package eu.europa.ec.markt.dss.validation.xades;

import eu.europa.ec.markt.dss.DSSUtils;
import eu.europa.ec.markt.dss.DSSXMLUtils;
import eu.europa.ec.markt.dss.exception.DSSException;
import eu.europa.ec.markt.dss.exception.EncodingException;
import eu.europa.ec.markt.dss.exception.NotETSICompliantException;
import eu.europa.ec.markt.dss.signature.DSSDocument;
import eu.europa.ec.markt.dss.signature.xades.ExternalFileURIDereferencer;
import eu.europa.ec.markt.dss.validation.AdvancedSignature;
import eu.europa.ec.markt.dss.validation.CRLRef;
import eu.europa.ec.markt.dss.validation.CertificateRef;
import eu.europa.ec.markt.dss.validation.OCSPRef;
import eu.europa.ec.markt.dss.validation.PolicyValue;
import eu.europa.ec.markt.dss.validation.SignatureForm;
import eu.europa.ec.markt.dss.validation.X500PrincipalMatcher;
import eu.europa.ec.markt.dss.validation.certificate.CertificateSource;
import eu.europa.ec.markt.dss.validation.x509.TimestampToken;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.math.BigInteger;
import java.security.MessageDigest;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.xml.crypto.Data;
import javax.xml.crypto.KeySelector;
import javax.xml.crypto.MarshalException;
import javax.xml.crypto.dom.DOMStructure;
import javax.xml.crypto.dsig.Reference;
import javax.xml.crypto.dsig.XMLSignature;
import javax.xml.crypto.dsig.XMLSignatureException;
import javax.xml.crypto.dsig.XMLSignatureFactory;
import javax.xml.crypto.dsig.dom.DOMValidateContext;
import javax.xml.datatype.DatatypeConfigurationException;
import javax.xml.datatype.DatatypeFactory;
import javax.xml.xpath.XPathExpressionException;
import org.apache.commons.codec.binary.Hex;
import org.apache.commons.io.IOUtils;
import org.apache.jcp.xml.dsig.internal.dom.XMLDSigRI;
import org.apache.xml.security.Init;
import org.apache.xml.security.c14n.CanonicalizationException;
import org.apache.xml.security.c14n.Canonicalizer;
import org.apache.xml.security.c14n.InvalidCanonicalizerException;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.ocsp.BasicOCSPResp;
import org.bouncycastle.tsp.TimeStampToken;
import org.linagora.linshare.core.utils.LdapHashUtils;
import org.w3c.dom.DOMException;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;

/* loaded from: input_file:applet/signature-client.jar:eu/europa/ec/markt/dss/validation/xades/XAdESSignature.class */
public class XAdESSignature implements AdvancedSignature {
    private static final Logger LOG = Logger.getLogger(XAdESSignature.class.getName());
    public static final String XADES_NAMESPACE = "http://uri.etsi.org/01903/v1.3.2#";
    public static final String XMLDSIG_DEFAULT_CANONICALIZATION_METHOD = "http://www.w3.org/TR/2001/REC-xml-c14n-20010315";
    public static final String XPATH_SIGNED_INFO = "./ds:SignedInfo";
    public static final String XPATH_SIGNATURE_VALUE = "./ds:SignatureValue";
    public static final String XPATH_KEY_INFO = "./ds:KeyInfo";
    public static final String XPATH_X509_CERTIFICATE = "./ds:KeyInfo/ds:X509Data/ds:X509Certificate";
    public static final String XPATH_OBJECT = "./ds:Object";
    public static final String XPATH__CANONICALIZATION_METHOD = "./ds:CanonicalizationMethod";
    public static final String XPATH_QUALIFYING_PROPERTIES = "./ds:Object/xades:QualifyingProperties";
    public static final String XPATH_SIGNED_PROPERTIES = "./ds:Object/xades:QualifyingProperties/xades:SignedProperties";
    public static final String XPATH_SIGNED_SIGNATURE_PROPERTIES = "./ds:Object/xades:QualifyingProperties/xades:SignedProperties/xades:SignedSignatureProperties";
    public static final String XPATH_SIGNING_CERTIFICATE_CERT = "./ds:Object/xades:QualifyingProperties/xades:SignedProperties/xades:SignedSignatureProperties/xades:SigningCertificate/xades:Cert";
    public static final String XPATH_UNSIGNED_PROPERTIES = "./ds:Object/xades:QualifyingProperties/xades:UnsignedProperties";
    public static final String XPATH_UNSIGNED_SIGNATURE_PROPERTIES = "./ds:Object/xades:QualifyingProperties/xades:UnsignedProperties/xades:UnsignedSignatureProperties";
    public static final String XPATH_SIGNATURE_TIMESTAMP = "./ds:Object/xades:QualifyingProperties/xades:UnsignedProperties/xades:UnsignedSignatureProperties/xades:SignatureTimeStamp";
    public static final String XPATH_COMPLETE_CERTIFICATE_REFS = "./ds:Object/xades:QualifyingProperties/xades:UnsignedProperties/xades:UnsignedSignatureProperties/xades:CompleteCertificateRefs";
    public static final String XPATH_COMPLETE_REVOCATION_REFS = "./ds:Object/xades:QualifyingProperties/xades:UnsignedProperties/xades:UnsignedSignatureProperties/xades:CompleteRevocationRefs";
    public static final String XPATH_SIG_AND_REFS_TIMESTAMP = "./ds:Object/xades:QualifyingProperties/xades:UnsignedProperties/xades:UnsignedSignatureProperties/xades:SigAndRefsTimeStamp";
    public static final String XPATH_CERTIFICATE_VALUES = "./ds:Object/xades:QualifyingProperties/xades:UnsignedProperties/xades:UnsignedSignatureProperties/xades:CertificateValues";
    public static final String XPATH_REVOCATION_VALUES = "./ds:Object/xades:QualifyingProperties/xades:UnsignedProperties/xades:UnsignedSignatureProperties/xades:RevocationValues";
    public static final String XPATH_ENCAPSULATED_X509_CERTIFICATE = "./ds:Object/xades:QualifyingProperties/xades:UnsignedProperties/xades:UnsignedSignatureProperties/xades:CertificateValues/xades:EncapsulatedX509Certificate";
    public static final String XPATH_ARCHIVE_TIMESTAMP = "./ds:Object/xades:QualifyingProperties/xades:UnsignedProperties/xades:UnsignedSignatureProperties/xades141:ArchiveTimeStamp";
    private final Element signatureElement;
    private ByteArrayOutputStream referencesDigestOutputStream = new ByteArrayOutputStream();

    public Element getSignatureElement() {
        return this.signatureElement;
    }

    public XAdESSignature(Element element) {
        if (element == null) {
            throw new NullPointerException("Must provide a signatureElement");
        }
        this.signatureElement = element;
    }

    @Override // eu.europa.ec.markt.dss.validation.AdvancedSignature
    public SignatureForm getSignatureFormat() {
        return SignatureForm.XAdES;
    }

    @Override // eu.europa.ec.markt.dss.validation.AdvancedSignature
    public String getSignatureAlgorithm() {
        return DSSXMLUtils.getElement(this.signatureElement, eu.europa.ec.markt.dss.validation102853.xades.XAdESSignature.XPATH_SIGNATURE_METHOD).getAttribute("Algorithm");
    }

    @Override // eu.europa.ec.markt.dss.validation.AdvancedSignature
    public XAdESCertificateSource getCertificateSource() {
        return new XAdESCertificateSource(this.signatureElement, false);
    }

    @Override // eu.europa.ec.markt.dss.validation.AdvancedSignature
    public CertificateSource getExtendedCertificateSource() {
        return new XAdESCertificateSource(this.signatureElement, true);
    }

    @Override // eu.europa.ec.markt.dss.validation.AdvancedSignature
    public XAdESCRLSource getCRLSource() {
        return new XAdESCRLSource(this.signatureElement);
    }

    @Override // eu.europa.ec.markt.dss.validation.AdvancedSignature
    public XAdESOCSPSource getOCSPSource() {
        return new XAdESOCSPSource(this.signatureElement);
    }

    @Override // eu.europa.ec.markt.dss.validation.AdvancedSignature
    public X509Certificate getSigningCertificate() {
        return getSigningCertificate(getCertificateSource().getCertificates());
    }

    public X509Certificate getSigningCertificate(List<X509Certificate> list) {
        NodeList nodeList = DSSXMLUtils.getNodeList(this.signatureElement, "./ds:Object/xades:QualifyingProperties/xades:SignedProperties/xades:SignedSignatureProperties/xades:SigningCertificate/xades:Cert");
        for (int i = 0; i < nodeList.getLength(); i++) {
            Element element = (Element) nodeList.item(i);
            X500Name x500Name = new X500Name(X500PrincipalMatcher.maybePatchDN(DSSXMLUtils.getElement(element, eu.europa.ec.markt.dss.validation102853.xades.XAdESSignature.XPATH__X509_ISSUER_NAME).getTextContent()));
            BigInteger bigInteger = new BigInteger(DSSXMLUtils.getElement(element, eu.europa.ec.markt.dss.validation102853.xades.XAdESSignature.XPATH__X509_SERIAL_NUMBER).getTextContent());
            for (X509Certificate x509Certificate : list) {
                if (x509Certificate.getSerialNumber().equals(bigInteger) && X500PrincipalMatcher.viaAny(new X500Name(X500PrincipalMatcher.maybePatchDN(x509Certificate.getIssuerX500Principal().getName())), x500Name)) {
                    return x509Certificate;
                }
            }
        }
        return null;
    }

    @Override // eu.europa.ec.markt.dss.validation.AdvancedSignature
    public Date getSigningTime() {
        try {
            Element element = DSSXMLUtils.getElement(this.signatureElement, eu.europa.ec.markt.dss.validation102853.xades.XAdESSignature.XPATH_SIGNING_TIME);
            if (element == null) {
                return null;
            }
            return DatatypeFactory.newInstance().newXMLGregorianCalendar(element.getTextContent()).toGregorianCalendar().getTime();
        } catch (DatatypeConfigurationException e) {
            throw new RuntimeException(e);
        } catch (DOMException e2) {
            throw new RuntimeException(e2);
        }
    }

    @Override // eu.europa.ec.markt.dss.validation.AdvancedSignature
    public PolicyValue getPolicyId() {
        Element element = DSSXMLUtils.getElement(this.signatureElement, eu.europa.ec.markt.dss.validation102853.xades.XAdESSignature.XPATH_SIGNATURE_POLICY_IDENTIFIER);
        if (element == null) {
            return null;
        }
        Element element2 = DSSXMLUtils.getElement(element, eu.europa.ec.markt.dss.validation102853.xades.XAdESSignature.XPATH__SIGNATURE_POLICY_ID);
        return element2 != null ? new PolicyValue(element2.getTextContent()) : new PolicyValue();
    }

    @Override // eu.europa.ec.markt.dss.validation.AdvancedSignature
    public String getLocation() {
        return null;
    }

    @Override // eu.europa.ec.markt.dss.validation.AdvancedSignature
    public String[] getClaimedSignerRoles() {
        NodeList nodeList = DSSXMLUtils.getNodeList(this.signatureElement, eu.europa.ec.markt.dss.validation102853.xades.XAdESSignature.XPATH_CLAIMED_ROLE);
        if (nodeList.getLength() == 0) {
            return null;
        }
        String[] strArr = new String[nodeList.getLength()];
        for (int i = 0; i < nodeList.getLength(); i++) {
            strArr[i] = ((Element) nodeList.item(i)).getTextContent();
        }
        return strArr;
    }

    @Override // eu.europa.ec.markt.dss.validation.AdvancedSignature
    public String getContentType() {
        return "text/xml";
    }

    private TimestampToken makeTimestampToken(Element element, TimestampToken.TimestampType timestampType) throws XPathExpressionException {
        try {
            return new TimestampToken(new TimeStampToken(new CMSSignedData(DSSUtils.base64Decode(DSSXMLUtils.getElement(element, eu.europa.ec.markt.dss.validation102853.xades.XAdESSignature.XPATH__ENCAPSULATED_TIMESTAMP).getTextContent()))), timestampType);
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    public Element getKeyInfo() {
        return DSSXMLUtils.getElement(this.signatureElement, "./ds:KeyInfo");
    }

    public Element getSignedInfo() {
        return DSSXMLUtils.getElement(this.signatureElement, "./ds:SignedInfo");
    }

    public Node getSignatureValue() {
        return DSSXMLUtils.getNode(this.signatureElement, "./ds:SignatureValue");
    }

    public Element getObject() {
        return DSSXMLUtils.getElement(this.signatureElement, "./ds:Object");
    }

    public NodeList getObjects() {
        return DSSXMLUtils.getNodeList(this.signatureElement, "./ds:Object");
    }

    public Element getQualifyingProperties() {
        return DSSXMLUtils.getElement(this.signatureElement, "./ds:Object/xades:QualifyingProperties");
    }

    public Element getSignedProperties() {
        return DSSXMLUtils.getElement(this.signatureElement, "./ds:Object/xades:QualifyingProperties/xades:SignedProperties");
    }

    public Element getSignedSignatureProperties() {
        return DSSXMLUtils.getElement(this.signatureElement, "./ds:Object/xades:QualifyingProperties/xades:SignedProperties/xades:SignedSignatureProperties");
    }

    public Element getUnsignedSignatureProperties() {
        return DSSXMLUtils.getElement(this.signatureElement, "./ds:Object/xades:QualifyingProperties/xades:UnsignedProperties/xades:UnsignedSignatureProperties");
    }

    public Element getUnsignedProperties() {
        return DSSXMLUtils.getElement(this.signatureElement, "./ds:Object/xades:QualifyingProperties/xades:UnsignedProperties");
    }

    public Element getCompleteCertificateRefs() {
        return DSSXMLUtils.getElement(this.signatureElement, "./ds:Object/xades:QualifyingProperties/xades:UnsignedProperties/xades:UnsignedSignatureProperties/xades:CompleteCertificateRefs");
    }

    public Element getCompleteRevocationRefs() {
        return DSSXMLUtils.getElement(this.signatureElement, "./ds:Object/xades:QualifyingProperties/xades:UnsignedProperties/xades:UnsignedSignatureProperties/xades:CompleteRevocationRefs");
    }

    public NodeList getSigAndRefsTimeStamp() {
        return DSSXMLUtils.getNodeList(this.signatureElement, "./ds:Object/xades:QualifyingProperties/xades:UnsignedProperties/xades:UnsignedSignatureProperties/xades:SigAndRefsTimeStamp");
    }

    public Element getCertificateValues() {
        return DSSXMLUtils.getElement(this.signatureElement, "./ds:Object/xades:QualifyingProperties/xades:UnsignedProperties/xades:UnsignedSignatureProperties/xades:CertificateValues");
    }

    public Element getRevocationValues() {
        return DSSXMLUtils.getElement(this.signatureElement, "./ds:Object/xades:QualifyingProperties/xades:UnsignedProperties/xades:UnsignedSignatureProperties/xades:RevocationValues");
    }

    public boolean hasTExtension() {
        return DSSXMLUtils.getNodeList(this.signatureElement, "./ds:Object/xades:QualifyingProperties/xades:UnsignedProperties/xades:UnsignedSignatureProperties/xades:SignatureTimeStamp").getLength() > 0;
    }

    public boolean hasCExtension() {
        return DSSXMLUtils.getNodeList(this.signatureElement, "./ds:Object/xades:QualifyingProperties/xades:UnsignedProperties/xades:UnsignedSignatureProperties/xades:CompleteCertificateRefs").getLength() > 0 || DSSXMLUtils.getNodeList(this.signatureElement, "./ds:Object/xades:QualifyingProperties/xades:UnsignedProperties/xades:UnsignedSignatureProperties/xades:CompleteRevocationRefs").getLength() > 0;
    }

    public boolean hasXExtension() {
        return DSSXMLUtils.getNodeList(this.signatureElement, "./ds:Object/xades:QualifyingProperties/xades:UnsignedProperties/xades:UnsignedSignatureProperties/xades:SigAndRefsTimeStamp").getLength() > 0;
    }

    public boolean hasXLExtension() {
        return DSSXMLUtils.getNodeList(this.signatureElement, "./ds:Object/xades:QualifyingProperties/xades:UnsignedProperties/xades:UnsignedSignatureProperties/xades:CertificateValues").getLength() > 0 || DSSXMLUtils.getNodeList(this.signatureElement, "./ds:Object/xades:QualifyingProperties/xades:UnsignedProperties/xades:UnsignedSignatureProperties/xades:RevocationValues").getLength() > 0;
    }

    @Override // eu.europa.ec.markt.dss.validation.AdvancedSignature
    public List<TimestampToken> getSignatureTimestamps() {
        try {
            ArrayList arrayList = new ArrayList();
            NodeList nodeList = DSSXMLUtils.getNodeList(this.signatureElement, "./ds:Object/xades:QualifyingProperties/xades:UnsignedProperties/xades:UnsignedSignatureProperties/xades:SignatureTimeStamp");
            for (int i = 0; i < nodeList.getLength(); i++) {
                TimestampToken makeTimestampToken = makeTimestampToken((Element) nodeList.item(i), TimestampToken.TimestampType.SIGNATURE_TIMESTAMP);
                if (makeTimestampToken != null) {
                    arrayList.add(makeTimestampToken);
                }
            }
            return arrayList;
        } catch (XPathExpressionException e) {
            throw new EncodingException(EncodingException.MSG.SIGNATURE_TIMESTAMP_ENCODING);
        }
    }

    @Override // eu.europa.ec.markt.dss.validation.AdvancedSignature
    public List<TimestampToken> getTimestampsX1() {
        try {
            ArrayList arrayList = new ArrayList();
            NodeList nodeList = DSSXMLUtils.getNodeList(this.signatureElement, "./ds:Object/xades:QualifyingProperties/xades:UnsignedProperties/xades:UnsignedSignatureProperties/xades:SigAndRefsTimeStamp");
            for (int i = 0; i < nodeList.getLength(); i++) {
                TimestampToken makeTimestampToken = makeTimestampToken((Element) nodeList.item(i), TimestampToken.TimestampType.VALIDATION_DATA_TIMESTAMP);
                if (makeTimestampToken != null) {
                    arrayList.add(makeTimestampToken);
                }
            }
            return arrayList;
        } catch (XPathExpressionException e) {
            throw new EncodingException(EncodingException.MSG.TIMESTAMP_X1_ENCODING);
        }
    }

    @Override // eu.europa.ec.markt.dss.validation.AdvancedSignature
    public List<TimestampToken> getTimestampsX2() {
        try {
            ArrayList arrayList = new ArrayList();
            NodeList nodeList = DSSXMLUtils.getNodeList(this.signatureElement, eu.europa.ec.markt.dss.validation102853.xades.XAdESSignature.XPATH_REFS_ONLY_TIMESTAMP);
            for (int i = 0; i < nodeList.getLength(); i++) {
                TimestampToken makeTimestampToken = makeTimestampToken((Element) nodeList.item(i), TimestampToken.TimestampType.VALIDATION_DATA_REFSONLY_TIMESTAMP);
                if (makeTimestampToken != null) {
                    arrayList.add(makeTimestampToken);
                }
            }
            return arrayList;
        } catch (XPathExpressionException e) {
            throw new EncodingException(EncodingException.MSG.TIMESTAMP_X2_ENCODING);
        }
    }

    @Override // eu.europa.ec.markt.dss.validation.AdvancedSignature
    public List<TimestampToken> getArchiveTimestamps() {
        try {
            ArrayList arrayList = new ArrayList();
            NodeList nodeList = DSSXMLUtils.getNodeList(this.signatureElement, "./ds:Object/xades:QualifyingProperties/xades:UnsignedProperties/xades:UnsignedSignatureProperties/xades141:ArchiveTimeStamp");
            for (int i = 0; i < nodeList.getLength(); i++) {
                TimestampToken makeTimestampToken = makeTimestampToken((Element) nodeList.item(i), TimestampToken.TimestampType.ARCHIVE_TIMESTAMP);
                if (makeTimestampToken != null) {
                    arrayList.add(makeTimestampToken);
                }
            }
            return arrayList;
        } catch (XPathExpressionException e) {
            throw new EncodingException(EncodingException.MSG.ARCHIVE_TIMESTAMP_ENCODING);
        }
    }

    @Override // eu.europa.ec.markt.dss.validation.AdvancedSignature
    public List<X509Certificate> getCertificates() {
        return getCertificateSource().getCertificates();
    }

    public List<X509Certificate> getKeyInfoCertificates() {
        return getCertificateSource().getKeyInfoCertificates();
    }

    @Override // eu.europa.ec.markt.dss.validation.AdvancedSignature
    public boolean checkIntegrity(DSSDocument dSSDocument) throws DSSException {
        X509Certificate signingCertificate = getSigningCertificate();
        if (signingCertificate == null) {
            throw new DSSException("Unabled to proceed with the signature cryptographic verification. There is no signing certificate!");
        }
        DOMValidateContext dOMValidateContext = new DOMValidateContext(KeySelector.singletonKeySelector(signingCertificate.getPublicKey()), this.signatureElement);
        try {
            dOMValidateContext.setURIDereferencer(new ExternalFileURIDereferencer(dSSDocument));
            dOMValidateContext.setProperty("javax.xml.crypto.dsig.cacheReference", Boolean.TRUE);
            XMLSignature unmarshalXMLSignature = XMLSignatureFactory.getInstance("DOM", new XMLDSigRI()).unmarshalXMLSignature(dOMValidateContext);
            DSSXMLUtils.recursiveIdBrowse(dOMValidateContext, this.signatureElement);
            boolean z = false;
            try {
                z = unmarshalXMLSignature.validate(dOMValidateContext);
            } catch (XMLSignatureException e) {
            }
            try {
                unmarshalXMLSignature.getSignatureValue().validate(dOMValidateContext);
            } catch (XMLSignatureException e2) {
            }
            for (Reference reference : unmarshalXMLSignature.getSignedInfo().getReferences()) {
                try {
                    reference.validate(dOMValidateContext);
                } catch (XMLSignatureException e3) {
                }
                Data dereferencedData = reference.getDereferencedData();
                InputStream digestInputStream = reference.getDigestInputStream();
                if (dereferencedData != null) {
                    try {
                        IOUtils.copy(digestInputStream, this.referencesDigestOutputStream);
                    } catch (IOException e4) {
                    }
                }
            }
            return z;
        } catch (MarshalException e5) {
            throw new DSSException(e5.toString());
        }
    }

    @Override // eu.europa.ec.markt.dss.validation.AdvancedSignature
    public List<AdvancedSignature> getCounterSignatures() {
        try {
            NodeList nodeList = DSSXMLUtils.getNodeList(this.signatureElement, eu.europa.ec.markt.dss.validation102853.xades.XAdESSignature.XPATH_COUNTER_SIGNATURE);
            if (nodeList == null) {
                return null;
            }
            ArrayList arrayList = new ArrayList();
            for (int i = 0; i < nodeList.getLength(); i++) {
                Element element = DSSXMLUtils.getElement((Element) nodeList.item(i), eu.europa.ec.markt.dss.validation102853.xades.XAdESSignature.XPATH_SIGNATURE);
                XAdESSignature xAdESSignature = new XAdESSignature(element);
                XMLSignature unmarshalXMLSignature = XMLSignatureFactory.getInstance("DOM").unmarshalXMLSignature(new DOMStructure(element));
                LOG.info("Verifying countersignature References");
                Iterator it2 = unmarshalXMLSignature.getSignedInfo().getReferences().iterator();
                while (true) {
                    if (it2.hasNext()) {
                        Reference reference = (Reference) it2.next();
                        if (reference.getType() != null && reference.getType().equals(eu.europa.ec.markt.dss.validation102853.xades.XAdESSignature.XADES_COUNTERSIGNED_SIGNATURE)) {
                            if (reference.validate(new DOMValidateContext(xAdESSignature.getSigningCertificate().getPublicKey(), DSSXMLUtils.getElement(this.signatureElement, "./ds:SignatureValue")))) {
                                LOG.info("Reference verification succeeded, adding countersignature");
                                arrayList.add(xAdESSignature);
                            } else {
                                LOG.warning("Skipping countersignature because the Reference doesn't contain a hash of the embedding SignatureValue");
                            }
                        }
                    }
                }
            }
            return arrayList;
        } catch (MarshalException e) {
            throw new EncodingException(EncodingException.MSG.COUNTERSIGNATURE_ENCODING);
        } catch (XMLSignatureException e2) {
            throw new EncodingException(EncodingException.MSG.COUNTERSIGNATURE_ENCODING);
        }
    }

    @Override // eu.europa.ec.markt.dss.validation.AdvancedSignature
    public List<CertificateRef> getCertificateRefs() {
        Element element = DSSXMLUtils.getElement(this.signatureElement, eu.europa.ec.markt.dss.validation102853.xades.XAdESSignature.XPATH_CERT_REFS);
        if (element == null) {
            return null;
        }
        ArrayList arrayList = new ArrayList();
        NodeList nodeList = DSSXMLUtils.getNodeList(element, "./xades:Cert");
        for (int i = 0; i < nodeList.getLength(); i++) {
            Element element2 = (Element) nodeList.item(i);
            Element element3 = DSSXMLUtils.getElement(element2, eu.europa.ec.markt.dss.validation102853.xades.XAdESSignature.XPATH__X509_ISSUER_NAME);
            Element element4 = DSSXMLUtils.getElement(element2, eu.europa.ec.markt.dss.validation102853.xades.XAdESSignature.XPATH__X509_SERIAL_NUMBER);
            Element element5 = DSSXMLUtils.getElement(element2, eu.europa.ec.markt.dss.validation102853.xades.XAdESSignature.XPATH__DIGEST_METHOD);
            Element element6 = DSSXMLUtils.getElement(element2, eu.europa.ec.markt.dss.validation102853.xades.XAdESSignature.XPATH__CERT_DIGEST_DIGEST_VALUE);
            CertificateRef certificateRef = new CertificateRef();
            if (element3 != null && element4 != null) {
                certificateRef.setIssuerName(element3.getTextContent());
                certificateRef.setIssuerSerial(element4.getTextContent());
            }
            certificateRef.setDigestAlgorithm(getShortAlgoName(element5.getAttribute("Algorithm")));
            certificateRef.setDigestValue(DSSUtils.base64Decode(element6.getTextContent()));
            arrayList.add(certificateRef);
        }
        return arrayList;
    }

    private String getShortAlgoName(String str) {
        if ("http://www.w3.org/2000/09/xmldsig#sha1".equals(str)) {
            return "SHA1";
        }
        if ("http://www.w3.org/2001/04/xmlenc#sha256".equals(str)) {
            return "SHA256";
        }
        if ("http://www.w3.org/2001/04/xmlenc#sha512".equals(str)) {
            return "SHA512";
        }
        if ("http://www.w3.org/2001/04/xmlenc#ripemd160".equals(str)) {
            return "RIPEMD160";
        }
        throw new RuntimeException("Algorithm " + str + " not supported");
    }

    @Override // eu.europa.ec.markt.dss.validation.AdvancedSignature
    public List<CRLRef> getCRLRefs() {
        ArrayList arrayList = new ArrayList();
        Element element = DSSXMLUtils.getElement(this.signatureElement, eu.europa.ec.markt.dss.validation102853.xades.XAdESSignature.XPATH_REVOCATION_CRL_REFS);
        if (element != null) {
            NodeList nodeList = DSSXMLUtils.getNodeList(element, eu.europa.ec.markt.dss.validation102853.xades.XAdESSignature.XPATH__CRL_REF);
            for (int i = 0; i < nodeList.getLength(); i++) {
                Element element2 = (Element) nodeList.item(i);
                Element element3 = DSSXMLUtils.getElement(element2, eu.europa.ec.markt.dss.validation102853.xades.XAdESSignature.XPATH__DAAV_DIGEST_METHOD);
                Element element4 = DSSXMLUtils.getElement(element2, eu.europa.ec.markt.dss.validation102853.xades.XAdESSignature.XPATH__DAAV_DIGEST_VALUE);
                String shortAlgoName = getShortAlgoName(element3.getAttribute("Algorithm"));
                CRLRef cRLRef = new CRLRef();
                cRLRef.setDigestAlgorithm(shortAlgoName);
                cRLRef.setDigestValue(DSSUtils.base64Decode(element4.getTextContent()));
                arrayList.add(cRLRef);
            }
        }
        return arrayList;
    }

    @Override // eu.europa.ec.markt.dss.validation.AdvancedSignature
    public List<OCSPRef> getOCSPRefs() {
        ArrayList arrayList = new ArrayList();
        Element element = DSSXMLUtils.getElement(this.signatureElement, "./ds:Object/xades:QualifyingProperties/xades:UnsignedProperties/xades:UnsignedSignatureProperties/xades:CompleteRevocationRefs/xades:OCSPRefs");
        if (element != null) {
            NodeList nodeList = DSSXMLUtils.getNodeList(element, "./xades:OCSPRef");
            for (int i = 0; i < nodeList.getLength(); i++) {
                Element element2 = (Element) nodeList.item(i);
                Element element3 = DSSXMLUtils.getElement(element2, eu.europa.ec.markt.dss.validation102853.xades.XAdESSignature.XPATH__DAAV_DIGEST_METHOD);
                Element element4 = DSSXMLUtils.getElement(element2, eu.europa.ec.markt.dss.validation102853.xades.XAdESSignature.XPATH__DAAV_DIGEST_VALUE);
                if (element3 == null || element4 == null) {
                    throw new NotETSICompliantException(NotETSICompliantException.MSG.XADES_DIGEST_ALG_AND_VALUE_ENCODING);
                }
                arrayList.add(new OCSPRef(getShortAlgoName(element3.getAttribute("Algorithm")), DSSUtils.base64Decode(element4.getTextContent()), false));
            }
        }
        return arrayList;
    }

    @Override // eu.europa.ec.markt.dss.validation.AdvancedSignature
    public List<X509CRL> getCRLs() {
        return getCRLSource().getContainedCRLs();
    }

    @Override // eu.europa.ec.markt.dss.validation.AdvancedSignature
    public List<BasicOCSPResp> getOCSPs() {
        return getOCSPSource().getContainedOCSPResponses();
    }

    private byte[] getC14nValue(Node node, String str) {
        try {
            return Canonicalizer.getInstance(str).canonicalizeSubtree(node);
        } catch (CanonicalizationException e) {
            throw new RuntimeException("c14n error: " + e.getMessage(), e);
        } catch (InvalidCanonicalizerException e2) {
            throw new RuntimeException("c14n algo error: " + e2.getMessage(), e2);
        }
    }

    private byte[] getC14nValue(List<Node> list, String str) {
        try {
            Canonicalizer canonicalizer = Canonicalizer.getInstance(str);
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            Iterator<Node> it2 = list.iterator();
            while (it2.hasNext()) {
                byteArrayOutputStream.write(canonicalizer.canonicalizeSubtree(it2.next()));
            }
            return byteArrayOutputStream.toByteArray();
        } catch (IOException e) {
            throw new RuntimeException(e);
        } catch (CanonicalizationException e2) {
            throw new RuntimeException("c14n error: " + e2.getMessage(), e2);
        } catch (InvalidCanonicalizerException e3) {
            throw new RuntimeException("c14n algo error: " + e3.getMessage(), e3);
        }
    }

    @Override // eu.europa.ec.markt.dss.validation.AdvancedSignature
    public byte[] getSignatureTimestampData() {
        return getC14nValue(DSSXMLUtils.getElement(this.signatureElement, "./ds:SignatureValue"), "http://www.w3.org/TR/2001/REC-xml-c14n-20010315");
    }

    @Override // eu.europa.ec.markt.dss.validation.AdvancedSignature
    public byte[] getTimestampX1Data() {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            byteArrayOutputStream.write(getC14nValue(DSSXMLUtils.getElement(this.signatureElement, "./ds:SignatureValue"), "http://www.w3.org/TR/2001/REC-xml-c14n-20010315"));
            NodeList nodeList = DSSXMLUtils.getNodeList(this.signatureElement, "./ds:Object/xades:QualifyingProperties/xades:UnsignedProperties/xades:UnsignedSignatureProperties/xades:SignatureTimeStamp");
            if (nodeList != null) {
                for (int i = 0; i < nodeList.getLength(); i++) {
                    byteArrayOutputStream.write(getC14nValue(nodeList.item(i), "http://www.w3.org/TR/2001/REC-xml-c14n-20010315"));
                }
            }
            Element element = DSSXMLUtils.getElement(this.signatureElement, "./ds:Object/xades:QualifyingProperties/xades:UnsignedProperties/xades:UnsignedSignatureProperties/xades:CompleteCertificateRefs");
            if (element != null) {
                byteArrayOutputStream.write(getC14nValue(element, "http://www.w3.org/TR/2001/REC-xml-c14n-20010315"));
            }
            Element element2 = DSSXMLUtils.getElement(this.signatureElement, "./ds:Object/xades:QualifyingProperties/xades:UnsignedProperties/xades:UnsignedSignatureProperties/xades:CompleteRevocationRefs");
            if (element2 != null) {
                byteArrayOutputStream.write(getC14nValue(element2, "http://www.w3.org/TR/2001/REC-xml-c14n-20010315"));
            }
            return byteArrayOutputStream.toByteArray();
        } catch (IOException e) {
            throw new DSSException("Error when computing the SigAndRefsTimeStamp", e);
        }
    }

    @Override // eu.europa.ec.markt.dss.validation.AdvancedSignature
    public byte[] getTimestampX2Data() {
        ArrayList arrayList = new ArrayList();
        Element element = DSSXMLUtils.getElement(this.signatureElement, "./ds:Object/xades:QualifyingProperties/xades:UnsignedProperties/xades:UnsignedSignatureProperties/xades:CompleteCertificateRefs");
        if (element != null) {
            arrayList.add(element);
        }
        Element element2 = DSSXMLUtils.getElement(this.signatureElement, "./ds:Object/xades:QualifyingProperties/xades:UnsignedProperties/xades:UnsignedSignatureProperties/xades:CompleteRevocationRefs");
        if (element2 != null) {
            arrayList.add(element2);
        }
        return getC14nValue(arrayList, "http://www.w3.org/TR/2001/REC-xml-c14n-20010315");
    }

    @Override // eu.europa.ec.markt.dss.validation.AdvancedSignature
    public byte[] getArchiveTimestampData(int i, DSSDocument dSSDocument) {
        int i2;
        Element element = DSSXMLUtils.getElement(this.signatureElement, "./ds:Object/xades:QualifyingProperties/xades:UnsignedProperties/xades:UnsignedSignatureProperties/xades141:ArchiveTimeStamp./ds:CanonicalizationMethod");
        String textContent = element != null ? element.getTextContent() : "http://www.w3.org/TR/2001/REC-xml-c14n-20010315";
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            IOUtils.copy(new ByteArrayInputStream(this.referencesDigestOutputStream.toByteArray()), byteArrayOutputStream);
            byteArrayOutputStream.write(getC14nValue(DSSXMLUtils.getElement(this.signatureElement, "./ds:SignedInfo"), textContent));
            byteArrayOutputStream.write(getC14nValue(DSSXMLUtils.getElement(this.signatureElement, "./ds:SignatureValue"), textContent));
            byteArrayOutputStream.write(getC14nValue(DSSXMLUtils.getElement(this.signatureElement, "./ds:KeyInfo"), textContent));
            int i3 = 0;
            NodeList childNodes = getUnsignedSignatureProperties(this.signatureElement).getChildNodes();
            for (0; i2 < childNodes.getLength(); i2 + 1) {
                Node item = childNodes.item(i2);
                String localName = item.getLocalName();
                if (!localName.equals("CertificateValues") && !localName.equals("RevocationValues") && !localName.equals("AttrAuthoritiesCertValues") && !localName.equals("AttributeRevocationValues") && localName.equals(eu.europa.ec.markt.dss.validation102853.xades.XAdESSignature.XMLE_ARCHIVE_TIME_STAMP)) {
                    int i4 = i3;
                    i3++;
                    i2 = i4 >= i ? i2 + 1 : 0;
                }
                byteArrayOutputStream.write(getC14nValue(item, textContent));
            }
            NodeList objects = getObjects();
            for (int i5 = 0; i5 < objects.getLength(); i5++) {
                Node item2 = objects.item(i5);
                if (DSSXMLUtils.getElement(item2, "./xades:QualifyingProperties") == null) {
                    byteArrayOutputStream.write(getC14nValue(item2, textContent));
                }
            }
            if (LOG.isLoggable(Level.INFO)) {
                LOG.info("ArchiveTimestamp cannonicalized string:\n" + byteArrayOutputStream.toString());
            }
            return byteArrayOutputStream.toByteArray();
        } catch (IOException e) {
            throw new DSSException("Error when computing the archive data", e);
        }
    }

    private Element getUnsignedSignatureProperties(Element element) {
        Element element2 = DSSXMLUtils.getElement(element, "./ds:Object/xades:QualifyingProperties/xades:UnsignedProperties/xades:UnsignedSignatureProperties");
        if (element2 == null) {
            Element element3 = DSSXMLUtils.getElement(element, "./ds:Object/xades:QualifyingProperties");
            Element element4 = DSSXMLUtils.getElement(element3, "./ds:Object/xades:QualifyingProperties/xades:UnsignedProperties");
            if (element4 == null) {
                element4 = element3.getOwnerDocument().createElementNS("http://uri.etsi.org/01903/v1.3.2#", "UnsignedProperties");
                element3.appendChild(element4);
            }
            element2 = element4.getOwnerDocument().createElementNS("http://uri.etsi.org/01903/v1.3.2#", "UnsignedSignatureProperties");
            element4.appendChild(element2);
        }
        return element2;
    }

    @Override // eu.europa.ec.markt.dss.validation.AdvancedSignature
    public String getId() {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance(LdapHashUtils.MD5);
            messageDigest.update(Long.toString(getSigningTime().getTime()).getBytes());
            messageDigest.update(getSigningCertificate().getEncoded());
            return Hex.encodeHexString(messageDigest.digest());
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    static {
        Init.init();
    }
}
