package eu.europa.esig.dss.xades.evidencerecord;

import eu.europa.esig.dss.enumerations.DigestAlgorithm;
import eu.europa.esig.dss.model.DSSDocument;
import eu.europa.esig.dss.model.DSSException;
import eu.europa.esig.dss.model.DSSMessageDigest;
import eu.europa.esig.dss.model.Digest;
import eu.europa.esig.dss.model.identifier.IdentifierBasedObject;
import eu.europa.esig.dss.spi.DSSMessageDigestCalculator;
import eu.europa.esig.dss.spi.DSSUtils;
import eu.europa.esig.dss.spi.exception.IllegalInputException;
import eu.europa.esig.dss.spi.signature.AdvancedSignature;
import eu.europa.esig.dss.spi.validation.evidencerecord.AbstractSignatureEvidenceRecordDigestBuilder;
import eu.europa.esig.dss.spi.validation.evidencerecord.ByteArrayComparator;
import eu.europa.esig.dss.utils.Utils;
import eu.europa.esig.dss.xades.DSSXMLUtils;
import eu.europa.esig.dss.xades.definition.XAdESPath;
import eu.europa.esig.dss.xades.definition.xadesen.XAdESEvidencerecordNamespaceElement;
import eu.europa.esig.dss.xades.reference.ReferenceOutputType;
import eu.europa.esig.dss.xades.validation.XAdESAttribute;
import eu.europa.esig.dss.xades.validation.XAdESSignature;
import eu.europa.esig.dss.xades.validation.XAdESUnsignedSigProperties;
import eu.europa.esig.dss.xades.validation.XMLDocumentAnalyzer;
import eu.europa.esig.dss.xml.common.definition.xmldsig.XMLDSigElement;
import eu.europa.esig.dss.xml.common.definition.xmldsig.XMLDSigPath;
import eu.europa.esig.dss.xml.utils.DomUtils;
import eu.europa.esig.dss.xml.utils.XMLCanonicalizer;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.stream.Collectors;
import org.apache.xml.security.exceptions.XMLSecurityException;
import org.apache.xml.security.signature.Reference;
import org.apache.xml.security.signature.ReferenceNotInitializedException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;

/* loaded from: input_file:BOOT-INF/lib/dss-xades-6.1.jar:eu/europa/esig/dss/xades/evidencerecord/XAdESEvidenceRecordDigestBuilder.class */
public class XAdESEvidenceRecordDigestBuilder extends AbstractSignatureEvidenceRecordDigestBuilder {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) XAdESEvidenceRecordDigestBuilder.class);
    private List<DSSDocument> detachedContent;
    private String signatureId;

    public XAdESEvidenceRecordDigestBuilder(DSSDocument dSSDocument) {
        super(dSSDocument);
    }

    public XAdESEvidenceRecordDigestBuilder(DSSDocument dSSDocument, DigestAlgorithm digestAlgorithm) {
        super(dSSDocument, digestAlgorithm);
    }

    public XAdESEvidenceRecordDigestBuilder setDetachedContent(List<DSSDocument> list) {
        this.detachedContent = list;
        return this;
    }

    public XAdESEvidenceRecordDigestBuilder setSignatureId(String str) {
        this.signatureId = str;
        return this;
    }

    @Override // eu.europa.esig.dss.spi.validation.evidencerecord.AbstractSignatureEvidenceRecordDigestBuilder
    public XAdESEvidenceRecordDigestBuilder setParallelEvidenceRecord(boolean z) {
        return (XAdESEvidenceRecordDigestBuilder) super.setParallelEvidenceRecord(z);
    }

    @Override // eu.europa.esig.dss.spi.validation.evidencerecord.SignatureEvidenceRecordDigestBuilder
    public Digest build() {
        IdentifierBasedObject identifierBasedObject;
        XMLDocumentAnalyzer xMLDocumentAnalyzer = new XMLDocumentAnalyzer(this.signatureDocument);
        xMLDocumentAnalyzer.setDetachedContents(this.detachedContent);
        List<AdvancedSignature> signatures = xMLDocumentAnalyzer.getSignatures();
        if (Utils.collectionSize(signatures) == 0) {
            throw new IllegalInputException("The provided document does not contain any signature! Unable to compute message-imprint for an integrated evidence-record.");
        }
        if (Utils.isStringNotEmpty(this.signatureId)) {
            identifierBasedObject = xMLDocumentAnalyzer.getSignatureById(this.signatureId);
            if (identifierBasedObject == null) {
                throw new IllegalArgumentException(String.format("No signature with Id '%s' found in the document!", this.signatureId));
            }
        } else {
            if (Utils.collectionSize(signatures) > 1) {
                throw new IllegalInputException("The provided document contains multiple signatures! Please use #setSignatureId method in order to provide the identifier.");
            }
            identifierBasedObject = (AdvancedSignature) signatures.get(0);
        }
        return getXmlSignatureMessageImprint((XAdESSignature) identifierBasedObject);
    }

    protected DSSMessageDigest getXmlSignatureMessageImprint(XAdESSignature xAdESSignature) {
        try {
            ArrayList arrayList = new ArrayList();
            if (LOG.isTraceEnabled()) {
                LOG.trace("Step 1): Processing ds:Reference's within ds:SignedInfo");
            }
            String canonicalizationAlgorithm = getCanonicalizationAlgorithm(xAdESSignature);
            Iterator<Reference> it = xAdESSignature.getReferences().iterator();
            while (it.hasNext()) {
                arrayList.add(getReferenceBytes(it.next(), canonicalizationAlgorithm));
            }
            if (LOG.isTraceEnabled()) {
                LOG.trace("Step 2): Canonicalization of ds:SignedInfo, ds:SignatureValue, ds:KeyInfo element");
            }
            arrayList.add(getCanonicalizedValue(xAdESSignature, XMLDSigPath.SIGNED_INFO_PATH, canonicalizationAlgorithm));
            arrayList.add(getCanonicalizedValue(xAdESSignature, XMLDSigPath.SIGNATURE_VALUE_PATH, canonicalizationAlgorithm));
            arrayList.add(getCanonicalizedValue(xAdESSignature, XMLDSigPath.KEY_INFO_PATH, canonicalizationAlgorithm));
            if (LOG.isTraceEnabled()) {
                LOG.trace("Step 3): Processing of unsigned qualifying properties");
            }
            XAdESUnsignedSigProperties unsignedSignatureProperties = getUnsignedSignatureProperties(xAdESSignature);
            if (unsignedSignatureProperties != null) {
                Iterator<XAdESAttribute> it2 = unsignedSignatureProperties.getAttributes().iterator();
                while (it2.hasNext()) {
                    arrayList.add(getCanonicalizedValue(it2.next().getElement(), canonicalizationAlgorithm));
                }
            }
            if (LOG.isTraceEnabled()) {
                LOG.trace("Step 5): Processing of ds:Object's");
            }
            for (Node node : getObjects(xAdESSignature)) {
                if (!containsQualifyingProperties(node, xAdESSignature.getXAdESPaths())) {
                    arrayList.add(getCanonicalizedValue(node, canonicalizationAlgorithm));
                }
            }
            if (LOG.isTraceEnabled()) {
                LOG.trace("Step 6): Processing of ds:Manifest's");
            }
            for (Reference reference : xAdESSignature.getReferences()) {
                if (reference.typeIsReferenceToManifest()) {
                    arrayList.addAll(getManifestDataObjects(xAdESSignature, reference, canonicalizationAlgorithm));
                }
            }
            DSSMessageDigest computeDigestValueGroupHash = computeDigestValueGroupHash(arrayList);
            if (LOG.isTraceEnabled()) {
                LOG.trace(String.format("Evidence-record signature data group digest: %s", computeDigestValueGroupHash));
            }
            return computeDigestValueGroupHash;
        } catch (XMLSecurityException e) {
            throw new DSSException(String.format("Unable to compute message-imprint for an evidence-record. Reason : %s", e.getMessage()), e);
        }
    }

    protected String getCanonicalizationAlgorithm(XAdESSignature xAdESSignature) {
        Element signedInfo = xAdESSignature.getSignedInfo();
        if (signedInfo == null) {
            throw new IllegalStateException("ds:SignedInfo element shall be defined within a signature!");
        }
        String value = DomUtils.getValue(signedInfo, XMLDSigPath.CANONICALIZATION_ALGORITHM_PATH);
        if (Utils.isStringEmpty(value)) {
            LOG.warn("No canonicalization method found within ds:SignedInfo element. Re-use the default canonicalization algorithm 'http://www.w3.org/TR/2001/REC-xml-c14n-20010315'");
            value = "http://www.w3.org/TR/2001/REC-xml-c14n-20010315";
        }
        return value;
    }

    private byte[] getReferenceBytes(Reference reference, String str) throws XMLSecurityException {
        try {
            byte[] referencedBytes = reference.getReferencedBytes();
            if (isResultXmlNodeSet(reference, referencedBytes)) {
                referencedBytes = XMLCanonicalizer.createInstance(str).canonicalize(referencedBytes);
            }
            if (LOG.isTraceEnabled()) {
                LOG.trace("ReferencedBytes : {}", new String(referencedBytes));
            }
            return referencedBytes;
        } catch (ReferenceNotInitializedException e) {
            throw new DSSException(String.format("An error occurred on ds:Reference processing. In case of detached signature, please use #setDetachedContent method to provide original documents. More information : %s", e.getMessage()), e);
        }
    }

    private byte[] getCanonicalizedValue(XAdESSignature xAdESSignature, String str, String str2) {
        return getCanonicalizedValue(DomUtils.getElement(xAdESSignature.getSignatureElement(), str), str2);
    }

    private byte[] getCanonicalizedValue(Node node, String str) {
        if (node == null) {
            return null;
        }
        byte[] canonicalize = XMLCanonicalizer.createInstance(str).canonicalize(node);
        if (LOG.isTraceEnabled()) {
            LOG.trace("Canonicalized subtree string : \n{}", new String(canonicalize));
        }
        return canonicalize;
    }

    private XAdESUnsignedSigProperties getUnsignedSignatureProperties(XAdESSignature xAdESSignature) {
        NodeList childNodes;
        Node lastSealingEvidenceRecordNode;
        Element element = DomUtils.getElement(xAdESSignature.getSignatureElement(), xAdESSignature.getXAdESPaths().getUnsignedSignaturePropertiesPath());
        if (element == null) {
            if (!LOG.isDebugEnabled()) {
                return null;
            }
            LOG.debug("No xades:UnsignedSignatureProperties is present to compute the message-imprint for an evidence-record");
            return null;
        }
        if (this.parallelEvidenceRecord && (lastSealingEvidenceRecordNode = getLastSealingEvidenceRecordNode((childNodes = element.getChildNodes()))) != null) {
            boolean z = false;
            for (int i = 0; i < childNodes.getLength(); i++) {
                Node item = childNodes.item(i);
                if (z || lastSealingEvidenceRecordNode == item) {
                    element.removeChild(item);
                    z = true;
                }
            }
        }
        return new XAdESUnsignedSigProperties(element, xAdESSignature.getXAdESPaths());
    }

    private Node getLastSealingEvidenceRecordNode(NodeList nodeList) {
        for (int length = nodeList.getLength() - 1; length >= 0; length--) {
            Node item = nodeList.item(length);
            if (XAdESEvidencerecordNamespaceElement.SEALING_EVIDENCE_RECORDS.isSameTagName(item.getLocalName())) {
                return item;
            }
        }
        return null;
    }

    private List<Node> getObjects(XAdESSignature xAdESSignature) {
        NodeList objects = xAdESSignature.getObjects();
        if (objects == null || objects.getLength() <= 0) {
            return Collections.emptyList();
        }
        ArrayList arrayList = new ArrayList();
        for (int i = 0; i < objects.getLength(); i++) {
            arrayList.add(objects.item(i));
        }
        return arrayList;
    }

    private boolean containsQualifyingProperties(Node node, XAdESPath xAdESPath) {
        return DomUtils.getNode(node, xAdESPath.getCurrentQualifyingPropertiesPath()) != null;
    }

    private List<byte[]> getManifestDataObjects(XAdESSignature xAdESSignature, Reference reference, String str) throws XMLSecurityException {
        ArrayList arrayList = new ArrayList();
        getManifestDataObjectsRecursively(xAdESSignature, reference, str, arrayList);
        return arrayList;
    }

    private void getManifestDataObjectsRecursively(XAdESSignature xAdESSignature, Reference reference, String str, List<byte[]> list) throws XMLSecurityException {
        for (Reference reference2 : getManifestReferences(xAdESSignature, reference)) {
            byte[] referenceBytes = getReferenceBytes(reference2, str);
            if (isResultXmlNodeSet(reference2, referenceBytes) && isResultManifestElement(referenceBytes)) {
                getManifestDataObjectsRecursively(xAdESSignature, reference, str, list);
            } else {
                list.add(referenceBytes);
            }
        }
    }

    private List<Reference> getManifestReferences(XAdESSignature xAdESSignature, Reference reference) throws XMLSecurityException {
        return DSSXMLUtils.extractReferences(DSSXMLUtils.initManifestWithDetachedContent(DSSXMLUtils.getManifestById(xAdESSignature.getSignatureElement(), reference.getURI()), this.detachedContent));
    }

    private boolean isResultXmlNodeSet(Reference reference, byte[] bArr) throws XMLSecurityException {
        return ReferenceOutputType.NODE_SET.equals(DSSXMLUtils.getReferenceOutputType(reference)) && DomUtils.isDOM(bArr);
    }

    private boolean isResultManifestElement(byte[] bArr) {
        Element documentElement = DomUtils.buildDOM(bArr).getDocumentElement();
        return XMLDSigElement.MANIFEST.isSameTagName(documentElement.getLocalName()) && XMLDSigElement.MANIFEST.getURI().equals(documentElement.getNamespaceURI());
    }

    private DSSMessageDigest computeDigestValueGroupHash(List<byte[]> list) {
        List list2 = (List) list.stream().map(bArr -> {
            return DSSUtils.digest(this.digestAlgorithm, bArr);
        }).collect(Collectors.toList());
        if (LOG.isTraceEnabled()) {
            LOG.trace("1. Digest Value Group:");
            list2.forEach(bArr2 -> {
                LOG.trace(Utils.toHex(bArr2));
            });
        }
        if (Utils.collectionSize(list2) == 1) {
            if (LOG.isTraceEnabled()) {
                LOG.trace("2a. Only one data object: {}", list2.get(0));
            }
            return new DSSMessageDigest(this.digestAlgorithm, (byte[]) list2.get(0));
        }
        list2.sort(ByteArrayComparator.getInstance());
        if (LOG.isTraceEnabled()) {
            LOG.trace("2b. Sorted Digest Value Group:");
            list2.forEach(bArr3 -> {
                LOG.trace(Utils.toHex(bArr3));
            });
        }
        DSSMessageDigestCalculator dSSMessageDigestCalculator = new DSSMessageDigestCalculator(this.digestAlgorithm);
        Iterator it = list2.iterator();
        while (it.hasNext()) {
            dSSMessageDigestCalculator.update((byte[]) it.next());
        }
        DSSMessageDigest messageDigest = dSSMessageDigestCalculator.getMessageDigest();
        if (LOG.isTraceEnabled()) {
            LOG.trace("4. Message-digest of concatenated string: {}", messageDigest.getHexValue());
        }
        return messageDigest;
    }
}
