package be.fgov.ehealth.technicalconnector.signature.impl.xades.impl;

import be.ehealth.technicalconnector.exception.InvalidTimeStampException;
import be.ehealth.technicalconnector.exception.TechnicalConnectorException;
import be.ehealth.technicalconnector.service.sts.security.Credential;
import be.ehealth.technicalconnector.service.timestamp.TimestampUtil;
import be.ehealth.technicalconnector.utils.ConnectorIOUtils;
import be.ehealth.technicalconnector.validator.impl.TimeStampValidatorFactory;
import be.fgov.ehealth.technicalconnector.signature.domain.SignatureVerificationError;
import be.fgov.ehealth.technicalconnector.signature.domain.SignatureVerificationResult;
import be.fgov.ehealth.technicalconnector.signature.domain.XadesOption;
import be.fgov.ehealth.technicalconnector.signature.impl.DomUtils;
import be.fgov.ehealth.technicalconnector.signature.impl.SignatureUtils;
import be.fgov.ehealth.technicalconnector.signature.impl.XmlSignatureBuilder;
import be.fgov.ehealth.technicalconnector.signature.impl.tsa.TimestampGeneratorFactory;
import be.fgov.ehealth.technicalconnector.signature.impl.xades.domain.SignedPropertiesBuilder;
import be.fgov.ehealth.technicalconnector.signature.impl.xades.domain.UnsignedPropertiesBuilder;
import java.io.ByteArrayOutputStream;
import java.util.Iterator;
import java.util.Map;
import org.apache.xml.security.signature.XMLSignature;
import org.apache.xml.security.signature.XMLSignatureInput;
import org.apache.xml.security.transforms.Transform;
import org.bouncycastle.tsp.TimeStampToken;
import org.bouncycastle.util.encoders.Base64;
import org.joda.time.DateTime;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;

/* loaded from: input_file:be/fgov/ehealth/technicalconnector/signature/impl/xades/impl/XadesTSpecification.class */
public class XadesTSpecification implements be.fgov.ehealth.technicalconnector.signature.impl.xades.XadesSpecification {
    private static final String DEFAULT_C14N_METHOD = "http://www.w3.org/2001/10/xml-exc-c14n#";
    private static final Logger LOG = LoggerFactory.getLogger(XadesSpecification.class);

    @Override // be.fgov.ehealth.technicalconnector.signature.impl.xades.XadesSpecification
    public void addOptionalBeforeSignatureParts(SignedPropertiesBuilder signedPropertiesBuilder, XMLSignature xMLSignature, Credential credential, String str, Map<String, Object> map) throws TechnicalConnectorException {
    }

    @Override // be.fgov.ehealth.technicalconnector.signature.impl.xades.XadesSpecification
    public void addOptionalAfterSignatureParts(UnsignedPropertiesBuilder unsignedPropertiesBuilder, XMLSignature xMLSignature, String str, Map<String, Object> map) throws TechnicalConnectorException {
        String str2 = (String) SignatureUtils.getOption(XadesOption.SIGNATURETIMESTAMP_CANONICALIZATIONMETHODURI, map, DEFAULT_C14N_METHOD);
        unsignedPropertiesBuilder.addSignatureTimestamp(generateSignatureTimestamp(xMLSignature, map, str2), str2);
    }

    @Override // be.fgov.ehealth.technicalconnector.signature.impl.xades.XadesSpecification
    public void verify(SignatureVerificationResult signatureVerificationResult, Element element) {
        verifySignatureTimeStamp(signatureVerificationResult, element);
        verifySigningCertificate(signatureVerificationResult);
    }

    private void verifySigningCertificate(SignatureVerificationResult signatureVerificationResult) {
        Iterator<DateTime> it = signatureVerificationResult.getTimestampGenTimes().iterator();
        while (it.hasNext()) {
            XadesVerificationHelper.verifyValiditySigningCert(it.next(), signatureVerificationResult);
        }
    }

    private byte[] generateSignatureTimestamp(XMLSignature xMLSignature, Map<String, Object> map, String str) throws TechnicalConnectorException {
        byte[] generateTimestampDigest = generateTimestampDigest(xMLSignature.getElement(), str);
        return TimestampGeneratorFactory.getInstance(map).generate(xMLSignature.getId(), (String) SignatureUtils.getOption(XadesOption.SIGNATURETIMESTAMP_ALGORITHMURI, map, "http://www.w3.org/2001/04/xmlenc#sha256"), generateTimestampDigest);
    }

    private void verifySignatureTimeStamp(SignatureVerificationResult signatureVerificationResult, Element element) {
        try {
            NodeList matchingChilds = DomUtils.getMatchingChilds(element, be.fgov.ehealth.technicalconnector.signature.impl.xades.XadesSpecification.XMLNS_XADES_1_3_2, "SignatureTimeStamp");
            if (matchingChilds == null || matchingChilds.getLength() <= 0) {
                signatureVerificationResult.getErrors().add(SignatureVerificationError.XADES_ENCAPSULATED_TIMESTAMP_NOT_FOUND);
            } else {
                for (int i = 0; i < matchingChilds.getLength(); i++) {
                    Element element2 = (Element) matchingChilds.item(i);
                    verifyTimestampList(signatureVerificationResult, element, DomUtils.getMatchingChilds(element2, be.fgov.ehealth.technicalconnector.signature.impl.xades.XadesSpecification.XMLNS_XADES_1_3_2, "EncapsulatedTimeStamp"), getCanonicalizationMethod(DomUtils.getMatchingChilds(element2, XmlSignatureBuilder.XMLNS_DS, "CanonicalizationMethod")));
                }
            }
        } catch (Exception e) {
            LOG.error("Unable to verify Timestamp", e);
            signatureVerificationResult.getErrors().add(SignatureVerificationError.XADES_ENCAPSULATED_TIMESTAMP_NOT_VERIFIED);
        }
    }

    private void verifyTimestampList(SignatureVerificationResult signatureVerificationResult, Element element, NodeList nodeList, String str) throws TechnicalConnectorException {
        if (nodeList == null || nodeList.getLength() <= 0) {
            signatureVerificationResult.getErrors().add(SignatureVerificationError.XADES_ENCAPSULATED_TIMESTAMP_NOT_FOUND);
            return;
        }
        for (int i = 0; i < nodeList.getLength(); i++) {
            try {
                Node item = nodeList.item(i);
                byte[] generateTimestampDigest = generateTimestampDigest(element, str);
                TimeStampToken timeStampToken = TimestampUtil.getTimeStampToken(Base64.decode(item.getTextContent().getBytes()));
                TimeStampValidatorFactory.getInstance().validateTimeStampToken(generateTimestampDigest, timeStampToken);
                signatureVerificationResult.getTimestampGenTimes().add(new DateTime(timeStampToken.getTimeStampInfo().getGenTime()));
                signatureVerificationResult.getTsTokens().add(timeStampToken);
            } catch (InvalidTimeStampException e) {
                LOG.error(e.getMessage(), e);
                signatureVerificationResult.getErrors().add(SignatureVerificationError.XADES_ENCAPSULATED_TIMESTAMP_NOT_VALID);
            }
        }
    }

    private String getCanonicalizationMethod(NodeList nodeList) {
        String str;
        if (nodeList == null || nodeList.getLength() == 0) {
            LOG.info("Unable to detect CanonicalizationMethod, using default [http://www.w3.org/2001/10/xml-exc-c14n#]");
            str = DEFAULT_C14N_METHOD;
        } else {
            str = nodeList.item(0).getAttributes().getNamedItem("Algorithm").getTextContent();
        }
        return str;
    }

    private byte[] generateTimestampDigest(Element element, String str) {
        try {
            Node item = DomUtils.getMatchingChilds(element, XmlSignatureBuilder.XMLNS_DS, "SignatureValue").item(0);
            XMLSignatureInput performTransform = new Transform(item.getOwnerDocument(), str).performTransform(new XMLSignatureInput(item));
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            if (performTransform.isByteArray()) {
                byteArrayOutputStream.write(performTransform.getBytes());
            } else if (performTransform.isOctetStream()) {
                byteArrayOutputStream.write(ConnectorIOUtils.getBytes(performTransform.getOctetStream()));
            }
            return byteArrayOutputStream.toByteArray();
        } catch (Exception e) {
            throw new IllegalArgumentException("Unable to calculateDigest", e);
        }
    }
}
