package se.signatureservice.support.signer;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.DataOutputStream;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import java.util.UUID;
import javax.xml.bind.DatatypeConverter;
import javax.xml.bind.JAXBElement;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.transform.Transformer;
import javax.xml.transform.TransformerException;
import javax.xml.transform.TransformerFactory;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
import org.apache.commons.lang3.time.DateUtils;
import org.apache.xml.security.c14n.CanonicalizationException;
import org.apache.xml.security.c14n.Canonicalizer;
import org.apache.xml.security.c14n.InvalidCanonicalizerException;
import org.bouncycastle.asn1.ASN1Integer;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.asn1.x509.IssuerSerial;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.util.encoders.Base64;
import org.certificateservices.messages.MessageProcessingException;
import org.certificateservices.messages.dss1.core.jaxb.SignResponse;
import org.certificateservices.messages.sweeid2.dssextenstions1_1.SigType;
import org.certificateservices.messages.sweeid2.dssextenstions1_1.jaxb.AdESObjectType;
import org.certificateservices.messages.sweeid2.dssextenstions1_1.jaxb.SignResponseExtensionType;
import org.certificateservices.messages.sweeid2.dssextenstions1_1.jaxb.SignTaskDataType;
import org.certificateservices.messages.sweeid2.dssextenstions1_1.jaxb.SignTasksType;
import org.certificateservices.messages.utils.CertUtils;
import org.certificateservices.messages.utils.DefaultSystemTime;
import org.certificateservices.messages.utils.SystemTime;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.NodeList;
import org.xml.sax.SAXException;
import se.signatureservice.configuration.common.InvalidArgumentException;
import se.signatureservice.support.common.keygen.SignAlgorithm;

/* loaded from: input_file:se/signatureservice/support/signer/SignTaskHelper.class */
public class SignTaskHelper {
    private static final String NS_ETSI_1_3_2 = "http://uri.etsi.org/01903/v1.3.2#";
    private static final String NS_W3_XMLNS = "http://www.w3.org/2000/xmlns/";
    private static final String NS_W3_XMLDSIG = "http://www.w3.org/2000/09/xmldsig#";
    private static final String NS_ETSI_1_3_2_SIGNED_PROPERTIES = "http://uri.etsi.org/01903#SignedProperties";
    private static final String XADES_PREFIX = "xades:";
    private static final String XADES_SIGNED_PROPERTIES = "SignedProperties";
    private static final String XADES_SIGNED_SIGNATURE_PROPERTIES = "SignedSignatureProperties";
    private static final String XADES_SIGNING_TIME = "SigningTime";
    private static final String XADES_SIGNING_CERTIFICATE_V2 = "SigningCertificateV2";
    private static final String XADES_CERT = "Cert";
    private static final String XADES_CERT_DIGEST = "CertDigest";
    private static final String XADES_ISSUER_SERIAL_V2 = "IssuerSerialV2";
    private static final String XADES_SIGNED_DATA_OBJECT_PROPERTIES = "SignedDataObjectProperties";
    private static final String XADES_DATA_OBJECT_FORMAT = "DataObjectFormat";
    private static final String XADES_MIME_TYPE = "MimeType";
    private static final String XADES_QUALIFYING_PROPERTIES = "QualifyingProperties";
    private static final String DS_PREFIX = "ds:";
    private static final String DS_DIGESTMETHOD = "DigestMethod";
    private static final String DS_DIGESTVALUE = "DigestValue";
    private static final String DS_OBJECT = "Object";
    private static final String DS_CANONICALIZATIONMETHOD = "CanonicalizationMethod";
    private static final String DS_REFERENCE = "Reference";
    private static final String DS_TRANSFORMS = "Transforms";
    private static final String DS_TRANSFORM = "Transform";
    private static final String XMLNS_DS = "xmlns:ds";
    private static final String XMLNS_XADES = "xmlns:xades";
    private static final String XML_ATTRIBUTE_ID = "Id";
    private static final String XML_ATTRIBUTE_ALGORITHM = "Algorithm";
    private static final String XML_ATTRIBUTE_OBJECT_REFERENCE = "ObjectReference";
    private static final String XML_ATTRIBUTE_TARGET = "Target";
    private static final String XML_ATTRIBUTE_TYPE = "Type";
    private static final String XML_ATTRIBUTE_URI = "URI";
    private static final String XML_MIMETYPE = "text/xml";
    private static final String DSS_CERTIFICATETOKEN_XMLID_PREFIX = "C-";
    private static DocumentBuilderFactory documentBuilderFactory;
    private static SystemTime systemTime;

    public static void createNewXadesObject(SignTaskDataType signTaskDataType, String str, X509Certificate x509Certificate, Date date) throws MessageProcessingException, IOException, SAXException, ParserConfigurationException, TransformerException, InvalidCanonicalizerException, CertificateEncodingException, NoSuchAlgorithmException, CanonicalizationException {
        SignAlgorithm algoByJavaName = SignAlgorithm.getAlgoByJavaName(str);
        DocumentBuilder signedInfoDocumentBuilder = getSignedInfoDocumentBuilder();
        Document parse = signedInfoDocumentBuilder.parse(new ByteArrayInputStream(signTaskDataType.getToBeSignedBytes()));
        Element element = parse.getElementsByTagNameNS(NS_W3_XMLDSIG, DS_CANONICALIZATIONMETHOD) != null ? (Element) parse.getElementsByTagNameNS(NS_W3_XMLDSIG, DS_CANONICALIZATIONMETHOD).item(0) : null;
        String str2 = null;
        if (element != null) {
            str2 = element.getAttribute(XML_ATTRIBUTE_ALGORITHM);
        }
        if (date == null) {
            date = DateUtils.round(getSystemTime().getSystemTime(), 13);
        }
        String signedPropertiesId = getSignedPropertiesId(signTaskDataType, date, x509Certificate);
        Document newDocument = signedInfoDocumentBuilder.newDocument();
        Element createElementNS = newDocument.createElementNS(NS_W3_XMLDSIG, "ds:Object");
        newDocument.appendChild(createElementNS);
        Element createElementNS2 = newDocument.createElementNS(NS_ETSI_1_3_2, "xades:QualifyingProperties");
        createElementNS2.setAttribute(XML_ATTRIBUTE_TARGET, "#" + signedPropertiesId);
        createElementNS.appendChild(createElementNS2);
        Element createElementNS3 = newDocument.createElementNS(NS_ETSI_1_3_2, "xades:SignedProperties");
        createElementNS3.setAttributeNS(NS_W3_XMLNS, XMLNS_DS, NS_W3_XMLDSIG);
        createElementNS3.setAttributeNS(NS_W3_XMLNS, XMLNS_XADES, NS_ETSI_1_3_2);
        createElementNS3.setAttribute(XML_ATTRIBUTE_ID, "xades-" + signedPropertiesId);
        createElementNS2.appendChild(createElementNS3);
        Element createElementNS4 = newDocument.createElementNS(NS_ETSI_1_3_2, "xades:SignedSignatureProperties");
        createElementNS3.appendChild(createElementNS4);
        Element createElementNS5 = newDocument.createElementNS(NS_ETSI_1_3_2, "xades:SigningTime");
        createElementNS5.appendChild(newDocument.createTextNode(se.signatureservice.support.utils.DateUtils.createXMLGregorianCalendar(date).toXMLFormat()));
        createElementNS4.appendChild(createElementNS5);
        if (x509Certificate != null) {
            Element createElementNS6 = newDocument.createElementNS(NS_ETSI_1_3_2, "xades:SigningCertificateV2");
            Element createElementNS7 = newDocument.createElementNS(NS_ETSI_1_3_2, "xades:Cert");
            Element createElementNS8 = newDocument.createElementNS(NS_ETSI_1_3_2, "xades:CertDigest");
            Element createElementNS9 = newDocument.createElementNS(NS_W3_XMLDSIG, "ds:DigestMethod");
            createElementNS9.setAttribute(XML_ATTRIBUTE_ALGORITHM, algoByJavaName.getDigestAlgo());
            createElementNS8.appendChild(createElementNS9);
            Element createElementNS10 = newDocument.createElementNS(NS_W3_XMLDSIG, "ds:DigestValue");
            createElementNS10.appendChild(newDocument.createTextNode(new String(Base64.encode(MessageDigest.getInstance(algoByJavaName.getMessageDigestName()).digest(x509Certificate.getEncoded())))));
            createElementNS8.appendChild(createElementNS10);
            createElementNS7.appendChild(createElementNS8);
            Element createElementNS11 = newDocument.createElementNS(NS_ETSI_1_3_2, "xades:IssuerSerialV2");
            createElementNS11.appendChild(newDocument.createTextNode(new String(Base64.encode(new IssuerSerial(new GeneralNames(new GeneralName(new X509CertificateHolder(x509Certificate.getEncoded()).getIssuer())), new ASN1Integer(x509Certificate.getSerialNumber())).toASN1Primitive().getEncoded("DER")))));
            createElementNS7.appendChild(createElementNS11);
            createElementNS6.appendChild(createElementNS7);
            createElementNS4.appendChild(createElementNS6);
        }
        Element createElementNS12 = newDocument.createElementNS(NS_ETSI_1_3_2, "xades:SignedDataObjectProperties");
        Element createElementNS13 = newDocument.createElementNS(NS_ETSI_1_3_2, "xades:DataObjectFormat");
        createElementNS13.setAttribute(XML_ATTRIBUTE_OBJECT_REFERENCE, generateDeterministicId(null, date, "#r-id-", "-1"));
        Element createElementNS14 = newDocument.createElementNS(NS_ETSI_1_3_2, "xades:MimeType");
        createElementNS14.appendChild(newDocument.createTextNode(XML_MIMETYPE));
        createElementNS13.appendChild(createElementNS14);
        createElementNS12.appendChild(createElementNS13);
        createElementNS3.appendChild(createElementNS12);
        byte[] signedPropertiesDigest = getSignedPropertiesDigest(str2, algoByJavaName.getMessageDigestName(), createElementNS3);
        if (!updateXAdESReference(parse, "#xades-" + signedPropertiesId, signedPropertiesDigest)) {
            createSignedPropertiesReference(parse, signedPropertiesId, str2, algoByJavaName.getDigestAlgo(), signedPropertiesDigest);
        }
        Canonicalizer canonicalizer = Canonicalizer.getInstance(str2);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        canonicalizer.canonicalizeSubtree(parse, byteArrayOutputStream);
        signTaskDataType.setToBeSignedBytes(byteArrayOutputStream.toByteArray());
        if (signTaskDataType.getAdESObject() == null) {
            signTaskDataType.setAdESObject(new AdESObjectType());
        }
        Transformer newTransformer = TransformerFactory.newInstance().newTransformer();
        newTransformer.setOutputProperty("omit-xml-declaration", "yes");
        DOMSource dOMSource = new DOMSource(createElementNS);
        ByteArrayOutputStream byteArrayOutputStream2 = new ByteArrayOutputStream();
        newTransformer.transform(dOMSource, new StreamResult(byteArrayOutputStream2));
        signTaskDataType.getAdESObject().setAdESObjectBytes(byteArrayOutputStream2.toByteArray());
        signTaskDataType.getAdESObject().setSignatureId(x509Certificate != null ? signedPropertiesId : null);
    }

    private static DocumentBuilderFactory getSignedInfoDocumentBuilderFactory() {
        if (documentBuilderFactory == null) {
            documentBuilderFactory = DocumentBuilderFactory.newInstance();
            documentBuilderFactory.setNamespaceAware(true);
        }
        return documentBuilderFactory;
    }

    private static DocumentBuilder getSignedInfoDocumentBuilder() throws ParserConfigurationException {
        return getSignedInfoDocumentBuilderFactory().newDocumentBuilder();
    }

    private static SystemTime getSystemTime() {
        if (systemTime == null) {
            systemTime = new DefaultSystemTime();
        }
        return systemTime;
    }

    public static Date getXadesSigningTime(SignTaskDataType signTaskDataType) throws ParserConfigurationException, IOException, SAXException {
        Date date = null;
        if (signTaskDataType == null || signTaskDataType.getAdESObject() == null || signTaskDataType.getAdESObject().getAdESObjectBytes() == null) {
            return null;
        }
        NodeList elementsByTagNameNS = getSignedInfoDocumentBuilder().parse(new ByteArrayInputStream(signTaskDataType.getAdESObject().getAdESObjectBytes())).getElementsByTagNameNS(NS_ETSI_1_3_2, XADES_SIGNING_TIME);
        if (elementsByTagNameNS.getLength() > 0) {
            date = se.signatureservice.support.utils.DateUtils.parseXMLDate(((Element) elementsByTagNameNS.item(0)).getFirstChild().getTextContent());
        }
        return date;
    }

    private static void createSignedPropertiesReference(Document document, String str, String str2, String str3, byte[] bArr) {
        Element createElementNS = document.createElementNS(NS_W3_XMLDSIG, "ds:Reference");
        document.getDocumentElement().appendChild(createElementNS);
        createElementNS.setAttribute(XML_ATTRIBUTE_TYPE, NS_ETSI_1_3_2_SIGNED_PROPERTIES);
        createElementNS.setAttribute(XML_ATTRIBUTE_URI, "#xades-" + str);
        Element createElementNS2 = document.createElementNS(NS_W3_XMLDSIG, "ds:Transforms");
        createElementNS.appendChild(createElementNS2);
        Element createElementNS3 = document.createElementNS(NS_W3_XMLDSIG, "ds:Transform");
        createElementNS2.appendChild(createElementNS3);
        createElementNS3.setAttribute(XML_ATTRIBUTE_ALGORITHM, str2);
        Element createElementNS4 = document.createElementNS(NS_W3_XMLDSIG, "ds:DigestMethod");
        createElementNS.appendChild(createElementNS4);
        createElementNS4.setAttribute(XML_ATTRIBUTE_ALGORITHM, str3);
        Element createElementNS5 = document.createElementNS(NS_W3_XMLDSIG, "ds:DigestValue");
        createElementNS.appendChild(createElementNS5);
        createElementNS5.setTextContent(new String(Base64.encode(bArr)));
    }

    private static boolean updateXAdESReference(Document document, String str, byte[] bArr) throws UnsupportedEncodingException {
        NodeList elementsByTagNameNS = document.getElementsByTagNameNS(NS_W3_XMLDSIG, DS_REFERENCE);
        for (int i = 0; i < elementsByTagNameNS.getLength(); i++) {
            Element element = (Element) elementsByTagNameNS.item(i);
            if (element.getAttribute(XML_ATTRIBUTE_TYPE).equalsIgnoreCase(NS_ETSI_1_3_2_SIGNED_PROPERTIES)) {
                element.setAttribute(XML_ATTRIBUTE_URI, str);
                ((Element) element.getElementsByTagNameNS(NS_W3_XMLDSIG, DS_DIGESTVALUE).item(0)).getFirstChild().setNodeValue(new String(Base64.encode(bArr), StandardCharsets.UTF_8));
                return true;
            }
        }
        return false;
    }

    private static String getSignedPropertiesId(SignTaskDataType signTaskDataType, Date date, X509Certificate x509Certificate) {
        return (signTaskDataType == null || signTaskDataType.getAdESObject() == null || signTaskDataType.getAdESObject().getSignatureId() == null) ? x509Certificate != null ? generateDeterministicId(x509Certificate, date, "id-") : generateRandomId("id-") : signTaskDataType.getAdESObject().getSignatureId();
    }

    private static String generateRandomId(String str) {
        return str + UUID.randomUUID().toString().toLowerCase();
    }

    private static byte[] getSignedPropertiesDigest(String str, String str2, Element element) {
        byte[] bArr = null;
        try {
            Canonicalizer canonicalizer = Canonicalizer.getInstance(str);
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            canonicalizer.canonicalizeSubtree(element, byteArrayOutputStream);
            bArr = MessageDigest.getInstance(str2).digest(byteArrayOutputStream.toByteArray());
        } catch (Exception e) {
            e.printStackTrace();
        }
        return bArr;
    }

    private static String generateDeterministicId(X509Certificate x509Certificate, Date date, String str) {
        return generateDeterministicId(x509Certificate, date, str, null);
    }

    private static String generateDeterministicId(X509Certificate x509Certificate, Date date, String str, String str2) {
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            DataOutputStream dataOutputStream = new DataOutputStream(byteArrayOutputStream);
            if (date != null) {
                dataOutputStream.writeLong(date.getTime());
            }
            if (x509Certificate != null) {
                dataOutputStream.writeChars(DSS_CERTIFICATETOKEN_XMLID_PREFIX + DatatypeConverter.printHexBinary(MessageDigest.getInstance("SHA-256").digest(x509Certificate.getEncoded())).toUpperCase());
            }
            dataOutputStream.flush();
            return str + DatatypeConverter.printHexBinary(MessageDigest.getInstance("MD5").digest(byteArrayOutputStream.toByteArray())).toLowerCase() + (str2 != null ? str2 : "");
        } catch (Exception e) {
            return null;
        }
    }

    public static boolean isXadesSignTask(SignTaskDataType signTaskDataType) {
        return signTaskDataType.getSigType().equals(SigType.XML.name()) && signTaskDataType.getAdESType() != null;
    }

    public static boolean isCadesSignTask(SignTaskDataType signTaskDataType) {
        return signTaskDataType.getSigType().equals(SigType.CMS.name()) && signTaskDataType.getAdESType() != null;
    }

    public static boolean isPadesSignTask(SignTaskDataType signTaskDataType) {
        return signTaskDataType.getSigType().equals(SigType.PDF.name()) && signTaskDataType.getAdESType() != null;
    }

    public static List<SignTaskDataType> getSignTasks(SignResponse signResponse) throws InvalidArgumentException {
        List any;
        if (signResponse != null && signResponse.getSignatureObject() != null && signResponse.getSignatureObject().getOther() != null && (any = signResponse.getSignatureObject().getOther().getAny()) != null) {
            for (Object obj : any) {
                if (obj instanceof JAXBElement) {
                    JAXBElement jAXBElement = (JAXBElement) obj;
                    if (jAXBElement.getValue() instanceof SignTasksType) {
                        return ((SignTasksType) jAXBElement.getValue()).getSignTaskData();
                    }
                }
            }
        }
        throw new InvalidArgumentException("Error no SignTasks found in response.");
    }

    public static List<X509Certificate> getSignatureCertificateChain(SignResponse signResponse) throws CertificateException {
        ArrayList arrayList = new ArrayList();
        if (signResponse != null && signResponse.getOptionalOutputs() != null) {
            for (Object obj : signResponse.getOptionalOutputs().getAny()) {
                if (obj instanceof JAXBElement) {
                    JAXBElement jAXBElement = (JAXBElement) obj;
                    if (jAXBElement.getValue() instanceof SignResponseExtensionType) {
                        Iterator it = ((SignResponseExtensionType) jAXBElement.getValue()).getSignatureCertificateChain().getX509Certificate().iterator();
                        while (it.hasNext()) {
                            arrayList.add(CertUtils.getCertfromByteArray((byte[]) it.next()));
                        }
                    }
                }
            }
        }
        return arrayList;
    }
}
