package no.difi.asic;

import com.google.common.hash.Hashing;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.util.GregorianCalendar;
import java.util.Iterator;
import javax.xml.bind.JAXBContext;
import javax.xml.bind.JAXBElement;
import javax.xml.bind.JAXBException;
import javax.xml.bind.Marshaller;
import javax.xml.datatype.DatatypeConfigurationException;
import javax.xml.datatype.DatatypeFactory;
import javax.xml.transform.stream.StreamSource;
import no.difi.commons.asic.jaxb.cades.XAdESSignaturesType;
import no.difi.commons.asic.jaxb.xades.CertIDListType;
import no.difi.commons.asic.jaxb.xades.CertIDType;
import no.difi.commons.asic.jaxb.xades.DataObjectFormatType;
import no.difi.commons.asic.jaxb.xades.DigestAlgAndValueType;
import no.difi.commons.asic.jaxb.xades.ObjectFactory;
import no.difi.commons.asic.jaxb.xades.QualifyingPropertiesType;
import no.difi.commons.asic.jaxb.xades.SignedDataObjectPropertiesType;
import no.difi.commons.asic.jaxb.xades.SignedPropertiesType;
import no.difi.commons.asic.jaxb.xades.SignedSignaturePropertiesType;
import no.difi.commons.asic.jaxb.xmldsig.CanonicalizationMethodType;
import no.difi.commons.asic.jaxb.xmldsig.DigestMethodType;
import no.difi.commons.asic.jaxb.xmldsig.KeyInfoType;
import no.difi.commons.asic.jaxb.xmldsig.ObjectType;
import no.difi.commons.asic.jaxb.xmldsig.ReferenceType;
import no.difi.commons.asic.jaxb.xmldsig.SignatureMethodType;
import no.difi.commons.asic.jaxb.xmldsig.SignatureType;
import no.difi.commons.asic.jaxb.xmldsig.SignatureValueType;
import no.difi.commons.asic.jaxb.xmldsig.SignedInfoType;
import no.difi.commons.asic.jaxb.xmldsig.TransformType;
import no.difi.commons.asic.jaxb.xmldsig.TransformsType;
import no.difi.commons.asic.jaxb.xmldsig.X509DataType;
import no.difi.commons.asic.jaxb.xmldsig.X509IssuerSerialType;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:no/difi/asic/XadesAsicManifest.class */
public class XadesAsicManifest extends AbstractAsicManifest {
    private static JAXBContext jaxbContext;
    private static ObjectFactory objectFactory1_2 = new ObjectFactory();
    private static no.difi.commons.asic.jaxb.cades.ObjectFactory objectFactory1_3 = new no.difi.commons.asic.jaxb.cades.ObjectFactory();
    private SignedInfoType signedInfo;
    private SignedDataObjectPropertiesType signedDataObjectProperties;

    public XadesAsicManifest(MessageDigestAlgorithm messageDigestAlgorithm) {
        super(messageDigestAlgorithm);
        this.signedDataObjectProperties = new SignedDataObjectPropertiesType();
        this.signedInfo = new SignedInfoType();
        CanonicalizationMethodType canonicalizationMethodType = new CanonicalizationMethodType();
        canonicalizationMethodType.setAlgorithm("http://www.w3.org/2006/12/xml-c14n11");
        this.signedInfo.setCanonicalizationMethod(canonicalizationMethodType);
        SignatureMethodType signatureMethodType = new SignatureMethodType();
        signatureMethodType.setAlgorithm(messageDigestAlgorithm.getUri());
        this.signedInfo.setSignatureMethod(signatureMethodType);
    }

    @Override // no.difi.asic.AbstractAsicManifest
    public void add(String str, MimeType mimeType) {
        String format = String.format("ID_%s", Integer.valueOf(this.signedInfo.getReference().size()));
        ReferenceType referenceType = new ReferenceType();
        referenceType.setId(format);
        referenceType.setURI(str);
        referenceType.setDigestValue(this.messageDigest.digest());
        DigestMethodType digestMethodType = new DigestMethodType();
        digestMethodType.setAlgorithm(this.messageDigestAlgorithm.getUri());
        referenceType.setDigestMethod(digestMethodType);
        this.signedInfo.getReference().add(referenceType);
        DataObjectFormatType dataObjectFormatType = new DataObjectFormatType();
        dataObjectFormatType.setObjectReference(String.format("#%s", format));
        dataObjectFormatType.setMimeType(mimeType.toString());
        this.signedDataObjectProperties.getDataObjectFormat().add(dataObjectFormatType);
    }

    XAdESSignaturesType getCreateXAdESSignatures(SignatureHelper signatureHelper) {
        XAdESSignaturesType xAdESSignaturesType = new XAdESSignaturesType();
        SignatureType signatureType = new SignatureType();
        signatureType.setId("Signature");
        signatureType.setSignedInfo(this.signedInfo);
        xAdESSignaturesType.getSignature().add(signatureType);
        KeyInfoType keyInfoType = new KeyInfoType();
        keyInfoType.getContent().add(getX509Data(signatureHelper));
        signatureType.setKeyInfo(keyInfoType);
        ObjectType objectType = new ObjectType();
        objectType.getContent().add(getQualifyingProperties(signatureHelper));
        signatureType.getObject().add(objectType);
        signatureType.setSignatureValue(getSignature());
        return xAdESSignaturesType;
    }

    public byte[] toBytes(SignatureHelper signatureHelper) {
        try {
            Marshaller createMarshaller = jaxbContext.createMarshaller();
            createMarshaller.setProperty("jaxb.formatted.output", Boolean.TRUE);
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            createMarshaller.marshal(objectFactory1_3.createXAdESSignatures(getCreateXAdESSignatures(signatureHelper)), byteArrayOutputStream);
            return byteArrayOutputStream.toByteArray();
        } catch (JAXBException e) {
            throw new IllegalStateException("Unable to marshall the XAdESSignature into string output", e);
        }
    }

    private JAXBElement<X509DataType> getX509Data(SignatureHelper signatureHelper) {
        no.difi.commons.asic.jaxb.xmldsig.ObjectFactory objectFactory = new no.difi.commons.asic.jaxb.xmldsig.ObjectFactory();
        X509DataType x509DataType = new X509DataType();
        for (Certificate certificate : signatureHelper.getCertificateChain()) {
            try {
                x509DataType.getX509IssuerSerialOrX509SKIOrX509SubjectName().add(objectFactory.createX509DataTypeX509Certificate(certificate.getEncoded()));
            } catch (CertificateEncodingException e) {
                throw new IllegalStateException("Unable to insert certificate.", e);
            }
        }
        return objectFactory.createX509Data(x509DataType);
    }

    private JAXBElement<QualifyingPropertiesType> getQualifyingProperties(SignatureHelper signatureHelper) {
        SignedSignaturePropertiesType signedSignaturePropertiesType = new SignedSignaturePropertiesType();
        try {
            signedSignaturePropertiesType.setSigningTime(DatatypeFactory.newInstance().newXMLGregorianCalendar(new GregorianCalendar()));
            CertIDListType certIDListType = new CertIDListType();
            signedSignaturePropertiesType.setSigningCertificate(certIDListType);
            CertIDType certIDType = new CertIDType();
            certIDListType.getCert().add(certIDType);
            try {
                DigestAlgAndValueType digestAlgAndValueType = new DigestAlgAndValueType();
                digestAlgAndValueType.setDigestValue(Hashing.sha1().hashBytes(signatureHelper.getX509Certificate().getEncoded()).asBytes());
                certIDType.setCertDigest(digestAlgAndValueType);
                DigestMethodType digestMethodType = new DigestMethodType();
                digestMethodType.setAlgorithm("http://www.w3.org/2000/09/xmldsig#sha1");
                digestAlgAndValueType.setDigestMethod(digestMethodType);
                X509IssuerSerialType x509IssuerSerialType = new X509IssuerSerialType();
                x509IssuerSerialType.setX509IssuerName(signatureHelper.getX509Certificate().getIssuerX500Principal().getName());
                x509IssuerSerialType.setX509SerialNumber(signatureHelper.getX509Certificate().getSerialNumber());
                certIDType.setIssuerSerial(x509IssuerSerialType);
                SignedPropertiesType signedPropertiesType = new SignedPropertiesType();
                signedPropertiesType.setId("SignedProperties");
                signedPropertiesType.setSignedSignatureProperties(signedSignaturePropertiesType);
                signedPropertiesType.setSignedDataObjectProperties(this.signedDataObjectProperties);
                QualifyingPropertiesType qualifyingPropertiesType = new QualifyingPropertiesType();
                qualifyingPropertiesType.setTarget("#Signature");
                ReferenceType referenceType = new ReferenceType();
                referenceType.setType("http://uri.etsi.org/01903#SignedProperties");
                referenceType.setURI("#SignedProperties");
                referenceType.setTransforms(new TransformsType());
                TransformType transformType = new TransformType();
                transformType.setAlgorithm("http://www.w3.org/TR/2001/REC-xml-c14n-20010315");
                referenceType.getTransforms().getTransform().add(transformType);
                DigestMethodType digestMethodType2 = new DigestMethodType();
                digestMethodType2.setAlgorithm(this.messageDigestAlgorithm.getUri());
                referenceType.setDigestMethod(digestMethodType2);
                this.signedInfo.getReference().add(referenceType);
                return objectFactory1_2.createQualifyingProperties(qualifyingPropertiesType);
            } catch (CertificateEncodingException e) {
                throw new IllegalStateException("Unable to encode certificate.", e);
            }
        } catch (DatatypeConfigurationException e2) {
            throw new IllegalStateException("Unable to use current DatatypeFactory", e2);
        }
    }

    protected SignatureValueType getSignature() {
        return new SignatureValueType();
    }

    public static void extractAndVerify(String str, ManifestVerifier manifestVerifier) {
        try {
            Iterator<SignatureType> it = ((XAdESSignaturesType) jaxbContext.createUnmarshaller().unmarshal(new StreamSource(new ByteArrayInputStream(str.replace("http://uri.etsi.org/02918/v1.1.1#", "http://uri.etsi.org/02918/v1.2.1#").replace("http://uri.etsi.org/2918/v1.2.1#", "http://uri.etsi.org/02918/v1.2.1#").replaceAll("http://www.w3.org/2000/09/xmldsig#sha", "http://www.w3.org/2001/04/xmlenc#sha").getBytes())), XAdESSignaturesType.class).getValue()).getSignature().iterator();
            while (it.hasNext()) {
                for (ReferenceType referenceType : it.next().getSignedInfo().getReference()) {
                    if (!referenceType.getURI().startsWith("#")) {
                        manifestVerifier.update(referenceType.getURI(), null, referenceType.getDigestValue(), referenceType.getDigestMethod().getAlgorithm(), null);
                    }
                }
            }
        } catch (Exception e) {
            throw new IllegalStateException("Unable to read content as XML", e);
        }
    }

    static {
        try {
            jaxbContext = JAXBContext.newInstance(new Class[]{XAdESSignaturesType.class, X509DataType.class, QualifyingPropertiesType.class});
        } catch (JAXBException e) {
            throw new IllegalStateException(String.format("Unable to create JAXBContext: %s ", e.getMessage()), e);
        }
    }
}
