package eu.europa.esig.dss.xades.signature;

import eu.europa.esig.dss.DomUtils;
import eu.europa.esig.dss.XAdESNamespaces;
import eu.europa.esig.dss.enumerations.DigestAlgorithm;
import eu.europa.esig.dss.enumerations.SignatureLevel;
import eu.europa.esig.dss.enumerations.SignaturePackaging;
import eu.europa.esig.dss.enumerations.TimestampType;
import eu.europa.esig.dss.model.DSSDocument;
import eu.europa.esig.dss.model.DSSException;
import eu.europa.esig.dss.model.TimestampParameters;
import eu.europa.esig.dss.model.identifier.EncapsulatedRevocationTokenIdentifier;
import eu.europa.esig.dss.model.x509.CertificateToken;
import eu.europa.esig.dss.signature.SignatureExtension;
import eu.europa.esig.dss.spi.DSSASN1Utils;
import eu.europa.esig.dss.spi.DSSUtils;
import eu.europa.esig.dss.spi.x509.revocation.RevocationToken;
import eu.europa.esig.dss.spi.x509.tsp.TSPSource;
import eu.europa.esig.dss.utils.Utils;
import eu.europa.esig.dss.validation.CertificateVerifier;
import eu.europa.esig.dss.validation.DefaultAdvancedSignature;
import eu.europa.esig.dss.validation.ValidationContext;
import eu.europa.esig.dss.xades.DSSXMLUtils;
import eu.europa.esig.dss.xades.ProfileParameters;
import eu.europa.esig.dss.xades.XAdESSignatureParameters;
import eu.europa.esig.dss.xades.XPathQueryHolder;
import eu.europa.esig.dss.xades.validation.XAdESSignature;
import java.io.Serializable;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.UUID;
import org.digidoc4j.dss.xades.BDocTmSupport;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Element;
import org.w3c.dom.NodeList;

/* loaded from: input_file:eu/europa/esig/dss/xades/signature/XAdESLevelBaselineT.class */
public class XAdESLevelBaselineT extends ExtensionBuilder implements SignatureExtension<XAdESSignatureParameters>, Serializable {
    private static final Logger LOG = LoggerFactory.getLogger(XAdESLevelBaselineT.class);
    protected TSPSource tspSource;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: eu.europa.esig.dss.xades.signature.XAdESLevelBaselineT$1, reason: invalid class name */
    /* loaded from: input_file:eu/europa/esig/dss/xades/signature/XAdESLevelBaselineT$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$eu$europa$esig$dss$enumerations$TimestampType = new int[TimestampType.values().length];

        static {
            try {
                $SwitchMap$eu$europa$esig$dss$enumerations$TimestampType[TimestampType.SIGNATURE_TIMESTAMP.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$eu$europa$esig$dss$enumerations$TimestampType[TimestampType.VALIDATION_DATA_TIMESTAMP.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$eu$europa$esig$dss$enumerations$TimestampType[TimestampType.ARCHIVE_TIMESTAMP.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
        }
    }

    public XAdESLevelBaselineT(CertificateVerifier certificateVerifier) {
        super(certificateVerifier);
    }

    private void incorporateC14nMethod(Element element, String str) {
        Element createElementNS = this.documentDom.createElementNS("http://www.w3.org/2000/09/xmldsig#", XAdESBuilder.DS_CANONICALIZATION_METHOD);
        createElementNS.setAttribute("Algorithm", str);
        element.appendChild(createElementNS);
    }

    public DSSDocument extendSignatures(DSSDocument dSSDocument, XAdESSignatureParameters xAdESSignatureParameters) throws DSSException {
        if (dSSDocument == null) {
            throw new NullPointerException();
        }
        if (this.tspSource == null) {
            throw new NullPointerException();
        }
        this.params = xAdESSignatureParameters;
        ProfileParameters context = xAdESSignatureParameters.getContext();
        if (LOG.isInfoEnabled()) {
            LOG.info("====> Extending: {}", dSSDocument.getName() == null ? "IN MEMORY DOCUMENT" : dSSDocument.getName());
        }
        this.documentDom = DomUtils.buildDOM(dSSDocument);
        NodeList elementsByTagNameNS = this.documentDom.getElementsByTagNameNS("http://www.w3.org/2000/09/xmldsig#", "Signature");
        if (elementsByTagNameNS.getLength() == 0) {
            throw new DSSException("There is no signature to extend!");
        }
        String str = null;
        SignaturePackaging signaturePackaging = xAdESSignatureParameters.getSignaturePackaging();
        if (ProfileParameters.Operation.SIGNING.equals(context.getOperationKind()) && SignaturePackaging.ENVELOPED.equals(signaturePackaging)) {
            str = xAdESSignatureParameters.getDeterministicId();
        }
        for (int i = 0; i < elementsByTagNameNS.getLength(); i++) {
            this.currentSignatureDom = (Element) elementsByTagNameNS.item(i);
            String attribute = this.currentSignatureDom.getAttribute(XAdESBuilder.ID);
            if (str == null || str.equals(attribute)) {
                this.xadesSignature = new XAdESSignature(this.currentSignatureDom, Arrays.asList(new XPathQueryHolder()), this.certificateVerifier.createValidationPool());
                this.xadesSignature.setDetachedContents(xAdESSignatureParameters.getDetachedContents());
                extendSignatureTag();
            }
        }
        return createXmlDocument();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void extendSignatureTag() throws DSSException {
        assertExtendSignatureToTPossible();
        ensureUnsignedProperties();
        ensureUnsignedSignatureProperties();
        ensureSignedDataObjectProperties();
        assertSignatureValid(this.xadesSignature);
        Element element = (Element) this.unsignedSignaturePropertiesDom.cloneNode(true);
        if (BDocTmSupport.isBdocTmSignatureProfile(this.params)) {
            return;
        }
        if (!this.xadesSignature.hasTProfile() || SignatureLevel.XAdES_BASELINE_T.equals(this.params.getSignatureLevel())) {
            TimestampParameters signatureTimestampParameters = this.params.getSignatureTimestampParameters();
            String canonicalizationMethod = signatureTimestampParameters.getCanonicalizationMethod();
            createXAdESTimeStampType(TimestampType.SIGNATURE_TIMESTAMP, canonicalizationMethod, DSSUtils.digest(signatureTimestampParameters.getDigestAlgorithm(), this.xadesSignature.m21getTimestampSource().getSignatureTimestampData(canonicalizationMethod)));
            this.unsignedSignaturePropertiesDom = indentIfPrettyPrint(this.unsignedSignaturePropertiesDom, element);
        }
    }

    private void assertExtendSignatureToTPossible() {
        if (SignatureLevel.XAdES_BASELINE_T.equals(this.params.getSignatureLevel())) {
            if (this.xadesSignature.hasLTProfile() || this.xadesSignature.hasLTAProfile()) {
                throw new DSSException(String.format("Cannot extend signature. The signedData is already extended with [%s].", "XAdES LT"));
            }
        }
    }

    public void setTspSource(TSPSource tSPSource) {
        this.tspSource = tSPSource;
    }

    protected Element incorporateCertificateValues(Element element, ValidationContext validationContext) {
        Element element2 = null;
        Set<CertificateToken> certificatesForInclusion = this.xadesSignature.getCertificatesForInclusion(validationContext);
        if (!certificatesForInclusion.isEmpty()) {
            HashSet<CertificateToken> hashSet = new HashSet();
            List certificates = this.xadesSignature.getCertificateSource().getCertificates();
            for (CertificateToken certificateToken : certificatesForInclusion) {
                if (!certificates.contains(certificateToken)) {
                    hashSet.add(certificateToken);
                }
            }
            if (!hashSet.isEmpty()) {
                element2 = DomUtils.addElement(this.documentDom, element, XAdESNamespaces.getXAdESDefaultNamespace(), XAdESBuilder.XADES_CERTIFICATE_VALUES);
                int i = 0;
                for (CertificateToken certificateToken2 : hashSet) {
                    Element addTextElement = DomUtils.addTextElement(this.documentDom, element2, XAdESNamespaces.getXAdESDefaultNamespace(), XAdESBuilder.XADES_ENCAPSULATED_X509_CERTIFICATE, Utils.toBase64(certificateToken2.getEncoded()));
                    boolean z = certificateToken2.getCertificate().getBasicConstraints() != -1;
                    if (DSSASN1Utils.isOCSPSigning(certificateToken2) && !z) {
                        addTextElement.setAttribute(XAdESBuilder.ID, this.xadesSignature.getId() + "-RESPONDER_CERT-" + i);
                        i++;
                    }
                }
            }
        }
        return element2;
    }

    protected Element incorporateRevocationValues(Element element, ValidationContext validationContext) {
        Element element2 = null;
        DefaultAdvancedSignature.RevocationDataForInclusion revocationDataForInclusion = this.xadesSignature.getRevocationDataForInclusion(validationContext);
        if (!revocationDataForInclusion.isEmpty()) {
            List<RevocationToken> filterDuplicateRevocations = filterDuplicateRevocations(revocationDataForInclusion.crlTokens, this.xadesSignature.getCRLSource().getCRLBinaryList());
            List<RevocationToken> filterDuplicateRevocations2 = filterDuplicateRevocations(revocationDataForInclusion.ocspTokens, this.xadesSignature.getOCSPSource().getOCSPResponsesList());
            if (Utils.isCollectionNotEmpty(filterDuplicateRevocations) || Utils.isCollectionNotEmpty(filterDuplicateRevocations2)) {
                element2 = DomUtils.addElement(this.documentDom, element, XAdESNamespaces.getXAdESDefaultNamespace(), XAdESBuilder.XADES_REVOCATION_VALUES);
                incorporateCrlTokens(element2, filterDuplicateRevocations);
                incorporateOcspTokens(element2, filterDuplicateRevocations2);
            }
        }
        return element2;
    }

    private List<RevocationToken> filterDuplicateRevocations(List<? extends RevocationToken> list, Collection<? extends EncapsulatedRevocationTokenIdentifier> collection) {
        ArrayList arrayList = new ArrayList();
        for (RevocationToken revocationToken : list) {
            boolean z = false;
            Iterator<? extends EncapsulatedRevocationTokenIdentifier> it = collection.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                if (Arrays.equals(revocationToken.getEncoded(), it.next().getBinaries())) {
                    z = true;
                    break;
                }
            }
            if (!z) {
                arrayList.add(revocationToken);
            }
        }
        return arrayList;
    }

    private void incorporateCrlTokens(Element element, List<RevocationToken> list) {
        if (list.isEmpty()) {
            return;
        }
        Element addElement = DomUtils.addElement(this.documentDom, element, XAdESNamespaces.getXAdESDefaultNamespace(), "xades:CRLValues");
        Iterator<RevocationToken> it = list.iterator();
        while (it.hasNext()) {
            DomUtils.addTextElement(this.documentDom, addElement, XAdESNamespaces.getXAdESDefaultNamespace(), "xades:EncapsulatedCRLValue", Utils.toBase64(it.next().getEncoded()));
        }
    }

    private void incorporateOcspTokens(Element element, List<RevocationToken> list) {
        if (list.isEmpty()) {
            return;
        }
        Element addElement = DomUtils.addElement(this.documentDom, element, XAdESNamespaces.getXAdESDefaultNamespace(), "xades:OCSPValues");
        Iterator<RevocationToken> it = list.iterator();
        while (it.hasNext()) {
            DomUtils.addTextElement(this.documentDom, addElement, XAdESNamespaces.getXAdESDefaultNamespace(), "xades:EncapsulatedOCSPValue", Utils.toBase64(it.next().getEncoded()));
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void incorporateCertificateValues(Element element, ValidationContext validationContext, String str) {
        Element incorporateCertificateValues = incorporateCertificateValues(element, validationContext);
        if (incorporateCertificateValues == null || str == null) {
            return;
        }
        DomUtils.setTextNode(this.documentDom, this.unsignedSignaturePropertiesDom, str);
        DSSXMLUtils.indentAndReplace(this.documentDom, incorporateCertificateValues);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void incorporateRevocationValues(Element element, ValidationContext validationContext, String str) {
        Element incorporateRevocationValues = incorporateRevocationValues(element, validationContext);
        if (incorporateRevocationValues == null || str == null) {
            return;
        }
        DomUtils.setTextNode(this.documentDom, this.unsignedSignaturePropertiesDom, str);
        DSSXMLUtils.indentAndReplace(this.documentDom, incorporateRevocationValues);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void createXAdESTimeStampType(TimestampType timestampType, String str, byte[] bArr) throws DSSException {
        Element addElement;
        DigestAlgorithm digestAlgorithm = this.params.getSignatureTimestampParameters().getDigestAlgorithm();
        switch (AnonymousClass1.$SwitchMap$eu$europa$esig$dss$enumerations$TimestampType[timestampType.ordinal()]) {
            case 1:
                addElement = DomUtils.addElement(this.documentDom, this.unsignedSignaturePropertiesDom, XAdESNamespaces.getXAdESDefaultNamespace(), XAdESBuilder.XADES_SIGNATURE_TIME_STAMP);
                break;
            case 2:
                if (this.params.isEn319132() && !isOldGeneration(this.params.getSignatureLevel())) {
                    addElement = DomUtils.addElement(this.documentDom, this.unsignedSignaturePropertiesDom, XAdESNamespaces.getXAdESDefaultNamespace(), XAdESBuilder.XADES_SIG_AND_REFS_TIME_STAMP_V2);
                    break;
                } else {
                    addElement = DomUtils.addElement(this.documentDom, this.unsignedSignaturePropertiesDom, XAdESNamespaces.getXAdESDefaultNamespace(), XAdESBuilder.XADES_SIG_AND_REFS_TIME_STAMP);
                    break;
                }
                break;
            case 3:
                addElement = DomUtils.addElement(this.documentDom, this.unsignedSignaturePropertiesDom, "http://uri.etsi.org/01903/v1.4.1#", XAdESBuilder.XADES141_ARCHIVE_TIME_STAMP);
                digestAlgorithm = this.params.getArchiveTimestampParameters().getDigestAlgorithm();
                break;
            default:
                throw new DSSException("Unsupported timestamp type : " + timestampType);
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("Timestamp generation: {} / {} / {}", new Object[]{digestAlgorithm.getName(), str, Utils.toBase64(bArr)});
        }
        String base64 = Utils.toBase64(DSSASN1Utils.getDEREncoded(this.tspSource.getTimeStampResponse(digestAlgorithm, bArr)));
        String uuid = UUID.randomUUID().toString();
        addElement.setAttribute(XAdESBuilder.ID, "TS-" + uuid);
        incorporateC14nMethod(addElement, str);
        Element addElement2 = DomUtils.addElement(this.documentDom, addElement, XAdESNamespaces.getXAdESDefaultNamespace(), XAdESBuilder.XADES_ENCAPSULATED_TIME_STAMP);
        addElement2.setAttribute(XAdESBuilder.ID, "ETS-" + uuid);
        DomUtils.setTextNode(this.documentDom, addElement2, base64);
    }

    private boolean isOldGeneration(SignatureLevel signatureLevel) {
        return SignatureLevel.XAdES_X.equals(signatureLevel) || SignatureLevel.XAdES_XL.equals(signatureLevel) || SignatureLevel.XAdES_A.equals(signatureLevel);
    }
}
