package eu.europa.ec.markt.dss.validation102853.xades;

import eu.europa.ec.markt.dss.DSSUtils;
import eu.europa.ec.markt.dss.DSSXMLUtils;
import eu.europa.ec.markt.dss.DigestAlgorithm;
import eu.europa.ec.markt.dss.EncryptionAlgorithm;
import eu.europa.ec.markt.dss.SignatureAlgorithm;
import eu.europa.ec.markt.dss.exception.DSSException;
import eu.europa.ec.markt.dss.exception.EncodingException;
import eu.europa.ec.markt.dss.exception.NotETSICompliantException;
import eu.europa.ec.markt.dss.signature.DSSDocument;
import eu.europa.ec.markt.dss.signature.SignatureFormat;
import eu.europa.ec.markt.dss.signature.xades.ExternalFileURIDereferencer;
import eu.europa.ec.markt.dss.validation.CRLRef;
import eu.europa.ec.markt.dss.validation.CertificateRef;
import eu.europa.ec.markt.dss.validation.OCSPRef;
import eu.europa.ec.markt.dss.validation.PolicyValue;
import eu.europa.ec.markt.dss.validation.SignatureForm;
import eu.europa.ec.markt.dss.validation.crl.ListCRLSource;
import eu.europa.ec.markt.dss.validation.ocsp.ListOCSPSource;
import eu.europa.ec.markt.dss.validation102853.AdvancedSignature;
import eu.europa.ec.markt.dss.validation102853.ArchiveTimestampType;
import eu.europa.ec.markt.dss.validation102853.CertificatePool;
import eu.europa.ec.markt.dss.validation102853.CertificateToken;
import eu.europa.ec.markt.dss.validation102853.TimestampCategory;
import eu.europa.ec.markt.dss.validation102853.TimestampReference;
import eu.europa.ec.markt.dss.validation102853.TimestampToken;
import eu.europa.ec.markt.dss.validation102853.TimestampType;
import eu.europa.ec.markt.dss.validation102853.bean.SignatureCryptographicVerification;
import eu.europa.ec.markt.dss.validation102853.bean.SignatureProductionPlace;
import eu.europa.ec.markt.dss.validation102853.bean.SigningCertificate;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.math.BigInteger;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509CRL;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.security.auth.x500.X500Principal;
import javax.xml.crypto.Data;
import javax.xml.crypto.KeySelector;
import javax.xml.crypto.MarshalException;
import javax.xml.crypto.dom.DOMStructure;
import javax.xml.crypto.dsig.Reference;
import javax.xml.crypto.dsig.XMLSignature;
import javax.xml.crypto.dsig.XMLSignatureException;
import javax.xml.crypto.dsig.XMLSignatureFactory;
import javax.xml.crypto.dsig.dom.DOMValidateContext;
import javax.xml.datatype.DatatypeConfigurationException;
import javax.xml.datatype.DatatypeFactory;
import javax.xml.xpath.XPathExpressionException;
import org.apache.commons.codec.binary.Hex;
import org.apache.commons.io.IOUtils;
import org.apache.jcp.xml.dsig.internal.dom.XMLDSigRI;
import org.apache.xml.security.Init;
import org.apache.xml.security.c14n.CanonicalizationException;
import org.apache.xml.security.c14n.Canonicalizer;
import org.apache.xml.security.c14n.InvalidCanonicalizerException;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.crypto.digests.RIPEMD160Digest;
import org.bouncycastle.ocsp.BasicOCSPResp;
import org.bouncycastle.tsp.TimeStampToken;
import org.linagora.linshare.core.utils.LdapHashUtils;
import org.w3c.dom.DOMException;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;

/* loaded from: input_file:applet/signature-client.jar:eu/europa/ec/markt/dss/validation102853/xades/XAdESSignature.class */
public class XAdESSignature implements AdvancedSignature {
    private static final Logger LOG = Logger.getLogger(XAdESSignature.class.getName());
    public static final String XADES_NAMESPACE = "http://uri.etsi.org/01903/v1.3.2#";
    public static final String XADES_COUNTERSIGNED_SIGNATURE = "http://uri.etsi.org/01903#CountersignedSignature";
    public static final String XMLDSIG_DEFAULT_CANONICALIZATION_METHOD = "http://www.w3.org/TR/2001/REC-xml-c14n-20010315";
    public static final String XMLE_SIGNATURE = "Signature";
    public static final String XMLE_ALGORITHM = "Algorithm";
    public static final String XMLE_CITY = "City";
    public static final String XMLE_STATE_OR_PROVINCE = "StateOrProvince";
    public static final String XMLE_POSTAL_CODE = "PostalCode";
    public static final String XMLE_COUNTRY_NAME = "CountryName";
    public static final String XMLE_ARCHIVE_TIME_STAMP = "ArchiveTimeStamp";
    public static final String XMLE_ARCHIVE_TIME_STAMP_V2 = "ArchiveTimeStampV2";
    public static final String XPATH_SIGNATURE = "./ds:Signature";
    public static final String XPATH_SIGNED_INFO = "./ds:SignedInfo";
    public static final String XPATH_SIGNATURE_METHOD = "./ds:SignedInfo/ds:SignatureMethod";
    public static final String XPATH_SIGNATURE_VALUE = "./ds:SignatureValue";
    public static final String XPATH_KEY_INFO = "./ds:KeyInfo";
    public static final String XPATH_X509_DATA = "./ds:KeyInfo/ds:X509Data";
    public static final String XPATH_KEY_INFO_X509_CERTIFICATE = "./ds:KeyInfo/ds:X509Data/ds:X509Certificate";
    public static final String XPATH_X509_ISSUER_SERIAL = "./ds:KeyInfo/ds:X509Data/ds:X509IssuerSerial";
    public static final String XPATH_OBJECT = "./ds:Object";
    public static final String XPATH_QUALIFYING_PROPERTIES = "./ds:Object/xades:QualifyingProperties";
    public static final String XPATH_SIGNED_PROPERTIES = "./ds:Object/xades:QualifyingProperties/xades:SignedProperties";
    public static final String XPATH_SIGNED_SIGNATURE_PROPERTIES = "./ds:Object/xades:QualifyingProperties/xades:SignedProperties/xades:SignedSignatureProperties";
    public static final String XPATH_ALL_DATA_OBJECT_TIMESTAMP = "./ds:Object/xades:QualifyingProperties/xades:SignedProperties/xades:SignedDataObjectProperties/xades:AllDataObjectsTimeStamp";
    public static final String XPATH_SIGNING_TIME = "./ds:Object/xades:QualifyingProperties/xades:SignedProperties/xades:SignedSignatureProperties/xades:SigningTime";
    public static final String XPATH_SIGNING_CERTIFICATE_CERT = "./ds:Object/xades:QualifyingProperties/xades:SignedProperties/xades:SignedSignatureProperties/xades:SigningCertificate/xades:Cert";
    public static final String XPATH_CERT_DIGEST = "./ds:Object/xades:QualifyingProperties/xades:SignedProperties/xades:SignedSignatureProperties/xades:SigningCertificate/xades:Cert/xades:CertDigest";
    public static final String XPATH_SIGNATURE_POLICY_IDENTIFIER = "./ds:Object/xades:QualifyingProperties/xades:SignedProperties/xades:SignedSignatureProperties/xades:SignaturePolicyIdentifier";
    public static final String XPATH_CLAIMED_ROLE = "./ds:Object/xades:QualifyingProperties/xades:SignedProperties/xades:SignedSignatureProperties/xades:SignerRole/xades:ClaimedRoles/xades:ClaimedRole";
    public static final String XPATH_PRODUCTION_PLACE = "./ds:Object/xades:QualifyingProperties/xades:SignedProperties/xades:SignedSignatureProperties/xades:SignatureProductionPlace";
    public static final String XPATH__SIGNATURE_POLICY_ID = "./xades:SignaturePolicyId/xades:SigPolicyId/xades:Identifier";
    public static final String XPATH__X509_ISSUER_NAME = "./xades:IssuerSerial/ds:X509IssuerName";
    public static final String XPATH__X509_SERIAL_NUMBER = "./xades:IssuerSerial/ds:X509SerialNumber";
    public static final String XPATH__DIGEST_METHOD = "./xades:CertDigest/ds:DigestMethod";
    public static final String XPATH__DIGEST_VALUE = "./ds:DigestValue";
    public static final String XPATH__CERT_DIGEST_DIGEST_VALUE = "./xades:CertDigest/ds:DigestValue";
    public static final String XPATH_UNSIGNED_PROPERTIES = "./ds:Object/xades:QualifyingProperties/xades:UnsignedProperties";
    public static final String XPATH_UNSIGNED_SIGNATURE_PROPERTIES = "./ds:Object/xades:QualifyingProperties/xades:UnsignedProperties/xades:UnsignedSignatureProperties";
    public static final String XPATH_SIGNATURE_TIMESTAMP = "./ds:Object/xades:QualifyingProperties/xades:UnsignedProperties/xades:UnsignedSignatureProperties/xades:SignatureTimeStamp";
    public static final String XPATH_SIGNATURE_TIMESTAMP_CANON = "./ds:Object/xades:QualifyingProperties/xades:UnsignedProperties/xades:UnsignedSignatureProperties/xades:SignatureTimeStamp/ds:CanonicalizationMethod";
    public static final String XPATH_COMPLETE_CERTIFICATE_REFS = "./ds:Object/xades:QualifyingProperties/xades:UnsignedProperties/xades:UnsignedSignatureProperties/xades:CompleteCertificateRefs";
    public static final String XPATH_COMPLETE_REVOCATION_REFS = "./ds:Object/xades:QualifyingProperties/xades:UnsignedProperties/xades:UnsignedSignatureProperties/xades:CompleteRevocationRefs";
    public static final String XPATH_SIG_AND_REFS_TIMESTAMP = "./ds:Object/xades:QualifyingProperties/xades:UnsignedProperties/xades:UnsignedSignatureProperties/xades:SigAndRefsTimeStamp";
    public static final String XPATH_SIG_AND_REFS_TIMESTAMP_CANON = "./ds:Object/xades:QualifyingProperties/xades:UnsignedProperties/xades:UnsignedSignatureProperties/xades:SigAndRefsTimeStamp/ds:CanonicalizationMethod";
    public static final String XPATH_REFS_ONLY_TIMESTAMP = "./ds:Object/xades:QualifyingProperties/xades:UnsignedProperties/xades:UnsignedSignatureProperties/xades:RefsOnlyTimeStamp";
    public static final String XPATH_REFS_ONLY_TIMESTAMP_CANON = "./ds:Object/xades:QualifyingProperties/xades:UnsignedProperties/xades:UnsignedSignatureProperties/xades:RefsOnlyTimeStamp/ds:CanonicalizationMethod";
    public static final String XPATH_CERTIFICATE_VALUES = "./ds:Object/xades:QualifyingProperties/xades:UnsignedProperties/xades:UnsignedSignatureProperties/xades:CertificateValues";
    public static final String XPATH_REVOCATION_VALUES = "./ds:Object/xades:QualifyingProperties/xades:UnsignedProperties/xades:UnsignedSignatureProperties/xades:RevocationValues";
    public static final String XPATH_COUNTER_SIGNATURE = "./ds:Object/xades:QualifyingProperties/xades:UnsignedProperties/xades:UnsignedSignatureProperties/xades:CounterSignature";
    public static final String XPATH_ARCHIVE_TIMESTAMP = "./ds:Object/xades:QualifyingProperties/xades:UnsignedProperties/xades:UnsignedSignatureProperties/xades:ArchiveTimeStamp";
    public static final String XPATH_ARCHIVE_TIMESTAMP_141 = "./ds:Object/xades:QualifyingProperties/xades:UnsignedProperties/xades:UnsignedSignatureProperties/xades141:ArchiveTimeStamp";
    public static final String XPATH_ARCHIVE_TIMESTAMP_V2 = "./ds:Object/xades:QualifyingProperties/xades:UnsignedProperties/xades:UnsignedSignatureProperties/xades141:ArchiveTimeStampV2";
    public static final String XPATH_REVOCATION_CRL_REFS = "./ds:Object/xades:QualifyingProperties/xades:UnsignedProperties/xades:UnsignedSignatureProperties/xades:CompleteRevocationRefs/xades:CRLRefs";
    public static final String XPATH__DIGEST_METHOD_ALGORITHM = "./ds:DigestMethod/@Algorithm";
    public static final String XPATH__CRL_REF = "./xades:CRLRef";
    public static final String XPATH__COMPLETE_CERTIFICATE_REFS__CERT_DIGEST = "./xades:CertRefs/xades:Cert/xades:CertDigest";
    public static final String XPATH__DAAV_DIGEST_METHOD = "./xades:DigestAlgAndValue/ds:DigestMethod";
    public static final String XPATH__DAAV_DIGEST_VALUE = "./xades:DigestAlgAndValue/ds:DigestValue";
    public static final String XPATH__CANONICALIZATION_METHOD = "./ds:CanonicalizationMethod";
    public static final String XPATH__ENCAPSULATED_TIMESTAMP = "./xades:EncapsulatedTimeStamp";
    public static final String XPATH_ENCAPSULATED_X509_CERTIFICATE = "./ds:Object/xades:QualifyingProperties/xades:UnsignedProperties/xades:UnsignedSignatureProperties/xades:CertificateValues/xades:EncapsulatedX509Certificate";
    public static final String XPATH_CERT_REFS = "./ds:Object/xades:QualifyingProperties/xades:UnsignedProperties/xades:UnsignedSignatureProperties/xades:CompleteCertificateRefs/xades:CertRefs";
    public static final String XPATH_ENCAPSULATED_CRL_VALUE = "./ds:Object/xades:QualifyingProperties/xades:UnsignedProperties/xades:UnsignedSignatureProperties/xades:RevocationValues/xades:CRLValues/xades:EncapsulatedCRLValue";
    public static final String XPATH_ENCAPSULATED_OCSP_VALUE = "./ds:Object/xades:QualifyingProperties/xades:UnsignedProperties/xades:UnsignedSignatureProperties/xades:RevocationValues/xades:OCSPValues/xades:EncapsulatedOCSPValue";
    private final Element signatureElement;
    Element qualifyingProperties;
    Element unsignedProperties;
    Element unsignedSignatureProperties;
    private String id;
    private SigningCertificate signingCert;
    private XAdESCertificateSource certificatesSource;
    private CertificatePool certPool;
    private final XMLDSigRI xmlProvider = new XMLDSigRI();
    private ByteArrayOutputStream referencesDigestOutputStream = new ByteArrayOutputStream();
    private Set<DigestAlgorithm> usedCertificatesDigestAlgorithms = new HashSet();

    public XAdESSignature(Element element, CertificatePool certificatePool) {
        if (element == null) {
            throw new DSSException("DOM signature element is null, it must be provided!");
        }
        this.signatureElement = element;
        this.certPool = certificatePool;
    }

    public CertificatePool getCertPool() {
        return this.certPool;
    }

    public Element getSignatureElement() {
        return this.signatureElement;
    }

    @Override // eu.europa.ec.markt.dss.validation102853.AdvancedSignature
    public SignatureForm getSignatureFormat() {
        return SignatureForm.XAdES;
    }

    @Override // eu.europa.ec.markt.dss.validation102853.AdvancedSignature
    public EncryptionAlgorithm getEncryptionAlgo() {
        return SignatureAlgorithm.forXML(DSSXMLUtils.getElement(this.signatureElement, XPATH_SIGNATURE_METHOD).getAttribute("Algorithm")).getEncryptionAlgo();
    }

    @Override // eu.europa.ec.markt.dss.validation102853.AdvancedSignature
    public DigestAlgorithm getDigestAlgo() {
        return SignatureAlgorithm.forXML(DSSXMLUtils.getElement(this.signatureElement, XPATH_SIGNATURE_METHOD).getAttribute("Algorithm")).getDigestAlgo();
    }

    @Override // eu.europa.ec.markt.dss.validation102853.AdvancedSignature
    public XAdESCertificateSource getCertificateSource() {
        if (this.certificatesSource == null) {
            this.certificatesSource = new XAdESCertificateSource(this.signatureElement, this.certPool);
        }
        return this.certificatesSource;
    }

    @Override // eu.europa.ec.markt.dss.validation102853.AdvancedSignature
    public ListCRLSource getCRLSource() {
        ArrayList arrayList = new ArrayList();
        NodeList nodeList = DSSXMLUtils.getNodeList(this.signatureElement, XPATH_ENCAPSULATED_CRL_VALUE);
        for (int i = 0; i < nodeList.getLength(); i++) {
            arrayList.add(DSSUtils.loadCRLBase64Encoded(((Element) nodeList.item(i)).getTextContent()));
        }
        if (arrayList.size() > 0) {
            return new ListCRLSource(arrayList);
        }
        return null;
    }

    @Override // eu.europa.ec.markt.dss.validation102853.AdvancedSignature
    public ListOCSPSource getOCSPSource() {
        ArrayList arrayList = new ArrayList();
        NodeList nodeList = DSSXMLUtils.getNodeList(this.signatureElement, XPATH_ENCAPSULATED_OCSP_VALUE);
        for (int i = 0; i < nodeList.getLength(); i++) {
            arrayList.add(DSSUtils.loadOCSPBase64Encoded(((Element) nodeList.item(i)).getTextContent()));
        }
        if (arrayList.size() > 0) {
            return new ListOCSPSource(arrayList);
        }
        return null;
    }

    @Override // eu.europa.ec.markt.dss.validation102853.AdvancedSignature
    public SigningCertificate getSigningCertificate() {
        String base64Encode;
        if (this.signingCert == null) {
            try {
                this.signingCert = new SigningCertificate();
                NodeList nodeList = DSSXMLUtils.getNodeList(this.signatureElement, "./ds:Object/xades:QualifyingProperties/xades:SignedProperties/xades:SignedSignatureProperties/xades:SigningCertificate/xades:Cert");
                for (int i = 0; i < nodeList.getLength(); i++) {
                    Element element = (Element) nodeList.item(i);
                    Element element2 = DSSXMLUtils.getElement(element, XPATH__DIGEST_METHOD);
                    if (element2 != null) {
                        DigestAlgorithm forXML = DigestAlgorithm.forXML(element2.getAttribute("Algorithm"));
                        String name = forXML.getName();
                        Element element3 = DSSXMLUtils.getElement(element, XPATH__CERT_DIGEST_DIGEST_VALUE);
                        if (element3 != null) {
                            String textContent = element3.getTextContent();
                            XAdESCertificateSource certificateSource = getCertificateSource();
                            certificateSource.extract();
                            for (CertificateToken certificateToken : certificateSource.getKeyInfoCertificates()) {
                                if (forXML.equals(DigestAlgorithm.RIPEMD160)) {
                                    RIPEMD160Digest rIPEMD160Digest = new RIPEMD160Digest();
                                    byte[] encoded = certificateToken.getCertificate().getEncoded();
                                    rIPEMD160Digest.update(encoded, 0, encoded.length);
                                    byte[] bArr = new byte[rIPEMD160Digest.getDigestSize()];
                                    rIPEMD160Digest.doFinal(bArr, 0);
                                    base64Encode = DSSUtils.base64Encode(bArr);
                                } else {
                                    MessageDigest messageDigest = MessageDigest.getInstance(name);
                                    messageDigest.update(certificateToken.getCertificate().getEncoded());
                                    base64Encode = DSSUtils.base64Encode(messageDigest.digest());
                                }
                                this.signingCert.setDigestMatch(false);
                                if (base64Encode.equals(textContent)) {
                                    boolean equals = certificateToken.getIssuerX500Principal().equals(new X500Principal(DSSXMLUtils.getElement(element, XPATH__X509_ISSUER_NAME).getTextContent()));
                                    boolean equals2 = certificateToken.getSerialNumber().equals(new BigInteger(DSSXMLUtils.getElement(element, XPATH__X509_SERIAL_NUMBER).getTextContent()));
                                    this.signingCert.setDigestMatch(true);
                                    this.signingCert.setSerialNumberMatch(equals2 && equals);
                                    this.signingCert.setCertToken(certificateToken);
                                    return this.signingCert;
                                }
                            }
                        }
                    }
                }
            } catch (NoSuchAlgorithmException e) {
                throw new DSSException(e);
            } catch (CertificateEncodingException e2) {
                throw new DSSException(e2);
            }
        }
        return this.signingCert;
    }

    @Override // eu.europa.ec.markt.dss.validation102853.AdvancedSignature
    public Date getSigningTime() {
        try {
            Element element = DSSXMLUtils.getElement(this.signatureElement, XPATH_SIGNING_TIME);
            if (element == null) {
                return null;
            }
            return DatatypeFactory.newInstance().newXMLGregorianCalendar(element.getTextContent()).toGregorianCalendar().getTime();
        } catch (DatatypeConfigurationException e) {
            throw new RuntimeException(e);
        } catch (DOMException e2) {
            throw new RuntimeException(e2);
        }
    }

    @Override // eu.europa.ec.markt.dss.validation102853.AdvancedSignature
    public PolicyValue getPolicyId() {
        Element element = DSSXMLUtils.getElement(this.signatureElement, XPATH_SIGNATURE_POLICY_IDENTIFIER);
        if (element == null) {
            return null;
        }
        Element element2 = DSSXMLUtils.getElement(element, XPATH__SIGNATURE_POLICY_ID);
        return element2 != null ? new PolicyValue(element2.getTextContent()) : new PolicyValue();
    }

    @Override // eu.europa.ec.markt.dss.validation102853.AdvancedSignature
    public SignatureProductionPlace getSignatureProductionPlace() {
        NodeList nodeList = DSSXMLUtils.getNodeList(this.signatureElement, XPATH_PRODUCTION_PLACE);
        if (nodeList.getLength() == 0) {
            return null;
        }
        SignatureProductionPlace signatureProductionPlace = new SignatureProductionPlace();
        for (int i = 0; i < nodeList.getLength(); i++) {
            String nodeName = nodeList.item(i).getNodeName();
            if (XMLE_CITY.equals(nodeName)) {
                signatureProductionPlace.setCity(nodeName);
            } else if (XMLE_STATE_OR_PROVINCE.equals(nodeName)) {
                signatureProductionPlace.setStateOrProvince(nodeName);
            } else if (XMLE_POSTAL_CODE.equals(nodeName)) {
                signatureProductionPlace.setPostalCode(nodeName);
            } else if (XMLE_COUNTRY_NAME.equals(nodeName)) {
                signatureProductionPlace.setCountryName(nodeName);
            }
        }
        return signatureProductionPlace;
    }

    @Override // eu.europa.ec.markt.dss.validation102853.AdvancedSignature
    public String[] getClaimedSignerRoles() {
        NodeList nodeList = DSSXMLUtils.getNodeList(this.signatureElement, XPATH_CLAIMED_ROLE);
        if (nodeList.getLength() == 0) {
            return null;
        }
        String[] strArr = new String[nodeList.getLength()];
        for (int i = 0; i < nodeList.getLength(); i++) {
            strArr[i] = ((Element) nodeList.item(i)).getTextContent();
        }
        return strArr;
    }

    @Override // eu.europa.ec.markt.dss.validation102853.AdvancedSignature
    public String getContentType() {
        return "text/xml";
    }

    private TimestampToken makeTimestampToken(int i, Element element, TimestampType timestampType) throws XPathExpressionException {
        try {
            TimestampToken timestampToken = new TimestampToken(new TimeStampToken(new CMSSignedData(DSSUtils.base64Decode(DSSXMLUtils.getElement(element, XPATH__ENCAPSULATED_TIMESTAMP).getTextContent()))), timestampType, this.certPool);
            timestampToken.setDSSId(i);
            return timestampToken;
        } catch (Exception e) {
            throw new DSSException(e);
        }
    }

    public Element getKeyInfo() {
        return DSSXMLUtils.getElement(this.signatureElement, "./ds:KeyInfo");
    }

    public Element getSignedInfo() {
        return DSSXMLUtils.getElement(this.signatureElement, "./ds:SignedInfo");
    }

    public Node getSignatureValue() {
        return DSSXMLUtils.getNode(this.signatureElement, "./ds:SignatureValue");
    }

    public Element getObject() {
        return DSSXMLUtils.getElement(this.signatureElement, "./ds:Object");
    }

    public NodeList getObjects() {
        return DSSXMLUtils.getNodeList(this.signatureElement, "./ds:Object");
    }

    public Element getQualifyingProperties() {
        if (this.qualifyingProperties == null) {
            this.qualifyingProperties = DSSXMLUtils.getElement(this.signatureElement, "./ds:Object/xades:QualifyingProperties");
        }
        return this.qualifyingProperties;
    }

    public Element getUnsignedSignatureProperties() {
        if (this.unsignedSignatureProperties == null) {
            this.unsignedSignatureProperties = DSSXMLUtils.getElement(this.signatureElement, "./ds:Object/xades:QualifyingProperties/xades:UnsignedProperties/xades:UnsignedSignatureProperties");
        }
        return this.unsignedSignatureProperties;
    }

    public Element getUnsignedProperties() {
        if (this.unsignedProperties == null) {
            this.unsignedProperties = DSSXMLUtils.getElement(this.signatureElement, "./ds:Object/xades:QualifyingProperties/xades:UnsignedProperties");
        }
        return this.unsignedProperties;
    }

    public Element getCompleteCertificateRefs() {
        return DSSXMLUtils.getElement(this.signatureElement, "./ds:Object/xades:QualifyingProperties/xades:UnsignedProperties/xades:UnsignedSignatureProperties/xades:CompleteCertificateRefs");
    }

    public Element getCompleteRevocationRefs() {
        return DSSXMLUtils.getElement(this.signatureElement, "./ds:Object/xades:QualifyingProperties/xades:UnsignedProperties/xades:UnsignedSignatureProperties/xades:CompleteRevocationRefs");
    }

    public NodeList getSigAndRefsTimeStamp() {
        return DSSXMLUtils.getNodeList(this.signatureElement, "./ds:Object/xades:QualifyingProperties/xades:UnsignedProperties/xades:UnsignedSignatureProperties/xades:SigAndRefsTimeStamp");
    }

    public Element getCertificateValues() {
        return DSSXMLUtils.getElement(this.signatureElement, "./ds:Object/xades:QualifyingProperties/xades:UnsignedProperties/xades:UnsignedSignatureProperties/xades:CertificateValues");
    }

    public Element getRevocationValues() {
        return DSSXMLUtils.getElement(this.signatureElement, "./ds:Object/xades:QualifyingProperties/xades:UnsignedProperties/xades:UnsignedSignatureProperties/xades:RevocationValues");
    }

    public boolean hasTExtension() {
        return DSSXMLUtils.getNodeList(this.signatureElement, "./ds:Object/xades:QualifyingProperties/xades:UnsignedProperties/xades:UnsignedSignatureProperties/xades:SignatureTimeStamp").getLength() > 0;
    }

    public boolean hasCExtension() {
        return DSSXMLUtils.getNodeList(this.signatureElement, "./ds:Object/xades:QualifyingProperties/xades:UnsignedProperties/xades:UnsignedSignatureProperties/xades:CompleteCertificateRefs").getLength() > 0 || DSSXMLUtils.getNodeList(this.signatureElement, "./ds:Object/xades:QualifyingProperties/xades:UnsignedProperties/xades:UnsignedSignatureProperties/xades:CompleteRevocationRefs").getLength() > 0;
    }

    public boolean hasXExtension() {
        return DSSXMLUtils.getNodeList(this.signatureElement, "./ds:Object/xades:QualifyingProperties/xades:UnsignedProperties/xades:UnsignedSignatureProperties/xades:SigAndRefsTimeStamp").getLength() > 0;
    }

    public boolean hasXLExtension() {
        return DSSXMLUtils.getNodeList(this.signatureElement, "./ds:Object/xades:QualifyingProperties/xades:UnsignedProperties/xades:UnsignedSignatureProperties/xades:CertificateValues").getLength() > 0 || DSSXMLUtils.getNodeList(this.signatureElement, "./ds:Object/xades:QualifyingProperties/xades:UnsignedProperties/xades:UnsignedSignatureProperties/xades:RevocationValues").getLength() > 0;
    }

    @Override // eu.europa.ec.markt.dss.validation102853.AdvancedSignature
    public List<TimestampToken> getContentTimestamps() {
        try {
            ArrayList arrayList = new ArrayList();
            NodeList nodeList = DSSXMLUtils.getNodeList(this.signatureElement, XPATH_ALL_DATA_OBJECT_TIMESTAMP);
            for (int i = 0; i < nodeList.getLength(); i++) {
                TimestampToken makeTimestampToken = makeTimestampToken(i, (Element) nodeList.item(i), TimestampType.CONTENT_TIMESTAMP);
                if (makeTimestampToken != null) {
                    arrayList.add(makeTimestampToken);
                }
            }
            return arrayList;
        } catch (XPathExpressionException e) {
            throw new EncodingException(EncodingException.MSG.SIGNATURE_TIMESTAMP_ENCODING, e);
        }
    }

    @Override // eu.europa.ec.markt.dss.validation102853.AdvancedSignature
    public List<TimestampToken> getSignatureTimestamps() {
        try {
            ArrayList arrayList = new ArrayList();
            NodeList nodeList = DSSXMLUtils.getNodeList(this.signatureElement, "./ds:Object/xades:QualifyingProperties/xades:UnsignedProperties/xades:UnsignedSignatureProperties/xades:SignatureTimeStamp");
            for (int i = 0; i < nodeList.getLength(); i++) {
                TimestampToken makeTimestampToken = makeTimestampToken(i, (Element) nodeList.item(i), TimestampType.SIGNATURE_TIMESTAMP);
                if (makeTimestampToken != null) {
                    ArrayList arrayList2 = new ArrayList();
                    TimestampReference timestampReference = new TimestampReference();
                    timestampReference.setCategory(TimestampCategory.SIGNATURE);
                    timestampReference.setSignatureId(getId());
                    arrayList2.add(timestampReference);
                    NodeList nodeList2 = DSSXMLUtils.getNodeList(this.signatureElement, XPATH_CERT_DIGEST);
                    for (int i2 = 0; i2 < nodeList2.getLength(); i2++) {
                        arrayList2.add(createCertificateTimestampReference((Element) nodeList2.item(i2)));
                    }
                    makeTimestampToken.setTimestampedReferences(arrayList2);
                    arrayList.add(makeTimestampToken);
                }
            }
            return arrayList;
        } catch (XPathExpressionException e) {
            throw new EncodingException(EncodingException.MSG.SIGNATURE_TIMESTAMP_ENCODING, e);
        }
    }

    @Override // eu.europa.ec.markt.dss.validation102853.AdvancedSignature
    public List<TimestampToken> getTimestampsX1() {
        try {
            ArrayList arrayList = new ArrayList();
            NodeList nodeList = DSSXMLUtils.getNodeList(this.signatureElement, "./ds:Object/xades:QualifyingProperties/xades:UnsignedProperties/xades:UnsignedSignatureProperties/xades:SigAndRefsTimeStamp");
            for (int i = 0; i < nodeList.getLength(); i++) {
                TimestampToken makeTimestampToken = makeTimestampToken(i, (Element) nodeList.item(i), TimestampType.VALIDATION_DATA_TIMESTAMP);
                if (makeTimestampToken != null) {
                    List<TimestampReference> timestampedReferences = getTimestampedReferences();
                    TimestampReference timestampReference = new TimestampReference();
                    timestampReference.setCategory(TimestampCategory.SIGNATURE);
                    timestampReference.setSignatureId(getId());
                    timestampedReferences.add(0, timestampReference);
                    makeTimestampToken.setTimestampedReferences(timestampedReferences);
                    arrayList.add(makeTimestampToken);
                }
            }
            return arrayList;
        } catch (XPathExpressionException e) {
            throw new EncodingException(EncodingException.MSG.TIMESTAMP_X1_ENCODING, e);
        }
    }

    @Override // eu.europa.ec.markt.dss.validation102853.AdvancedSignature
    public List<TimestampToken> getTimestampsX2() {
        try {
            ArrayList arrayList = new ArrayList();
            NodeList nodeList = DSSXMLUtils.getNodeList(this.signatureElement, XPATH_REFS_ONLY_TIMESTAMP);
            for (int i = 0; i < nodeList.getLength(); i++) {
                TimestampToken makeTimestampToken = makeTimestampToken(i, (Element) nodeList.item(i), TimestampType.VALIDATION_DATA_REFSONLY_TIMESTAMP);
                if (makeTimestampToken != null) {
                    makeTimestampToken.setTimestampedReferences(getTimestampedReferences());
                    arrayList.add(makeTimestampToken);
                }
            }
            return arrayList;
        } catch (XPathExpressionException e) {
            throw new EncodingException(EncodingException.MSG.TIMESTAMP_X2_ENCODING, e);
        }
    }

    @Override // eu.europa.ec.markt.dss.validation102853.AdvancedSignature
    public List<TimestampToken> getArchiveTimestamps() {
        try {
            ArrayList arrayList = new ArrayList();
            addArchiveTimestamps(arrayList, DSSXMLUtils.getNodeList(this.signatureElement, XPATH_ARCHIVE_TIMESTAMP), ArchiveTimestampType.XAdES);
            addArchiveTimestamps(arrayList, DSSXMLUtils.getNodeList(this.signatureElement, "./ds:Object/xades:QualifyingProperties/xades:UnsignedProperties/xades:UnsignedSignatureProperties/xades141:ArchiveTimeStamp"), ArchiveTimestampType.XAdES_141);
            addArchiveTimestamps(arrayList, DSSXMLUtils.getNodeList(this.signatureElement, XPATH_ARCHIVE_TIMESTAMP_V2), ArchiveTimestampType.XAdES_141_V2);
            return arrayList;
        } catch (XPathExpressionException e) {
            throw new EncodingException(EncodingException.MSG.ARCHIVE_TIMESTAMP_ENCODING, e);
        }
    }

    private void addArchiveTimestamps(List<TimestampToken> list, NodeList nodeList, ArchiveTimestampType archiveTimestampType) throws XPathExpressionException {
        for (int i = 0; i < nodeList.getLength(); i++) {
            Element element = (Element) nodeList.item(i);
            TimestampToken makeTimestampToken = makeTimestampToken(i, element, TimestampType.ARCHIVE_TIMESTAMP);
            if (makeTimestampToken != null) {
                makeTimestampToken.setArchiveTimestampType(archiveTimestampType);
                Element element2 = DSSXMLUtils.getElement(element, "./ds:CanonicalizationMethod");
                makeTimestampToken.setCanonicalizationMethod(element2 != null ? element2.getAttribute("Algorithm") : "http://www.w3.org/TR/2001/REC-xml-c14n-20010315");
                List<TimestampReference> timestampedReferences = getTimestampedReferences();
                TimestampReference timestampReference = new TimestampReference();
                timestampReference.setCategory(TimestampCategory.SIGNATURE);
                timestampReference.setSignatureId(getId());
                timestampedReferences.add(0, timestampReference);
                makeTimestampToken.setTimestampedReferences(timestampedReferences);
                list.add(makeTimestampToken);
            }
        }
    }

    @Override // eu.europa.ec.markt.dss.validation102853.AdvancedSignature
    public List<CertificateToken> getCertificates() {
        return getCertificateSource().getCertificates();
    }

    public List<CertificateToken> getKeyInfoCertificates() {
        return getCertificateSource().getKeyInfoCertificates();
    }

    @Override // eu.europa.ec.markt.dss.validation102853.AdvancedSignature
    public SignatureCryptographicVerification checkIntegrity(DSSDocument dSSDocument) {
        SignatureCryptographicVerification signatureCryptographicVerification = new SignatureCryptographicVerification();
        CertificateToken certToken = getSigningCertificate().getCertToken();
        if (certToken != null) {
            DOMValidateContext dOMValidateContext = new DOMValidateContext(KeySelector.singletonKeySelector(certToken.getCertificate().getPublicKey()), this.signatureElement);
            try {
                dOMValidateContext.setURIDereferencer(new ExternalFileURIDereferencer(dSSDocument));
                dOMValidateContext.setProperty("javax.xml.crypto.dsig.cacheReference", Boolean.TRUE);
                XMLSignature unmarshalXMLSignature = XMLSignatureFactory.getInstance("DOM", this.xmlProvider).unmarshalXMLSignature(dOMValidateContext);
                Element documentElement = this.signatureElement.getOwnerDocument().getDocumentElement();
                if (documentElement.hasAttribute("Id")) {
                    dOMValidateContext.setIdAttributeNS(documentElement, null, "Id");
                }
                DSSXMLUtils.recursiveIdBrowse(dOMValidateContext, documentElement);
                boolean z = false;
                try {
                    z = unmarshalXMLSignature.validate(dOMValidateContext);
                } catch (XMLSignatureException e) {
                    signatureCryptographicVerification.setErrorMessage("Signature validation: " + e.getMessage());
                }
                boolean z2 = z;
                boolean z3 = true;
                boolean z4 = true;
                try {
                    z2 = unmarshalXMLSignature.getSignatureValue().validate(dOMValidateContext);
                } catch (XMLSignatureException e2) {
                    signatureCryptographicVerification.setErrorMessage(e2.getMessage());
                }
                for (Reference reference : unmarshalXMLSignature.getSignedInfo().getReferences()) {
                    boolean z5 = false;
                    try {
                        z5 = reference.validate(dOMValidateContext);
                    } catch (XMLSignatureException e3) {
                        signatureCryptographicVerification.setErrorMessage(reference.getURI() + ": " + e3.getMessage());
                    }
                    z4 = z4 && z5;
                    if (LOG.isLoggable(Level.INFO)) {
                        LOG.info("Reference hash validity checked: " + reference.getURI() + "=" + z5);
                    }
                    Data dereferencedData = reference.getDereferencedData();
                    z3 = z3 && dereferencedData != null;
                    InputStream digestInputStream = reference.getDigestInputStream();
                    if (dereferencedData != null && digestInputStream != null) {
                        try {
                            IOUtils.copy(digestInputStream, this.referencesDigestOutputStream);
                        } catch (IOException e4) {
                        }
                    }
                }
                signatureCryptographicVerification.setReferenceDataFound(z3);
                signatureCryptographicVerification.setReferenceDataIntact(z4);
                signatureCryptographicVerification.setSignatureIntegrity(z2);
            } catch (MarshalException e5) {
                signatureCryptographicVerification.setErrorMessage(e5.getMessage());
            }
        } else {
            signatureCryptographicVerification.setErrorMessage("Unable to proceed with the signature cryptographic verification. There is no signing certificate!");
        }
        return signatureCryptographicVerification;
    }

    @Override // eu.europa.ec.markt.dss.validation102853.AdvancedSignature
    public List<AdvancedSignature> getCounterSignatures() {
        try {
            NodeList nodeList = DSSXMLUtils.getNodeList(this.signatureElement, XPATH_COUNTER_SIGNATURE);
            if (nodeList == null) {
                return null;
            }
            ArrayList arrayList = new ArrayList();
            for (int i = 0; i < nodeList.getLength(); i++) {
                Element element = DSSXMLUtils.getElement((Element) nodeList.item(i), XPATH_SIGNATURE);
                XAdESSignature xAdESSignature = new XAdESSignature(element, this.certPool);
                XMLSignature unmarshalXMLSignature = XMLSignatureFactory.getInstance("DOM").unmarshalXMLSignature(new DOMStructure(element));
                LOG.info("Verifying countersignature References");
                Iterator it2 = unmarshalXMLSignature.getSignedInfo().getReferences().iterator();
                while (true) {
                    if (it2.hasNext()) {
                        Reference reference = (Reference) it2.next();
                        if (reference.getType() != null && reference.getType().equals(XADES_COUNTERSIGNED_SIGNATURE)) {
                            if (reference.validate(new DOMValidateContext(xAdESSignature.getSigningCertificate().getCertToken().getCertificate().getPublicKey(), DSSXMLUtils.getElement(this.signatureElement, "./ds:SignatureValue")))) {
                                LOG.info("Reference verification succeeded, adding countersignature");
                                arrayList.add(xAdESSignature);
                            } else {
                                LOG.warning("Skipping countersignature because the Reference doesn't contain a hash of the embedding SignatureValue");
                            }
                        }
                    }
                }
            }
            return arrayList;
        } catch (MarshalException e) {
            throw new EncodingException(EncodingException.MSG.COUNTERSIGNATURE_ENCODING, e);
        } catch (XMLSignatureException e2) {
            throw new EncodingException(EncodingException.MSG.COUNTERSIGNATURE_ENCODING, e2);
        }
    }

    @Override // eu.europa.ec.markt.dss.validation102853.AdvancedSignature
    public List<CertificateRef> getCertificateRefs() {
        Element element = DSSXMLUtils.getElement(this.signatureElement, XPATH_CERT_REFS);
        if (element == null) {
            return null;
        }
        ArrayList arrayList = new ArrayList();
        NodeList nodeList = DSSXMLUtils.getNodeList(element, "./xades:Cert");
        for (int i = 0; i < nodeList.getLength(); i++) {
            Element element2 = (Element) nodeList.item(i);
            Element element3 = DSSXMLUtils.getElement(element2, XPATH__X509_ISSUER_NAME);
            Element element4 = DSSXMLUtils.getElement(element2, XPATH__X509_SERIAL_NUMBER);
            Element element5 = DSSXMLUtils.getElement(element2, XPATH__DIGEST_METHOD);
            Element element6 = DSSXMLUtils.getElement(element2, XPATH__CERT_DIGEST_DIGEST_VALUE);
            CertificateRef certificateRef = new CertificateRef();
            if (element3 != null && element4 != null) {
                certificateRef.setIssuerName(element3.getTextContent());
                certificateRef.setIssuerSerial(element4.getTextContent());
            }
            certificateRef.setDigestAlgorithm(DigestAlgorithm.forXML(element5.getAttribute("Algorithm")).getName());
            certificateRef.setDigestValue(DSSUtils.base64Decode(element6.getTextContent()));
            arrayList.add(certificateRef);
        }
        return arrayList;
    }

    @Override // eu.europa.ec.markt.dss.validation102853.AdvancedSignature
    public List<CRLRef> getCRLRefs() {
        ArrayList arrayList = new ArrayList();
        Element element = DSSXMLUtils.getElement(this.signatureElement, XPATH_REVOCATION_CRL_REFS);
        if (element != null) {
            NodeList nodeList = DSSXMLUtils.getNodeList(element, XPATH__CRL_REF);
            for (int i = 0; i < nodeList.getLength(); i++) {
                Element element2 = (Element) nodeList.item(i);
                Element element3 = DSSXMLUtils.getElement(element2, XPATH__DAAV_DIGEST_METHOD);
                Element element4 = DSSXMLUtils.getElement(element2, XPATH__DAAV_DIGEST_VALUE);
                String name = DigestAlgorithm.forXML(element3.getAttribute("Algorithm")).getName();
                CRLRef cRLRef = new CRLRef();
                cRLRef.setDigestAlgorithm(name);
                cRLRef.setDigestValue(DSSUtils.base64Decode(element4.getTextContent()));
                arrayList.add(cRLRef);
            }
        }
        return arrayList;
    }

    @Override // eu.europa.ec.markt.dss.validation102853.AdvancedSignature
    public List<OCSPRef> getOCSPRefs() {
        ArrayList arrayList = new ArrayList();
        Element element = DSSXMLUtils.getElement(this.signatureElement, "./ds:Object/xades:QualifyingProperties/xades:UnsignedProperties/xades:UnsignedSignatureProperties/xades:CompleteRevocationRefs/xades:OCSPRefs");
        if (element != null) {
            NodeList nodeList = DSSXMLUtils.getNodeList(element, "./xades:OCSPRef");
            for (int i = 0; i < nodeList.getLength(); i++) {
                Element element2 = (Element) nodeList.item(i);
                Element element3 = DSSXMLUtils.getElement(element2, XPATH__DAAV_DIGEST_METHOD);
                Element element4 = DSSXMLUtils.getElement(element2, XPATH__DAAV_DIGEST_VALUE);
                if (element3 == null || element4 == null) {
                    throw new NotETSICompliantException(NotETSICompliantException.MSG.XADES_DIGEST_ALG_AND_VALUE_ENCODING);
                }
                arrayList.add(new OCSPRef(DigestAlgorithm.forXML(element3.getAttribute("Algorithm")).getName(), DSSUtils.base64Decode(element4.getTextContent()), false));
            }
        }
        return arrayList;
    }

    @Override // eu.europa.ec.markt.dss.validation102853.AdvancedSignature
    public List<X509CRL> getCRLs() {
        ListCRLSource cRLSource = getCRLSource();
        if (cRLSource == null) {
            return null;
        }
        return cRLSource.getContainedCRLs();
    }

    @Override // eu.europa.ec.markt.dss.validation102853.AdvancedSignature
    public List<BasicOCSPResp> getOCSPs() {
        ListOCSPSource oCSPSource = getOCSPSource();
        if (oCSPSource == null) {
            return null;
        }
        return oCSPSource.getContainedOCSPResponses();
    }

    private byte[] getC14nValue(Node node, String str) {
        try {
            return Canonicalizer.getInstance(str).canonicalizeSubtree(node);
        } catch (CanonicalizationException e) {
            throw new RuntimeException("c14n error: " + e.getMessage(), e);
        } catch (InvalidCanonicalizerException e2) {
            throw new RuntimeException("c14n algo error: " + e2.getMessage(), e2);
        }
    }

    private byte[] getC14nValue(List<Node> list, String str) {
        try {
            Canonicalizer canonicalizer = Canonicalizer.getInstance(str);
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            Iterator<Node> it2 = list.iterator();
            while (it2.hasNext()) {
                byteArrayOutputStream.write(canonicalizer.canonicalizeSubtree(it2.next()));
            }
            return byteArrayOutputStream.toByteArray();
        } catch (IOException e) {
            throw new RuntimeException(e);
        } catch (CanonicalizationException e2) {
            throw new RuntimeException("c14n error: " + e2.getMessage(), e2);
        } catch (InvalidCanonicalizerException e3) {
            throw new RuntimeException("c14n algo error: " + e3.getMessage(), e3);
        }
    }

    @Override // eu.europa.ec.markt.dss.validation102853.AdvancedSignature
    public byte[] getSignatureTimestampData() {
        Element element = DSSXMLUtils.getElement(this.signatureElement, "./ds:SignatureValue");
        Element element2 = DSSXMLUtils.getElement(this.signatureElement, "./ds:Object/xades:QualifyingProperties/xades:UnsignedProperties/xades:UnsignedSignatureProperties/xades:SignatureTimeStamp./ds:CanonicalizationMethod");
        return element2 != null ? getC14nValue(element, element2.getTextContent()) : getC14nValue(element, "http://www.w3.org/TR/2001/REC-xml-c14n-20010315");
    }

    @Override // eu.europa.ec.markt.dss.validation102853.AdvancedSignature
    public byte[] getTimestampX1Data() {
        Element element = DSSXMLUtils.getElement(this.signatureElement, "./ds:Object/xades:QualifyingProperties/xades:UnsignedProperties/xades:UnsignedSignatureProperties/xades:SigAndRefsTimeStamp./ds:CanonicalizationMethod");
        String textContent = element != null ? element.getTextContent() : "http://www.w3.org/TR/2001/REC-xml-c14n-20010315";
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            byteArrayOutputStream.write(getC14nValue(DSSXMLUtils.getElement(this.signatureElement, "./ds:SignatureValue"), textContent));
            NodeList nodeList = DSSXMLUtils.getNodeList(this.signatureElement, "./ds:Object/xades:QualifyingProperties/xades:UnsignedProperties/xades:UnsignedSignatureProperties/xades:SignatureTimeStamp");
            if (nodeList != null) {
                for (int i = 0; i < nodeList.getLength(); i++) {
                    byteArrayOutputStream.write(getC14nValue(nodeList.item(i), textContent));
                }
            }
            Element element2 = DSSXMLUtils.getElement(this.signatureElement, "./ds:Object/xades:QualifyingProperties/xades:UnsignedProperties/xades:UnsignedSignatureProperties/xades:CompleteCertificateRefs");
            if (element2 != null) {
                byteArrayOutputStream.write(getC14nValue(element2, textContent));
            }
            Element element3 = DSSXMLUtils.getElement(this.signatureElement, "./ds:Object/xades:QualifyingProperties/xades:UnsignedProperties/xades:UnsignedSignatureProperties/xades:CompleteRevocationRefs");
            if (element3 != null) {
                byteArrayOutputStream.write(getC14nValue(element3, textContent));
            }
            return byteArrayOutputStream.toByteArray();
        } catch (IOException e) {
            throw new DSSException("Error when computing the SigAndRefsTimeStamp", e);
        }
    }

    @Override // eu.europa.ec.markt.dss.validation102853.AdvancedSignature
    public byte[] getTimestampX2Data() {
        ArrayList arrayList = new ArrayList();
        Element element = DSSXMLUtils.getElement(this.signatureElement, "./ds:Object/xades:QualifyingProperties/xades:UnsignedProperties/xades:UnsignedSignatureProperties/xades:CompleteCertificateRefs");
        if (element != null) {
            arrayList.add(element);
        }
        Element element2 = DSSXMLUtils.getElement(this.signatureElement, "./ds:Object/xades:QualifyingProperties/xades:UnsignedProperties/xades:UnsignedSignatureProperties/xades:CompleteRevocationRefs");
        if (element2 != null) {
            arrayList.add(element2);
        }
        Element element3 = DSSXMLUtils.getElement(this.signatureElement, "./ds:Object/xades:QualifyingProperties/xades:UnsignedProperties/xades:UnsignedSignatureProperties/xades:RefsOnlyTimeStamp./ds:CanonicalizationMethod");
        return element3 != null ? getC14nValue(arrayList, element3.getTextContent()) : getC14nValue(arrayList, "http://www.w3.org/TR/2001/REC-xml-c14n-20010315");
    }

    @Override // eu.europa.ec.markt.dss.validation102853.AdvancedSignature
    public byte[] getArchiveTimestampData(TimestampToken timestampToken) {
        String canonicalizationMethod = timestampToken == null ? "http://www.w3.org/TR/2001/REC-xml-c14n-20010315" : timestampToken.getCanonicalizationMethod();
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            IOUtils.copy(new ByteArrayInputStream(this.referencesDigestOutputStream.toByteArray()), byteArrayOutputStream);
            byteArrayOutputStream.write(getC14nValue(DSSXMLUtils.getElement(this.signatureElement, "./ds:SignedInfo"), canonicalizationMethod));
            byteArrayOutputStream.write(getC14nValue(DSSXMLUtils.getElement(this.signatureElement, "./ds:SignatureValue"), canonicalizationMethod));
            byteArrayOutputStream.write(getC14nValue(DSSXMLUtils.getElement(this.signatureElement, "./ds:KeyInfo"), canonicalizationMethod));
            int i = 0;
            NodeList childNodes = getUnsignedSignatureProperties(this.signatureElement).getChildNodes();
            for (int i2 = 0; i2 < childNodes.getLength(); i2++) {
                Node item = childNodes.item(i2);
                String localName = item.getLocalName();
                if (!localName.equals("CertificateValues") && !localName.equals("RevocationValues") && !localName.equals("AttrAuthoritiesCertValues") && !localName.equals("AttributeRevocationValues") && (XMLE_ARCHIVE_TIME_STAMP.equals(localName) || XMLE_ARCHIVE_TIME_STAMP_V2.equals(localName))) {
                    if (timestampToken == null || timestampToken.getDSSId() <= i) {
                        break;
                    }
                    i++;
                }
                byteArrayOutputStream.write(getC14nValue(item, canonicalizationMethod));
            }
            boolean z = true;
            if (timestampToken != null && ArchiveTimestampType.XAdES.equals(timestampToken.getArchiveTimestampType())) {
                z = false;
            }
            if (z) {
                NodeList objects = getObjects();
                for (int i3 = 0; i3 < objects.getLength(); i3++) {
                    Node item2 = objects.item(i3);
                    if (DSSXMLUtils.getElement(item2, "./xades:QualifyingProperties") == null) {
                        byteArrayOutputStream.write(getC14nValue(item2, canonicalizationMethod));
                    }
                }
            }
            return byteArrayOutputStream.toByteArray();
        } catch (IOException e) {
            throw new DSSException("Error when computing the archive data", e);
        }
    }

    private Element getUnsignedSignatureProperties(Element element) {
        Element element2 = DSSXMLUtils.getElement(element, "./ds:Object/xades:QualifyingProperties/xades:UnsignedProperties/xades:UnsignedSignatureProperties");
        if (element2 == null) {
            Element element3 = DSSXMLUtils.getElement(element, "./ds:Object/xades:QualifyingProperties");
            Element element4 = DSSXMLUtils.getElement(element3, "./ds:Object/xades:QualifyingProperties/xades:UnsignedProperties");
            if (element4 == null) {
                element4 = element3.getOwnerDocument().createElementNS("http://uri.etsi.org/01903/v1.3.2#", "UnsignedProperties");
                element3.appendChild(element4);
            }
            element2 = element4.getOwnerDocument().createElementNS("http://uri.etsi.org/01903/v1.3.2#", "UnsignedSignatureProperties");
            element4.appendChild(element2);
        }
        return element2;
    }

    @Override // eu.europa.ec.markt.dss.validation102853.AdvancedSignature
    public String getId() {
        try {
            if (this.id == null) {
                Node node = DSSXMLUtils.getNode(this.signatureElement, "./@Id");
                if (node != null) {
                    this.id = node.getTextContent();
                } else {
                    MessageDigest messageDigest = MessageDigest.getInstance(LdapHashUtils.MD5);
                    messageDigest.update(Long.toString(getSigningTime().getTime()).getBytes());
                    messageDigest.update(getSigningCertificate().getCertToken().getCertificate().getEncoded());
                    this.id = Hex.encodeHexString(messageDigest.digest());
                }
            }
            return this.id;
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    @Override // eu.europa.ec.markt.dss.validation102853.AdvancedSignature
    public List<TimestampReference> getTimestampedReferences() {
        ArrayList arrayList = new ArrayList();
        try {
            NodeList nodeList = DSSXMLUtils.getNodeList(this.signatureElement, XPATH_CERT_DIGEST);
            for (int i = 0; i < nodeList.getLength(); i++) {
                arrayList.add(createCertificateTimestampReference((Element) nodeList.item(i)));
            }
            Element element = DSSXMLUtils.getElement(this.signatureElement, "./ds:Object/xades:QualifyingProperties/xades:UnsignedProperties/xades:UnsignedSignatureProperties/xades:CompleteCertificateRefs");
            if (element != null) {
                NodeList nodeList2 = DSSXMLUtils.getNodeList(element, XPATH__COMPLETE_CERTIFICATE_REFS__CERT_DIGEST);
                for (int i2 = 0; i2 < nodeList2.getLength(); i2++) {
                    arrayList.add(createCertificateTimestampReference((Element) nodeList2.item(i2)));
                }
            }
            Element element2 = DSSXMLUtils.getElement(this.signatureElement, "./ds:Object/xades:QualifyingProperties/xades:UnsignedProperties/xades:UnsignedSignatureProperties/xades:CompleteRevocationRefs");
            if (element2 != null) {
                NodeList nodeList3 = DSSXMLUtils.getNodeList(element2, "./*/*/xades:DigestAlgAndValue");
                for (int i3 = 0; i3 < nodeList3.getLength(); i3++) {
                    Element element3 = (Element) nodeList3.item(i3);
                    String name = DigestAlgorithm.forXML(DSSXMLUtils.getNode(element3, XPATH__DIGEST_METHOD_ALGORITHM).getTextContent()).getName();
                    String textContent = DSSXMLUtils.getElement(element3, XPATH__DIGEST_VALUE).getTextContent();
                    TimestampReference timestampReference = new TimestampReference();
                    timestampReference.setCategory(TimestampCategory.REVOCATION);
                    timestampReference.setDigestAlgorithm(name);
                    timestampReference.setDigestValue(textContent);
                    arrayList.add(timestampReference);
                }
            }
            return arrayList;
        } catch (XPathExpressionException e) {
            throw new EncodingException(EncodingException.MSG.TIMESTAMP_X1_DATA_ENCODING, e);
        }
    }

    private TimestampReference createCertificateTimestampReference(Element element) throws DOMException, XPathExpressionException {
        DigestAlgorithm forXML = DigestAlgorithm.forXML(DSSXMLUtils.getNode(element, XPATH__DIGEST_METHOD_ALGORITHM).getTextContent());
        if (!this.usedCertificatesDigestAlgorithms.contains(forXML)) {
            this.usedCertificatesDigestAlgorithms.add(forXML);
        }
        String textContent = DSSXMLUtils.getElement(element, XPATH__DIGEST_VALUE).getTextContent();
        TimestampReference timestampReference = new TimestampReference();
        timestampReference.setCategory(TimestampCategory.CERTIFICATE);
        timestampReference.setDigestAlgorithm(forXML.getName());
        timestampReference.setDigestValue(textContent);
        return timestampReference;
    }

    @Override // eu.europa.ec.markt.dss.validation102853.AdvancedSignature
    public Set<DigestAlgorithm> getUsedCertificatesDigestAlgorithms() {
        return this.usedCertificatesDigestAlgorithms;
    }

    @Override // eu.europa.ec.markt.dss.validation102853.AdvancedSignature
    public boolean isLevelReached(SignatureFormat signatureFormat) {
        throw new UnsupportedOperationException("Not implemented yet");
    }

    static {
        Init.init();
    }
}
