package eu.europa.esig.dss.xades.signature;

import eu.europa.esig.dss.enumerations.DigestAlgorithm;
import eu.europa.esig.dss.enumerations.SignatureLevel;
import eu.europa.esig.dss.enumerations.TimestampType;
import eu.europa.esig.dss.exception.IllegalInputException;
import eu.europa.esig.dss.model.DSSDocument;
import eu.europa.esig.dss.model.DSSException;
import eu.europa.esig.dss.model.DSSMessageDigest;
import eu.europa.esig.dss.model.DigestDocument;
import eu.europa.esig.dss.model.x509.CertificateToken;
import eu.europa.esig.dss.signature.SignatureExtension;
import eu.europa.esig.dss.signature.SignatureRequirementsChecker;
import eu.europa.esig.dss.signature.SigningOperation;
import eu.europa.esig.dss.spi.DSSASN1Utils;
import eu.europa.esig.dss.spi.x509.revocation.crl.CRLToken;
import eu.europa.esig.dss.spi.x509.revocation.ocsp.OCSPToken;
import eu.europa.esig.dss.spi.x509.tsp.TSPSource;
import eu.europa.esig.dss.spi.x509.tsp.TimestampToken;
import eu.europa.esig.dss.utils.Utils;
import eu.europa.esig.dss.validation.AdvancedSignature;
import eu.europa.esig.dss.validation.CertificateVerifier;
import eu.europa.esig.dss.validation.ValidationData;
import eu.europa.esig.dss.xades.DSSXMLUtils;
import eu.europa.esig.dss.xades.XAdESProfileParameters;
import eu.europa.esig.dss.xades.XAdESSignatureParameters;
import eu.europa.esig.dss.xades.XAdESTimestampParameters;
import eu.europa.esig.dss.xades.validation.XAdESSignature;
import eu.europa.esig.dss.xades.validation.XMLDocumentValidator;
import eu.europa.esig.dss.xml.utils.DomUtils;
import eu.europa.esig.xades.definition.XAdESNamespace;
import eu.europa.esig.xades.definition.xades111.XAdES111Attribute;
import eu.europa.esig.xades.definition.xades111.XAdES111Element;
import eu.europa.esig.xades.definition.xades122.XAdES122Attribute;
import eu.europa.esig.xades.definition.xades122.XAdES122Element;
import eu.europa.esig.xades.definition.xades141.XAdES141Element;
import eu.europa.esig.xmldsig.definition.XMLDSigAttribute;
import eu.europa.esig.xmldsig.definition.XMLDSigElement;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import java.util.Set;
import java.util.UUID;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Element;
import org.w3c.dom.Node;

/* loaded from: input_file:eu/europa/esig/dss/xades/signature/XAdESLevelBaselineT.class */
public class XAdESLevelBaselineT extends ExtensionBuilder implements SignatureExtension<XAdESSignatureParameters> {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) XAdESLevelBaselineT.class);
    protected TSPSource tspSource;

    public XAdESLevelBaselineT(CertificateVerifier certificateVerifier) {
        super(certificateVerifier);
    }

    private void incorporateC14nMethod(Element element, String str) {
        Element createElementNS = DomUtils.createElementNS(this.documentDom, getXmldsigNamespace(), XMLDSigElement.CANONICALIZATION_METHOD);
        createElementNS.setAttribute(XMLDSigAttribute.ALGORITHM.getAttributeName(), str);
        element.appendChild(createElementNS);
    }

    @Override // eu.europa.esig.dss.signature.SignatureExtension
    public DSSDocument extendSignatures(DSSDocument dSSDocument, XAdESSignatureParameters xAdESSignatureParameters) throws DSSException {
        Objects.requireNonNull(dSSDocument, "The document cannot be null");
        Objects.requireNonNull(this.tspSource, "The TSPSource cannot be null");
        this.params = xAdESSignatureParameters;
        XAdESProfileParameters context = xAdESSignatureParameters.getContext();
        if (LOG.isInfoEnabled()) {
            LOG.info("====> Extending: {}", dSSDocument.getName() == null ? "IN MEMORY DOCUMENT" : dSSDocument.getName());
        }
        this.documentValidator = new XMLDocumentValidator(dSSDocument);
        this.documentValidator.setCertificateVerifier(this.certificateVerifier);
        this.documentValidator.setDetachedContents(xAdESSignatureParameters.getDetachedContents());
        this.documentDom = this.documentValidator.getRootElement();
        List<AdvancedSignature> signatures = this.documentValidator.getSignatures();
        if (Utils.isCollectionEmpty(signatures)) {
            throw new IllegalInputException("There is no signature to extend!");
        }
        List<AdvancedSignature> list = signatures;
        if (SigningOperation.SIGN.equals(context.getOperationKind())) {
            String deterministicId = xAdESSignatureParameters.getDeterministicId();
            Iterator<AdvancedSignature> it = signatures.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                AdvancedSignature next = it.next();
                if (deterministicId.equals(next.getDAIdentifier())) {
                    list = Collections.singletonList(next);
                    break;
                }
            }
        }
        extendSignatures(assertNoEmbeddedSignaturesPresent(list));
        return createXmlDocument();
    }

    private List<AdvancedSignature> assertNoEmbeddedSignaturesPresent(List<AdvancedSignature> list) {
        ArrayList arrayList = new ArrayList();
        for (AdvancedSignature advancedSignature : list) {
            if (hasSignatureAsParent(((XAdESSignature) advancedSignature).getSignatureElement())) {
                LOG.warn("The signature with Id '{}' has a ds:Signature parent within its XML tree! The signature will not be extended.", advancedSignature.getId());
            } else {
                arrayList.add(advancedSignature);
            }
        }
        return arrayList;
    }

    private boolean hasSignatureAsParent(Element element) {
        Node parentNode = element.getParentNode();
        while (true) {
            Node node = parentNode;
            if (node == null) {
                return false;
            }
            if (XMLDSigElement.SIGNATURE.isSameTagName(node.getLocalName()) && XMLDSigElement.SIGNATURE.getURI().equals(node.getNamespaceURI())) {
                return true;
            }
            parentNode = node.getParentNode();
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void extendSignatures(List<AdvancedSignature> list) {
        SignatureRequirementsChecker signatureRequirementsChecker = new SignatureRequirementsChecker(this.certificateVerifier, this.params);
        for (AdvancedSignature advancedSignature : list) {
            initializeSignatureBuilder((XAdESSignature) advancedSignature);
            if (tLevelExtensionRequired()) {
                assertExtendSignatureToTPossible();
                assertSignatureValid(this.xadesSignature);
                signatureRequirementsChecker.assertSigningCertificateIsValid(advancedSignature);
                Element element = (Element) this.unsignedSignaturePropertiesDom.cloneNode(true);
                XAdESTimestampParameters signatureTimestampParameters = this.params.getSignatureTimestampParameters();
                DigestAlgorithm digestAlgorithm = signatureTimestampParameters.getDigestAlgorithm();
                String canonicalizationMethod = signatureTimestampParameters.getCanonicalizationMethod();
                createXAdESTimeStampType(TimestampType.SIGNATURE_TIMESTAMP, canonicalizationMethod, this.xadesSignature.getTimestampSource().getSignatureTimestampMessageDigest(digestAlgorithm, canonicalizationMethod));
                this.unsignedSignaturePropertiesDom = indentIfPrettyPrint(this.unsignedSignaturePropertiesDom, element);
            }
        }
    }

    private boolean tLevelExtensionRequired() {
        return SignatureLevel.XAdES_BASELINE_T.equals(this.params.getSignatureLevel()) || !this.xadesSignature.hasTProfile();
    }

    private void assertExtendSignatureToTPossible() {
        SignatureLevel signatureLevel = this.params.getSignatureLevel();
        if (SignatureLevel.XAdES_BASELINE_T.equals(signatureLevel)) {
            if (this.xadesSignature.hasLTAProfile() || ((this.xadesSignature.hasLTProfile() || this.xadesSignature.hasCProfile()) && !this.xadesSignature.areAllSelfSignedCertificates())) {
                throw new IllegalInputException(String.format("Cannot extend signature to '%s'. The signature is already extended with LT level.", signatureLevel));
            }
        }
    }

    public void setTspSource(TSPSource tSPSource) {
        this.tspSource = tSPSource;
    }

    protected Element incorporateCertificateValues(Element element, Collection<CertificateToken> collection) {
        Element element2 = null;
        if (Utils.isCollectionNotEmpty(collection)) {
            element2 = DomUtils.addElement(this.documentDom, element, getXadesNamespace(), getCurrentXAdESElements().getElementCertificateValues());
            Iterator<CertificateToken> it = collection.iterator();
            while (it.hasNext()) {
                DomUtils.addTextElement(this.documentDom, element2, getXadesNamespace(), getCurrentXAdESElements().getElementEncapsulatedX509Certificate(), Utils.toBase64(it.next().getEncoded()));
            }
        }
        return element2;
    }

    protected Element incorporateRevocationValues(Element element, Collection<CRLToken> collection, Collection<OCSPToken> collection2) {
        Element element2 = null;
        if (Utils.isCollectionNotEmpty(collection) || Utils.isCollectionNotEmpty(collection2)) {
            element2 = DomUtils.addElement(this.documentDom, element, getXadesNamespace(), getCurrentXAdESElements().getElementRevocationValues());
            incorporateCrlTokens(element2, collection);
            incorporateOcspTokens(element2, collection2);
        }
        return element2;
    }

    private void incorporateCrlTokens(Element element, Collection<CRLToken> collection) {
        if (collection.isEmpty()) {
            return;
        }
        Element addElement = DomUtils.addElement(this.documentDom, element, getXadesNamespace(), getCurrentXAdESElements().getElementCRLValues());
        Iterator<CRLToken> it = collection.iterator();
        while (it.hasNext()) {
            DomUtils.addTextElement(this.documentDom, addElement, getXadesNamespace(), getCurrentXAdESElements().getElementEncapsulatedCRLValue(), Utils.toBase64(it.next().getEncoded()));
        }
    }

    private void incorporateOcspTokens(Element element, Collection<OCSPToken> collection) {
        if (collection.isEmpty()) {
            return;
        }
        Element addElement = DomUtils.addElement(this.documentDom, element, getXadesNamespace(), getCurrentXAdESElements().getElementOCSPValues());
        Iterator<OCSPToken> it = collection.iterator();
        while (it.hasNext()) {
            DomUtils.addTextElement(this.documentDom, addElement, getXadesNamespace(), getCurrentXAdESElements().getElementEncapsulatedOCSPValue(), Utils.toBase64(it.next().getEncoded()));
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void incorporateCertificateValues(Element element, Collection<CertificateToken> collection, String str) {
        Element incorporateCertificateValues = incorporateCertificateValues(element, collection);
        if (incorporateCertificateValues == null || str == null) {
            return;
        }
        DomUtils.setTextNode(this.documentDom, element, str);
        DSSXMLUtils.indentAndReplace(this.documentDom, incorporateCertificateValues);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void incorporateRevocationValues(Element element, Collection<CRLToken> collection, Collection<OCSPToken> collection2, String str) {
        Element incorporateRevocationValues = incorporateRevocationValues(element, collection, collection2);
        if (incorporateRevocationValues == null || str == null) {
            return;
        }
        DomUtils.setTextNode(this.documentDom, element, str);
        DSSXMLUtils.indentAndReplace(this.documentDom, incorporateRevocationValues);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String removeOldCertificateValues() {
        String str = null;
        Element certificateValues = this.xadesSignature.getCertificateValues();
        if (certificateValues != null) {
            str = removeNode(certificateValues);
            this.xadesSignature.resetCertificateSource();
        }
        return str;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void removeOldRevocationValues() {
        Element revocationValues = this.xadesSignature.getRevocationValues();
        if (revocationValues != null) {
            removeNode(revocationValues);
            this.xadesSignature.resetRevocationSources();
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String removeLastTimestampValidationData() {
        Element lastTimestampValidationData = this.xadesSignature.getLastTimestampValidationData();
        if (lastTimestampValidationData == null) {
            return null;
        }
        this.xadesSignature.resetCertificateSource();
        this.xadesSignature.resetRevocationSources();
        return removeNode(lastTimestampValidationData);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void incorporateTimestampValidationData(ValidationData validationData, String str) {
        if (validationData.isEmpty()) {
            return;
        }
        Set<CertificateToken> certificateTokens = validationData.getCertificateTokens();
        Set<CRLToken> crlTokens = validationData.getCrlTokens();
        Set<OCSPToken> ocspTokens = validationData.getOcspTokens();
        Element addElement = DomUtils.addElement(this.documentDom, this.unsignedSignaturePropertiesDom, getXades141Namespace(), XAdES141Element.TIMESTAMP_VALIDATION_DATA);
        incorporateCertificateValues(addElement, certificateTokens, str);
        incorporateRevocationValues(addElement, crlTokens, ocspTokens, str);
        List<TimestampToken> archiveTimestamps = this.xadesSignature.getArchiveTimestamps();
        addElement.setAttribute("Id", "id-" + (Utils.isCollectionNotEmpty(archiveTimestamps) ? archiveTimestamps.get(archiveTimestamps.size() - 1).getDSSIdAsString() : "1"));
        if (this.params.isPrettyPrint()) {
            DSSXMLUtils.indentAndReplace(this.documentDom, addElement);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void incorporateArchiveTimestamp() {
        XAdESTimestampParameters archiveTimestampParameters = this.params.getArchiveTimestampParameters();
        DigestAlgorithm digestAlgorithm = archiveTimestampParameters.getDigestAlgorithm();
        String canonicalizationMethod = archiveTimestampParameters.getCanonicalizationMethod();
        createXAdESTimeStampType(TimestampType.ARCHIVE_TIMESTAMP, canonicalizationMethod, this.xadesSignature.getTimestampSource().getArchiveTimestampData(digestAlgorithm, canonicalizationMethod));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void createXAdESTimeStampType(TimestampType timestampType, String str, DSSMessageDigest dSSMessageDigest) throws DSSException {
        Element addElement;
        if ((XAdESNamespace.XADES_111.isSameUri(getXadesNamespace().getUri()) || XAdESNamespace.XADES_122.isSameUri(getXadesNamespace().getUri())) && TimestampType.SIGNATURE_TIMESTAMP != timestampType) {
            throw new UnsupportedOperationException("Signature Timestamp creation is only supported for XAdES 1.1.1 and 1.2.2");
        }
        DigestAlgorithm digestAlgorithm = this.params.getSignatureTimestampParameters().getDigestAlgorithm();
        switch (timestampType) {
            case SIGNATURE_TIMESTAMP:
                addElement = DomUtils.addElement(this.documentDom, this.unsignedSignaturePropertiesDom, getXadesNamespace(), getCurrentXAdESElements().getElementSignatureTimeStamp());
                break;
            case VALIDATION_DATA_TIMESTAMP:
                if (!this.params.isEn319132()) {
                    addElement = DomUtils.addElement(this.documentDom, this.unsignedSignaturePropertiesDom, getXadesNamespace(), getCurrentXAdESElements().getElementSigAndRefsTimeStamp());
                    break;
                } else {
                    addElement = DomUtils.addElement(this.documentDom, this.unsignedSignaturePropertiesDom, getXades141Namespace(), XAdES141Element.SIG_AND_REFS_TIMESTAMP_V2);
                    break;
                }
            case VALIDATION_DATA_REFSONLY_TIMESTAMP:
                if (!this.params.isEn319132()) {
                    addElement = DomUtils.addElement(this.documentDom, this.unsignedSignaturePropertiesDom, getXadesNamespace(), getCurrentXAdESElements().getElementRefsOnlyTimeStamp());
                    break;
                } else {
                    addElement = DomUtils.addElement(this.documentDom, this.unsignedSignaturePropertiesDom, getXades141Namespace(), XAdES141Element.REFS_ONLY_TIMESTAMP_V2);
                    break;
                }
            case ARCHIVE_TIMESTAMP:
                addElement = DomUtils.addElement(this.documentDom, this.unsignedSignaturePropertiesDom, getXades141Namespace(), XAdES141Element.ARCHIVE_TIMESTAMP);
                digestAlgorithm = this.params.getArchiveTimestampParameters().getDigestAlgorithm();
                break;
            default:
                throw new UnsupportedOperationException("Unsupported timestamp type : " + timestampType);
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("Timestamp generation: {} / {} / {}", digestAlgorithm.getName(), str, Utils.toBase64(dSSMessageDigest.getValue()));
        }
        String base64 = Utils.toBase64(DSSASN1Utils.getDEREncoded(this.tspSource.getTimeStampResponse(digestAlgorithm, dSSMessageDigest.getValue())));
        if (XAdESNamespace.XADES_122.isSameUri(getXadesNamespace().getUri())) {
            incorporateXAdES122Include(addElement);
        }
        String uuid = UUID.randomUUID().toString();
        if (XAdESNamespace.XADES_111.isSameUri(getXadesNamespace().getUri())) {
            incorporateHashDataInfo(addElement, str);
        } else {
            addElement.setAttribute(XMLDSigAttribute.ID.getAttributeName(), "TS-" + uuid);
            incorporateC14nMethod(addElement, str);
        }
        Element addElement2 = DomUtils.addElement(this.documentDom, addElement, getXadesNamespace(), getCurrentXAdESElements().getElementEncapsulatedTimeStamp());
        addElement2.setAttribute(XMLDSigAttribute.ID.getAttributeName(), "ETS-" + uuid);
        DomUtils.setTextNode(this.documentDom, addElement2, base64);
    }

    private void incorporateHashDataInfo(Element element, String str) {
        Element addElement = DomUtils.addElement(this.documentDom, element, getXadesNamespace(), XAdES111Element.HASH_DATA_INFO);
        addElement.setAttribute(XAdES111Attribute.URI.getAttributeName(), '#' + this.xadesSignature.getId());
        DomUtils.addElement(this.documentDom, DomUtils.addElement(this.documentDom, addElement, getXadesNamespace(), XAdES111Element.TRANSFORMS), getXmldsigNamespace(), XMLDSigElement.TRANSFORM).setAttribute(XMLDSigAttribute.ALGORITHM.getAttributeName(), str);
    }

    private void incorporateXAdES122Include(Element element) {
        DomUtils.addElement(this.documentDom, element, getXadesNamespace(), XAdES122Element.INCLUDE).setAttribute(XAdES122Attribute.URI.getAttributeName(), '#' + this.xadesSignature.getSignatureValueId());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void assertDetachedDocumentsContainBinaries() {
        List<DSSDocument> detachedContents = this.params.getDetachedContents();
        if (Utils.isCollectionNotEmpty(detachedContents)) {
            Iterator<DSSDocument> it = detachedContents.iterator();
            while (it.hasNext()) {
                if (it.next() instanceof DigestDocument) {
                    throw new IllegalArgumentException("XAdES-LTA requires complete binaries of signed documents! Extension with a DigestDocument is not possible.");
                }
            }
        }
    }
}
