package es.gob.afirma.signers.xades;

import es.gob.afirma.core.AOException;
import es.gob.afirma.core.AOUnsupportedSignFormatException;
import es.gob.afirma.core.misc.MimeHelper;
import es.gob.afirma.signers.cades.CAdESExtraParams;
import es.gob.afirma.signers.xml.Utils;
import es.gob.afirma.signers.xml.XMLConstants;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.net.URI;
import java.security.InvalidAlgorithmParameterException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.UUID;
import javax.xml.crypto.dom.DOMStructure;
import javax.xml.crypto.dsig.DigestMethod;
import javax.xml.crypto.dsig.Transform;
import javax.xml.crypto.dsig.XMLObject;
import javax.xml.crypto.dsig.XMLSignatureFactory;
import javax.xml.crypto.dsig.spec.DigestMethodParameterSpec;
import javax.xml.crypto.dsig.spec.TransformParameterSpec;
import javax.xml.parsers.DocumentBuilderFactory;
import net.java.xades.security.xml.XAdES.DataObjectFormatImpl;
import net.java.xades.security.xml.XAdES.ObjectIdentifierImpl;
import net.java.xades.security.xml.XAdES.XAdES;
import net.java.xades.security.xml.XAdES.XAdES_EPES;
import net.java.xades.security.xml.XAdES.XMLAdvancedSignature;
import nu.xom.canonical.Canonicalizer;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.NamedNodeMap;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;

/* loaded from: input_file:es/gob/afirma/signers/xades/XAdESCoSigner.class */
public final class XAdESCoSigner {
    private static final String ID_IDENTIFIER = "Id";

    private XAdESCoSigner() {
    }

    public static byte[] cosign(byte[] bArr, String str, PrivateKey privateKey, Certificate[] certificateArr, Properties properties) throws AOException {
        Node namedItem;
        String str2 = XMLConstants.SIGN_ALGOS_URI.get(str);
        if (str2 == null) {
            throw new UnsupportedOperationException("Los formatos de firma XML no soportan el algoritmo de firma '" + str + "'");
        }
        Properties properties2 = properties != null ? properties : new Properties();
        String property = properties2.getProperty("referencesDigestMethod", "http://www.w3.org/2001/04/xmlenc#sha512");
        String property2 = properties2.getProperty("canonicalizationAlgorithm", Canonicalizer.CANONICAL_XML);
        String property3 = properties2.getProperty("xadesNamespace", XMLAdvancedSignature.XADES_v132);
        String property4 = properties2.getProperty("signedPropertiesTypeUrl", "http://uri.etsi.org/01903#SignedProperties");
        boolean parseBoolean = Boolean.parseBoolean(properties2.getProperty("addKeyInfoKeyValue", Boolean.TRUE.toString()));
        boolean parseBoolean2 = Boolean.parseBoolean(properties2.getProperty(XAdESExtraParams.ADD_KEY_INFO_KEY_NAME, Boolean.FALSE.toString()));
        boolean parseBoolean3 = Boolean.parseBoolean(properties2.getProperty(XAdESExtraParams.ADD_KEY_INFO_X509_ISSUER_SERIAL, Boolean.FALSE.toString()));
        boolean parseBoolean4 = Boolean.parseBoolean(properties2.getProperty(XAdESExtraParams.USE_MANIFEST, Boolean.FALSE.toString()));
        boolean parseBoolean5 = Boolean.parseBoolean(properties2.getProperty("keepKeyInfoUnsigned", Boolean.FALSE.toString()));
        String property5 = properties2.getProperty("outputXmlEncoding");
        String property6 = properties2.getProperty("mimeType");
        String property7 = properties2.getProperty("encoding");
        if ("base64".equalsIgnoreCase(property7)) {
            property7 = XMLConstants.BASE64_ENCODING;
        }
        if (property7 != null && !property7.isEmpty()) {
            try {
                new URI(property7);
            } catch (Exception e) {
                throw new AOException("La codificacion indicada en 'encoding' debe ser una URI: " + e, e);
            }
        }
        String property8 = properties2.getProperty(CAdESExtraParams.CONTENT_TYPE_OID);
        ObjectIdentifierImpl objectIdentifierImpl = null;
        DocumentBuilderFactory newInstance = DocumentBuilderFactory.newInstance();
        newInstance.setNamespaceAware(true);
        try {
            Document parse = newInstance.newDocumentBuilder().parse(new ByteArrayInputStream(bArr));
            Element documentElement = parse.getDocumentElement();
            if (documentElement.getNodeName().equals("ds:Signature")) {
                parse = AOXAdESSigner.insertarNodoAfirma(parse);
                documentElement = parse.getDocumentElement();
            }
            Map<String, String> originalXMLProperties = XAdESUtil.getOriginalXMLProperties(parse, property5);
            XMLSignatureFactory dOMFactory = Utils.getDOMFactory();
            try {
                DigestMethod newDigestMethod = dOMFactory.newDigestMethod(property, (DigestMethodParameterSpec) null);
                XMLObject xMLObject = null;
                boolean z = false;
                ArrayList arrayList = new ArrayList();
                NodeList elementsByTagNameNS = ((Element) parse.getElementsByTagNameNS(XMLConstants.DSIGNNS, "Signature").item(0)).getElementsByTagNameNS(XMLConstants.DSIGNNS, "Reference");
                String str3 = null;
                for (int i = 0; i < elementsByTagNameNS.getLength(); i++) {
                    Node item = elementsByTagNameNS.item(i);
                    NamedNodeMap attributes = item.getAttributes();
                    if (i == 0 || (attributes.getNamedItem("Id") != null && attributes.getNamedItem("Id").getNodeValue().startsWith("StyleReference-"))) {
                        try {
                            List<Transform> objectReferenceTransforms = Utils.getObjectReferenceTransforms(item, "ds");
                            str3 = (attributes.getNamedItem("Id") == null || !attributes.getNamedItem("Id").getNodeValue().startsWith("StyleReference-")) ? "Reference-" + UUID.randomUUID().toString() : "StyleReference-" + UUID.randomUUID().toString();
                            String attribute = ((Element) item).getAttribute("URI");
                            if (!"".equals(attribute)) {
                                String substring = attribute.substring(attribute.startsWith("#") ? 1 : 0);
                                Element element = null;
                                Element documentElement2 = parse.getDocumentElement();
                                Node namedItem2 = documentElement2.getAttributes() != null ? documentElement2.getAttributes().getNamedItem("Id") : null;
                                if (namedItem2 == null || !substring.equals(namedItem2.getNodeValue())) {
                                    NodeList childNodes = documentElement2.getChildNodes();
                                    int length = childNodes.getLength() - 1;
                                    while (true) {
                                        if (length < 0) {
                                            break;
                                        }
                                        Node namedItem3 = childNodes.item(length).getAttributes() != null ? childNodes.item(length).getAttributes().getNamedItem("Id") : null;
                                        if (namedItem3 != null && substring.equals(namedItem3.getNodeValue())) {
                                            element = (Element) childNodes.item(length);
                                            break;
                                        }
                                        if ("Signature".equals(childNodes.item(length).getLocalName())) {
                                            NodeList childNodes2 = childNodes.item(length).getChildNodes();
                                            int length2 = childNodes2.getLength() - 1;
                                            while (true) {
                                                if (length2 < 0) {
                                                    break;
                                                }
                                                Node namedItem4 = childNodes2.item(length2).getAttributes() != null ? childNodes2.item(length2).getAttributes().getNamedItem("Id") : null;
                                                if (namedItem4 != null && substring.equals(namedItem4.getNodeValue())) {
                                                    element = (Element) childNodes2.item(length2);
                                                    break;
                                                }
                                                length2--;
                                            }
                                            if (element != null) {
                                                break;
                                            }
                                        }
                                        length--;
                                    }
                                } else {
                                    element = documentElement2;
                                }
                                if (element != null) {
                                    if (property6 == null) {
                                        property6 = element.getAttribute("MimeType");
                                    }
                                    if (property7 == null) {
                                        property7 = element.getAttribute("Encoding");
                                    }
                                }
                                NodeList childNodes3 = parse.getElementsByTagNameNS(XMLConstants.DSIGNNS, "Signature").item(0).getChildNodes();
                                for (int i2 = 0; i2 < childNodes3.getLength(); i2++) {
                                    NamedNodeMap attributes2 = childNodes3.item(i2).getAttributes();
                                    if (attributes2 != null && (namedItem = attributes2.getNamedItem("Id")) != null && substring.equals(namedItem.getNodeValue())) {
                                        z = true;
                                    }
                                }
                                if (!z || element == null) {
                                    arrayList.add(dOMFactory.newReference(((Element) item).getAttribute("URI"), newDigestMethod, objectReferenceTransforms, XMLConstants.OBJURI, str3));
                                } else {
                                    ArrayList arrayList2 = new ArrayList(1);
                                    arrayList2.add(new DOMStructure(element.getFirstChild().cloneNode(true)));
                                    String str4 = "Object-" + UUID.randomUUID().toString();
                                    xMLObject = dOMFactory.newXMLObject(arrayList2, str4, property6, property7);
                                    arrayList.add(dOMFactory.newReference("#" + str4, newDigestMethod, objectReferenceTransforms, XMLConstants.OBJURI, str3));
                                }
                            } else {
                                if (parseBoolean4) {
                                    throw new AOUnsupportedSignFormatException("El formato Enveloped es incompatible con el uso de estructuras Manifest");
                                }
                                if (property6 == null) {
                                    property6 = "text/xml";
                                }
                                arrayList.add(dOMFactory.newReference(attribute, newDigestMethod, objectReferenceTransforms, XMLConstants.OBJURI, str3));
                            }
                            if (property8 == null && property6 != null) {
                                try {
                                    property8 = MimeHelper.transformMimeTypeToOid(property6);
                                } catch (IOException e2) {
                                    AOXAdESSigner.LOGGER.warning("Error en la obtencion del OID del tipo de datos a partir del MimeType: " + e2);
                                }
                            }
                            if (property8 != null) {
                                objectIdentifierImpl = new ObjectIdentifierImpl("OIDAsURN", (property8.startsWith("urn:oid:") ? "" : "urn:oid:") + property8, null, new ArrayList(0));
                            }
                        } catch (InvalidAlgorithmParameterException e3) {
                            throw new AOException("Se han especificado parametros erroneos para una transformacion personalizada", e3);
                        } catch (NoSuchAlgorithmException e4) {
                            throw new AOException("Se ha declarado una transformacion personalizada de un tipo no soportado", e4);
                        }
                    }
                }
                XAdES_EPES xAdES_EPES = (XAdES_EPES) XAdES.newInstance(XAdES.EPES, property3, "xades", "ds", property, documentElement.getOwnerDocument(), documentElement);
                xAdES_EPES.setSigningCertificate((X509Certificate) certificateArr[0]);
                XAdESCommonMetadataUtil.addCommonMetadata(xAdES_EPES, properties2);
                if (objectIdentifierImpl != null || property6 != null || property7 != null) {
                    ArrayList arrayList3 = new ArrayList();
                    arrayList3.add(new DataObjectFormatImpl(null, objectIdentifierImpl, property6, property7, "#" + str3));
                    xAdES_EPES.setDataObjectFormats(arrayList3);
                }
                AOXMLAdvancedSignature xmlAdvancedSignature = XAdESUtil.getXmlAdvancedSignature(xAdES_EPES, property4, property, property2);
                if (z) {
                    xmlAdvancedSignature.addXMLObject(xMLObject);
                }
                if (parseBoolean4) {
                    try {
                        XAdESUtil.createManifest(arrayList, dOMFactory, xmlAdvancedSignature, newDigestMethod, dOMFactory.newTransform(property2, (TransformParameterSpec) null), str3);
                    } catch (Exception e5) {
                        throw new AOException("Error creando el algoritmo de canonicalizacion para el MANIFEST: " + e5, e5);
                    }
                }
                try {
                    if (Boolean.parseBoolean(properties2.getProperty(CAdESExtraParams.INCLUDE_ONLY_SIGNNING_CERTIFICATE, Boolean.FALSE.toString()))) {
                        xmlAdvancedSignature.sign((X509Certificate) certificateArr[0], privateKey, str2, arrayList, "Signature-" + UUID.randomUUID().toString());
                    } else {
                        xmlAdvancedSignature.sign(Arrays.asList(certificateArr), privateKey, str2, arrayList, "Signature-" + UUID.randomUUID().toString(), parseBoolean, parseBoolean2, parseBoolean3, parseBoolean5);
                    }
                    return Utils.writeXML(documentElement, originalXMLProperties, null, null);
                } catch (NoSuchAlgorithmException e6) {
                    throw new UnsupportedOperationException("No se soporta el algoritmo de firma '" + str + "': " + e6, e6);
                } catch (Exception e7) {
                    throw new AOException("Error al generar la cofirma", e7);
                }
            } catch (Exception e8) {
                throw new AOException("No se ha podido obtener un generador de huellas digitales para el algoritmo '" + property + "'", e8);
            }
        } catch (Exception e9) {
            throw new AOException("No se ha podido leer el documento XML de firmas", e9);
        }
    }
}
