package eu.europa.esig.dss.xades.signature;

import eu.europa.esig.dss.model.DSSDocument;
import eu.europa.esig.dss.model.DSSException;
import eu.europa.esig.dss.model.Digest;
import eu.europa.esig.dss.model.SignaturePolicyStore;
import eu.europa.esig.dss.spi.DSSUtils;
import eu.europa.esig.dss.spi.exception.IllegalInputException;
import eu.europa.esig.dss.spi.policy.SignaturePolicyValidator;
import eu.europa.esig.dss.spi.signature.AdvancedSignature;
import eu.europa.esig.dss.utils.Utils;
import eu.europa.esig.dss.xades.XAdESSignatureParameters;
import eu.europa.esig.dss.xades.definition.xades141.XAdES141Attribute;
import eu.europa.esig.dss.xades.definition.xades141.XAdES141Element;
import eu.europa.esig.dss.xades.validation.XAdESSignature;
import eu.europa.esig.dss.xades.validation.XAdESSignaturePolicy;
import eu.europa.esig.dss.xades.validation.XMLDocumentAnalyzer;
import eu.europa.esig.dss.xades.validation.policy.XMLSignaturePolicyValidator;
import eu.europa.esig.dss.xml.utils.DomUtils;
import java.util.Iterator;
import java.util.Objects;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Document;
import org.w3c.dom.Element;

/* loaded from: input_file:BOOT-INF/lib/dss-xades-6.1.jar:eu/europa/esig/dss/xades/signature/SignaturePolicyStoreBuilder.class */
public class SignaturePolicyStoreBuilder extends ExtensionBuilder {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) SignaturePolicyStoreBuilder.class);

    public DSSDocument addSignaturePolicyStore(DSSDocument dSSDocument, SignaturePolicyStore signaturePolicyStore) {
        Objects.requireNonNull(dSSDocument, "Signature document must be provided!");
        assertConfigurationValid(signaturePolicyStore);
        boolean z = false;
        Iterator<AdvancedSignature> it = initDocumentValidator(dSSDocument).getSignatures().iterator();
        while (it.hasNext()) {
            z = z || addSignaturePolicyStoreIfDigestMatch((XAdESSignature) it.next(), this.documentDom, signaturePolicyStore);
        }
        if (z) {
            return createXmlDocument();
        }
        throw new IllegalInputException("The process did not find a signature to add SignaturePolicyStore!");
    }

    public DSSDocument addSignaturePolicyStore(DSSDocument dSSDocument, SignaturePolicyStore signaturePolicyStore, String str) {
        Objects.requireNonNull(dSSDocument, "Signature document must be provided!");
        assertConfigurationValid(signaturePolicyStore);
        AdvancedSignature signatureById = initDocumentValidator(dSSDocument).getSignatureById(str);
        if (signatureById == null) {
            throw new IllegalInputException(String.format("Unable to find a signature with Id : %s!", str));
        }
        if (addSignaturePolicyStoreIfDigestMatch((XAdESSignature) signatureById, this.documentDom, signaturePolicyStore)) {
            return createXmlDocument();
        }
        throw new IllegalInputException(String.format("The process was not able to add SignaturePolicyStore to a signature with Id : %s!", str));
    }

    private XMLDocumentAnalyzer initDocumentValidator(DSSDocument dSSDocument) {
        this.params = new XAdESSignatureParameters();
        this.documentAnalyzer = new XMLDocumentAnalyzer(dSSDocument);
        this.documentDom = this.documentAnalyzer.getRootElement();
        return this.documentAnalyzer;
    }

    protected boolean addSignaturePolicyStoreIfDigestMatch(XAdESSignature xAdESSignature, Document document, SignaturePolicyStore signaturePolicyStore) {
        XAdESSignature initializeSignatureBuilder = initializeSignatureBuilder(xAdESSignature);
        ensureUnsignedProperties();
        ensureUnsignedSignatureProperties();
        if (!checkDigest(initializeSignatureBuilder, signaturePolicyStore)) {
            return false;
        }
        Element addElement = DomUtils.addElement(document, this.unsignedSignaturePropertiesDom, getXades141Namespace(), XAdES141Element.SIGNATURE_POLICY_STORE);
        if (signaturePolicyStore.getId() != null) {
            addElement.setAttribute(XAdES141Attribute.ID.getAttributeName(), signaturePolicyStore.getId());
        }
        incorporateSPDocSpecification(addElement, signaturePolicyStore.getSpDocSpecification());
        DSSDocument signaturePolicyContent = signaturePolicyStore.getSignaturePolicyContent();
        if (signaturePolicyContent != null) {
            DomUtils.setTextNode(document, DomUtils.addElement(document, addElement, getXades141Namespace(), XAdES141Element.SIGNATURE_POLICY_DOCUMENT), Utils.toBase64(DSSUtils.toByteArray(signaturePolicyContent)));
        }
        String sigPolDocLocalURI = signaturePolicyStore.getSigPolDocLocalURI();
        if (!Utils.isStringNotEmpty(sigPolDocLocalURI)) {
            return true;
        }
        DomUtils.addTextElement(document, addElement, getXades141Namespace(), XAdES141Element.SIG_POL_DOC_LOCAL_URI, sigPolDocLocalURI);
        return true;
    }

    protected boolean checkDigest(XAdESSignature xAdESSignature, SignaturePolicyStore signaturePolicyStore) {
        String dAIdentifier = xAdESSignature.getDAIdentifier();
        XAdESSignaturePolicy signaturePolicy = xAdESSignature.getSignaturePolicy();
        if (signaturePolicy == null) {
            LOG.warn("No defined SignaturePolicyIdentifier for signature with Id : {}", dAIdentifier);
            return false;
        }
        Digest digest = signaturePolicy.getDigest();
        if (digest == null) {
            LOG.warn("No defined digest for signature with Id : {}", dAIdentifier);
            return false;
        }
        DSSDocument signaturePolicyContent = signaturePolicyStore.getSignaturePolicyContent();
        if (signaturePolicyContent == null) {
            LOG.info("No policy document has been provided. Digests are not checked!");
            return true;
        }
        signaturePolicy.setPolicyContent(signaturePolicyContent);
        try {
            SignaturePolicyValidator loadValidator = this.documentAnalyzer.getSignaturePolicyValidatorLoader().loadValidator(signaturePolicy);
            Digest digestAfterTransforms = loadValidator instanceof XMLSignaturePolicyValidator ? ((XMLSignaturePolicyValidator) loadValidator).getDigestAfterTransforms(signaturePolicyContent, digest.getAlgorithm(), signaturePolicy.getTransforms()) : loadValidator.getComputedDigest(signaturePolicyStore.getSignaturePolicyContent(), digest.getAlgorithm());
            boolean equals = digest.equals(digestAfterTransforms);
            if (!equals) {
                LOG.warn("Signature policy's digest {} doesn't match the digest extracted from document {} for signature with Id : {}", digestAfterTransforms, digest, dAIdentifier);
            }
            return equals;
        } catch (Exception e) {
            throw new DSSException(String.format("Unable to compute digest for a SignaturePolicyStore. Reason : %s", e.getMessage()), e);
        }
    }

    private void assertConfigurationValid(SignaturePolicyStore signaturePolicyStore) {
        Objects.requireNonNull(signaturePolicyStore, "SignaturePolicyStore must be provided");
        Objects.requireNonNull(signaturePolicyStore.getSpDocSpecification(), "SpDocSpecification must be provided");
        Objects.requireNonNull(signaturePolicyStore.getSpDocSpecification().getId(), "ID (OID or URI) for SpDocSpecification must be provided");
        if (!((signaturePolicyStore.getSignaturePolicyContent() != null) ^ (signaturePolicyStore.getSigPolDocLocalURI() != null))) {
            throw new IllegalArgumentException("SignaturePolicyStore shall contain either SignaturePolicyContent document or sigPolDocLocalURI!");
        }
    }
}
