package es.gob.afirma.signers.ooxml.be.fedict.eid.applet.service.signer;

import com.sun.org.apache.xpath.internal.XPathAPI;
import es.gob.afirma.core.misc.Base64;
import es.gob.afirma.core.signers.AOSignConstants;
import es.gob.afirma.signers.ooxml.be.fedict.eid.applet.service.spi.DigestInfo;
import es.gob.afirma.signers.ooxml.be.fedict.eid.applet.service.spi.SignatureService;
import es.gob.afirma.signers.xml.XMLConstants;
import es.gob.afirma.ui.principal.MainOptionsPane;
import es.gob.afirma.ui.utils.Constants;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.MalformedURLException;
import java.security.InvalidAlgorithmParameterException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.UUID;
import java.util.logging.Logger;
import javax.xml.crypto.MarshalException;
import javax.xml.crypto.URIDereferencer;
import javax.xml.crypto.dom.DOMCryptoContext;
import javax.xml.crypto.dsig.Manifest;
import javax.xml.crypto.dsig.Reference;
import javax.xml.crypto.dsig.XMLObject;
import javax.xml.crypto.dsig.XMLSignatureException;
import javax.xml.crypto.dsig.XMLSignatureFactory;
import javax.xml.crypto.dsig.dom.DOMSignContext;
import javax.xml.crypto.dsig.keyinfo.KeyInfoFactory;
import javax.xml.crypto.dsig.spec.C14NMethodParameterSpec;
import javax.xml.crypto.dsig.spec.DigestMethodParameterSpec;
import javax.xml.crypto.dsig.spec.SignatureMethodParameterSpec;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.transform.Transformer;
import javax.xml.transform.TransformerException;
import javax.xml.transform.TransformerFactory;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
import net.java.xades.security.xml.XAdES.XMLAdvancedSignature;
import org.apache.commons.io.FilenameUtils;
import org.jcp.xml.dsig.internal.dom.DOMReference;
import org.jcp.xml.dsig.internal.dom.DOMSignedInfo;
import org.jcp.xml.dsig.internal.dom.DOMXMLSignature;
import org.jcp.xml.dsig.internal.dom.XMLDSigRI;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.xml.sax.InputSource;
import org.xml.sax.SAXException;

/* loaded from: input_file:es/gob/afirma/signers/ooxml/be/fedict/eid/applet/service/signer/AbstractXmlSignatureService.class */
public abstract class AbstractXmlSignatureService implements SignatureService {
    private final List<SignatureFacet> signatureFacets = new LinkedList();

    /* JADX INFO: Access modifiers changed from: protected */
    public final void addSignatureFacet(SignatureFacet signatureFacet) {
        this.signatureFacets.add(signatureFacet);
    }

    protected String getSignatureDigestAlgorithm() {
        return "SHA1";
    }

    private static Document getEnvelopingDocument() {
        return null;
    }

    protected URIDereferencer getURIDereferencer() {
        return null;
    }

    protected String getSignatureDescription() {
        return "XML Document";
    }

    @Override // es.gob.afirma.signers.ooxml.be.fedict.eid.applet.service.spi.SignatureService
    public byte[] preSign(List<DigestInfo> list, List<X509Certificate> list2, PrivateKey privateKey) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException, ParserConfigurationException, MarshalException, XMLSignatureException, TransformerException, IOException, SAXException {
        return getSignedXML(getSignatureDigestAlgorithm(), list, list2, privateKey);
    }

    @Override // es.gob.afirma.signers.ooxml.be.fedict.eid.applet.service.spi.SignatureService
    public byte[] postSign(byte[] bArr, List<X509Certificate> list, String str, byte[] bArr2) throws ParserConfigurationException, SAXException, IOException, TransformerException {
        Document loadDocument = loadDocument(new ByteArrayInputStream(bArr));
        Element createElement = loadDocument.createElement("ns");
        createElement.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:ds", XMLConstants.DSIGNNS);
        Element element = (Element) XPathAPI.selectSingleNode(loadDocument, "//ds:Signature[@Id='" + str + "']", createElement);
        if (null == element) {
            throw new IllegalArgumentException("ds:Signature not found for @Id: " + str);
        }
        ((Element) element.getElementsByTagNameNS(XMLConstants.DSIGNNS, XMLAdvancedSignature.ELEMENT_SIGNATURE_VALUE).item(0)).setTextContent(Base64.encode(bArr2));
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        writeDocument(loadDocument, byteArrayOutputStream);
        return byteArrayOutputStream.toByteArray();
    }

    protected String getCanonicalizationMethod() {
        return "http://www.w3.org/2001/10/xml-exc-c14n#";
    }

    /* JADX WARN: Multi-variable type inference failed */
    private byte[] getSignedXML(String str, List<DigestInfo> list, List<X509Certificate> list2, PrivateKey privateKey) throws ParserConfigurationException, NoSuchAlgorithmException, InvalidAlgorithmParameterException, MarshalException, XMLSignatureException, TransformerException, IOException, SAXException {
        Document envelopingDocument = getEnvelopingDocument();
        if (null == envelopingDocument) {
            DocumentBuilderFactory newInstance = DocumentBuilderFactory.newInstance();
            newInstance.setNamespaceAware(true);
            envelopingDocument = newInstance.newDocumentBuilder().newDocument();
        }
        DOMCryptoContext dOMSignContext = new DOMSignContext(privateKey, envelopingDocument);
        URIDereferencer uRIDereferencer = getURIDereferencer();
        if (null != uRIDereferencer) {
            dOMSignContext.setURIDereferencer(uRIDereferencer);
        }
        XMLSignatureFactory xMLSignatureFactory = XMLSignatureFactory.getInstance("DOM", new XMLDSigRI());
        List<Reference> linkedList = new LinkedList<>();
        addDigestInfosAsReferences(list, xMLSignatureFactory, linkedList);
        String str2 = "xmldsig-" + UUID.randomUUID().toString();
        List<XMLObject> linkedList2 = new LinkedList<>();
        Iterator<SignatureFacet> it = this.signatureFacets.iterator();
        while (it.hasNext()) {
            it.next().preSign(xMLSignatureFactory, envelopingDocument, str2, list2, linkedList, linkedList2);
        }
        DOMSignedInfo newSignedInfo = xMLSignatureFactory.newSignedInfo(xMLSignatureFactory.newCanonicalizationMethod(getCanonicalizationMethod(), (C14NMethodParameterSpec) null), xMLSignatureFactory.newSignatureMethod(getSignatureMethod(str), (SignatureMethodParameterSpec) null), linkedList);
        KeyInfoFactory keyInfoFactory = xMLSignatureFactory.getKeyInfoFactory();
        ArrayList arrayList = new ArrayList();
        arrayList.add(list2.get(0));
        ArrayList arrayList2 = new ArrayList();
        try {
            arrayList2.add(keyInfoFactory.newKeyValue(list2.get(0).getPublicKey()));
        } catch (Exception e) {
            Logger.getLogger(Constants.OUR_NODE_NAME).severe("Error creando el KeyInfo, la informacion puede resultar incompleta: " + e);
        }
        arrayList2.add(keyInfoFactory.newX509Data(arrayList));
        DOMXMLSignature newXMLSignature = xMLSignatureFactory.newXMLSignature(newSignedInfo, keyInfoFactory.newKeyInfo(arrayList2), linkedList2, str2, str2 + "-signature-value");
        Element documentElement = envelopingDocument.getDocumentElement();
        if (null == documentElement) {
            documentElement = envelopingDocument;
        }
        newXMLSignature.marshal(documentElement, (String) null, dOMSignContext);
        Iterator<XMLObject> it2 = linkedList2.iterator();
        while (it2.hasNext()) {
            for (Manifest manifest : it2.next().getContent()) {
                if (manifest instanceof Manifest) {
                    for (DOMReference dOMReference : manifest.getReferences()) {
                        if (null == dOMReference.getDigestValue()) {
                            dOMReference.digest(dOMSignContext);
                        }
                    }
                }
            }
        }
        for (DOMReference dOMReference2 : newSignedInfo.getReferences()) {
            if (null == dOMReference2.getDigestValue()) {
                dOMReference2.digest(dOMSignContext);
            }
        }
        DOMSignedInfo dOMSignedInfo = newSignedInfo;
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        dOMSignedInfo.canonicalize(dOMSignContext, byteArrayOutputStream);
        byte[] byteArray = byteArrayOutputStream.toByteArray();
        Signature signature = Signature.getInstance(str + "withRSA");
        try {
            signature.initSign(privateKey);
            signature.update(byteArray);
            byte[] sign = signature.sign();
            ByteArrayOutputStream byteArrayOutputStream2 = new ByteArrayOutputStream();
            writeDocument(envelopingDocument, byteArrayOutputStream2);
            return postSign(byteArrayOutputStream2.toByteArray(), list2, str2, sign);
        } catch (Exception e2) {
            throw new XMLSignatureException("Error en la firma PKCS#1 ('" + str + "withRSA): " + e2);
        }
    }

    private static void addDigestInfosAsReferences(List<DigestInfo> list, XMLSignatureFactory xMLSignatureFactory, List<Reference> list2) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException, MalformedURLException {
        if (null == list) {
            return;
        }
        for (DigestInfo digestInfo : list) {
            list2.add(xMLSignatureFactory.newReference(FilenameUtils.getName(new File(digestInfo.getDescription()).toURI().toURL().getFile()), xMLSignatureFactory.newDigestMethod(getXmlDigestAlgo(digestInfo.getDigestAlgo()), (DigestMethodParameterSpec) null), (List) null, (String) null, (String) null, digestInfo.getDigestValue()));
        }
    }

    private static String getXmlDigestAlgo(String str) {
        if ("SHA1".equals(str) || "SHA-1".equals(str) || "SHA".equals(str)) {
            return MainOptionsPane.DEFAULT_POLICY_HASH_ALGORITHM;
        }
        if ("SHA-256".equals(str) || "SHA256".equals(str)) {
            return "http://www.w3.org/2001/04/xmlenc#sha256";
        }
        if ("SHA-512".equals(str) || "SHA512".equals(str)) {
            return "http://www.w3.org/2001/04/xmlenc#sha512";
        }
        throw new IllegalArgumentException("unsupported digest algo: " + str);
    }

    private static String getSignatureMethod(String str) {
        if (null == str) {
            throw new IllegalArgumentException("digest algo is null");
        }
        if ("SHA1".equals(AOSignConstants.getDigestAlgorithmName(str))) {
            return "http://www.w3.org/2000/09/xmldsig#rsa-sha1";
        }
        if ("SHA-256".equals(AOSignConstants.getDigestAlgorithmName(str))) {
            return "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256";
        }
        if ("SHA-512".equals(AOSignConstants.getDigestAlgorithmName(str))) {
            return "http://www.w3.org/2001/04/xmldsig-more#rsa-sha512";
        }
        if ("SHA-384".equals(AOSignConstants.getDigestAlgorithmName(str))) {
            return "http://www.w3.org/2001/04/xmldsig-more#rsa-sha384";
        }
        if ("RIPEMD160".equals(AOSignConstants.getDigestAlgorithmName(str))) {
            return "http://www.w3.org/2001/04/xmldsig-more#rsa-ripemd160";
        }
        throw new IllegalArgumentException("unsupported sign algo: " + str);
    }

    private static void writeDocument(Document document, OutputStream outputStream) throws TransformerException, IOException {
        writeDocumentNoClosing(document, outputStream);
        outputStream.close();
    }

    private static void writeDocumentNoClosing(Document document, OutputStream outputStream) throws TransformerException {
        writeDocumentNoClosing(document, outputStream, false);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void writeDocumentNoClosing(Document document, OutputStream outputStream, boolean z) throws TransformerException {
        StreamResult streamResult = new StreamResult(new NoCloseOutputStream(outputStream));
        Transformer newTransformer = TransformerFactory.newInstance().newTransformer();
        if (z) {
            newTransformer.setOutputProperty("omit-xml-declaration", "yes");
        }
        newTransformer.transform(new DOMSource(document), streamResult);
    }

    private static Document loadDocument(InputStream inputStream) throws ParserConfigurationException, SAXException, IOException {
        DocumentBuilderFactory newInstance = DocumentBuilderFactory.newInstance();
        newInstance.setNamespaceAware(true);
        return newInstance.newDocumentBuilder().parse(new InputSource(inputStream));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static Document loadDocumentNoClose(InputStream inputStream) throws ParserConfigurationException, SAXException, IOException {
        DocumentBuilderFactory newInstance = DocumentBuilderFactory.newInstance();
        newInstance.setNamespaceAware(true);
        return newInstance.newDocumentBuilder().parse(new InputSource(new NoCloseInputStream(inputStream)));
    }
}
