package org.linagora.linsign.server.entities.impl;

import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.net.URI;
import java.security.KeyException;
import java.security.KeyPair;
import java.security.Provider;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import javax.xml.crypto.dsig.SignedInfo;
import javax.xml.crypto.dsig.XMLSignature;
import javax.xml.crypto.dsig.XMLSignatureFactory;
import javax.xml.crypto.dsig.dom.DOMSignContext;
import javax.xml.crypto.dsig.keyinfo.KeyInfoFactory;
import javax.xml.crypto.dsig.spec.C14NMethodParameterSpec;
import javax.xml.crypto.dsig.spec.TransformParameterSpec;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.transform.TransformerFactory;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
import org.apache.xml.security.utils.Constants;
import org.linagora.jaxbxades.jaxb.ConvertJaxbDom;
import org.linagora.jaxbxades.utils.XadesSetup;
import org.linagora.jaxbxades.utils.encode.HashUtils;
import org.linagora.jaxbxades.xades.QualifyingProperties;
import org.linagora.jaxbxades.xades.SignedProperties;
import org.linagora.linsign.exceptions.ComputeSignatureException;
import org.linagora.linsign.exceptions.FinalizeDocumentException;
import org.linagora.linsign.server.entities.SignedDocumentsContainer;
import org.linagora.linsign.utils.archive.ArchiveFile;
import org.linagora.linsign.utils.archive.ArchiveOutputStream;
import org.linagora.linsign.utils.encode.Base64Utils;
import org.linagora.linsign.utils.sign.SignCipher;
import org.linagora.linsign.utils.sign.config.SignaturePolicy;
import org.w3c.dom.Document;
import org.w3c.dom.NodeList;

/* loaded from: input_file:WEB-INF/lib/linsign-1.0.jar:org/linagora/linsign/server/entities/impl/DetachedXadesObject.class */
public class DetachedXadesObject extends SignedDocumentsContainer {
    private Document documentSignature;

    public DetachedXadesObject(String str) {
        super(str);
    }

    public DetachedXadesObject() {
    }

    @Override // org.linagora.linsign.server.entities.SignedDocumentsContainer
    protected byte[] computeSignature(SignaturePolicy signaturePolicy) throws ComputeSignatureException {
        try {
            URI uri = this.sourceDocuments.get(0).getParentFile() != null ? this.sourceDocuments.get(0).getParentFile().toURI() : new File(".").toURI();
            String algorithm = getSignercert().getPublicKey().getAlgorithm();
            if (!algorithm.equalsIgnoreCase("RSA")) {
                throw new KeyException("Invalid private key alorithm (" + algorithm + "). Must be RSA");
            }
            XMLSignatureFactory xMLSignatureFactory = XMLSignatureFactory.getInstance("DOM", (Provider) Class.forName(System.getProperty("jsr105Provider", "org.jcp.xml.dsig.internal.dom.XMLDSigRI")).newInstance());
            DocumentBuilderFactory newInstance = DocumentBuilderFactory.newInstance();
            newInstance.setNamespaceAware(true);
            this.documentSignature = newInstance.newDocumentBuilder().newDocument();
            ArrayList arrayList = new ArrayList();
            arrayList.add(xMLSignatureFactory.newReference("#S0-SignedProperties", xMLSignatureFactory.newDigestMethod("http://www.w3.org/2000/09/xmldsig#sha1", null), Collections.singletonList(xMLSignatureFactory.newTransform("http://www.w3.org/2001/10/xml-exc-c14n#", (TransformParameterSpec) null)), null, null));
            for (File file : this.sourceDocuments) {
                arrayList.add(xMLSignatureFactory.newReference(uri.relativize(file.toURI()).toString().toString(), xMLSignatureFactory.newDigestMethod("http://www.w3.org/2000/09/xmldsig#sha1", null), null, null, null, HashUtils.hashSha1(file)));
            }
            SignedInfo newSignedInfo = xMLSignatureFactory.newSignedInfo(xMLSignatureFactory.newCanonicalizationMethod("http://www.w3.org/2001/10/xml-exc-c14n#", (C14NMethodParameterSpec) null), xMLSignatureFactory.newSignatureMethod("http://www.w3.org/2000/09/xmldsig#rsa-sha1", null), arrayList);
            KeyInfoFactory keyInfoFactory = xMLSignatureFactory.getKeyInfoFactory();
            X509Certificate signercert = getSignercert();
            ArrayList arrayList2 = new ArrayList(Collections.singletonList(signercert));
            arrayList2.add(keyInfoFactory.newX509IssuerSerial(signercert.getIssuerX500Principal().getName(), signercert.getSerialNumber()));
            XMLSignature newXMLSignature = xMLSignatureFactory.newXMLSignature(newSignedInfo, keyInfoFactory.newKeyInfo(Collections.singletonList(keyInfoFactory.newX509Data(arrayList2))), Collections.singletonList(xMLSignatureFactory.newXMLObject(Collections.singletonList(ConvertJaxbDom.jaxbToDom(new QualifyingProperties("S0", new SignedProperties(new XadesSetup(signaturePolicy.getProperties()), "S0", signercert, this.signingTime), null))), "S0-XAD", null, null)), "S0", "S0-SIG");
            KeyPair dummyRSAkeyPair = SignCipher.getDummyRSAkeyPair();
            DOMSignContext dOMSignContext = new DOMSignContext(dummyRSAkeyPair.getPrivate(), this.documentSignature);
            dOMSignContext.putNamespacePrefix("http://www.w3.org/2000/09/xmldsig#", "ds");
            dOMSignContext.setBaseURI(uri.toString());
            newXMLSignature.sign(dOMSignContext);
            this.signature = newXMLSignature.getSignatureValue().getValue();
            return SignCipher.decryptSignature(this.signature, dummyRSAkeyPair.getPublic());
        } catch (Exception e) {
            throw new ComputeSignatureException(e);
        }
    }

    @Override // org.linagora.linsign.server.entities.SignedDocumentsContainer
    public File computeFinalizeDocument(String str) throws FinalizeDocumentException {
        FileOutputStream fileOutputStream = null;
        ArchiveOutputStream archiveOutputStream = null;
        try {
            try {
                if (this.endDocument == null) {
                    if (this.sourceDocuments.size() == 1) {
                        this.endDocument = ArchiveFile.getOutputNameWithZipExtension(this.sourceDocuments.get(0));
                    } else {
                        this.endDocument = new File(this.sourceDocuments.get(0).getParentFile().toString() + File.separator + ArchiveFile.ARCHIVE_XADES_DEFAULT_NAME);
                    }
                }
                this.signature = Base64Utils.decode(str);
                NodeList elementsByTagNameNS = this.documentSignature.getElementsByTagNameNS("http://www.w3.org/2000/09/xmldsig#", Constants._TAG_SIGNATUREVALUE);
                elementsByTagNameNS.item(elementsByTagNameNS.getLength() - 1).getFirstChild().setNodeValue(str);
                ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                TransformerFactory.newInstance().newTransformer().transform(new DOMSource(this.documentSignature), new StreamResult(byteArrayOutputStream));
                byte[] byteArray = byteArrayOutputStream.toByteArray();
                fileOutputStream = new FileOutputStream(this.endDocument);
                archiveOutputStream = new ArchiveOutputStream(fileOutputStream, byteArray, this.sourceDocuments);
                archiveOutputStream.writeAll();
                if (archiveOutputStream != null) {
                    try {
                        archiveOutputStream.close();
                    } catch (IOException e) {
                    }
                }
                if (fileOutputStream != null) {
                    fileOutputStream.close();
                }
                return this.endDocument;
            } catch (Throwable th) {
                if (archiveOutputStream != null) {
                    try {
                        archiveOutputStream.close();
                    } catch (IOException e2) {
                        throw th;
                    }
                }
                if (fileOutputStream != null) {
                    fileOutputStream.close();
                }
                throw th;
            }
        } catch (Exception e3) {
            throw new FinalizeDocumentException(e3);
        }
    }
}
