package network.oxalis.vefa.peppol.security.xmldsig;

import ch.qos.logback.core.CoreConstants;
import java.security.KeyStore;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import javax.xml.crypto.dsig.SignedInfo;
import javax.xml.crypto.dsig.XMLSignatureFactory;
import javax.xml.crypto.dsig.dom.DOMSignContext;
import javax.xml.crypto.dsig.keyinfo.KeyInfoFactory;
import javax.xml.crypto.dsig.spec.C14NMethodParameterSpec;
import javax.xml.crypto.dsig.spec.DigestMethodParameterSpec;
import javax.xml.crypto.dsig.spec.SignatureMethodParameterSpec;
import javax.xml.crypto.dsig.spec.TransformParameterSpec;
import javax.xml.transform.Result;
import javax.xml.transform.Transformer;
import javax.xml.transform.TransformerFactory;
import javax.xml.transform.dom.DOMSource;
import network.oxalis.vefa.peppol.common.lang.PeppolRuntimeException;
import network.oxalis.vefa.peppol.common.util.ExceptionUtil;
import network.oxalis.vefa.peppol.security.lang.PeppolSecurityException;
import org.w3c.dom.Document;
import org.w3c.dom.Element;

/* loaded from: input_file:WEB-INF/lib/peppol-security-2.5.0.jar:network/oxalis/vefa/peppol/security/xmldsig/XmldsigSigner.class */
public class XmldsigSigner {
    private static TransformerFactory transformerFactory;
    private static XMLSignatureFactory xmlSignatureFactory;
    private String digestMethod;
    private String signatureMethod;

    public static XmldsigSigner SHA1() {
        return new XmldsigSigner("http://www.w3.org/2000/09/xmldsig#sha1", "http://www.w3.org/2000/09/xmldsig#rsa-sha1");
    }

    public static XmldsigSigner SHA256() {
        return new XmldsigSigner("http://www.w3.org/2001/04/xmlenc#sha256", ExtraSignatureMethod.RSA_SHA256);
    }

    XmldsigSigner(String str, String str2) {
        this.digestMethod = str;
        this.signatureMethod = str2;
    }

    public void sign(Document document, KeyStore.PrivateKeyEntry privateKeyEntry, Result result) throws PeppolSecurityException {
        sign(document.getDocumentElement(), privateKeyEntry, result);
    }

    public void sign(Element element, KeyStore.PrivateKeyEntry privateKeyEntry, Result result) throws PeppolSecurityException {
        try {
            SignedInfo newSignedInfo = xmlSignatureFactory.newSignedInfo(xmlSignatureFactory.newCanonicalizationMethod("http://www.w3.org/TR/2001/REC-xml-c14n-20010315", (C14NMethodParameterSpec) null), xmlSignatureFactory.newSignatureMethod(this.signatureMethod, (SignatureMethodParameterSpec) null), Collections.singletonList(xmlSignatureFactory.newReference(CoreConstants.EMPTY_STRING, xmlSignatureFactory.newDigestMethod(this.digestMethod, (DigestMethodParameterSpec) null), Collections.singletonList(xmlSignatureFactory.newTransform("http://www.w3.org/2000/09/xmldsig#enveloped-signature", (TransformParameterSpec) null)), (String) null, (String) null)));
            X509Certificate x509Certificate = (X509Certificate) privateKeyEntry.getCertificate();
            ArrayList arrayList = new ArrayList();
            arrayList.add(x509Certificate.getSubjectX500Principal().getName());
            arrayList.add(x509Certificate);
            KeyInfoFactory keyInfoFactory = xmlSignatureFactory.getKeyInfoFactory();
            xmlSignatureFactory.newXMLSignature(newSignedInfo, keyInfoFactory.newKeyInfo(Collections.singletonList(keyInfoFactory.newX509Data(arrayList)))).sign(new DOMSignContext(privateKeyEntry.getPrivateKey(), element));
            Transformer newTransformer = transformerFactory.newTransformer();
            newTransformer.setParameter("indent", "no");
            newTransformer.transform(new DOMSource(element), result);
        } catch (Exception e) {
            throw new PeppolSecurityException(e.getMessage(), e);
        }
    }

    static {
        ExceptionUtil.perform(PeppolRuntimeException.class, () -> {
            transformerFactory = TransformerFactory.newInstance();
            xmlSignatureFactory = XMLSignatureFactory.getInstance("DOM");
        });
    }
}
