package es.gob.afirma.triphase.signer.xades;

import es.gob.afirma.core.AOException;
import es.gob.afirma.core.misc.AOFileUtils;
import es.gob.afirma.core.misc.AOUtil;
import es.gob.afirma.core.misc.Base64;
import es.gob.afirma.core.signers.CounterSignTarget;
import es.gob.afirma.signers.xades.XAdESCoSigner;
import es.gob.afirma.signers.xades.XAdESCounterSigner;
import es.gob.afirma.signers.xades.XAdESExtraParams;
import es.gob.afirma.signers.xades.XAdESSigner;
import es.gob.afirma.signers.xml.Utils;
import es.gob.afirma.signers.xml.XMLConstants;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.List;
import java.util.Properties;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.xml.crypto.AlgorithmMethod;
import javax.xml.crypto.KeySelector;
import javax.xml.crypto.KeySelectorException;
import javax.xml.crypto.KeySelectorResult;
import javax.xml.crypto.MarshalException;
import javax.xml.crypto.XMLCryptoContext;
import javax.xml.crypto.dsig.XMLSignature;
import javax.xml.crypto.dsig.XMLSignatureException;
import javax.xml.crypto.dsig.dom.DOMValidateContext;
import javax.xml.crypto.dsig.keyinfo.KeyInfo;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import org.w3c.dom.Document;
import org.w3c.dom.NamedNodeMap;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
import org.xml.sax.SAXException;

/* loaded from: input_file:WEB-INF/lib/afirma-server-triphase-signer-core-1.7.2.jar:es/gob/afirma/triphase/signer/xades/XAdESTriPhaseSignerServerSide.class */
public final class XAdESTriPhaseSignerServerSide {
    private static final String COUNTERSIGN_TARGET_KEY = "target";
    private static final String XML_DEFAULT_ENCODING = "UTF-8";
    public static final String REPLACEMENT_CODE = "%i";
    public static final String REPLACEMENT_STRING = "%%REPLACEME_%i%%";
    private static final String XML_NODE_ID = "Id";
    private static final int NUM_CHARACTERS_TO_COMPARE = 60;
    private static final Logger LOGGER = Logger.getLogger("es.gob.afirma");

    /* loaded from: input_file:WEB-INF/lib/afirma-server-triphase-signer-core-1.7.2.jar:es/gob/afirma/triphase/signer/xades/XAdESTriPhaseSignerServerSide$Op.class */
    public enum Op {
        SIGN,
        COSIGN,
        COUNTERSIGN
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/afirma-server-triphase-signer-core-1.7.2.jar:es/gob/afirma/triphase/signer/xades/XAdESTriPhaseSignerServerSide$SimpleKeySelector.class */
    public static class SimpleKeySelector extends KeySelector {
        private final PublicKey pk;

        SimpleKeySelector(PublicKey publicKey) {
            this.pk = publicKey;
        }

        public KeySelectorResult select(KeyInfo keyInfo, KeySelector.Purpose purpose, AlgorithmMethod algorithmMethod, XMLCryptoContext xMLCryptoContext) throws KeySelectorException {
            return new SimpleKeySelectorResult(this.pk);
        }
    }

    /* loaded from: input_file:WEB-INF/lib/afirma-server-triphase-signer-core-1.7.2.jar:es/gob/afirma/triphase/signer/xades/XAdESTriPhaseSignerServerSide$SimpleKeySelectorResult.class */
    private static class SimpleKeySelectorResult implements KeySelectorResult {
        private final PublicKey pk;

        SimpleKeySelectorResult(PublicKey publicKey) {
            this.pk = publicKey;
        }

        public Key getKey() {
            return this.pk;
        }
    }

    private XAdESTriPhaseSignerServerSide() {
    }

    public static XmlPreSignResult preSign(byte[] bArr, String str, Certificate[] certificateArr, Properties properties, Op op) throws NoSuchAlgorithmException, AOException, SAXException, IOException, ParserConfigurationException, MarshalException, XMLSignatureException, InvalidKeyException, SignatureException, XmlPreSignException {
        byte[] countersign;
        NamedNodeMap attributes;
        Node namedItem;
        String nodeValue;
        if (bArr == null || bArr.length < 1) {
            throw new IllegalArgumentException("Los datos a prefirmar no pueden ser nulos ni vacios");
        }
        if (str == null || "".equals(str)) {
            throw new IllegalArgumentException("El algoritmo de firma no puede ser nulo ni vacio");
        }
        if (certificateArr == null || certificateArr.length < 1) {
            throw new IllegalArgumentException("La cadena de certificados no puede ser nula y debe contener al menos un certificado");
        }
        ArrayList arrayList = new ArrayList();
        Document document = null;
        String str2 = XML_DEFAULT_ENCODING;
        if (AOFileUtils.isXML(bArr)) {
            try {
                DocumentBuilderFactory newInstance = DocumentBuilderFactory.newInstance();
                newInstance.setNamespaceAware(true);
                document = newInstance.newDocumentBuilder().parse(new ByteArrayInputStream(bArr));
                if (document.getXmlEncoding() != null) {
                    str2 = document.getXmlEncoding();
                }
            } catch (Exception e) {
                LOGGER.log(Level.WARNING, "Error al cargar el documento XML", (Throwable) e);
            }
        } else {
            LOGGER.info("El documento a firmar no es XML, por lo que no contiene firmas previas");
        }
        if (document == null && (op == Op.COSIGN || op == Op.COUNTERSIGN)) {
            LOGGER.severe("Solo se pueden cofirmar y contrafirmar firmas XML");
            throw new AOException("Los datos introducidos no se corresponden con una firma XML");
        }
        if (document != null) {
            NodeList elementsByTagNameNS = document.getElementsByTagNameNS(XMLConstants.DSIGNNS, "Signature");
            for (int i = 0; i < elementsByTagNameNS.getLength(); i++) {
                Node item = elementsByTagNameNS.item(i);
                if (item.getNodeType() == 1 && (attributes = item.getAttributes()) != null && (namedItem = attributes.getNamedItem("Id")) != null && (nodeValue = namedItem.getNodeValue()) != null) {
                    arrayList.add(nodeValue);
                }
            }
        }
        Properties extraParams = getExtraParams(properties);
        extraParams.setProperty(XAdESExtraParams.INTERNAL_VALIDATE_PKCS1, Boolean.FALSE.toString());
        PublicKey publicKey = ((X509Certificate) certificateArr[0]).getPublicKey();
        PrivateKey privateKey = KeyHelperFactory.getKeyHelper(publicKey).getPrivateKey(publicKey);
        switch (op) {
            case SIGN:
                countersign = XAdESSigner.sign(bArr, str, privateKey, certificateArr, extraParams);
                break;
            case COSIGN:
                countersign = XAdESCoSigner.cosign(bArr, str, privateKey, certificateArr, extraParams);
                break;
            case COUNTERSIGN:
                countersign = XAdESCounterSigner.countersign(bArr, str, CounterSignTarget.LEAFS.name().equalsIgnoreCase(extraParams.getProperty(COUNTERSIGN_TARGET_KEY)) ? CounterSignTarget.LEAFS : CounterSignTarget.TREE, (Object[]) null, privateKey, certificateArr, extraParams);
                break;
            default:
                throw new IllegalStateException("No se puede dar una operacion no contemplada en el enumerado de operaciones: " + op);
        }
        String str3 = new String(countersign, str2);
        List<byte[]> signedInfos = getSignedInfos(countersign, certificateArr[0].getPublicKey(), arrayList);
        for (int i2 = 0; i2 < signedInfos.size(); i2++) {
            byte[] bArr2 = signedInfos.get(i2);
            Signature signature = Signature.getInstance(str);
            signature.initSign(privateKey);
            signature.update(bArr2);
            String cleanBase64 = cleanBase64(Base64.encode(signature.sign()));
            int indexOf = str3.indexOf(">" + cleanBase64.substring(0, 60)) + 1;
            String substring = str3.substring(indexOf, str3.indexOf(60, indexOf));
            if (cleanBase64.equals(cleanBase64(substring))) {
                str3 = str3.replace(substring, REPLACEMENT_STRING.replace(REPLACEMENT_CODE, Integer.toString(i2)));
            }
        }
        return new XmlPreSignResult(str3.getBytes(str2), signedInfos, str2);
    }

    private static String cleanBase64(String str) {
        if (str == null) {
            return null;
        }
        return str.replace("\n", "").replace("\r", "").replace("\t", "").replace(" ", "");
    }

    private static List<byte[]> getSignedInfos(byte[] bArr, PublicKey publicKey, List<String> list) throws SAXException, IOException, ParserConfigurationException, MarshalException, XMLSignatureException, XmlPreSignException {
        DocumentBuilderFactory newInstance = DocumentBuilderFactory.newInstance();
        newInstance.setNamespaceAware(true);
        NodeList elementsByTagNameNS = newInstance.newDocumentBuilder().parse(new ByteArrayInputStream(bArr)).getElementsByTagNameNS(XMLConstants.DSIGNNS, "Signature");
        if (elementsByTagNameNS.getLength() == 0) {
            throw new IllegalArgumentException("Se ha proporcionado un XML sin firmas");
        }
        ArrayList arrayList = new ArrayList();
        for (int i = 0; i < elementsByTagNameNS.getLength(); i++) {
            Node item = elementsByTagNameNS.item(i);
            if (item.getAttributes() == null || item.getAttributes().getNamedItem("Id") == null) {
                LOGGER.warning("El documento contiene firmas sin identificador reconocido");
            } else {
                String nodeValue = item.getAttributes().getNamedItem("Id").getNodeValue();
                if (list == null || !list.contains(nodeValue)) {
                    DOMValidateContext dOMValidateContext = new DOMValidateContext(new SimpleKeySelector(publicKey), item);
                    dOMValidateContext.setProperty("javax.xml.crypto.dsig.cacheReference", Boolean.TRUE);
                    XMLSignature unmarshalXMLSignature = Utils.getDOMFactory().unmarshalXMLSignature(dOMValidateContext);
                    unmarshalXMLSignature.validate(dOMValidateContext);
                    arrayList.add(AOUtil.getDataFromInputStream(unmarshalXMLSignature.getSignedInfo().getCanonicalizedData()));
                }
            }
        }
        if (arrayList.isEmpty()) {
            throw new XmlPreSignException("Se ha creado un nodo firma, pero no se ha encontrado en el postproceso");
        }
        return arrayList;
    }

    private static Properties getExtraParams(Properties properties) {
        return properties != null ? (Properties) properties.clone() : new Properties();
    }
}
