package eu.europa.esig.dss.xades.validation.policy;

import eu.europa.esig.dss.enumerations.DigestAlgorithm;
import eu.europa.esig.dss.model.DSSDocument;
import eu.europa.esig.dss.model.Digest;
import eu.europa.esig.dss.spi.DSSUtils;
import eu.europa.esig.dss.utils.Utils;
import eu.europa.esig.dss.validation.SignaturePolicy;
import eu.europa.esig.dss.validation.policy.AbstractSignaturePolicyValidator;
import eu.europa.esig.dss.validation.policy.SignaturePolicyValidationResult;
import eu.europa.esig.dss.xades.validation.XAdESSignaturePolicy;
import eu.europa.esig.dss.xml.utils.DomUtils;
import java.io.IOException;
import org.apache.xml.security.exceptions.XMLSecurityException;
import org.apache.xml.security.signature.XMLSignatureInput;
import org.apache.xml.security.transforms.Transforms;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Element;

/* loaded from: input_file:BOOT-INF/lib/dss-xades-6.0.jar:eu/europa/esig/dss/xades/validation/policy/XMLSignaturePolicyValidator.class */
public class XMLSignaturePolicyValidator extends AbstractSignaturePolicyValidator {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) XMLSignaturePolicyValidator.class);
    protected static final String XML_ERROR_KEY = "xmlProcessing";

    @Override // eu.europa.esig.dss.validation.policy.SignaturePolicyValidator
    public boolean canValidate(SignaturePolicy signaturePolicy) {
        if (signaturePolicy.getPolicyContent() != null) {
            return DomUtils.startsWithXmlPreamble(signaturePolicy.getPolicyContent());
        }
        return false;
    }

    @Override // eu.europa.esig.dss.validation.policy.SignaturePolicyValidator
    public SignaturePolicyValidationResult validate(SignaturePolicy signaturePolicy) {
        SignaturePolicyValidationResult signaturePolicyValidationResult = new SignaturePolicyValidationResult();
        if (signaturePolicy.getPolicyContent() == null) {
            signaturePolicyValidationResult.addError("general", "The signature policy content is not obtained.");
            return signaturePolicyValidationResult;
        }
        signaturePolicyValidationResult.setIdentified(true);
        Digest digest = signaturePolicy.getDigest();
        if (digest == null) {
            signaturePolicyValidationResult.addError("general", "The policy digest value is not defined.");
            return signaturePolicyValidationResult;
        }
        signaturePolicyValidationResult.setDigestAlgorithmsEqual(true);
        Digest digest2 = null;
        Element element = null;
        if (signaturePolicy instanceof XAdESSignaturePolicy) {
            element = ((XAdESSignaturePolicy) signaturePolicy).getTransforms();
        }
        if (element != null) {
            try {
                digest2 = getDigestAfterTransforms(signaturePolicy.getPolicyContent(), digest.getAlgorithm(), element);
            } catch (Exception e) {
                String format = String.format("Unable to perform transforms on an XML Policy. Reason : %s", e.getMessage());
                LOG.warn(format, (Throwable) e);
                signaturePolicyValidationResult.addError(XML_ERROR_KEY, format);
            }
        } else {
            digest2 = getComputedDigest(signaturePolicy.getPolicyContent(), digest.getAlgorithm());
        }
        signaturePolicyValidationResult.setDigest(digest2);
        if (digest2 != null) {
            if (digest.equals(digest2)) {
                signaturePolicyValidationResult.setDigestValid(true);
            } else {
                signaturePolicyValidationResult.addError("general", "The policy digest value (" + Utils.toBase64(digest.getValue()) + ") does not match the re-calculated digest value (" + Utils.toBase64(digest2.getValue()) + ").");
            }
        }
        return signaturePolicyValidationResult;
    }

    public Digest getDigestAfterTransforms(DSSDocument dSSDocument, DigestAlgorithm digestAlgorithm, Element element) throws XMLSecurityException, IOException {
        return element != null ? new Digest(digestAlgorithm, DSSUtils.digest(digestAlgorithm, new Transforms(element, "").performTransforms(new XMLSignatureInput(DomUtils.buildDOM(dSSDocument))).getBytes())) : getComputedDigest(dSSDocument, digestAlgorithm);
    }
}
