package no.difi.asic;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.util.GregorianCalendar;
import java.util.Iterator;
import javax.xml.bind.JAXBContext;
import javax.xml.bind.JAXBException;
import javax.xml.bind.Marshaller;
import javax.xml.datatype.DatatypeConfigurationException;
import javax.xml.datatype.DatatypeFactory;
import org.apache.commons.codec.digest.DigestUtils;
import org.etsi.uri._01903.v1_3.CertIDType;
import org.etsi.uri._01903.v1_3.DataObjectFormat;
import org.etsi.uri._01903.v1_3.DigestAlgAndValueType;
import org.etsi.uri._01903.v1_3.QualifyingProperties;
import org.etsi.uri._01903.v1_3.SignedDataObjectProperties;
import org.etsi.uri._01903.v1_3.SignedProperties;
import org.etsi.uri._01903.v1_3.SignedSignatureProperties;
import org.etsi.uri._01903.v1_3.SigningCertificate;
import org.etsi.uri._02918.v1_2.XAdESSignatures;
import org.w3._2000._09.xmldsig_.CanonicalizationMethod;
import org.w3._2000._09.xmldsig_.DigestMethod;
import org.w3._2000._09.xmldsig_.KeyInfo;
import org.w3._2000._09.xmldsig_.Object;
import org.w3._2000._09.xmldsig_.ObjectFactory;
import org.w3._2000._09.xmldsig_.Reference;
import org.w3._2000._09.xmldsig_.Signature;
import org.w3._2000._09.xmldsig_.SignatureValue;
import org.w3._2000._09.xmldsig_.SignedInfo;
import org.w3._2000._09.xmldsig_.Transform;
import org.w3._2000._09.xmldsig_.Transforms;
import org.w3._2000._09.xmldsig_.X509Data;
import org.w3._2000._09.xmldsig_.X509IssuerSerialType;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:no/difi/asic/XadesAsicManifest.class */
public class XadesAsicManifest extends AbstractAsicManifest {
    private static JAXBContext jaxbContext;
    private SignedInfo signedInfo;
    private SignedDataObjectProperties signedDataObjectProperties;

    public XadesAsicManifest(MessageDigestAlgorithm messageDigestAlgorithm) {
        super(messageDigestAlgorithm);
        this.signedDataObjectProperties = new SignedDataObjectProperties();
        this.signedInfo = new SignedInfo();
        CanonicalizationMethod canonicalizationMethod = new CanonicalizationMethod();
        canonicalizationMethod.setAlgorithm("http://www.w3.org/2006/12/xml-c14n11");
        this.signedInfo.setCanonicalizationMethod(canonicalizationMethod);
        org.w3._2000._09.xmldsig_.SignatureMethod signatureMethod = new org.w3._2000._09.xmldsig_.SignatureMethod();
        signatureMethod.setAlgorithm(messageDigestAlgorithm.getUri());
        this.signedInfo.setSignatureMethod(signatureMethod);
    }

    @Override // no.difi.asic.AbstractAsicManifest
    public void add(String str, MimeType mimeType) {
        String format = String.format("ID_%s", Integer.valueOf(this.signedInfo.getReferences().size()));
        Reference reference = new Reference();
        reference.setId(format);
        reference.setURI(str);
        reference.setDigestValue(this.messageDigest.digest());
        DigestMethod digestMethod = new DigestMethod();
        digestMethod.setAlgorithm(this.messageDigestAlgorithm.getUri());
        reference.setDigestMethod(digestMethod);
        this.signedInfo.getReferences().add(reference);
        DataObjectFormat dataObjectFormat = new DataObjectFormat();
        dataObjectFormat.setObjectReference(String.format("#%s", format));
        dataObjectFormat.setMimeType(mimeType.toString());
        this.signedDataObjectProperties.getDataObjectFormats().add(dataObjectFormat);
    }

    XAdESSignatures getCreateXAdESSignatures(SignatureHelper signatureHelper) {
        XAdESSignatures xAdESSignatures = new XAdESSignatures();
        Signature signature = new Signature();
        signature.setId("Signature");
        signature.setSignedInfo(this.signedInfo);
        xAdESSignatures.getSignatures().add(signature);
        KeyInfo keyInfo = new KeyInfo();
        keyInfo.getContent().add(getX509Data(signatureHelper));
        signature.setKeyInfo(keyInfo);
        Object object = new Object();
        object.getContent().add(getQualifyingProperties(signatureHelper));
        signature.getObjects().add(object);
        signature.setSignatureValue(getSignature());
        return xAdESSignatures;
    }

    public byte[] toBytes(SignatureHelper signatureHelper) {
        try {
            Marshaller createMarshaller = jaxbContext.createMarshaller();
            createMarshaller.setProperty("jaxb.formatted.output", Boolean.TRUE);
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            createMarshaller.marshal(getCreateXAdESSignatures(signatureHelper), byteArrayOutputStream);
            return byteArrayOutputStream.toByteArray();
        } catch (JAXBException e) {
            throw new IllegalStateException("Unable to marshall the XAdESSignature into string output", e);
        }
    }

    private X509Data getX509Data(SignatureHelper signatureHelper) {
        ObjectFactory objectFactory = new ObjectFactory();
        X509Data x509Data = new X509Data();
        for (Certificate certificate : signatureHelper.getCertificateChain()) {
            try {
                x509Data.getX509IssuerSerialsAndX509SKISAndX509SubjectNames().add(objectFactory.createX509DataX509Certificate(certificate.getEncoded()));
            } catch (CertificateEncodingException e) {
                throw new IllegalStateException("Unable to insert certificate.", e);
            }
        }
        return x509Data;
    }

    private QualifyingProperties getQualifyingProperties(SignatureHelper signatureHelper) {
        SignedSignatureProperties signedSignatureProperties = new SignedSignatureProperties();
        try {
            signedSignatureProperties.setSigningTime(DatatypeFactory.newInstance().newXMLGregorianCalendar(new GregorianCalendar()));
            SigningCertificate signingCertificate = new SigningCertificate();
            signedSignatureProperties.setSigningCertificate(signingCertificate);
            CertIDType certIDType = new CertIDType();
            signingCertificate.getCerts().add(certIDType);
            try {
                DigestAlgAndValueType digestAlgAndValueType = new DigestAlgAndValueType();
                digestAlgAndValueType.setDigestValue(DigestUtils.sha1(signatureHelper.getX509Certificate().getEncoded()));
                certIDType.setCertDigest(digestAlgAndValueType);
                DigestMethod digestMethod = new DigestMethod();
                digestMethod.setAlgorithm("http://www.w3.org/2000/09/xmldsig#sha1");
                digestAlgAndValueType.setDigestMethod(digestMethod);
                X509IssuerSerialType x509IssuerSerialType = new X509IssuerSerialType();
                x509IssuerSerialType.setX509IssuerName(signatureHelper.getX509Certificate().getIssuerX500Principal().getName());
                x509IssuerSerialType.setX509SerialNumber(signatureHelper.getX509Certificate().getSerialNumber());
                certIDType.setIssuerSerial(x509IssuerSerialType);
                SignedProperties signedProperties = new SignedProperties();
                signedProperties.setId("SignedProperties");
                signedProperties.setSignedSignatureProperties(signedSignatureProperties);
                signedProperties.setSignedDataObjectProperties(this.signedDataObjectProperties);
                QualifyingProperties qualifyingProperties = new QualifyingProperties();
                qualifyingProperties.setSignedProperties(signedProperties);
                qualifyingProperties.setTarget("#Signature");
                Reference reference = new Reference();
                reference.setType("http://uri.etsi.org/01903#SignedProperties");
                reference.setURI("#SignedProperties");
                reference.setTransforms(new Transforms());
                Transform transform = new Transform();
                transform.setAlgorithm("http://www.w3.org/TR/2001/REC-xml-c14n-20010315");
                reference.getTransforms().getTransforms().add(transform);
                DigestMethod digestMethod2 = new DigestMethod();
                digestMethod2.setAlgorithm(this.messageDigestAlgorithm.getUri());
                reference.setDigestMethod(digestMethod2);
                this.signedInfo.getReferences().add(reference);
                return qualifyingProperties;
            } catch (CertificateEncodingException e) {
                throw new IllegalStateException("Unable to encode certificate.", e);
            }
        } catch (DatatypeConfigurationException e2) {
            throw new IllegalStateException("Unable to use current DatatypeFactory", e2);
        }
    }

    protected SignatureValue getSignature() {
        return new SignatureValue();
    }

    public static void extractAndVerify(String str, ManifestVerifier manifestVerifier) {
        try {
            Iterator<Signature> it = ((XAdESSignatures) jaxbContext.createUnmarshaller().unmarshal(new ByteArrayInputStream(str.replace("http://uri.etsi.org/02918/v1.1.1#", "http://uri.etsi.org/02918/v1.2.1#").replace("http://uri.etsi.org/2918/v1.2.1#", "http://uri.etsi.org/02918/v1.2.1#").replaceAll("http://www.w3.org/2000/09/xmldsig#sha", "http://www.w3.org/2001/04/xmlenc#sha").getBytes()))).getSignatures().iterator();
            while (it.hasNext()) {
                for (Reference reference : it.next().getSignedInfo().getReferences()) {
                    if (!reference.getURI().startsWith("#")) {
                        manifestVerifier.update(reference.getURI(), null, reference.getDigestValue(), reference.getDigestMethod().getAlgorithm(), null);
                    }
                }
            }
        } catch (Exception e) {
            throw new IllegalStateException("Unable to read content as XML", e);
        }
    }

    static {
        try {
            jaxbContext = JAXBContext.newInstance(new Class[]{XAdESSignatures.class, X509Data.class, QualifyingProperties.class});
        } catch (JAXBException e) {
            throw new IllegalStateException(String.format("Unable to create JAXBContext: %s ", e.getMessage()), e);
        }
    }
}
