package xades4j.production;

import com.google.inject.Inject;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.UUID;
import org.apache.xml.security.exceptions.XMLSecurityException;
import org.apache.xml.security.signature.ObjectContainer;
import org.apache.xml.security.signature.Reference;
import org.apache.xml.security.signature.XMLSignature;
import org.apache.xml.security.signature.XMLSignatureException;
import org.apache.xml.security.utils.ElementProxy;
import org.apache.xml.security.utils.XMLUtils;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import xades4j.UnsupportedAlgorithmException;
import xades4j.XAdES4jException;
import xades4j.XAdES4jXMLSigException;
import xades4j.algorithms.Algorithm;
import xades4j.production.XadesSigner;
import xades4j.properties.DataObjectDesc;
import xades4j.properties.QualifyingProperties;
import xades4j.properties.QualifyingProperty;
import xades4j.properties.SignedSignatureProperty;
import xades4j.properties.SigningCertificateProperty;
import xades4j.properties.UnsignedSignatureProperty;
import xades4j.providers.AlgorithmsProviderEx;
import xades4j.providers.BasicSignatureOptionsProvider;
import xades4j.providers.DataObjectPropertiesProvider;
import xades4j.providers.KeyingDataProvider;
import xades4j.providers.SignaturePropertiesProvider;
import xades4j.providers.SigningCertChainException;
import xades4j.utils.CanonicalizerUtils;
import xades4j.utils.DOMHelper;
import xades4j.utils.ObjectUtils;
import xades4j.utils.StringUtils;
import xades4j.utils.TransformUtils;
import xades4j.xml.marshalling.SignedPropertiesMarshaller;
import xades4j.xml.marshalling.UnsignedPropertiesMarshaller;
import xades4j.xml.marshalling.algorithms.AlgorithmsParametersMarshallingProvider;

/* loaded from: input_file:xades4j/production/SignerBES.class */
class SignerBES implements XadesSigner {
    private final KeyingDataProvider keyingProvider;
    private final AlgorithmsProviderEx algorithmsProvider;
    private final SignedDataObjectsProcessor dataObjectDescsProcessor;
    private final PropertiesDataObjectsGenerator propsDataObjectsGenerator;
    private final SignedPropertiesMarshaller signedPropsMarshaller;
    private final UnsignedPropertiesMarshaller unsignedPropsMarshaller;
    private final AlgorithmsParametersMarshallingProvider algorithmsParametersMarshaller;
    private final KeyInfoBuilder keyInfoBuilder;
    private final QualifyingPropertiesProcessor qualifPropsProcessor;

    /* JADX INFO: Access modifiers changed from: protected */
    @Inject
    public SignerBES(KeyingDataProvider keyingDataProvider, AlgorithmsProviderEx algorithmsProviderEx, BasicSignatureOptionsProvider basicSignatureOptionsProvider, SignedDataObjectsProcessor signedDataObjectsProcessor, SignaturePropertiesProvider signaturePropertiesProvider, DataObjectPropertiesProvider dataObjectPropertiesProvider, PropertiesDataObjectsGenerator propertiesDataObjectsGenerator, SignedPropertiesMarshaller signedPropertiesMarshaller, UnsignedPropertiesMarshaller unsignedPropertiesMarshaller, AlgorithmsParametersMarshallingProvider algorithmsParametersMarshallingProvider) {
        if (ObjectUtils.anyNull(keyingDataProvider, algorithmsProviderEx, signaturePropertiesProvider, dataObjectPropertiesProvider, propertiesDataObjectsGenerator, signedPropertiesMarshaller, unsignedPropertiesMarshaller, algorithmsParametersMarshallingProvider)) {
            throw new NullPointerException("One or more arguments are null");
        }
        this.keyingProvider = keyingDataProvider;
        this.algorithmsProvider = algorithmsProviderEx;
        this.propsDataObjectsGenerator = propertiesDataObjectsGenerator;
        this.signedPropsMarshaller = signedPropertiesMarshaller;
        this.unsignedPropsMarshaller = unsignedPropertiesMarshaller;
        this.algorithmsParametersMarshaller = algorithmsParametersMarshallingProvider;
        this.dataObjectDescsProcessor = signedDataObjectsProcessor;
        this.keyInfoBuilder = new KeyInfoBuilder(basicSignatureOptionsProvider, algorithmsProviderEx, algorithmsParametersMarshallingProvider);
        this.qualifPropsProcessor = new QualifyingPropertiesProcessor(signaturePropertiesProvider, dataObjectPropertiesProvider);
    }

    @Override // xades4j.production.XadesSigner
    public final XadesSignatureResult sign(SignedDataObjects signedDataObjects, Node node) throws XAdES4jException {
        return sign(signedDataObjects, node, SignatureAppendingStrategies.AsLastChild);
    }

    @Override // xades4j.production.XadesSigner
    public final XadesSignatureResult sign(SignedDataObjects signedDataObjects, Node node, XadesSigner.SignatureAppendingStrategy signatureAppendingStrategy) throws XAdES4jException {
        if (null == node) {
            throw new NullPointerException("Reference node node cannot be null");
        }
        if (null == signedDataObjects) {
            throw new NullPointerException("References cannot be null");
        }
        if (signedDataObjects.isEmpty()) {
            throw new IllegalArgumentException("Data objects list is empty");
        }
        Document ownerDocument = DOMHelper.getOwnerDocument(node);
        String format = String.format("xmldsig-%s", UUID.randomUUID());
        String format2 = String.format("%s-signedprops", format);
        List<X509Certificate> signingCertificateChain = this.keyingProvider.getSigningCertificateChain();
        if (null == signingCertificateChain || signingCertificateChain.isEmpty()) {
            throw new SigningCertChainException("Signing certificate not provided");
        }
        X509Certificate x509Certificate = signingCertificateChain.get(0);
        XMLSignature createSignature = createSignature(ownerDocument, signedDataObjects.getBaseUri(), x509Certificate.getPublicKey().getAlgorithm());
        createSignature.setId(format);
        Map<DataObjectDesc, Reference> process = this.dataObjectDescsProcessor.process(signedDataObjects, createSignature);
        this.keyInfoBuilder.buildKeyInfo(x509Certificate, createSignature);
        Element createElementForFamily = ElementProxy.createElementForFamily(createSignature.getDocument(), QualifyingProperty.XADES_XMLNS, QualifyingProperty.QUALIFYING_PROPS_TAG);
        createElementForFamily.setAttributeNS(null, QualifyingProperty.TARGET_ATTR, '#' + format);
        createElementForFamily.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:xades141", QualifyingProperty.XADESV141_XMLNS);
        ObjectContainer objectContainer = new ObjectContainer(createSignature.getDocument());
        objectContainer.appendChild(createElementForFamily);
        try {
            createSignature.appendObject(objectContainer);
            ArrayList arrayList = new ArrayList(2);
            ArrayList arrayList2 = new ArrayList(2);
            getFormatSpecificSignatureProperties(arrayList, arrayList2, signingCertificateChain);
            QualifyingProperties qualifyingProperties = this.qualifPropsProcessor.getQualifyingProperties(signedDataObjects, arrayList, arrayList2);
            try {
                signatureAppendingStrategy.append(createSignature.getElement(), node);
                PropertiesDataGenerationContext propertiesDataGenerationContext = new PropertiesDataGenerationContext(signedDataObjects.getDataObjectsDescs(), process, ownerDocument);
                this.signedPropsMarshaller.marshal(this.propsDataObjectsGenerator.generateSignedPropertiesData(qualifyingProperties.getSignedProperties(), propertiesDataGenerationContext), createElementForFamily);
                DOMHelper.setIdAsXmlId(DOMHelper.getFirstChildElement(createElementForFamily), format2);
                String digestAlgorithmForDataObjsReferences = this.algorithmsProvider.getDigestAlgorithmForDataObjsReferences();
                if (StringUtils.isNullOrEmptyString(digestAlgorithmForDataObjsReferences)) {
                    throw new NullPointerException("Digest algorithm URI not provided");
                }
                Algorithm canonicalizationAlgorithmForSignature = this.algorithmsProvider.getCanonicalizationAlgorithmForSignature();
                try {
                    CanonicalizerUtils.checkC14NAlgorithm(canonicalizationAlgorithmForSignature);
                    createSignature.addDocument('#' + format2, TransformUtils.createTransforms(canonicalizationAlgorithmForSignature, this.algorithmsParametersMarshaller, ownerDocument), digestAlgorithmForDataObjsReferences, (String) null, QualifyingProperty.SIGNED_PROPS_TYPE_URI);
                    try {
                        createSignature.sign(this.keyingProvider.getSigningKey(x509Certificate));
                        DOMHelper.setIdAsXmlId(DOMHelper.getFirstDescendant(createSignature.getElement(), "http://www.w3.org/2000/09/xmldsig#", "SignatureValue"), String.format("%s-sigvalue", format));
                        propertiesDataGenerationContext.setTargetXmlSignature(createSignature);
                        this.unsignedPropsMarshaller.marshal(this.propsDataObjectsGenerator.generateUnsignedPropertiesData(qualifyingProperties.getUnsignedProperties(), propertiesDataGenerationContext), createElementForFamily);
                        return new XadesSignatureResult(createSignature, qualifyingProperties);
                    } catch (XMLSignatureException e) {
                        throw new XAdES4jXMLSigException(e.getMessage(), e);
                    }
                } catch (XMLSignatureException e2) {
                    throw new UnsupportedAlgorithmException("Digest algorithm not supported in the XML Signature provider", digestAlgorithmForDataObjsReferences, e2);
                }
            } catch (XAdES4jException e3) {
                signatureAppendingStrategy.revert(createSignature.getElement(), node);
                throw e3;
            }
        } catch (XMLSignatureException e4) {
            throw new IllegalStateException((Throwable) e4);
        }
    }

    private XMLSignature createSignature(Document document, String str, String str2) throws XAdES4jXMLSigException, UnsupportedAlgorithmException {
        Algorithm signatureAlgorithm = this.algorithmsProvider.getSignatureAlgorithm(str2);
        if (null == signatureAlgorithm) {
            throw new NullPointerException("Signature algorithm not provided");
        }
        Element createElementForAlgorithm = createElementForAlgorithm(signatureAlgorithm, "SignatureMethod", document);
        Algorithm canonicalizationAlgorithmForSignature = this.algorithmsProvider.getCanonicalizationAlgorithmForSignature();
        if (null == canonicalizationAlgorithmForSignature) {
            throw new NullPointerException("Canonicalization algorithm not provided");
        }
        try {
            return new XMLSignature(document, str, createElementForAlgorithm, createElementForAlgorithm(canonicalizationAlgorithmForSignature, "CanonicalizationMethod", document));
        } catch (XMLSecurityException e) {
            throw new XAdES4jXMLSigException(e.getMessage(), e);
        }
    }

    private Element createElementForAlgorithm(Algorithm algorithm, String str, Document document) throws UnsupportedAlgorithmException {
        Element createElementInSignatureSpace = XMLUtils.createElementInSignatureSpace(document, str);
        createElementInSignatureSpace.setAttributeNS(null, "Algorithm", algorithm.getUri());
        List<Node> marshalParameters = this.algorithmsParametersMarshaller.marshalParameters(algorithm, document);
        if (marshalParameters != null) {
            Iterator<Node> it = marshalParameters.iterator();
            while (it.hasNext()) {
                createElementInSignatureSpace.appendChild(it.next());
            }
        }
        return createElementInSignatureSpace;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void getFormatSpecificSignatureProperties(Collection<SignedSignatureProperty> collection, Collection<UnsignedSignatureProperty> collection2, List<X509Certificate> list) throws XAdES4jException {
        collection.add(new SigningCertificateProperty(list));
    }

    static {
        Init.initXMLSec();
    }
}
