package eu.europa.esig.dss.xades.signature;

import eu.europa.esig.dss.DSSDocument;
import eu.europa.esig.dss.DSSException;
import eu.europa.esig.dss.DSSUtils;
import eu.europa.esig.dss.DigestAlgorithm;
import eu.europa.esig.dss.DomUtils;
import eu.europa.esig.dss.InMemoryDocument;
import eu.europa.esig.dss.MimeType;
import eu.europa.esig.dss.SignatureLevel;
import eu.europa.esig.dss.SignaturePackaging;
import eu.europa.esig.dss.TimestampParameters;
import eu.europa.esig.dss.XAdESNamespaces;
import eu.europa.esig.dss.signature.SignatureExtension;
import eu.europa.esig.dss.utils.Utils;
import eu.europa.esig.dss.validation.CertificateVerifier;
import eu.europa.esig.dss.validation.ValidationContext;
import eu.europa.esig.dss.x509.CertificatePool;
import eu.europa.esig.dss.x509.CertificateToken;
import eu.europa.esig.dss.x509.TimestampType;
import eu.europa.esig.dss.x509.tsp.TSPSource;
import eu.europa.esig.dss.xades.DSSXMLUtils;
import eu.europa.esig.dss.xades.ProfileParameters;
import eu.europa.esig.dss.xades.XAdESSignatureParameters;
import eu.europa.esig.dss.xades.validation.XAdESSignature;
import java.io.IOException;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import java.util.UUID;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Element;
import org.w3c.dom.NodeList;

/* loaded from: input_file:eu/europa/esig/dss/xades/signature/XAdESLevelBaselineT.class */
public class XAdESLevelBaselineT extends ExtensionBuilder implements SignatureExtension<XAdESSignatureParameters> {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) XAdESLevelBaselineT.class);
    protected TSPSource tspSource;

    public XAdESLevelBaselineT(CertificateVerifier certificateVerifier) {
        super(certificateVerifier);
    }

    private void incorporateC14nMethod(Element element, String str) {
        Element createElementNS = this.documentDom.createElementNS("http://www.w3.org/2000/09/xmldsig#", XAdESBuilder.DS_CANONICALIZATION_METHOD);
        createElementNS.setAttribute("Algorithm", str);
        element.appendChild(createElementNS);
    }

    @Override // eu.europa.esig.dss.signature.SignatureExtension
    public InMemoryDocument extendSignatures(DSSDocument dSSDocument, XAdESSignatureParameters xAdESSignatureParameters) throws DSSException {
        if (dSSDocument == null) {
            throw new NullPointerException();
        }
        if (this.tspSource == null) {
            throw new NullPointerException();
        }
        this.params = xAdESSignatureParameters;
        ProfileParameters context = xAdESSignatureParameters.getContext();
        if (LOG.isInfoEnabled()) {
            LOG.info("====> Extending: " + (dSSDocument.getName() == null ? "IN MEMORY DOCUMENT" : dSSDocument.getName()));
        }
        this.documentDom = DomUtils.buildDOM(dSSDocument);
        NodeList elementsByTagNameNS = this.documentDom.getElementsByTagNameNS("http://www.w3.org/2000/09/xmldsig#", "Signature");
        if (elementsByTagNameNS.getLength() == 0) {
            throw new DSSException("There is no signature to extend!");
        }
        String str = null;
        SignaturePackaging signaturePackaging = xAdESSignatureParameters.getSignaturePackaging();
        if (ProfileParameters.Operation.SIGNING.equals(context.getOperationKind()) && SignaturePackaging.ENVELOPED.equals(signaturePackaging)) {
            str = xAdESSignatureParameters.getDeterministicId();
        }
        for (int i = 0; i < elementsByTagNameNS.getLength(); i++) {
            this.currentSignatureDom = (Element) elementsByTagNameNS.item(i);
            String attribute = this.currentSignatureDom.getAttribute("Id");
            if (str == null || str.equals(attribute)) {
                this.xadesSignature = new XAdESSignature(this.currentSignatureDom, new CertificatePool());
                this.xadesSignature.setDetachedContents(xAdESSignatureParameters.getDetachedContents());
                extendSignatureTag();
            }
        }
        InMemoryDocument inMemoryDocument = new InMemoryDocument(DSSXMLUtils.serializeNode(this.documentDom));
        inMemoryDocument.setMimeType(MimeType.XML);
        return inMemoryDocument;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void extendSignatureTag() throws DSSException {
        assertExtendSignaturePossible();
        ensureUnsignedProperties();
        ensureUnsignedSignatureProperties();
        ensureSignedDataObjectProperties();
        if (!this.xadesSignature.hasTProfile() || SignatureLevel.XAdES_BASELINE_T.equals(this.params.getSignatureLevel())) {
            TimestampParameters signatureTimestampParameters = this.params.getSignatureTimestampParameters();
            String canonicalizationMethod = signatureTimestampParameters.getCanonicalizationMethod();
            createXAdESTimeStampType(TimestampType.SIGNATURE_TIMESTAMP, canonicalizationMethod, DSSUtils.digest(signatureTimestampParameters.getDigestAlgorithm(), this.xadesSignature.getSignatureTimestampData(null, canonicalizationMethod)));
        }
    }

    private void assertExtendSignaturePossible() throws DSSException {
        if (SignatureLevel.XAdES_BASELINE_T.equals(this.params.getSignatureLevel())) {
            if (this.xadesSignature.hasLTProfile() || this.xadesSignature.hasLTAProfile()) {
                throw new DSSException(String.format("Cannot extend signature. The signedData is already extended with [%s].", "XAdES LT"));
            }
        }
    }

    public void setTspSource(TSPSource tSPSource) {
        this.tspSource = tSPSource;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void incorporateCertificateValues(Element element, List<CertificateToken> list) {
        if (list.isEmpty()) {
            return;
        }
        Element addElement = DomUtils.addElement(this.documentDom, element, XAdESNamespaces.XAdES, XAdESBuilder.XADES_CERTIFICATE_VALUES);
        CertificatePool certificatePool = getCertificatePool();
        boolean isTrustAnchorBPPolicy = this.params.bLevel().isTrustAnchorBPPolicy();
        boolean z = false;
        for (CertificateToken certificateToken : list) {
            if (isTrustAnchorBPPolicy && certificatePool != null && certificatePool.get(certificateToken.getSubjectX500Principal()).size() > 0) {
                z = true;
            }
            DomUtils.addTextElement(this.documentDom, addElement, XAdESNamespaces.XAdES, XAdESBuilder.XADES_ENCAPSULATED_X509_CERTIFICATE, Utils.toBase64(certificateToken.getEncoded()));
        }
        if (!isTrustAnchorBPPolicy || z) {
            return;
        }
        LOG.warn("The trust anchor is missing but its inclusion is required by the signature policy!");
    }

    public Set<CertificateToken> getCertificatesForInclusion(ValidationContext validationContext) {
        HashSet hashSet = new HashSet();
        List<CertificateToken> certificates = this.xadesSignature.getCertificates();
        for (CertificateToken certificateToken : validationContext.getProcessedCertificates()) {
            if (!certificates.contains(certificateToken)) {
                hashSet.add(certificateToken);
            }
        }
        return hashSet;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void createXAdESTimeStampType(TimestampType timestampType, String str, byte[] bArr) throws DSSException {
        try {
            Element element = null;
            DigestAlgorithm digestAlgorithm = this.params.getSignatureTimestampParameters().getDigestAlgorithm();
            switch (timestampType) {
                case SIGNATURE_TIMESTAMP:
                    element = DomUtils.addElement(this.documentDom, this.unsignedSignaturePropertiesDom, XAdESNamespaces.XAdES, XAdESBuilder.XADES_SIGNATURE_TIME_STAMP);
                    break;
                case VALIDATION_DATA_REFSONLY_TIMESTAMP:
                    break;
                case VALIDATION_DATA_TIMESTAMP:
                    if (this.params.isEn319132() && !SignatureLevel.XAdES_X.equals(this.params.getSignatureLevel())) {
                        element = DomUtils.addElement(this.documentDom, this.unsignedSignaturePropertiesDom, XAdESNamespaces.XAdES, XAdESBuilder.XADES_SIG_AND_REFS_TIME_STAMP_V2);
                        break;
                    } else {
                        element = DomUtils.addElement(this.documentDom, this.unsignedSignaturePropertiesDom, XAdESNamespaces.XAdES, XAdESBuilder.XADES_SIG_AND_REFS_TIME_STAMP);
                        break;
                    }
                case ARCHIVE_TIMESTAMP:
                    element = DomUtils.addElement(this.documentDom, this.unsignedSignaturePropertiesDom, XAdESNamespaces.XAdES141, XAdESBuilder.XADES141_ARCHIVE_TIME_STAMP);
                    digestAlgorithm = this.params.getArchiveTimestampParameters().getDigestAlgorithm();
                    break;
                case ALL_DATA_OBJECTS_TIMESTAMP:
                    element = DomUtils.addElement(this.documentDom, this.signedDataObjectPropertiesDom, XAdESNamespaces.XAdES, XAdESBuilder.XADES_ALL_DATA_OBJECTS_TIME_STAMP);
                    break;
                case INDIVIDUAL_DATA_OBJECTS_TIMESTAMP:
                    element = DomUtils.addElement(this.documentDom, this.signedDataObjectPropertiesDom, XAdESNamespaces.XAdES, XAdESBuilder.XADES_INDIVIDUAL_DATA_OBJECTS_TIME_STAMP);
                    break;
                default:
                    LOG.error("Unsupported timestamp type : " + timestampType);
                    break;
            }
            if (LOG.isDebugEnabled()) {
                LOG.debug("Timestamp generation: " + digestAlgorithm.getName() + " / " + str + " / " + Utils.toBase64(bArr));
            }
            String base64 = Utils.toBase64(this.tspSource.getTimeStampResponse(digestAlgorithm, bArr).getEncoded());
            String uuid = UUID.randomUUID().toString();
            element.setAttribute("Id", "TS-" + uuid);
            incorporateC14nMethod(element, str);
            Element addElement = DomUtils.addElement(this.documentDom, element, XAdESNamespaces.XAdES, XAdESBuilder.XADES_ENCAPSULATED_TIME_STAMP);
            addElement.setAttribute("Id", "ETS-" + uuid);
            DomUtils.setTextNode(this.documentDom, addElement, base64);
        } catch (IOException e) {
            throw new DSSException("Error during the creation of the XAdES timestamp!", e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public List<CertificateToken> getToIncludeCertificateTokens(ValidationContext validationContext) {
        Set<CertificateToken> processedCertificates = validationContext.getProcessedCertificates();
        List<CertificateToken> keyInfoCertificates = this.xadesSignature.getKeyInfoCertificates();
        ArrayList arrayList = new ArrayList();
        for (CertificateToken certificateToken : processedCertificates) {
            if (!keyInfoCertificates.contains(certificateToken)) {
                arrayList.add(certificateToken);
            }
        }
        return arrayList;
    }
}
