package xades4j.production;

import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.List;
import org.apache.xml.security.exceptions.XMLSecurityException;
import org.apache.xml.security.keys.content.X509Data;
import org.apache.xml.security.signature.XMLSignature;
import org.apache.xml.security.signature.XMLSignatureException;
import xades4j.UnsupportedAlgorithmException;
import xades4j.algorithms.Algorithm;
import xades4j.providers.AlgorithmsProviderEx;
import xades4j.providers.X500NameStyleProvider;
import xades4j.utils.CanonicalizerUtils;
import xades4j.utils.TransformUtils;
import xades4j.xml.marshalling.algorithms.AlgorithmsParametersMarshallingProvider;

/* loaded from: input_file:xades4j/production/KeyInfoBuilder.class */
class KeyInfoBuilder {
    private final BasicSignatureOptions basicSignatureOptions;
    private final AlgorithmsProviderEx algorithmsProvider;
    private final AlgorithmsParametersMarshallingProvider algorithmsParametersMarshaller;
    private final X500NameStyleProvider x500NameStyleProvider;

    /* JADX INFO: Access modifiers changed from: package-private */
    public KeyInfoBuilder(BasicSignatureOptions basicSignatureOptions, AlgorithmsProviderEx algorithmsProviderEx, AlgorithmsParametersMarshallingProvider algorithmsParametersMarshallingProvider, X500NameStyleProvider x500NameStyleProvider) {
        this.basicSignatureOptions = basicSignatureOptions;
        this.algorithmsProvider = algorithmsProviderEx;
        this.algorithmsParametersMarshaller = algorithmsParametersMarshallingProvider;
        this.x500NameStyleProvider = x500NameStyleProvider;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void buildKeyInfo(List<X509Certificate> list, XMLSignature xMLSignature) throws KeyingDataException, UnsupportedAlgorithmException {
        X509Certificate x509Certificate = list.get(0);
        boolean[] keyUsage = x509Certificate.getKeyUsage();
        if (keyUsage != null && !keyUsage[0] && !keyUsage[1]) {
            throw new SigningCertKeyUsageException(x509Certificate);
        }
        try {
            x509Certificate.checkValidity();
            if (this.basicSignatureOptions.includeSigningCertificate() != SigningCertificateMode.NONE || this.basicSignatureOptions.includeIssuerSerial() || this.basicSignatureOptions.includeSubjectName()) {
                X509Data x509Data = new X509Data(xMLSignature.getDocument());
                xMLSignature.getKeyInfo().add(x509Data);
                if (this.basicSignatureOptions.includeSigningCertificate() != SigningCertificateMode.NONE) {
                    int size = this.basicSignatureOptions.includeSigningCertificate() == SigningCertificateMode.SIGNING_CERTIFICATE ? 1 : list.size();
                    for (int i = 0; i < size; i++) {
                        try {
                            x509Data.addCertificate(list.get(i));
                        } catch (XMLSecurityException e) {
                            throw new KeyingDataException(e.getMessage(), e);
                        }
                    }
                }
                if (this.basicSignatureOptions.includeIssuerSerial()) {
                    x509Data.addIssuerSerial(this.x500NameStyleProvider.toString(x509Certificate.getIssuerX500Principal()), x509Certificate.getSerialNumber());
                }
                if (this.basicSignatureOptions.includeSubjectName()) {
                    x509Data.addSubjectName(this.x500NameStyleProvider.toString(x509Certificate.getSubjectX500Principal()));
                }
            }
            if (this.basicSignatureOptions.includePublicKey()) {
                xMLSignature.addKeyInfo(x509Certificate.getPublicKey());
            }
            if (this.basicSignatureOptions.signKeyInfo()) {
                try {
                    String str = xMLSignature.getId() + "-keyinfo";
                    xMLSignature.getKeyInfo().setId(str);
                    Algorithm canonicalizationAlgorithmForSignature = this.algorithmsProvider.getCanonicalizationAlgorithmForSignature();
                    CanonicalizerUtils.checkC14NAlgorithm(canonicalizationAlgorithmForSignature);
                    xMLSignature.addDocument('#' + str, TransformUtils.createTransforms(canonicalizationAlgorithmForSignature, this.algorithmsParametersMarshaller, xMLSignature.getDocument()), this.algorithmsProvider.getDigestAlgorithmForDataObjsReferences());
                } catch (XMLSignatureException e2) {
                    throw new UnsupportedAlgorithmException("Digest algorithm not supported in the XML Signature provider", this.algorithmsProvider.getDigestAlgorithmForDataObjsReferences(), e2);
                }
            }
        } catch (CertificateException e3) {
            throw new SigningCertValidityException(x509Certificate);
        }
    }
}
