package eu.europa.esig.dss.xades.signature;

import eu.europa.esig.dss.enumerations.CommitmentType;
import eu.europa.esig.dss.enumerations.DigestAlgorithm;
import eu.europa.esig.dss.enumerations.ObjectIdentifier;
import eu.europa.esig.dss.enumerations.ObjectIdentifierQualifier;
import eu.europa.esig.dss.enumerations.SignatureAlgorithm;
import eu.europa.esig.dss.enumerations.SignaturePackaging;
import eu.europa.esig.dss.enumerations.TimestampType;
import eu.europa.esig.dss.exception.IllegalInputException;
import eu.europa.esig.dss.model.CommitmentQualifier;
import eu.europa.esig.dss.model.CommonCommitmentType;
import eu.europa.esig.dss.model.DSSDocument;
import eu.europa.esig.dss.model.DSSException;
import eu.europa.esig.dss.model.Policy;
import eu.europa.esig.dss.model.SignerLocation;
import eu.europa.esig.dss.model.SpDocSpecification;
import eu.europa.esig.dss.model.UserNotice;
import eu.europa.esig.dss.model.x509.CertificateToken;
import eu.europa.esig.dss.spi.DSSASN1Utils;
import eu.europa.esig.dss.spi.DSSUtils;
import eu.europa.esig.dss.spi.x509.BaselineBCertificateSelector;
import eu.europa.esig.dss.spi.x509.tsp.TimestampInclude;
import eu.europa.esig.dss.spi.x509.tsp.TimestampToken;
import eu.europa.esig.dss.utils.Utils;
import eu.europa.esig.dss.validation.CertificateVerifier;
import eu.europa.esig.dss.xades.DSSObject;
import eu.europa.esig.dss.xades.DSSXMLUtils;
import eu.europa.esig.dss.xades.SignatureBuilder;
import eu.europa.esig.dss.xades.XAdESSignatureParameters;
import eu.europa.esig.dss.xades.dataobject.DSSDataObjectFormat;
import eu.europa.esig.dss.xades.dataobject.DataObjectFormatBuilder;
import eu.europa.esig.dss.xades.reference.DSSReference;
import eu.europa.esig.dss.xades.reference.ReferenceBuilder;
import eu.europa.esig.dss.xades.reference.ReferenceIdProvider;
import eu.europa.esig.dss.xades.reference.ReferenceProcessor;
import eu.europa.esig.dss.xades.reference.ReferenceVerifier;
import eu.europa.esig.dss.xml.common.definition.DSSElement;
import eu.europa.esig.dss.xml.utils.DomUtils;
import eu.europa.esig.dss.xml.utils.XMLCanonicalizer;
import eu.europa.esig.xades.definition.xades132.XAdES132Attribute;
import eu.europa.esig.xmldsig.definition.XMLDSigAttribute;
import eu.europa.esig.xmldsig.definition.XMLDSigElement;
import eu.europa.esig.xmldsig.definition.XMLDSigPath;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import java.util.Set;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;

/* loaded from: input_file:BOOT-INF/lib/dss-xades-6.0.jar:eu/europa/esig/dss/xades/signature/XAdESSignatureBuilder.class */
public abstract class XAdESSignatureBuilder extends XAdESBuilder implements SignatureBuilder {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) XAdESSignatureBuilder.class);
    protected boolean built;
    protected DSSDocument document;
    protected String keyInfoCanonicalizationMethod;
    protected String signedInfoCanonicalizationMethod;
    protected String signedPropertiesCanonicalizationMethod;
    protected final String deterministicId;
    protected Element signatureDom;
    protected Element keyInfoDom;
    protected Element signedInfoDom;
    protected Element signatureValueDom;
    protected Element qualifyingPropertiesDom;
    protected Element signedPropertiesDom;
    protected Element signedSignaturePropertiesDom;
    protected Element signedDataObjectPropertiesDom;
    protected Element unsignedSignaturePropertiesDom;
    protected static final String KEYINFO_SUFFIX = "keyInfo-";
    protected static final String TIMESTAMP_SUFFIX = "TS-";
    protected static final String VALUE_SUFFIX = "value-";
    protected static final String XADES_SUFFIX = "xades-";

    public static XAdESSignatureBuilder getSignatureBuilder(XAdESSignatureParameters xAdESSignatureParameters, DSSDocument dSSDocument, CertificateVerifier certificateVerifier) {
        Objects.requireNonNull(xAdESSignatureParameters.getSignaturePackaging(), "Cannot create a SignatureBuilder. SignaturePackaging is not defined!");
        switch (xAdESSignatureParameters.getSignaturePackaging()) {
            case ENVELOPED:
                return new EnvelopedSignatureBuilder(xAdESSignatureParameters, dSSDocument, certificateVerifier);
            case ENVELOPING:
                return new EnvelopingSignatureBuilder(xAdESSignatureParameters, dSSDocument, certificateVerifier);
            case DETACHED:
                return new DetachedSignatureBuilder(xAdESSignatureParameters, dSSDocument, certificateVerifier);
            case INTERNALLY_DETACHED:
                return new InternallyDetachedSignatureBuilder(xAdESSignatureParameters, dSSDocument, certificateVerifier);
            default:
                throw new DSSException("Unsupported packaging " + xAdESSignatureParameters.getSignaturePackaging());
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public XAdESSignatureBuilder(XAdESSignatureParameters xAdESSignatureParameters, DSSDocument dSSDocument, CertificateVerifier certificateVerifier) {
        super(certificateVerifier);
        this.built = false;
        this.params = xAdESSignatureParameters;
        this.document = dSSDocument;
        this.deterministicId = xAdESSignatureParameters.getDeterministicId();
        setCanonicalizationMethods(xAdESSignatureParameters);
    }

    private void setCanonicalizationMethods(XAdESSignatureParameters xAdESSignatureParameters) {
        this.keyInfoCanonicalizationMethod = xAdESSignatureParameters.getKeyInfoCanonicalizationMethod();
        this.signedInfoCanonicalizationMethod = xAdESSignatureParameters.getSignedInfoCanonicalizationMethod();
        this.signedPropertiesCanonicalizationMethod = xAdESSignatureParameters.getSignedPropertiesCanonicalizationMethod();
    }

    public byte[] build() throws DSSException {
        assertSignaturePossible();
        ensureConfigurationValidity();
        this.xadesPath = getCurrentXAdESPath();
        this.documentDom = buildRootDocumentDom();
        incorporateFiles();
        incorporateSignatureDom();
        incorporateSignedInfo();
        incorporateSignatureValue();
        incorporateKeyInfo();
        incorporateObjects();
        if (Utils.isArrayEmpty(this.params.getSignedData())) {
            incorporateReferences();
            incorporateReferenceSignedProperties();
            incorporateReferenceKeyInfo();
        }
        byte[] canonicalize = XMLCanonicalizer.createInstance(this.signedInfoCanonicalizationMethod).canonicalize(getNodeToCanonicalize(this.signedInfoDom));
        if (LOG.isTraceEnabled()) {
            LOG.trace("Canonicalized SignedInfo         --> {}", new String(canonicalize));
            LOG.trace("Canonicalized SignedInfo SHA256  --> {}", Utils.toBase64(DSSUtils.digest(DigestAlgorithm.SHA256, canonicalize)));
        }
        this.built = true;
        return canonicalize;
    }

    private void assertSignaturePossible() {
        NodeList allSignaturesExceptCounterSignatures;
        if (!DomUtils.isDOM(this.document) || (allSignaturesExceptCounterSignatures = DSSXMLUtils.getAllSignaturesExceptCounterSignatures(DomUtils.buildDOM(this.document))) == null || allSignaturesExceptCounterSignatures.getLength() <= 0) {
            return;
        }
        for (int i = 0; i < allSignaturesExceptCounterSignatures.getLength(); i++) {
            assertDoesNotContainEnvelopedTransform(allSignaturesExceptCounterSignatures.item(i));
        }
    }

    private void assertDoesNotContainEnvelopedTransform(Node node) {
        NodeList referenceNodeList = DSSXMLUtils.getReferenceNodeList(node);
        if (referenceNodeList == null || referenceNodeList.getLength() <= 0) {
            return;
        }
        for (int i = 0; i < referenceNodeList.getLength(); i++) {
            NodeList nodeList = DomUtils.getNodeList(referenceNodeList.item(i), XMLDSigPath.TRANSFORMS_TRANSFORM_PATH);
            if (nodeList != null && nodeList.getLength() > 0) {
                for (int i2 = 0; i2 < nodeList.getLength(); i2++) {
                    if ("http://www.w3.org/2000/09/xmldsig#enveloped-signature".equals(((Element) nodeList.item(i2)).getAttribute(XMLDSigAttribute.ALGORITHM.getAttributeName()))) {
                        throw new IllegalInputException(String.format("The parallel signature is not possible! The provided file contains a signature with an '%s' transform.", "http://www.w3.org/2000/09/xmldsig#enveloped-signature"));
                    }
                }
            }
        }
    }

    private void ensureConfigurationValidity() {
        checkSignaturePackagingValidity();
        if (!Utils.isCollectionEmpty(this.params.getReferences())) {
            new ReferenceVerifier(this.params).checkReferencesValidity();
        } else {
            this.params.getContext().setReferences(initReferenceBuilder().build());
        }
    }

    private ReferenceBuilder initReferenceBuilder() {
        List<DSSDocument> detachedContents = Utils.isCollectionNotEmpty(this.params.getDetachedContents()) ? this.params.getDetachedContents() : Arrays.asList(this.document);
        ReferenceIdProvider referenceIdProvider = new ReferenceIdProvider();
        referenceIdProvider.setSignatureParameters(this.params);
        return new ReferenceBuilder(detachedContents, this.params, referenceIdProvider);
    }

    private void checkSignaturePackagingValidity() {
        if (SignaturePackaging.ENVELOPING.equals(this.params.getSignaturePackaging())) {
            return;
        }
        if (this.params.isManifestSignature()) {
            throw new IllegalArgumentException(String.format("The signature packaging %s is not compatible with manifestSignature(true) configuration!", this.params.getSignaturePackaging()));
        }
        if (this.params.isEmbedXML()) {
            throw new IllegalArgumentException(String.format("The signature packaging %s is not compatible with embedXML(true) configuration!", this.params.getSignaturePackaging()));
        }
    }

    protected void incorporateFiles() {
    }

    protected Document buildRootDocumentDom() {
        return DomUtils.buildDOM();
    }

    public void incorporateSignatureDom() {
        this.signatureDom = DomUtils.createElementNS(this.documentDom, getXmldsigNamespace(), XMLDSigElement.SIGNATURE);
        DomUtils.addNamespaceAttribute(this.signatureDom, getXmldsigNamespace());
        this.signatureDom.setAttribute(XMLDSigAttribute.ID.getAttributeName(), this.deterministicId);
        incorporateSignatureDom(getParentNodeOfSignature());
    }

    protected Node getParentNodeOfSignature() {
        return this.documentDom;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void incorporateSignatureDom(Node node) {
        node.appendChild(this.signatureDom);
    }

    public void incorporateSignedInfo() {
        if (Utils.isArrayNotEmpty(this.params.getSignedData())) {
            LOG.debug("Using explicit SignedInfo from parameter");
            this.signedInfoDom = DomUtils.buildDOM(this.params.getSignedData()).getDocumentElement();
            this.signedInfoDom = (Element) this.documentDom.importNode(this.signedInfoDom, true);
            this.signatureDom.appendChild(this.signedInfoDom);
            return;
        }
        this.signedInfoDom = DomUtils.createElementNS(this.documentDom, getXmldsigNamespace(), XMLDSigElement.SIGNED_INFO);
        this.signatureDom.appendChild(this.signedInfoDom);
        incorporateCanonicalizationMethod(this.signedInfoDom, this.signedInfoCanonicalizationMethod);
        Element createElementNS = DomUtils.createElementNS(this.documentDom, getXmldsigNamespace(), XMLDSigElement.SIGNATURE_METHOD);
        this.signedInfoDom.appendChild(createElementNS);
        SignatureAlgorithm algorithm = SignatureAlgorithm.getAlgorithm(this.params.getEncryptionAlgorithm(), this.params.getDigestAlgorithm(), this.params.getMaskGenerationFunction());
        String uri = algorithm.getUri();
        if (Utils.isStringBlank(uri)) {
            throw new UnsupportedOperationException("Unsupported signature algorithm " + algorithm);
        }
        createElementNS.setAttribute(XMLDSigAttribute.ALGORITHM.getAttributeName(), uri);
    }

    private void incorporateCanonicalizationMethod(Element element, String str) {
        Element createElementNS = DomUtils.createElementNS(this.documentDom, getXmldsigNamespace(), XMLDSigElement.CANONICALIZATION_METHOD);
        element.appendChild(createElementNS);
        createElementNS.setAttribute(XMLDSigAttribute.ALGORITHM.getAttributeName(), str);
    }

    private void incorporateReferences() {
        new ReferenceProcessor(this.params).incorporateReferences(this.signedInfoDom, this.params.getReferences(), getXmldsigNamespace());
    }

    protected void incorporateKeyInfo() throws DSSException {
        if (this.params.getSigningCertificate() == null && this.params.isGenerateTBSWithoutCertificate()) {
            LOG.debug("Signing certificate not available and must be added to signature DOM later");
            return;
        }
        Element createElementNS = DomUtils.createElementNS(this.documentDom, getXmldsigNamespace(), XMLDSigElement.KEY_INFO);
        this.signatureDom.appendChild(createElementNS);
        if (this.params.isSignKeyInfo()) {
            createElementNS.setAttribute(XMLDSigAttribute.ID.getAttributeName(), KEYINFO_SUFFIX + this.deterministicId);
        }
        List<CertificateToken> certificates = new BaselineBCertificateSelector(this.params.getSigningCertificate(), this.params.getCertificateChain()).setTrustedCertificateSource(this.certificateVerifier.getTrustedCertSources()).setTrustAnchorBPPolicy(this.params.bLevel().isTrustAnchorBPPolicy()).getCertificates();
        if (this.params.isAddX509SubjectName()) {
            for (CertificateToken certificateToken : certificates) {
                Element createElementNS2 = DomUtils.createElementNS(this.documentDom, getXmldsigNamespace(), XMLDSigElement.X509_DATA);
                createElementNS.appendChild(createElementNS2);
                addSubjectAndCertificate(createElementNS2, certificateToken);
            }
        } else {
            Element createElementNS3 = DomUtils.createElementNS(this.documentDom, getXmldsigNamespace(), XMLDSigElement.X509_DATA);
            createElementNS.appendChild(createElementNS3);
            Iterator<CertificateToken> it = certificates.iterator();
            while (it.hasNext()) {
                addCertificate(createElementNS3, it.next());
            }
        }
        this.keyInfoDom = createElementNS;
    }

    private void addSubjectAndCertificate(Element element, CertificateToken certificateToken) {
        DomUtils.addTextElement(this.documentDom, element, getXmldsigNamespace(), XMLDSigElement.X509_SUBJECT_NAME, certificateToken.getSubject().getRFC2253());
        addCertificate(element, certificateToken);
    }

    private void addCertificate(Element element, CertificateToken certificateToken) {
        DomUtils.addTextElement(this.documentDom, element, getXmldsigNamespace(), XMLDSigElement.X509_CERTIFICATE, Utils.toBase64(certificateToken.getEncoded()));
    }

    protected void incorporateObjects() {
        incorporateQualifyingProperties();
        incorporateSignedObjects();
        incorporateCustomObjects();
    }

    protected void incorporateQualifyingProperties() {
        if (Utils.isArrayNotEmpty(this.params.getSignedAdESObject())) {
            LOG.debug("Incorporating signed XAdES Object from parameter");
            if (!DomUtils.isDOM(this.params.getSignedAdESObject())) {
                throw new IllegalArgumentException("The signed AdES Object shall represent an XML!");
            }
            this.signatureDom.appendChild(this.documentDom.importNode(DomUtils.buildDOM(this.params.getSignedAdESObject()).getDocumentElement(), true));
            return;
        }
        Element createElementNS = DomUtils.createElementNS(this.documentDom, getXmldsigNamespace(), XMLDSigElement.OBJECT);
        this.signatureDom.appendChild(createElementNS);
        this.qualifyingPropertiesDom = DomUtils.addElement(this.documentDom, createElementNS, getXadesNamespace(), getCurrentXAdESElements().getElementQualifyingProperties());
        DomUtils.addNamespaceAttribute(this.qualifyingPropertiesDom, getXadesNamespace());
        this.qualifyingPropertiesDom.setAttribute("Target", DomUtils.toElementReference(this.deterministicId));
        incorporateSignedProperties();
    }

    protected void incorporateSignedObjects() {
        for (DSSReference dSSReference : this.params.getReferences()) {
            if (dSSReference.getObject() != null) {
                incorporateObject(dSSReference.getObject());
            }
        }
    }

    protected void incorporateCustomObjects() {
        if (Utils.isCollectionNotEmpty(this.params.getObjects())) {
            Iterator<DSSObject> it = this.params.getObjects().iterator();
            while (it.hasNext()) {
                incorporateObject(it.next());
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void incorporateObject(DSSObject dSSObject) {
        if (dSSObject.getContent() == null) {
            throw new IllegalArgumentException("The content shall be defined inside DSSObject element! Incorporation is not possible.");
        }
        Element addElement = DomUtils.addElement(this.documentDom, this.signatureDom, getXmldsigNamespace(), XMLDSigElement.OBJECT);
        if (DomUtils.isDOM(dSSObject.getContent())) {
            DomUtils.adoptChildren(addElement, DomUtils.buildDOM(dSSObject.getContent()));
        } else {
            addElement.appendChild(this.documentDom.createTextNode(new String(DSSUtils.toByteArray(dSSObject.getContent()))));
        }
        if (Utils.isStringNotBlank(dSSObject.getId())) {
            addElement.setAttribute(XMLDSigAttribute.ID.getAttributeName(), dSSObject.getId());
        }
        if (Utils.isStringNotBlank(dSSObject.getMimeType())) {
            addElement.setAttribute(XMLDSigAttribute.MIME_TYPE.getAttributeName(), dSSObject.getMimeType());
        }
        if (Utils.isStringNotBlank(dSSObject.getEncodingAlgorithm())) {
            addElement.setAttribute(XMLDSigAttribute.ENCODING.getAttributeName(), dSSObject.getEncodingAlgorithm());
        }
    }

    protected void incorporateReferenceSignedProperties() {
        Element createElementNS = DomUtils.createElementNS(this.documentDom, getXmldsigNamespace(), XMLDSigElement.REFERENCE);
        this.signedInfoDom.appendChild(createElementNS);
        createElementNS.setAttribute(XMLDSigAttribute.TYPE.getAttributeName(), this.xadesPath.getSignedPropertiesUri());
        createElementNS.setAttribute(XMLDSigAttribute.URI.getAttributeName(), DomUtils.toElementReference(XADES_SUFFIX + this.deterministicId));
        Node createElementNS2 = DomUtils.createElementNS(this.documentDom, getXmldsigNamespace(), XMLDSigElement.TRANSFORMS);
        createElementNS.appendChild(createElementNS2);
        Element createElementNS3 = DomUtils.createElementNS(this.documentDom, getXmldsigNamespace(), XMLDSigElement.TRANSFORM);
        createElementNS2.appendChild(createElementNS3);
        createElementNS3.setAttribute(XMLDSigAttribute.ALGORITHM.getAttributeName(), this.signedPropertiesCanonicalizationMethod);
        DigestAlgorithm referenceDigestAlgorithmOrDefault = DSSXMLUtils.getReferenceDigestAlgorithmOrDefault(this.params);
        DSSXMLUtils.incorporateDigestMethod(createElementNS, referenceDigestAlgorithmOrDefault, getXmldsigNamespace());
        byte[] canonicalize = XMLCanonicalizer.createInstance(this.signedPropertiesCanonicalizationMethod).canonicalize(getNodeToCanonicalize(this.signedPropertiesDom));
        if (LOG.isTraceEnabled()) {
            LOG.trace("Canonicalization method  --> {}", this.signedPropertiesCanonicalizationMethod);
            LOG.trace("Canonicalized REF_2      --> {}", new String(canonicalize));
        }
        incorporateDigestValueOfReference(createElementNS, referenceDigestAlgorithmOrDefault, canonicalize);
    }

    protected void incorporateReferenceKeyInfo() {
        if (this.params.isSignKeyInfo()) {
            Element createElementNS = DomUtils.createElementNS(this.documentDom, getXmldsigNamespace(), XMLDSigElement.REFERENCE);
            this.signedInfoDom.appendChild(createElementNS);
            createElementNS.setAttribute(XMLDSigAttribute.URI.getAttributeName(), DomUtils.toElementReference(KEYINFO_SUFFIX + this.deterministicId));
            Node createElementNS2 = DomUtils.createElementNS(this.documentDom, getXmldsigNamespace(), XMLDSigElement.TRANSFORMS);
            createElementNS.appendChild(createElementNS2);
            Element createElementNS3 = DomUtils.createElementNS(this.documentDom, getXmldsigNamespace(), XMLDSigElement.TRANSFORM);
            createElementNS2.appendChild(createElementNS3);
            createElementNS3.setAttribute(XMLDSigAttribute.ALGORITHM.getAttributeName(), this.keyInfoCanonicalizationMethod);
            DigestAlgorithm referenceDigestAlgorithmOrDefault = DSSXMLUtils.getReferenceDigestAlgorithmOrDefault(this.params);
            DSSXMLUtils.incorporateDigestMethod(createElementNS, referenceDigestAlgorithmOrDefault, getXmldsigNamespace());
            byte[] canonicalize = XMLCanonicalizer.createInstance(this.keyInfoCanonicalizationMethod).canonicalize(getNodeToCanonicalize(this.keyInfoDom));
            if (LOG.isTraceEnabled()) {
                LOG.trace("Canonicalization method   --> {}", this.keyInfoCanonicalizationMethod);
                LOG.trace("Canonicalized REF_KeyInfo --> {}", new String(canonicalize));
            }
            incorporateDigestValueOfReference(createElementNS, referenceDigestAlgorithmOrDefault, canonicalize);
        }
    }

    private void incorporateDigestValueOfReference(Element element, DigestAlgorithm digestAlgorithm, byte[] bArr) {
        Element createElementNS = DomUtils.createElementNS(this.documentDom, getXmldsigNamespace(), XMLDSigElement.DIGEST_VALUE);
        createElementNS.appendChild(this.documentDom.createTextNode(Utils.toBase64(DSSUtils.digest(digestAlgorithm, bArr))));
        element.appendChild(createElementNS);
    }

    protected void incorporateSignatureValue() {
        this.signatureValueDom = DomUtils.createElementNS(this.documentDom, getXmldsigNamespace(), XMLDSigElement.SIGNATURE_VALUE);
        this.signatureDom.appendChild(this.signatureValueDom);
        this.signatureValueDom.setAttribute(XMLDSigAttribute.ID.getAttributeName(), VALUE_SUFFIX + this.deterministicId);
    }

    protected void incorporateSignedProperties() {
        this.signedPropertiesDom = DomUtils.addElement(this.documentDom, this.qualifyingPropertiesDom, getXadesNamespace(), getCurrentXAdESElements().getElementSignedProperties());
        this.signedPropertiesDom.setAttribute(XMLDSigAttribute.ID.getAttributeName(), XADES_SUFFIX + this.deterministicId);
        incorporateSignedSignatureProperties();
        incorporateSignedDataObjectProperties();
    }

    protected void incorporateSignedSignatureProperties() {
        this.signedSignaturePropertiesDom = DomUtils.addElement(this.documentDom, this.signedPropertiesDom, getXadesNamespace(), getCurrentXAdESElements().getElementSignedSignatureProperties());
        incorporateSigningTime();
        incorporateSigningCertificate();
        incorporatePolicy();
        incorporateSignatureProductionPlace();
        incorporateSignerRole();
    }

    private void incorporatePolicy() {
        Policy signaturePolicy = this.params.bLevel().getSignaturePolicy();
        if (signaturePolicy != null) {
            Element addElement = DomUtils.addElement(this.documentDom, this.signedSignaturePropertiesDom, getXadesNamespace(), getCurrentXAdESElements().getElementSignaturePolicyIdentifier());
            String id = signaturePolicy.getId();
            if (Utils.isStringEmpty(id)) {
                DomUtils.addElement(this.documentDom, addElement, getXadesNamespace(), getCurrentXAdESElements().getElementSignaturePolicyImplied());
                return;
            }
            Element addElement2 = DomUtils.addElement(this.documentDom, addElement, getXadesNamespace(), getCurrentXAdESElements().getElementSignaturePolicyId());
            Element addElement3 = DomUtils.addElement(this.documentDom, addElement2, getXadesNamespace(), getCurrentXAdESElements().getElementSigPolicyId());
            Element addTextElement = DomUtils.addTextElement(this.documentDom, addElement3, getXadesNamespace(), getCurrentXAdESElements().getElementIdentifier(), id);
            ObjectIdentifierQualifier qualifier = signaturePolicy.getQualifier();
            if (qualifier != null) {
                addTextElement.setAttribute(XAdES132Attribute.QUALIFIER.getAttributeName(), qualifier.getValue());
            }
            String description = signaturePolicy.getDescription();
            if (Utils.isStringNotEmpty(description)) {
                DomUtils.addTextElement(this.documentDom, addElement3, getXadesNamespace(), getCurrentXAdESElements().getElementDescription(), description);
            }
            String[] documentationReferences = signaturePolicy.getDocumentationReferences();
            if (Utils.isArrayNotEmpty(documentationReferences)) {
                incorporateDocumentationReferences(addElement3, documentationReferences);
            }
            if (signaturePolicy instanceof XmlPolicyWithTransforms) {
                DSSXMLUtils.incorporateTransforms(addElement2, ((XmlPolicyWithTransforms) signaturePolicy).getTransforms(), getXmldsigNamespace());
            }
            if (signaturePolicy.getDigestAlgorithm() != null && signaturePolicy.getDigestValue() != null) {
                Element addElement4 = DomUtils.addElement(this.documentDom, addElement2, getXadesNamespace(), getCurrentXAdESElements().getElementSigPolicyHash());
                incorporateDigestMethod(addElement4, signaturePolicy.getDigestAlgorithm());
                incorporateDigestValue(addElement4, Utils.toBase64(signaturePolicy.getDigestValue()));
            }
            if (signaturePolicy.isSPQualifierPresent()) {
                incorporateSigPolicyQualifiers(addElement2, signaturePolicy);
            }
        }
    }

    private void incorporateSigPolicyQualifiers(Element element, Policy policy) {
        Element addElement = DomUtils.addElement(this.documentDom, element, getXadesNamespace(), getCurrentXAdESElements().getElementSigPolicyQualifiers());
        String spuri = policy.getSpuri();
        if (Utils.isStringNotEmpty(spuri)) {
            DomUtils.addTextElement(this.documentDom, DomUtils.addElement(this.documentDom, addElement, getXadesNamespace(), getCurrentXAdESElements().getElementSigPolicyQualifier()), getXadesNamespace(), getCurrentXAdESElements().getElementSPURI(), spuri);
        }
        UserNotice userNotice = policy.getUserNotice();
        if (userNotice != null && !userNotice.isEmpty()) {
            DSSUtils.assertSPUserNoticeConfigurationValid(userNotice);
            Element addElement2 = DomUtils.addElement(this.documentDom, DomUtils.addElement(this.documentDom, addElement, getXadesNamespace(), getCurrentXAdESElements().getElementSigPolicyQualifier()), getXadesNamespace(), getCurrentXAdESElements().getElementSPUserNotice());
            String organization = userNotice.getOrganization();
            int[] noticeNumbers = userNotice.getNoticeNumbers();
            if (Utils.isStringNotEmpty(organization) && noticeNumbers != null && noticeNumbers.length > 0) {
                Element addElement3 = DomUtils.addElement(this.documentDom, addElement2, getXadesNamespace(), getCurrentXAdESElements().getElementNoticeRef());
                DomUtils.addTextElement(this.documentDom, addElement3, getXadesNamespace(), getCurrentXAdESElements().getElementOrganization(), organization);
                Element addElement4 = DomUtils.addElement(this.documentDom, addElement3, getXadesNamespace(), getCurrentXAdESElements().getElementNoticeNumbers());
                for (int i : noticeNumbers) {
                    DomUtils.addTextElement(this.documentDom, addElement4, getXadesNamespace(), getCurrentXAdESElements().getElementint(), String.valueOf(i));
                }
            }
            String explicitText = userNotice.getExplicitText();
            if (Utils.isStringNotEmpty(explicitText)) {
                DomUtils.addTextElement(this.documentDom, addElement2, getXadesNamespace(), getCurrentXAdESElements().getElementExplicitText(), explicitText);
            }
        }
        SpDocSpecification spDocSpecification = policy.getSpDocSpecification();
        if (spDocSpecification == null || !Utils.isStringNotEmpty(spDocSpecification.getId())) {
            return;
        }
        incorporateSPDocSpecification(DomUtils.addElement(this.documentDom, addElement, getXadesNamespace(), getCurrentXAdESElements().getElementSigPolicyQualifier()), spDocSpecification);
    }

    private void incorporateSigningTime() {
        String xMLFormat = DomUtils.createXMLGregorianCalendar(this.params.bLevel().getSigningDate()).toXMLFormat();
        Element createElementNS = DomUtils.createElementNS(this.documentDom, getXadesNamespace(), getCurrentXAdESElements().getElementSigningTime());
        this.signedSignaturePropertiesDom.appendChild(createElementNS);
        createElementNS.appendChild(this.documentDom.createTextNode(xMLFormat));
    }

    private void incorporateSigningCertificate() {
        if (this.params.getSigningCertificate() == null && this.params.isGenerateTBSWithoutCertificate()) {
            return;
        }
        HashSet hashSet = new HashSet();
        hashSet.add(this.params.getSigningCertificate());
        if (this.params.isEn319132()) {
            incorporateSigningCertificateV2(hashSet);
        } else {
            incorporateSigningCertificateV1(hashSet);
        }
    }

    private void incorporateSigningCertificateV1(Set<CertificateToken> set) {
        Element addElement = DomUtils.addElement(this.documentDom, this.signedSignaturePropertiesDom, getXadesNamespace(), getCurrentXAdESElements().getElementSigningCertificate());
        DigestAlgorithm signingCertificateDigestMethod = this.params.getSigningCertificateDigestMethod();
        Iterator<CertificateToken> it = set.iterator();
        while (it.hasNext()) {
            incorporateCert(addElement, it.next(), signingCertificateDigestMethod);
        }
    }

    private void incorporateSigningCertificateV2(Set<CertificateToken> set) {
        Element addElement = DomUtils.addElement(this.documentDom, this.signedSignaturePropertiesDom, getXadesNamespace(), getCurrentXAdESElements().getElementSigningCertificateV2());
        DigestAlgorithm signingCertificateDigestMethod = this.params.getSigningCertificateDigestMethod();
        Iterator<CertificateToken> it = set.iterator();
        while (it.hasNext()) {
            incorporateCert(addElement, it.next(), signingCertificateDigestMethod);
        }
    }

    private void incorporateSignedDataObjectProperties() {
        incorporateDataObjectFormat();
        incorporateCommitmentTypeIndications();
        incorporateContentTimestamps();
    }

    private Element getSignedDataObjectPropertiesDom() {
        if (this.signedDataObjectPropertiesDom == null) {
            this.signedDataObjectPropertiesDom = DomUtils.addElement(this.documentDom, this.signedPropertiesDom, getXadesNamespace(), getCurrentXAdESElements().getElementSignedDataObjectProperties());
        }
        return this.signedDataObjectPropertiesDom;
    }

    private void incorporateDataObjectFormat() {
        List<DSSDataObjectFormat> dataObjectFormatList = this.params.getDataObjectFormatList();
        if (dataObjectFormatList == null) {
            dataObjectFormatList = new DataObjectFormatBuilder().setReferences(this.params.getReferences()).build();
        }
        for (DSSDataObjectFormat dSSDataObjectFormat : dataObjectFormatList) {
            assertDataObjectFormatValid(dSSDataObjectFormat);
            Element addElement = DomUtils.addElement(this.documentDom, getSignedDataObjectPropertiesDom(), getXadesNamespace(), getCurrentXAdESElements().getElementDataObjectFormat());
            if (dSSDataObjectFormat.getDescription() != null) {
                DomUtils.setTextNode(this.documentDom, DomUtils.addElement(this.documentDom, addElement, getXadesNamespace(), getCurrentXAdESElements().getElementDescription()), dSSDataObjectFormat.getDescription());
            }
            if (dSSDataObjectFormat.getObjectIdentifier() != null) {
                incorporateObjectIdentifier(DomUtils.addElement(this.documentDom, addElement, getXadesNamespace(), getCurrentXAdESElements().getElementObjectIdentifier()), dSSDataObjectFormat.getObjectIdentifier());
            }
            if (dSSDataObjectFormat.getMimeType() != null) {
                DomUtils.setTextNode(this.documentDom, DomUtils.addElement(this.documentDom, addElement, getXadesNamespace(), getCurrentXAdESElements().getElementMimeType()), dSSDataObjectFormat.getMimeType());
            }
            if (dSSDataObjectFormat.getEncoding() != null) {
                DomUtils.setTextNode(this.documentDom, DomUtils.addElement(this.documentDom, addElement, getXadesNamespace(), getCurrentXAdESElements().getElementEncoding()), dSSDataObjectFormat.getEncoding());
            }
            if (dSSDataObjectFormat.getObjectReference() != null) {
                addElement.setAttribute(XAdES132Attribute.OBJECT_REFERENCE.getAttributeName(), dSSDataObjectFormat.getObjectReference());
            }
        }
    }

    private void assertDataObjectFormatValid(DSSDataObjectFormat dSSDataObjectFormat) {
        Objects.requireNonNull(dSSDataObjectFormat, "DataObjectFormat cannot be null!");
        if (dSSDataObjectFormat.getDescription() == null && dSSDataObjectFormat.getObjectIdentifier() == null && dSSDataObjectFormat.getMimeType() == null) {
            throw new IllegalArgumentException("At least one of the Description, ObjectIdentifier or MimeType shall be defined for a DataObjectFormat object!");
        }
        if (dSSDataObjectFormat.getObjectReference() == null) {
            throw new IllegalArgumentException("ObjectReference attribute of DataObjectFormat shall be present!");
        }
        if (!DomUtils.isElementReference(dSSDataObjectFormat.getObjectReference())) {
            throw new IllegalArgumentException("ObjectReference attribute of DataObjectFormat shall define a reference to an element within signature (i.e. shall begin with '#')!");
        }
    }

    private void incorporateContentTimestamps() {
        List<TimestampToken> contentTimestamps = this.params.getContentTimestamps();
        if (contentTimestamps == null) {
            return;
        }
        for (TimestampToken timestampToken : contentTimestamps) {
            String str = TIMESTAMP_SUFFIX + timestampToken.getDSSIdAsString();
            TimestampType timeStampType = timestampToken.getTimeStampType();
            if (TimestampType.ALL_DATA_OBJECTS_TIMESTAMP.equals(timeStampType)) {
                Element addElement = DomUtils.addElement(this.documentDom, getSignedDataObjectPropertiesDom(), getXadesNamespace(), getCurrentXAdESElements().getElementAllDataObjectsTimeStamp());
                addElement.setAttribute(XMLDSigAttribute.ID.getAttributeName(), str);
                addTimestamp(addElement, timestampToken);
            } else {
                if (!TimestampType.INDIVIDUAL_DATA_OBJECTS_TIMESTAMP.equals(timeStampType)) {
                    throw new UnsupportedOperationException("Only types ALL_DATA_OBJECTS_TIMESTAMP and INDIVIDUAL_DATA_OBJECTS_TIMESTAMP are allowed");
                }
                Element addElement2 = DomUtils.addElement(this.documentDom, getSignedDataObjectPropertiesDom(), getXadesNamespace(), getCurrentXAdESElements().getElementIndividualDataObjectsTimeStamp());
                addElement2.setAttribute(XMLDSigAttribute.ID.getAttributeName(), str);
                addTimestamp(addElement2, timestampToken);
            }
        }
    }

    private void incorporateSignerRole() {
        List<String> claimedSignerRoles = this.params.bLevel().getClaimedSignerRoles();
        List<String> signedAssertions = this.params.bLevel().getSignedAssertions();
        Element element = null;
        if (claimedSignerRoles != null) {
            element = this.params.isEn319132() ? DomUtils.addElement(this.documentDom, this.signedSignaturePropertiesDom, getXadesNamespace(), getCurrentXAdESElements().getElementSignerRoleV2()) : DomUtils.addElement(this.documentDom, this.signedSignaturePropertiesDom, getXadesNamespace(), getCurrentXAdESElements().getElementSignerRole());
            if (Utils.isCollectionNotEmpty(claimedSignerRoles)) {
                addRoles(claimedSignerRoles, DomUtils.addElement(this.documentDom, element, getXadesNamespace(), getCurrentXAdESElements().getElementClaimedRoles()), getCurrentXAdESElements().getElementClaimedRole());
            }
        }
        if (signedAssertions == null || !this.params.isEn319132()) {
            return;
        }
        if (element == null) {
            element = DomUtils.addElement(this.documentDom, this.signedSignaturePropertiesDom, getXadesNamespace(), getCurrentXAdESElements().getElementSignerRoleV2());
        }
        if (Utils.isCollectionNotEmpty(signedAssertions)) {
            addAssertions(signedAssertions, DomUtils.addElement(this.documentDom, element, getXadesNamespace(), getCurrentXAdESElements().getElementSignedAssertions()));
        }
    }

    private void addRoles(List<String> list, Element element, DSSElement dSSElement) {
        for (String str : list) {
            DomUtils.setTextNode(this.documentDom, DomUtils.addElement(this.documentDom, element, getXadesNamespace(), dSSElement), str);
        }
    }

    private void incorporateSignatureProductionPlace() {
        String streetAddress;
        SignerLocation signerLocation = this.params.bLevel().getSignerLocation();
        if (signerLocation == null || signerLocation.isEmpty()) {
            return;
        }
        Element addElement = this.params.isEn319132() ? DomUtils.addElement(this.documentDom, this.signedSignaturePropertiesDom, getXadesNamespace(), getCurrentXAdESElements().getElementSignatureProductionPlaceV2()) : DomUtils.addElement(this.documentDom, this.signedSignaturePropertiesDom, getXadesNamespace(), getCurrentXAdESElements().getElementSignatureProductionPlace());
        String locality = signerLocation.getLocality();
        if (locality != null) {
            DomUtils.addTextElement(this.documentDom, addElement, getXadesNamespace(), getCurrentXAdESElements().getElementCity(), locality);
        }
        if (this.params.isEn319132() && (streetAddress = signerLocation.getStreetAddress()) != null) {
            DomUtils.addTextElement(this.documentDom, addElement, getXadesNamespace(), getCurrentXAdESElements().getElementStreetAddress(), streetAddress);
        }
        String stateOrProvince = signerLocation.getStateOrProvince();
        if (stateOrProvince != null) {
            DomUtils.addTextElement(this.documentDom, addElement, getXadesNamespace(), getCurrentXAdESElements().getElementStateOrProvince(), stateOrProvince);
        }
        String postalCode = signerLocation.getPostalCode();
        if (postalCode != null) {
            DomUtils.addTextElement(this.documentDom, addElement, getXadesNamespace(), getCurrentXAdESElements().getElementPostalCode(), postalCode);
        }
        String country = signerLocation.getCountry();
        if (country != null) {
            DomUtils.addTextElement(this.documentDom, addElement, getXadesNamespace(), getCurrentXAdESElements().getElementCountryName(), country);
        }
    }

    private void incorporateCommitmentTypeIndications() {
        Node createTextNode;
        List<CommitmentType> commitmentTypeIndications = this.params.bLevel().getCommitmentTypeIndications();
        if (Utils.isCollectionNotEmpty(commitmentTypeIndications)) {
            for (CommitmentType commitmentType : commitmentTypeIndications) {
                assertCommitmentTypeNotNull(commitmentType);
                Element addElement = DomUtils.addElement(this.documentDom, getSignedDataObjectPropertiesDom(), getXadesNamespace(), getCurrentXAdESElements().getElementCommitmentTypeIndication());
                incorporateObjectIdentifier(DomUtils.addElement(this.documentDom, addElement, getXadesNamespace(), getCurrentXAdESElements().getElementCommitmentTypeId()), commitmentType);
                String[] strArr = null;
                CommitmentQualifier[] commitmentQualifierArr = null;
                if (commitmentType instanceof CommonCommitmentType) {
                    CommonCommitmentType commonCommitmentType = (CommonCommitmentType) commitmentType;
                    strArr = commonCommitmentType.getSignedDataObjects();
                    commitmentQualifierArr = commonCommitmentType.getCommitmentTypeQualifiers();
                }
                if (Utils.isArrayNotEmpty(strArr)) {
                    for (String str : strArr) {
                        if (Utils.isStringBlank(str)) {
                            throw new IllegalArgumentException("SignedDataObject URI cannot be null!");
                        }
                        DomUtils.addTextElement(this.documentDom, addElement, getXadesNamespace(), getCurrentXAdESElements().getElementObjectReference(), DomUtils.toElementReference(str));
                    }
                } else {
                    DomUtils.addElement(this.documentDom, addElement, getXadesNamespace(), getCurrentXAdESElements().getElementAllSignedDataObjects());
                }
                if (Utils.isArrayNotEmpty(commitmentQualifierArr)) {
                    Element addElement2 = DomUtils.addElement(this.documentDom, addElement, getXadesNamespace(), getCurrentXAdESElements().getElementCommitmentTypeQualifiers());
                    for (CommitmentQualifier commitmentQualifier : commitmentQualifierArr) {
                        Objects.requireNonNull(commitmentQualifier, "CommitmentTypeQualifier cannot be null!");
                        DSSDocument content = commitmentQualifier.getContent();
                        if (content == null) {
                            throw new IllegalArgumentException("CommitmentTypeQualifier content cannot be null!");
                        }
                        Element addElement3 = DomUtils.addElement(this.documentDom, addElement2, getXadesNamespace(), getCurrentXAdESElements().getElementCommitmentTypeQualifier());
                        if (DomUtils.isDOM(content)) {
                            createTextNode = this.documentDom.importNode(DomUtils.buildDOM(content).getDocumentElement(), true);
                        } else {
                            LOG.info("None XML encoded CommitmentTypeQualifier has been provided. Incorporate as text node.");
                            createTextNode = this.documentDom.createTextNode(new String(DSSUtils.toByteArray(content)));
                        }
                        addElement3.appendChild(createTextNode);
                    }
                }
            }
        }
    }

    private void assertCommitmentTypeNotNull(CommitmentType commitmentType) {
        Objects.requireNonNull(commitmentType, "CommitmentType cannot be null!");
        if (commitmentType.getUri() == null && commitmentType.getOid() == null) {
            throw new IllegalArgumentException("The URI or OID must be defined for commitmentTypeIndication for XAdES creation!");
        }
    }

    private void incorporateObjectIdentifier(Element element, ObjectIdentifier objectIdentifier) {
        incorporateIdentifier(element, objectIdentifier);
        String description = objectIdentifier.getDescription();
        if (description != null) {
            DomUtils.addTextElement(this.documentDom, element, getXadesNamespace(), getCurrentXAdESElements().getElementDescription(), description);
        }
        String[] documentationReferences = objectIdentifier.getDocumentationReferences();
        if (Utils.isArrayNotEmpty(documentationReferences)) {
            incorporateDocumentationReferences(element, documentationReferences);
        }
    }

    private void incorporateIdentifier(Element element, ObjectIdentifier objectIdentifier) {
        String uri = objectIdentifier.getUri();
        String oid = objectIdentifier.getOid();
        ObjectIdentifierQualifier qualifier = objectIdentifier.getQualifier();
        if (Utils.isStringEmpty(uri)) {
            if (Utils.isStringEmpty(oid)) {
                throw new IllegalArgumentException("The URI or OID must be defined for XAdES IdentifierType element!");
            }
            if (qualifier == null) {
                throw new IllegalArgumentException("When using OID as object identifier in XAdES, a Qualifier shall be provided! See EN 319 132-1 for more details.");
            }
            switch (qualifier) {
                case OID_AS_URI:
                    if (DSSUtils.isUrnOid(oid)) {
                        throw new IllegalArgumentException(String.format("Qualifier '%s' shall not be used for URN encoded OID! See EN 319 132-1 for more details.", qualifier));
                    }
                    break;
                case OID_AS_URN:
                    if (!DSSUtils.isUrnOid(oid)) {
                        oid = DSSUtils.toUrnOid(oid);
                        break;
                    }
                    break;
                default:
                    throw new UnsupportedOperationException(String.format("The Qualifier '%s' is not supported!", qualifier));
            }
            uri = oid;
        } else if (qualifier != null) {
            throw new IllegalArgumentException("When using URI as object identifier in XAdES, a Qualifier shall not be present! See EN 319 132-1 for more details.");
        }
        Element addTextElement = DomUtils.addTextElement(this.documentDom, element, getXadesNamespace(), getCurrentXAdESElements().getElementIdentifier(), uri);
        if (qualifier != null) {
            addTextElement.setAttribute(XAdES132Attribute.QUALIFIER.getAttributeName(), qualifier.getValue());
        }
    }

    private void incorporateDocumentationReferences(Element element, String[] strArr) {
        Element addElement = DomUtils.addElement(this.documentDom, element, getXadesNamespace(), getCurrentXAdESElements().getElementDocumentationReferences());
        for (String str : strArr) {
            DomUtils.addTextElement(this.documentDom, addElement, getXadesNamespace(), getCurrentXAdESElements().getElementDocumentationReference(), str);
        }
    }

    @Override // eu.europa.esig.dss.xades.SignatureBuilder
    public DSSDocument signDocument(byte[] bArr) {
        if (!this.built) {
            build();
        }
        this.signatureValueDom.appendChild(this.documentDom.createTextNode(Utils.toBase64(DSSASN1Utils.ensurePlainSignatureValue(this.params.getEncryptionAlgorithm(), bArr))));
        return createXmlDocument();
    }

    protected void addTimestamp(Element element, TimestampToken timestampToken) {
        List<TimestampInclude> timestampIncludes = timestampToken.getTimestampIncludes();
        if (timestampIncludes != null) {
            for (TimestampInclude timestampInclude : timestampIncludes) {
                Element createElementNS = DomUtils.createElementNS(this.documentDom, getXadesNamespace(), getCurrentXAdESElements().getElementInclude());
                createElementNS.setAttribute("URI", DomUtils.toElementReference(timestampInclude.getURI()));
                createElementNS.setAttribute(XAdESBuilder.REFERENCED_DATA, "true");
                element.appendChild(createElementNS);
            }
        }
        String canonicalizationMethod = timestampToken.getCanonicalizationMethod();
        if (!Utils.isStringNotEmpty(canonicalizationMethod)) {
            throw new IllegalArgumentException("Unable to create a timestamp with empty canonicalization method. See EN 319 132-1: 4.5 Managing canonicalization of XML nodesets.");
        }
        Element createElementNS2 = DomUtils.createElementNS(this.documentDom, getXmldsigNamespace(), XMLDSigElement.CANONICALIZATION_METHOD);
        createElementNS2.setAttribute(XMLDSigAttribute.ALGORITHM.getAttributeName(), canonicalizationMethod);
        element.appendChild(createElementNS2);
        Node createElementNS3 = DomUtils.createElementNS(this.documentDom, getXadesNamespace(), getCurrentXAdESElements().getElementEncapsulatedTimeStamp());
        createElementNS3.setTextContent(Utils.toBase64(timestampToken.getEncoded()));
        element.appendChild(createElementNS3);
    }

    protected Node getNodeToCanonicalize(Node node) {
        return this.params.isPrettyPrint() ? DSSXMLUtils.getIndentedNode(this.documentDom, node) : node;
    }

    @Override // eu.europa.esig.dss.xades.signature.XAdESBuilder
    protected void alignNodes() {
        if (this.unsignedSignaturePropertiesDom != null) {
            DSSXMLUtils.alignChildrenIndents(this.unsignedSignaturePropertiesDom);
        }
        if (this.qualifyingPropertiesDom != null) {
            DSSXMLUtils.alignChildrenIndents(this.qualifyingPropertiesDom);
        }
    }

    private void addAssertions(List<String> list, Element element) {
        for (String str : list) {
            DomUtils.addElement(this.documentDom, element, getXadesNamespace(), getCurrentXAdESElements().getElementSignedAssertion()).appendChild(this.documentDom.importNode(DomUtils.buildDOM(str).getDocumentElement(), true));
        }
    }
}
