package org.apache.poi.poifs.crypt.dsig.facets;

import c.a;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.math.BigInteger;
import java.security.cert.CRLException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.UUID;
import javax.xml.crypto.MarshalException;
import org.apache.poi.poifs.crypt.dsig.services.RevocationData;
import org.apache.poi.util.POILogFactory;
import org.apache.poi.util.POILogger;
import org.apache.xml.security.c14n.Canonicalizer;
import org.apache.xmlbeans.XmlBeans;
import org.apache.xmlbeans.XmlException;
import org.apache.xmlbeans.XmlOptions;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.DERTaggedObject;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.cert.ocsp.BasicOCSPResp;
import org.bouncycastle.cert.ocsp.OCSPResp;
import org.etsi.uri.x01903.v14.ValidationDataType;
import org.w3c.dom.Document;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
import zy.b;
import zy.c;
import zy.d;
import zy.e;
import zy.g;
import zy.h;
import zy.i;
import zy.k;
import zy.m;
import zy.n;
import zy.o;
import zy.p;
import zy.q;
import zy.r;
import zy.s;
import zy.t;
import zy.x;
import zy.y;
import zy.z;

/* loaded from: classes3.dex */
public class XAdESXLSignatureFacet extends SignatureFacet {
    private static final POILogger LOG = POILogFactory.getLogger((Class<?>) XAdESXLSignatureFacet.class);
    private final CertificateFactory certificateFactory;

    public XAdESXLSignatureFacet() {
        try {
            this.certificateFactory = CertificateFactory.getInstance("X.509");
        } catch (CertificateException e10) {
            StringBuilder b10 = a.b("X509 JCA error: ");
            b10.append(e10.getMessage());
            throw new RuntimeException(b10.toString(), e10);
        }
    }

    private void createRevocationValues(t tVar, RevocationData revocationData) {
        if (revocationData.hasCRLs()) {
            d r10 = tVar.r();
            Iterator<byte[]> it2 = revocationData.getCRLs().iterator();
            while (it2.hasNext()) {
                r10.v().setByteArrayValue(it2.next());
            }
        }
        if (revocationData.hasOCSPs()) {
            p t10 = tVar.t();
            Iterator<byte[]> it3 = revocationData.getOCSPs().iterator();
            while (it3.hasNext()) {
                t10.h().setByteArrayValue(it3.next());
            }
        }
    }

    private ValidationDataType createValidationData(RevocationData revocationData) {
        ValidationDataType newInstance = ValidationDataType.Factory.newInstance();
        createRevocationValues(newInstance.addNewRevocationValues(), revocationData);
        return newInstance;
    }

    private z createXAdESTimeStamp(List<Node> list, RevocationData revocationData) {
        return createXAdESTimeStamp(getC14nValue(list, this.signatureConfig.getXadesCanonicalizationMethod()), revocationData);
    }

    private z createXAdESTimeStamp(byte[] bArr, RevocationData revocationData) {
        try {
            byte[] timeStamp = this.signatureConfig.getTspService().timeStamp(bArr, revocationData);
            z zVar = (z) XmlBeans.getContextTypeLoader().newInstance(z.f49782q0, null);
            StringBuilder b10 = a.b("time-stamp-");
            b10.append(UUID.randomUUID().toString());
            zVar.setId(b10.toString());
            zVar.A().b(this.signatureConfig.getXadesCanonicalizationMethod());
            k O = zVar.O();
            O.setByteArrayValue(timeStamp);
            StringBuilder b11 = a.b("time-stamp-token-");
            b11.append(UUID.randomUUID().toString());
            O.setId(b11.toString());
            return zVar;
        } catch (Exception e10) {
            StringBuilder b12 = a.b("error while creating a time-stamp: ");
            b12.append(e10.getMessage());
            throw new RuntimeException(b12.toString(), e10);
        }
    }

    public static byte[] getC14nValue(List<Node> list, String str) {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            Iterator<Node> it2 = list.iterator();
            while (it2.hasNext()) {
                byteArrayOutputStream.write(Canonicalizer.getInstance(str).canonicalizeSubtree(it2.next()));
            }
            return byteArrayOutputStream.toByteArray();
        } catch (RuntimeException e10) {
            throw e10;
        } catch (Exception e11) {
            StringBuilder b10 = a.b("c14n error: ");
            b10.append(e11.getMessage());
            throw new RuntimeException(b10.toString(), e11);
        }
    }

    private BigInteger getCrlNumber(X509CRL x509crl) {
        try {
            byte[] extensionValue = x509crl.getExtensionValue(Extension.cRLNumber.getId());
            if (extensionValue == null) {
                return null;
            }
            return new ASN1InputStream(new ASN1InputStream(extensionValue).readObject().getOctets()).readObject().getPositiveValue();
        } catch (Exception e10) {
            StringBuilder b10 = a.b("I/O error: ");
            b10.append(e10.getMessage());
            throw new RuntimeException(b10.toString(), e10);
        }
    }

    @Override // org.apache.poi.poifs.crypt.dsig.facets.SignatureFacet
    public void postSign(Document document) throws MarshalException {
        POILogger pOILogger = LOG;
        pOILogger.log(1, "XAdES-X-L post sign phase");
        NodeList elementsByTagNameNS = document.getElementsByTagNameNS(SignatureFacet.XADES_132_NS, "QualifyingProperties");
        if (elementsByTagNameNS.getLength() != 1) {
            throw new MarshalException("no XAdES-BES extension present");
        }
        try {
            r o10 = ((q) XmlBeans.getContextTypeLoader().parse(elementsByTagNameNS.item(0), q.f49780o0, (XmlOptions) null)).o();
            x k10 = o10.k();
            if (k10 == null) {
                k10 = o10.d();
            }
            y G = k10.G();
            if (G == null) {
                G = k10.i();
            }
            NodeList elementsByTagNameNS2 = document.getElementsByTagNameNS(SignatureFacet.XML_DIGSIG_NS, "SignatureValue");
            if (elementsByTagNameNS2.getLength() != 1) {
                throw new IllegalArgumentException("SignatureValue is not set.");
            }
            RevocationData revocationData = new RevocationData();
            pOILogger.log(1, "creating XAdES-T time-stamp");
            z createXAdESTimeStamp = createXAdESTimeStamp(Collections.singletonList(elementsByTagNameNS2.item(0)), revocationData);
            G.P().set(createXAdESTimeStamp);
            if (revocationData.hasRevocationDataEntries()) {
                XAdESSignatureFacet.insertXChild(G, createValidationData(revocationData));
            }
            if (this.signatureConfig.getRevocationDataService() == null) {
                return;
            }
            h p10 = G.p();
            e w10 = p10.w();
            List<X509Certificate> signingCertificateChain = this.signatureConfig.getSigningCertificateChain();
            int size = signingCertificateChain.size();
            if (size > 1) {
                Iterator<X509Certificate> it2 = signingCertificateChain.subList(1, size).iterator();
                while (it2.hasNext()) {
                    XAdESSignatureFacet.setCertID(w10.N(), this.signatureConfig, false, it2.next());
                }
            }
            i g10 = G.g();
            RevocationData revocationData2 = this.signatureConfig.getRevocationDataService().getRevocationData(signingCertificateChain);
            if (revocationData2.hasCRLs()) {
                c K = g10.K();
                g10.l(K);
                Iterator<byte[]> it3 = revocationData2.getCRLs().iterator();
                while (it3.hasNext()) {
                    byte[] next = it3.next();
                    b z10 = K.z();
                    try {
                        c cVar = K;
                        X509CRL x509crl = (X509CRL) this.certificateFactory.generateCRL(new ByteArrayInputStream(next));
                        zy.a Q = z10.Q();
                        Iterator<byte[]> it4 = it3;
                        Q.y(x509crl.getIssuerDN().getName().replace(",", ", "));
                        Calendar calendar = Calendar.getInstance();
                        calendar.setTime(x509crl.getThisUpdate());
                        Q.u(calendar);
                        Q.e(getCrlNumber(x509crl));
                        XAdESSignatureFacet.setDigestAlgAndValue(z10.a(), next, this.signatureConfig.getDigestAlgo());
                        K = cVar;
                        elementsByTagNameNS = elementsByTagNameNS;
                        it3 = it4;
                    } catch (CRLException e10) {
                        StringBuilder b10 = a.b("CRL parse error: ");
                        b10.append(e10.getMessage());
                        throw new RuntimeException(b10.toString(), e10);
                    }
                }
            }
            NodeList nodeList = elementsByTagNameNS;
            if (revocationData2.hasOCSPs()) {
                o B = g10.B();
                for (byte[] bArr : revocationData2.getOCSPs()) {
                    try {
                        n C = B.C();
                        XAdESSignatureFacet.setDigestAlgAndValue(C.a(), bArr, this.signatureConfig.getDigestAlgo());
                        m W = C.W();
                        BasicOCSPResp basicOCSPResp = (BasicOCSPResp) new OCSPResp(bArr).getResponseObject();
                        Calendar calendar2 = Calendar.getInstance();
                        calendar2.setTime(basicOCSPResp.getProducedAt());
                        W.X(calendar2);
                        s x4 = W.x();
                        DERTaggedObject aSN1Primitive = basicOCSPResp.getResponderId().toASN1Object().toASN1Primitive();
                        if (2 == aSN1Primitive.getTagNo()) {
                            x4.J(aSN1Primitive.getObject().getOctets());
                        } else {
                            x4.q(X500Name.getInstance(aSN1Primitive.getObject()).toString());
                        }
                    } catch (Exception e11) {
                        StringBuilder b11 = a.b("OCSP decoding error: ");
                        b11.append(e11.getMessage());
                        throw new RuntimeException(b11.toString(), e11);
                    }
                }
            }
            ArrayList arrayList = new ArrayList();
            arrayList.add(elementsByTagNameNS2.item(0));
            arrayList.add(createXAdESTimeStamp.getDomNode());
            arrayList.add(p10.getDomNode());
            arrayList.add(g10.getDomNode());
            RevocationData revocationData3 = new RevocationData();
            LOG.log(1, "creating XAdES-X time-stamp");
            z createXAdESTimeStamp2 = createXAdESTimeStamp(arrayList, revocationData3);
            if (revocationData3.hasRevocationDataEntries()) {
                XAdESSignatureFacet.insertXChild(G, createValidationData(revocationData3));
            }
            G.n().set(createXAdESTimeStamp2);
            g Z = G.Z();
            for (X509Certificate x509Certificate : signingCertificateChain) {
                try {
                    Z.I().setByteArrayValue(x509Certificate.getEncoded());
                } catch (CertificateEncodingException e12) {
                    StringBuilder b12 = a.b("certificate encoding error: ");
                    b12.append(e12.getMessage());
                    throw new RuntimeException(b12.toString(), e12);
                }
            }
            createRevocationValues(G.j(), revocationData2);
            nodeList.item(0).getParentNode().replaceChild(document.importNode(o10.getDomNode(), true), nodeList.item(0));
        } catch (XmlException e13) {
            throw new MarshalException(e13);
        }
    }
}
