package won.protocol.message.processor.impl;

import java.io.Serializable;
import java.lang.invoke.MethodHandles;
import java.net.URI;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PublicKey;
import java.security.SignatureException;
import java.security.spec.InvalidKeySpecException;
import java.util.Arrays;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import net.sf.ehcache.Cache;
import net.sf.ehcache.CacheManager;
import net.sf.ehcache.Ehcache;
import net.sf.ehcache.Element;
import org.apache.jena.atlas.lib.Chars;
import org.apache.jena.query.Dataset;
import org.apache.jena.riot.Lang;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus;
import org.springframework.util.StopWatch;
import org.springframework.web.client.HttpClientErrorException;
import won.cryptography.rdfsign.SignatureVerificationState;
import won.cryptography.rdfsign.WonKeysReaderWriter;
import won.protocol.exception.WonMessageProcessingException;
import won.protocol.message.WonMessage;
import won.protocol.message.WonMessageType;
import won.protocol.message.processor.WonMessageProcessor;
import won.protocol.rest.LinkedDataFetchingException;
import won.protocol.util.LogMarkers;
import won.protocol.util.Prefixer;
import won.protocol.util.RdfUtils;
import won.protocol.util.linkeddata.LinkedDataSource;

/* loaded from: input_file:won/protocol/message/processor/impl/SignatureCheckingWonMessageProcessor.class */
public class SignatureCheckingWonMessageProcessor implements WonMessageProcessor {
    private static final Logger logger = LoggerFactory.getLogger(MethodHandles.lookup().lookupClass());
    private final Ehcache webIdCache;

    @Autowired
    private LinkedDataSource linkedDataSource;

    public SignatureCheckingWonMessageProcessor() {
        CacheManager cacheManager = CacheManager.getInstance();
        this.webIdCache = new Cache("SignatureCheckingWonMessageProcessor", 100, false, false, 3600L, 3600L);
        cacheManager.addCache(this.webIdCache);
    }

    public void setLinkedDataSource(LinkedDataSource linkedDataSource) {
        this.linkedDataSource = linkedDataSource;
    }

    @Override // won.protocol.message.processor.WonMessageProcessor
    public WonMessage process(WonMessage wonMessage) throws WonMessageProcessingException {
        StopWatch stopWatch = new StopWatch();
        try {
            if (wonMessage.getRespondingToMessageType() == WonMessageType.DELETE && wonMessage.getMessageType() == WonMessageType.SUCCESS_RESPONSE) {
                logger.debug(LogMarkers.TIMING, "Signature check for message {} took {} millis, details:\n {}", new Object[]{wonMessage.getMessageURIRequired(), Long.valueOf(stopWatch.getTotalTimeMillis()), stopWatch.prettyPrint()});
                return wonMessage;
            }
            for (WonMessage wonMessage2 : wonMessage.getAllMessages()) {
                try {
                    stopWatch.start("get public keys");
                    Map<String, PublicKey> requiredPublicKeys = getRequiredPublicKeys(wonMessage2.getCompleteDataset());
                    stopWatch.stop();
                    stopWatch.start("verify");
                    SignatureVerificationState verify = WonMessageSignerVerifier.verify(requiredPublicKeys, wonMessage2);
                    stopWatch.stop();
                    if (logger.isDebugEnabled()) {
                        logger.debug("VERIFIED=" + verify.isVerificationPassed() + " with keys: " + requiredPublicKeys.values() + " for\n" + RdfUtils.writeDatasetToString(Prefixer.setPrefixes(wonMessage2.getCompleteDataset()), Lang.TRIG));
                    }
                    if (!verify.isVerificationPassed()) {
                        String str = "Message verification failed. Message:" + wonMessage2.toStringForDebug(false) + ", Problem:" + verify.getMessage();
                        if (logger.isDebugEnabled()) {
                            logger.debug(str + ". Offending message:\n" + RdfUtils.toString(Prefixer.setPrefixes(wonMessage2.getCompleteDataset())));
                        }
                        throw new WonMessageProcessingException(new SignatureException(str + ". To log the offending message, set Loglevel to DEBUG for logger '" + getClass().getName() + Chars.S_QUOTE1));
                    }
                } catch (LinkedDataFetchingException e) {
                    if (!WonMessageType.DELETE.equals(wonMessage2.getMessageType()) || !(e.getCause() instanceof HttpClientErrorException) || !HttpStatus.GONE.equals(((HttpClientErrorException) e.getCause()).getStatusCode())) {
                        throw new WonMessageProcessingException("Could not verify message " + wonMessage2.getMessageURI(), e);
                    }
                    if (logger.isDebugEnabled()) {
                        logger.debug("Failure during processing signature check of message" + wonMessage2.getMessageURI() + " (messageType was DELETE, but atom is already deleted, accept message anyway)");
                    }
                    logger.debug(LogMarkers.TIMING, "Signature check for message {} took {} millis, details:\n {}", new Object[]{wonMessage.getMessageURIRequired(), Long.valueOf(stopWatch.getTotalTimeMillis()), stopWatch.prettyPrint()});
                    return wonMessage2;
                } catch (Exception e2) {
                    throw new WonMessageProcessingException("Could not verify message " + wonMessage2.getMessageURI(), e2);
                }
            }
            logger.debug(LogMarkers.TIMING, "Signature check for message {} took {} millis, details:\n {}", new Object[]{wonMessage.getMessageURIRequired(), Long.valueOf(stopWatch.getTotalTimeMillis()), stopWatch.prettyPrint()});
            return wonMessage;
        } catch (Throwable th) {
            logger.debug(LogMarkers.TIMING, "Signature check for message {} took {} millis, details:\n {}", new Object[]{wonMessage.getMessageURIRequired(), Long.valueOf(stopWatch.getTotalTimeMillis()), stopWatch.prettyPrint()});
            throw th;
        }
    }

    private boolean appendIfPresent(URI uri, String str, StringBuilder sb) {
        if (uri == null) {
            return false;
        }
        sb.append(str).append(": ").append(uri);
        return true;
    }

    private Map<String, PublicKey> getRequiredPublicKeys(Dataset dataset) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeySpecException {
        StopWatch stopWatch = new StopWatch();
        stopWatch.start("read embedded keys");
        WonKeysReaderWriter wonKeysReaderWriter = new WonKeysReaderWriter();
        Map<String, PublicKey> readFromDataset = wonKeysReaderWriter.readFromDataset(dataset);
        stopWatch.stop();
        if (logger.isDebugEnabled()) {
            logger.debug("Embedded keys: {}", readFromDataset.keySet());
        }
        stopWatch.start("extract referenced keys");
        Set<String> readKeyReferences = wonKeysReaderWriter.readKeyReferences(dataset);
        stopWatch.stop();
        if (logger.isDebugEnabled()) {
            logger.debug("referenced keys: " + Arrays.toString(readKeyReferences.toArray()));
        }
        for (String str : readKeyReferences) {
            if (!readFromDataset.containsKey(str)) {
                logger.debug("loading referenced key {}", str);
                stopWatch.start("load referenced key");
                Set<PublicKey> loadKey = loadKey(str, wonKeysReaderWriter);
                stopWatch.stop();
                Iterator<PublicKey> it = loadKey.iterator();
                if (it.hasNext()) {
                    readFromDataset.put(str, it.next());
                }
            }
        }
        if (logger.isDebugEnabled()) {
            logger.debug("retrieved public keys of these webids: " + Arrays.toString(readFromDataset.keySet().toArray()));
            logger.debug(LogMarkers.TIMING, "Timing info: \n{}", stopWatch.prettyPrint());
        }
        return readFromDataset;
    }

    public Set<PublicKey> loadKey(String str, WonKeysReaderWriter wonKeysReaderWriter) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeySpecException {
        Element element = this.webIdCache.get((Serializable) str);
        if (element != null) {
            return (Set) element.getObjectValue();
        }
        Set<PublicKey> loadKeyRemotely = loadKeyRemotely(wonKeysReaderWriter, str);
        if (loadKeyRemotely != null && loadKeyRemotely.size() > 0) {
            this.webIdCache.put(new Element(str, loadKeyRemotely));
        }
        return loadKeyRemotely;
    }

    public Set<PublicKey> loadKeyRemotely(WonKeysReaderWriter wonKeysReaderWriter, String str) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeySpecException {
        return wonKeysReaderWriter.readFromDataset(this.linkedDataSource.getDataForResource(URI.create(str)), str);
    }
}
