package es.gob.afirma.signers.xades;

import com.lowagie.text.ElementTags;
import es.gob.afirma.core.AOException;
import es.gob.afirma.core.misc.AOUtil;
import es.gob.afirma.core.signers.CounterSignTarget;
import es.gob.afirma.signers.xml.Utils;
import es.gob.afirma.signers.xml.XMLConstants;
import java.io.ByteArrayInputStream;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Date;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.List;
import java.util.Properties;
import java.util.UUID;
import java.util.logging.Logger;
import javax.xml.crypto.dsig.DigestMethod;
import javax.xml.crypto.dsig.XMLSignatureFactory;
import javax.xml.crypto.dsig.spec.DigestMethodParameterSpec;
import javax.xml.crypto.dsig.spec.TransformParameterSpec;
import javax.xml.parsers.DocumentBuilderFactory;
import net.java.xades.security.xml.XAdES.SignaturePolicyIdentifier;
import net.java.xades.security.xml.XAdES.SignatureProductionPlace;
import net.java.xades.security.xml.XAdES.SignerRoleImpl;
import net.java.xades.security.xml.XAdES.XAdES;
import net.java.xades.security.xml.XAdES.XAdESStructure;
import net.java.xades.security.xml.XAdES.XAdES_BES;
import net.java.xades.security.xml.XAdES.XAdES_EPES;
import net.java.xades.security.xml.XAdES.XMLAdvancedSignature;
import org.apache.batik.util.SVGConstants;
import org.w3c.dom.Document;
import org.w3c.dom.DocumentType;
import org.w3c.dom.Element;
import org.w3c.dom.NodeList;

/* loaded from: input_file:es/gob/afirma/signers/xades/XAdESCounterSigner.class */
final class XAdESCounterSigner {
    private static final String CSURI = "http://uri.etsi.org/01903#CountersignedSignature";
    private static final Logger LOGGER = Logger.getLogger("es.gob.afirma");

    /* JADX INFO: Access modifiers changed from: package-private */
    public static byte[] countersign(byte[] bArr, String str, CounterSignTarget counterSignTarget, Object[] objArr, KeyStore.PrivateKeyEntry privateKeyEntry, Properties properties) throws AOException {
        String systemId;
        Properties properties2 = properties != null ? properties : new Properties();
        String property = properties2.getProperty(ElementTags.ENCODING);
        if ("base64".equalsIgnoreCase(property)) {
            property = XMLConstants.BASE64_ENCODING;
        }
        if (bArr == null) {
            throw new IllegalArgumentException("El objeto de firma no puede ser nulo");
        }
        if (XMLConstants.SIGN_ALGOS_URI.get(str) == null) {
            throw new UnsupportedOperationException("Los formatos de firma XML no soportan el algoritmo de firma '" + str + "'");
        }
        DocumentBuilderFactory newInstance = DocumentBuilderFactory.newInstance();
        newInstance.setNamespaceAware(true);
        boolean z = false;
        Hashtable hashtable = new Hashtable();
        try {
            Document parse = newInstance.newDocumentBuilder().parse(new ByteArrayInputStream(bArr));
            if (property == null) {
                property = parse.getXmlEncoding();
            }
            if (property != null && !XMLConstants.BASE64_ENCODING.equals(property)) {
                hashtable.put(ElementTags.ENCODING, property);
            }
            String xmlVersion = parse.getXmlVersion();
            if (xmlVersion != null) {
                hashtable.put(SVGConstants.SVG_VERSION_ATTRIBUTE, xmlVersion);
            }
            DocumentType doctype = parse.getDoctype();
            if (doctype != null && (systemId = doctype.getSystemId()) != null) {
                hashtable.put("doctype-system", systemId);
            }
            Element documentElement = parse.getDocumentElement();
            if (documentElement.getNodeName().equals("ds:Signature")) {
                z = true;
                parse = AOXAdESSigner.insertarNodoAfirma(parse);
                documentElement = parse.getDocumentElement();
            }
            try {
                if (counterSignTarget == CounterSignTarget.TREE) {
                    countersignTree(documentElement, privateKeyEntry, properties2, str, parse);
                } else if (counterSignTarget == CounterSignTarget.LEAFS) {
                    countersignLeafs(documentElement, privateKeyEntry, properties2, str, parse);
                } else if (counterSignTarget == CounterSignTarget.NODES) {
                    countersignNodes(documentElement, objArr, privateKeyEntry, properties2, str, parse);
                } else if (counterSignTarget == CounterSignTarget.SIGNERS) {
                    countersignSigners(documentElement, objArr, privateKeyEntry, properties2, str, parse);
                }
                if (z) {
                    try {
                        Document newDocument = newInstance.newDocumentBuilder().newDocument();
                        newDocument.appendChild(newDocument.adoptNode(parse.getElementsByTagNameNS(XMLConstants.DSIGNNS, "Signature").item(0)));
                        parse = newDocument;
                    } catch (Exception e) {
                        LOGGER.info("No se ha eliminado el nodo padre '<AFIRMA>': " + e);
                    }
                }
                return Utils.writeXML(parse.getDocumentElement(), hashtable, null, null);
            } catch (Exception e2) {
                throw new AOException("Error al generar la contrafirma", e2);
            }
        } catch (Exception e3) {
            throw new AOException("No se ha podido realizar la contrafirma", e3);
        }
    }

    private static void countersignLeafs(Element element, KeyStore.PrivateKeyEntry privateKeyEntry, Properties properties, String str, Document document) throws AOException {
        NodeList elementsByTagNameNS = element.getElementsByTagNameNS(XMLConstants.DSIGNNS, "Signature");
        int length = elementsByTagNameNS.getLength();
        int i = 0;
        while (i < length) {
            try {
                Element element2 = (Element) elementsByTagNameNS.item(i);
                if (element2.getElementsByTagNameNS(XMLConstants.DSIGNNS, "Signature").getLength() == 0) {
                    cs(element2, privateKeyEntry, properties, str, document);
                    length++;
                    i++;
                }
                i++;
            } catch (Exception e) {
                throw new AOException("No se ha podido realizar la contrafirma de hojas", e);
            }
        }
    }

    private static void countersignNodes(Element element, Object[] objArr, KeyStore.PrivateKeyEntry privateKeyEntry, Properties properties, String str, Document document) throws AOException {
        ArrayList arrayList = new ArrayList();
        for (int i = 0; i < objArr.length; i++) {
            if (!arrayList.contains(objArr[i])) {
                arrayList.add((Integer) objArr[i]);
            }
        }
        Object[] array = arrayList.toArray();
        NodeList elementsByTagNameNS = element.getElementsByTagNameNS(XMLConstants.DSIGNNS, "Signature");
        Element[] elementArr = new Element[array.length];
        for (int i2 = 0; i2 < array.length; i2++) {
            try {
                elementArr[i2] = (Element) elementsByTagNameNS.item(((Integer) array[i2]).intValue());
                if (elementArr[i2] == null) {
                    throw new AOException("Posicion de nodo no valida.");
                }
            } catch (ClassCastException e) {
                throw new AOException("Valor de nodo no valido", (Exception) e);
            }
        }
        try {
            for (Element element2 : elementArr) {
                cs(element2, privateKeyEntry, properties, str, document);
            }
        } catch (Exception e2) {
            throw new AOException("No se ha podido realizar la contrafirma de nodos", e2);
        }
    }

    private static void countersignSigners(Element element, Object[] objArr, KeyStore.PrivateKeyEntry privateKeyEntry, Properties properties, String str, Document document) throws AOException {
        NodeList elementsByTagNameNS = element.getElementsByTagNameNS(XMLConstants.DSIGNNS, "Signature");
        List asList = Arrays.asList(objArr);
        ArrayList arrayList = new ArrayList();
        for (int i = 0; i < elementsByTagNameNS.getLength(); i++) {
            Element element2 = (Element) elementsByTagNameNS.item(i);
            if (asList.contains(AOUtil.getCN(Utils.getCertificate(element2.getElementsByTagNameNS(XMLConstants.DSIGNNS, "X509Certificate").item(0))))) {
                arrayList.add(element2);
            }
        }
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            cs((Element) it.next(), privateKeyEntry, properties, str, document);
        }
    }

    private static void countersignTree(Element element, KeyStore.PrivateKeyEntry privateKeyEntry, Properties properties, String str, Document document) throws AOException {
        NodeList elementsByTagNameNS = element.getElementsByTagNameNS(XMLConstants.DSIGNNS, "Signature");
        int length = elementsByTagNameNS.getLength();
        Element[] elementArr = new Element[length];
        for (int i = 0; i < length; i++) {
            elementArr[i] = (Element) elementsByTagNameNS.item(i);
        }
        for (int i2 = 0; i2 < length; i2++) {
            try {
                cs(elementArr[i2], privateKeyEntry, properties, str, document);
            } catch (Exception e) {
                throw new AOException("No se ha podido realizar la contrafirma del arbol", e);
            }
        }
    }

    private static void cs(Element element, KeyStore.PrivateKeyEntry privateKeyEntry, Properties properties, String str, Document document) throws AOException {
        String guessXAdESNamespacePrefix = Utils.guessXAdESNamespacePrefix(element);
        if (document == null) {
            throw new IllegalArgumentException("El documento DOM no puede ser nulo");
        }
        Properties properties2 = properties != null ? properties : new Properties();
        String property = properties2.getProperty("referencesDigestMethod", "http://www.w3.org/2000/09/xmldsig#sha1");
        String property2 = properties2.getProperty("canonicalizationAlgorithm", "http://www.w3.org/TR/2001/REC-xml-c14n-20010315");
        String property3 = properties2.getProperty("xadesNamespace", XMLAdvancedSignature.XADES_v132);
        String property4 = properties2.getProperty("signedPropertiesTypeUrl", "http://uri.etsi.org/01903#SignedProperties");
        Element createElement = document.createElement(String.valueOf(guessXAdESNamespacePrefix) + ":CounterSignature");
        NodeList elementsByTagNameNS = element.getElementsByTagNameNS("*", "UnsignedSignatureProperties");
        Element createElement2 = elementsByTagNameNS.getLength() == 0 ? document.createElement(String.valueOf(guessXAdESNamespacePrefix) + ":UnsignedSignatureProperties") : (Element) elementsByTagNameNS.item(0);
        createElement2.appendChild(createElement);
        NodeList elementsByTagNameNS2 = element.getElementsByTagNameNS("*", "UnsignedProperties");
        Element createElement3 = elementsByTagNameNS2.getLength() == 0 ? document.createElement(String.valueOf(guessXAdESNamespacePrefix) + ":UnsignedProperties") : (Element) elementsByTagNameNS2.item(0);
        createElement3.appendChild(createElement2);
        element.getElementsByTagNameNS("*", "QualifyingProperties").item(0).appendChild(createElement3);
        Element element2 = (Element) element.getElementsByTagNameNS(XMLConstants.DSIGNNS, XMLAdvancedSignature.ELEMENT_SIGNATURE_VALUE).item(0);
        ArrayList arrayList = new ArrayList();
        XMLSignatureFactory xMLSignatureFactory = XMLSignatureFactory.getInstance("DOM");
        try {
            DigestMethod newDigestMethod = xMLSignatureFactory.newDigestMethod(property, (DigestMethodParameterSpec) null);
            String str2 = "Reference-" + UUID.randomUUID().toString();
            try {
                ArrayList arrayList2 = new ArrayList();
                arrayList2.add(xMLSignatureFactory.newTransform(property2, (TransformParameterSpec) null));
                arrayList.add(xMLSignatureFactory.newReference("#" + element2.getAttribute(XAdESStructure.ID_ATTRIBUTE), newDigestMethod, arrayList2, CSURI, str2));
                XAdES_EPES xAdES_EPES = (XAdES_EPES) XAdES.newInstance(XAdES.EPES, property3, guessXAdESNamespacePrefix, "ds", property, createElement);
                xAdES_EPES.setSigningCertificate((X509Certificate) privateKeyEntry.getCertificate());
                SignaturePolicyIdentifier policy = AOXAdESSigner.getPolicy(properties2.getProperty("policyIdentifier"), properties2.getProperty("policyIdentifierHash"), properties2.getProperty("policyIdentifierHashAlgorithm"), properties2.getProperty("policyDescription"), properties2.getProperty("policyQualifier"));
                if (policy != null) {
                    xAdES_EPES.setSignaturePolicyIdentifier(policy);
                }
                SignatureProductionPlace signatureProductionPlace = AOXAdESSigner.getSignatureProductionPlace(properties2.getProperty("signatureProductionCity"), properties2.getProperty("signatureProductionProvince"), properties2.getProperty("signatureProductionPostalCode"), properties2.getProperty("signatureProductionCountry"));
                if (signatureProductionPlace != null) {
                    xAdES_EPES.setSignatureProductionPlace(signatureProductionPlace);
                }
                SignerRoleImpl signerRoleImpl = null;
                try {
                    String property5 = properties2.getProperty("signerClaimedRole");
                    String property6 = properties2.getProperty("signerCertifiedRole");
                    signerRoleImpl = new SignerRoleImpl();
                    if (property5 != null) {
                        signerRoleImpl.addClaimedRole(property5);
                    }
                    if (property6 != null) {
                        signerRoleImpl.addCertifiedRole(property6);
                    }
                } catch (Exception unused) {
                }
                if (signerRoleImpl != null) {
                    xAdES_EPES.setSignerRole(signerRoleImpl);
                }
                if (Boolean.parseBoolean(properties2.getProperty("applySystemDate", Boolean.TRUE.toString()))) {
                    xAdES_EPES.setSigningTime(new Date());
                }
                try {
                    AOXMLAdvancedSignature newInstance = AOXMLAdvancedSignature.newInstance((XAdES_BES) xAdES_EPES);
                    newInstance.setSignedPropertiesTypeUrl(property4);
                    try {
                        newInstance.setDigestMethod(property);
                        newInstance.setCanonicalizationMethod(property2);
                    } catch (Exception e) {
                        LOGGER.severe("No se ha podido establecer el algoritmo de huella digital (" + XMLConstants.SIGN_ALGOS_URI.get(str) + "), es posible que el usado en la firma difiera del indicado: " + e);
                    }
                    try {
                        if (Boolean.parseBoolean(properties2.getProperty("includeOnlySignningCertificate", Boolean.FALSE.toString()))) {
                            newInstance.sign((X509Certificate) privateKeyEntry.getCertificate(), privateKeyEntry.getPrivateKey(), XMLConstants.SIGN_ALGOS_URI.get(str), arrayList, "Signature-" + UUID.randomUUID().toString(), (String) null);
                        } else {
                            newInstance.sign(Arrays.asList((X509Certificate[]) privateKeyEntry.getCertificateChain()), privateKeyEntry.getPrivateKey(), XMLConstants.SIGN_ALGOS_URI.get(str), arrayList, "Signature-" + UUID.randomUUID().toString(), (String) null);
                        }
                    } catch (NoSuchAlgorithmException e2) {
                        throw new UnsupportedOperationException("Los formatos de firma XML no soportan el algoritmo de firma '" + str + "'", e2);
                    } catch (Exception e3) {
                        throw new AOException("No se ha podido realizar la contrafirma", e3);
                    }
                } catch (Exception e4) {
                    throw new AOException("No se ha podido instanciar la firma Avanzada XML JXAdES", e4);
                }
            } catch (Exception e5) {
                throw new AOException("No se ha podido realizar la contrafirma", e5);
            }
        } catch (Exception e6) {
            throw new AOException("No se ha podido obtener un generador de huellas digitales para el algoritmo '" + property + "'", e6);
        }
    }

    private XAdESCounterSigner() {
    }
}
