m_decompressor = null;
        this.m_totalDecrypted = 0;
        this.m_totalDecompressed = 0;
        this.m_totalInput = 0;
        this.m_sbParseBuf = new StringBuffer();
        this.m_sbB64Buf = new StringBuffer();
        this.m_nBlockType = DENC_BLOCK_FIRST;
    }

    @Override // org.xml.sax.helpers.DefaultHandler, org.xml.sax.ContentHandler
    public void endDocument() throws SAXException {
    }

    private String findAtributeValue(Attributes attributes, String str) {
        String str2 = null;
        for (int i = 0; i < attributes.getLength(); i++) {
            String qName = attributes.getQName(i);
            if (qName.equals(str) || qName.indexOf(str) != -1) {
                str2 = attributes.getValue(i);
                break;
            }
        }
        return str2;
    }

    private void checkEncryptedData() throws SAXDigiDocException {
        if (this.m_doc == null) {
            throw new SAXDigiDocException(27, "This document is not in EncryptedData format!");
        }
    }

    private void checkEncryptedKey(EncryptedKey encryptedKey) throws SAXDigiDocException {
        if (encryptedKey == null) {
            throw new SAXDigiDocException(DigiDocException.ERR_XMLENC_NO_ENCRYPTED_KEY, "This <EncryptedKey> object does not exist!");
        }
    }

    @Override // org.xml.sax.helpers.DefaultHandler, org.xml.sax.ContentHandler
    public void startElement(String str, String str2, String str3, Attributes attributes) throws SAXDigiDocException {
        String str4 = str3;
        if (str4.indexOf(":") != -1) {
            str4 = str3.substring(str3.indexOf(":") + 1);
        }
        if (this.m_logger.isDebugEnabled()) {
            this.m_logger.debug("Start Element: " + str4 + " qname: " + str3 + " lname: " + str2 + " uri: " + str);
        }
        this.m_tags.push(str4);
        if (str4.equals("KeyName") || str4.equals("CarriedKeyName") || str4.equals("X509Certificate") || str4.equals("EncryptionProperty")) {
            this.m_sbCollectChars = new StringBuffer();
        }
        if (str4.equals("CipherValue")) {
            if (this.m_tags.search("EncryptedKey") != -1) {
                this.m_sbCollectChars = new StringBuffer();
            } else {
                this.m_sbCollectChars = null;
                this.m_bDecrypting = true;
            }
        }
        if (str4.equals("EncryptedData")) {
            try {
                this.m_doc = new EncryptedData(findAtributeValue(attributes, "xmlns"));
                String findAtributeValue = findAtributeValue(attributes, "Id");
                if (findAtributeValue != null) {
                    this.m_doc.setId(findAtributeValue);
                }
                String findAtributeValue2 = findAtributeValue(attributes, "Type");
                if (findAtributeValue2 != null) {
                    this.m_doc.setType(findAtributeValue2);
                }
                String findAtributeValue3 = findAtributeValue(attributes, "MimeType");
                if (findAtributeValue3 != null) {
                    this.m_doc.setMimeType(findAtributeValue3);
                }
                if (this.m_doc.getMimeType() != null && this.m_doc.getMimeType().equals(EncryptedData.DENC_ENCDATA_MIME_ZLIB)) {
                    this.m_decompressor = new Inflater();
                }
            } catch (DigiDocException e) {
                SAXDigiDocException.handleException(e);
            }
            try {
                if (this.m_transportKey != null) {
                    this.m_cipher = this.m_doc.getCipher(2, this.m_transportKey, new byte[]{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0});
                }
            } catch (DigiDocException e2) {
                this.m_logger.error("Error using key: " + (this.m_transpkey != null ? Base64Util.encode(this.m_transpkey) : "NULL") + " - " + e2);
                SAXDigiDocException.handleException(e2);
            }
        }
        if (str4.equals("EncryptionMethod")) {
            checkEncryptedData();
            if (this.m_tags.search("EncryptedKey") != -1) {
                EncryptedKey lastEncryptedKey = this.m_doc.getLastEncryptedKey();
                checkEncryptedKey(lastEncryptedKey);
                try {
                    lastEncryptedKey.setEncryptionMethod(findAtributeValue(attributes, "Algorithm"));
                } catch (DigiDocException e3) {
                    SAXDigiDocException.handleException(e3);
                }
            } else {
                try {
                    this.m_doc.setEncryptionMethod(findAtributeValue(attributes, "Algorithm"));
                } catch (DigiDocException e4) {
                    SAXDigiDocException.handleException(e4);
                }
            }
        }
        if (str4.equals("EncryptedKey")) {
            checkEncryptedData();
            EncryptedKey encryptedKey = new EncryptedKey();
            this.m_doc.addEncryptedKey(encryptedKey);
            String findAtributeValue4 = findAtributeValue(attributes, "Recipient");
            if (findAtributeValue4 != null) {
                encryptedKey.setRecipient(findAtributeValue4);
            }
            String findAtributeValue5 = findAtributeValue(attributes, "Id");
            if (findAtributeValue5 != null) {
                encryptedKey.setId(findAtributeValue5);
            }
        }
        if (str4.equals("EncryptionProperties")) {
            checkEncryptedData();
            String findAtributeValue6 = findAtributeValue(attributes, "Id");
            if (findAtributeValue6 != null) {
                this.m_doc.setEncryptionPropertiesId(findAtributeValue6);
            }
        }
        if (str4.equals("EncryptionProperty")) {
            checkEncryptedData();
            EncryptionProperty encryptionProperty = new EncryptionProperty();
            this.m_doc.addProperty(encryptionProperty);
            String findAtributeValue7 = findAtributeValue(attributes, "Id");
            if (findAtributeValue7 != null) {
                encryptionProperty.setId(findAtributeValue7);
            }
            String findAtributeValue8 = findAtributeValue(attributes, "Target");
            if (findAtributeValue8 != null) {
                encryptionProperty.setTarget(findAtributeValue8);
            }
            String findAtributeValue9 = findAtributeValue(attributes, "Name");
            if (findAtributeValue9 != null) {
                try {
                    encryptionProperty.setName(findAtributeValue9);
                } catch (DigiDocException e5) {
                    SAXDigiDocException.handleException(e5);
                }
            }
        }
    }

    @Override // org.xml.sax.helpers.DefaultHandler, org.xml.sax.ContentHandler
    public void endElement(String str, String str2, String str3) throws SAXException {
        String str4 = str3;
        if (str4.indexOf(":") != -1) {
            str4 = str3.substring(str4.indexOf(":") + 1);
        }
        if (this.m_logger.isDebugEnabled()) {
            this.m_logger.debug("End Element: " + str4);
        }
        if (str4.equals("KeyName")) {
            checkEncryptedData();
            EncryptedKey lastEncryptedKey = this.m_doc.getLastEncryptedKey();
            checkEncryptedKey(lastEncryptedKey);
            lastEncryptedKey.setKeyName(this.m_sbCollectChars.toString());
            this.m_sbCollectChars = null;
        }
        if (str4.equals("CarriedKeyName")) {
            checkEncryptedData();
            EncryptedKey lastEncryptedKey2 = this.m_doc.getLastEncryptedKey();
            checkEncryptedKey(lastEncryptedKey2);
            lastEncryptedKey2.setCarriedKeyName(this.m_sbCollectChars.toString());
            this.m_sbCollectChars = null;
        }
        if (str4.equals("X509Certificate")) {
            checkEncryptedData();
            EncryptedKey lastEncryptedKey3 = this.m_doc.getLastEncryptedKey();
            checkEncryptedKey(lastEncryptedKey3);
            try {
                lastEncryptedKey3.setRecipientsCertificate(SignedDoc.readCertificate(Base64Util.decode(this.m_sbCollectChars.toString().getBytes())));
            } catch (DigiDocException e) {
                SAXDigiDocException.handleException(e);
            }
            this.m_sbCollectChars = null;
        }
        if (str4.equals("CipherValue")) {
            checkEncryptedData();
            if (this.m_tags.search("EncryptedKey") == -1) {
                this.m_bDecrypting = false;
                decryptBlock(null, DENC_BLOCK_LAST);
                if (this.m_logger.isInfoEnabled()) {
                    this.m_logger.info("Total input: " + this.m_totalInput + " decrypted: " + this.m_totalDecrypted + " decompressed: " + this.m_totalDecompressed);
                }
            } else if (this.m_cipher == null) {
                EncryptedKey lastEncryptedKey4 = this.m_doc.getLastEncryptedKey();
                checkEncryptedKey(lastEncryptedKey4);
                lastEncryptedKey4.setTransportKeyData(Base64Util.decode(this.m_sbCollectChars.toString().getBytes()));
                if (this.m_logger.isDebugEnabled()) {
                    this.m_logger.debug("Recipient: " + lastEncryptedKey4.getRecipient() + " cert-nr: " + lastEncryptedKey4.getRecipientsCertificate().getSerialNumber() + " decrypt-cert: " + this.m_decCert.getSerialNumber());
                }
                if (this.m_decCert != null && lastEncryptedKey4.getRecipientsCertificate() != null && this.m_decCert.getSerialNumber().equals(lastEncryptedKey4.getRecipientsCertificate().getSerialNumber())) {
                    byte[] bArr = null;
                    if (this.m_sigFac == null) {
                        SAXDigiDocException.handleException(new DigiDocException(DigiDocException.ERR_XMLENC_KEY_DECRYPT, "SignatureFactory not initialized!", null));
                    }
                    try {
                        if (this.m_logger.isDebugEnabled()) {
                            this.m_logger.debug("Decrypting key: " + this.m_recvName + " serial: " + this.m_decCert.getSerialNumber());
                        }
                        bArr = this.m_transpkey != null ? this.m_transpkey : this.m_tki != null ? ((PKCS11SignatureFactory) this.m_sigFac).decrypt(lastEncryptedKey4.getTransportKeyData(), this.m_tki.getSlot(), this.m_tki.getLabel(), this.m_pin) : this.m_sigFac.decrypt(lastEncryptedKey4.getTransportKeyData(), this.m_token, this.m_pin);
                        if (this.m_logger.isDebugEnabled()) {
                            this.m_logger.debug("Using key: " + this.m_recvName + " decdata: " + Base64Util.encode(bArr));
                        }
                        this.m_transportKey = new SecretKeySpec(bArr, EncryptedData.DIGIDOC_ENCRYPTION_ALOGORITHM);
                        this.m_cipher = this.m_doc.getCipher(2, this.m_transportKey, new byte[]{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0});
                        if (this.m_logger.isDebugEnabled()) {
                            this.m_logger.debug("Transport key: " + (this.m_transportKey == null ? DigiDocServiceFactory.STAT_ERROR : "OK") + " len: " + bArr.length);
                        }
                    } catch (DigiDocException e2) {
                        this.m_logger.error("Error decrypting key1: " + (bArr != null ? Base64Util.encode(bArr) : "NULL") + " - " + e2);
                        SAXDigiDocException.handleException(e2);
                    } catch (Exception e3) {
                        this.m_logger.error("Error decrypting key2: " + (bArr != null ? Base64Util.encode(bArr) : "NULL") + " - " + e3);
                        SAXDigiDocException.handleException(new DigiDocException(DigiDocException.ERR_XMLENC_KEY_DECRYPT, e3.getMessage(), e3));
                    }
                }
            }
            this.m_sbCollectChars = null;
        }
        if (str4.equals("EncryptionProperty")) {
            checkEncryptedData();
            EncryptionProperty lastProperty = this.m_doc.getLastProperty();
            if (lastProperty != null) {
                try {
                    if (this.m_sbCollectChars != null) {
                        lastProperty.setContent(this.m_sbCollectChars.toString());
                    }
                } catch (DigiDocException e4) {
                    SAXDigiDocException.handleException(e4);
                }
            }
            this.m_sbCollectChars = null;
        }
    }

    private void decryptBlock(String str, int i) throws SAXException {
        if (str != null && str.length() > 0) {
            this.m_sbParseBuf.append(str);
        }
        String str2 = null;
        if (i == DENC_BLOCK_LAST) {
            str2 = this.m_sbParseBuf.toString();
        } else if (this.m_sbParseBuf.length() > ENC_BLOCK_SIZE) {
            str2 = this.m_sbParseBuf.substring(0, ENC_BLOCK_SIZE);
            this.m_sbParseBuf.delete(0, ENC_BLOCK_SIZE);
        }
        if (this.m_logger.isDebugEnabled()) {
            this.m_logger.debug("IN " + (str != null ? str.length() : 0) + " input: " + (str2 != null ? str2.length() : 0) + " buffered: " + (this.m_sbParseBuf != null ? this.m_sbParseBuf.length() : 0) + " b64left: " + (this.m_sbB64Buf != null ? this.m_sbB64Buf.length() : 0) + " block-type: " + i);
        }
        if (this.m_cipher == null) {
            SAXDigiDocException.handleException(new DigiDocException(DigiDocException.ERR_XMLENC_DECRYPT, "Cipher has not been initialized! No transport key for selected recipient?", null));
        }
        if (str2 != null) {
            this.m_sbB64Buf.append(str2);
            this.m_totalInput += str2.length();
            try {
                byte[] bArr = null;
                ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                if (this.m_sbB64Buf.length() > 0) {
                    int decodeBlock = Base64Util.decodeBlock(this.m_sbB64Buf.toString(), byteArrayOutputStream, i == DENC_BLOCK_LAST);
                    bArr = byteArrayOutputStream.toByteArray();
                    if (i == DENC_BLOCK_FIRST && bArr != null && bArr.length > 16) {
                        byte[] bArr2 = new byte[bArr.length - 16];
                        System.arraycopy(bArr, 16, bArr2, 0, bArr2.length);
                        if (this.m_logger.isDebugEnabled()) {
                            this.m_logger.debug("Removed IV from: " + bArr.length + " block1, left: " + bArr2.length);
                        }
                        bArr = bArr2;
                    }
                    if (this.m_logger.isDebugEnabled()) {
                        this.m_logger.debug("Decoding: " + this.m_sbB64Buf.length() + " got: " + (bArr != null ? bArr.length : 0) + " last: " + (i == DENC_BLOCK_LAST));
                    }
                    if (decodeBlock > 0) {
                        this.m_sbB64Buf.delete(0, decodeBlock);
                    }
                }
                byte[] update = this.m_cipher.update(bArr);
                if (this.m_logger.isDebugEnabled()) {
                    this.m_logger.debug("Decrypted input: " + str2.length() + " decoded: " + (bArr != null ? bArr.length : 0) + " decrypted: " + (update != null ? update.length : 0));
                }
                if (this.m_totalDecrypted == 0 && update != null && update.length > 16) {
                    byte[] bArr3 = new byte[update.length - 16];
                    System.arraycopy(update, 16, bArr3, 0, update.length - 16);
                    if (this.m_logger.isDebugEnabled()) {
                        this.m_logger.debug("Removing IV data from: " + update.length + " remaining: " + bArr3.length);
                    }
                    update = bArr3;
                }
                if (i == DENC_BLOCK_LAST) {
                    int length = this.m_lblock != null ? this.m_lblock.length : 0;
                    int length2 = update != null ? update.length : 0;
                    byte[] bArr4 = new byte[length + length2];
                    if (length > 0) {
                        System.arraycopy(this.m_lblock, 0, bArr4, 0, length);
                    }
                    if (length2 > 0) {
                        System.arraycopy(update, 0, bArr4, length, length2);
                    }
                    update = bArr4;
                    if (this.m_logger.isDebugEnabled()) {
                        this.m_logger.debug("Last block: " + update.length);
                    }
                    this.m_lblock = null;
                }
                if (update != null && bArr != null && i == DENC_BLOCK_LAST) {
                    int intValue = new Integer(update[update.length - 1]).intValue();
                    if (this.m_logger.isDebugEnabled()) {
                        this.m_logger.debug("Check padding 1: " + intValue);
                    }
                    if (checkPadding(update, intValue)) {
                        update = removePadding(update, intValue);
                    }
                    if (this.m_logger.isDebugEnabled()) {
                        this.m_logger.debug("Decdata remaining: " + (update != null ? update.length : 0));
                    }
                    if (update != null && update.length > 0) {
                        int intValue2 = new Integer(update[update.length - 1]).intValue();
                        if (this.m_logger.isDebugEnabled()) {
                            this.m_logger.debug("Check padding 2: " + intValue2);
                        }
                        if (intValue2 > 0 && intValue2 <= 16 && update.length > intValue2 && checkPadding(update, intValue2)) {
                            update = removePadding(update, intValue2);
                        }
                    } else if (this.m_lblock != null) {
                        int intValue3 = new Integer(this.m_lblock[this.m_lblock.length - 1]).intValue();
                        if (this.m_logger.isDebugEnabled()) {
                            this.m_logger.debug("Check padding 3: " + intValue3);
                        }
                        if (intValue3 > 0 && intValue3 <= 16 && this.m_lblock.length > intValue3 && checkPadding(this.m_lblock, intValue3)) {
                            this.m_lblock = removePadding(this.m_lblock, intValue3);
                        }
                    }
                }
                if (this.m_lblock != null || update != null) {
                    if (this.m_decompressor != null) {
                        if (i == DENC_BLOCK_LAST) {
                            this.m_lblock = update;
                        }
                        if (this.m_lblock != null) {
                            if (this.m_logger.isDebugEnabled()) {
                                this.m_logger.debug("Decompressing: " + this.m_lblock.length);
                            }
                            this.m_decompressor.setInput(this.m_lblock);
                            byte[] bArr5 = new byte[DECBLOCK_SIZE];
                            if (this.m_logger.isDebugEnabled()) {
                                this.m_logger.debug("Decompressing: " + this.m_lblock.length + " into: " + bArr5.length);
                            }
                            while (true) {
                                int inflate = this.m_decompressor.inflate(bArr5);
                                if (inflate <= 0) {
                                    break;
                                }
                                if (this.m_logger.isDebugEnabled()) {
                                    this.m_logger.debug("Decompressed: " + this.m_lblock.length + " into: " + bArr5.length + " got: " + inflate);
                                }
                                this.m_outStream.write(bArr5, 0, inflate);
                                this.m_totalDecompressed += inflate;
                            }
                        }
                        if (i == DENC_BLOCK_LAST && (!this.m_decompressor.finished() || this.m_decompressor.getRemaining() > 0)) {
                            if (this.m_logger.isDebugEnabled()) {
                                this.m_logger.debug("Decompressor finished: " + this.m_decompressor.finished() + " remaining: " + this.m_decompressor.getRemaining());
                            }
                            byte[] bArr6 = new byte[DECBLOCK_SIZE];
                            while (true) {
                                int inflate2 = this.m_decompressor.inflate(bArr6);
                                if (inflate2 <= 0) {
                                    break;
                                }
                                this.m_outStream.write(bArr6, 0, inflate2);
                                this.m_totalDecompressed += inflate2;
                                if (this.m_logger.isDebugEnabled()) {
                                    this.m_logger.debug("Decompressing final: " + inflate2);
                                }
                            }
                        }
                    } else {
                        if (this.m_lblock != null) {
                            this.m_outStream.write(this.m_lblock);
                        }
                        if (i == DENC_BLOCK_LAST && update != null) {
                            this.m_outStream.write(update);
                        }
                    }
                    this.m_totalDecrypted += update.length;
                }
                this.m_lblock = update;
            } catch (Exception e) {
                SAXDigiDocException.handleException(new DigiDocException(DigiDocException.ERR_XMLENC_DECRYPT, "Error decrypting: " + e, e));
            }
        }
    }

    private boolean checkPadding(byte[] bArr, int i) {
        boolean z = true;
        if (this.m_logger.isDebugEnabled()) {
            this.m_logger.debug("Checking padding: " + i + " bytes");
        }
        if (i < 0 || i > 16 || bArr == null || bArr.length < i) {
            return false;
        }
        for (int length = bArr.length - i; i > 0 && length < bArr.length - 1; length++) {
            if (this.m_logger.isDebugEnabled()) {
                this.m_logger.debug("Data at: " + length + " = " + ((int) bArr[length]));
            }
            if ((bArr[length] != 0 && i != 16) || (i == 16 && bArr[length] != 16 && bArr[length] != 0)) {
                if (this.m_logger.isDebugEnabled()) {
                    this.m_logger.debug("Data at: " + length + " = " + ((int) bArr[length]) + " cancel padding");
                }
                z = false;
            }
        }
        return z;
    }

    private byte[] removePadding(byte[] bArr, int i) {
        if (this.m_logger.isDebugEnabled()) {
            this.m_logger.debug("Removing padding: " + i + " bytes");
        }
        if (i < 0 || i > 16 || bArr == null || bArr.length < i) {
            return bArr;
        }
        byte[] bArr2 = new byte[bArr.length - i];
        System.arraycopy(bArr, 0, bArr2, 0, bArr.length - i);
        return bArr2;
    }

    @Override // org.xml.sax.helpers.DefaultHandler, org.xml.sax.ContentHandler
    public void characters(char[] cArr, int i, int i2) throws SAXException {
        String str = new String(cArr, i, i2);
        if (str != null) {
            if (this.m_sbCollectChars != null) {
                this.m_sbCollectChars.append(str);
            }
            if (this.m_bDecrypting) {
                decryptBlock(str, this.m_nBlockType);
                if (this.m_nBlockType == DENC_BLOCK_FIRST) {
                    this.m_nBlockType = DENC_BLOCK_MIDDLE;
                }
            }
        }
    }
}
