package se.idsec.sigval.xml.xmlstruct.impl;

import java.io.IOException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.stream.Stream;
import org.apache.commons.lang.StringUtils;
import org.apache.xml.security.exceptions.XMLSecurityException;
import org.apache.xml.security.keys.KeyInfo;
import org.apache.xml.security.keys.content.X509Data;
import org.apache.xml.security.keys.content.x509.XMLX509Certificate;
import org.apache.xml.security.signature.SignedInfo;
import org.apache.xml.security.signature.XMLSignature;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
import se.idsec.signservice.security.certificate.CertificateUtils;
import se.idsec.sigval.xml.utils.XMLDocumentBuilder;
import se.idsec.sigval.xml.xmlstruct.SignatureData;
import se.idsec.sigval.xml.xmlstruct.XMLSigConstants;
import se.idsec.sigval.xml.xmlstruct.XMLSignatureContext;

/* loaded from: input_file:se/idsec/sigval/xml/xmlstruct/impl/DefaultXMLSignatureContext.class */
public class DefaultXMLSignatureContext implements XMLSignatureContext, XMLSigConstants {
    private static final Logger log = LoggerFactory.getLogger(DefaultXMLSignatureContext.class);
    private static final String[] idNames = {"iD", "id", "Id", "ID"};
    private final Document document;
    private final byte[] documentBytes;
    private final String rootNamespaceURI;
    private final String rootElementName;
    private final String rootIdAttrVal;

    public DefaultXMLSignatureContext(Document document) throws IOException {
        try {
            this.document = document;
            this.documentBytes = XMLDocumentBuilder.getCanonicalDocBytes(document);
            Element documentElement = document.getDocumentElement();
            this.rootNamespaceURI = documentElement.getNamespaceURI();
            this.rootElementName = documentElement.getLocalName();
            this.rootIdAttrVal = getIdAttrVal(document.getDocumentElement());
        } catch (Exception e) {
            throw new IOException(e);
        }
    }

    private String getIdAttrVal(Element element) {
        String str = null;
        for (String str2 : idNames) {
            str = getIdAttrVal(str2, element, str);
        }
        return str;
    }

    private String getIdAttrVal(String str, Element element, String str2) {
        String attribute = element.getAttribute(str);
        return StringUtils.isNotEmpty(attribute) ? attribute : str2;
    }

    private byte[] getSignedDocument(Map<String, byte[]> map) {
        try {
            Stream<String> stream = map.keySet().stream();
            Objects.requireNonNull(map);
            Optional findFirst = stream.map((v1) -> {
                return r1.get(v1);
            }).map(bArr -> {
                try {
                    return XMLDocumentBuilder.getDocument(bArr);
                } catch (Exception e) {
                    return null;
                }
            }).filter((v0) -> {
                return Objects.nonNull(v0);
            }).filter(document -> {
                return isFragmentMatchingRootElement(document, map);
            }).findFirst();
            if (findFirst.isPresent()) {
                return XMLDocumentBuilder.getCanonicalDocBytes((Document) findFirst.get());
            }
            return null;
        } catch (Exception e) {
            log.debug("Failed to parse and retrieve a matching document: {}", e.getMessage());
            return null;
        }
    }

    private boolean isFragmentMatchingRootElement(Document document, Map<String, byte[]> map) {
        boolean equals;
        try {
            Element documentElement = document.getDocumentElement();
            String namespaceURI = documentElement.getNamespaceURI();
            String localName = documentElement.getLocalName();
            if (this.rootNamespaceURI == null) {
                equals = namespaceURI == null;
            } else {
                equals = this.rootNamespaceURI.equals(namespaceURI);
            }
            return equals && this.rootElementName.equals(localName) && ((this.rootIdAttrVal == null || this.rootIdAttrVal.isEmpty()) ? map.containsKey("") : map.containsKey("#" + this.rootIdAttrVal));
        } catch (Exception e) {
            log.debug("Signature match check cause exception - {}", e.getMessage());
            return false;
        }
    }

    private boolean isCoversWholeDocument(Map<String, byte[]> map) {
        if (map.containsKey("")) {
            return true;
        }
        return map.containsKey("#" + this.rootIdAttrVal);
    }

    @Override // se.idsec.sigval.xml.xmlstruct.XMLSignatureContext
    public SignatureData getSignatureData(Element element) throws IOException {
        SignatureData.SignatureDataBuilder builder = SignatureData.builder();
        try {
            XMLSignature xMLSignature = new XMLSignature(element, "");
            SignedInfo signedInfo = xMLSignature.getSignedInfo();
            NodeList elementsByTagNameNS = signedInfo.getElement().getElementsByTagNameNS(XMLSigConstants.XMLDSIG_NS, "Reference");
            HashMap hashMap = new HashMap();
            for (int i = 0; i < elementsByTagNameNS.getLength(); i++) {
                Element element2 = (Element) elementsByTagNameNS.item(i);
                if (XMLSigConstants.XMLDSIG_V2_TRANSFORM.equalsIgnoreCase(getTransformAlgorithm(element2))) {
                    throw new IOException("XMLDsig version 2.0 signatures not supported");
                }
                String attribute = element2.getAttribute("URI");
                if (StringUtils.isNotEmpty(attribute.trim())) {
                    registerId(attribute);
                }
                byte[] bArr = null;
                try {
                    bArr = signedInfo.getReferencedContentAfterTransformsItem(i).getBytes();
                } catch (Exception e) {
                }
                hashMap.put(attribute, bArr);
            }
            builder.refDataMap(hashMap).signature(xMLSignature).coversWholeDoc(isCoversWholeDocument(hashMap)).signedDocument(getSignedDocument(hashMap)).signatureBytes(xMLSignature.getSignatureValue()).signedInfoBytes(xMLSignature.getSignedInfo().getCanonicalizedOctetStream());
            KeyInfo keyInfo = xMLSignature.getKeyInfo();
            if (keyInfo != null) {
                builder.signerCertificate(keyInfo.getX509Certificate()).signatureCertChain(getAllSignatureCertificates(keyInfo));
            }
            return builder.build();
        } catch (Exception e2) {
            log.error("Error parsing ref URI from signature");
            throw new IOException("Error parsing ref URI from signature", e2);
        }
    }

    private void registerId(String str) {
        NodeList elementsByTagName = this.document.getDocumentElement().getElementsByTagName("*");
        ArrayList arrayList = new ArrayList();
        for (int i = 0; i < elementsByTagName.getLength(); i++) {
            Node item = elementsByTagName.item(i);
            if (item instanceof Element) {
                Element element = (Element) item;
                String idAttrVal = getIdAttrVal(element);
                if (StringUtils.isNotEmpty(idAttrVal) && str.equals("#" + idAttrVal)) {
                    arrayList.add(element);
                }
            }
        }
        if (arrayList.size() == 1) {
            registerIdInElement((Element) arrayList.get(0), str);
        }
    }

    private void registerIdInElement(Element element, String str) {
        for (String str2 : idNames) {
            String attribute = element.getAttribute(str2);
            if (StringUtils.isNotEmpty(attribute) && ("#" + attribute).equals(str)) {
                element.setIdAttribute(str2, true);
            }
        }
    }

    private String getTransformAlgorithm(Element element) {
        NodeList elementsByTagNameNS = element.getElementsByTagNameNS(XMLSigConstants.XMLDSIG_NS, "Transform");
        if (elementsByTagNameNS == null || elementsByTagNameNS.getLength() < 1) {
            return null;
        }
        try {
            String attribute = ((Element) elementsByTagNameNS.item(0)).getAttribute("Algorithm");
            if (StringUtils.isNotEmpty(attribute)) {
                return attribute;
            }
            return null;
        } catch (Exception e) {
            log.debug("Failed to obtain transform algorithm: {}", e.getMessage());
            return null;
        }
    }

    protected List<X509Certificate> getAllSignatureCertificates(KeyInfo keyInfo) {
        ArrayList arrayList = new ArrayList();
        for (int i = 0; i < keyInfo.lengthX509Data(); i++) {
            try {
                X509Data itemX509Data = keyInfo.itemX509Data(i);
                if (itemX509Data != null) {
                    for (int i2 = 0; i2 < itemX509Data.lengthCertificate(); i2++) {
                        XMLX509Certificate itemCertificate = itemX509Data.itemCertificate(i2);
                        if (itemCertificate != null) {
                            arrayList.add(CertificateUtils.decodeCertificate(itemCertificate.getCertificateBytes()));
                        }
                    }
                }
            } catch (XMLSecurityException | CertificateException e) {
                log.error("Failed to extract X509Certificate from KeyInfo", e);
            }
        }
        return arrayList;
    }

    @Override // se.idsec.sigval.xml.xmlstruct.XMLSignatureContext
    public Document getDocument() {
        return this.document;
    }

    @Override // se.idsec.sigval.xml.xmlstruct.XMLSignatureContext
    public byte[] getDocumentBytes() {
        return this.documentBytes;
    }
}
