package org.demoiselle.signer.policy.impl.xades.xml.impl;

import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.nio.file.Paths;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.text.SimpleDateFormat;
import java.util.Calendar;
import java.util.Date;
import java.util.HashMap;
import java.util.List;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.transform.TransformerException;
import javax.xml.transform.TransformerFactory;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
import org.apache.commons.io.IOUtils;
import org.apache.xml.security.Init;
import org.apache.xml.security.c14n.CanonicalizationException;
import org.apache.xml.security.c14n.Canonicalizer;
import org.apache.xml.security.c14n.InvalidCanonicalizerException;
import org.bouncycastle.util.encoders.Base64;
import org.demoiselle.signer.core.CertificateManager;
import org.demoiselle.signer.core.ca.manager.CAManager;
import org.demoiselle.signer.core.exception.CertificateValidatorCRLException;
import org.demoiselle.signer.core.repository.ConfigurationRepo;
import org.demoiselle.signer.core.util.MessagesBundle;
import org.demoiselle.signer.core.validator.PeriodValidator;
import org.demoiselle.signer.policy.engine.factory.PolicyFactory;
import org.demoiselle.signer.policy.engine.xml.icpb.XMLPolicyValidator;
import org.demoiselle.signer.policy.impl.xades.XMLPoliciesOID;
import org.demoiselle.signer.policy.impl.xades.XMLSignerException;
import org.demoiselle.signer.policy.impl.xades.util.DocumentUtils;
import org.demoiselle.signer.policy.impl.xades.util.PolicyUtils;
import org.demoiselle.signer.policy.impl.xades.xml.Signer;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.DOMException;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.NodeList;

/* loaded from: input_file:org/demoiselle/signer/policy/impl/xades/xml/impl/XMLSigner.class */
public class XMLSigner implements Signer {
    public static final String XMLNS = "http://www.w3.org/2000/09/xmldsig#";
    public static final String XMLNS_DS = "xmlns:ds";
    public static final String XMLNS_XADES = "xmlns:xades";
    public static final String XAdESv1_3_2 = "http://uri.etsi.org/01903/v1.3.2#";
    private static final Logger logger = LoggerFactory.getLogger(XMLSigner.class);
    private static MessagesBundle xadesMessagesBundle = new MessagesBundle();
    private X509Certificate certificate;
    private String policyOID;
    private PolicyFactory.Policies policy;
    private Date notAfterSignerCertificate;
    private PrivateKey privateKey = null;
    private PrivateKey privateKeyToTimestamp = null;
    private byte[] docSignature = null;
    private Certificate[] certificateChain = null;
    private Certificate[] certificateChainToTimestamp = null;
    private Document signedDocument = null;
    private String id = "id-" + System.currentTimeMillis();
    private boolean detachedSignaturePack = false;
    private String detachedFileName = null;
    private String signatureAlgorithm = Constants.SHA256withRSA;
    private String signatureDigest = "SHA-256";

    public XMLSigner() {
        this.policyOID = "";
        this.policyOID = XMLPoliciesOID.AD_RB_XADES_2_4.getOID();
        this.policy = PolicyUtils.getPolicyByOid(this.policyOID);
    }

    @Override // org.demoiselle.signer.policy.impl.xades.xml.Signer
    public void setPolicyId(String str) {
        this.policyOID = str;
        this.policy = PolicyUtils.getPolicyByOid(str);
    }

    public String getSignatureAlgorithm() {
        return this.signatureAlgorithm;
    }

    public void setSignatureAlgorithm(String str) {
        this.signatureAlgorithm = str;
        setSignatureDigest(AlgorithmsValues.getdigestTosignature(str));
    }

    public String getSignatureDigest() {
        return this.signatureDigest;
    }

    private void setSignatureDigest(String str) {
        this.signatureDigest = str;
    }

    @Override // org.demoiselle.signer.policy.impl.xades.xml.Signer
    public Document signEnveloped(boolean z, String str) throws XMLSignerException {
        if (!z) {
            logger.error(xadesMessagesBundle.getString("error.xml.false.to.file"));
            throw new XMLSignerException(xadesMessagesBundle.getString("error.xml.false.to.file"));
        }
        if (str == null || str.isEmpty()) {
            logger.error(xadesMessagesBundle.getString("error.xml.file.null", new Object[]{"fileNameSource"}));
            throw new XMLSignerException(xadesMessagesBundle.getString("error.xml.file.null", new Object[]{"fileNameSource"}));
        }
        if (str.substring(str.lastIndexOf(".") + 1).equalsIgnoreCase("xml")) {
            return signEnveloped(DocumentUtils.loadXMLDocument(str), (byte[]) null);
        }
        logger.error(xadesMessagesBundle.getString("error.xml.not.valid.file"));
        throw new XMLSignerException(xadesMessagesBundle.getString("error.xml.not.valid.file"));
    }

    @Override // org.demoiselle.signer.policy.impl.xades.xml.Signer
    public Document signEnveloped(String str) throws XMLSignerException {
        if (str != null && !str.isEmpty()) {
            return signEnveloped(DocumentUtils.loadXMLDocumentFromString(str), (byte[]) null);
        }
        logger.error(xadesMessagesBundle.getString("error.xml.parameter.null", new Object[]{"String xmlAsString"}));
        throw new XMLSignerException(xadesMessagesBundle.getString("error.xml.parameter.null", new Object[]{"String xmlAsString"}));
    }

    public Document signEnveloped(Document document) throws XMLSignerException {
        if (document != null) {
            return signEnveloped(document, (byte[]) null);
        }
        logger.error(xadesMessagesBundle.getString("error.xml.parameter.null", new Object[]{"Document docToSing"}));
        throw new XMLSignerException(xadesMessagesBundle.getString("error.xml.parameter.null", new Object[]{"Document docToSing"}));
    }

    public Document signEnveloped(byte[] bArr) throws XMLSignerException {
        if (bArr != null && bArr.length > 0) {
            return signEnveloped(DocumentUtils.loadXMLDocument(bArr), (byte[]) null);
        }
        logger.error(xadesMessagesBundle.getString("error.xml.parameter.null", new Object[]{"byte[] content"}));
        throw new XMLSignerException(xadesMessagesBundle.getString("error.xml.parameter.null", new Object[]{"byte[] content"}));
    }

    public Document signEnveloped(InputStream inputStream) throws XMLSignerException {
        if (inputStream != null) {
            return signEnveloped(DocumentUtils.loadXMLDocument(inputStream), (byte[]) null);
        }
        logger.error(xadesMessagesBundle.getString("error.xml.parameter.null", new Object[]{"InputStream  content"}));
        throw new XMLSignerException(xadesMessagesBundle.getString("error.xml.parameter.null", new Object[]{"InputStream  content"}));
    }

    public Document signDetachedEnveloped(InputStream inputStream, String str) throws XMLSignerException {
        if (inputStream == null) {
            logger.error(xadesMessagesBundle.getString("error.xml.parameter.null", new Object[]{"InputStream isFile"}));
            throw new XMLSignerException(xadesMessagesBundle.getString("error.xml.parameter.null", new Object[]{"InputStream isFile"}));
        }
        if (str == null || str.isEmpty()) {
            logger.error(xadesMessagesBundle.getString("error.xml.parameter.null", new Object[]{"String fileNameToSign"}));
            throw new XMLSignerException(xadesMessagesBundle.getString("error.xml.parameter.null", new Object[]{"String fileNameToSign"}));
        }
        try {
            return signDetachedEnveloped(IOUtils.toByteArray(inputStream), str);
        } catch (IOException e) {
            logger.error(xadesMessagesBundle.getString("error.io", new Object[]{e.getMessage()}));
            throw new XMLSignerException(xadesMessagesBundle.getString("error.io", new Object[]{e.getMessage()}));
        }
    }

    public Document signDetachedEnveloped(String str) throws XMLSignerException {
        if (str == null || str.isEmpty()) {
            logger.error(xadesMessagesBundle.getString("error.xml.file.null"));
            throw new XMLSignerException(xadesMessagesBundle.getString("error.xml.file.null", new Object[]{"fileNameToSign"}));
        }
        try {
            return signDetachedEnveloped(IOUtils.toByteArray(new FileInputStream(str)), Paths.get(str, new String[0]).getFileName().toString());
        } catch (IOException e) {
            logger.error(xadesMessagesBundle.getString("error.io", new Object[]{e.getMessage()}));
            throw new XMLSignerException(xadesMessagesBundle.getString("error.io", new Object[]{e.getMessage()}));
        }
    }

    public Document signDetachedEnveloped(byte[] bArr, String str) throws XMLSignerException {
        if (bArr == null || bArr.length <= 0) {
            logger.error(xadesMessagesBundle.getString("error.xml.parameter.null", new Object[]{"byte[] content"}));
            throw new XMLSignerException(xadesMessagesBundle.getString("error.xml.parameter.null", new Object[]{"byte[] content"}));
        }
        if (str == null || str.isEmpty()) {
            logger.error(xadesMessagesBundle.getString("error.xml.parameter.null", new Object[]{"String fileNameToSign"}));
            throw new XMLSignerException(xadesMessagesBundle.getString("error.xml.parameter.null", new Object[]{"String fileNameToSign"}));
        }
        try {
            this.detachedSignaturePack = true;
            this.detachedFileName = str;
            return signEnveloped((Document) null, MessageDigest.getInstance(getSignatureDigest()).digest(bArr));
        } catch (NoSuchAlgorithmException e) {
            logger.error(xadesMessagesBundle.getString("error.no.algorithm", new Object[]{e.getMessage()}));
            throw new XMLSignerException(xadesMessagesBundle.getString("error.no.algorithm", new Object[]{e.getMessage()}));
        }
    }

    public Document signDetachedEnveloped(byte[] bArr) throws XMLSignerException {
        if (bArr == null || bArr.length <= 0) {
            logger.error(xadesMessagesBundle.getString("error.xml.parameter.null", new Object[]{"byte[] hash"}));
            throw new XMLSignerException(xadesMessagesBundle.getString("error.xml.parameter.null", new Object[]{"byte[] hash"}));
        }
        this.detachedSignaturePack = true;
        return signEnveloped((Document) null, bArr);
    }

    private Document signEnveloped(Document document, byte[] bArr) throws XMLSignerException {
        Init.init();
        Document buildXML = buildXML(document, bArr);
        Document loadXMLPolicy = PolicyFactory.getInstance().loadXMLPolicy(this.policy);
        XMLPolicyValidator xMLPolicyValidator = new XMLPolicyValidator(loadXMLPolicy);
        if (!xMLPolicyValidator.validate()) {
            logger.error(xadesMessagesBundle.getString("error.policy.not.recognized", new Object[]{loadXMLPolicy.getDocumentURI()}));
            throw new XMLSignerException(xadesMessagesBundle.getString("error.policy.not.recognized", new Object[]{loadXMLPolicy.getDocumentURI()}));
        }
        if (this.certificateChain == null) {
            logger.error(xadesMessagesBundle.getString("error.certificate.null"));
            throw new XMLSignerException(xadesMessagesBundle.getString("error.certificate.null"));
        }
        if (getPrivateKey() == null) {
            logger.error(xadesMessagesBundle.getString("error.privatekey.null"));
            throw new XMLSignerException(xadesMessagesBundle.getString("error.privatekey.null"));
        }
        if (this.certificate == null && this.certificateChain != null && this.certificateChain.length > 0) {
            this.certificate = (X509Certificate) this.certificateChain[0];
        }
        this.certificateChain = CAManager.getInstance().getCertificateChainArray(this.certificate);
        if (this.certificateChain.length < 3) {
            logger.error(xadesMessagesBundle.getString("error.no.ca", new Object[]{this.certificate.getIssuerDN()}));
            throw new XMLSignerException(xadesMessagesBundle.getString("error.no.ca", new Object[]{this.certificate.getIssuerDN()}));
        }
        try {
            new CertificateManager(this.certificate);
        } catch (CertificateValidatorCRLException e) {
            logger.warn(e.getMessage());
            ConfigurationRepo.getInstance().setOnline(true);
            try {
                new CertificateManager(this.certificate);
            } catch (CertificateValidatorCRLException e2) {
                logger.error(e2.getMessage());
                throw new CertificateValidatorCRLException(e2.getMessage());
            }
        }
        setNotAfterSignerCertificate(new PeriodValidator().valDate(this.certificate));
        int length = buildXML.getElementsByTagName("ds:Signature").getLength() - 1;
        Element element = (Element) buildXML.getElementsByTagName("ds:Signature").item(length);
        Element signedObject = signedObject(this.certificate, buildXML);
        Init.init();
        try {
            try {
                buildXML.getElementsByTagName("ds:SignedInfo").item(length).appendChild(createSignatureHashReference(buildXML, Canonicalizer.getInstance("http://www.w3.org/2001/10/xml-exc-c14n#WithComments").canonicalizeSubtree(signedObject.getElementsByTagName("xades:SignedProperties").item(0))));
                try {
                    try {
                        byte[] canonicalizeSubtree = Canonicalizer.getInstance("http://www.w3.org/2001/10/xml-exc-c14n#WithComments").canonicalizeSubtree(buildXML.getElementsByTagName("ds:SignedInfo").item(length));
                        try {
                            Signature signature = Signature.getInstance(getSignatureAlgorithm());
                            try {
                                signature.initSign(this.privateKey);
                                try {
                                    signature.update(canonicalizeSubtree);
                                    this.docSignature = signature.sign();
                                    Element createElementNS = buildXML.createElementNS("http://www.w3.org/2000/09/xmldsig#", "ds:SignatureValue");
                                    createElementNS.setAttribute("Id", "value-" + this.id);
                                    createElementNS.setIdAttribute("Id", true);
                                    createElementNS.setTextContent(Base64.toBase64String(this.docSignature));
                                    element.appendChild(createElementNS);
                                    Element createElementNS2 = buildXML.createElementNS("http://www.w3.org/2000/09/xmldsig#", "ds:KeyInfo");
                                    buildXML.getElementsByTagName("ds:Signature").item(length).appendChild(createElementNS2);
                                    Element createElementNS3 = buildXML.createElementNS("http://www.w3.org/2000/09/xmldsig#", "ds:X509Data");
                                    createElementNS2.appendChild(createElementNS3);
                                    Element createElementNS4 = buildXML.createElementNS("http://www.w3.org/2000/09/xmldsig#", "ds:X509SubjectName");
                                    createElementNS4.setTextContent(this.certificate.getSubjectDN().getName());
                                    createElementNS3.appendChild(createElementNS4);
                                    Element createElementNS5 = buildXML.createElementNS("http://www.w3.org/2000/09/xmldsig#", "ds:X509Certificate");
                                    try {
                                        createElementNS5.setTextContent(Base64.toBase64String(this.certificate.getEncoded()));
                                        createElementNS3.appendChild(createElementNS5);
                                        List<String> mandatedUnsignedQProperties = xMLPolicyValidator.getXmlSignaturePolicy().getXmlSignerRules().getMandatedUnsignedQProperties();
                                        if (mandatedUnsignedQProperties.size() > 0) {
                                            if (getPrivateKeyToTimestamp() == null) {
                                                setPrivateKeyToTimestamp(getPrivateKey());
                                            }
                                            if (getCertificateChainToTimestamp() == null) {
                                                setCertificateChainToTimestamp(getCertificateChain());
                                            }
                                            signedObject.getElementsByTagName("xades:QualifyingProperties").item(0).appendChild(createUnsignedProperties(buildXML, mandatedUnsignedQProperties));
                                        }
                                        element.appendChild(signedObject);
                                        this.signedDocument = buildXML;
                                        return buildXML;
                                    } catch (CertificateEncodingException | DOMException e3) {
                                        logger.error(xadesMessagesBundle.getString("error.cert.digest"));
                                        throw new XMLSignerException(xadesMessagesBundle.getString("error.cert.digest"));
                                    }
                                } catch (SignatureException e4) {
                                    logger.error(xadesMessagesBundle.getString("error.xml.signature.exception", new Object[]{e4.getMessage()}));
                                    throw new XMLSignerException(xadesMessagesBundle.getString("error.xml.signature.exception", new Object[]{e4.getMessage()}));
                                }
                            } catch (InvalidKeyException e5) {
                                logger.error(xadesMessagesBundle.getString("error.private.key.invalid"));
                                throw new XMLSignerException(xadesMessagesBundle.getString("error.private.key.invalid"));
                            }
                        } catch (NoSuchAlgorithmException e6) {
                            logger.error(xadesMessagesBundle.getString("error.no.algorithm", new Object[]{e6.getMessage()}));
                            throw new XMLSignerException(xadesMessagesBundle.getString("error.no.algorithm", new Object[]{e6.getMessage()}));
                        }
                    } catch (CanonicalizationException e7) {
                        logger.error(xadesMessagesBundle.getString("error.xml.Invalid.Canonicalizer", new Object[]{e7.getMessage()}));
                        throw new XMLSignerException(xadesMessagesBundle.getString("error.xml.Invalid.Canonicalizer", new Object[]{e7.getMessage()}));
                    }
                } catch (InvalidCanonicalizerException e8) {
                    logger.error(xadesMessagesBundle.getString("error.xml.Invalid.Canonicalizer", new Object[]{e8.getMessage()}));
                    throw new XMLSignerException(xadesMessagesBundle.getString("error.xml.Invalid.Canonicalizer", new Object[]{e8.getMessage()}));
                }
            } catch (CanonicalizationException e9) {
                logger.error(xadesMessagesBundle.getString("error.xml.Invalid.Canonicalizer", new Object[]{e9.getMessage()}));
                throw new XMLSignerException(xadesMessagesBundle.getString("error.xml.Invalid.Canonicalizer", new Object[]{e9.getMessage()}));
            }
        } catch (InvalidCanonicalizerException e10) {
            logger.error(xadesMessagesBundle.getString("error.xml.Invalid.Canonicalizer", new Object[]{e10.getMessage()}));
            throw new XMLSignerException(xadesMessagesBundle.getString("error.xml.Invalid.Canonicalizer", new Object[]{e10.getMessage()}));
        }
    }

    private String getCertificateDigest(X509Certificate x509Certificate, String str) throws XMLSignerException {
        try {
            return Base64.toBase64String(MessageDigest.getInstance(str).digest(x509Certificate.getEncoded()));
        } catch (Exception e) {
            logger.error(xadesMessagesBundle.getString("error.cert.digest"));
            throw new XMLSignerException(xadesMessagesBundle.getString("error.cert.digest", new Object[]{e.getMessage()}));
        }
    }

    private Element addPolicy(Document document) throws XMLSignerException {
        Document loadXMLPolicy = PolicyFactory.getInstance().loadXMLPolicy(this.policy);
        NodeList elementsByTagName = loadXMLPolicy.getElementsByTagName("pa:SignPolicyDigest");
        String textContent = elementsByTagName.getLength() > 0 ? elementsByTagName.item(0).getTextContent() : "";
        Element element = (Element) loadXMLPolicy.getElementsByTagName("XAdES:Identifier").item(0);
        Element createElementNS = document.createElementNS("http://uri.etsi.org/01903/v1.3.2#", "xades:SignaturePolicyIdentifier");
        Element createElementNS2 = document.createElementNS("http://uri.etsi.org/01903/v1.3.2#", "xades:SignaturePolicyId");
        createElementNS.appendChild(createElementNS2);
        Element createElementNS3 = document.createElementNS("http://uri.etsi.org/01903/v1.3.2#", "xades:SigPolicyId");
        createElementNS2.appendChild(createElementNS3);
        Element createElementNS4 = document.createElementNS("http://uri.etsi.org/01903/v1.3.2#", "xades:Identifier");
        createElementNS4.setAttribute("Qualifier", "OIDAsURN");
        createElementNS4.setTextContent(element.getTextContent());
        createElementNS3.appendChild(createElementNS4);
        Element createElementNS5 = document.createElementNS("http://www.w3.org/2000/09/xmldsig#", "ds:Transforms");
        createElementNS2.appendChild(createElementNS5);
        Element createElementNS6 = document.createElementNS("http://www.w3.org/2000/09/xmldsig#", "ds:Transform");
        createElementNS6.setAttribute("Algorithm", "http://www.w3.org/2001/10/xml-exc-c14n#WithComments");
        createElementNS5.appendChild(createElementNS6);
        Element createElementNS7 = document.createElementNS("http://uri.etsi.org/01903/v1.3.2#", "xades:SigPolicyHash");
        createElementNS2.appendChild(createElementNS7);
        Element createElementNS8 = document.createElementNS("http://www.w3.org/2000/09/xmldsig#", "ds:DigestMethod");
        createElementNS8.setAttribute("Algorithm", AlgorithmsValues.getSignatureDigest(getSignatureDigest()));
        createElementNS7.appendChild(createElementNS8);
        Element createElementNS9 = document.createElementNS("http://www.w3.org/2000/09/xmldsig#", "ds:DigestValue");
        createElementNS9.setTextContent(textContent);
        createElementNS7.appendChild(createElementNS9);
        Element createElementNS10 = document.createElementNS("http://uri.etsi.org/01903/v1.3.2#", "xades:SigPolicyQualifiers");
        createElementNS2.appendChild(createElementNS10);
        Element createElementNS11 = document.createElementNS("http://uri.etsi.org/01903/v1.3.2#", "xades:SigPolicyQualifier");
        createElementNS10.appendChild(createElementNS11);
        Element createElementNS12 = document.createElementNS("http://uri.etsi.org/01903/v1.3.2#", "xades:SPURI");
        createElementNS12.setTextContent(this.policy.getUrl());
        createElementNS11.appendChild(createElementNS12);
        return createElementNS;
    }

    private Element signedObject(X509Certificate x509Certificate, Document document) {
        Element createElementNS = document.createElementNS("http://www.w3.org/2000/09/xmldsig#", "ds:Object");
        Element createElementNS2 = document.createElementNS("http://uri.etsi.org/01903/v1.3.2#", "xades:QualifyingProperties");
        createElementNS2.setAttribute("xmlns:xades", "http://uri.etsi.org/01903/v1.3.2#");
        createElementNS2.setAttribute("Target", "#" + this.id);
        createElementNS.appendChild(createElementNS2);
        Element createElementNS3 = document.createElementNS("http://uri.etsi.org/01903/v1.3.2#", "xades:SignedProperties");
        createElementNS3.setAttribute("Id", "xades-" + this.id);
        createElementNS3.setIdAttribute("Id", true);
        createElementNS2.appendChild(createElementNS3);
        Element createElementNS4 = document.createElementNS("http://uri.etsi.org/01903/v1.3.2#", "xades:SignedSignatureProperties");
        createElementNS3.appendChild(createElementNS4);
        Element createElementNS5 = document.createElementNS("http://uri.etsi.org/01903/v1.3.2#", "xades:SigningTime");
        createElementNS5.setTextContent(new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss").format(Calendar.getInstance().getTime()) + "Z");
        createElementNS4.appendChild(createElementNS5);
        Element createElementNS6 = document.createElementNS("http://uri.etsi.org/01903/v1.3.2#", "xades:SigningCertificate");
        createElementNS4.appendChild(createElementNS6);
        Element createElementNS7 = document.createElementNS("http://uri.etsi.org/01903/v1.3.2#", "xades:Cert");
        createElementNS6.appendChild(createElementNS7);
        Element createElementNS8 = document.createElementNS("http://uri.etsi.org/01903/v1.3.2#", "xades:CertDigest");
        createElementNS7.appendChild(createElementNS8);
        Element createElementNS9 = document.createElementNS("http://www.w3.org/2000/09/xmldsig#", "ds:DigestMethod");
        createElementNS9.setAttribute("Algorithm", "http://www.w3.org/2000/09/xmldsig#sha1");
        createElementNS8.appendChild(createElementNS9);
        Element createElementNS10 = document.createElementNS("http://www.w3.org/2000/09/xmldsig#", "ds:DigestValue");
        createElementNS10.setTextContent(getCertificateDigest(x509Certificate, "SHA1"));
        createElementNS8.appendChild(createElementNS10);
        Element createElementNS11 = document.createElementNS("http://uri.etsi.org/01903/v1.3.2#", "xades:IssuerSerial");
        createElementNS7.appendChild(createElementNS11);
        String x500Principal = x509Certificate.getIssuerX500Principal().toString();
        String bigInteger = x509Certificate.getSerialNumber().toString();
        Element createElementNS12 = document.createElementNS("http://www.w3.org/2000/09/xmldsig#", "ds:X509IssuerName");
        createElementNS12.setTextContent(x500Principal);
        createElementNS11.appendChild(createElementNS12);
        Element createElementNS13 = document.createElementNS("http://www.w3.org/2000/09/xmldsig#", "ds:X509SerialNumber");
        createElementNS13.setTextContent(bigInteger);
        createElementNS11.appendChild(createElementNS13);
        if (!this.policyOID.isEmpty()) {
            createElementNS4.appendChild(addPolicy(document));
        }
        Element createElementNS14 = document.createElementNS("http://uri.etsi.org/01903/v1.3.2#", "xades:SignedDataObjectProperties");
        createElementNS3.appendChild(createElementNS14);
        Element createElementNS15 = document.createElementNS("http://uri.etsi.org/01903/v1.3.2#", "xades:DataObjectFormat");
        createElementNS15.setAttribute("ObjectReference", "#r" + this.id);
        createElementNS14.appendChild(createElementNS15);
        Element createElementNS16 = document.createElementNS("http://uri.etsi.org/01903/v1.3.2#", "xades:MimeType");
        createElementNS16.setTextContent("text/xml");
        createElementNS15.appendChild(createElementNS16);
        return createElementNS;
    }

    private Element createSignatureHashReference(Document document, byte[] bArr) throws XMLSignerException {
        HashMap<String, String> hashMap = new HashMap<>();
        hashMap.put("id", "sigref" + this.id);
        hashMap.put("type", Constants.SignedProperties);
        hashMap.put("uri", "#xades-" + this.id);
        hashMap.put("alg", "http://www.w3.org/2001/10/xml-exc-c14n#WithComments");
        hashMap.put("digAlg", AlgorithmsValues.getSignatureDigest(getSignatureDigest()));
        try {
            hashMap.put("digVal", Base64.toBase64String(MessageDigest.getInstance(getSignatureDigest()).digest(bArr)));
            return createReferenceTag(document, hashMap);
        } catch (NoSuchAlgorithmException e) {
            logger.error(xadesMessagesBundle.getString("error.no.algorithm", new Object[]{e.getMessage()}));
            throw new XMLSignerException(xadesMessagesBundle.getString("error.no.algorithm", new Object[]{e.getMessage()}));
        }
    }

    private Element createReferenceTag(Document document, HashMap<String, String> hashMap) {
        Element createElementNS = document.createElementNS("http://www.w3.org/2000/09/xmldsig#", "ds:Reference");
        if (hashMap.containsKey("id")) {
            createElementNS.setAttribute("Id", hashMap.get("id"));
            createElementNS.setIdAttribute("Id", true);
        }
        if (hashMap.containsKey("type")) {
            createElementNS.setAttribute("Type", hashMap.get("type"));
        }
        if (hashMap.containsKey("uri")) {
            createElementNS.setAttribute("URI", hashMap.get("uri"));
        }
        if (!hashMap.containsKey("no_transforms")) {
            Element createElementNS2 = document.createElementNS("http://www.w3.org/2000/09/xmldsig#", "ds:Transforms");
            createElementNS.appendChild(createElementNS2);
            if (hashMap.containsKey("transAlg1")) {
                Element createElementNS3 = document.createElementNS("http://www.w3.org/2000/09/xmldsig#", "ds:Transform");
                createElementNS3.setAttribute("Algorithm", hashMap.get("transAlg1"));
                createElementNS2.appendChild(createElementNS3);
            }
            if (hashMap.containsKey("alg")) {
                Element createElementNS4 = document.createElementNS("http://www.w3.org/2000/09/xmldsig#", "ds:Transform");
                createElementNS4.setAttribute("Algorithm", hashMap.get("alg"));
                createElementNS2.appendChild(createElementNS4);
                if (hashMap.containsKey("text")) {
                    Element createElementNS5 = document.createElementNS("http://www.w3.org/2000/09/xmldsig#", "ds:XPath");
                    createElementNS5.setTextContent(hashMap.get("text"));
                    createElementNS4.appendChild(createElementNS5);
                }
            }
            if (hashMap.containsKey("transAlg2")) {
                Element createElementNS6 = document.createElementNS("http://www.w3.org/2000/09/xmldsig#", "ds:Transform");
                createElementNS6.setAttribute("Algorithm", hashMap.get("transAlg2"));
                createElementNS2.appendChild(createElementNS6);
            }
        }
        if (hashMap.containsKey("digAlg")) {
            Element createElementNS7 = document.createElementNS("http://www.w3.org/2000/09/xmldsig#", "ds:DigestMethod");
            createElementNS7.setAttribute("Algorithm", hashMap.get("digAlg"));
            createElementNS.appendChild(createElementNS7);
            Element createElementNS8 = document.createElementNS("http://www.w3.org/2000/09/xmldsig#", "ds:DigestValue");
            createElementNS8.setTextContent(hashMap.get("digVal"));
            createElementNS.appendChild(createElementNS8);
        }
        return createElementNS;
    }

    private Document buildXML(Document document, byte[] bArr) throws XMLSignerException {
        Document newDocument;
        if (this.detachedSignaturePack) {
            try {
                newDocument = DocumentBuilderFactory.newInstance().newDocumentBuilder().newDocument();
            } catch (ParserConfigurationException e) {
                logger.error(xadesMessagesBundle.getString("error.xml.parser", new Object[]{e.getMessage()}));
                throw new XMLSignerException(xadesMessagesBundle.getString("error.xml.parser", new Object[]{e.getMessage()}));
            }
        } else {
            newDocument = document;
        }
        Element createElementNS = newDocument.createElementNS("http://www.w3.org/2000/09/xmldsig#", "ds:Signature");
        createElementNS.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:ds", "http://www.w3.org/2000/09/xmldsig#");
        createElementNS.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:xades", "http://uri.etsi.org/01903/v1.3.2#");
        createElementNS.setAttribute("Id", this.id);
        createElementNS.setIdAttribute("Id", true);
        Element createElementNS2 = newDocument.createElementNS("http://www.w3.org/2000/09/xmldsig#", "ds:SignedInfo");
        createElementNS.appendChild(createElementNS2);
        Element createElementNS3 = newDocument.createElementNS("http://www.w3.org/2000/09/xmldsig#", "ds:CanonicalizationMethod");
        createElementNS3.setAttribute("Algorithm", "http://www.w3.org/2001/10/xml-exc-c14n#WithComments");
        createElementNS2.appendChild(createElementNS3);
        Element createElementNS4 = newDocument.createElementNS("http://www.w3.org/2000/09/xmldsig#", "ds:SignatureMethod");
        createElementNS4.setAttribute("Algorithm", AlgorithmsValues.getSignatureAlgorithm(getSignatureAlgorithm()));
        createElementNS2.appendChild(createElementNS4);
        HashMap<String, String> hashMap = new HashMap<>();
        hashMap.put("uri", "");
        hashMap.put("id", "r-" + this.id);
        hashMap.put("text", "not(ancestor-or-self::ds:Signature)");
        hashMap.put("alg", Constants.XPATH);
        hashMap.put("digAlg", AlgorithmsValues.getSignatureDigest(getSignatureDigest()));
        if (this.detachedSignaturePack) {
            hashMap.put("no_transforms", "true");
            hashMap.put("uri", this.detachedFileName);
            hashMap.put("digVal", Base64.toBase64String(bArr));
            createElementNS2.appendChild(createReferenceTag(newDocument, hashMap));
            newDocument.appendChild(createElementNS);
        } else {
            byte[] shaCanonizedValue = DocumentUtils.getShaCanonizedValue(getSignatureDigest(), DocumentUtils.getDocumentData(newDocument), "http://www.w3.org/2001/10/xml-exc-c14n#WithComments");
            hashMap.put("uri", "");
            hashMap.put("id", "r" + this.id);
            hashMap.put("text", "not(ancestor-or-self::ds:Signature)");
            hashMap.put("alg", Constants.XPATH);
            hashMap.put("digAlg", AlgorithmsValues.getSignatureDigest(getSignatureDigest()));
            hashMap.put("transAlg1", "http://www.w3.org/2000/09/xmldsig#enveloped-signature");
            hashMap.put("transAlg2", "http://www.w3.org/2001/10/xml-exc-c14n#WithComments");
            hashMap.put("digVal", Base64.toBase64String(shaCanonizedValue));
            byte[] bArr2 = new byte[0];
            createElementNS2.appendChild(createReferenceTag(newDocument, hashMap));
            newDocument.getDocumentElement().appendChild(createElementNS);
        }
        return newDocument;
    }

    /* JADX WARN: Removed duplicated region for block: B:29:0x0130  */
    /* JADX WARN: Removed duplicated region for block: B:31:0x013a A[SYNTHETIC] */
    /* JADX WARN: Removed duplicated region for block: B:35:0x016e A[SYNTHETIC] */
    /* JADX WARN: Removed duplicated region for block: B:38:0x01a2 A[SYNTHETIC] */
    /* JADX WARN: Removed duplicated region for block: B:41:0x01d6 A[SYNTHETIC] */
    /* JADX WARN: Removed duplicated region for block: B:44:0x020a A[SYNTHETIC] */
    /* JADX WARN: Removed duplicated region for block: B:47:0x023e A[SYNTHETIC] */
    /* JADX WARN: Removed duplicated region for block: B:50:0x0272 A[SYNTHETIC] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private org.w3c.dom.Element createUnsignedProperties(org.w3c.dom.Document r10, java.util.List<java.lang.String> r11) throws org.demoiselle.signer.policy.impl.xades.XMLSignerException {
        /*
            Method dump skipped, instructions count: 693
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.demoiselle.signer.policy.impl.xades.xml.impl.XMLSigner.createUnsignedProperties(org.w3c.dom.Document, java.util.List):org.w3c.dom.Element");
    }

    private Element createSignatureTimeStampProperty(Document document) {
        Element createElement = document.createElement("xades:SignatureTimeStamp");
        Element createElementNS = document.createElementNS("http://www.w3.org/2000/09/xmldsig#", "ds:CanonicalizationMethod");
        createElementNS.setAttribute("Algorithm", "http://www.w3.org/2001/10/xml-exc-c14n#WithComments");
        createElement.appendChild(createElementNS);
        Element createElement2 = document.createElement("xades:EncapsulatedTimeStamp");
        createElement2.setAttribute("Id", "TimeStamp" + this.id);
        createElement2.setTextContent(Base64.toBase64String(new XMLTimeStampToken(getPrivateKeyToTimestamp(), getCertificateChainToTimestamp(), this.docSignature, null).getTimeStampToken()));
        createElement.appendChild(createElement2);
        return createElement;
    }

    public void saveSignedDocument(String str) throws TransformerException, FileNotFoundException {
        TransformerFactory.newInstance().newTransformer().transform(new DOMSource(this.signedDocument), new StreamResult(new FileOutputStream(str)));
    }

    @Override // org.demoiselle.signer.policy.impl.xades.xml.Signer
    public PrivateKey getPrivateKey() {
        return this.privateKey;
    }

    @Override // org.demoiselle.signer.policy.impl.xades.xml.Signer
    public void setPrivateKey(PrivateKey privateKey) {
        this.privateKey = privateKey;
    }

    @Override // org.demoiselle.signer.policy.impl.xades.xml.Signer
    public Certificate[] getCertificateChain() {
        return this.certificateChain;
    }

    @Override // org.demoiselle.signer.policy.impl.xades.xml.Signer
    public void setCertificateChain(Certificate[] certificateArr) {
        this.certificateChain = certificateArr;
    }

    @Override // org.demoiselle.signer.policy.impl.xades.xml.Signer
    public Date getNotAfterSignerCertificate() {
        return this.notAfterSignerCertificate;
    }

    @Override // org.demoiselle.signer.policy.impl.xades.xml.Signer
    public void setNotAfterSignerCertificate(Date date) {
        this.notAfterSignerCertificate = date;
    }

    @Override // org.demoiselle.signer.policy.impl.xades.xml.Signer
    public PrivateKey getPrivateKeyToTimestamp() {
        return this.privateKeyToTimestamp;
    }

    @Override // org.demoiselle.signer.policy.impl.xades.xml.Signer
    public void setPrivateKeyToTimestamp(PrivateKey privateKey) {
        this.privateKeyToTimestamp = privateKey;
    }

    @Override // org.demoiselle.signer.policy.impl.xades.xml.Signer
    public Certificate[] getCertificateChainToTimestamp() {
        return this.certificateChainToTimestamp;
    }

    @Override // org.demoiselle.signer.policy.impl.xades.xml.Signer
    public void setCertificateChainToTimestamp(Certificate[] certificateArr) {
        this.certificateChainToTimestamp = certificateArr;
    }
}
