package eu.europa.esig.dss.xades.signature;

import eu.europa.esig.dss.enumerations.TimestampedObjectType;
import eu.europa.esig.dss.exception.IllegalInputException;
import eu.europa.esig.dss.model.DSSDocument;
import eu.europa.esig.dss.model.InMemoryDocument;
import eu.europa.esig.dss.utils.Utils;
import eu.europa.esig.dss.validation.AdvancedSignature;
import eu.europa.esig.dss.validation.CertificateVerifier;
import eu.europa.esig.dss.xades.DSSXMLUtils;
import eu.europa.esig.dss.xades.reference.CanonicalizationTransform;
import eu.europa.esig.dss.xades.reference.DSSReference;
import eu.europa.esig.dss.xades.reference.ReferenceIdProvider;
import eu.europa.esig.dss.xades.validation.XAdESSignature;
import eu.europa.esig.dss.xades.validation.XMLDocumentValidator;
import eu.europa.esig.dss.xml.utils.DomUtils;
import eu.europa.esig.dss.xml.utils.XMLCanonicalizer;
import eu.europa.esig.xmldsig.definition.XMLDSigAttribute;
import eu.europa.esig.xmldsig.definition.XMLDSigElement;
import eu.europa.esig.xmldsig.definition.XMLDSigPath;
import java.util.Collections;
import java.util.Iterator;
import java.util.Objects;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;

/* loaded from: input_file:eu/europa/esig/dss/xades/signature/CounterSignatureBuilder.class */
public class CounterSignatureBuilder extends ExtensionBuilder {
    private static final Logger LOG = LoggerFactory.getLogger(CounterSignatureBuilder.class);
    private static final String COUNTER_SIGNATURE_PREFIX = "CS-";

    /* JADX INFO: Access modifiers changed from: protected */
    public CounterSignatureBuilder(CertificateVerifier certificateVerifier) {
        super(certificateVerifier);
    }

    public DSSDocument getCanonicalizedSignatureValue(DSSDocument dSSDocument, XAdESCounterSignatureParameters xAdESCounterSignatureParameters) {
        this.params = xAdESCounterSignatureParameters;
        this.documentValidator = new XMLDocumentValidator(dSSDocument);
        this.documentDom = this.documentValidator.getRootElement();
        this.xadesSignature = extractSignatureById(xAdESCounterSignatureParameters);
        byte[] canonicalize = XMLCanonicalizer.createInstance(xAdESCounterSignatureParameters.getCounterSignatureCanonicalizationMethod()).canonicalize(getSignatureValueElement(this.xadesSignature));
        if (LOG.isTraceEnabled()) {
            LOG.trace("Canonicalized SignatureValue:");
            LOG.trace(new String(canonicalize));
        }
        return new InMemoryDocument(canonicalize);
    }

    public DSSReference buildCounterSignatureDSSReference(DSSDocument dSSDocument, XAdESCounterSignatureParameters xAdESCounterSignatureParameters) {
        this.documentValidator = new XMLDocumentValidator(dSSDocument);
        this.documentDom = this.documentValidator.getRootElement();
        this.xadesSignature = extractSignatureById(xAdESCounterSignatureParameters);
        initializeSignatureBuilder(this.xadesSignature);
        DSSReference dSSReference = new DSSReference();
        ReferenceIdProvider referenceIdProvider = new ReferenceIdProvider();
        referenceIdProvider.setSignatureParameters(xAdESCounterSignatureParameters);
        dSSReference.setId(referenceIdProvider.getReferenceId());
        dSSReference.setContents(new InMemoryDocument(DomUtils.serializeNode(this.xadesSignature.getSignatureElement())));
        dSSReference.setDigestMethodAlgorithm(DSSXMLUtils.getReferenceDigestAlgorithmOrDefault(xAdESCounterSignatureParameters));
        dSSReference.setType(this.xadesPath.getCounterSignatureUri());
        String signatureValueId = this.xadesSignature.getSignatureValueId();
        if (!Utils.isStringNotEmpty(signatureValueId)) {
            throw new IllegalInputException(String.format("The signature with Id '%s' does not have an Id for a SignatureValue element! Unable to counter sign.", xAdESCounterSignatureParameters.getSignatureIdToCounterSign()));
        }
        dSSReference.setUri(DomUtils.toElementReference(signatureValueId));
        dSSReference.setTransforms(Collections.singletonList(new CanonicalizationTransform(xAdESCounterSignatureParameters.getCounterSignatureCanonicalizationMethod())));
        return dSSReference;
    }

    public DSSDocument buildEmbeddedCounterSignature(DSSDocument dSSDocument, DSSDocument dSSDocument2, XAdESCounterSignatureParameters xAdESCounterSignatureParameters) {
        this.params = xAdESCounterSignatureParameters;
        this.documentValidator = new XMLDocumentValidator(dSSDocument);
        this.documentDom = this.documentValidator.getRootElement();
        this.xadesSignature = extractSignatureById(xAdESCounterSignatureParameters);
        initializeSignatureBuilder(this.xadesSignature);
        Element element = (Element) this.unsignedSignaturePropertiesDom.cloneNode(true);
        incorporateCounterSignature(dSSDocument2);
        this.unsignedSignaturePropertiesDom = indentIfPrettyPrint(this.unsignedSignaturePropertiesDom, element);
        return createXmlDocument();
    }

    private void incorporateCounterSignature(DSSDocument dSSDocument) {
        NodeList elementsByTagNameNS = DomUtils.buildDOM(dSSDocument).getElementsByTagNameNS("http://www.w3.org/2000/09/xmldsig#", XMLDSigElement.SIGNATURE.getTagName());
        if (elementsByTagNameNS.getLength() != 1) {
            throw new IllegalInputException(String.format("The counterSignature document shall have one counter signature, when %s signatures found!", Integer.valueOf(elementsByTagNameNS.getLength())));
        }
        Node importNode = this.documentDom.importNode((Element) elementsByTagNameNS.item(0), true);
        Element addElement = DomUtils.addElement(this.documentDom, this.unsignedSignaturePropertiesDom, getXadesNamespace(), getCurrentXAdESElements().getElementCounterSignature());
        addElement.setAttribute(XMLDSigAttribute.ID.getAttributeName(), COUNTER_SIGNATURE_PREFIX + this.params.getDeterministicId());
        addElement.appendChild(importNode);
    }

    private XAdESSignature extractSignatureById(XAdESCounterSignatureParameters xAdESCounterSignatureParameters) {
        Objects.requireNonNull(xAdESCounterSignatureParameters.getSignatureIdToCounterSign(), "The Id of a signature to be counter signed shall be defined! Please use SerializableCounterSignatureParameters.setSignatureIdToCounterSign(signatureId) method.");
        Iterator it = this.documentValidator.getSignatures().iterator();
        while (it.hasNext()) {
            XAdESSignature signatureOrItsCounterSignatureById = getSignatureOrItsCounterSignatureById((XAdESSignature) ((AdvancedSignature) it.next()), xAdESCounterSignatureParameters.getSignatureIdToCounterSign());
            if (signatureOrItsCounterSignatureById != null) {
                return signatureOrItsCounterSignatureById;
            }
        }
        throw new IllegalArgumentException(String.format("A signature with Id '%s' has not been found in the file! Unable to counter sign.", xAdESCounterSignatureParameters.getSignatureIdToCounterSign()));
    }

    private XAdESSignature getSignatureOrItsCounterSignatureById(XAdESSignature xAdESSignature, String str) {
        if (str.equals(xAdESSignature.getDAIdentifier()) || str.equals(xAdESSignature.getId())) {
            return xAdESSignature;
        }
        Iterator<AdvancedSignature> it = xAdESSignature.getCounterSignatures().iterator();
        while (it.hasNext()) {
            XAdESSignature signatureOrItsCounterSignatureById = getSignatureOrItsCounterSignatureById((XAdESSignature) it.next(), str);
            if (signatureOrItsCounterSignatureById != null) {
                if (xAdESSignature.m51getTimestampSource().isTimestamped(str, TimestampedObjectType.SIGNATURE)) {
                    throw new IllegalInputException(String.format("Unable to counter sign a signature with Id '%s'. The signature is timestamped by a master signature!", str));
                }
                return signatureOrItsCounterSignatureById;
            }
        }
        return null;
    }

    private Element getSignatureValueElement(XAdESSignature xAdESSignature) {
        Element element = DomUtils.getElement(xAdESSignature.getSignatureElement(), XMLDSigPath.SIGNATURE_VALUE_PATH);
        if (element != null) {
            return element;
        }
        throw new IllegalInputException(String.format("Unable to counter sign a signature with Id '%s'. The SignatureValue element is not found!", xAdESSignature.getDAIdentifier()));
    }
}
