package nl.clockwork.ebms.signing;

import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.cert.X509Certificate;
import java.util.Iterator;
import java.util.List;
import nl.clockwork.ebms.Constants;
import nl.clockwork.ebms.common.CPAManager;
import nl.clockwork.ebms.common.KeyStoreManager;
import nl.clockwork.ebms.common.util.DOMUtils;
import nl.clockwork.ebms.common.util.SecurityUtils;
import nl.clockwork.ebms.model.CacheablePartyId;
import nl.clockwork.ebms.model.EbMSAttachment;
import nl.clockwork.ebms.model.EbMSMessage;
import nl.clockwork.ebms.processor.EbMSProcessingException;
import nl.clockwork.ebms.processor.EbMSProcessorException;
import nl.clockwork.ebms.util.CPAUtils;
import nl.clockwork.ebms.xml.dsig.EbMSAttachmentResolver;
import org.apache.xml.security.exceptions.XMLSecurityException;
import org.apache.xml.security.signature.XMLSignature;
import org.apache.xml.security.transforms.Transforms;
import org.apache.xml.security.transforms.params.XPathContainer;
import org.oasis_open.committees.ebxml_cppa.schema.cpp_cpa_2_0.DeliveryChannel;
import org.oasis_open.committees.ebxml_msg.schema.msg_header_2_0.AckRequested;
import org.springframework.beans.factory.InitializingBean;
import org.w3c.dom.Document;
import org.w3c.dom.NodeList;

/* loaded from: input_file:nl/clockwork/ebms/signing/EbMSSignatureGenerator.class */
public class EbMSSignatureGenerator implements InitializingBean {
    private CPAManager cpaManager;
    private String canonicalizationMethodAlgorithm = "http://www.w3.org/TR/2001/REC-xml-c14n-20010315";
    private String transformAlgorithm = "http://www.w3.org/TR/2001/REC-xml-c14n-20010315";
    private String keyStorePath;
    private String keyStorePassword;
    private KeyStore keyStore;

    @Override // org.springframework.beans.factory.InitializingBean
    public void afterPropertiesSet() throws Exception {
        this.keyStore = KeyStoreManager.getKeyStore(this.keyStorePath, this.keyStorePassword);
    }

    public void generate(EbMSMessage ebMSMessage) throws EbMSProcessorException {
        try {
            if (this.cpaManager.isNonRepudiationRequired(ebMSMessage.getMessageHeader().getCPAId(), new CacheablePartyId(ebMSMessage.getMessageHeader().getFrom().getPartyId()), ebMSMessage.getMessageHeader().getFrom().getRole(), CPAUtils.toString(ebMSMessage.getMessageHeader().getService()), ebMSMessage.getMessageHeader().getAction())) {
                sign(ebMSMessage);
            }
        } catch (GeneralSecurityException e) {
            throw new EbMSProcessorException(e);
        } catch (XMLSecurityException e2) {
            throw new EbMSProcessingException(e2);
        }
    }

    public void generate(AckRequested ackRequested, EbMSMessage ebMSMessage) throws EbMSProcessorException {
        if (ackRequested != null) {
            try {
                if (ackRequested.isSigned()) {
                    sign(ebMSMessage);
                }
            } catch (GeneralSecurityException e) {
                throw new EbMSProcessorException(e);
            } catch (XMLSecurityException e2) {
                throw new EbMSProcessingException(e2);
            }
        }
    }

    private void sign(EbMSMessage ebMSMessage) throws EbMSProcessorException, GeneralSecurityException, XMLSecurityException {
        DeliveryChannel sendDeliveryChannel = this.cpaManager.getSendDeliveryChannel(ebMSMessage.getMessageHeader().getCPAId(), new CacheablePartyId(ebMSMessage.getMessageHeader().getFrom().getPartyId()), ebMSMessage.getMessageHeader().getFrom().getRole(), CPAUtils.toString(ebMSMessage.getMessageHeader().getService()), ebMSMessage.getMessageHeader().getAction());
        X509Certificate x509Certificate = CPAUtils.getX509Certificate(CPAUtils.getSigningCertificate(sendDeliveryChannel));
        String certificateAlias = this.keyStore.getCertificateAlias(x509Certificate);
        if (certificateAlias == null) {
            throw new EbMSProcessorException("No certificate found with subject \"" + x509Certificate.getSubjectDN().getName() + "\" (" + x509Certificate.getSerialNumber().toString(16) + ") in keystore \"" + this.keyStorePath + "\"");
        }
        sign(this.keyStore, SecurityUtils.getKeyPair(this.keyStore, certificateAlias, this.keyStorePassword), certificateAlias, ebMSMessage.getMessage(), ebMSMessage.getAttachments(), CPAUtils.getSignatureAlgorithm(sendDeliveryChannel), CPAUtils.getHashFunction(sendDeliveryChannel));
    }

    private void sign(KeyStore keyStore, KeyPair keyPair, String str, Document document, List<EbMSAttachment> list, String str2, String str3) throws XMLSecurityException, KeyStoreException {
        XMLSignature xMLSignature = new XMLSignature(document, (String) null, str2, this.canonicalizationMethodAlgorithm);
        DOMUtils.getFirstChildElement(document.getDocumentElement()).appendChild(xMLSignature.getElement());
        xMLSignature.getSignedInfo().addResourceResolver(new EbMSAttachmentResolver(list));
        Transforms transforms = new Transforms(document);
        transforms.addTransform("http://www.w3.org/2000/09/xmldsig#enveloped-signature");
        transforms.addTransform("http://www.w3.org/TR/1999/REC-xpath-19991116", getXPathTransform(document));
        transforms.addTransform(this.transformAlgorithm);
        xMLSignature.addDocument("", transforms, str3);
        Iterator<EbMSAttachment> it = list.iterator();
        while (it.hasNext()) {
            xMLSignature.addDocument(Constants.CID + it.next().getContentId(), null, str3);
        }
        xMLSignature.addKeyInfo(keyPair.getPublic());
        xMLSignature.addKeyInfo((X509Certificate) keyStore.getCertificateChain(str)[0]);
        xMLSignature.sign(keyPair.getPrivate());
    }

    private NodeList getXPathTransform(Document document) throws XMLSecurityException {
        String lookupPrefix = document.lookupPrefix("http://schemas.xmlsoap.org/soap/envelope/");
        String str = lookupPrefix == null ? "" : lookupPrefix + ":";
        XPathContainer xPathContainer = new XPathContainer(document);
        xPathContainer.setXPath("not(ancestor-or-self::node()[@" + str + "actor=\"urn:oasis:names:tc:ebxml-msg:actor:nextMSH\"]|ancestor-or-self::node()[@" + str + "actor=\"" + Constants.NSURI_SOAP_NEXT_ACTOR + "\"])");
        return xPathContainer.getElementPlusReturns();
    }

    public void setCpaManager(CPAManager cPAManager) {
        this.cpaManager = cPAManager;
    }

    public void setCanonicalizationMethodAlgorithm(String str) {
        this.canonicalizationMethodAlgorithm = str;
    }

    public void setTransformAlgorithm(String str) {
        this.transformAlgorithm = str;
    }

    public void setKeyStorePath(String str) {
        this.keyStorePath = str;
    }

    public void setKeyStorePassword(String str) {
        this.keyStorePassword = str;
    }
}
