package eu.europa.esig.dss.xades.validation;

import eu.europa.esig.dss.DomUtils;
import eu.europa.esig.dss.enumerations.DigestAlgorithm;
import eu.europa.esig.dss.enumerations.DigestMatcherType;
import eu.europa.esig.dss.enumerations.EncryptionAlgorithm;
import eu.europa.esig.dss.enumerations.EndorsementType;
import eu.europa.esig.dss.enumerations.MaskGenerationFunction;
import eu.europa.esig.dss.enumerations.SignatureAlgorithm;
import eu.europa.esig.dss.enumerations.SignatureForm;
import eu.europa.esig.dss.enumerations.SignatureLevel;
import eu.europa.esig.dss.model.DSSDocument;
import eu.europa.esig.dss.model.DSSException;
import eu.europa.esig.dss.model.Digest;
import eu.europa.esig.dss.model.x509.CertificateToken;
import eu.europa.esig.dss.spi.DSSUtils;
import eu.europa.esig.dss.spi.x509.CertificatePool;
import eu.europa.esig.dss.utils.Utils;
import eu.europa.esig.dss.validation.AdvancedSignature;
import eu.europa.esig.dss.validation.CandidatesForSigningCertificate;
import eu.europa.esig.dss.validation.CertificateRef;
import eu.europa.esig.dss.validation.CertificateValidity;
import eu.europa.esig.dss.validation.CommitmentType;
import eu.europa.esig.dss.validation.DefaultAdvancedSignature;
import eu.europa.esig.dss.validation.IssuerSerialInfo;
import eu.europa.esig.dss.validation.ReferenceValidation;
import eu.europa.esig.dss.validation.SignatureCRLSource;
import eu.europa.esig.dss.validation.SignatureCertificateSource;
import eu.europa.esig.dss.validation.SignatureCryptographicVerification;
import eu.europa.esig.dss.validation.SignatureDigestReference;
import eu.europa.esig.dss.validation.SignatureIdentifier;
import eu.europa.esig.dss.validation.SignatureOCSPSource;
import eu.europa.esig.dss.validation.SignaturePolicy;
import eu.europa.esig.dss.validation.SignaturePolicyProvider;
import eu.europa.esig.dss.validation.SignatureProductionPlace;
import eu.europa.esig.dss.validation.SignerRole;
import eu.europa.esig.dss.xades.DSSXMLUtils;
import eu.europa.esig.dss.xades.SantuarioInitializer;
import eu.europa.esig.dss.xades.XPathQueryHolder;
import eu.europa.esig.dss.xades.reference.XAdESReferenceValidation;
import java.io.StringReader;
import java.math.BigInteger;
import java.security.PublicKey;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import javax.security.auth.x500.X500Principal;
import javax.xml.transform.stream.StreamSource;
import org.apache.xml.security.algorithms.JCEMapper;
import org.apache.xml.security.exceptions.XMLSecurityException;
import org.apache.xml.security.keys.KeyInfo;
import org.apache.xml.security.keys.keyresolver.KeyResolverException;
import org.apache.xml.security.signature.Reference;
import org.apache.xml.security.signature.ReferenceNotInitializedException;
import org.apache.xml.security.signature.SignedInfo;
import org.apache.xml.security.signature.XMLSignature;
import org.apache.xml.security.signature.XMLSignatureException;
import org.apache.xml.security.utils.XMLUtils;
import org.digidoc4j.dss.xades.BDocTmSupport;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;

/* loaded from: input_file:eu/europa/esig/dss/xades/validation/XAdESSignature.class */
public class XAdESSignature extends DefaultAdvancedSignature {
    private static final long serialVersionUID = -2639858392612722185L;
    private static final Logger LOG = LoggerFactory.getLogger(XAdESSignature.class);
    private static SignatureLevel[] signatureLevels = {SignatureLevel.XML_NOT_ETSI, SignatureLevel.XAdES_BASELINE_B, SignatureLevel.XAdES_BASELINE_T, SignatureLevel.XAdES_C, SignatureLevel.XAdES_X, SignatureLevel.XAdES_BASELINE_LT, SignatureLevel.XAdES_BASELINE_LTA};
    protected static final String DEFAULT_CANONICALIZATION_METHOD = "http://www.w3.org/2001/10/xml-exc-c14n#";
    private final List<XPathQueryHolder> xPathQueryHolders;
    protected XPathQueryHolder xPathQueryHolder;
    private final Element signatureElement;
    private transient XMLSignature santuarioSignature;
    private String daIdentifier;
    private transient List<Reference> references;
    private List<ReferenceValidation> referenceValidations;

    /* renamed from: eu.europa.esig.dss.xades.validation.XAdESSignature$1, reason: invalid class name */
    /* loaded from: input_file:eu/europa/esig/dss/xades/validation/XAdESSignature$1.class */
    static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$eu$europa$esig$dss$enumerations$SignatureLevel = new int[SignatureLevel.values().length];

        static {
            try {
                $SwitchMap$eu$europa$esig$dss$enumerations$SignatureLevel[SignatureLevel.XML_NOT_ETSI.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$eu$europa$esig$dss$enumerations$SignatureLevel[SignatureLevel.XAdES_BASELINE_LTA.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$eu$europa$esig$dss$enumerations$SignatureLevel[SignatureLevel.XAdES_BASELINE_LT.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$eu$europa$esig$dss$enumerations$SignatureLevel[SignatureLevel.XAdES_BASELINE_T.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
            try {
                $SwitchMap$eu$europa$esig$dss$enumerations$SignatureLevel[SignatureLevel.XAdES_BASELINE_B.ordinal()] = 5;
            } catch (NoSuchFieldError e5) {
            }
            try {
                $SwitchMap$eu$europa$esig$dss$enumerations$SignatureLevel[SignatureLevel.XAdES_X.ordinal()] = 6;
            } catch (NoSuchFieldError e6) {
            }
            try {
                $SwitchMap$eu$europa$esig$dss$enumerations$SignatureLevel[SignatureLevel.XAdES_C.ordinal()] = 7;
            } catch (NoSuchFieldError e7) {
            }
        }
    }

    public XAdESSignature(Element element) {
        this(element, Arrays.asList(new XPathQueryHolder()), new CertificatePool());
    }

    public XAdESSignature(Element element, List<XPathQueryHolder> list, CertificatePool certificatePool) {
        super(certificatePool);
        if (element == null) {
            throw new NullPointerException("signatureElement");
        }
        this.signatureElement = element;
        this.xPathQueryHolders = list;
        initialiseSettings();
    }

    private void initialiseSettings() {
        recursiveNamespaceBrowser(this.signatureElement);
        if (this.xPathQueryHolder == null) {
            LOG.warn("There is no suitable XPathQueryHolder to manage the signature. The default one will be used.");
            this.xPathQueryHolder = new XPathQueryHolder();
        }
    }

    public void recursiveNamespaceBrowser(Element element) {
        for (int i = 0; i < element.getChildNodes().getLength(); i++) {
            Node item = element.getChildNodes().item(i);
            if (item.getNodeType() == 1) {
                Element element2 = (Element) item;
                String namespaceURI = element2.getNamespaceURI();
                String localName = element2.getLocalName();
                if (!XPathQueryHolder.XMLE_TRANSFORM.equals(localName) || !"http://www.w3.org/2000/09/xmldsig#".equals(namespaceURI)) {
                    if (XPathQueryHolder.XMLE_QUALIFYING_PROPERTIES.equals(localName)) {
                        setXPathQueryHolder(namespaceURI);
                        return;
                    }
                    recursiveNamespaceBrowser(element2);
                }
            }
        }
    }

    private void setXPathQueryHolder(String str) {
        for (XPathQueryHolder xPathQueryHolder : this.xPathQueryHolders) {
            if (xPathQueryHolder.canUseThisXPathQueryHolder(str)) {
                this.xPathQueryHolder = xPathQueryHolder;
            }
        }
    }

    public XPathQueryHolder getXPathQueryHolder() {
        return this.xPathQueryHolder;
    }

    public Element getSignatureElement() {
        return this.signatureElement;
    }

    public SignatureForm getSignatureForm() {
        return SignatureForm.XAdES;
    }

    public EncryptionAlgorithm getEncryptionAlgorithm() {
        SignatureAlgorithm signatureAlgorithm = getSignatureAlgorithm();
        if (signatureAlgorithm == null) {
            return null;
        }
        return signatureAlgorithm.getEncryptionAlgorithm();
    }

    public DigestAlgorithm getDigestAlgorithm() {
        SignatureAlgorithm signatureAlgorithm = getSignatureAlgorithm();
        if (signatureAlgorithm == null) {
            return null;
        }
        return signatureAlgorithm.getDigestAlgorithm();
    }

    public MaskGenerationFunction getMaskGenerationFunction() {
        SignatureAlgorithm signatureAlgorithm = getSignatureAlgorithm();
        if (signatureAlgorithm == null) {
            return null;
        }
        return signatureAlgorithm.getMaskGenerationFunction();
    }

    public SignatureAlgorithm getSignatureAlgorithm() {
        Element element = this.signatureElement;
        Objects.requireNonNull(this.xPathQueryHolder);
        return SignatureAlgorithm.forXML(DomUtils.getElement(element, "./ds:SignedInfo/ds:SignatureMethod").getAttribute("Algorithm"), (SignatureAlgorithm) null);
    }

    public SignatureCertificateSource getCertificateSource() {
        if (this.offlineCertificateSource == null) {
            this.offlineCertificateSource = new XAdESCertificateSource(this.signatureElement, this.xPathQueryHolder, this.certPool);
        }
        return this.offlineCertificateSource;
    }

    public void resetCertificateSource() {
        this.offlineCertificateSource = null;
    }

    public SignatureCRLSource getCRLSource() {
        if (this.signatureCRLSource == null) {
            this.signatureCRLSource = new XAdESCRLSource(this.signatureElement, this.xPathQueryHolder);
        }
        return this.signatureCRLSource;
    }

    public SignatureOCSPSource getOCSPSource() {
        if (this.signatureOCSPSource == null) {
            this.signatureOCSPSource = new XAdESOCSPSource(this.signatureElement, this.xPathQueryHolder);
        }
        return this.signatureOCSPSource;
    }

    public void resetRevocationSources() {
        this.signatureCRLSource = null;
        this.signatureOCSPSource = null;
    }

    /* renamed from: getTimestampSource, reason: merged with bridge method [inline-methods] */
    public XAdESTimestampSource m21getTimestampSource() {
        if (this.signatureTimestampSource == null) {
            this.signatureTimestampSource = new XAdESTimestampSource(this, this.signatureElement, this.xPathQueryHolder, this.certPool);
        }
        return this.signatureTimestampSource;
    }

    public void resetTimestampSource() {
        this.signatureTimestampSource = null;
    }

    public CandidatesForSigningCertificate getCandidatesForSigningCertificate() {
        if (this.candidatesForSigningCertificate != null) {
            return this.candidatesForSigningCertificate;
        }
        this.candidatesForSigningCertificate = new CandidatesForSigningCertificate();
        Iterator it = getCertificateSource().getKeyInfoCertificates().iterator();
        while (it.hasNext()) {
            this.candidatesForSigningCertificate.add(new CertificateValidity((CertificateToken) it.next()));
        }
        return this.candidatesForSigningCertificate;
    }

    public void checkSigningCertificate() {
        CandidatesForSigningCertificate candidatesForSigningCertificate = getCandidatesForSigningCertificate();
        List signingCertificateValues = getCertificateSource().getSigningCertificateValues();
        if (Utils.isCollectionNotEmpty(signingCertificateValues)) {
            CertificateRef certificateRef = (CertificateRef) signingCertificateValues.get(0);
            Digest certDigest = certificateRef.getCertDigest();
            IssuerSerialInfo issuerInfo = certificateRef.getIssuerInfo();
            for (CertificateValidity certificateValidity : candidatesForSigningCertificate.getCertificateValidityList()) {
                certificateValidity.setAttributePresent(certificateRef != null);
                certificateValidity.setDigestPresent(certDigest != null);
                CertificateToken certificateToken = certificateValidity.getCertificateToken();
                if (certificateToken != null) {
                    if (certDigest != null) {
                        certificateValidity.setDigestEqual(Arrays.equals(certDigest.getValue(), certificateToken.getDigest(certDigest.getAlgorithm())));
                    }
                    if (issuerInfo != null) {
                        BigInteger serialNumber = issuerInfo.getSerialNumber();
                        X500Principal issuerName = issuerInfo.getIssuerName();
                        BigInteger serialNumber2 = certificateToken.getSerialNumber();
                        X500Principal issuerX500Principal = certificateToken.getIssuerX500Principal();
                        certificateValidity.setSerialNumberEqual(serialNumber2.equals(serialNumber));
                        boolean x500PrincipalAreEquals = DSSUtils.x500PrincipalAreEquals(issuerX500Principal, issuerName);
                        certificateValidity.setDistinguishedNameEqual(x500PrincipalAreEquals);
                        if (!x500PrincipalAreEquals) {
                            LOG.info("candidateIssuerName : {}", issuerX500Principal.getName("CANONICAL"));
                            LOG.info("issuerName : {}", issuerName == null ? "" : issuerName.getName("CANONICAL"));
                        }
                    }
                    if (candidatesForSigningCertificate.getTheCertificateValidity() == null) {
                        candidatesForSigningCertificate.setTheCertificateValidity(certificateValidity);
                    }
                }
            }
        }
    }

    public Date getSigningTime() {
        Element element = DomUtils.getElement(this.signatureElement, this.xPathQueryHolder.XPATH_SIGNING_TIME);
        if (element == null) {
            return null;
        }
        return DomUtils.getDate(element.getTextContent());
    }

    public void checkSignaturePolicy(SignaturePolicyProvider signaturePolicyProvider) {
        Element element = DomUtils.getElement(this.signatureElement, this.xPathQueryHolder.XPATH_SIGNATURE_POLICY_IDENTIFIER);
        if (element != null) {
            Element element2 = DomUtils.getElement(element, this.xPathQueryHolder.XPATH__POLICY_ID);
            if (element2 == null) {
                if (DomUtils.getElement(element, this.xPathQueryHolder.XPATH__SIGNATURE_POLICY_IMPLIED) != null) {
                    this.signaturePolicy = new SignaturePolicy();
                    return;
                }
                return;
            }
            String str = null;
            String textContent = element2.getTextContent();
            if (Utils.isStringNotEmpty(textContent)) {
                textContent = textContent.replaceAll("\n", "").trim();
                if (DSSXMLUtils.isOid(textContent)) {
                    textContent = DSSXMLUtils.getOidCode(textContent);
                } else {
                    str = textContent;
                }
            }
            this.signaturePolicy = new SignaturePolicy(textContent);
            this.signaturePolicy.setDigest(new Digest(DigestAlgorithm.forXML(DomUtils.getNode(element, this.xPathQueryHolder.XPATH__POLICY_DIGEST_METHOD).getTextContent()), Utils.fromBase64(DomUtils.getElement(element, this.xPathQueryHolder.XPATH__POLICY_DIGEST_VALUE).getTextContent().trim())));
            Element element3 = DomUtils.getElement(element, this.xPathQueryHolder.XPATH__POLICY_SPURI);
            if (element3 != null) {
                str = element3.getTextContent().trim();
            }
            Element element4 = DomUtils.getElement(element, this.xPathQueryHolder.XPATH__POLICY_DESCRIPTION);
            if (element4 != null && Utils.isStringNotEmpty(element4.getTextContent())) {
                this.signaturePolicy.setDescription(element4.getTextContent());
            }
            this.signaturePolicy.setUrl(str);
            this.signaturePolicy.setPolicyContent(signaturePolicyProvider.getSignaturePolicy(textContent, str));
        }
    }

    public SignatureProductionPlace getSignatureProductionPlace() {
        NodeList nodeList = DomUtils.getNodeList(this.signatureElement, this.xPathQueryHolder.XPATH_PRODUCTION_PLACE);
        if (nodeList.getLength() == 0 || nodeList.item(0) == null) {
            nodeList = DomUtils.getNodeList(this.signatureElement, this.xPathQueryHolder.XPATH_PRODUCTION_PLACE_V2);
            if (nodeList.getLength() == 0 || nodeList.item(0) == null) {
                return null;
            }
        }
        SignatureProductionPlace signatureProductionPlace = new SignatureProductionPlace();
        NodeList childNodes = nodeList.item(0).getChildNodes();
        for (int i = 0; i < childNodes.getLength(); i++) {
            Node item = childNodes.item(i);
            String localName = item.getLocalName();
            String textContent = item.getTextContent();
            if (XPathQueryHolder.XMLE_CITY.equals(localName)) {
                signatureProductionPlace.setCity(textContent);
            } else if (XPathQueryHolder.XMLE_STATE_OR_PROVINCE.equals(localName)) {
                signatureProductionPlace.setStateOrProvince(textContent);
            } else if (XPathQueryHolder.XMLE_POSTAL_CODE.equals(localName)) {
                signatureProductionPlace.setPostalCode(textContent);
            } else if (XPathQueryHolder.XMLE_COUNTRY_NAME.equals(localName)) {
                signatureProductionPlace.setCountryName(textContent);
            } else if (XPathQueryHolder.XMLE_STREET_ADDRESS.equals(localName)) {
                signatureProductionPlace.setStreetAddress(textContent);
            }
        }
        return signatureProductionPlace;
    }

    public List<SignerRole> getClaimedSignerRoles() {
        NodeList nodeList = DomUtils.getNodeList(this.signatureElement, this.xPathQueryHolder.XPATH_CLAIMED_ROLE);
        if (nodeList.getLength() == 0) {
            nodeList = DomUtils.getNodeList(this.signatureElement, this.xPathQueryHolder.XPATH_CLAIMED_ROLE_V2);
            if (nodeList.getLength() == 0) {
                return Collections.emptyList();
            }
        }
        ArrayList arrayList = new ArrayList();
        for (int i = 0; i < nodeList.getLength(); i++) {
            arrayList.add(new SignerRole(nodeList.item(i).getTextContent(), EndorsementType.CLAIMED));
        }
        return arrayList;
    }

    public List<SignerRole> getCertifiedSignerRoles() {
        NodeList nodeList = DomUtils.getNodeList(this.signatureElement, this.xPathQueryHolder.XPATH_CERTIFIED_ROLE);
        if (nodeList.getLength() == 0) {
            nodeList = DomUtils.getNodeList(this.signatureElement, this.xPathQueryHolder.XPATH_CERTIFIED_ROLE_V2);
            if (nodeList.getLength() == 0) {
                return Collections.emptyList();
            }
        }
        ArrayList arrayList = new ArrayList();
        for (int i = 0; i < nodeList.getLength(); i++) {
            arrayList.add(new SignerRole(((Element) nodeList.item(i)).getTextContent(), EndorsementType.CERTIFIED));
        }
        return arrayList;
    }

    public String getContentType() {
        String str = null;
        NodeList nodeList = DomUtils.getNodeList(this.signatureElement, this.xPathQueryHolder.XPATH_ALL_DATA_OBJECT_FORMAT_OBJECT_IDENTIFIER);
        if (nodeList != null && nodeList.getLength() > 0) {
            int i = 0;
            while (true) {
                if (i >= nodeList.getLength()) {
                    break;
                }
                Node item = nodeList.item(i);
                if (item instanceof Element) {
                    str = ((Element) item).getTextContent();
                    break;
                }
                i++;
            }
        }
        return str;
    }

    public String getMimeType() {
        String str = null;
        NodeList nodeList = DomUtils.getNodeList(this.signatureElement, this.xPathQueryHolder.XPATH_ALL_DATA_OBJECT_FORMAT_MIMETYPE);
        if (nodeList != null && nodeList.getLength() > 0) {
            int i = 0;
            while (true) {
                if (i >= nodeList.getLength()) {
                    break;
                }
                Node item = nodeList.item(i);
                if (item instanceof Element) {
                    str = ((Element) item).getTextContent();
                    break;
                }
                i++;
            }
        }
        return str;
    }

    public String getContentIdentifier() {
        return null;
    }

    public String getContentHints() {
        return null;
    }

    public byte[] getSignatureValue() {
        Element element = this.signatureElement;
        Objects.requireNonNull(this.xPathQueryHolder);
        Element element2 = DomUtils.getElement(element, "./ds:SignatureValue");
        if (element2 != null) {
            return Utils.fromBase64(element2.getTextContent());
        }
        return null;
    }

    public NodeList getObjects() {
        return DomUtils.getNodeList(this.signatureElement, XPathQueryHolder.XPATH_OBJECT);
    }

    public Element getCompleteCertificateRefs() {
        return DomUtils.getElement(this.signatureElement, this.xPathQueryHolder.XPATH_COMPLETE_CERTIFICATE_REFS);
    }

    public Element getCompleteRevocationRefs() {
        return DomUtils.getElement(this.signatureElement, this.xPathQueryHolder.XPATH_COMPLETE_REVOCATION_REFS);
    }

    public NodeList getSigAndRefsTimeStamp() {
        NodeList nodeList = DomUtils.getNodeList(this.signatureElement, this.xPathQueryHolder.XPATH_SIG_AND_REFS_TIMESTAMP);
        if (nodeList == null || nodeList.getLength() == 0) {
            nodeList = DomUtils.getNodeList(this.signatureElement, this.xPathQueryHolder.XPATH_SIG_AND_REFS_TIMESTAMP_V2);
        }
        return nodeList;
    }

    public Element getCertificateValues() {
        return DomUtils.getElement(this.signatureElement, this.xPathQueryHolder.XPATH_CERTIFICATE_VALUES);
    }

    public Element getRevocationValues() {
        return DomUtils.getElement(this.signatureElement, this.xPathQueryHolder.XPATH_REVOCATION_VALUES);
    }

    public boolean hasBProfile() {
        return DomUtils.isNotEmpty(this.signatureElement, this.xPathQueryHolder.XPATH_SIGNED_SIGNATURE_PROPERTIES);
    }

    public boolean hasTProfile() {
        return BDocTmSupport.hasBDocTmPolicyId(this.signatureElement, this.xPathQueryHolder) ? Utils.isStringNotBlank(DomUtils.getValue(this.signatureElement, this.xPathQueryHolder.XPATH_OCSP_VALUES_ENCAPSULATED_OCSP)) : super.hasTProfile();
    }

    public boolean hasCProfile() {
        return DomUtils.isNotEmpty(this.signatureElement, this.xPathQueryHolder.XPATH_COMPLETE_CERTIFICATE_REFS) || DomUtils.isNotEmpty(this.signatureElement, this.xPathQueryHolder.XPATH_COMPLETE_REVOCATION_REFS);
    }

    public boolean hasXProfile() {
        return DomUtils.isNotEmpty(this.signatureElement, this.xPathQueryHolder.XPATH_SIG_AND_REFS_TIMESTAMP);
    }

    public void checkSignatureIntegrity() {
        if (this.signatureCryptographicVerification != null) {
            return;
        }
        this.signatureCryptographicVerification = new SignatureCryptographicVerification();
        try {
            XMLSignature santuarioSignature = getSantuarioSignature();
            boolean z = false;
            List<CertificateValidity> signingCertificateValidityList = getSigningCertificateValidityList(santuarioSignature, this.signatureCryptographicVerification, this.providedSigningCertificateToken);
            LOG.debug("Determining signing certificate from certificate candidates list");
            ArrayList arrayList = new ArrayList();
            int i = 0;
            for (CertificateValidity certificateValidity : signingCertificateValidityList) {
                String str = "Certificate #" + (i + 1) + ": ";
                try {
                    try {
                        z = santuarioSignature.checkSignatureValue(certificateValidity.getPublicKey());
                    } catch (XMLSignatureException e) {
                        LOG.debug("Exception while probing candidate certificate as signing certificate: {}", e.getMessage());
                        arrayList.add(str + e.getMessage());
                    }
                } catch (Exception e2) {
                    LOG.error("Technical Exception : " + e2.getMessage());
                }
                if (z) {
                    LOG.info("Determining signing certificate from certificate candidates list succeeded");
                    this.candidatesForSigningCertificate.setTheCertificateValidity(certificateValidity);
                    break;
                } else {
                    arrayList.add(str + "Signature verification failed");
                    i++;
                }
            }
            if (!z) {
                LOG.warn("Determining signing certificate from certificate candidates list failed: {}", arrayList);
                Iterator it = arrayList.iterator();
                while (it.hasNext()) {
                    this.signatureCryptographicVerification.setErrorMessage((String) it.next());
                }
            }
            boolean z2 = true;
            boolean z3 = true;
            for (ReferenceValidation referenceValidation : getReferenceValidations()) {
                z2 = z2 && referenceValidation.isFound();
                z3 = z3 && referenceValidation.isIntact();
            }
            this.signatureCryptographicVerification.setReferenceDataFound(z2);
            this.signatureCryptographicVerification.setReferenceDataIntact(z3);
            this.signatureCryptographicVerification.setSignatureIntact(z);
        } catch (Exception e3) {
            LOG.error("checkSignatureIntegrity : {}", e3.getMessage());
            LOG.debug("checkSignatureIntegrity : " + e3.getMessage(), e3);
            StackTraceElement[] stackTrace = e3.getStackTrace();
            String name = XAdESSignature.class.getName();
            int i2 = 0;
            int length = stackTrace.length;
            int i3 = 0;
            while (true) {
                if (i3 >= length) {
                    break;
                }
                StackTraceElement stackTraceElement = stackTrace[i3];
                if (stackTraceElement.getClassName().equals(name)) {
                    i2 = stackTraceElement.getLineNumber();
                    break;
                }
                i3++;
            }
            this.signatureCryptographicVerification.setErrorMessage(e3.getMessage() + "/ XAdESSignature/Line number/" + i2);
        }
    }

    private void extractReferences() {
        this.references = new ArrayList();
        SignedInfo signedInfo = getSantuarioSignature().getSignedInfo();
        int length = signedInfo.getLength();
        for (int i = 0; i < length; i++) {
            try {
                this.references.add(signedInfo.item(i));
            } catch (XMLSecurityException e) {
                LOG.warn("Unable to retrieve reference #{} : {}", Integer.valueOf(i), e.getMessage());
            }
        }
    }

    public List<ReferenceValidation> getReferenceValidations() {
        if (this.referenceValidations == null) {
            this.referenceValidations = new ArrayList();
            XMLSignature santuarioSignature = getSantuarioSignature();
            boolean z = false;
            List<Reference> references = getReferences();
            for (Reference reference : references) {
                XAdESReferenceValidation xAdESReferenceValidation = new XAdESReferenceValidation(reference);
                xAdESReferenceValidation.setType(DigestMatcherType.REFERENCE);
                boolean z2 = false;
                try {
                    Digest digest = new Digest();
                    digest.setValue(reference.getDigestValue());
                    digest.setAlgorithm(DigestAlgorithm.forXML(reference.getMessageDigestAlgorithm().getAlgorithmURI()));
                    xAdESReferenceValidation.setDigest(digest);
                    try {
                        z2 = reference.getContentsBeforeTransformation() != null;
                    } catch (ReferenceNotInitializedException e) {
                    }
                    String uriOrEmpty = xAdESReferenceValidation.getUriOrEmpty();
                    boolean protectAgainstWrappingAttack = XMLUtils.protectAgainstWrappingAttack(santuarioSignature.getDocument(), DomUtils.getId(uriOrEmpty));
                    boolean isElementReference = DomUtils.isElementReference(uriOrEmpty);
                    if (isElementReference && DSSXMLUtils.isSignedProperties(reference, this.xPathQueryHolder)) {
                        xAdESReferenceValidation.setType(DigestMatcherType.SIGNED_PROPERTIES);
                        z2 = z2 && protectAgainstWrappingAttack && findSignedPropertiesById(uriOrEmpty);
                    } else if (DomUtils.isXPointerQuery(uriOrEmpty)) {
                        xAdESReferenceValidation.setType(DigestMatcherType.XPOINTER);
                        z2 = z2 && protectAgainstWrappingAttack;
                    } else if (isElementReference && DSSXMLUtils.isKeyInfoReference(reference, santuarioSignature.getElement(), this.xPathQueryHolder)) {
                        xAdESReferenceValidation.setType(DigestMatcherType.KEY_INFO);
                        z2 = true;
                    } else if (isElementReference && reference.typeIsReferenceToObject()) {
                        xAdESReferenceValidation.setType(DigestMatcherType.OBJECT);
                        z2 = z2 && protectAgainstWrappingAttack && findObjectById(uriOrEmpty);
                    } else if (isElementReference && reference.typeIsReferenceToManifest()) {
                        xAdESReferenceValidation.setType(DigestMatcherType.MANIFEST);
                        Node manifestById = getManifestById(uriOrEmpty);
                        z2 = z2 && protectAgainstWrappingAttack && manifestById != null;
                        if (manifestById != null) {
                            xAdESReferenceValidation.getDependentValidations().addAll(getManifestReferences(manifestById));
                        }
                    } else {
                        z2 = z2 && protectAgainstWrappingAttack;
                    }
                    r15 = z2 ? reference.verify() : false;
                } catch (Exception e2) {
                    LOG.warn("Unable to verify reference with Id [{}] : {}", new Object[]{reference.getId(), e2.getMessage(), e2});
                }
                if (DigestMatcherType.REFERENCE.equals(xAdESReferenceValidation.getType()) || DigestMatcherType.OBJECT.equals(xAdESReferenceValidation.getType()) || DigestMatcherType.MANIFEST.equals(xAdESReferenceValidation.getType()) || DigestMatcherType.XPOINTER.equals(xAdESReferenceValidation.getType())) {
                    z = true;
                }
                xAdESReferenceValidation.setFound(z2);
                xAdESReferenceValidation.setIntact(r15);
                this.referenceValidations.add(xAdESReferenceValidation);
            }
            if (!z) {
                this.referenceValidations.add(notFound(DigestMatcherType.REFERENCE));
            }
            if (this.referenceValidations.size() < references.size()) {
                LOG.warn("Not all references were validated!");
            }
        }
        return this.referenceValidations;
    }

    public SignatureDigestReference getSignatureDigestReference(DigestAlgorithm digestAlgorithm) {
        return new SignatureDigestReference(DEFAULT_CANONICALIZATION_METHOD, new Digest(digestAlgorithm, DSSUtils.digest(digestAlgorithm, DSSXMLUtils.canonicalizeSubtree(DEFAULT_CANONICALIZATION_METHOD, this.signatureElement))));
    }

    public List<ReferenceValidation> getManifestReferences(Node node) {
        return new ManifestValidator(this.signatureElement, node, this.detachedContents, this.xPathQueryHolder).validate();
    }

    private boolean findSignedPropertiesById(String str) {
        return getSignedPropertiesById(str) != null;
    }

    private Node getSignedPropertiesById(String str) {
        if (!Utils.isStringNotBlank(str)) {
            return null;
        }
        return DomUtils.getNode(this.signatureElement, this.xPathQueryHolder.XPATH_SIGNED_PROPERTIES + DomUtils.getXPathByIdAttribute(str));
    }

    private boolean findObjectById(String str) {
        return getObjectById(str) != null;
    }

    public Node getObjectById(String str) {
        if (!Utils.isStringNotBlank(str)) {
            return null;
        }
        return DomUtils.getNode(this.signatureElement, XPathQueryHolder.XPATH_OBJECT + DomUtils.getXPathByIdAttribute(str));
    }

    public Node getManifestById(String str) {
        if (!Utils.isStringNotBlank(str)) {
            return null;
        }
        return DomUtils.getNode(this.signatureElement, XPathQueryHolder.XPATH_MANIFEST + DomUtils.getXPathByIdAttribute(str));
    }

    private ReferenceValidation notFound(DigestMatcherType digestMatcherType) {
        ReferenceValidation referenceValidation = new ReferenceValidation();
        referenceValidation.setType(digestMatcherType);
        referenceValidation.setFound(false);
        return referenceValidation;
    }

    private XMLSignature getSantuarioSignature() {
        if (this.santuarioSignature != null) {
            return this.santuarioSignature;
        }
        try {
            Element documentElement = this.signatureElement.getOwnerDocument().getDocumentElement();
            DSSXMLUtils.setIDIdentifier(documentElement);
            DSSXMLUtils.recursiveIdBrowse(documentElement);
            this.santuarioSignature = new XMLSignature(this.signatureElement, "", false);
            if (Utils.isCollectionNotEmpty(this.detachedContents)) {
                initDetachedSignatureResolvers(this.detachedContents);
            }
            return this.santuarioSignature;
        } catch (XMLSecurityException e) {
            throw new DSSException("Unable to initialize santuario XMLSignature", e);
        }
    }

    private void initDetachedSignatureResolvers(List<DSSDocument> list) {
        for (Reference reference : getReferences()) {
            try {
                this.santuarioSignature.addResourceResolver(new DetachedSignatureResolver(list, DigestAlgorithm.forXML(reference.getMessageDigestAlgorithm().getAlgorithmURI())));
            } catch (XMLSignatureException e) {
                LOG.warn("Unable to retrieve reference digest algorithm {}", reference.getId(), e);
            }
        }
    }

    private List<CertificateValidity> getSigningCertificateValidityList(XMLSignature xMLSignature, SignatureCryptographicVerification signatureCryptographicVerification, CertificateToken certificateToken) throws KeyResolverException {
        List<CertificateValidity> certificateValidityList;
        PublicKey publicKey;
        if (certificateToken == null) {
            certificateValidityList = getCandidatesForSigningCertificate().getCertificateValidityList();
            if (certificateValidityList.isEmpty()) {
                KeyInfo keyInfo = xMLSignature.getKeyInfo();
                if (keyInfo == null || (publicKey = keyInfo.getPublicKey()) == null) {
                    signatureCryptographicVerification.setErrorMessage("There is no signing certificate within the signature.");
                    return certificateValidityList;
                }
                certificateValidityList = getSigningCertificateValidityList(publicKey);
            }
        } else {
            this.candidatesForSigningCertificate = new CandidatesForSigningCertificate();
            this.candidatesForSigningCertificate.add(new CertificateValidity(certificateToken));
            certificateValidityList = this.candidatesForSigningCertificate.getCertificateValidityList();
        }
        return certificateValidityList;
    }

    protected List<CertificateValidity> getSigningCertificateValidityList(PublicKey publicKey) {
        this.candidatesForSigningCertificate = new CandidatesForSigningCertificate();
        List list = this.certPool.get(publicKey);
        if (Utils.isCollectionNotEmpty(list)) {
            Iterator it = list.iterator();
            while (it.hasNext()) {
                this.candidatesForSigningCertificate.add(new CertificateValidity((CertificateToken) it.next()));
            }
        } else {
            this.candidatesForSigningCertificate.add(new CertificateValidity(publicKey));
        }
        return this.candidatesForSigningCertificate.getCertificateValidityList();
    }

    public List<AdvancedSignature> getCounterSignatures() {
        NodeList nodeList = DomUtils.getNodeList(this.signatureElement, this.xPathQueryHolder.XPATH_COUNTER_SIGNATURE);
        if (nodeList == null) {
            return null;
        }
        ArrayList arrayList = new ArrayList();
        for (int i = 0; i < nodeList.getLength(); i++) {
            Element element = (Element) nodeList.item(i);
            Objects.requireNonNull(this.xPathQueryHolder);
            XAdESSignature xAdESSignature = new XAdESSignature(DomUtils.getElement(element, "./ds:Signature"), this.xPathQueryHolders, this.certPool);
            if (isCounterSignature(xAdESSignature)) {
                xAdESSignature.setMasterSignature(this);
                arrayList.add(xAdESSignature);
            }
        }
        return arrayList;
    }

    private boolean isCounterSignature(XAdESSignature xAdESSignature) {
        Iterator<Reference> it = xAdESSignature.getReferences().iterator();
        while (it.hasNext()) {
            if (DSSXMLUtils.isCounerSignature(it.next(), this.xPathQueryHolder)) {
                return true;
            }
        }
        return false;
    }

    public List<CertificateRef> getCertificateRefs() {
        return getCertificateSource().getCompleteCertificateRefs();
    }

    protected SignatureIdentifier buildSignatureIdentifier() {
        CertificateToken signingCertificateToken = getSigningCertificateToken();
        return SignatureIdentifier.buildSignatureIdentifier(getSigningTime(), signingCertificateToken == null ? null : signingCertificateToken.getDSSId(), getDAIdentifier());
    }

    public String getDAIdentifier() {
        if (this.daIdentifier == null) {
            this.daIdentifier = DSSXMLUtils.getIDIdentifier(this.signatureElement);
        }
        return this.daIdentifier;
    }

    public List<String> getUnsignedSignatureProperties() {
        return DomUtils.getChildrenNames(this.signatureElement, this.xPathQueryHolder.XPATH_UNSIGNED_SIGNATURE_PROPERTIES);
    }

    public List<String> getSignedSignatureProperties() {
        return DomUtils.getChildrenNames(this.signatureElement, this.xPathQueryHolder.XPATH_SIGNED_SIGNATURE_PROPERTIES);
    }

    public List<String> getSignedProperties() {
        return DomUtils.getChildrenNames(this.signatureElement, this.xPathQueryHolder.XPATH_SIGNED_PROPERTIES);
    }

    public List<String> getUnsignedProperties() {
        return DomUtils.getChildrenNames(this.signatureElement, this.xPathQueryHolder.XPATH_UNSIGNED_PROPERTIES);
    }

    public List<String> getSignedDataObjectProperties() {
        return DomUtils.getChildrenNames(this.signatureElement, this.xPathQueryHolder.XPATH_SIGNED_DATA_OBJECT_PROPERTIES);
    }

    public boolean isDataForSignatureLevelPresent(SignatureLevel signatureLevel) {
        boolean z = true;
        switch (AnonymousClass1.$SwitchMap$eu$europa$esig$dss$enumerations$SignatureLevel[signatureLevel.ordinal()]) {
            case 1:
                break;
            case 2:
                z = hasLTAProfile() && isDataForSignatureLevelPresent(SignatureLevel.XAdES_BASELINE_LT);
                break;
            case 3:
                z = hasLTProfile() && isDataForSignatureLevelPresent(SignatureLevel.XAdES_BASELINE_T);
                break;
            case 4:
                z = hasTProfile() && isDataForSignatureLevelPresent(SignatureLevel.XAdES_BASELINE_B);
                break;
            case 5:
                z = hasBProfile();
                break;
            case 6:
                z = hasXProfile() && isDataForSignatureLevelPresent(SignatureLevel.XAdES_C);
                break;
            case 7:
                z = hasCProfile() && isDataForSignatureLevelPresent(SignatureLevel.XAdES_BASELINE_T);
                break;
            default:
                throw new IllegalArgumentException("Unknown level " + signatureLevel);
        }
        return z;
    }

    public SignatureLevel[] getSignatureLevels() {
        return signatureLevels;
    }

    public void validateStructure() {
        this.structureValidation = DSSXMLUtils.validateAgainstXSD(new StreamSource(new StringReader(DomUtils.xmlToString(this.signatureElement))));
    }

    public Element getLastTimestampValidationData() {
        NodeList nodeList = DomUtils.getNodeList(this.signatureElement, this.xPathQueryHolder.XPATH_UNSIGNED_SIGNATURE_PROPERTIES + "/*");
        if (nodeList.getLength() <= 0) {
            return null;
        }
        Element element = (Element) nodeList.item(nodeList.getLength() - 1);
        if (XPathQueryHolder.XMLE_TIME_STAMP_VALIDATION_DATA.equals(element.getLocalName())) {
            return element;
        }
        return null;
    }

    public CommitmentType getCommitmentTypeIndication() {
        CommitmentType commitmentType = null;
        NodeList nodeList = DomUtils.getNodeList(this.signatureElement, this.xPathQueryHolder.XPATH_COMMITMENT_IDENTIFICATION);
        if (nodeList != null && nodeList.getLength() > 0) {
            commitmentType = new CommitmentType();
            for (int i = 0; i < nodeList.getLength(); i++) {
                commitmentType.addIdentifier(DomUtils.getValue(nodeList.item(i), this.xPathQueryHolder.XPATH_COMITMENT_IDENTIFIERS));
            }
        }
        return commitmentType;
    }

    public List<Reference> getReferences() {
        if (this.references == null) {
            extractReferences();
        }
        return this.references;
    }

    public List<Element> getSignatureObjects() {
        NodeList nodeList = DomUtils.getNodeList(this.signatureElement, XPathQueryHolder.XPATH_OBJECT);
        ArrayList arrayList = new ArrayList(nodeList.getLength());
        for (int i = 0; i < nodeList.getLength(); i++) {
            Element element = (Element) nodeList.item(i);
            if (DomUtils.getElement(element, this.xPathQueryHolder.XPATH__QUALIFYING_PROPERTIES_SIGNED_PROPERTIES) == null) {
                arrayList.add(element);
            }
        }
        return arrayList;
    }

    public void registerXPathQueryHolder(XPathQueryHolder xPathQueryHolder) {
        this.xPathQueryHolders.add(xPathQueryHolder);
    }

    static {
        SantuarioInitializer.init();
        JCEMapper.register(SignatureRSARIPEMD160AT.XML_ID, new JCEMapper.Algorithm("", SignatureAlgorithm.RSA_RIPEMD160.getJCEId(), "Signature"));
        try {
            org.apache.xml.security.algorithms.SignatureAlgorithm.register(SignatureRSARIPEMD160AT.XML_ID, SignatureRSARIPEMD160AT.class);
        } catch (Exception e) {
            LOG.error("ECDSA_RIPEMD160AT algorithm initialisation failed.", e);
        }
    }
}
