package ee.sk.digidoc.factory;

import ee.sk.digidoc.Base64Util;
import ee.sk.digidoc.CertID;
import ee.sk.digidoc.CertValue;
import ee.sk.digidoc.CompleteCertificateRefs;
import ee.sk.digidoc.CompleteRevocationRefs;
import ee.sk.digidoc.DataFile;
import ee.sk.digidoc.DataObjectFormat;
import ee.sk.digidoc.DigiDocException;
import ee.sk.digidoc.Identifier;
import ee.sk.digidoc.IncludeInfo;
import ee.sk.digidoc.KeyInfo;
import ee.sk.digidoc.ManifestFileEntry;
import ee.sk.digidoc.Notary;
import ee.sk.digidoc.ObjectIdentifier;
import ee.sk.digidoc.OcspRef;
import ee.sk.digidoc.Reference;
import ee.sk.digidoc.Signature;
import ee.sk.digidoc.SignaturePolicyId;
import ee.sk.digidoc.SignaturePolicyIdentifier;
import ee.sk.digidoc.SignatureProductionPlace;
import ee.sk.digidoc.SignedDataObjectProperties;
import ee.sk.digidoc.SignedDoc;
import ee.sk.digidoc.SignedInfo;
import ee.sk.digidoc.SignedProperties;
import ee.sk.digidoc.SpUri;
import ee.sk.digidoc.TimestampInfo;
import ee.sk.digidoc.UnsignedProperties;
import ee.sk.utils.ConfigManager;
import ee.sk.utils.ConvertUtils;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPublicKey;
import java.util.Enumeration;
import org.apache.log4j.Logger;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.x509.PolicyInformation;
import org.bouncycastle.asn1.x509.TBSCertificateStructure;
import org.bouncycastle.asn1.x509.X509CertificateStructure;
import org.bouncycastle.asn1.x509.X509Extension;
import org.bouncycastle.asn1.x509.X509Extensions;
import org.bouncycastle.tsp.TSPAlgorithms;
import org.bouncycastle.tsp.TimeStampResponse;

/* loaded from: input_file:ee/sk/digidoc/factory/DigiDocGenFactory.class */
public class DigiDocGenFactory {
    private static final String DIGI_OID_TEST = "1.3.6.1.4.1.10015.3.2.1";
    private static final String DIGI_OID_LIVE1 = "1.3.6.1.4.1.10015.1.2.3.1";
    private static final String DIGI_OID_LIVE2 = "1.3.6.1.4.1.10015.1.2.3.2";
    private static final String DIGI_OID_LIVE_TEST = "1.3.6.1.4.1.10015.1.2";
    private static final int PRE2011_KEYLEN = 162;
    private static final String RMID_OID_TEST = "1.3.6.1.4.1.10015.3.3.1";
    private static final String ASUTUSE_OID_TEST = "1.3.6.1.4.1.10015.3.7.1";
    private static final String MID_OID_TEST = "1.3.6.1.4.1.10015.3.11.1";
    public static final String BDOC_210_OID = "urn:oid:1.3.6.1.4.1.10015.1000.3.2.1";
    public static final String BDOC_210_DIGEST_VALUE = "3Tl1oILSvOAWomdI9VeWV6IA/32eSXRUri9kPEz1IVs=";
    public static final String BDOC_210_DIGEST_HEX = "dd3975a082d2bce016a26748f5579657a200ff7d9e497454ae2f643c4cf5215b";
    public static final String BDOC_210_DIGEST_METHOD = "http://www.w3.org/2001/04/xmlenc#sha256";
    public static final String BDOC_210_SPURI = "https://www.sk.ee/repository/bdoc-spec21.pdf";
    private static Logger m_logger = Logger.getLogger(DigiDocGenFactory.class);
    private static final String DIGI_OID_TEST_TEST = "1.3.6.1.4.1.10015.3.2";
    public static final String[] TEST_OIDS_PREFS = {"1.3.6.1.4.1.10015.3.7", "1.3.6.1.4.1.10015.7", "1.3.6.1.4.1.10015.3.3", "1.3.6.1.4.1.10015.3.11", DIGI_OID_TEST_TEST, "1.3.6.1.4.1.10015.3.1"};

    private static boolean certHasPolicy(X509Certificate x509Certificate, String str) {
        X509Extensions extensions;
        String id;
        try {
            if (m_logger.isDebugEnabled()) {
                m_logger.debug("Read cert policies: " + x509Certificate.getSerialNumber().toString());
            }
            TBSCertificateStructure tBSCertificate = new X509CertificateStructure(new ASN1InputStream(new ByteArrayInputStream(x509Certificate.getEncoded())).readObject()).getTBSCertificate();
            if (tBSCertificate.getVersion() == 3 && (extensions = tBSCertificate.getExtensions()) != null) {
                Enumeration oids = extensions.oids();
                while (oids.hasMoreElements()) {
                    Object nextElement = oids.nextElement();
                    if (nextElement instanceof ASN1ObjectIdentifier) {
                        ASN1ObjectIdentifier aSN1ObjectIdentifier = (ASN1ObjectIdentifier) nextElement;
                        ASN1InputStream aSN1InputStream = new ASN1InputStream(new ByteArrayInputStream(extensions.getExtension(aSN1ObjectIdentifier).getValue().getOctets()));
                        if (aSN1ObjectIdentifier.equals(X509Extension.certificatePolicies)) {
                            ASN1Sequence readObject = aSN1InputStream.readObject();
                            for (int i = 0; i != readObject.size(); i++) {
                                PolicyInformation policyInformation = PolicyInformation.getInstance(readObject.getObjectAt(i));
                                if (policyInformation != null && (id = policyInformation.getPolicyIdentifier().getId()) != null) {
                                    if (m_logger.isDebugEnabled()) {
                                        m_logger.debug("Policy: " + id);
                                    }
                                    if (id.startsWith(str)) {
                                        return true;
                                    }
                                }
                            }
                        } else {
                            continue;
                        }
                    }
                }
            }
            return false;
        } catch (Exception e) {
            m_logger.error("Error reading cert policies: " + e);
            return false;
        }
    }

    public static boolean is2011Card(X509Certificate x509Certificate) {
        return x509Certificate != null && (x509Certificate.getPublicKey() instanceof RSAPublicKey) && ((RSAPublicKey) x509Certificate.getPublicKey()).getModulus().bitLength() == 2048;
    }

    public static boolean isDigiIdCard(X509Certificate x509Certificate) {
        return x509Certificate != null && (x509Certificate.getPublicKey() instanceof RSAPublicKey) && ((RSAPublicKey) x509Certificate.getPublicKey()).getModulus().bitLength() == 1024 && (certHasPolicy(x509Certificate, DIGI_OID_LIVE_TEST) || certHasPolicy(x509Certificate, DIGI_OID_TEST_TEST) || certHasPolicy(x509Certificate, RMID_OID_TEST) || certHasPolicy(x509Certificate, ASUTUSE_OID_TEST) || certHasPolicy(x509Certificate, MID_OID_TEST));
    }

    public static boolean isPre2011IdCard(X509Certificate x509Certificate) {
        return (x509Certificate == null || !(x509Certificate.getPublicKey() instanceof RSAPublicKey) || ((RSAPublicKey) x509Certificate.getPublicKey()).getModulus().bitLength() != 1024 || certHasPolicy(x509Certificate, DIGI_OID_LIVE_TEST) || certHasPolicy(x509Certificate, DIGI_OID_TEST_TEST)) ? false : true;
    }

    public static boolean isTestCard(X509Certificate x509Certificate) {
        if (x509Certificate == null) {
            return false;
        }
        String commonName = ConvertUtils.getCommonName(x509Certificate.getSubjectDN().getName());
        for (int i = 0; i < TEST_OIDS_PREFS.length; i++) {
            String str = TEST_OIDS_PREFS[i];
            if (i != 1) {
                if (certHasPolicy(x509Certificate, str)) {
                    return true;
                }
            } else if (certHasPolicy(x509Certificate, str) && commonName != null && commonName.indexOf("TEST") != -1) {
                return true;
            }
        }
        return false;
    }

    public static boolean isEcPubKey(X509Certificate x509Certificate) {
        return x509Certificate != null && x509Certificate.getPublicKey().getAlgorithm().equals("EC");
    }

    public static SignedDoc createSignedDoc(String str, String str2, String str3) throws DigiDocException {
        String str4 = str2;
        if (str != null && str.equals(SignedDoc.FORMAT_BDOC)) {
            str4 = SignedDoc.BDOC_VERSION_2_1;
            if (str3 == null || str3.trim().length() == 0) {
                str3 = ConfigManager.instance().getStringProperty("DIGIDOC_DEFAULT_PROFILE", SignedDoc.BDOC_PROFILE_TM);
            }
        }
        if (str != null && (str.equals(SignedDoc.FORMAT_SK_XML) || str.equals(SignedDoc.FORMAT_DIGIDOC_XML))) {
            if (str4 == null) {
                str4 = SignedDoc.VERSION_1_3;
            }
            str3 = SignedDoc.BDOC_PROFILE_TM;
        }
        if (m_logger.isDebugEnabled()) {
            m_logger.debug("Creating digidoc: " + str + " / " + str4 + " / " + str3);
        }
        SignedDoc signedDoc = new SignedDoc(str, str4);
        signedDoc.setProfile(str3);
        return signedDoc;
    }

    private static void registerCert(X509Certificate x509Certificate, int i, String str, Signature signature) throws DigiDocException {
        String str2 = str;
        if (str2 != null) {
            str2 = str2.replace(" ", "_");
        }
        CertValue certValue = new CertValue(str2, x509Certificate, i, signature);
        signature.addCertValue(certValue);
        CertID certID = new CertID(signature, x509Certificate, i);
        signature.addCertID(certID);
        if (i != 1) {
            certID.setUri("#" + certValue.getId());
        }
    }

    public static Signature prepareXadesBES(SignedDoc signedDoc, String str, X509Certificate x509Certificate, String[] strArr, SignatureProductionPlace signatureProductionPlace, String str2, String str3, String str4) throws DigiDocException {
        X509Certificate findCaForCert;
        if (m_logger.isDebugEnabled()) {
            m_logger.debug("Prepare signature in sdoc: " + signedDoc.getFormat() + "/" + signedDoc.getVersion() + "/" + signedDoc.getProfile() + " profile: " + str + " signer: " + (x509Certificate != null ? SignedDoc.getCommonName(x509Certificate.getSubjectDN().getName()) : "unknown") + " id " + str2);
        }
        if (strArr != null && strArr.length > 1) {
            m_logger.error("Currently supports no more than 1 ClaimedRole");
            throw new DigiDocException(15, "Currently supports no more than 1 ClaimedRole", null);
        }
        if (x509Certificate == null) {
            m_logger.error("Signers certificate missing during signature preparation!");
            throw new DigiDocException(39, "Signers certificate missing during signature preparation!", null);
        }
        if (ConfigManager.instance().getBooleanProperty("KEY_USAGE_CHECK", true) && !ConfigManager.isSignatureKey(x509Certificate)) {
            if (m_logger.isDebugEnabled()) {
                m_logger.debug("Signers cert does not have non-repudiation bit set!");
            }
            throw new DigiDocException(162, "Signers cert does not have non-repudiation bit set!", null);
        }
        Signature signature = new Signature(signedDoc);
        signature.setId(str2 != null ? str2 : signedDoc.getNewSignatureId());
        if (str != null) {
            signature.setProfile(str);
            if (signedDoc.getProfile() == null || signedDoc.getProfile().equals(SignedDoc.BDOC_PROFILE_BES)) {
                signedDoc.setProfile(str);
            }
        } else {
            signature.setProfile(signedDoc.getProfile());
        }
        SignedInfo signedInfo = new SignedInfo(signature, str3 != null ? str3 : SignedDoc.RSA_SHA1_SIGNATURE_METHOD, SignedDoc.CANONICALIZATION_METHOD_20010315);
        if (signedDoc.getFormat().equals(SignedDoc.FORMAT_BDOC) && signedDoc.getVersion().equals(SignedDoc.BDOC_VERSION_2_1)) {
            signedInfo.setCanonicalizationMethod(SignedDoc.CANONICALIZATION_METHOD_1_1);
            signedDoc.setDefaultNsPref(SignedDoc.FORMAT_BDOC);
        }
        if (m_logger.isDebugEnabled()) {
            m_logger.debug("Signer: " + x509Certificate.getSubjectDN().getName() + " EC key: " + isEcPubKey(x509Certificate) + " pre-2011: " + isPre2011IdCard(x509Certificate) + " digi-id: " + isDigiIdCard(x509Certificate) + " 2011: " + is2011Card(x509Certificate));
        }
        if (str3 == null && signedDoc.getFormat().equals(SignedDoc.FORMAT_BDOC)) {
            if (isPre2011IdCard(x509Certificate)) {
                if (m_logger.isDebugEnabled()) {
                    m_logger.debug("Generating rsa-sha224 signature for pre-2011 card");
                }
                signedInfo.setSignatureMethod(SignedDoc.RSA_SHA224_SIGNATURE_METHOD);
            } else {
                String stringProperty = ConfigManager.instance().getStringProperty("DIGIDOC_DIGEST_TYPE", SignedDoc.SHA256_DIGEST_TYPE);
                String digType2SigMeth = ConfigManager.digType2SigMeth(stringProperty, isEcPubKey(x509Certificate));
                if (m_logger.isDebugEnabled()) {
                    m_logger.debug("Generating digest: " + stringProperty + " and signature: " + digType2SigMeth);
                }
                if (digType2SigMeth == null) {
                    throw new DigiDocException(20, "Invalid digest type: " + stringProperty, null);
                }
                signedInfo.setSignatureMethod(digType2SigMeth);
            }
        }
        if (signedDoc.getFormat().equals(SignedDoc.FORMAT_BDOC)) {
            signedInfo.setId(signature.getId() + "-SignedInfo");
        }
        SignedDataObjectProperties signedDataObjectProperties = new SignedDataObjectProperties();
        for (int i = 0; i < signedDoc.countDataFiles(); i++) {
            DataFile dataFile = signedDoc.getDataFile(i);
            if (!dataFile.isDigestsCalculated()) {
                dataFile.calculateFileSizeAndDigest(null);
            }
            if (m_logger.isDebugEnabled()) {
                m_logger.debug("Add ref for df: " + dataFile.getId());
            }
            Reference reference = new Reference(signedInfo, dataFile, str4);
            if (signedDoc.getFormat().equals(SignedDoc.FORMAT_BDOC)) {
                reference.setId(signature.getId() + "-ref-" + i);
            }
            signedInfo.addReference(reference);
            if (signedDoc.getFormat().equals(SignedDoc.FORMAT_BDOC) && signedDoc.getVersion().equals(SignedDoc.BDOC_VERSION_2_1)) {
                DataObjectFormat dataObjectFormat = new DataObjectFormat("#" + reference.getId());
                dataObjectFormat.setMimeType(dataFile.getMimeType());
                signedDataObjectProperties.addDataObjectFormat(dataObjectFormat);
            }
        }
        KeyInfo keyInfo = new KeyInfo(x509Certificate);
        if (signedDoc.getFormat().equals(SignedDoc.FORMAT_BDOC)) {
            keyInfo.setId(signature.getId() + "-KeyInfo");
        }
        signature.setKeyInfo(keyInfo);
        keyInfo.setSignature(signature);
        registerCert(x509Certificate, 1, null, signature);
        if (m_logger.isDebugEnabled()) {
            m_logger.debug("Signer cert: " + x509Certificate.getSubjectDN().getName());
        }
        if (signedDoc.getFormat().equals(SignedDoc.FORMAT_BDOC) && (findCaForCert = ConfigManager.instance().getTslFactory().findCaForCert(x509Certificate, true, null)) != null) {
            registerCert(findCaForCert, 4, signature.getId() + "-CA_CERT" + signature.countCertValues(), signature);
        }
        SignedProperties signedProperties = new SignedProperties(signature, x509Certificate, strArr, signatureProductionPlace);
        signature.setSignedProperties(signedProperties);
        if (signedDoc.getFormat().equals(SignedDoc.FORMAT_BDOC) && signedDoc.getVersion().equals(SignedDoc.BDOC_VERSION_2_1) && (signature.getProfile().equals(SignedDoc.BDOC_PROFILE_TM) || signature.getProfile().equals(SignedDoc.BDOC_PROFILE_BES) || signature.getProfile().equals(SignedDoc.BDOC_PROFILE_CL) || signature.getProfile().equals(SignedDoc.BDOC_PROFILE_TMA))) {
            signedProperties.setSignedDataObjectProperties(signedDataObjectProperties);
            Identifier identifier = new Identifier(Identifier.OIDAsURN);
            SignaturePolicyId signaturePolicyId = new SignaturePolicyId(new ObjectIdentifier(identifier));
            signaturePolicyId.setDigestAlgorithm("http://www.w3.org/2001/04/xmlenc#sha256");
            if (signedDoc.getVersion().equals(SignedDoc.BDOC_VERSION_2_1)) {
                identifier.setUri(BDOC_210_OID);
                signaturePolicyId.setDigestValue(ConvertUtils.hex2bin(BDOC_210_DIGEST_HEX));
                signaturePolicyId.addSigPolicyQualifier(new SpUri(BDOC_210_SPURI));
            }
            signedProperties.setSignaturePolicyIdentifier(new SignaturePolicyIdentifier(signaturePolicyId));
        } else {
            signedProperties.setSignaturePolicyIdentifier(new SignaturePolicyIdentifier(null));
        }
        Reference reference2 = new Reference(signedInfo, signedProperties, str4);
        if (signedDoc.getFormat().equals(SignedDoc.FORMAT_BDOC)) {
            reference2.setId(signature.getId() + "-ref-sp");
        }
        reference2.setType(SignedDoc.SIGNEDPROPERTIES_TYPE);
        signedInfo.addReference(reference2);
        signature.setSignedInfo(signedInfo);
        signedDoc.addSignature(signature);
        if (m_logger.isDebugEnabled()) {
            m_logger.debug("Prepared signature: " + signature.getId() + "/" + signature.getProfile());
        }
        return signature;
    }

    public static Signature finalizeXadesBES(Signature signature, byte[] bArr) throws DigiDocException {
        if (m_logger.isDebugEnabled()) {
            m_logger.debug("Finalize XAdES-BES sigval: " + (bArr != null ? bArr.length : 0) + " bytes");
        }
        if (bArr != null) {
            signature.setSignatureValue(bArr);
        }
        return signature;
    }

    public static Signature finalizeXadesT(SignedDoc signedDoc, Signature signature) throws DigiDocException {
        if (m_logger.isDebugEnabled()) {
            m_logger.debug("Finalize XAdES-T: " + signature.getId() + " profile: " + signature.getProfile());
        }
        signature.setUnsignedProperties(new UnsignedProperties(signature));
        if (signedDoc.getFormat().equals(SignedDoc.FORMAT_BDOC)) {
            DigiDocXmlGenFactory digiDocXmlGenFactory = new DigiDocXmlGenFactory(signedDoc);
            TimestampFactory timestampFactory = ConfigManager.instance().getTimestampFactory();
            StringBuffer stringBuffer = new StringBuffer();
            String property = ConfigManager.instance().getProperty("DIGIDOC_TSA_URL");
            digiDocXmlGenFactory.signatureValue2xml(stringBuffer, signature.getSignatureValue(), true);
            String trim = stringBuffer.toString().trim();
            byte[] digestOfType = SignedDoc.digestOfType(trim.getBytes(), signedDoc.getFormat().equals(SignedDoc.FORMAT_BDOC) ? SignedDoc.SHA256_DIGEST_TYPE : SignedDoc.SHA1_DIGEST_TYPE);
            if (m_logger.isDebugEnabled()) {
                m_logger.debug("Get sig-val-ts for: " + Base64Util.encode(digestOfType) + " uri: " + property + " DATA:\n---\n" + trim + "\n---\n");
            }
            TimeStampResponse requestTimestamp = timestampFactory.requestTimestamp(TSPAlgorithms.SHA1.getId(), digestOfType, property);
            if (requestTimestamp != null) {
                TimestampInfo timestampInfo = new TimestampInfo(signature.getId() + "-T0", signature, 3, digestOfType, requestTimestamp);
                timestampInfo.addIncludeInfo(new IncludeInfo("#" + signature.getId() + "-SIG"));
                signature.addTimestampInfo(timestampInfo);
                try {
                    if (m_logger.isDebugEnabled()) {
                        m_logger.debug("Timestamp: " + Base64Util.encode(requestTimestamp.getEncoded()));
                    }
                } catch (Exception e) {
                }
                signature.setProfile(SignedDoc.BDOC_PROFILE_T);
                try {
                    SignedDoc.readCertificate(new File("/Users/veiko/workspace/jdigidoc/trunk/iaik-tsa.crt"));
                } catch (Exception e2) {
                    m_logger.error("Error ts: " + e2);
                }
            }
        }
        return signature;
    }

    public static Signature finalizeXadesC(SignedDoc signedDoc, Signature signature) throws DigiDocException {
        if (m_logger.isDebugEnabled()) {
            m_logger.debug("Finalize XAdES-C: " + signature.getId() + " profile: " + signature.getProfile());
        }
        CompleteRevocationRefs completeRevocationRefs = new CompleteRevocationRefs();
        CompleteCertificateRefs completeCertificateRefs = new CompleteCertificateRefs();
        UnsignedProperties unsignedProperties = signature.getUnsignedProperties();
        if (unsignedProperties == null) {
            unsignedProperties = new UnsignedProperties(signature);
            signature.setUnsignedProperties(unsignedProperties);
        }
        unsignedProperties.setCompleteCertificateRefs(completeCertificateRefs);
        unsignedProperties.setCompleteRevocationRefs(completeRevocationRefs);
        completeRevocationRefs.setUnsignedProperties(unsignedProperties);
        completeCertificateRefs.setUnsignedProperties(unsignedProperties);
        signature.setUnsignedProperties(unsignedProperties);
        signature.setProfile(SignedDoc.BDOC_PROFILE_CL);
        return signature;
    }

    public static String getUserInfo(String str, String str2) {
        StringBuffer stringBuffer = null;
        try {
            stringBuffer = new StringBuffer("LIB ");
            stringBuffer.append("JDigiDoc");
            stringBuffer.append("/");
            stringBuffer.append("${env.JDD_VERSION}");
            if (str != null && str2 != null) {
                stringBuffer.append(" format: ");
                stringBuffer.append(str);
                stringBuffer.append("/");
                stringBuffer.append(str2);
            }
            stringBuffer.append(" Java: ");
            stringBuffer.append(System.getProperty("java.version"));
            stringBuffer.append("/");
            stringBuffer.append(System.getProperty("java.vendor"));
            stringBuffer.append(" OS: ");
            stringBuffer.append(System.getProperty("os.name"));
            stringBuffer.append("/");
            stringBuffer.append(System.getProperty("os.arch"));
            stringBuffer.append("/");
            stringBuffer.append(System.getProperty("os.version"));
            stringBuffer.append(" JVM: ");
            stringBuffer.append(System.getProperty("java.vm.name"));
            stringBuffer.append("/");
            stringBuffer.append(System.getProperty("java.vm.vendor"));
            stringBuffer.append("/");
            stringBuffer.append(System.getProperty("java.vm.version"));
        } catch (Throwable th) {
            m_logger.error("Error reading java system properties: " + th);
        }
        if (stringBuffer != null) {
            return stringBuffer.toString();
        }
        return null;
    }

    public static Signature finalizeXadesXL_TM(SignedDoc signedDoc, Signature signature) throws DigiDocException {
        if (m_logger.isDebugEnabled()) {
            m_logger.debug("Finalize XAdES-TM: " + signature.getId() + " profile: " + signature.getProfile());
        }
        NotaryFactory notaryFactory = ConfigManager.instance().getNotaryFactory();
        X509Certificate signersCertificate = signature.getKeyInfo().getSignersCertificate();
        TrustServiceFactory tslFactory = ConfigManager.instance().getTslFactory();
        String findOcspUrlForCert = tslFactory.findOcspUrlForCert(signersCertificate, 0, true);
        if (findOcspUrlForCert == null) {
            findOcspUrlForCert = ConfigManager.instance().getProperty("DIGIDOC_OCSP_RESPONDER_URL");
        }
        X509Certificate findCaForCert = tslFactory.findCaForCert(signersCertificate, true, null);
        if (m_logger.isDebugEnabled()) {
            m_logger.debug("Get confirmation for cert: " + (signersCertificate != null ? ConvertUtils.getCommonName(signersCertificate.getSubjectDN().getName()) : "NULL") + " CA: " + (findCaForCert != null ? ConvertUtils.getCommonName(findCaForCert.getSubjectDN().getName()) : "NULL") + " URL: " + (findOcspUrlForCert != null ? findOcspUrlForCert : "NONE"));
        }
        Notary confirmation = notaryFactory.getConfirmation(signature, signersCertificate, findCaForCert, null, findOcspUrlForCert);
        if (m_logger.isDebugEnabled()) {
            m_logger.debug("Resp-id: " + (confirmation != null ? confirmation.getResponderId() : "NULL"));
        }
        String str = null;
        if (confirmation != null) {
            str = ConvertUtils.getCommonName(confirmation.getResponderId());
        }
        X509Certificate x509Certificate = null;
        if (confirmation != null) {
            x509Certificate = notaryFactory.getNotaryCert(str, confirmation.getCertNr());
        }
        if (m_logger.isDebugEnabled()) {
            m_logger.debug("Find responder cert by: " + str + " and nr: " + (confirmation != null ? confirmation.getCertNr() : "NULL") + " found: " + (x509Certificate != null ? "OK" : "NO") + " format: " + signedDoc.getFormat());
        }
        if (signedDoc.getFormat().equals(SignedDoc.FORMAT_BDOC) && x509Certificate != null) {
            X509Certificate findCaForCert2 = tslFactory.findCaForCert(x509Certificate, true, null);
            if (m_logger.isDebugEnabled()) {
                m_logger.debug("Register responders CA: " + (findCaForCert2 != null ? findCaForCert2.getSubjectDN().getName() : "NULL"));
            }
            if (findCaForCert2 != null) {
                registerCert(findCaForCert2, 5, confirmation.getId() + "-CA_CERT" + signature.countCertValues(), signature);
            } else {
                m_logger.error("Responder ca not found for resp-id: " + str);
            }
        }
        signature.getUnsignedProperties().getCompleteRevocationRefs().addOcspRef(new OcspRef("#" + confirmation.getId(), confirmation.getResponderId(), confirmation.getProducedAt(), signedDoc.getFormat().equals(SignedDoc.FORMAT_BDOC) ? "http://www.w3.org/2001/04/xmlenc#sha256" : SignedDoc.SHA1_DIGEST_ALGORITHM, SignedDoc.digestOfType(confirmation.getOcspResponseData(), signedDoc.getFormat().equals(SignedDoc.FORMAT_BDOC) ? SignedDoc.SHA256_DIGEST_TYPE : SignedDoc.SHA1_DIGEST_TYPE)));
        signature.setProfile(SignedDoc.BDOC_PROFILE_TM);
        if (signedDoc.getFormat().equals(SignedDoc.FORMAT_BDOC) && signature.getPath() != null) {
            if (m_logger.isDebugEnabled()) {
                m_logger.debug("Find signature: " + signature.getPath());
            }
            ManifestFileEntry findManifestEntryByPath = signedDoc.findManifestEntryByPath(signature.getPath());
            if (findManifestEntryByPath != null) {
                findManifestEntryByPath.setMediaType(SignedDoc.MIME_SIGNATURE_BDOC_ + signedDoc.getVersion() + "/" + signature.getProfile());
                if (m_logger.isDebugEnabled()) {
                    m_logger.debug("Change signature: " + signature.getPath() + " type: " + findManifestEntryByPath.getMediaType());
                }
            }
        }
        return signature;
    }

    public static Signature finalizeXadesXL_TS(SignedDoc signedDoc, Signature signature) throws DigiDocException {
        if (m_logger.isDebugEnabled()) {
            m_logger.debug("Finalize XAdES-TS: " + signature.getId() + " profile: " + signature.getProfile());
        }
        if (signedDoc.getFormat().equals(SignedDoc.FORMAT_BDOC)) {
            new DigiDocXmlGenFactory(signedDoc);
            ConfigManager.instance().getTimestampFactory();
            String stringProperty = ConfigManager.instance().getStringProperty("DIGIDOC_TSA_CRT", null);
            if (stringProperty != null) {
                if (m_logger.isDebugEnabled()) {
                    m_logger.debug("TSA cert: " + stringProperty);
                }
                X509Certificate readCertificate = SignedDoc.readCertificate(stringProperty);
                if (readCertificate != null) {
                    if (m_logger.isDebugEnabled()) {
                        m_logger.debug("Add tsa cert: " + readCertificate.getSubjectDN().getName());
                    }
                    registerCert(readCertificate, 3, signature.getId() + "-TSA", signature);
                }
            }
            signature.setProfile(SignedDoc.BDOC_PROFILE_TS);
        }
        return signature;
    }

    public static Signature finalizeSignature(SignedDoc signedDoc, Signature signature, byte[] bArr, String str) throws DigiDocException {
        String str2 = str;
        if (str2 == null) {
            str2 = signedDoc.getProfile();
        }
        if (m_logger.isDebugEnabled()) {
            m_logger.debug("Finalize sig: " + signature.getId() + " profile: " + str2 + " sdoc: " + signedDoc.getFormat() + "/" + signedDoc.getVersion());
        }
        finalizeXadesBES(signature, bArr);
        if (str2 != null) {
            if (str2.equals(SignedDoc.BDOC_PROFILE_T) || str2.equals(SignedDoc.BDOC_PROFILE_CL) || str2.equals(SignedDoc.BDOC_PROFILE_TS)) {
                finalizeXadesT(signedDoc, signature);
            }
            if (str2.equals(SignedDoc.BDOC_PROFILE_CL) || str2.equals(SignedDoc.BDOC_PROFILE_TM) || str2.equals(SignedDoc.BDOC_PROFILE_TS)) {
                finalizeXadesC(signedDoc, signature);
            }
            if (str2.equals(SignedDoc.BDOC_PROFILE_TM)) {
                finalizeXadesXL_TM(signedDoc, signature);
            }
            if (str2.equals(SignedDoc.BDOC_PROFILE_TS)) {
                finalizeXadesXL_TS(signedDoc, signature);
            }
        }
        return signature;
    }
}
