package org.apache.poi.poifs.crypt.dsig;

import java.io.IOException;
import java.io.OutputStream;
import java.security.GeneralSecurityException;
import java.security.PrivateKey;
import java.security.Provider;
import java.util.ArrayList;
import java.util.Base64;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.NoSuchElementException;
import java.util.Objects;
import java.util.stream.Stream;
import javax.xml.crypto.MarshalException;
import javax.xml.crypto.URIDereferencer;
import javax.xml.crypto.dsig.Manifest;
import javax.xml.crypto.dsig.TransformException;
import javax.xml.crypto.dsig.XMLObject;
import javax.xml.crypto.dsig.XMLSignatureException;
import javax.xml.crypto.dsig.XMLSignatureFactory;
import javax.xml.crypto.dsig.dom.DOMSignContext;
import javax.xml.crypto.dsig.keyinfo.KeyInfo;
import javax.xml.crypto.dsig.keyinfo.KeyInfoFactory;
import javax.xml.crypto.dsig.spec.C14NMethodParameterSpec;
import javax.xml.crypto.dsig.spec.SignatureMethodParameterSpec;
import org.apache.jcp.xml.dsig.internal.dom.DOMReference;
import org.apache.jcp.xml.dsig.internal.dom.DOMSignedInfo;
import org.apache.jcp.xml.dsig.internal.dom.DOMSubTreeData;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.apache.poi.EncryptedDocumentException;
import org.apache.poi.ooxml.POIXMLTypeLoader;
import org.apache.poi.ooxml.util.DocumentHelper;
import org.apache.poi.openxml4j.exceptions.InvalidFormatException;
import org.apache.poi.openxml4j.opc.OPCPackage;
import org.apache.poi.openxml4j.opc.PackagePart;
import org.apache.poi.openxml4j.opc.PackagePartName;
import org.apache.poi.openxml4j.opc.PackageRelationship;
import org.apache.poi.openxml4j.opc.PackageRelationshipCollection;
import org.apache.poi.openxml4j.opc.PackageRelationshipTypes;
import org.apache.poi.openxml4j.opc.PackagingURIHelper;
import org.apache.poi.openxml4j.opc.TargetMode;
import org.apache.poi.poifs.crypt.CryptoFunctions;
import org.apache.poi.poifs.crypt.HashAlgorithm;
import org.apache.poi.poifs.crypt.dsig.facets.SignatureFacet;
import org.apache.poi.poifs.crypt.dsig.services.RelationshipTransformService;
import org.apache.poi.util.NotImplemented;
import org.apache.xml.security.Init;
import org.apache.xml.security.utils.XMLUtils;
import org.apache.xmlbeans.XmlOptions;
import org.w3.x2000.x09.xmldsig.SignatureDocument;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.NodeList;
import org.w3c.dom.events.EventListener;
import org.w3c.dom.events.EventTarget;
import org.w3c.dom.events.MutationEvent;

/* loaded from: input_file:org/apache/poi/poifs/crypt/dsig/SignatureInfo.class */
public class SignatureInfo {
    private static final Logger LOG = LogManager.getLogger((Class<?>) SignatureInfo.class);
    private SignatureConfig signatureConfig;
    private OPCPackage opcPackage;
    private Provider provider;
    private XMLSignatureFactory signatureFactory;
    private KeyInfoFactory keyInfoFactory;
    private URIDereferencer uriDereferencer;

    /* loaded from: input_file:org/apache/poi/poifs/crypt/dsig/SignatureInfo$SignaturePartIterator.class */
    private final class SignaturePartIterator implements Iterator<SignaturePart> {
        Iterator<PackageRelationship> sigOrigRels;
        private Iterator<PackageRelationship> sigRels;
        private PackagePart sigPart;

        private SignaturePartIterator() {
            this.sigOrigRels = SignatureInfo.this.opcPackage.getRelationshipsByType(PackageRelationshipTypes.DIGITAL_SIGNATURE_ORIGIN).iterator();
        }

        @Override // java.util.Iterator
        public boolean hasNext() {
            while (true) {
                if (this.sigRels != null && this.sigRels.hasNext()) {
                    return true;
                }
                if (!this.sigOrigRels.hasNext()) {
                    return false;
                }
                this.sigPart = SignatureInfo.this.opcPackage.getPart(this.sigOrigRels.next());
                SignatureInfo.LOG.atDebug().log("Digital Signature Origin part: {}", this.sigPart);
                try {
                    this.sigRels = this.sigPart.getRelationshipsByType(PackageRelationshipTypes.DIGITAL_SIGNATURE).iterator();
                } catch (InvalidFormatException e) {
                    SignatureInfo.LOG.atWarn().withThrowable(e).log("Reference to signature is invalid.");
                }
            }
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // java.util.Iterator
        public SignaturePart next() {
            PackagePart packagePart = null;
            do {
                try {
                } catch (InvalidFormatException e) {
                    SignatureInfo.LOG.atWarn().withThrowable(e).log("Reference to signature is invalid.");
                }
                if (!hasNext()) {
                    throw new NoSuchElementException();
                    break;
                }
                packagePart = this.sigPart.getRelatedPart(this.sigRels.next());
                SignatureInfo.LOG.atDebug().log("XML Signature part: {}", packagePart);
            } while (packagePart == null);
            return new SignaturePart(packagePart, SignatureInfo.this);
        }

        @Override // java.util.Iterator
        @NotImplemented
        public void remove() {
            throw new UnsupportedOperationException();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/poi/poifs/crypt/dsig/SignatureInfo$XmlProviderInitSingleton.class */
    public static final class XmlProviderInitSingleton {

        /* JADX INFO: Access modifiers changed from: private */
        /* loaded from: input_file:org/apache/poi/poifs/crypt/dsig/SignatureInfo$XmlProviderInitSingleton$SingletonHelper.class */
        public static class SingletonHelper {
            private static final XmlProviderInitSingleton INSTANCE = new XmlProviderInitSingleton();

            private SingletonHelper() {
            }
        }

        public static XmlProviderInitSingleton getInstance() {
            return SingletonHelper.INSTANCE;
        }

        private XmlProviderInitSingleton() {
            try {
                Init.init();
                RelationshipTransformService.registerDsigProvider();
                CryptoFunctions.registerBouncyCastle();
            } catch (Exception e) {
                throw new IllegalStateException("Xml & BouncyCastle-Provider initialization failed", e);
            }
        }

        public Provider findProvider() {
            return (Provider) Stream.of((Object[]) SignatureConfig.getProviderNames()).map(this::getProvider).filter((v0) -> {
                return Objects.nonNull(v0);
            }).findFirst().orElseThrow(this::providerNotFound);
        }

        private Provider getProvider(String str) {
            try {
                return (Provider) Class.forName(str).getDeclaredConstructor(new Class[0]).newInstance(new Object[0]);
            } catch (Exception e) {
                SignatureInfo.LOG.atDebug().log("XMLDsig-Provider '{}' can't be found - trying next.", str);
                return null;
            }
        }

        private RuntimeException providerNotFound() {
            return new IllegalStateException("JRE doesn't support default xml signature provider - set jsr105Provider system property!");
        }
    }

    public SignatureConfig getSignatureConfig() {
        return this.signatureConfig;
    }

    public void setSignatureConfig(SignatureConfig signatureConfig) {
        this.signatureConfig = signatureConfig;
    }

    public void setOpcPackage(OPCPackage oPCPackage) {
        this.opcPackage = oPCPackage;
    }

    public OPCPackage getOpcPackage() {
        return this.opcPackage;
    }

    public URIDereferencer getUriDereferencer() {
        return this.uriDereferencer;
    }

    public void setUriDereferencer(URIDereferencer uRIDereferencer) {
        this.uriDereferencer = uRIDereferencer;
    }

    public boolean verifySignature() {
        initXmlProvider();
        Iterator<SignaturePart> it2 = getSignatureParts().iterator();
        return it2.hasNext() && it2.next().validate();
    }

    public void confirmSignature() throws XMLSignatureException, MarshalException {
        initXmlProvider();
        DOMSignContext createXMLSignContext = createXMLSignContext(DocumentHelper.createDocument());
        postSign(createXMLSignContext, signDigest(createXMLSignContext, preSign(createXMLSignContext)));
    }

    public DOMSignContext createXMLSignContext(Document document) {
        initXmlProvider();
        return new DOMSignContext(this.signatureConfig.getKey(), document);
    }

    public String signDigest(DOMSignContext dOMSignContext, DOMSignedInfo dOMSignedInfo) {
        initXmlProvider();
        PrivateKey key = this.signatureConfig.getKey();
        HashAlgorithm digestAlgo = this.signatureConfig.getDigestAlgo();
        if ((digestAlgo.hashSize * 4) / 3 > 76 && !XMLUtils.ignoreLineBreaks()) {
            throw new EncryptedDocumentException("The hash size of the chosen hash algorithm (" + digestAlgo + " = " + digestAlgo.hashSize + " bytes), will motivate XmlSec to add linebreaks to the generated digest, which results in an invalid signature (... at least for Office) - please persuade it otherwise by adding '-Dorg.apache.xml.security.ignoreLineBreaks=true' to the JVM system properties.");
        }
        try {
            DigestOutputStream digestStream = getDigestStream(digestAlgo, key);
            Throwable th = null;
            try {
                try {
                    digestStream.init();
                    dOMSignedInfo.getCanonicalizationMethod().transform(new DOMSubTreeData(getDsigElement((Document) dOMSignContext.getParent(), "SignedInfo"), true), dOMSignContext, digestStream);
                    String encodeToString = Base64.getEncoder().encodeToString(digestStream.sign());
                    if (digestStream != null) {
                        if (0 != 0) {
                            try {
                                digestStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            digestStream.close();
                        }
                    }
                    return encodeToString;
                } finally {
                }
            } catch (Throwable th3) {
                if (digestStream != null) {
                    if (th != null) {
                        try {
                            digestStream.close();
                        } catch (Throwable th4) {
                            th.addSuppressed(th4);
                        }
                    } else {
                        digestStream.close();
                    }
                }
                throw th3;
            }
        } catch (IOException | GeneralSecurityException | TransformException e) {
            throw new EncryptedDocumentException(e);
        }
    }

    private static DigestOutputStream getDigestStream(HashAlgorithm hashAlgorithm, PrivateKey privateKey) {
        switch (hashAlgorithm) {
            case md2:
            case md5:
            case sha1:
            case sha256:
            case sha384:
            case sha512:
                return new SignatureOutputStream(hashAlgorithm, privateKey);
            default:
                return new DigestOutputStream(hashAlgorithm, privateKey);
        }
    }

    public Iterable<SignaturePart> getSignatureParts() {
        initXmlProvider();
        return () -> {
            return new SignaturePartIterator();
        };
    }

    public DOMSignedInfo preSign(DOMSignContext dOMSignContext) throws XMLSignatureException, MarshalException {
        Document document = (Document) dOMSignContext.getParent();
        registerEventListener(document);
        if (this.uriDereferencer != null) {
            dOMSignContext.setURIDereferencer(this.uriDereferencer);
        }
        Map<String, String> namespacePrefixes = this.signatureConfig.getNamespacePrefixes();
        dOMSignContext.getClass();
        namespacePrefixes.forEach(dOMSignContext::putNamespacePrefix);
        dOMSignContext.setDefaultNamespacePrefix("");
        ArrayList arrayList = new ArrayList();
        ArrayList<XMLObject> arrayList2 = new ArrayList();
        for (SignatureFacet signatureFacet : this.signatureConfig.getSignatureFacets()) {
            LOG.atDebug().log("invoking signature facet: {}", signatureFacet.getClass().getSimpleName());
            signatureFacet.preSign(this, document, arrayList, arrayList2);
        }
        try {
            DOMSignedInfo newSignedInfo = this.signatureFactory.newSignedInfo(this.signatureFactory.newCanonicalizationMethod(this.signatureConfig.getCanonicalizationMethod(), (C14NMethodParameterSpec) null), this.signatureFactory.newSignatureMethod(this.signatureConfig.getSignatureMethodUri(), (SignatureMethodParameterSpec) null), arrayList);
            this.signatureFactory.newXMLSignature(newSignedInfo, (KeyInfo) null, arrayList2, this.signatureConfig.getPackageSignatureId(), this.signatureConfig.getPackageSignatureId() + "-signature-value").sign(dOMSignContext);
            for (XMLObject xMLObject : arrayList2) {
                LOG.atDebug().log("object java type: {}", xMLObject.getClass().getName());
                for (Manifest manifest : xMLObject.getContent()) {
                    LOG.atDebug().log("object content java type: {}", manifest.getClass().getName());
                    if (manifest instanceof Manifest) {
                        for (DOMReference dOMReference : manifest.getReferences()) {
                            if (dOMReference.getDigestValue() == null) {
                                dOMReference.digest(dOMSignContext);
                            }
                        }
                    }
                }
            }
            for (DOMReference dOMReference2 : newSignedInfo.getReferences()) {
                if (dOMReference2.getDigestValue() == null) {
                    dOMReference2.digest(dOMSignContext);
                }
            }
            return newSignedInfo;
        } catch (GeneralSecurityException e) {
            throw new XMLSignatureException(e);
        }
    }

    protected void registerEventListener(Document document) {
        SignatureMarshalListener signatureMarshalListener = this.signatureConfig.getSignatureMarshalListener();
        if (signatureMarshalListener == null) {
            return;
        }
        EventListener[] eventListenerArr = {null};
        EventTarget eventTarget = (EventTarget) document;
        eventListenerArr[0] = event -> {
            if ((event instanceof MutationEvent) && (event.getTarget() instanceof Document)) {
                eventTarget.removeEventListener("DOMSubtreeModified", eventListenerArr[0], false);
                signatureMarshalListener.handleElement(this, document, eventTarget, eventListenerArr[0]);
                eventTarget.addEventListener("DOMSubtreeModified", eventListenerArr[0], false);
            }
        };
        eventTarget.addEventListener("DOMSubtreeModified", eventListenerArr[0], false);
    }

    public void postSign(DOMSignContext dOMSignContext, String str) throws MarshalException {
        LOG.atDebug().log("postSign");
        Document document = (Document) dOMSignContext.getParent();
        String packageSignatureId = this.signatureConfig.getPackageSignatureId();
        if (!packageSignatureId.equals(document.getDocumentElement().getAttribute(PackageRelationship.ID_ATTRIBUTE_NAME))) {
            throw new IllegalStateException("ds:Signature not found for @Id: " + packageSignatureId);
        }
        Element dsigElement = getDsigElement(document, "SignatureValue");
        if (dsigElement == null) {
            throw new IllegalStateException("preSign has to be called before postSign");
        }
        dsigElement.setTextContent(str);
        Iterator<SignatureFacet> it2 = this.signatureConfig.getSignatureFacets().iterator();
        while (it2.hasNext()) {
            it2.next().postSign(this, document);
        }
        writeDocument(document);
    }

    protected void writeDocument(Document document) throws MarshalException {
        XmlOptions xmlOptions = new XmlOptions();
        HashMap hashMap = new HashMap();
        this.signatureConfig.getNamespacePrefixes().forEach((str, str2) -> {
        });
        xmlOptions.setSaveSuggestedPrefixes(hashMap);
        xmlOptions.setUseDefaultNamespace();
        LOG.atDebug().log("output signed Office OpenXML document");
        try {
            DSigRelation dSigRelation = DSigRelation.ORIGIN_SIGS;
            PackagePartName createPartName = PackagingURIHelper.createPartName(dSigRelation.getFileName(0));
            PackagePart part = this.opcPackage.getPart(createPartName);
            if (part == null) {
                part = this.opcPackage.createPart(createPartName, dSigRelation.getContentType());
                this.opcPackage.addRelationship(createPartName, TargetMode.INTERNAL, dSigRelation.getRelation());
            }
            DSigRelation dSigRelation2 = DSigRelation.SIG;
            int unusedPartIndex = this.opcPackage.getUnusedPartIndex(dSigRelation2.getDefaultFileName());
            if (!this.signatureConfig.isAllowMultipleSignatures()) {
                PackageRelationshipCollection relationshipsByType = part.getRelationshipsByType(dSigRelation2.getRelation());
                for (int i = 2; i < unusedPartIndex; i++) {
                    PackagePartName createPartName2 = PackagingURIHelper.createPartName(dSigRelation2.getFileName(i));
                    Iterator<PackageRelationship> it2 = relationshipsByType.iterator();
                    while (true) {
                        if (it2.hasNext()) {
                            PackageRelationship next = it2.next();
                            if (part.getRelatedPart(next).getPartName().equals(createPartName2)) {
                                part.removeRelationship(next.getId());
                                relationshipsByType.removeRelationship(next.getId());
                                break;
                            }
                        }
                    }
                    this.opcPackage.removePart(this.opcPackage.getPart(createPartName2));
                }
                unusedPartIndex = 1;
            }
            PackagePartName createPartName3 = PackagingURIHelper.createPartName(dSigRelation2.getFileName(unusedPartIndex));
            PackagePart part2 = this.opcPackage.getPart(createPartName3);
            if (part2 == null) {
                part2 = this.opcPackage.createPart(createPartName3, dSigRelation2.getContentType());
                part.addRelationship(createPartName3, TargetMode.INTERNAL, dSigRelation2.getRelation());
            } else {
                part2.clear();
            }
            OutputStream outputStream = part2.getOutputStream();
            Throwable th = null;
            try {
                try {
                    SignatureDocument.Factory.parse(document, POIXMLTypeLoader.DEFAULT_XML_OPTIONS).save(outputStream, xmlOptions);
                    if (outputStream != null) {
                        if (0 != 0) {
                            try {
                                outputStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            outputStream.close();
                        }
                    }
                } finally {
                }
            } finally {
            }
        } catch (Exception e) {
            throw new MarshalException("Unable to write signature document", e);
        }
    }

    private Element getDsigElement(Document document, String str) {
        NodeList elementsByTagNameNS = document.getElementsByTagNameNS(SignatureFacet.XML_DIGSIG_NS, str);
        if (elementsByTagNameNS.getLength() == 1) {
            return (Element) elementsByTagNameNS.item(0);
        }
        LOG.atWarn().log("Signature element '{}' was {}", str, elementsByTagNameNS.getLength() == 0 ? "not found" : "multiple times");
        return null;
    }

    public void setProvider(Provider provider) {
        this.provider = provider;
    }

    public void setSignatureFactory(XMLSignatureFactory xMLSignatureFactory) {
        this.signatureFactory = xMLSignatureFactory;
    }

    public XMLSignatureFactory getSignatureFactory() {
        return this.signatureFactory;
    }

    public void setKeyInfoFactory(KeyInfoFactory keyInfoFactory) {
        this.keyInfoFactory = keyInfoFactory;
    }

    public KeyInfoFactory getKeyInfoFactory() {
        return this.keyInfoFactory;
    }

    protected void initXmlProvider() {
        if (this.provider == null) {
            this.provider = XmlProviderInitSingleton.getInstance().findProvider();
        }
        if (this.signatureFactory == null) {
            this.signatureFactory = XMLSignatureFactory.getInstance("DOM", this.provider);
        }
        if (this.keyInfoFactory == null) {
            this.keyInfoFactory = KeyInfoFactory.getInstance("DOM", this.provider);
        }
        if (this.uriDereferencer == null) {
            this.uriDereferencer = new OOXMLURIDereferencer();
        }
        if (this.uriDereferencer instanceof OOXMLURIDereferencer) {
            ((OOXMLURIDereferencer) this.uriDereferencer).setSignatureInfo(this);
        }
    }
}
