package eu.europa.esig.dss.xades.validation;

import eu.europa.esig.dss.DomUtils;
import eu.europa.esig.dss.definition.xmldsig.XMLDSigPaths;
import eu.europa.esig.dss.model.x509.CertificateToken;
import eu.europa.esig.dss.utils.Utils;
import eu.europa.esig.dss.validation.BaselineRequirementsChecker;
import eu.europa.esig.dss.validation.CertificateVerifier;
import eu.europa.esig.dss.xades.DSSXMLUtils;
import eu.europa.esig.dss.xades.XAdESSignatureUtils;
import eu.europa.esig.dss.xades.definition.XAdESNamespaces;
import eu.europa.esig.dss.xades.definition.XAdESPaths;
import eu.europa.esig.dss.xades.definition.xades132.XAdES132Attribute;
import java.util.Iterator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
import signservice.org.apache.xml.security.signature.Reference;

/* loaded from: input_file:eu/europa/esig/dss/xades/validation/XAdESBaselineRequirementsChecker.class */
public class XAdESBaselineRequirementsChecker extends BaselineRequirementsChecker<XAdESSignature> {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) XAdESBaselineRequirementsChecker.class);

    public XAdESBaselineRequirementsChecker(XAdESSignature xAdESSignature, CertificateVerifier certificateVerifier) {
        super(xAdESSignature, certificateVerifier);
    }

    @Override // eu.europa.esig.dss.validation.BaselineRequirementsChecker
    public boolean hasBaselineBProfile() {
        Element signatureElement = ((XAdESSignature) this.signature).getSignatureElement();
        XAdESPaths xAdESPaths = ((XAdESSignature) this.signature).getXAdESPaths();
        if (getNumberOfOccurrences(signatureElement, XMLDSigPaths.KEY_INFO_PATH) != 1) {
            LOG.warn("ds:KeyInfo element shall be present for XAdES-BASELINE-B signature (cardinality == 1)!");
            return false;
        }
        if (getNumberOfOccurrences(signatureElement, XMLDSigPaths.SIGNED_INFO_CANONICALIZATION_METHOD) != 1) {
            LOG.warn("ds:SignedInfo/ds:CanonicalizationMethod element shall be present for XAdES-BASELINE-B signature (cardinality == 1)!");
            return false;
        }
        if (getNumberOfOccurrences(signatureElement, XMLDSigPaths.SIGNED_INFO_REFERENCE_PATH) < 2) {
            LOG.warn("ds:SignedInfo/ds:Reference element shall be present for XAdES-BASELINE-B signature (cardinality >= 2)!");
            return false;
        }
        NodeList nodeList = DomUtils.getNodeList(signatureElement, XMLDSigPaths.SIGNED_INFO_REFERENCE_PATH);
        if (nodeList != null && nodeList.getLength() > 0) {
            for (int i = 0; i < nodeList.getLength(); i++) {
                if (DomUtils.getNodesAmount((Element) nodeList.item(i), XMLDSigPaths.TRANSFORMS_PATH) > 1) {
                    LOG.warn("Only one ds:Reference/ds:Transforms may be present for XAdES-BASELINE-B signature (cardinality 0 or 1)!");
                    return false;
                }
            }
        }
        if (getNumberOfOccurrences(signatureElement, xAdESPaths.getSigningTimePath()) != 1) {
            LOG.warn("SigningTime shall be present for XAdES-BASELINE-B signature (cardinality == 1)!");
            return false;
        }
        if (!isSigningCertificatePresent(signatureElement, xAdESPaths)) {
            LOG.warn("SigningCertificate(V2) shall be present for XAdES-BASELINE-B signature (cardinality == 1)!");
            return false;
        }
        NodeList nodeList2 = DomUtils.getNodeList(signatureElement, xAdESPaths.getDataObjectFormat());
        for (int i2 = 0; i2 < nodeList2.getLength(); i2++) {
            Element element = (Element) nodeList2.item(i2);
            if (getNumberOfOccurrences(element, xAdESPaths.getCurrentDescription()) > 1) {
                LOG.warn("Only one DataObjectFormat/Description may be present for XAdES-BASELINE-B signature (cardinality 0 or 1)!");
                return false;
            }
            if (getNumberOfOccurrences(element, xAdESPaths.getCurrentObjectIdentifier()) > 1) {
                LOG.warn("Only one DataObjectFormat/ObjectIdentifier may be present for XAdES-BASELINE-B signature (cardinality 0 or 1)!");
                return false;
            }
            if (getNumberOfOccurrences(element, xAdESPaths.getCurrentMimeType()) != 1) {
                LOG.warn("DataObjectFormat/MimeType shall be present for XAdES-BASELINE-B signature (cardinality == 1)!");
                return false;
            }
            if (getNumberOfOccurrences(element, xAdESPaths.getCurrentEncoding()) > 1) {
                LOG.warn("Only one DataObjectFormat/Encoding may be present for XAdES-BASELINE-B signature (cardinality 0 or 1)!");
                return false;
            }
            if (!element.hasAttribute(XAdES132Attribute.OBJECT_REFERENCE.getAttributeName())) {
                LOG.warn("DataObjectFormat's ObjectReference attribute shall be present for XAdES-BASELINE-B signature (cardinality == 1)!");
                return false;
            }
        }
        if (getNumberOfOccurrences(signatureElement, xAdESPaths.getSignerRolePath()) + getNumberOfOccurrences(signatureElement, xAdESPaths.getSignerRoleV2Path()) > 1) {
            LOG.warn("Only one SignerRole(V2) may be present for XAdES-BASELINE-B signature (cardinality 0 or 1)!");
            return false;
        }
        if (getNumberOfOccurrences(signatureElement, xAdESPaths.getSignatureProductionPlacePath()) + getNumberOfOccurrences(signatureElement, xAdESPaths.getSignatureProductionPlaceV2Path()) > 1) {
            LOG.warn("Only one SignatureProductionPlace(V2) may be present for XAdES-BASELINE-B signature (cardinality 0 or 1)!");
            return false;
        }
        if (getNumberOfOccurrences(signatureElement, xAdESPaths.getSignaturePolicyIdentifierPath()) > 1) {
            LOG.warn("Only one SignaturePolicyIdentifier may be present for XAdES-BASELINE-B signature (cardinality 0 or 1)!");
            return false;
        }
        int numberOfOccurrences = getNumberOfOccurrences(signatureElement, xAdESPaths.getSignaturePolicyStorePath());
        if (numberOfOccurrences == 1) {
            if (!isSignaturePolicyIdentifierHashPresent()) {
                LOG.warn("SignaturePolicyStore shall not be present for XAdES-BASELINE-B signature with not defined SignaturePolicyIdentifier/SigPolicyHash (requirement (m))!");
            }
        } else if (numberOfOccurrences > 1) {
            LOG.warn("Only one SignaturePolicyIdentifier may be present for XAdES-BASELINE-B signature (cardinality 0 or 1)!");
            return false;
        }
        String archiveTimestampPath = xAdESPaths.getArchiveTimestampPath();
        if (Utils.isStringNotEmpty(archiveTimestampPath)) {
            NodeList nodeList3 = DomUtils.getNodeList(signatureElement, archiveTimestampPath);
            for (int i3 = 0; i3 < nodeList3.getLength(); i3++) {
                if (XAdESNamespaces.XADES_132.getUri().equals(nodeList3.item(i3).getNamespaceURI())) {
                    LOG.warn("xades132:ArchiveTimeStamp shall not be present for XAdES-BASELINE-B signature (cardinality == 0)!");
                    return false;
                }
            }
        }
        if (!containsSigningCertificate(((XAdESSignature) this.signature).getCertificateSource().getKeyInfoCertificates())) {
            LOG.warn("Signing certificate shall be present in ds:KeyInfo/ds:X509Data/ds:X509Certificate for XAdES-BASELINE-B signature (requirement (a))!");
            return false;
        }
        Element signedInfo = ((XAdESSignature) this.signature).getSignedInfo();
        if (signedInfo != null) {
            String value = DomUtils.getValue(signedInfo, XMLDSigPaths.CANONICALIZATION_ALGORITHM_PATH);
            if (Utils.isStringNotEmpty(value)) {
                boolean z = -1;
                switch (value.hashCode()) {
                    case -2012395451:
                        if (value.equals("http://www.w3.org/TR/2001/REC-xml-c14n-20010315")) {
                            z = 2;
                            break;
                        }
                        break;
                    case -1921474859:
                        if (value.equals("http://www.w3.org/2006/12/xml-c14n11")) {
                            z = false;
                            break;
                        }
                        break;
                    case -549269964:
                        if (value.equals("http://www.w3.org/2001/10/xml-exc-c14n#")) {
                            z = true;
                            break;
                        }
                        break;
                    case -39983128:
                        if (value.equals("http://www.w3.org/2006/12/xml-c14n11#WithComments")) {
                            z = 3;
                            break;
                        }
                        break;
                    case 246158456:
                        if (value.equals("http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments")) {
                            z = 5;
                            break;
                        }
                        break;
                    case 1783513390:
                        if (value.equals("http://www.w3.org/2001/10/xml-exc-c14n#WithComments")) {
                            z = 4;
                            break;
                        }
                        break;
                }
                switch (z) {
                    case false:
                    case true:
                    case true:
                    case true:
                    case true:
                    case true:
                        break;
                    default:
                        LOG.warn("ds:SignedInfo/ds:CanonicalizationMethod contains not accepted Algorithm attribute value for XAdES-BASELINE-B signature (requirement (d))!");
                        return false;
                }
            }
        }
        String signingCertificateV2Path = xAdESPaths.getSigningCertificateV2Path();
        if (Utils.isStringNotEmpty(signingCertificateV2Path)) {
            NodeList nodeList4 = DomUtils.getNodeList(signatureElement, signingCertificateV2Path);
            if (nodeList4.getLength() == 1) {
                NodeList nodeList5 = DomUtils.getNodeList(nodeList4.item(0), xAdESPaths.getCurrentCertChildren());
                for (int i4 = 0; i4 < nodeList5.getLength(); i4++) {
                    if (((Element) nodeList5.item(i4)).hasAttribute(XAdES132Attribute.URI.getAttributeName())) {
                        LOG.warn("SigningCertificateV2/Cert shall not include URI optional attribute for XAdES-BASELINE-B signature (requirement (i))!");
                        return false;
                    }
                }
            }
        }
        for (Reference reference : ((XAdESSignature) this.signature).getReferences()) {
            if ((!DomUtils.startsFromHash(reference.getURI()) && !DomUtils.isXPointerQuery(reference.getURI())) || (!DSSXMLUtils.isSignedProperties(reference, xAdESPaths) && !DSSXMLUtils.isCounterSignatureReferenceType(reference.getType()) && !DSSXMLUtils.isManifestReferenceType(reference.getType()) && !DSSXMLUtils.isKeyInfoReference(reference, signatureElement) && !DSSXMLUtils.isSignaturePropertiesReference(reference, signatureElement))) {
                String id = reference.getId();
                if (Utils.isStringNotEmpty(id)) {
                    boolean z2 = false;
                    for (int i5 = 0; i5 < nodeList2.getLength(); i5++) {
                        if (id.equals(DomUtils.getId(((Element) nodeList2.item(i5)).getAttribute(XAdES132Attribute.OBJECT_REFERENCE.getAttributeName())))) {
                            z2 = true;
                        }
                    }
                    if (!z2) {
                        LOG.warn("DataObjectFormat shall be generated for each signed data for XAdES-BASELINE-B signature (requirement (k))!");
                        return false;
                    }
                } else {
                    continue;
                }
            }
        }
        return true;
    }

    @Override // eu.europa.esig.dss.validation.BaselineRequirementsChecker
    public boolean hasBaselineTProfile() {
        if (!minimalTRequirement()) {
            return false;
        }
        Element signatureElement = ((XAdESSignature) this.signature).getSignatureElement();
        XAdESPaths xAdESPaths = ((XAdESSignature) this.signature).getXAdESPaths();
        NodeList nodeList = DomUtils.getNodeList(signatureElement, xAdESPaths.getSignatureTimestampPath());
        for (int i = 0; i < nodeList.getLength(); i++) {
            if (DomUtils.getNodeList(nodeList.item(i), xAdESPaths.getCurrentEncapsulatedTimestamp()).getLength() != 1) {
                LOG.warn("SignatureTimeStamp shall contain only one electronic timestamp for XAdES-BASELINE-T signature (requirement (n))!");
                return false;
            }
        }
        if (signatureTimestampsCreatedBeforeSignCertExpiration()) {
            return true;
        }
        LOG.warn("SignatureTimeStamp shall be created before expiration of the signing-certificate for XAdES-BASELINE-T signature (requirement (o))!");
        return false;
    }

    @Override // eu.europa.esig.dss.validation.BaselineRequirementsChecker
    public boolean hasBaselineLTProfile() {
        if (!minimalLTRequirement()) {
            return false;
        }
        Element signatureElement = ((XAdESSignature) this.signature).getSignatureElement();
        XAdESPaths xAdESPaths = ((XAdESSignature) this.signature).getXAdESPaths();
        if (getNumberOfOccurrences(signatureElement, xAdESPaths.getCertificateValuesPath()) > 1) {
            LOG.warn("Only one CertificateValues element may be present for XAdES-BASELINE-LT signature (cardinality 0 or 1)!");
            return false;
        }
        if (getNumberOfOccurrences(signatureElement, xAdESPaths.getCompleteCertificateRefsPath()) + getNumberOfOccurrences(signatureElement, xAdESPaths.getCompleteCertificateRefsV2Path()) > 0) {
            LOG.warn("CompleteCertificateRefs(V2) shall not be present for XAdES-BASELINE-LT signature (cardinality == 0)!");
            return false;
        }
        if (getNumberOfOccurrences(signatureElement, xAdESPaths.getAttrAuthoritiesCertValuesPath()) > 1) {
            LOG.warn("Only one AttrAuthoritiesCertValues element may be present for XAdES-BASELINE-LT signature (cardinality 0 or 1)!");
            return false;
        }
        if (getNumberOfOccurrences(signatureElement, xAdESPaths.getRevocationValuesPath()) > 1) {
            LOG.warn("Only one RevocationValues element may be present for XAdES-BASELINE-LT signature (cardinality 0 or 1)!");
            return false;
        }
        if (getNumberOfOccurrences(signatureElement, xAdESPaths.getCompleteRevocationRefsPath()) > 0) {
            LOG.warn("CompleteRevocationRefs shall not be present for XAdES-BASELINE-LT signature (cardinality == 0)!");
            return false;
        }
        if (getNumberOfOccurrences(signatureElement, xAdESPaths.getAttributeRevocationValuesPath()) > 1) {
            LOG.warn("AttributeRevocationValues shall not be present for XAdES-BASELINE-LT signature (cardinality 0 or 1)!");
            return false;
        }
        if (getNumberOfOccurrences(signatureElement, xAdESPaths.getSigAndRefsTimestampPath()) + getNumberOfOccurrences(signatureElement, xAdESPaths.getSigAndRefsTimestampV2Path()) > 0) {
            LOG.warn("SigAndRefsTimeStamp(V2) shall not be present for XAdES-BASELINE-LT signature (cardinality == 0)!");
            return false;
        }
        if (getNumberOfOccurrences(signatureElement, xAdESPaths.getRefsOnlyTimestampPath()) + getNumberOfOccurrences(signatureElement, xAdESPaths.getRefsOnlyTimestampV2Path()) <= 0) {
            return true;
        }
        LOG.warn("RefsOnlyTimeStampV2 shall not be present for XAdES-BASELINE-LT signature (cardinality == 0)!");
        return false;
    }

    @Override // eu.europa.esig.dss.validation.BaselineRequirementsChecker
    public boolean hasBaselineLTAProfile() {
        return minimalLTARequirement();
    }

    public boolean hasExtendedBESProfile() {
        Element signatureElement = ((XAdESSignature) this.signature).getSignatureElement();
        XAdESPaths xAdESPaths = ((XAdESSignature) this.signature).getXAdESPaths();
        if (getNumberOfOccurrences(signatureElement, xAdESPaths.getSigningTimePath()) > 1) {
            LOG.warn("Only one SigningTime may be present for XAdES-BES signature (cardinality 0 or 1)!");
            return false;
        }
        if (getNumberOfOccurrences(signatureElement, xAdESPaths.getSigningCertificatePath()) + getNumberOfOccurrences(signatureElement, xAdESPaths.getSigningCertificateV2Path()) > 1) {
            LOG.warn("Only one SigningCertificate(V2) may be present for XAdES-BES signature (cardinality 0 or 1)!");
            return false;
        }
        if (getNumberOfOccurrences(signatureElement, xAdESPaths.getSignatureProductionPlacePath()) + getNumberOfOccurrences(signatureElement, xAdESPaths.getSignatureProductionPlaceV2Path()) > 1) {
            LOG.warn("Only one SignatureProductionPlace(V2) may be present for XAdES-BES signature (cardinality 0 or 1)!");
            return false;
        }
        if (getNumberOfOccurrences(signatureElement, xAdESPaths.getSignerRolePath()) + getNumberOfOccurrences(signatureElement, xAdESPaths.getSignerRoleV2Path()) > 1) {
            LOG.warn("Only one SignerRole(V2) may be present for XAdES-BES signature (cardinality 0 or 1)!");
            return false;
        }
        if (isSigningCertificatePresent(signatureElement, xAdESPaths) || isSigningCertificateSignedInKeyInfo()) {
            return true;
        }
        LOG.warn("SigningCertificate(V2) shall be present for XAdES-BES signature or be present in ds:KeyInfo and signed by the signature (requirement (a))!");
        return false;
    }

    public boolean hasExtendedEPESProfile() {
        Element signatureElement = ((XAdESSignature) this.signature).getSignatureElement();
        XAdESPaths xAdESPaths = ((XAdESSignature) this.signature).getXAdESPaths();
        if (getNumberOfOccurrences(signatureElement, xAdESPaths.getSignaturePolicyIdentifierPath()) != 1) {
            LOG.debug("SignaturePolicyIdentifier shall be present for XAdES-EPES signature (cardinality == 1)!");
            return false;
        }
        int numberOfOccurrences = getNumberOfOccurrences(signatureElement, xAdESPaths.getSignaturePolicyStorePath());
        if (numberOfOccurrences > 1) {
            LOG.debug("Only one SignaturePolicyStore may be present for XAdES-EPES signature (cardinality 0 or 1)!");
            return false;
        }
        if (numberOfOccurrences != 1 || isSignaturePolicyIdentifierHashPresent()) {
            return true;
        }
        LOG.debug("SignaturePolicyStore may be present for XAdES-EPES signature only if SignaturePolicyIdentifier is present and it contains SigPolicyHash element (requirement (c))!");
        return false;
    }

    public boolean hasExtendedTProfile() {
        if (!minimalTRequirement()) {
            return false;
        }
        Element signatureElement = ((XAdESSignature) this.signature).getSignatureElement();
        XAdESPaths xAdESPaths = ((XAdESSignature) this.signature).getXAdESPaths();
        NodeList nodeList = DomUtils.getNodeList(signatureElement, xAdESPaths.getSignatureTimestampPath());
        for (int i = 0; i < nodeList.getLength(); i++) {
            if (DomUtils.getNodeList(nodeList.item(i), xAdESPaths.getCurrentEncapsulatedTimestamp()).getLength() == 0) {
                LOG.warn("SignatureTimeStamp shall contain one or more electronic timestamp for XAdES-T signature (requirement (d))!");
                return false;
            }
        }
        if (signatureTimestampsCreatedBeforeSignCertExpiration()) {
            return true;
        }
        LOG.warn("SignatureTimeStamp shall be created before expiration of the signing-certificate for XAdES-T signature (requirement (e))!");
        return false;
    }

    public boolean hasExtendedCProfile() {
        boolean isAllSelfSigned = getCertificateSourcesExceptLastArchiveTimestamp().isAllSelfSigned();
        Element signatureElement = ((XAdESSignature) this.signature).getSignatureElement();
        XAdESPaths xAdESPaths = ((XAdESSignature) this.signature).getXAdESPaths();
        if (getNumberOfOccurrences(signatureElement, xAdESPaths.getCompleteCertificateRefsPath()) + getNumberOfOccurrences(signatureElement, xAdESPaths.getCompleteCertificateRefsV2Path()) != (isAllSelfSigned ? 0 : 1)) {
            if (isAllSelfSigned) {
                LOG.debug("CompleteCertificateRefs(V2) shall not be present for XAdES-C signature with all self-signed certificates (cardinality == 0})!");
                return false;
            }
            LOG.debug("CompleteCertificateRefs(V2) shall be present for XAdES-C signature (cardinality == 1})!");
            return false;
        }
        if (getNumberOfOccurrences(signatureElement, xAdESPaths.getCompleteRevocationRefsPath()) == (isAllSelfSigned ? 0 : 1)) {
            return true;
        }
        if (isAllSelfSigned) {
            LOG.debug("CompleteRevocationRefs shall not be present for XAdES-C signature with all self-signed certificates (cardinality == 0})!");
            return false;
        }
        LOG.debug("CompleteRevocationRefs shall be present for XAdES-C signature (cardinality == 1})!");
        return false;
    }

    public boolean hasExtendedXProfile() {
        Element signatureElement = ((XAdESSignature) this.signature).getSignatureElement();
        XAdESPaths xAdESPaths = ((XAdESSignature) this.signature).getXAdESPaths();
        boolean isElementPresent = isElementPresent(signatureElement, xAdESPaths.getRefsOnlyTimestampPath());
        boolean isElementPresent2 = isElementPresent(signatureElement, xAdESPaths.getRefsOnlyTimestampV2Path());
        boolean isElementPresent3 = isElementPresent(signatureElement, xAdESPaths.getSigAndRefsTimestampPath());
        boolean isElementPresent4 = isElementPresent(signatureElement, xAdESPaths.getSigAndRefsTimestampV2Path());
        if (isElementPresent || isElementPresent2 || isElementPresent3 || isElementPresent4) {
            return true;
        }
        LOG.debug("Either RefsOnlyTimestamp(V2) or SigAndRefsTimestamp(V2) shall be present for XAdES-X signature)!");
        return false;
    }

    public boolean hasExtendedXLProfile() {
        return minimalLTRequirement();
    }

    public boolean hasExtendedAProfile() {
        return minimalLTARequirement();
    }

    private boolean isSigningCertificatePresent(Element element, XAdESPaths xAdESPaths) {
        return getNumberOfOccurrences(element, xAdESPaths.getSigningCertificatePath()) + getNumberOfOccurrences(element, xAdESPaths.getSigningCertificateV2Path()) == 1;
    }

    private boolean isSigningCertificateSignedInKeyInfo() {
        CertificateToken signingCertificateToken = ((XAdESSignature) this.signature).getSigningCertificateToken();
        if (signingCertificateToken == null || !XAdESSignatureUtils.isKeyInfoCovered((XAdESSignature) this.signature)) {
            return false;
        }
        Iterator<CertificateToken> it = ((XAdESCertificateSource) ((XAdESSignature) this.signature).getCertificateSource()).getKeyInfoCertificates().iterator();
        while (it.hasNext()) {
            if (signingCertificateToken.equals(it.next())) {
                return true;
            }
        }
        return false;
    }

    private int getNumberOfOccurrences(Element element, String str) {
        if (element == null || !Utils.isStringNotEmpty(str)) {
            return 0;
        }
        return DomUtils.getNodesAmount(element, str);
    }

    private boolean isElementPresent(Node node, String str) {
        if (Utils.isStringEmpty(str)) {
            return false;
        }
        return DomUtils.isNotEmpty(node, str);
    }
}
