package be.fgov.ehealth.technicalconnector.distributedkeys.proxy;

import be.ehealth.technicalconnector.exception.TechnicalConnectorException;
import be.ehealth.technicalconnector.idgenerator.IdGeneratorFactory;
import be.ehealth.technicalconnector.utils.ConnectorXmlUtils;
import be.ehealth.technicalconnector.utils.MarshallerHelper;
import be.ehealth.technicalconnector.ws.ServiceFactory;
import be.ehealth.technicalconnector.ws.domain.GenericRequest;
import be.fgov.ehealth.technicalconnector.distributedkeys.DistributedSignerProxy;
import java.security.SignatureException;
import java.security.cert.X509Certificate;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.soap.SOAPException;
import oasis.names.tc.dss._1_0.core.schema.AnyType;
import oasis.names.tc.dss._1_0.core.schema.DocumentHash;
import oasis.names.tc.dss._1_0.core.schema.InputDocuments;
import oasis.names.tc.dss._1_0.core.schema.KeySelector;
import oasis.names.tc.dss._1_0.core.schema.Result;
import oasis.names.tc.dss._1_0.core.schema.SignRequest;
import oasis.names.tc.dss._1_0.core.schema.SignResponse;
import org.apache.commons.lang3.StringUtils;
import org.w3._2000._09.xmldsig.DigestMethod;
import org.w3._2000._09.xmldsig.KeyInfo;
import org.w3._2000._09.xmldsig.ObjectFactory;
import org.w3c.dom.Element;

/* loaded from: input_file:be/fgov/ehealth/technicalconnector/distributedkeys/proxy/DigitalSignatureServiceProxy.class */
public class DigitalSignatureServiceProxy implements DistributedSignerProxy {
    private GenericRequest req;
    private String profile;
    private Map<String, List<X509Certificate>> certificates;
    private static ObjectFactory dsigObjectFactory = new ObjectFactory();
    private static Map<String, DigestMethod> digestAlgoToDigestMethod = new HashMap();

    public DigitalSignatureServiceProxy(GenericRequest genericRequest, String str, Map<String, List<X509Certificate>> map) {
        this.req = genericRequest;
        this.profile = str;
        this.certificates = map;
    }

    private static Element createKeySelector(String str) {
        KeySelector keySelector = new KeySelector();
        KeyInfo keyInfo = new KeyInfo();
        keyInfo.getContent().add(dsigObjectFactory.createKeyName(str));
        keySelector.setKeyInfo(keyInfo);
        return new MarshallerHelper(KeySelector.class, KeySelector.class).toDocument(keySelector).getDocumentElement();
    }

    private static Element createSignatureType() throws ParserConfigurationException {
        DocumentBuilderFactory newInstance = DocumentBuilderFactory.newInstance();
        newInstance.setNamespaceAware(true);
        Element createElementNS = newInstance.newDocumentBuilder().newDocument().createElementNS("urn:oasis:names:tc:dss:1.0:core:schema", "SignatureType");
        createElementNS.setTextContent("urn:ietf:rfc:3447");
        return createElementNS;
    }

    private static DigestMethod createDigestMethod(String str) {
        DigestMethod digestMethod = new DigestMethod();
        digestMethod.setAlgorithm(str);
        return digestMethod;
    }

    @Override // be.fgov.ehealth.technicalconnector.distributedkeys.DistributedSignerProxy
    public byte[] sign(byte[] bArr, String str, String str2) throws SignatureException {
        try {
            if (!digestAlgoToDigestMethod.containsKey(str)) {
                throw new IllegalArgumentException("Unsupported digest algo: " + str);
            }
            SignRequest signRequest = new SignRequest();
            signRequest.setRequestID(IdGeneratorFactory.getIdGenerator("xsid").generateId());
            if (StringUtils.isNotBlank(this.profile)) {
                signRequest.setProfile(this.profile);
            }
            DocumentHash documentHash = new DocumentHash();
            documentHash.setDigestValue(bArr);
            documentHash.setDigestMethod(digestAlgoToDigestMethod.get(str));
            new InputDocuments().getDocumentHash().add(documentHash);
            AnyType anyType = new AnyType();
            anyType.getAnies().add(createKeySelector(str2));
            anyType.getAnies().add(createSignatureType());
            signRequest.setOptionalInputs(anyType);
            SignResponse signResponse = (SignResponse) ServiceFactory.getGenericWsSender().send(this.req.setPayload(signRequest)).asObject(SignResponse.class);
            Result result = signResponse.getResult();
            if ("urn:oasis:names:tc:dss:1.0:resultminor:valid:signature:OnAllDocuments".equals(result.getResultMajor())) {
                throw new SignatureException("Received incorrect status [" + ConnectorXmlUtils.toString(result) + "]");
            }
            return signResponse.getSignatureObject().getBase64Signature().getValue();
        } catch (ParserConfigurationException e) {
            throw new SignatureException(e);
        } catch (TechnicalConnectorException e2) {
            throw new SignatureException((Throwable) e2);
        } catch (SOAPException e3) {
            throw new SignatureException((Throwable) e3);
        }
    }

    @Override // be.fgov.ehealth.technicalconnector.distributedkeys.DistributedSignerProxy
    public Set<String> getAliases() {
        return this.certificates.keySet();
    }

    @Override // be.fgov.ehealth.technicalconnector.distributedkeys.DistributedSignerProxy
    public List<X509Certificate> getCertificateChain(String str) {
        return this.certificates.get(str);
    }

    @Override // be.fgov.ehealth.technicalconnector.distributedkeys.DistributedSignerProxy
    public String getAlgorithm(String str) {
        List<X509Certificate> certificateChain = getCertificateChain(str);
        if (certificateChain == null || certificateChain.isEmpty()) {
            throw new IllegalArgumentException("Unable to determine Algorithm");
        }
        return certificateChain.get(0).getPublicKey().getAlgorithm();
    }

    static {
        digestAlgoToDigestMethod.put("SHA1", createDigestMethod("http://www.w3.org/2000/09/xmldsig#sha1"));
        digestAlgoToDigestMethod.put("SHA-1", createDigestMethod("http://www.w3.org/2000/09/xmldsig#sha1"));
        digestAlgoToDigestMethod.put("SHA-256", createDigestMethod("http://www.w3.org/2001/04/xmlenc#sha256"));
        digestAlgoToDigestMethod.put("SHA-512", createDigestMethod("http://www.w3.org/2001/04/xmlenc#sha512"));
    }
}
