package no.difi.sdp.client2.asice.signature;

import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;
import java.security.InvalidAlgorithmParameterException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.cert.Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import javax.xml.crypto.MarshalException;
import javax.xml.crypto.dom.DOMStructure;
import javax.xml.crypto.dsig.CanonicalizationMethod;
import javax.xml.crypto.dsig.DigestMethod;
import javax.xml.crypto.dsig.Reference;
import javax.xml.crypto.dsig.SignatureMethod;
import javax.xml.crypto.dsig.Transform;
import javax.xml.crypto.dsig.XMLSignatureException;
import javax.xml.crypto.dsig.XMLSignatureFactory;
import javax.xml.crypto.dsig.dom.DOMSignContext;
import javax.xml.crypto.dsig.keyinfo.KeyInfo;
import javax.xml.crypto.dsig.keyinfo.KeyInfoFactory;
import javax.xml.crypto.dsig.spec.C14NMethodParameterSpec;
import javax.xml.crypto.dsig.spec.DigestMethodParameterSpec;
import javax.xml.crypto.dsig.spec.SignatureMethodParameterSpec;
import javax.xml.crypto.dsig.spec.TransformParameterSpec;
import javax.xml.transform.Transformer;
import javax.xml.transform.TransformerException;
import javax.xml.transform.TransformerFactory;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
import javax.xml.validation.Schema;
import no.difi.sdp.client2.asice.AsicEAttachable;
import no.difi.sdp.client2.domain.Noekkelpar;
import no.difi.sdp.client2.domain.exceptions.KonfigurasjonException;
import no.difi.sdp.client2.domain.exceptions.RuntimeIOException;
import no.difi.sdp.client2.domain.exceptions.SendException;
import no.difi.sdp.client2.domain.exceptions.XmlKonfigurasjonException;
import no.difi.sdp.client2.domain.exceptions.XmlValideringException;
import no.digipost.api.xml.Schemas;
import org.apache.commons.codec.digest.DigestUtils;
import org.springframework.core.io.Resource;
import org.springframework.xml.validation.SchemaLoaderUtils;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.xml.sax.SAXException;

/* loaded from: input_file:no/difi/sdp/client2/asice/signature/CreateSignature.class */
public class CreateSignature {
    private final DigestMethod sha256DigestMethod;
    private final CanonicalizationMethod canonicalizationMethod;
    private final Transform canonicalXmlTransform;
    private final Schema schema;
    private final String asicNamespace = "http://uri.etsi.org/2918/v1.2.1#";
    private final String signedPropertiesType = "http://uri.etsi.org/01903#SignedProperties";
    private final CreateXAdESProperties createXAdESProperties = new CreateXAdESProperties();
    private final TransformerFactory transformerFactory = TransformerFactory.newInstance();

    public CreateSignature() {
        try {
            XMLSignatureFactory signatureFactory = getSignatureFactory();
            this.sha256DigestMethod = signatureFactory.newDigestMethod("http://www.w3.org/2001/04/xmlenc#sha256", (DigestMethodParameterSpec) null);
            this.canonicalizationMethod = signatureFactory.newCanonicalizationMethod("http://www.w3.org/TR/2001/REC-xml-c14n-20010315", (C14NMethodParameterSpec) null);
            this.canonicalXmlTransform = signatureFactory.newTransform("http://www.w3.org/TR/2001/REC-xml-c14n-20010315", (TransformParameterSpec) null);
            this.schema = loadSchema();
        } catch (InvalidAlgorithmParameterException e) {
            throw new KonfigurasjonException("Kunne ikke initialisere xml-signering", e);
        } catch (NoSuchAlgorithmException e2) {
            throw new KonfigurasjonException("Kunne ikke initialisere xml-signering", e2);
        }
    }

    private Schema loadSchema() {
        try {
            return SchemaLoaderUtils.loadSchema(new Resource[]{Schemas.ASICE_SCHEMA}, "http://www.w3.org/2001/XMLSchema");
        } catch (IOException e) {
            throw new KonfigurasjonException("Kunne ikke laste schema for validering av signatures", e);
        } catch (SAXException e2) {
            throw new KonfigurasjonException("Kunne ikke laste schema for validering av signatures", e2);
        }
    }

    public Signature createSignature(Noekkelpar noekkelpar, List<AsicEAttachable> list) throws XmlValideringException {
        XMLSignatureFactory signatureFactory = getSignatureFactory();
        SignatureMethod signatureMethod = getSignatureMethod(signatureFactory);
        List<Reference> references = references(signatureFactory, list);
        references.add(signatureFactory.newReference("#SignedProperties", this.sha256DigestMethod, Collections.singletonList(this.canonicalXmlTransform), "http://uri.etsi.org/01903#SignedProperties", (String) null));
        Document createPropertiesToSign = this.createXAdESProperties.createPropertiesToSign(list, noekkelpar.getVirksomhetssertifikat());
        try {
            signatureFactory.newXMLSignature(signatureFactory.newSignedInfo(this.canonicalizationMethod, signatureMethod, references), keyInfo(signatureFactory, noekkelpar.getVirksomhetssertifikatKjede()), Collections.singletonList(signatureFactory.newXMLObject(Collections.singletonList(new DOMStructure(createPropertiesToSign.getDocumentElement())), (String) null, (String) null, (String) null)), "Signature", (String) null).sign(new DOMSignContext(noekkelpar.getVirksomhetssertifikatPrivatnoekkel(), createPropertiesToSign));
            wrapSignatureInXADeSEnvelope(createPropertiesToSign);
            try {
                ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                Transformer newTransformer = this.transformerFactory.newTransformer();
                this.schema.newValidator().validate(new DOMSource(createPropertiesToSign));
                newTransformer.transform(new DOMSource(createPropertiesToSign), new StreamResult(byteArrayOutputStream));
                return new Signature(byteArrayOutputStream.toByteArray());
            } catch (IOException e) {
                throw new RuntimeIOException(e);
            } catch (TransformerException e2) {
                throw new KonfigurasjonException("Klarte ikke å serialisere XML", e2);
            } catch (SAXException e3) {
                throw new XmlValideringException("Kunne ikke validere generert signatures.xml. Sjekk at input er gyldig og at det ikke er ugyldige tegn i filnavn o.l.", SendException.AntattSkyldig.KLIENT, e3);
            }
        } catch (XMLSignatureException e4) {
            throw new XmlKonfigurasjonException("Klarte ikke å signere ASiC-E element.", e4);
        } catch (MarshalException e5) {
            throw new XmlKonfigurasjonException("Klarte ikke å lese ASiC-E XML for signering", e5);
        }
    }

    private SignatureMethod getSignatureMethod(XMLSignatureFactory xMLSignatureFactory) {
        try {
            return xMLSignatureFactory.newSignatureMethod("http://www.w3.org/2001/04/xmldsig-more#rsa-sha256", (SignatureMethodParameterSpec) null);
        } catch (InvalidAlgorithmParameterException e) {
            throw new KonfigurasjonException("Kunne ikke initialisere xml-signering", e);
        } catch (NoSuchAlgorithmException e2) {
            throw new KonfigurasjonException("Kunne ikke initialisere xml-signering", e2);
        }
    }

    private List<Reference> references(XMLSignatureFactory xMLSignatureFactory, List<AsicEAttachable> list) {
        ArrayList arrayList = new ArrayList();
        for (int i = 0; i < list.size(); i++) {
            try {
                arrayList.add(xMLSignatureFactory.newReference(URLEncoder.encode(list.get(i).getFileName(), "UTF-8"), this.sha256DigestMethod, (List) null, (String) null, String.format("ID_%s", Integer.valueOf(i)), DigestUtils.sha256(list.get(i).getBytes())));
            } catch (UnsupportedEncodingException e) {
                throw new RuntimeException(e);
            }
        }
        return arrayList;
    }

    private KeyInfo keyInfo(XMLSignatureFactory xMLSignatureFactory, Certificate[] certificateArr) {
        KeyInfoFactory keyInfoFactory = xMLSignatureFactory.getKeyInfoFactory();
        return keyInfoFactory.newKeyInfo(Collections.singletonList(keyInfoFactory.newX509Data(Arrays.asList(certificateArr))));
    }

    private void wrapSignatureInXADeSEnvelope(Document document) {
        Node removeChild = document.removeChild(document.getDocumentElement());
        Element createElementNS = document.createElementNS("http://uri.etsi.org/2918/v1.2.1#", "XAdESSignatures");
        createElementNS.appendChild(removeChild);
        document.appendChild(createElementNS);
    }

    private XMLSignatureFactory getSignatureFactory() {
        try {
            return XMLSignatureFactory.getInstance("DOM", "XMLDSig");
        } catch (NoSuchProviderException e) {
            throw new KonfigurasjonException("Fant ikke XML Digital Signature-provider. Biblioteket avhenger av default Java-provider.");
        }
    }
}
