package se.signatureservice.support.api.v2;

import eu.europa.esig.dss.AbstractSignatureParameters;
import eu.europa.esig.dss.cades.CAdESSignatureParameters;
import eu.europa.esig.dss.cades.signature.CAdESService;
import eu.europa.esig.dss.diagnostic.CertificateWrapper;
import eu.europa.esig.dss.enumerations.Indication;
import eu.europa.esig.dss.enumerations.SignatureAlgorithm;
import eu.europa.esig.dss.enumerations.SignatureForm;
import eu.europa.esig.dss.enumerations.SignatureLevel;
import eu.europa.esig.dss.enumerations.SignaturePackaging;
import eu.europa.esig.dss.enumerations.SignerTextPosition;
import eu.europa.esig.dss.enumerations.TokenExtractionStrategy;
import eu.europa.esig.dss.jaxb.common.SchemaFactoryBuilder;
import eu.europa.esig.dss.jaxb.common.XmlDefinerUtils;
import eu.europa.esig.dss.model.DSSDocument;
import eu.europa.esig.dss.model.DSSException;
import eu.europa.esig.dss.model.InMemoryDocument;
import eu.europa.esig.dss.model.MimeType;
import eu.europa.esig.dss.model.SignatureValue;
import eu.europa.esig.dss.model.x509.CertificateToken;
import eu.europa.esig.dss.pades.DSSFileFont;
import eu.europa.esig.dss.pades.PAdESSignatureParameters;
import eu.europa.esig.dss.pades.SignatureFieldParameters;
import eu.europa.esig.dss.pades.SignatureImageParameters;
import eu.europa.esig.dss.pades.SignatureImageTextParameters;
import eu.europa.esig.dss.pades.signature.PAdESService;
import eu.europa.esig.dss.service.crl.OnlineCRLSource;
import eu.europa.esig.dss.service.http.commons.CommonsDataLoader;
import eu.europa.esig.dss.service.http.commons.FileCacheDataLoader;
import eu.europa.esig.dss.service.http.commons.HostConnection;
import eu.europa.esig.dss.service.http.commons.OCSPDataLoader;
import eu.europa.esig.dss.service.http.commons.UserCredentials;
import eu.europa.esig.dss.service.http.proxy.ProxyConfig;
import eu.europa.esig.dss.service.http.proxy.ProxyProperties;
import eu.europa.esig.dss.service.ocsp.OnlineOCSPSource;
import eu.europa.esig.dss.service.tsp.OnlineTSPSource;
import eu.europa.esig.dss.spi.client.http.DataLoader;
import eu.europa.esig.dss.spi.x509.CertificateSource;
import eu.europa.esig.dss.spi.x509.CommonTrustedCertificateSource;
import eu.europa.esig.dss.spi.x509.KeyStoreCertificateSource;
import eu.europa.esig.dss.spi.x509.aia.DefaultAIASource;
import eu.europa.esig.dss.spi.x509.revocation.crl.CRLSource;
import eu.europa.esig.dss.spi.x509.revocation.ocsp.OCSPSource;
import eu.europa.esig.dss.spi.x509.tsp.TSPSource;
import eu.europa.esig.dss.validation.CertificateVerifier;
import eu.europa.esig.dss.validation.CommonCertificateVerifier;
import eu.europa.esig.dss.validation.SignedDocumentValidator;
import eu.europa.esig.dss.validation.reports.Reports;
import eu.europa.esig.dss.xades.XAdESSignatureParameters;
import eu.europa.esig.dss.xades.signature.XAdESService;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import java.io.ObjectStreamClass;
import java.io.UnsupportedEncodingException;
import java.net.URL;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.security.InvalidParameterException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Date;
import java.util.GregorianCalendar;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import javax.xml.bind.JAXBElement;
import javax.xml.datatype.DatatypeConfigurationException;
import javax.xml.datatype.DatatypeFactory;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.transform.TransformerException;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang3.EnumUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.time.DateUtils;
import org.apache.xml.security.Init;
import org.apache.xml.security.c14n.CanonicalizationException;
import org.apache.xml.security.c14n.InvalidCanonicalizerException;
import org.bouncycastle.util.encoders.Base64;
import org.certificateservices.messages.ContextMessageSecurityProvider;
import org.certificateservices.messages.MessageContentException;
import org.certificateservices.messages.MessageProcessingException;
import org.certificateservices.messages.MessageSecurityProvider;
import org.certificateservices.messages.authcontsaci1.AuthContSaciMessageParser;
import org.certificateservices.messages.authcontsaci1.jaxb.SAMLAuthContextType;
import org.certificateservices.messages.csmessages.manager.MessageSecurityProviderManager;
import org.certificateservices.messages.dss1.core.jaxb.SignResponse;
import org.certificateservices.messages.saml2.SAMLParserCustomisations;
import org.certificateservices.messages.saml2.assertion.jaxb.AttributeStatementType;
import org.certificateservices.messages.saml2.assertion.jaxb.AttributeType;
import org.certificateservices.messages.saml2.assertion.jaxb.AudienceRestrictionType;
import org.certificateservices.messages.saml2.assertion.jaxb.ConditionsType;
import org.certificateservices.messages.saml2.assertion.jaxb.NameIDType;
import org.certificateservices.messages.sweeid2.dssextenstions1_1.AdESType;
import org.certificateservices.messages.sweeid2.dssextenstions1_1.SigType;
import org.certificateservices.messages.sweeid2.dssextenstions1_1.SignMessageMimeType;
import org.certificateservices.messages.sweeid2.dssextenstions1_1.SweEID2DSSExtensionsMessageParser;
import org.certificateservices.messages.sweeid2.dssextenstions1_1.jaxb.MappedAttributeType;
import org.certificateservices.messages.sweeid2.dssextenstions1_1.jaxb.ObjectFactory;
import org.certificateservices.messages.sweeid2.dssextenstions1_1.jaxb.PreferredSAMLAttributeNameType;
import org.certificateservices.messages.sweeid2.dssextenstions1_1.jaxb.SignMessageType;
import org.certificateservices.messages.sweeid2.dssextenstions1_1.jaxb.SignRequestExtensionType;
import org.certificateservices.messages.sweeid2.dssextenstions1_1.jaxb.SignTaskDataType;
import org.certificateservices.messages.sweeid2.dssextenstions1_1.jaxb.SignTasksType;
import org.certificateservices.messages.utils.CertUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.context.MessageSource;
import org.xml.sax.SAXException;
import se.signatureservice.configuration.common.InternalErrorException;
import se.signatureservice.configuration.common.InvalidArgumentException;
import se.signatureservice.configuration.common.cache.CacheProvider;
import se.signatureservice.configuration.common.cache.MetaData;
import se.signatureservice.configuration.common.utils.ColorParser;
import se.signatureservice.configuration.common.utils.ConfigUtils;
import se.signatureservice.configuration.support.system.Constants;
import se.signatureservice.configuration.support.system.TimeStampConfig;
import se.signatureservice.support.api.AvailableSignatureAttributes;
import se.signatureservice.support.api.ErrorCode;
import se.signatureservice.support.api.SupportServiceAPI;
import se.signatureservice.support.api.v2.CompleteSignatureResponse;
import se.signatureservice.support.pdf.PdfBoxSupportObjectFactory;
import se.signatureservice.support.signer.CAdESSignatureAttributePreProcessor;
import se.signatureservice.support.signer.PAdESSignatureAttributePreProcessor;
import se.signatureservice.support.signer.SignTaskHelper;
import se.signatureservice.support.signer.SignatureAttributePreProcessor;
import se.signatureservice.support.signer.XAdESSignatureAttributePreProcessor;
import se.signatureservice.support.system.SupportAPIConfiguration;
import se.signatureservice.support.system.SupportAPIProfile;
import se.signatureservice.support.system.TransactionState;
import se.signatureservice.support.trustlist.TrustedListsCertificateSourceBuilder;
import se.signatureservice.support.utils.DSSLibraryUtils;
import se.signatureservice.support.utils.SupportLibraryUtils;

/* loaded from: input_file:se/signatureservice/support/api/v2/V2SupportServiceAPI.class */
public class V2SupportServiceAPI implements SupportServiceAPI {
    private static final Logger log = LoggerFactory.getLogger(V2SupportServiceAPI.class);
    private final XAdESService xAdESService;
    private final PAdESService pAdESService;
    private final CAdESService cAdESService;
    private final Map<String, TSPSource> onlineTSPSources;
    private CertificateVerifier certificateVerifier;
    private DefaultAIASource aiaSource;
    private CRLSource crlSource;
    private OCSPSource ocspSource;
    private final Map<SigType, SignatureAttributePreProcessor> signatureAttributePreProcessors;
    private final SupportAPIConfiguration apiConfig;
    private final MessageSource messageSource;
    private final CacheProvider cacheProvider;
    private SweEID2DSSExtensionsMessageParser sweEID2DSSExtensionsMessageParser;
    private AuthContSaciMessageParser authContSaciMessageParser;
    private ObjectFactory sweEid2ObjectFactory;
    private org.certificateservices.messages.saml2.assertion.jaxb.ObjectFactory saml2ObjectFactory;
    private DatatypeFactory datatypeFactory;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: se.signatureservice.support.api.v2.V2SupportServiceAPI$2, reason: invalid class name */
    /* loaded from: input_file:se/signatureservice/support/api/v2/V2SupportServiceAPI$2.class */
    public static /* synthetic */ class AnonymousClass2 {
        static final /* synthetic */ int[] $SwitchMap$org$certificateservices$messages$sweeid2$dssextenstions1_1$SigType = new int[SigType.values().length];

        static {
            try {
                $SwitchMap$org$certificateservices$messages$sweeid2$dssextenstions1_1$SigType[SigType.XML.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$certificateservices$messages$sweeid2$dssextenstions1_1$SigType[SigType.PDF.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$certificateservices$messages$sweeid2$dssextenstions1_1$SigType[SigType.CMS.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
        }
    }

    /* loaded from: input_file:se/signatureservice/support/api/v2/V2SupportServiceAPI$Builder.class */
    public static class Builder {
        SupportAPIConfiguration config = new SupportAPIConfiguration();

        public Builder messageSource(MessageSource messageSource) {
            this.config.setMessageSource(messageSource);
            return this;
        }

        public Builder messageSecurityProvider(MessageSecurityProvider messageSecurityProvider) {
            this.config.setMessageSecurityProvider(messageSecurityProvider);
            return this;
        }

        public Builder cacheProvider(CacheProvider cacheProvider) {
            this.config.setCacheProvider(cacheProvider);
            return this;
        }

        public Builder trustedCertificateSource(CertificateSource certificateSource) {
            this.config.setTrustedCertificateSource(certificateSource);
            return this;
        }

        public Builder certificateVerifier(CertificateVerifier certificateVerifier) {
            this.config.setCertificateVerifier(certificateVerifier);
            return this;
        }

        public Builder defaultTimeStampSource(TSPSource tSPSource) {
            this.config.setDefaultTimeStampSource(tSPSource);
            return this;
        }

        public Builder validationProxy(String str, int i) {
            return validationProxy(str, i, null, null, null);
        }

        public Builder validationProxy(String str, int i, List<String> list) {
            return validationProxy(str, i, null, null, list);
        }

        public Builder validationProxy(String str, int i, String str2, String str3) {
            return validationProxy(str, i, str2, str3, null);
        }

        public Builder validationProxy(String str, int i, String str2, String str3, List<String> list) {
            ProxyConfig proxyConfig = new ProxyConfig();
            ProxyProperties proxyProperties = new ProxyProperties();
            proxyProperties.setHost(str);
            proxyProperties.setPort(i);
            if (str2 != null) {
                proxyProperties.setUser(str2);
            }
            if (str3 != null) {
                proxyProperties.setPassword(str3);
            }
            if (list != null) {
                proxyProperties.setExcludedHosts(list);
            }
            proxyConfig.setHttpProperties(proxyProperties);
            proxyConfig.setHttpsProperties(proxyProperties);
            this.config.setValidationProxyConfig(proxyConfig);
            return this;
        }

        public Builder validationPolicyDirectory(String str) {
            this.config.setValidationPolicyDirectory(str);
            return this;
        }

        public Builder validationCacheExpirationTimeMS(long j) {
            this.config.setValidationCacheExpirationTimeMS(j);
            return this;
        }

        public Builder simpleValidationReport(boolean z) {
            this.config.setUseSimpleValidationReport(z);
            return this;
        }

        public Builder ignoreMissingRevocationData(boolean z) {
            this.config.setIgnoreMissingRevocationData(z);
            return this;
        }

        public Builder addSignMessageRecipients(String str, List<X509Certificate> list) {
            if (!this.config.getEncryptedSignMessageRecipients().containsKey(str)) {
                this.config.getEncryptedSignMessageRecipients().put(str, new ArrayList());
            }
            this.config.getEncryptedSignMessageRecipients().get(str).addAll(list);
            return this;
        }

        public Builder addSignMessageRecipient(String str, X509Certificate x509Certificate) {
            if (!this.config.getEncryptedSignMessageRecipients().containsKey(str)) {
                this.config.getEncryptedSignMessageRecipients().put(str, new ArrayList());
            }
            this.config.getEncryptedSignMessageRecipients().get(str).add(x509Certificate);
            return this;
        }

        public Builder addAuthContextMapping(String str, String str2, String str3) {
            Map<String, Map> authContextMappings = this.config.getAuthContextMappings();
            if (authContextMappings == null) {
                authContextMappings = new HashMap();
            }
            HashMap hashMap = new HashMap();
            hashMap.put("context", str2);
            hashMap.put("loa", str3);
            authContextMappings.put(str, hashMap);
            this.config.setAuthContextMappings(authContextMappings);
            return this;
        }

        public SupportServiceAPI build() throws SupportServiceLibraryException {
            if (this.config.getAuthContextMappings() == null) {
                V2SupportServiceAPI.log.info("Using default authentication context mappings.");
                addAuthContextMapping("passwordProtectedTransport", "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport", "http://id.elegnamnden.se/loa/1.0/loa2");
                addAuthContextMapping("softwarePKI", "urn:oasis:names:tc:SAML:2.0:ac:classes:SoftwarePKI", "http://id.elegnamnden.se/loa/1.0/loa3");
                addAuthContextMapping("mobileTwoFactorContract", "urn:oasis:names:tc:SAML:2.0:ac:classes:MobileTwoFactorContract", "http://id.elegnamnden.se/loa/1.0/loa3");
                addAuthContextMapping("smartcardPKI", "urn:oasis:names:tc:SAML:2.0:ac:classes:SmartcardPKI", "http://id.elegnamnden.se/loa/1.0/loa4");
            }
            return new V2SupportServiceAPI(this.config);
        }
    }

    private V2SupportServiceAPI(SupportAPIConfiguration supportAPIConfiguration) throws SupportServiceLibraryException {
        this.signatureAttributePreProcessors = new HashMap();
        try {
            this.apiConfig = supportAPIConfiguration;
            this.messageSource = supportAPIConfiguration.getMessageSource();
            this.cacheProvider = supportAPIConfiguration.getCacheProvider();
            try {
                this.datatypeFactory = DatatypeFactory.newInstance();
            } catch (DatatypeConfigurationException e) {
                log.error("Failed to create instance of data type factory", e);
            }
            try {
                Init.init();
                MessageSecurityProviderManager.initMessageSecurityProvider(supportAPIConfiguration.getMessageSecurityProvider());
                this.sweEid2ObjectFactory = new ObjectFactory();
                this.saml2ObjectFactory = new org.certificateservices.messages.saml2.assertion.jaxb.ObjectFactory();
                this.sweEID2DSSExtensionsMessageParser = new SweEID2DSSExtensionsMessageParser();
                this.authContSaciMessageParser = new AuthContSaciMessageParser();
                this.sweEID2DSSExtensionsMessageParser.init(supportAPIConfiguration.getMessageSecurityProvider(), (SAMLParserCustomisations) null);
            } catch (MessageProcessingException e2) {
                log.error("Failed to initialize message security provider", e2);
            }
            this.xAdESService = new XAdESService(getCertificateVerifier());
            this.pAdESService = new PAdESService(getCertificateVerifier());
            this.cAdESService = new CAdESService(getCertificateVerifier());
            this.onlineTSPSources = new HashMap();
        } catch (Exception e3) {
            throw new SupportServiceLibraryException("Error while creating Support Service API: " + e3.getMessage());
        }
    }

    @Override // se.signatureservice.support.api.SupportServiceAPI
    public PreparedSignatureResponse prepareSignature(SupportAPIProfile supportAPIProfile, DocumentRequests documentRequests, String str, String str2, User user, String str3, String str4, List<Attribute> list) throws ClientErrorException, ServerErrorException {
        long currentTimeMillis = System.currentTimeMillis();
        try {
            if (str == null) {
                str = SupportLibraryUtils.generateTransactionId();
            } else {
                validateTransactionId(str);
            }
            if (this.cacheProvider.getBinary(str) != null) {
                log.error("Transaction ID has already been used (Transaction ID: " + str + ")");
                throw ((ClientErrorException) ErrorCode.UNSUPPORTED_TRANSACTION_ID.toException("Transaction ID has already been used", this.messageSource));
            }
            validateDocuments(documentRequests);
            validateAuthenticationServiceId(str3, supportAPIProfile);
            validateProfile(supportAPIProfile);
            ContextMessageSecurityProvider.Context context = new ContextMessageSecurityProvider.Context("SIGNREQUEST", supportAPIProfile.getRelatedProfile());
            PreparedSignatureResponse preparedSignatureResponse = new PreparedSignatureResponse();
            preparedSignatureResponse.setProfile(supportAPIProfile.getRelatedProfile());
            preparedSignatureResponse.setActionURL(getSignServiceRequestURL(supportAPIProfile, list));
            preparedSignatureResponse.setTransactionId(str);
            preparedSignatureResponse.setSignRequest(generateSignRequest(context, str, documentRequests, str2, user, str3, str4, supportAPIProfile, list));
            TransactionState fetchTransactionState = fetchTransactionState(str);
            if (fetchTransactionState == null) {
                throw ErrorCode.INTERNAL_ERROR.toException("Failed to generate signature request based on given input documents.");
            }
            fetchTransactionState.setProfile(supportAPIProfile.getRelatedProfile());
            fetchTransactionState.setTransactionId(str);
            fetchTransactionState.setSignMessage(str2);
            fetchTransactionState.setAuthenticationServiceId(str3);
            fetchTransactionState.setUser(user);
            fetchTransactionState.setDocuments(documentRequests);
            fetchTransactionState.setTransactionStart(currentTimeMillis);
            fetchTransactionState.setCompleted(false);
            storeTransactionState(preparedSignatureResponse.getTransactionId(), fetchTransactionState);
            log.info("Sign request successfully generated (" + ((int) (System.currentTimeMillis() - currentTimeMillis)) + " ms)");
            return preparedSignatureResponse;
        } catch (Exception e) {
            if (e instanceof ServerErrorException) {
                throw ((ServerErrorException) e);
            }
            if (e instanceof ClientErrorException) {
                throw ((ClientErrorException) e);
            }
            throw ((ServerErrorException) ErrorCode.INTERNAL_ERROR.toException("Failed to generate sign request: " + e.getMessage()));
        }
    }

    @Override // se.signatureservice.support.api.SupportServiceAPI
    public CompleteSignatureResponse completeSignature(SupportAPIProfile supportAPIProfile, String str, String str2) throws ClientErrorException, ServerErrorException {
        long currentTimeMillis = System.currentTimeMillis();
        try {
            TransactionState fetchTransactionState = fetchTransactionState(str2);
            if (fetchTransactionState == null) {
                log.error("Could not find any transaction related to transaction ID " + str2);
                throw ((ClientErrorException) ErrorCode.UNKNOWN_TRANSACTION.toException("Could not find transaction", this.messageSource));
            }
            if (fetchTransactionState.isCompleted()) {
                log.error("Transaction has already been completed (TransactionID: " + str2 + ")");
                throw ((ClientErrorException) ErrorCode.UNSUPPORTED_TRANSACTION_ID.toException("Transaction has already been completed", this.messageSource));
            }
            SignResponse signResponse = (SignResponse) synchronizedParseMessage(new ContextMessageSecurityProvider.Context("SIGNREQUEST", fetchTransactionState.getProfile()), Base64.decode(str.getBytes(StandardCharsets.UTF_8)), true);
            if (!signResponse.getResult().getResultMajor().contains("Success")) {
                throw ((ServerErrorException) ErrorCode.SIGN_RESPONSE_FAILED.toException("Sign response failed with error message: " + signResponse.getResult().getResultMessage().getValue()));
            }
            if (!signResponse.getRequestID().equals(str2)) {
                throw ((ClientErrorException) ErrorCode.UNSUPPORTED_TRANSACTION_ID.toException("Sign response transaction ID does not match the sign request transaction ID."));
            }
            List<SignTaskDataType> synchronizedGetSignTasks = synchronizedGetSignTasks(signResponse);
            X509Certificate[] x509CertificateArr = (X509Certificate[]) SignTaskHelper.getSignatureCertificateChain(signResponse).toArray(new X509Certificate[0]);
            ArrayList arrayList = new ArrayList();
            for (SignTaskDataType signTaskDataType : synchronizedGetSignTasks) {
                DocumentSigningRequest documentSigningRequest = null;
                for (Object obj : fetchTransactionState.getDocuments().getDocuments()) {
                    if (obj instanceof DocumentSigningRequest) {
                        DocumentSigningRequest documentSigningRequest2 = (DocumentSigningRequest) obj;
                        if (documentSigningRequest2.referenceId.equals(signTaskDataType.getSignTaskId())) {
                            documentSigningRequest = documentSigningRequest2;
                        }
                    }
                }
                if (documentSigningRequest != null) {
                    arrayList.add(signDocument(documentSigningRequest, signTaskDataType, x509CertificateArr, fetchTransactionState, supportAPIProfile));
                }
            }
            CompleteSignatureResponse completeSignatureResponse = new CompleteSignatureResponse();
            CompleteSignatureResponse.DocumentResponses documentResponses = new CompleteSignatureResponse.DocumentResponses();
            documentResponses.documents = new ArrayList();
            documentResponses.documents.addAll(arrayList);
            completeSignatureResponse.setDocuments(documentResponses);
            try {
                fetchTransactionState.setCompleted(true);
                storeTransactionState(str2, fetchTransactionState);
                log.info("Sign response successfully processed (" + ((int) (System.currentTimeMillis() - currentTimeMillis)) + " ms)");
                return completeSignatureResponse;
            } catch (Exception e) {
                throw ((ServerErrorException) ErrorCode.INTERNAL_ERROR.toException("Failed to store transaction state: " + e.getMessage()));
            }
        } catch (Exception e2) {
            log.error("Error while processing sign response: " + e2.getMessage());
            if (e2 instanceof ServerErrorException) {
                throw ((ServerErrorException) e2);
            }
            if (e2 instanceof ClientErrorException) {
                throw ((ClientErrorException) e2);
            }
            throw ((ServerErrorException) ErrorCode.INTERNAL_ERROR.toException("Failed to process sign response: " + e2.getMessage()));
        }
    }

    @Override // se.signatureservice.support.api.SupportServiceAPI
    public VerifyDocumentResponse verifyDocument(SupportAPIProfile supportAPIProfile, Document document) throws ClientErrorException, ServerErrorException {
        int i = 0;
        VerifyDocumentResponse verifyDocumentResponse = new VerifyDocumentResponse();
        verifyDocumentResponse.setReferenceId(document.referenceId);
        try {
            try {
                SignedDocumentValidator fromDocument = SignedDocumentValidator.fromDocument(DSSLibraryUtils.createDSSDocument(document));
                ArrayList arrayList = new ArrayList();
                if (fromDocument != null) {
                    if (document.isHasDetachedSignature()) {
                        ArrayList arrayList2 = new ArrayList();
                        InMemoryDocument inMemoryDocument = new InMemoryDocument();
                        inMemoryDocument.setBytes(document.getDetachedSignatureData());
                        arrayList2.add(inMemoryDocument);
                        fromDocument.setDetachedContents(arrayList2);
                    }
                    fromDocument.setCertificateVerifier(getCertificateVerifier());
                    SchemaFactoryBuilder secureSchemaBuilder = SchemaFactoryBuilder.getSecureSchemaBuilder();
                    secureSchemaBuilder.removeAttribute("http://javax.xml.XMLConstants/property/accessExternalDTD");
                    secureSchemaBuilder.removeAttribute("http://javax.xml.XMLConstants/property/accessExternalSchema");
                    XmlDefinerUtils.getInstance().setSchemaFactoryBuilder(secureSchemaBuilder);
                    fromDocument.setTokenExtractionStrategy(TokenExtractionStrategy.EXTRACT_CERTIFICATES_ONLY);
                    Reports validateDocument = fromDocument.validateDocument(getValidationPolicy(supportAPIProfile));
                    for (String str : validateDocument.getSimpleReport().getSignatureIdList()) {
                        CertificateWrapper usedCertificateById = validateDocument.getDiagnosticData().getUsedCertificateById(validateDocument.getDiagnosticData().getSigningCertificateId(str));
                        SAMLAuthContextType authContextFromCertificate = SupportLibraryUtils.getAuthContextFromCertificate(this.authContSaciMessageParser, CertUtils.getX509CertificateFromPEMorDER(usedCertificateById.getBinaries()));
                        Signature signature = new Signature();
                        signature.setSignerCertificate(usedCertificateById.getBinaries());
                        signature.setIssuerId(usedCertificateById.getCertificateIssuerDN());
                        signature.setSigningDate(validateDocument.getDiagnosticData().getSignatureDate(str));
                        signature.setSigningAlgorithm(SignatureAlgorithm.getAlgorithm(usedCertificateById.getEncryptionAlgorithm(), usedCertificateById.getDigestAlgorithm()).getJCEId());
                        signature.setValidFrom(usedCertificateById.getNotBefore());
                        signature.setValidTo(usedCertificateById.getNotAfter());
                        signature.setSignerId(SupportLibraryUtils.getUserIdFromAuthContext(authContextFromCertificate, supportAPIProfile));
                        signature.setSignerDisplayName(SupportLibraryUtils.getDisplayNameFromAuthContext(authContextFromCertificate));
                        signature.setLevelOfAssurance(SupportLibraryUtils.getLevelOfAssuranceFromAuthContext(this.apiConfig, authContextFromCertificate));
                        arrayList.add(signature);
                    }
                    for (String str2 : validateDocument.getSimpleReport().getSignatureIdList()) {
                        Indication indication = validateDocument.getSimpleReport().getIndication(str2);
                        if (indication == Indication.TOTAL_PASSED) {
                            i++;
                        } else if (verifyDocumentResponse.getVerificationErrorCode() == null || verifyDocumentResponse.getVerificationErrorCode().intValue() < indication.ordinal()) {
                            verifyDocumentResponse.setVerificationErrorCode(Integer.valueOf(indication.ordinal()));
                            verifyDocumentResponse.setVerificationErrorMessages(getMessagesFromList(validateDocument.getSimpleReport().getQualificationErrors(str2), "en"));
                        }
                    }
                    verifyDocumentResponse.setVerifies(i == validateDocument.getSimpleReport().getSignaturesCount() && i > 0);
                    if (validateDocument.getSimpleReport().getSignaturesCount() > 0) {
                        if (this.apiConfig.isUseSimpleValidationReport()) {
                            verifyDocumentResponse.setReportData(validateDocument.getXmlSimpleReport().getBytes(StandardCharsets.UTF_8));
                        } else {
                            verifyDocumentResponse.setReportData(validateDocument.getXmlDetailedReport().getBytes(StandardCharsets.UTF_8));
                        }
                        verifyDocumentResponse.setReportMimeType(MimeType.XML.getMimeTypeString());
                    } else {
                        verifyDocumentResponse.setReportData(null);
                    }
                } else {
                    verifyDocumentResponse.setVerifies(false);
                }
                verifyDocumentResponse.setSignatures(new Signatures(arrayList));
                return verifyDocumentResponse;
            } catch (Exception e) {
                log.error("Failed to create signed document validator: " + e.getMessage());
                verifyDocumentResponse.setVerifies(false);
                verifyDocumentResponse.setSignatures(new Signatures());
                return verifyDocumentResponse;
            }
        } catch (Exception e2) {
            log.error("Error while verifying signed document: " + e2.getMessage());
            if (e2 instanceof ServerErrorException) {
                throw ((ServerErrorException) e2);
            }
            if (e2 instanceof ClientErrorException) {
                throw ((ClientErrorException) e2);
            }
            throw ((ServerErrorException) ErrorCode.VERIFY_DOCUMENT_FAILED.toException("Failed to verify document: " + e2.getMessage()));
        }
    }

    protected synchronized String generateSignRequest(ContextMessageSecurityProvider.Context context, String str, DocumentRequests documentRequests, String str2, User user, String str3, String str4, SupportAPIProfile supportAPIProfile, List<Attribute> list) throws IOException, MessageContentException, MessageProcessingException, BaseAPIException, InvalidArgumentException, InternalErrorException, ClassNotFoundException, ParserConfigurationException, SAXException, InvalidCanonicalizerException, CanonicalizationException, CertificateEncodingException, NoSuchAlgorithmException, TransformerException {
        GregorianCalendar gregorianCalendar = new GregorianCalendar();
        gregorianCalendar.setTime(new Date());
        SignRequestExtensionType createSignRequestExtensionType = this.sweEid2ObjectFactory.createSignRequestExtensionType();
        if (StringUtils.isNoneEmpty(new CharSequence[]{str2})) {
            createSignRequestExtensionType.setSignMessage(generateSignMessage(context, str2, str3, supportAPIProfile));
        }
        createSignRequestExtensionType.setVersion(supportAPIProfile.getSignRequestExtensionVersion());
        createSignRequestExtensionType.setConditions(generateConditions(gregorianCalendar, str4, supportAPIProfile));
        createSignRequestExtensionType.setSigner(generateSigner(user, str3, supportAPIProfile));
        createSignRequestExtensionType.setRequestTime(this.datatypeFactory.newXMLGregorianCalendar(gregorianCalendar));
        createSignRequestExtensionType.setIdentityProvider(createNameIDType(str3, "urn:oasis:names:tc:SAML:2.0:nameid-format:entity"));
        createSignRequestExtensionType.setSignService(createNameIDType(supportAPIProfile.getSignServiceId(), "urn:oasis:names:tc:SAML:2.0:nameid-format:entity"));
        setCertRequestProperties(createSignRequestExtensionType, str3, supportAPIProfile, list);
        createSignRequestExtensionType.setSignRequester(createNameIDType(supportAPIProfile.getSignRequester(), "urn:oasis:names:tc:SAML:2.0:nameid-format:entity"));
        createSignRequestExtensionType.getCertRequestProperties().setCertType(supportAPIProfile.getCertificateType());
        createSignRequestExtensionType.setRequestedSignatureAlgorithm(SignatureAlgorithm.forJAVA(supportAPIProfile.getSignatureAlgorithm()).getUri());
        createSignRequestExtensionType.getCertRequestProperties().setRequestedCertAttributes(this.sweEid2ObjectFactory.createRequestedAttributesType());
        if (supportAPIProfile.isEnableAuthnProfile()) {
            createSignRequestExtensionType.setAuthnProfile(supportAPIProfile.getRelatedProfile());
        }
        if (supportAPIProfile.getRequestedCertAttributes() != null) {
            for (Map.Entry<String, Map<String, Object>> entry : supportAPIProfile.getRequestedCertAttributes().entrySet()) {
                createSignRequestExtensionType.getCertRequestProperties().getRequestedCertAttributes().getRequestedCertAttribute().add(generateRequestedAttribute(entry.getKey(), entry.getValue(), supportAPIProfile.getRelatedProfile()));
            }
        }
        JAXBElement createSignRequestExtension = this.sweEid2ObjectFactory.createSignRequestExtension(createSignRequestExtensionType);
        SignTasksType createSignTasksType = this.sweEid2ObjectFactory.createSignTasksType();
        for (Object obj : documentRequests.documents) {
            if (!(obj instanceof DocumentSigningRequest)) {
                if (obj instanceof DocumentRef) {
                    throw ErrorCode.UNSUPPORTED_OPERATION.toException("Document references not supported");
                }
                throw ErrorCode.UNSUPPORTED_OPERATION.toException("Input document type not supported: " + obj.getClass().getName());
            }
            DocumentSigningRequest documentSigningRequest = (DocumentSigningRequest) obj;
            if (documentSigningRequest.referenceId == null) {
                documentSigningRequest.referenceId = SupportLibraryUtils.generateReferenceId();
            }
            createSignTasksType.getSignTaskData().add(generateSignTask(documentSigningRequest, str, getSigningId(user, supportAPIProfile), supportAPIProfile, getSignatureAttributePreProcessor(documentSigningRequest).preProcess(list, documentSigningRequest)));
        }
        return new String(Base64.encode(this.sweEID2DSSExtensionsMessageParser.genSignRequest(context, str, "http://id.elegnamnden.se/csig/1.1/dss-ext/profile", createSignRequestExtension, this.sweEid2ObjectFactory.createSignTasks(createSignTasksType), true)), StandardCharsets.UTF_8);
    }

    private synchronized Document signDocument(DocumentSigningRequest documentSigningRequest, SignTaskDataType signTaskDataType, X509Certificate[] x509CertificateArr, TransactionState transactionState, SupportAPIProfile supportAPIProfile) throws ClientErrorException, ServerErrorException, MessageContentException, IOException, MessageProcessingException, ParserConfigurationException, SAXException {
        Document document = null;
        if (documentSigningRequest == null) {
            throw ((ClientErrorException) ErrorCode.INVALID_DOCUMENT.toException("Document to sign must be specified"));
        }
        if (signTaskDataType == null) {
            throw ((ClientErrorException) ErrorCode.INVALID_SIGN_TASK.toException("Sign task is null, it must be specified"));
        }
        if (x509CertificateArr == null || x509CertificateArr.length == 0) {
            throw ((ServerErrorException) ErrorCode.INVALID_CERTIFICATE_CHAIN.toException("Signature certificate chain missing or empty"));
        }
        if (getSignatureForm(signTaskDataType) == null) {
            throw ((ClientErrorException) ErrorCode.INVALID_SIGN_TASK.toException("Sign task contains invalid or unsupported signature algorithm (" + signTaskDataType.getSigType() + ")"));
        }
        try {
            CertificateToken certificateToken = new CertificateToken(x509CertificateArr[0]);
            SAMLAuthContextType authContextFromCertificate = SupportLibraryUtils.getAuthContextFromCertificate(this.authContSaciMessageParser, x509CertificateArr[0]);
            ArrayList arrayList = new ArrayList();
            for (X509Certificate x509Certificate : x509CertificateArr) {
                arrayList.add(new CertificateToken(x509Certificate));
            }
            DSSDocument createDSSDocument = DSSLibraryUtils.createDSSDocument(documentSigningRequest);
            SigType valueOf = SigType.valueOf(getSigTypeFromMimeType(documentSigningRequest.getType()));
            XAdESSignatureParameters signatureParameters = getSignatureParameters(signTaskDataType, valueOf, certificateToken, arrayList, documentSigningRequest, transactionState, supportAPIProfile);
            SignatureValue signatureValue = new SignatureValue(SignatureAlgorithm.forXML(signTaskDataType.getBase64Signature().getType()), signTaskDataType.getBase64Signature().getValue());
            String generateStrongReferenceId = SupportLibraryUtils.generateStrongReferenceId(transactionState.getTransactionId(), documentSigningRequest.getReferenceId());
            DSSDocument dSSDocument = null;
            switch (AnonymousClass2.$SwitchMap$org$certificateservices$messages$sweeid2$dssextenstions1_1$SigType[valueOf.ordinal()]) {
                case 1:
                    signatureParameters.setSignedAdESObject(signTaskDataType.getAdESObject().getAdESObjectBytes());
                    dSSDocument = this.xAdESService.signDocument(createDSSDocument, signatureParameters, signatureValue);
                    break;
                case 2:
                    PAdESSignatureParameters pAdESSignatureParameters = (PAdESSignatureParameters) signatureParameters;
                    boolean validateVisibleSignatureAttributesFromCache = validateVisibleSignatureAttributesFromCache(generateStrongReferenceId);
                    pAdESSignatureParameters.setSignerName(getSigningId(transactionState.getUser(), supportAPIProfile));
                    pAdESSignatureParameters.setContentSize(supportAPIProfile.getPadesContentSize());
                    if (supportAPIProfile.getVisibleSignature().isEnable()) {
                        if (validateVisibleSignatureAttributesFromCache) {
                            setVisibleSignature(supportAPIProfile, pAdESSignatureParameters, pAdESSignatureParameters.getSignerName(), generateStrongReferenceId, null);
                        } else {
                            log.warn("Visible signatures are enabled in configuration (enableVisibleSignature) but required signature attributes are missing. The following attributes are required: visible_signature_position_x, visible_signature_position_y, visible_signature_width, visible_signature_height");
                        }
                    }
                    dSSDocument = this.pAdESService.signDocument(createDSSDocument, pAdESSignatureParameters, signatureValue);
                    break;
                case 3:
                    dSSDocument = this.cAdESService.signDocument(createDSSDocument, (CAdESSignatureParameters) signatureParameters, signatureValue);
                    break;
            }
            if (dSSDocument != null) {
                String userIdFromAuthContext = SupportLibraryUtils.getUserIdFromAuthContext(authContextFromCertificate, supportAPIProfile);
                if (userIdFromAuthContext == null) {
                    userIdFromAuthContext = certificateToken.getSubject().getPrincipal().getName();
                }
                String displayNameFromAuthContext = SupportLibraryUtils.getDisplayNameFromAuthContext(authContextFromCertificate);
                if (displayNameFromAuthContext == null) {
                    displayNameFromAuthContext = CertUtils.getPartFromDN(certificateToken.getSubject().getPrincipal().getName(), "CN");
                }
                Signature signature = new Signature();
                signature.signerCertificate = certificateToken.getEncoded();
                signature.validFrom = certificateToken.getCertificate().getNotBefore();
                signature.validTo = certificateToken.getCertificate().getNotAfter();
                signature.signingDate = signatureParameters.bLevel().getSigningDate();
                signature.setSignerId(userIdFromAuthContext);
                signature.setSignerDisplayName(displayNameFromAuthContext);
                signature.setIssuerId(certificateToken.getIssuerX500Principal().getName());
                signature.signingAlgorithm = SignatureAlgorithm.forXML(signTaskDataType.getBase64Signature().getType()).toString();
                signature.levelOfAssurance = SupportLibraryUtils.getLevelOfAssuranceFromAuthContext(this.apiConfig, authContextFromCertificate);
                document = new Document();
                document.setName(documentSigningRequest.getName());
                document.setType(documentSigningRequest.getType());
                document.setReferenceId(documentSigningRequest.getReferenceId());
                document.setSignatures(new Signatures());
                document.getSignatures().getSigner().add(signature);
                document.data = IOUtils.toByteArray(dSSDocument.openStream());
            }
            if (supportAPIProfile.isEnableAutomaticValidation() && document != null) {
                try {
                    document.setValidationInfo(verifyDocument(supportAPIProfile, document));
                } catch (Exception e) {
                    log.error("Error while performing automatic validation of document: " + e.getMessage() + ")");
                }
            }
            return document;
        } catch (DSSException | InvalidArgumentException | InternalErrorException | BaseAPIException e2) {
            throw ((ServerErrorException) ErrorCode.SIGN_RESPONSE_FAILED.toException("Error while signing document: " + e2.getMessage() + ")"));
        }
    }

    private Messages getMessagesFromList(List<eu.europa.esig.dss.jaxb.object.Message> list, String str) {
        Messages messages = new Messages();
        messages.message = new ArrayList();
        for (eu.europa.esig.dss.jaxb.object.Message message : list) {
            Message message2 = new Message();
            message2.setText(String.format("%s: %s", message.getKey(), message.getValue()));
            message2.setLang(str);
            messages.message.add(message2);
        }
        return messages;
    }

    InputStream getValidationPolicy(SupportAPIProfile supportAPIProfile) throws FileNotFoundException {
        InputStream inputStream = null;
        String validationPolicyDirectory = this.apiConfig.getValidationPolicyDirectory();
        String validationPolicy = supportAPIProfile.getValidationPolicy();
        if (!validationPolicy.endsWith(".xml")) {
            validationPolicy = validationPolicy + ".xml";
        }
        Path path = validationPolicyDirectory != null ? Paths.get(validationPolicyDirectory, validationPolicy) : Paths.get(validationPolicy, new String[0]);
        try {
            String path2 = path.toString();
            if (!path2.startsWith("/")) {
                path2 = String.format("/%s", path2);
            }
            inputStream = getClass().getResourceAsStream(path2);
            if (inputStream == null) {
                inputStream = Files.newInputStream(path.toFile().toPath(), new OpenOption[0]);
            }
        } catch (Exception e) {
            log.error("Error while reading policy file: " + e.getMessage());
        }
        if (inputStream == null) {
            log.error("Could not load validation policy from path: " + path);
        }
        return inputStream;
    }

    private CertificateVerifier getCertificateVerifier() {
        if (this.certificateVerifier == null) {
            if (this.apiConfig.getCertificateVerifier() == null) {
                this.certificateVerifier = new CommonCertificateVerifier();
                this.certificateVerifier.setCrlSource(getCRLSource());
                this.certificateVerifier.setOcspSource(getOCSPSource());
                if (this.apiConfig.getTrustedCertificateSource() == null) {
                    log.warn("Verification of documents will not work properly as trusted certificate source is not specified");
                } else if (this.apiConfig.getTrustedCertificateSource() instanceof TrustedListsCertificateSourceBuilder) {
                    this.certificateVerifier.setAIASource(getAIASource());
                    this.certificateVerifier.setTrustedCertSources(new CertificateSource[]{this.apiConfig.getTrustedCertificateSource().getTrustedListsCertificateSource()});
                    if (this.apiConfig.getTrustedCertificateSource().getKeyStoreCertificateSource() != null) {
                        CertificateSource commonTrustedCertificateSource = new CommonTrustedCertificateSource();
                        commonTrustedCertificateSource.importAsTrusted(this.apiConfig.getTrustedCertificateSource().getKeyStoreCertificateSource());
                        this.certificateVerifier.addTrustedCertSources(new CertificateSource[]{commonTrustedCertificateSource});
                    }
                } else if (this.apiConfig.getTrustedCertificateSource() instanceof KeyStoreCertificateSource) {
                    CertificateSource commonTrustedCertificateSource2 = new CommonTrustedCertificateSource();
                    commonTrustedCertificateSource2.importAsTrusted(this.apiConfig.getTrustedCertificateSource());
                    this.certificateVerifier.setTrustedCertSources(new CertificateSource[]{commonTrustedCertificateSource2});
                }
                if (this.apiConfig.isIgnoreMissingRevocationData()) {
                    this.certificateVerifier.setAlertOnMissingRevocationData(status -> {
                        log.warn("Ignoring missing revocation data: " + status.getMessage() + ", error: " + status.getErrorString());
                    });
                }
            } else {
                this.certificateVerifier = this.apiConfig.getCertificateVerifier();
            }
        }
        return this.certificateVerifier;
    }

    private DataLoader getFileCacheDataLoader() {
        FileCacheDataLoader fileCacheDataLoader = new FileCacheDataLoader();
        CommonsDataLoader commonsDataLoader = new CommonsDataLoader();
        if (this.apiConfig.getValidationProxyConfig() != null) {
            commonsDataLoader.setProxyConfig(this.apiConfig.getValidationProxyConfig());
        }
        fileCacheDataLoader.setDataLoader(commonsDataLoader);
        fileCacheDataLoader.setFileCacheDirectory(new File(System.getProperty("java.io.tmpdir")));
        long validationCacheExpirationTimeMS = this.apiConfig.getValidationCacheExpirationTimeMS();
        log.info("Setting validation cache expiration time to " + validationCacheExpirationTimeMS + " ms");
        fileCacheDataLoader.setCacheExpirationTime(validationCacheExpirationTimeMS);
        return fileCacheDataLoader;
    }

    private DefaultAIASource getAIASource() {
        if (this.aiaSource == null) {
            log.debug("Initializing AIA loader");
            this.aiaSource = new DefaultAIASource(getFileCacheDataLoader());
        }
        return this.aiaSource;
    }

    private CRLSource getCRLSource() {
        if (this.crlSource == null) {
            log.debug("Initializing CRL loader");
            this.crlSource = new OnlineCRLSource(getFileCacheDataLoader());
        }
        return this.crlSource;
    }

    private OCSPSource getOCSPSource() {
        if (this.ocspSource == null) {
            log.debug("Initializing OCSP loader");
            OCSPDataLoader oCSPDataLoader = new OCSPDataLoader();
            if (this.apiConfig.getValidationProxyConfig() != null) {
                oCSPDataLoader.setProxyConfig(this.apiConfig.getValidationProxyConfig());
            }
            this.ocspSource = new OnlineOCSPSource(oCSPDataLoader);
        }
        return this.ocspSource;
    }

    private synchronized Object synchronizedParseMessage(ContextMessageSecurityProvider.Context context, byte[] bArr, boolean z) throws MessageContentException, MessageProcessingException {
        return this.sweEID2DSSExtensionsMessageParser.parseMessage(context, bArr, z);
    }

    private synchronized List<SignTaskDataType> synchronizedGetSignTasks(SignResponse signResponse) throws InvalidArgumentException {
        return SignTaskHelper.getSignTasks(signResponse);
    }

    private NameIDType createNameIDType(String str, String str2) {
        NameIDType nameIDType = new NameIDType();
        nameIDType.setValue(str);
        nameIDType.setFormat(str2);
        return nameIDType;
    }

    private SignatureForm getSignatureForm(SignTaskDataType signTaskDataType) {
        if (SignTaskHelper.isXadesSignTask(signTaskDataType)) {
            return SignatureForm.XAdES;
        }
        if (SignTaskHelper.isCadesSignTask(signTaskDataType)) {
            return SignatureForm.CAdES;
        }
        if (SignTaskHelper.isPadesSignTask(signTaskDataType)) {
            return SignatureForm.PAdES;
        }
        return null;
    }

    protected String getSigningId(User user, SupportAPIProfile supportAPIProfile) {
        String userId = user.getUserId();
        if (supportAPIProfile.getUserDisplayNameAttribute() != null && user.getUserAttributes() != null) {
            Attribute attribute = null;
            Iterator<Attribute> it = user.getUserAttributes().iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                Attribute next = it.next();
                if (next.getKey().equals(supportAPIProfile.getUserDisplayNameAttribute())) {
                    attribute = next;
                    break;
                }
            }
            if (attribute != null) {
                userId = attribute.getValue();
            }
        }
        return userId;
    }

    private SignTaskDataType generateSignTask(DocumentSigningRequest documentSigningRequest, String str, String str2, SupportAPIProfile supportAPIProfile, List<Attribute> list) throws InvalidArgumentException, BaseAPIException, IOException, InternalErrorException, ClassNotFoundException, ParserConfigurationException, MessageProcessingException, SAXException, InvalidCanonicalizerException, CanonicalizationException, CertificateEncodingException, NoSuchAlgorithmException, TransformerException {
        SignTaskDataType createSignTaskDataType = this.sweEid2ObjectFactory.createSignTaskDataType();
        createSignTaskDataType.setSigType(getSigTypeFromMimeType(documentSigningRequest.type));
        createSignTaskDataType.setSignTaskId(documentSigningRequest.getReferenceId());
        createSignTaskDataType.setToBeSignedBytes(generateToBeSignedBytes(createSignTaskDataType, documentSigningRequest, str, str2, supportAPIProfile, list));
        return createSignTaskDataType;
    }

    protected boolean validateVisibleSignatureAttributesFromCache(String str) throws InvalidArgumentException, IOException, InternalErrorException {
        return (this.cacheProvider.get(str, AvailableSignatureAttributes.VISIBLE_SIGNATURE_POSITION_X) == null || this.cacheProvider.get(str, AvailableSignatureAttributes.VISIBLE_SIGNATURE_POSITION_Y) == null || this.cacheProvider.get(str, AvailableSignatureAttributes.VISIBLE_SIGNATURE_WIDTH) == null || this.cacheProvider.get(str, AvailableSignatureAttributes.VISIBLE_SIGNATURE_HEIGHT) == null) ? false : true;
    }

    private MappedAttributeType generateRequestedAttribute(String str, Map<String, Object> map, String str2) throws BaseAPIException {
        try {
            MappedAttributeType mappedAttributeType = new MappedAttributeType();
            mappedAttributeType.setCertAttributeRef(ConfigUtils.parseString(map.get("certAttributeRef"), (String) null, false, (String) null));
            mappedAttributeType.setFriendlyName(str);
            mappedAttributeType.setRequired(ConfigUtils.parseBoolean(map.get("required"), (String) null, false, (Boolean) null));
            mappedAttributeType.setCertNameType(ConfigUtils.parseString(map.get("certNameType"), (String) null, false, (String) null));
            if (map.get("samlAttributeName") instanceof String) {
                PreferredSAMLAttributeNameType preferredSAMLAttributeNameType = new PreferredSAMLAttributeNameType();
                preferredSAMLAttributeNameType.setValue((String) map.get("samlAttributeName"));
                mappedAttributeType.getSamlAttributeName().add(preferredSAMLAttributeNameType);
            } else {
                if (!(map.get("samlAttributeName") instanceof List)) {
                    throw ErrorCode.INVALID_PROFILE.toException("The samlAttributeName under " + str2 + ".requestedCertAttributes must be a string or a list of map.");
                }
                for (Map map2 : (List) map.get("samlAttributeName")) {
                    if (map2.get("order") == null || map2.get("order").equals("")) {
                        PreferredSAMLAttributeNameType preferredSAMLAttributeNameType2 = new PreferredSAMLAttributeNameType();
                        preferredSAMLAttributeNameType2.setValue((String) map2.get("value"));
                        mappedAttributeType.getSamlAttributeName().add(preferredSAMLAttributeNameType2);
                    } else {
                        try {
                            int parseInt = Integer.parseInt(map2.get("order").toString());
                            if (parseInt < 0) {
                                throw ErrorCode.INVALID_PROFILE.toException(str2 + ".requestedCertAttributes." + str + "." + map2.get("value") + " has invalid order value. Order must be larger than or equal to 0");
                            }
                            PreferredSAMLAttributeNameType preferredSAMLAttributeNameType3 = new PreferredSAMLAttributeNameType();
                            preferredSAMLAttributeNameType3.setValue((String) map2.get("value"));
                            preferredSAMLAttributeNameType3.setOrder(Integer.valueOf(parseInt));
                            mappedAttributeType.getSamlAttributeName().add(preferredSAMLAttributeNameType3);
                        } catch (Exception e) {
                            throw ErrorCode.INVALID_PROFILE.toException(str2 + ".requestedCertAttributes." + str + "." + map2.get("value") + " has no-integer order value.");
                        }
                    }
                }
            }
            return mappedAttributeType;
        } catch (Exception e2) {
            throw ErrorCode.INVALID_PROFILE.toException("Invalid parameter specified in profile configuration: " + e2.getMessage());
        }
    }

    private TSPSource getTspSource(TimeStampConfig timeStampConfig) throws ServerErrorException {
        if (timeStampConfig.getUrl() == null) {
            if (this.apiConfig.getDefaultTimeStampSource() == null) {
                throw ((ServerErrorException) ErrorCode.MISSING_CONFIGURATION.toException("Time stamp url is missing in configuration and no default time stamp source is specified"));
            }
            log.debug("Using default time stamp source");
            return this.apiConfig.getDefaultTimeStampSource();
        }
        TSPSource tSPSource = this.onlineTSPSources.get(timeStampConfig.getUrl());
        if (tSPSource == null) {
            log.debug("Creating new time stamp source: " + timeStampConfig.getUrl());
            CommonsDataLoader commonsDataLoader = new CommonsDataLoader();
            if (timeStampConfig.getProxyHost() != null) {
                log.debug("Using proxy for time stamp source: " + timeStampConfig.getProxyHost());
                ProxyProperties proxyProperties = new ProxyProperties();
                proxyProperties.setHost(timeStampConfig.getProxyHost());
                proxyProperties.setPort(timeStampConfig.getProxyPort());
                proxyProperties.setScheme(timeStampConfig.getProxyScheme());
                proxyProperties.setUser(timeStampConfig.getProxyUser());
                proxyProperties.setPassword(timeStampConfig.getProxyPassword());
                if (timeStampConfig.getProxyExcludedHosts() != null) {
                    ArrayList arrayList = new ArrayList();
                    for (String str : timeStampConfig.getProxyExcludedHosts().split(",")) {
                        arrayList.add(str.trim());
                    }
                    proxyProperties.setExcludedHosts(arrayList);
                }
                ProxyConfig proxyConfig = new ProxyConfig();
                proxyConfig.setHttpsProperties(proxyProperties);
                proxyConfig.setHttpProperties(proxyProperties);
                commonsDataLoader.setProxyConfig(proxyConfig);
            }
            if (timeStampConfig.getKeyStorePath() != null && timeStampConfig.getKeyStorePassword() != null) {
                log.debug("Using keystore for time stamp source: " + timeStampConfig.getTrustStorePath());
                commonsDataLoader.setSslKeystore(DSSLibraryUtils.createDSSDocument(timeStampConfig.getKeyStorePath()));
                commonsDataLoader.setSslKeystorePassword(timeStampConfig.getKeyStorePassword());
                commonsDataLoader.setSslKeystoreType(timeStampConfig.getKeyStoreType());
            }
            if (timeStampConfig.getTrustStorePath() != null && timeStampConfig.getTrustStorePassword() != null) {
                log.debug("Using truststore for time stamp source: " + timeStampConfig.getTrustStorePath());
                commonsDataLoader.setSslTruststore(DSSLibraryUtils.createDSSDocument(timeStampConfig.getTrustStorePath()));
                commonsDataLoader.setSslTruststorePassword(timeStampConfig.getTrustStorePassword());
                commonsDataLoader.setSslTruststoreType(timeStampConfig.getTrustStoreType());
            }
            if (timeStampConfig.getUsername() != null && timeStampConfig.getPassword() != null) {
                try {
                    log.debug("Using username/password authentication for time stamp source");
                    URL url = new URL(timeStampConfig.getUrl());
                    commonsDataLoader.addAuthentication(new HostConnection(url.getHost(), url.getPort(), url.toURI().getScheme()), new UserCredentials(timeStampConfig.getUsername(), timeStampConfig.getPassword()));
                } catch (Exception e) {
                    log.error("Failed to configure username/password authentication for time stamp source: " + e.getMessage());
                }
            }
            tSPSource = new OnlineTSPSource(timeStampConfig.getUrl(), commonsDataLoader);
            this.onlineTSPSources.put(timeStampConfig.getUrl(), tSPSource);
        } else {
            log.debug("Using cached time stamp source: " + timeStampConfig.getUrl());
        }
        return tSPSource;
    }

    private byte[] generateToBeSignedBytes(SignTaskDataType signTaskDataType, DocumentSigningRequest documentSigningRequest, String str, String str2, SupportAPIProfile supportAPIProfile, List<Attribute> list) throws BaseAPIException, InvalidArgumentException, IOException, InternalErrorException, ClassNotFoundException, ParserConfigurationException, MessageProcessingException, SAXException, InvalidCanonicalizerException, CanonicalizationException, CertificateEncodingException, NoSuchAlgorithmException, TransformerException {
        SigType valueOf = SigType.valueOf(getSigTypeFromMimeType(documentSigningRequest.getType()));
        DSSDocument createDSSDocument = DSSLibraryUtils.createDSSDocument(documentSigningRequest);
        XAdESSignatureParameters signatureParameters = getSignatureParameters(valueOf, supportAPIProfile);
        switch (AnonymousClass2.$SwitchMap$org$certificateservices$messages$sweeid2$dssextenstions1_1$SigType[valueOf.ordinal()]) {
            case 1:
                if (!supportAPIProfile.getXadesSignatureLevel().equals(SignatureLevel.XAdES_BASELINE_B.toString())) {
                    this.xAdESService.setTspSource(getTspSource(supportAPIProfile.getTimeStamp()));
                }
                signTaskDataType.setToBeSignedBytes(this.xAdESService.getDataToSign(createDSSDocument, signatureParameters).getBytes());
                break;
            case 2:
                if (!supportAPIProfile.getPadesSignatureLevel().equals(SignatureLevel.PAdES_BASELINE_B.toString())) {
                    this.pAdESService.setTspSource(getTspSource(supportAPIProfile.getTimeStamp()));
                }
                PAdESSignatureParameters pAdESSignatureParameters = (PAdESSignatureParameters) signatureParameters;
                pAdESSignatureParameters.setSignerName(str2);
                pAdESSignatureParameters.setContentSize(supportAPIProfile.getPadesContentSize());
                if (supportAPIProfile.getVisibleSignature().isEnable()) {
                    setVisibleSignature(supportAPIProfile, pAdESSignatureParameters, str2, SupportLibraryUtils.generateStrongReferenceId(str, documentSigningRequest.getReferenceId()), list);
                }
                this.pAdESService.setPdfObjFactory(new PdfBoxSupportObjectFactory());
                signTaskDataType.setToBeSignedBytes(this.pAdESService.getDataToSign(createDSSDocument, pAdESSignatureParameters).getBytes());
                break;
            case 3:
                if (!supportAPIProfile.getCadesSignatureLevel().equals(SignatureLevel.CAdES_BASELINE_B.toString())) {
                    this.cAdESService.setTspSource(getTspSource(supportAPIProfile.getTimeStamp()));
                }
                signTaskDataType.setToBeSignedBytes(this.cAdESService.getDataToSign(createDSSDocument, (CAdESSignatureParameters) signatureParameters).getBytes());
                break;
        }
        AdESType adESType = getAdESType(valueOf, supportAPIProfile);
        signTaskDataType.setAdESType(adESType.name());
        if (adESType == AdESType.BES && valueOf == SigType.XML) {
            SignTaskHelper.createNewXadesObject(signTaskDataType, supportAPIProfile.getSignatureAlgorithm(), null, signatureParameters.bLevel().getSigningDate());
        }
        TransactionState fetchTransactionState = fetchTransactionState(str);
        if (fetchTransactionState == null) {
            fetchTransactionState = new TransactionState();
        }
        fetchTransactionState.getSigningTime().put(documentSigningRequest.referenceId, signatureParameters.bLevel().getSigningDate());
        storeTransactionState(str, fetchTransactionState);
        log.debug("Generated ToBeSignedBytes (" + valueOf.name() + ") = " + new String(Base64.encode(signTaskDataType.getToBeSignedBytes())));
        return signTaskDataType.getToBeSignedBytes();
    }

    protected SignatureAttributePreProcessor getSignatureAttributePreProcessor(DocumentSigningRequest documentSigningRequest) throws ClientErrorException {
        SigType valueOf = SigType.valueOf(getSigTypeFromMimeType(documentSigningRequest.getType()));
        if (this.signatureAttributePreProcessors.get(valueOf) == null) {
            switch (AnonymousClass2.$SwitchMap$org$certificateservices$messages$sweeid2$dssextenstions1_1$SigType[valueOf.ordinal()]) {
                case 1:
                    this.signatureAttributePreProcessors.put(valueOf, new XAdESSignatureAttributePreProcessor());
                    break;
                case 2:
                    this.signatureAttributePreProcessors.put(valueOf, new PAdESSignatureAttributePreProcessor());
                    break;
                case 3:
                    this.signatureAttributePreProcessors.put(valueOf, new CAdESSignatureAttributePreProcessor());
                    break;
                default:
                    throw ((ClientErrorException) ErrorCode.INVALID_MIMETYPE.toException("Invalid mimetype in document signing request"));
            }
        }
        return this.signatureAttributePreProcessors.get(valueOf);
    }

    protected void setCertRequestProperties(SignRequestExtensionType signRequestExtensionType, String str, SupportAPIProfile supportAPIProfile, List<Attribute> list) throws BaseAPIException {
        String attributeValue = AvailableSignatureAttributes.getAttributeValue(list, AvailableSignatureAttributes.ATTRIBUTE_AUTH_CONTEXT_CLASS_REF);
        List<String> authnContextClassRefs = getAuthnContextClassRefs(str, supportAPIProfile);
        if (attributeValue == null) {
            log.debug("No value specified in Signature Request 'signatureAttributes' for attribute: auth_context_class_ref. Setting certification request properties from list of AuthnContextClassRefs: " + authnContextClassRefs + ". Given authenticationServiceId: " + str);
            signRequestExtensionType.setCertRequestProperties(this.sweEid2ObjectFactory.createCertRequestPropertiesType());
            signRequestExtensionType.getCertRequestProperties().getAuthnContextClassRef().addAll(authnContextClassRefs);
        } else {
            if (!authnContextClassRefs.contains(attributeValue)) {
                throw ErrorCode.INVALID_AUTH_CONTEXT_CLASS_REF.toException("Value specified in Signature Request 'signatureAttributes' for attribute 'auth_context_class_ref: " + attributeValue + "' is not set under related Profile Configuration for existing request property list AuthnContextClassRefs: " + authnContextClassRefs + " for authenticationServiceId: " + str);
            }
            log.debug("Value specified in Signature Request 'signatureAttributes' for attribute: auth_context_class_ref: " + attributeValue + " matches an existing request property in list of AuthnContextClassRefs: " + authnContextClassRefs + ". Setting it for authenticationServiceId: " + str);
            signRequestExtensionType.setCertRequestProperties(this.sweEid2ObjectFactory.createCertRequestPropertiesType());
            signRequestExtensionType.getCertRequestProperties().getAuthnContextClassRef().add(attributeValue);
        }
    }

    protected void setVisibleSignature(SupportAPIProfile supportAPIProfile, PAdESSignatureParameters pAdESSignatureParameters, String str, String str2, List<Attribute> list) throws BaseAPIException {
        try {
            SignatureImageParameters imageParameters = getImageParameters(str2, list);
            if (supportAPIProfile.getVisibleSignature().isShowLogo()) {
                InMemoryDocument inMemoryDocument = null;
                InputStream resourceAsStream = getClass().getResourceAsStream(supportAPIProfile.getVisibleSignature().getLogoImage());
                if (resourceAsStream == null) {
                    File file = new File(supportAPIProfile.getVisibleSignature().getLogoImage());
                    if (file.exists() && file.isFile() && file.canRead()) {
                        log.debug("Using logo image from file system: " + supportAPIProfile.getVisibleSignature().getLogoImage());
                        inMemoryDocument = new InMemoryDocument(Files.newInputStream(file.toPath(), new OpenOption[0]));
                    } else {
                        log.error("The provided logo image path for visible signature is not valid (" + supportAPIProfile.getVisibleSignature().getLogoImage() + "). Check if the provided path points to an existing file and it has read permission. Logo image will not be used.");
                    }
                } else {
                    log.debug("Using logo image from classpath: " + supportAPIProfile.getVisibleSignature().getLogoImage());
                    inMemoryDocument = new InMemoryDocument(resourceAsStream, (String) null);
                }
                if (inMemoryDocument != null) {
                    imageParameters.setImage(inMemoryDocument);
                }
            }
            if (this.cacheProvider.get(str2, "visible_signature_request_time") == null) {
                try {
                    this.cacheProvider.set(str2, "visible_signature_request_time", new SimpleDateFormat(supportAPIProfile.getVisibleSignature().getTimeStampFormat()).format(new Date()));
                } catch (Exception e) {
                    throw ErrorCode.INVALID_CONFIGURATION.toException("Invalid configuration value for timeStampFormat: " + supportAPIProfile.getVisibleSignature().getTimeStampFormat() + " (" + e.getMessage() + ")");
                }
            }
            StringBuilder sb = new StringBuilder();
            if (supportAPIProfile.getVisibleSignature().isShowHeadline()) {
                sb.append(supportAPIProfile.getVisibleSignature().getHeadlineText()).append("\n");
            }
            String trim = supportAPIProfile.getVisibleSignature().getSignerLabel().trim();
            if (!trim.isEmpty()) {
                sb.append(trim).append(": ");
            }
            sb.append(str).append("\n");
            String trim2 = supportAPIProfile.getVisibleSignature().getTimeStampLabel().trim();
            if (!trim2.isEmpty()) {
                sb.append(trim2).append(": ");
            }
            sb.append(this.cacheProvider.get(str2, "visible_signature_request_time"));
            SignatureImageTextParameters signatureImageTextParameters = new SignatureImageTextParameters();
            signatureImageTextParameters.setText(sb.toString());
            signatureImageTextParameters.setSignerTextPosition(SignerTextPosition.RIGHT);
            signatureImageTextParameters.setBackgroundColor(ColorParser.parse(supportAPIProfile.getVisibleSignature().getBackgroundColor()));
            signatureImageTextParameters.setTextColor(ColorParser.parse(supportAPIProfile.getVisibleSignature().getFontColor()));
            if (supportAPIProfile.getVisibleSignature().getFont() != null) {
                InMemoryDocument inMemoryDocument2 = null;
                InputStream resourceAsStream2 = getClass().getResourceAsStream(supportAPIProfile.getVisibleSignature().getFont());
                if (resourceAsStream2 == null) {
                    File file2 = new File(supportAPIProfile.getVisibleSignature().getFont());
                    if (file2.exists() && file2.isFile() && file2.canRead()) {
                        log.debug("Using font file from file system: " + supportAPIProfile.getVisibleSignature().getFont());
                        inMemoryDocument2 = new InMemoryDocument(Files.newInputStream(file2.toPath(), new OpenOption[0]));
                    } else {
                        log.error("The provided font file path for visible signature is not valid (" + supportAPIProfile.getVisibleSignature().getFont() + "). Check if the provided path points to an existing file and it has read permission. Logo image will not be used.");
                    }
                } else {
                    log.debug("Using font file from classpath: " + supportAPIProfile.getVisibleSignature().getFont());
                    inMemoryDocument2 = new InMemoryDocument(resourceAsStream2, (String) null);
                }
                if (inMemoryDocument2 != null) {
                    signatureImageTextParameters.setFont(new DSSFileFont(inMemoryDocument2));
                }
            }
            signatureImageTextParameters.getFont().setSize(supportAPIProfile.getVisibleSignature().getFontSize());
            signatureImageTextParameters.setPadding(supportAPIProfile.getVisibleSignature().getTextPadding());
            imageParameters.setTextParameters(signatureImageTextParameters);
            pAdESSignatureParameters.setImageParameters(imageParameters);
        } catch (Exception e2) {
            log.error("Can't set visible signature parameters for the PAdESSignatureParameters. Message: " + e2.getMessage());
            throw ErrorCode.SIGN_REQUEST_FAILED.toException(e2, this.messageSource);
        }
    }

    protected TransactionState storeTransactionState(String str, TransactionState transactionState) throws IOException, InvalidArgumentException, InternalErrorException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        new ObjectOutputStream(byteArrayOutputStream).writeObject(transactionState);
        MetaData metaData = new MetaData();
        metaData.setTimeToLive(Constants.DEFAULT_TRANSACTION_TTL);
        this.cacheProvider.set(str, byteArrayOutputStream.toByteArray(), metaData);
        return transactionState;
    }

    protected TransactionState fetchTransactionState(String str) throws InvalidArgumentException, IOException, InternalErrorException, ClassNotFoundException {
        byte[] binary = this.cacheProvider.getBinary(str);
        if (binary != null) {
            return (TransactionState) new ObjectInputStream(new ByteArrayInputStream(binary)) { // from class: se.signatureservice.support.api.v2.V2SupportServiceAPI.1
                @Override // java.io.ObjectInputStream
                protected Class<?> resolveClass(ObjectStreamClass objectStreamClass) throws IOException, ClassNotFoundException {
                    return Class.forName(objectStreamClass.getName(), true, V2SupportServiceAPI.class.getClassLoader());
                }
            }.readObject();
        }
        return null;
    }

    private AdESType getAdESType(SigType sigType, SupportAPIProfile supportAPIProfile) {
        AdESType adESType = AdESType.None;
        switch (AnonymousClass2.$SwitchMap$org$certificateservices$messages$sweeid2$dssextenstions1_1$SigType[sigType.ordinal()]) {
            case 1:
                if (!supportAPIProfile.getXadesSignatureLevel().equals(SignatureLevel.XML_NOT_ETSI.toString())) {
                    adESType = AdESType.BES;
                    break;
                }
                break;
            case 2:
                if (!supportAPIProfile.getPadesSignatureLevel().equals(SignatureLevel.PDF_NOT_ETSI.toString())) {
                    adESType = AdESType.BES;
                    break;
                }
                break;
            case 3:
                if (!supportAPIProfile.getCadesSignatureLevel().equals(SignatureLevel.CMS_NOT_ETSI.toString())) {
                    adESType = AdESType.BES;
                    break;
                }
                break;
        }
        return adESType;
    }

    AbstractSignatureParameters getBaseSignatureParameters(SigType sigType, SupportAPIProfile supportAPIProfile) throws ClientErrorException {
        CAdESSignatureParameters cAdESSignatureParameters;
        switch (AnonymousClass2.$SwitchMap$org$certificateservices$messages$sweeid2$dssextenstions1_1$SigType[sigType.ordinal()]) {
            case 1:
                CAdESSignatureParameters xAdESSignatureParameters = new XAdESSignatureParameters();
                xAdESSignatureParameters.setSignatureLevel(SignatureLevel.valueByName(supportAPIProfile.getXadesSignatureLevel()));
                xAdESSignatureParameters.setSignaturePackaging(SignaturePackaging.valueOf(supportAPIProfile.getXadesSignaturePacking()));
                xAdESSignatureParameters.setSigningCertificateDigestMethod(SignatureAlgorithm.forJAVA(supportAPIProfile.getSignatureAlgorithm()).getDigestAlgorithm());
                xAdESSignatureParameters.setSignedInfoCanonicalizationMethod(supportAPIProfile.getXadesCanonicalizationAlgorithmURI());
                xAdESSignatureParameters.setSignedPropertiesCanonicalizationMethod(supportAPIProfile.getXadesCanonicalizationAlgorithmURI());
                xAdESSignatureParameters.setXPathLocationString(supportAPIProfile.getXadesXPathLocationString());
                cAdESSignatureParameters = xAdESSignatureParameters;
                break;
            case 2:
                CAdESSignatureParameters pAdESSignatureParameters = new PAdESSignatureParameters();
                pAdESSignatureParameters.setSignatureLevel(SignatureLevel.valueByName(supportAPIProfile.getPadesSignatureLevel()));
                cAdESSignatureParameters = pAdESSignatureParameters;
                break;
            case 3:
                CAdESSignatureParameters cAdESSignatureParameters2 = new CAdESSignatureParameters();
                cAdESSignatureParameters2.setSignatureLevel(SignatureLevel.valueByName(supportAPIProfile.getCadesSignatureLevel()));
                cAdESSignatureParameters2.setSignaturePackaging(SignaturePackaging.valueOf(supportAPIProfile.getCadesSignaturePacking()));
                cAdESSignatureParameters = cAdESSignatureParameters2;
                break;
            default:
                throw ((ClientErrorException) ErrorCode.UNSUPPORTED_SIGNATURE_TYPE.toException("Signature type not supported (" + sigType.name() + ")"));
        }
        return cAdESSignatureParameters;
    }

    protected AbstractSignatureParameters getSignatureParameters(SigType sigType, SupportAPIProfile supportAPIProfile) throws ClientErrorException {
        if (supportAPIProfile.getSignatureAlgorithm() == null) {
            throw ((ClientErrorException) ErrorCode.INVALID_CONFIGURATION.toException("Signature algorithm is not set in profile " + supportAPIProfile.getRelatedProfile()));
        }
        AbstractSignatureParameters baseSignatureParameters = getBaseSignatureParameters(sigType, supportAPIProfile);
        baseSignatureParameters.setGenerateTBSWithoutCertificate(true);
        baseSignatureParameters.bLevel().setSigningDate(DateUtils.round(new Date(), 13));
        baseSignatureParameters.setEncryptionAlgorithm(SignatureAlgorithm.forJAVA(supportAPIProfile.getSignatureAlgorithm()).getEncryptionAlgorithm());
        baseSignatureParameters.setDigestAlgorithm(SignatureAlgorithm.forJAVA(supportAPIProfile.getSignatureAlgorithm()).getDigestAlgorithm());
        return baseSignatureParameters;
    }

    private AbstractSignatureParameters getSignatureParameters(SignTaskDataType signTaskDataType, SigType sigType, CertificateToken certificateToken, List<CertificateToken> list, DocumentSigningRequest documentSigningRequest, TransactionState transactionState, SupportAPIProfile supportAPIProfile) throws ClientErrorException, ParserConfigurationException, IOException, SAXException {
        AbstractSignatureParameters baseSignatureParameters = getBaseSignatureParameters(sigType, supportAPIProfile);
        baseSignatureParameters.setSigningCertificate(certificateToken);
        baseSignatureParameters.setCertificateChain(list);
        baseSignatureParameters.setSignedData(signTaskDataType.getToBeSignedBytes());
        if (sigType == SigType.XML && transactionState.getSigningTime().get(documentSigningRequest.referenceId) == null) {
            baseSignatureParameters.bLevel().setSigningDate(SignTaskHelper.getXadesSigningTime(signTaskDataType));
        } else {
            baseSignatureParameters.bLevel().setSigningDate(transactionState.getSigningTime().get(documentSigningRequest.referenceId));
        }
        baseSignatureParameters.setSignWithExpiredCertificate(supportAPIProfile.isAllowSignWithExpiredCertificate());
        if (baseSignatureParameters.isSignWithExpiredCertificate()) {
            log.warn("Signing with expired certificate is enabled in profile. Make sure this is a conscious choice.");
        }
        return baseSignatureParameters;
    }

    private SignatureImageParameters getImageParameters(String str, List<Attribute> list) throws BaseAPIException {
        SignatureImageParameters signatureImageParameters = new SignatureImageParameters();
        try {
            SignatureFieldParameters signatureFieldParameters = new SignatureFieldParameters();
            signatureFieldParameters.setOriginX(getAttributeAsFloatAndStoreInCache(str, AvailableSignatureAttributes.VISIBLE_SIGNATURE_POSITION_X, this.cacheProvider.get(str, AvailableSignatureAttributes.VISIBLE_SIGNATURE_POSITION_X), "20"));
            signatureFieldParameters.setOriginY(getAttributeAsFloatAndStoreInCache(str, AvailableSignatureAttributes.VISIBLE_SIGNATURE_POSITION_Y, this.cacheProvider.get(str, AvailableSignatureAttributes.VISIBLE_SIGNATURE_POSITION_Y), "20"));
            signatureFieldParameters.setWidth(getAttributeAsIntAndStoreInCache(str, AvailableSignatureAttributes.VISIBLE_SIGNATURE_WIDTH, this.cacheProvider.get(str, AvailableSignatureAttributes.VISIBLE_SIGNATURE_WIDTH), "0"));
            signatureFieldParameters.setHeight(getAttributeAsIntAndStoreInCache(str, AvailableSignatureAttributes.VISIBLE_SIGNATURE_HEIGHT, this.cacheProvider.get(str, AvailableSignatureAttributes.VISIBLE_SIGNATURE_HEIGHT), "0"));
            signatureFieldParameters.setPage(getAttributeAsIntAndStoreInCache(str, AvailableSignatureAttributes.VISIBLE_SIGNATURE_PAGE, this.cacheProvider.get(str, AvailableSignatureAttributes.VISIBLE_SIGNATURE_PAGE), AvailableSignatureAttributes.DEFAULT_VISIBLE_SIGNATURE_PAGE));
            signatureImageParameters.setFieldParameters(signatureFieldParameters);
            if (list != null) {
                for (Attribute attribute : list) {
                    if (Objects.equals(attribute.getKey(), AvailableSignatureAttributes.VISIBLE_SIGNATURE_POSITION_X)) {
                        signatureFieldParameters.setOriginX(getAttributeAsFloatAndStoreInCache(str, attribute.getKey(), attribute.getValue(), null));
                    } else if (Objects.equals(attribute.getKey(), AvailableSignatureAttributes.VISIBLE_SIGNATURE_POSITION_Y)) {
                        signatureFieldParameters.setOriginY(getAttributeAsFloatAndStoreInCache(str, attribute.getKey(), attribute.getValue(), null));
                    } else if (Objects.equals(attribute.getKey(), AvailableSignatureAttributes.VISIBLE_SIGNATURE_WIDTH)) {
                        signatureFieldParameters.setWidth(getAttributeAsIntAndStoreInCache(str, attribute.getKey(), attribute.getValue(), null));
                    } else if (Objects.equals(attribute.getKey(), AvailableSignatureAttributes.VISIBLE_SIGNATURE_HEIGHT)) {
                        signatureFieldParameters.setHeight(getAttributeAsIntAndStoreInCache(str, attribute.getKey(), attribute.getValue(), null));
                    } else if (Objects.equals(attribute.getKey(), AvailableSignatureAttributes.VISIBLE_SIGNATURE_PAGE)) {
                        signatureFieldParameters.setPage(getAttributeAsIntAndStoreInCache(str, attribute.getKey(), attribute.getValue(), null));
                    } else {
                        log.info("Ignore attribute: " + attribute.getKey() + " for visible signature image settings.");
                    }
                }
                if (signatureFieldParameters.getOriginX() <= 0.0f) {
                    throw ErrorCode.INVALID_VISIBLE_SIGNATURE_ATTRIBUTE.toException("Make sure attribute: visible_signature_position_x is configured with a value equal or larger than 0.");
                }
                if (signatureFieldParameters.getOriginY() <= 0.0f) {
                    throw ErrorCode.INVALID_VISIBLE_SIGNATURE_ATTRIBUTE.toException("Make sure attribute: visible_signature_position_y is configured with a value equal or larger than 0.");
                }
                if (signatureFieldParameters.getWidth() != 0.0f && signatureFieldParameters.getHeight() != 0.0f) {
                    if (signatureFieldParameters.getWidth() < 180.0f) {
                        throw ErrorCode.INVALID_VISIBLE_SIGNATURE_ATTRIBUTE.toException("Make sure attribute: visible_signature_width is configured with a value larger than 180. The minimum image size is: 180*40.");
                    }
                    if (signatureFieldParameters.getHeight() < 40.0f) {
                        throw ErrorCode.INVALID_VISIBLE_SIGNATURE_ATTRIBUTE.toException("Make sure attribute: visible_signature_height is configured with a value larger than 40. The minimum image size is: 180*40.");
                    }
                }
                signatureImageParameters.setFieldParameters(signatureFieldParameters);
            }
            return signatureImageParameters;
        } catch (Exception e) {
            log.error("Can't set visible signature parameters for the PAdESSignatureParameters. Message: " + e.getMessage());
            throw ErrorCode.INVALID_VISIBLE_SIGNATURE_ATTRIBUTE.toException(e, this.messageSource);
        }
    }

    private int getAttributeAsIntAndStoreInCache(String str, String str2, String str3, String str4) throws InvalidParameterException, BaseAPIException, InvalidArgumentException, IOException, InternalErrorException {
        if (str3 == null || str3.isEmpty()) {
            if (str4 == null) {
                throw ErrorCode.INVALID_VISIBLE_SIGNATURE_ATTRIBUTE.toException("Invalid sign attribute configured. Can't set " + str2 + " with empty value or null.");
            }
            str3 = str4;
        }
        try {
            int parseInt = Integer.parseInt(str3);
            this.cacheProvider.set(str, str2, str3);
            return parseInt;
        } catch (Exception e) {
            throw ErrorCode.INVALID_VISIBLE_SIGNATURE_ATTRIBUTE.toException("Invalid sign attribute " + str2 + "=" + str3 + " configured. Can't convert " + str3 + " to integer.");
        }
    }

    private float getAttributeAsFloatAndStoreInCache(String str, String str2, String str3, String str4) throws InvalidParameterException, BaseAPIException, InvalidArgumentException, IOException, InternalErrorException {
        if (str3 == null || str3.isEmpty()) {
            if (str4 == null) {
                throw ErrorCode.INVALID_VISIBLE_SIGNATURE_ATTRIBUTE.toException("Invalid sign attribute configured. Can't set " + str2 + " with empty value or null.");
            }
            str3 = str4;
        }
        try {
            float parseFloat = Float.parseFloat(str3);
            this.cacheProvider.set(str, str2, str3);
            return parseFloat;
        } catch (Exception e) {
            throw ErrorCode.INVALID_VISIBLE_SIGNATURE_ATTRIBUTE.toException("Invalid sign attribute " + str2 + "=" + str3 + " configured. Can't convert " + str3 + " to float value.");
        }
    }

    protected boolean validateVisibleSignatureAttributes(List<Attribute> list) {
        if (list == null || list.size() < 4) {
            return false;
        }
        ArrayList arrayList = new ArrayList(Arrays.asList(AvailableSignatureAttributes.VISIBLE_SIGNATURE_POSITION_X, AvailableSignatureAttributes.VISIBLE_SIGNATURE_POSITION_Y, AvailableSignatureAttributes.VISIBLE_SIGNATURE_WIDTH, AvailableSignatureAttributes.VISIBLE_SIGNATURE_HEIGHT));
        ArrayList arrayList2 = new ArrayList();
        Iterator<Attribute> it = list.iterator();
        while (it.hasNext()) {
            arrayList2.add(it.next().getKey());
        }
        return new HashSet(arrayList2).containsAll(arrayList);
    }

    protected String getSigTypeFromMimeType(String str) {
        return str.equals(MimeType.XML.getMimeTypeString()) ? SigType.XML.name() : str.equals(MimeType.PDF.getMimeTypeString()) ? SigType.PDF.name() : SigType.CMS.name();
    }

    protected SignMessageType generateSignMessage(ContextMessageSecurityProvider.Context context, String str, String str2, SupportAPIProfile supportAPIProfile) throws UnsupportedEncodingException, MessageProcessingException {
        SignMessageMimeType signMessageMimeType;
        SignMessageType genSignMessage;
        String signMessageMimeType2 = supportAPIProfile.getSignMessageMimeType();
        if (signMessageMimeType2 == null || !EnumUtils.isValidEnum(SignMessageMimeType.class, signMessageMimeType2.toUpperCase())) {
            log.error("Invalid mimetype for sign messages specified in configuration: " + supportAPIProfile.getSignMessageMimeType() + ". Using 'text' as fallback.");
            signMessageMimeType = SignMessageMimeType.TEXT;
        } else {
            signMessageMimeType = SignMessageMimeType.valueOf(signMessageMimeType2.toUpperCase());
        }
        if (supportAPIProfile.isUseEncryptedSignMessage()) {
            genSignMessage = this.sweEID2DSSExtensionsMessageParser.genSignEncryptedMessage(context, Boolean.valueOf(supportAPIProfile.isSignMessageMustShow()), str2, signMessageMimeType, str.getBytes(StandardCharsets.UTF_8), (Map) null, this.apiConfig.getEncryptedSignMessageRecipients().get(str2));
        } else {
            genSignMessage = this.sweEID2DSSExtensionsMessageParser.genSignMessage(Boolean.valueOf(supportAPIProfile.isSignMessageMustShow()), str2, signMessageMimeType, str.getBytes(StandardCharsets.UTF_8), (Map) null);
        }
        return genSignMessage;
    }

    private AttributeStatementType generateSigner(User user, String str, SupportAPIProfile supportAPIProfile) throws ServerErrorException {
        AttributeStatementType createAttributeStatementType = this.saml2ObjectFactory.createAttributeStatementType();
        createAttributeStatementType.getAttributeOrEncryptedAttribute().add(generateSignerAttribute(getUserIdAttributeMapping(str, supportAPIProfile), user.getUserId()));
        if (supportAPIProfile.getSignerAttributes() != null) {
            for (Map.Entry<String, Map<String, Object>> entry : supportAPIProfile.getSignerAttributes().entrySet()) {
                Attribute attribute = null;
                if (user.getUserAttributes() != null) {
                    Iterator<Attribute> it = user.getUserAttributes().iterator();
                    while (true) {
                        if (!it.hasNext()) {
                            break;
                        }
                        Attribute next = it.next();
                        if (next.getKey().equals(entry.getValue().get("userAttributeMapping"))) {
                            attribute = next;
                            break;
                        }
                    }
                }
                if (attribute == null && ((Boolean) entry.getValue().get("required")).booleanValue()) {
                    throw ((ServerErrorException) ErrorCode.MISSING_CONFIGURATION.toException("Missing required user attribute, defined in signerAttributes configuration: " + entry.getValue().get("userAttributeMapping")));
                }
                if (attribute != null) {
                    createAttributeStatementType.getAttributeOrEncryptedAttribute().add(generateSignerAttribute((String) entry.getValue().get("samlAttributeName"), attribute.getValue()));
                }
            }
        }
        return createAttributeStatementType;
    }

    private List<String> getAuthnContextClassRefs(String str, SupportAPIProfile supportAPIProfile) {
        ArrayList arrayList = new ArrayList();
        if (supportAPIProfile.getAuthnContextClassRef() != null) {
            log.warn("Profile configuration 'authnContextClassRef' is deprecated. Please remove it and use 'defaultAuthnContextClassRefs' instead.");
            arrayList.add(supportAPIProfile.getAuthnContextClassRef());
        }
        if (supportAPIProfile.getDefaultAuthnContextClassRef() != null && !arrayList.contains(supportAPIProfile.getDefaultAuthnContextClassRef())) {
            arrayList.add(supportAPIProfile.getDefaultAuthnContextClassRef());
        }
        if (supportAPIProfile.getDefaultAuthnContextClassRefs() != null) {
            for (String str2 : supportAPIProfile.getDefaultAuthnContextClassRefs()) {
                if (!arrayList.contains(str2)) {
                    arrayList.add(str2);
                }
            }
        }
        ArrayList arrayList2 = new ArrayList();
        if (supportAPIProfile.getTrustedAuthenticationServices() != null) {
            for (Map.Entry<String, Map<String, Object>> entry : supportAPIProfile.getTrustedAuthenticationServices().entrySet()) {
                if (entry.getValue().get("entityId").equals(str)) {
                    if (entry.getValue().get("authnContextClassRef") != null) {
                        arrayList2.add((String) entry.getValue().get("authnContextClassRef"));
                    } else if (entry.getValue().get("authnContextClassRefs") != null) {
                        for (String str3 : (List) entry.getValue().get("authnContextClassRefs")) {
                            if (!arrayList2.contains(str3)) {
                                arrayList2.add(str3);
                            }
                        }
                    }
                }
            }
        }
        return arrayList2.isEmpty() ? arrayList : arrayList2;
    }

    private String getUserIdAttributeMapping(String str, SupportAPIProfile supportAPIProfile) {
        if (supportAPIProfile.getUserIdAttributeMapping() != null) {
            log.warn("Profile configuration 'userIdAttributeMapping' is deprecated. Please remove it and use 'defaultUserIdAttributeMapping' instead.");
        }
        String defaultUserIdAttributeMapping = supportAPIProfile.getDefaultUserIdAttributeMapping();
        if (defaultUserIdAttributeMapping == null) {
            defaultUserIdAttributeMapping = supportAPIProfile.getUserIdAttributeMapping();
        }
        if (supportAPIProfile.getTrustedAuthenticationServices() != null) {
            for (Map.Entry<String, Map<String, Object>> entry : supportAPIProfile.getTrustedAuthenticationServices().entrySet()) {
                if (entry.getValue().get("entityId").equals(str) && entry.getValue().get("userIdAttributeMapping") != null) {
                    defaultUserIdAttributeMapping = (String) entry.getValue().get("userIdAttributeMapping");
                }
            }
        }
        return defaultUserIdAttributeMapping;
    }

    private String getSignServiceRequestURL(SupportAPIProfile supportAPIProfile, List<Attribute> list) {
        String attributeValue = AvailableSignatureAttributes.getAttributeValue(list, AvailableSignatureAttributes.ATTRIBUTE_SIGNSERVICE_REQUEST_URL);
        if (attributeValue == null || attributeValue.isEmpty()) {
            log.info("Setting SignServiceRequestURL from Profile Configuration: " + supportAPIProfile.getSignServiceRequestURL());
            return supportAPIProfile.getSignServiceRequestURL();
        }
        log.info("Setting SignServiceRequestURL from SOAP API SignatureAttributes Parameter signservice_request_url: " + attributeValue);
        return attributeValue;
    }

    private AttributeType generateSignerAttribute(String str, String str2) {
        AttributeType createAttributeType = this.saml2ObjectFactory.createAttributeType();
        createAttributeType.setName(str);
        createAttributeType.getAttributeValue().add(str2);
        return createAttributeType;
    }

    private ConditionsType generateConditions(GregorianCalendar gregorianCalendar, String str, SupportAPIProfile supportAPIProfile) throws ServerErrorException {
        validateConsumerURL(str, supportAPIProfile);
        ConditionsType createConditionsType = this.saml2ObjectFactory.createConditionsType();
        AudienceRestrictionType createAudienceRestrictionType = this.saml2ObjectFactory.createAudienceRestrictionType();
        createAudienceRestrictionType.getAudience().add(str);
        createConditionsType.getConditionOrAudienceRestrictionOrOneTimeUse().add(createAudienceRestrictionType);
        createConditionsType.setNotBefore(this.datatypeFactory.newXMLGregorianCalendar(getNotBefore(gregorianCalendar, supportAPIProfile)));
        createConditionsType.setNotOnOrAfter(this.datatypeFactory.newXMLGregorianCalendar(getNotOnOrAfter(gregorianCalendar, supportAPIProfile)));
        return createConditionsType;
    }

    private GregorianCalendar getNotBefore(GregorianCalendar gregorianCalendar, SupportAPIProfile supportAPIProfile) {
        GregorianCalendar gregorianCalendar2 = new GregorianCalendar();
        gregorianCalendar2.setTime(gregorianCalendar.getTime());
        gregorianCalendar2.add(12, -supportAPIProfile.getSignatureValidityOverlapMinutes());
        return gregorianCalendar2;
    }

    private GregorianCalendar getNotOnOrAfter(GregorianCalendar gregorianCalendar, SupportAPIProfile supportAPIProfile) {
        GregorianCalendar gregorianCalendar2 = new GregorianCalendar();
        gregorianCalendar2.setTime(gregorianCalendar.getTime());
        gregorianCalendar2.add(12, supportAPIProfile.getSignatureValidityMinutes());
        return gregorianCalendar2;
    }

    private void validateTransactionId(String str) throws ClientErrorException {
        if (str == null || str.length() < 32) {
            throw ((ClientErrorException) ErrorCode.UNSUPPORTED_TRANSACTION_ID.toException("Transaction ID is too short"));
        }
    }

    private void validateDocuments(DocumentRequests documentRequests) throws ClientErrorException {
        if (documentRequests == null) {
            throw ((ClientErrorException) ErrorCode.INVALID_DOCUMENT.toException("No documents to be signed", this.messageSource));
        }
        if (documentRequests.documents == null || documentRequests.documents.isEmpty()) {
            throw ((ClientErrorException) ErrorCode.INVALID_DOCUMENT.toException("Empty list of documents to be signed", this.messageSource));
        }
        for (Object obj : documentRequests.documents) {
            if (obj instanceof DocumentSigningRequest) {
                DocumentSigningRequest documentSigningRequest = (DocumentSigningRequest) obj;
                if (documentSigningRequest.name == null || documentSigningRequest.name.isEmpty()) {
                    throw ((ClientErrorException) ErrorCode.INVALID_DOCUMENT.toException("Missing document name", this.messageSource));
                }
                if (documentSigningRequest.data == null) {
                    throw ((ClientErrorException) ErrorCode.INVALID_DOCUMENT.toException("Missing data for document (" + documentSigningRequest.getName() + ")", this.messageSource));
                }
                if (documentSigningRequest.type == null || documentSigningRequest.type.isEmpty()) {
                    throw ((ClientErrorException) ErrorCode.INVALID_MIMETYPE.toException("Missing document type for document (" + documentSigningRequest.getName() + ")", this.messageSource));
                }
                if (MimeType.getFileExtension(documentSigningRequest.name) != null && !MimeType.fromFileName(documentSigningRequest.name).getMimeTypeString().equals(documentSigningRequest.type)) {
                    throw ((ClientErrorException) ErrorCode.INVALID_MIMETYPE.toException("Invalid type (" + documentSigningRequest.getType() + ") for document name (" + documentSigningRequest.getName() + "). " + MimeType.fromFileName(documentSigningRequest.getName()).getMimeTypeString() + " was exptected.", this.messageSource));
                }
            } else if (obj instanceof DocumentRef) {
                throw ((ClientErrorException) ErrorCode.UNSUPPORTED_OPERATION.toException("Document references are not supported", this.messageSource));
            }
        }
    }

    private void validateProfile(SupportAPIProfile supportAPIProfile) throws ClientErrorException {
        if (supportAPIProfile == null) {
            throw ((ClientErrorException) ErrorCode.INVALID_PROFILE.toException("Profile missing (null)"));
        }
        if (supportAPIProfile.getRequestedCertAttributes() == null || supportAPIProfile.getRequestedCertAttributes().isEmpty()) {
            throw ((ClientErrorException) ErrorCode.INVALID_PROFILE.toException("Profile must contain at least one requested cert attribute"));
        }
        if (supportAPIProfile.getRelatedProfile() == null || supportAPIProfile.getRelatedProfile().isEmpty()) {
            throw ((ClientErrorException) ErrorCode.INVALID_PROFILE.toException("Related profile name in profile is empty"));
        }
    }

    private boolean validateConsumerURL(String str, SupportAPIProfile supportAPIProfile) throws ServerErrorException {
        boolean z = false;
        if (supportAPIProfile.getAuthorizedConsumerURLs() != null) {
            Iterator<String> it = supportAPIProfile.getAuthorizedConsumerURLs().iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                if (str.startsWith(it.next())) {
                    z = true;
                    break;
                }
            }
        } else {
            log.warn("No authorized consumer URLs specified in configuration");
        }
        if (z) {
            return true;
        }
        throw ((ServerErrorException) ErrorCode.INVALID_CONFIGURATION.toException("Unauthorized consumer URL: " + str + "."));
    }

    private void validateAuthenticationServiceId(String str, SupportAPIProfile supportAPIProfile) throws ClientErrorException {
        boolean z = false;
        if (supportAPIProfile != null) {
            if (supportAPIProfile.getTrustedAuthenticationServices() != null) {
                for (Map<String, Object> map : supportAPIProfile.getTrustedAuthenticationServices().values()) {
                    if (map.get("entityId") != null && map.get("entityId").equals(str)) {
                        z = true;
                    }
                }
            } else {
                log.warn("No trusted authentication services are specified in configuration.");
            }
        }
        if (!z) {
            throw ((ClientErrorException) ErrorCode.UNAUTHORIZED_AUTH_SERVICE.toException("Unauthorized authentication service (" + str + ")", this.messageSource));
        }
    }
}
