package org.apache.camel.component.xmlsecurity.api;

import java.io.IOException;
import java.io.StringReader;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.TreeSet;
import java.util.UUID;
import javax.xml.crypto.dom.DOMStructure;
import javax.xml.crypto.dsig.Reference;
import javax.xml.crypto.dsig.XMLObject;
import javax.xml.crypto.dsig.spec.DigestMethodParameterSpec;
import javax.xml.parsers.ParserConfigurationException;
import org.apache.batik.util.XMLConstants;
import org.apache.camel.Message;
import org.apache.camel.component.xmlsecurity.api.XmlSignatureProperties;
import org.apache.camel.util.ObjectHelper;
import org.apache.commons.codec.binary.Base64;
import org.apache.xml.security.utils.Constants;
import org.opensaml.security.x509.X500DNHandler;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Attr;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.NamedNodeMap;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
import org.xml.sax.InputSource;
import org.xml.sax.SAXException;

/* loaded from: input_file:META-INF/repository/fuse-eap-distro-6.3.0.redhat-310-12.zip:modules/system/layers/fuse/org/apache/camel/component/xmlsecurity/main/camel-xmlsecurity-2.17.0.redhat-630310-12.jar:org/apache/camel/component/xmlsecurity/api/XAdESSignatureProperties.class */
public class XAdESSignatureProperties implements XmlSignatureProperties {
    public static final String HTTP_URI_ETSI_ORG_01903_V1_3_2 = "http://uri.etsi.org/01903/v1.3.2#";
    public static final String HTTP_URI_ETSI_ORG_01903_V1_1_1 = "http://uri.etsi.org/01903/v1.1.1#";
    public static final String HTTP_URI_ETSI_ORG_01903_V1_2_2 = "http://uri.etsi.org/01903/v1.2.2#";
    public static final String SIG_POLICY_NONE = "None";
    public static final String SIG_POLICY_IMPLIED = "Implied";
    public static final String SIG_POLICY_EXPLICIT_ID = "ExplicitId";
    private static final Logger LOG = LoggerFactory.getLogger(XAdESSignatureProperties.class);
    private static final Set<String> SIG_POLICY_VALUES = new TreeSet();
    private String sigPolicyId;
    private String sigPolicyIdQualifier;
    private String sigPolicyIdDescription;
    private String signaturePolicyDigestValue;
    private String dataObjectFormatDescription;
    private String dataObjectFormatMimeType;
    private String dataObjectFormatIdentifier;
    private String dataObjectFormatIdentifierQualifier;
    private String dataObjectFormatIdentifierDescription;
    private String signatureProductionPlaceCity;
    private String signatureProductionPlaceStateOrProvince;
    private String signatureProductionPlacePostalCode;
    private String signatureProductionPlaceCountryName;
    private String commitmentTypeId;
    private String commitmentTypeIdQualifier;
    private String commitmentTypeIdDescription;
    private boolean addSigningTime = true;
    private String namespace = HTTP_URI_ETSI_ORG_01903_V1_3_2;
    private String prefix = "etsi";
    private List<String> signingCertificateURIs = Collections.emptyList();
    private String digestAlgorithmForSigningCertificate = "http://www.w3.org/2001/04/xmlenc#sha256";
    private String signaturePolicy = SIG_POLICY_NONE;
    private List<String> sigPolicyIdDocumentationReferences = Collections.emptyList();
    private String signaturePolicyDigestAlgorithm = "http://www.w3.org/2001/04/xmlenc#sha256";
    private List<String> sigPolicyQualifiers = Collections.emptyList();
    private List<String> dataObjectFormatIdentifierDocumentationReferences = Collections.emptyList();
    private List<String> signerClaimedRoles = Collections.emptyList();
    private List<XAdESEncapsulatedPKIData> signerCertifiedRoles = Collections.emptyList();
    private List<String> commitmentTypeIdDocumentationReferences = Collections.emptyList();
    private List<String> commitmentTypeQualifiers = Collections.emptyList();

    public boolean isAddSigningTime() {
        return this.addSigningTime;
    }

    public void setAddSigningTime(boolean z) {
        this.addSigningTime = z;
    }

    public String getNamespace() {
        return this.namespace;
    }

    public void setNamespace(String str) {
        if (str == null) {
            throw new IllegalArgumentException("Parameter 'namespace' is null");
        }
        this.namespace = str;
    }

    protected String findNamespace(Message message) {
        return (String) message.getHeader(XmlSignatureConstants.HEADER_XADES_NAMESPACE, getNamespace(), String.class);
    }

    public String getPrefix() {
        return this.prefix;
    }

    public void setPrefix(String str) {
        this.prefix = str;
    }

    protected String findPrefix(Message message) {
        return (String) message.getHeader(XmlSignatureConstants.HEADER_XADES_PREFIX, getPrefix(), String.class);
    }

    public void setSigningCertificateURIs(List<String> list) {
        if (list == null) {
            throw new IllegalArgumentException("Parameter 'signingCertificateURIs' is null");
        }
        this.signingCertificateURIs = new ArrayList(list);
    }

    public List<String> getSigningCertificateURIs() {
        return this.signingCertificateURIs;
    }

    public String getDigestAlgorithmForSigningCertificate() {
        return this.digestAlgorithmForSigningCertificate;
    }

    public void setDigestAlgorithmForSigningCertificate(String str) {
        this.digestAlgorithmForSigningCertificate = str;
    }

    public String getSignaturePolicy() {
        return this.signaturePolicy;
    }

    public void setSignaturePolicy(String str) {
        if (!SIG_POLICY_VALUES.contains(str)) {
            throw new IllegalArgumentException(String.format("Signature policy '%s' is invalid. Possible values are 'None', 'Implied', and 'ExplicitId'.", str));
        }
        this.signaturePolicy = str;
    }

    public String getSigPolicyId() {
        return this.sigPolicyId;
    }

    public void setSigPolicyId(String str) {
        this.sigPolicyId = str;
    }

    public String getSigPolicyIdQualifier() {
        return this.sigPolicyIdQualifier;
    }

    public void setSigPolicyIdQualifier(String str) {
        this.sigPolicyIdQualifier = str;
    }

    public String getSigPolicyIdDescription() {
        return this.sigPolicyIdDescription;
    }

    public void setSigPolicyIdDescription(String str) {
        this.sigPolicyIdDescription = str;
    }

    public List<String> getSigPolicyIdDocumentationReferences() {
        return this.sigPolicyIdDocumentationReferences;
    }

    public void setSigPolicyIdDocumentationReferences(List<String> list) {
        if (list == null) {
            throw new IllegalArgumentException("Parameter 'sigPolicyIdDocumentationReferences' is null");
        }
        for (String str : list) {
            if (str == null || str.isEmpty()) {
                throw new IllegalArgumentException("At least one documentation reference of the signature policy is null or empty");
            }
        }
        this.sigPolicyIdDocumentationReferences = list;
    }

    public String getSignaturePolicyDigestAlgorithm() {
        return this.signaturePolicyDigestAlgorithm;
    }

    public void setSignaturePolicyDigestAlgorithm(String str) {
        this.signaturePolicyDigestAlgorithm = str;
    }

    public String getSignaturePolicyDigestValue() {
        return this.signaturePolicyDigestValue;
    }

    public void setSignaturePolicyDigestValue(String str) {
        this.signaturePolicyDigestValue = str;
    }

    public List<String> getSigPolicyQualifiers() {
        return this.sigPolicyQualifiers;
    }

    public void setSigPolicyQualifiers(List<String> list) {
        if (list == null) {
            throw new IllegalArgumentException("Parameter 'sigPolicyQualifiers' is null");
        }
        for (String str : list) {
            if (str == null || str.isEmpty()) {
                throw new IllegalArgumentException("At least one of the policy qualifiers is null or empty");
            }
        }
        this.sigPolicyQualifiers = new ArrayList(list);
    }

    public String getDataObjectFormatDescription() {
        return this.dataObjectFormatDescription;
    }

    public void setDataObjectFormatDescription(String str) {
        this.dataObjectFormatDescription = str;
    }

    public String getDataObjectFormatMimeType() {
        return this.dataObjectFormatMimeType;
    }

    public void setDataObjectFormatMimeType(String str) {
        this.dataObjectFormatMimeType = str;
    }

    public String getDataObjectFormatIdentifier() {
        return this.dataObjectFormatIdentifier;
    }

    public void setDataObjectFormatIdentifier(String str) {
        this.dataObjectFormatIdentifier = str;
    }

    public String getDataObjectFormatIdentifierQualifier() {
        return this.dataObjectFormatIdentifierQualifier;
    }

    public void setDataObjectFormatIdentifierQualifier(String str) {
        this.dataObjectFormatIdentifierQualifier = str;
    }

    public String getDataObjectFormatIdentifierDescription() {
        return this.dataObjectFormatIdentifierDescription;
    }

    public void setDataObjectFormatIdentifierDescription(String str) {
        this.dataObjectFormatIdentifierDescription = str;
    }

    public List<String> getDataObjectFormatIdentifierDocumentationReferences() {
        return this.dataObjectFormatIdentifierDocumentationReferences;
    }

    public void setDataObjectFormatIdentifierDocumentationReferences(List<String> list) {
        if (list == null) {
            throw new IllegalArgumentException("Parameter 'dataObjectFormatIdentifierDocumentationReferences' is null");
        }
        for (String str : list) {
            if (str == null || str.isEmpty()) {
                throw new IllegalArgumentException("At least one reference of the identifier of the data object format is null or empty");
            }
        }
        this.dataObjectFormatIdentifierDocumentationReferences = new ArrayList(list);
    }

    public List<String> getSignerClaimedRoles() {
        return this.signerClaimedRoles;
    }

    public void setSignerClaimedRoles(List<String> list) {
        if (list == null) {
            throw new IllegalArgumentException("Parameter 'signerClaimedRoles' is null");
        }
        for (String str : list) {
            if (str == null || str.isEmpty()) {
                throw new IllegalArgumentException("At least one of the signer claimed roles is null or empty");
            }
        }
        this.signerClaimedRoles = new ArrayList(list);
    }

    public List<XAdESEncapsulatedPKIData> getSignerCertifiedRoles() {
        return this.signerCertifiedRoles;
    }

    public void setSignerCertifiedRoles(List<XAdESEncapsulatedPKIData> list) {
        if (list == null) {
            throw new IllegalArgumentException("Parameter 'signerCertifiedRoles' is null");
        }
        Iterator<XAdESEncapsulatedPKIData> it = list.iterator();
        while (it.hasNext()) {
            if (it.next() == null) {
                throw new IllegalArgumentException("At least one of the signer certified roles is null");
            }
        }
        this.signerCertifiedRoles = new ArrayList(list);
    }

    public String getSignatureProductionPlaceCity() {
        return this.signatureProductionPlaceCity;
    }

    public void setSignatureProductionPlaceCity(String str) {
        this.signatureProductionPlaceCity = str;
    }

    public String getSignatureProductionPlaceStateOrProvince() {
        return this.signatureProductionPlaceStateOrProvince;
    }

    public void setSignatureProductionPlaceStateOrProvince(String str) {
        this.signatureProductionPlaceStateOrProvince = str;
    }

    public String getSignatureProductionPlacePostalCode() {
        return this.signatureProductionPlacePostalCode;
    }

    public void setSignatureProductionPlacePostalCode(String str) {
        this.signatureProductionPlacePostalCode = str;
    }

    public String getSignatureProductionPlaceCountryName() {
        return this.signatureProductionPlaceCountryName;
    }

    public void setSignatureProductionPlaceCountryName(String str) {
        this.signatureProductionPlaceCountryName = str;
    }

    public String getCommitmentTypeId() {
        return this.commitmentTypeId;
    }

    public void setCommitmentTypeId(String str) {
        this.commitmentTypeId = str;
    }

    public String getCommitmentTypeIdQualifier() {
        return this.commitmentTypeIdQualifier;
    }

    public void setCommitmentTypeIdQualifier(String str) {
        this.commitmentTypeIdQualifier = str;
    }

    public String getCommitmentTypeIdDescription() {
        return this.commitmentTypeIdDescription;
    }

    public void setCommitmentTypeIdDescription(String str) {
        this.commitmentTypeIdDescription = str;
    }

    public List<String> getCommitmentTypeIdDocumentationReferences() {
        return this.commitmentTypeIdDocumentationReferences;
    }

    public void setCommitmentTypeIdDocumentationReferences(List<String> list) {
        if (list == null) {
            throw new IllegalArgumentException("Parameter 'commitmentTypeIdDocumentationReferences' is null");
        }
        for (String str : list) {
            if (str == null || str.isEmpty()) {
                throw new IllegalArgumentException("At least one documentation reference of the commitment type is null or empty");
            }
        }
        this.commitmentTypeIdDocumentationReferences = new ArrayList(list);
    }

    public List<String> getCommitmentTypeQualifiers() {
        return this.commitmentTypeQualifiers;
    }

    public void setCommitmentTypeQualifiers(List<String> list) {
        if (list == null) {
            throw new IllegalArgumentException("Parameter 'commitmentTypeQualifiers' is null");
        }
        for (String str : list) {
            if (str == null || str.isEmpty()) {
                throw new IllegalArgumentException("At least one qualifier of the commitment type is null or empty");
            }
        }
        this.commitmentTypeQualifiers = new ArrayList(list);
    }

    @Override // org.apache.camel.component.xmlsecurity.api.XmlSignatureProperties
    public XmlSignatureProperties.Output get(XmlSignatureProperties.Input input) throws Exception {
        XmlSignatureProperties.Output output = new XmlSignatureProperties.Output();
        if (!isAddSignedSignatureProperties() && !isAddSignedDataObjectPropeties()) {
            LOG.debug("XAdES signature properties are empty. Therefore no XAdES element will be added to the signature.");
            return output;
        }
        String str = "_" + UUID.randomUUID().toString();
        Reference newReference = input.getSignatureFactory().newReference("#" + str, input.getSignatureFactory().newDigestMethod(input.getContentDigestAlgorithm(), (DigestMethodParameterSpec) null), Collections.emptyList(), "http://uri.etsi.org/01903#SignedProperties", (String) null);
        Node parent = input.getParent();
        Document ownerDocument = 9 == parent.getNodeType() ? (Document) parent : parent.getOwnerDocument();
        Element createElement = createElement("QualifyingProperties", ownerDocument, input);
        setIdAttributeFromHeader(XmlSignatureConstants.HEADER_XADES_QUALIFYING_PROPERTIES_ID, createElement, input);
        String signatureId = input.getSignatureId();
        if (signatureId == null || signatureId.isEmpty()) {
            LOG.debug("No signature Id configured. Therefore a value is generated.");
            signatureId = "_" + UUID.randomUUID().toString();
            output.setSignatureId(signatureId);
        }
        setAttribute(createElement, "Target", "#" + signatureId);
        Element createElement2 = createElement("SignedProperties", ownerDocument, input);
        createElement.appendChild(createElement2);
        setAttribute(createElement2, "Id", str);
        createElement2.setIdAttribute("Id", true);
        addSignedSignatureProperties(ownerDocument, createElement2, input);
        output.setContentReferenceId(addSignedDataObjectProperties(ownerDocument, createElement2, input));
        XMLObject newXMLObject = input.getSignatureFactory().newXMLObject(Collections.singletonList(new DOMStructure(createElement)), (String) null, (String) null, (String) null);
        output.setReferences(Collections.singletonList(newReference));
        output.setObjects(Collections.singletonList(newXMLObject));
        return output;
    }

    protected void setAttribute(Element element, String str, String str2) {
        element.setAttributeNS("", str, str2);
    }

    protected void setIdAttributeFromHeader(String str, Element element, XmlSignatureProperties.Input input) {
        String str2 = (String) input.getMessage().getHeader(str, String.class);
        if (str2 == null || str2.isEmpty()) {
            return;
        }
        setAttribute(element, "Id", str2);
        element.setIdAttribute("Id", true);
    }

    protected String addSignedDataObjectProperties(Document document, Element element, XmlSignatureProperties.Input input) throws XmlSignatureException, SAXException, IOException, ParserConfigurationException {
        if (!isAddSignedDataObjectPropeties()) {
            return null;
        }
        Element createElement = createElement("SignedDataObjectProperties", document, input);
        setIdAttributeFromHeader(XmlSignatureConstants.HEADER_XADES_SIGNED_DATA_OBJECT_PROPERTIES_ID, createElement, input);
        element.appendChild(createElement);
        String addDataObjectFormat = addDataObjectFormat(createElement, document, input);
        addCommitmentTypeIndication(createElement, document, input);
        return addDataObjectFormat;
    }

    protected boolean isAddSignedDataObjectPropeties() {
        return isAddDataObjectFormat() || isAddCommitmentType();
    }

    protected void addCommitmentTypeIndication(Element element, Document document, XmlSignatureProperties.Input input) throws SAXException, IOException, ParserConfigurationException, XmlSignatureException {
        if (isAddCommitmentType()) {
            Element createElement = createElement("CommitmentTypeIndication", document, input);
            element.appendChild(createElement);
            Element createElement2 = createElement("CommitmentTypeId", document, input);
            createElement.appendChild(createElement2);
            Element createElement3 = createElement("Identifier", document, input);
            createElement2.appendChild(createElement3);
            createElement3.setTextContent(getCommitmentTypeId());
            if (getCommitmentTypeIdQualifier() != null && !getCommitmentTypeIdQualifier().isEmpty()) {
                setAttribute(createElement3, "Qualifier", getCommitmentTypeIdQualifier());
            }
            if (getCommitmentTypeIdDescription() != null && !getCommitmentTypeIdDescription().isEmpty()) {
                Element createElement4 = createElement("Description", document, input);
                createElement2.appendChild(createElement4);
                createElement4.setTextContent(getCommitmentTypeIdDescription());
            }
            if (!getCommitmentTypeIdDocumentationReferences().isEmpty()) {
                Element createElement5 = createElement("DocumentationReferences", document, input);
                createElement2.appendChild(createElement5);
                for (String str : getCommitmentTypeIdDocumentationReferences()) {
                    Element createElement6 = createElement("DocumentationReference", document, input);
                    createElement5.appendChild(createElement6);
                    createElement6.setTextContent(str);
                }
            }
            createElement.appendChild(createElement("AllSignedDataObjects", document, input));
            if (getCommitmentTypeQualifiers().isEmpty()) {
                return;
            }
            Element createElement7 = createElement("CommitmentTypeQualifiers", document, input);
            createElement.appendChild(createElement7);
            Iterator<String> it = getCommitmentTypeQualifiers().iterator();
            while (it.hasNext()) {
                createElement7.appendChild(createChildFromXmlFragmentOrText(document, input, "CommitmentTypeQualifier", "The XAdES confguration is invalid. The list of the commitment type qualifiers contains the invalid entry '%s'. An entry must either be a text or an XML fragment with the root element '%s' with the namespace '%s'.", it.next()));
            }
        }
    }

    protected boolean isAddCommitmentType() {
        return (getCommitmentTypeId() == null || getCommitmentTypeId().isEmpty()) ? false : true;
    }

    protected String addDataObjectFormat(Element element, Document document, XmlSignatureProperties.Input input) throws XmlSignatureException {
        if (!isAddDataObjectFormat()) {
            return null;
        }
        Element createElement = createElement("DataObjectFormat", document, input);
        element.appendChild(createElement);
        String str = "_" + UUID.randomUUID().toString();
        setAttribute(createElement, "ObjectReference", str);
        if (getDataObjectFormatDescription() != null && !getDataObjectFormatDescription().isEmpty()) {
            Element createElement2 = createElement("Description", document, input);
            createElement.appendChild(createElement2);
            createElement2.setTextContent(getDataObjectFormatDescription());
        }
        if (getDataObjectFormatIdentifier() != null && !getDataObjectFormatIdentifier().isEmpty()) {
            Element createElement3 = createElement("ObjectIdentifier", document, input);
            createElement.appendChild(createElement3);
            Element createElement4 = createElement("Identifier", document, input);
            createElement3.appendChild(createElement4);
            createElement4.setTextContent(getDataObjectFormatIdentifier());
            if (getDataObjectFormatIdentifierQualifier() != null && !getDataObjectFormatIdentifierQualifier().isEmpty()) {
                setAttribute(createElement4, "Qualifier", getDataObjectFormatIdentifierQualifier());
            }
            if (getDataObjectFormatIdentifierDescription() != null && !getDataObjectFormatIdentifierDescription().isEmpty()) {
                Element createElement5 = createElement("Description", document, input);
                createElement3.appendChild(createElement5);
                createElement5.setTextContent(getDataObjectFormatIdentifierDescription());
            }
            if (!getDataObjectFormatIdentifierDocumentationReferences().isEmpty()) {
                Element createElement6 = createElement("DocumentationReferences", document, input);
                createElement3.appendChild(createElement6);
                for (String str2 : getDataObjectFormatIdentifierDocumentationReferences()) {
                    Element createElement7 = createElement("DocumentationReference", document, input);
                    createElement6.appendChild(createElement7);
                    createElement7.setTextContent(str2);
                }
            }
        }
        if (getDataObjectFormatMimeType() != null && !getDataObjectFormatMimeType().isEmpty()) {
            Element createElement8 = createElement("MimeType", document, input);
            createElement.appendChild(createElement8);
            createElement8.setTextContent(getDataObjectFormatMimeType());
        }
        String str3 = (String) input.getMessage().getHeader(XmlSignatureConstants.HEADER_XADES_DATA_OBJECT_FORMAT_ENCODING, String.class);
        if (str3 != null && !str3.isEmpty()) {
            Element createElement9 = createElement("Encoding", document, input);
            createElement.appendChild(createElement9);
            createElement9.setTextContent(str3);
        }
        return str;
    }

    protected boolean isAddDataObjectFormat() {
        return ((getDataObjectFormatIdentifier() == null || getDataObjectFormatIdentifier().isEmpty()) && (getDataObjectFormatDescription() == null || getDataObjectFormatDescription().isEmpty()) && (getDataObjectFormatMimeType() == null || getDataObjectFormatMimeType().isEmpty())) ? false : true;
    }

    protected void addSignedSignatureProperties(Document document, Element element, XmlSignatureProperties.Input input) throws Exception {
        if (isAddSignedSignatureProperties()) {
            LOG.debug("Adding signed signature properties");
            Element createElement = createElement("SignedSignatureProperties", document, input);
            setIdAttributeFromHeader(XmlSignatureConstants.HEADER_XADES_SIGNED_SIGNATURE_PROPERTIES_ID, createElement, input);
            element.appendChild(createElement);
            addSigningTime(document, createElement, input);
            addSigningCertificate(document, createElement, input);
            addSignaturePolicyIdentifier(document, createElement, input);
            addSignatureProductionPlace(document, createElement, input);
            addSignerRole(document, createElement, input);
        }
    }

    protected boolean isAddSignedSignatureProperties() throws Exception {
        return isAddSigningTime() || getSigningCertificate() != null || (getSigningCertificateChain() != null && getSigningCertificateChain().length > 0) || isAddSignaturePolicy() || isAddSignatureProductionPlace() || isAddSignerRole();
    }

    protected boolean isAddSignerRole() {
        return getSignerClaimedRoles().size() > 0 || getSignerCertifiedRoles().size() > 0;
    }

    protected void addSignatureProductionPlace(Document document, Element element, XmlSignatureProperties.Input input) {
        if (isAddSignatureProductionPlace()) {
            Element createElement = createElement("SignatureProductionPlace", document, input);
            element.appendChild(createElement);
            if (getSignatureProductionPlaceCity() != null && !getSignatureProductionPlaceCity().isEmpty()) {
                LOG.debug("Adding production city");
                Element createElement2 = createElement("City", document, input);
                createElement.appendChild(createElement2);
                createElement2.setTextContent(getSignatureProductionPlaceCity());
            }
            if (getSignatureProductionPlaceStateOrProvince() != null && !getSignatureProductionPlaceStateOrProvince().isEmpty()) {
                LOG.debug("Adding production state or province");
                Element createElement3 = createElement("StateOrProvince", document, input);
                createElement.appendChild(createElement3);
                createElement3.setTextContent(getSignatureProductionPlaceStateOrProvince());
            }
            if (getSignatureProductionPlacePostalCode() != null && !getSignatureProductionPlacePostalCode().isEmpty()) {
                LOG.debug("Adding production postal code");
                Element createElement4 = createElement("PostalCode", document, input);
                createElement.appendChild(createElement4);
                createElement4.setTextContent(getSignatureProductionPlacePostalCode());
            }
            if (getSignatureProductionPlaceCountryName() == null || getSignatureProductionPlaceCountryName().isEmpty()) {
                return;
            }
            LOG.debug("Adding production country name");
            Element createElement5 = createElement("CountryName", document, input);
            createElement.appendChild(createElement5);
            createElement5.setTextContent(getSignatureProductionPlaceCountryName());
        }
    }

    protected boolean isAddSignatureProductionPlace() {
        return ObjectHelper.isNotEmpty(getSignatureProductionPlaceCity()) || ObjectHelper.isNotEmpty(getSignatureProductionPlaceCountryName()) || ObjectHelper.isNotEmpty(getSignatureProductionPlacePostalCode()) || ObjectHelper.isNotEmpty(getSignatureProductionPlaceStateOrProvince());
    }

    protected void addSignerRole(Document document, Element element, XmlSignatureProperties.Input input) throws XmlSignatureException, SAXException, IOException, ParserConfigurationException {
        if (isAddSignerRole()) {
            Element createElement = createElement("SignerRole", document, input);
            element.appendChild(createElement);
            List<String> signerClaimedRoles = getSignerClaimedRoles();
            if (!signerClaimedRoles.isEmpty()) {
                LOG.debug("Adding claimed roles");
                Element createElement2 = createElement("ClaimedRoles", document, input);
                createElement.appendChild(createElement2);
                Iterator<String> it = signerClaimedRoles.iterator();
                while (it.hasNext()) {
                    createElement2.appendChild(createChildFromXmlFragmentOrText(document, input, "ClaimedRole", "The XAdES confguration is invalid. The list of the claimed roles contains the invalid entry '%s'. An entry must either be a text or an XML fragment with the root element '%s' with the namespace '%s'.", it.next()));
                }
            }
            List<XAdESEncapsulatedPKIData> signerCertifiedRoles = getSignerCertifiedRoles();
            if (signerCertifiedRoles.isEmpty()) {
                return;
            }
            LOG.debug("Adding certified roles");
            Element createElement3 = createElement("CertifiedRoles", document, input);
            createElement.appendChild(createElement3);
            for (XAdESEncapsulatedPKIData xAdESEncapsulatedPKIData : signerCertifiedRoles) {
                Element createElement4 = createElement("CertifiedRole", document, input);
                createElement3.appendChild(createElement4);
                createElement4.setTextContent(xAdESEncapsulatedPKIData.getBase64Conent());
                if (xAdESEncapsulatedPKIData.getEncoding() != null && !xAdESEncapsulatedPKIData.getEncoding().isEmpty()) {
                    setAttribute(createElement4, "Encoding", xAdESEncapsulatedPKIData.getEncoding());
                }
                if (xAdESEncapsulatedPKIData.getId() != null && !xAdESEncapsulatedPKIData.getId().isEmpty()) {
                    setAttribute(createElement4, "Id", xAdESEncapsulatedPKIData.getId());
                    createElement4.setIdAttribute("Id", true);
                }
            }
        }
    }

    protected void addSignaturePolicyIdentifier(Document document, Element element, XmlSignatureProperties.Input input) throws XmlSignatureException, SAXException, IOException, ParserConfigurationException {
        if (isAddSignaturePolicy()) {
            Element createElement = createElement("SignaturePolicyIdentifier", document, input);
            element.appendChild(createElement);
            if (SIG_POLICY_IMPLIED.equals(getSignaturePolicy())) {
                LOG.debug("Adding implied signature policy");
                createElement.appendChild(createElement("SignaturePolicyImplied", document, input));
                return;
            }
            if (!SIG_POLICY_EXPLICIT_ID.equals(getSignaturePolicy())) {
                throw new IllegalStateException(String.format("Invalid value '%s' for parameter 'SignaturePolicy'. Possible values are: 'None', 'Implied', and 'ExplictId'.", getSignaturePolicy()));
            }
            LOG.debug("Adding signatue policy ID");
            Element createElement2 = createElement("SignaturePolicyId", document, input);
            createElement.appendChild(createElement2);
            Element createElement3 = createElement("SigPolicyId", document, input);
            createElement2.appendChild(createElement3);
            Element createElement4 = createElement("Identifier", document, input);
            createElement3.appendChild(createElement4);
            if (getSigPolicyId() == null || getSigPolicyId().isEmpty()) {
                throw new XmlSignatureException("The XAdES-EPES confguration is invalid. The signature policy identifier is missing.");
            }
            createElement4.setTextContent(getSigPolicyId());
            if (getSigPolicyIdQualifier() != null && !getSigPolicyIdQualifier().isEmpty()) {
                setAttribute(createElement4, "Qualifier", getSigPolicyIdQualifier());
            }
            if (getSigPolicyIdDescription() != null && !getSigPolicyIdDescription().isEmpty()) {
                Element createElement5 = createElement("Description", document, input);
                createElement3.appendChild(createElement5);
                createElement5.setTextContent(getSigPolicyIdDescription());
            }
            if (!getSigPolicyIdDocumentationReferences().isEmpty()) {
                Element createElement6 = createElement("DocumentationReferences", document, input);
                createElement3.appendChild(createElement6);
                for (String str : getSigPolicyIdDocumentationReferences()) {
                    Element createElement7 = createElement("DocumentationReference", document, input);
                    createElement6.appendChild(createElement7);
                    createElement7.setTextContent(str);
                }
            }
            Element createElement8 = createElement("SigPolicyHash", document, input);
            createElement2.appendChild(createElement8);
            if (getSignaturePolicyDigestAlgorithm() == null || getSignaturePolicyDigestAlgorithm().isEmpty()) {
                throw new XmlSignatureException("The XAdES-EPES confguration is invalid. The digest algorithm for the signature policy is missing.");
            }
            Element createDigSigElement = createDigSigElement("DigestMethod", document, input.getPrefixForXmlSignatureNamespace());
            createElement8.appendChild(createDigSigElement);
            setAttribute(createDigSigElement, "Algorithm", getSignaturePolicyDigestAlgorithm());
            if (getSignaturePolicyDigestValue() == null || getSignaturePolicyDigestValue().isEmpty()) {
                throw new XmlSignatureException("The XAdES-EPES confguration is invalid. The digest value for the signature policy is missing.");
            }
            Element createDigSigElement2 = createDigSigElement(Constants._TAG_DIGESTVALUE, document, input.getPrefixForXmlSignatureNamespace());
            createElement8.appendChild(createDigSigElement2);
            createDigSigElement2.setTextContent(getSignaturePolicyDigestValue());
            if (getSigPolicyQualifiers().isEmpty()) {
                return;
            }
            Element createElement9 = createElement("SigPolicyQualifiers", document, input);
            createElement2.appendChild(createElement9);
            Iterator<String> it = getSigPolicyQualifiers().iterator();
            while (it.hasNext()) {
                createElement9.appendChild(createChildFromXmlFragmentOrText(document, input, "SigPolicyQualifier", "The XAdES confguration is invalid. The list of the signatue policy qualifiers contains the invalid entry '%s'. An entry must either be a text or an XML fragment with the root element '%s' with the namespace '%s'.", it.next()));
            }
        }
    }

    protected Element createChildFromXmlFragmentOrText(Document document, XmlSignatureProperties.Input input, String str, String str2, String str3) throws IOException, ParserConfigurationException, XmlSignatureException {
        Element createElement;
        String str4 = str + ">";
        if (str3.startsWith(XMLConstants.XML_OPEN_TAG_START) && str3.endsWith(str4)) {
            try {
                InputSource inputSource = new InputSource(new StringReader(str3));
                inputSource.setEncoding("UTF-8");
                Document parse = XmlSignatureHelper.newDocumentBuilder(Boolean.TRUE).parse(inputSource);
                replacePrefixes(parse, input);
                createElement = (Element) document.adoptNode(parse.getDocumentElement());
                String findNamespace = findNamespace(input.getMessage());
                if (!findNamespace.equals(createElement.getNamespaceURI())) {
                    throw new XmlSignatureException(String.format("The XAdES confguration is invalid. The root element '%s' of the provided XML fragment '%s' has the invalid namespace '%s'. The correct namespace is '%s'.", createElement.getLocalName(), str3, createElement.getNamespaceURI(), findNamespace));
                }
            } catch (SAXException e) {
                throw new XmlSignatureException(String.format(str2, str3, str, this.namespace), e);
            }
        } else {
            createElement = createElement(str, document, input);
            createElement.setTextContent(str3);
        }
        return createElement;
    }

    protected void replacePrefixes(Document document, XmlSignatureProperties.Input input) {
        Element documentElement = document.getDocumentElement();
        replacePrefix(documentElement, input);
        ArrayList arrayList = new ArrayList();
        for (List<Element> childElements = getChildElements(documentElement); !childElements.isEmpty(); childElements = new ArrayList(arrayList)) {
            arrayList.clear();
            for (Element element : childElements) {
                replacePrefix(element, input);
                arrayList.addAll(getChildElements(element));
            }
        }
    }

    protected List<Element> getChildElements(Element element) {
        ArrayList arrayList = new ArrayList(5);
        NodeList childNodes = element.getChildNodes();
        int length = childNodes.getLength();
        for (int i = 0; i < length; i++) {
            Node item = childNodes.item(i);
            if (1 == item.getNodeType()) {
                arrayList.add((Element) item);
            }
        }
        return arrayList;
    }

    protected void replacePrefix(Element element, XmlSignatureProperties.Input input) {
        replacePrefixForNode(element, input);
        NamedNodeMap attributes = element.getAttributes();
        ArrayList arrayList = new ArrayList(2);
        int length = attributes.getLength();
        for (int i = 0; i < length; i++) {
            Node item = attributes.item(i);
            replacePrefixForNode(item, input);
            if (item.getNodeType() == 2 && (("xmlns".equals(item.getLocalName()) || "xmlns".equals(item.getPrefix())) && ("http://www.w3.org/2000/09/xmldsig#".equals(item.getTextContent()) || findNamespace(input.getMessage()).equals(item.getTextContent())))) {
                arrayList.add((Attr) item);
            }
        }
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            element.removeAttributeNode((Attr) it.next());
        }
    }

    protected void replacePrefixForNode(Node node, XmlSignatureProperties.Input input) {
        if ("http://www.w3.org/2000/09/xmldsig#".equals(node.getNamespaceURI())) {
            node.setPrefix(input.getPrefixForXmlSignatureNamespace());
        } else if (findNamespace(input.getMessage()).equals(node.getNamespaceURI())) {
            node.setPrefix(findPrefix(input.getMessage()));
        }
    }

    protected boolean isAddSignaturePolicy() {
        return !SIG_POLICY_NONE.equals(getSignaturePolicy());
    }

    protected void addSigningCertificate(Document document, Element element, XmlSignatureProperties.Input input) throws Exception {
        if (getSigningCertificate() == null && (getSigningCertificateChain() == null || getSigningCertificateChain().length == 0)) {
            return;
        }
        Element createElement = createElement("SigningCertificate", document, input);
        element.appendChild(createElement);
        if (getSigningCertificate() != null) {
            LOG.debug("Adding signing certificate");
            addCertificate(getSigningCertificate(), createElement, document, 0, input);
            return;
        }
        if (getSigningCertificateChain() == null || getSigningCertificateChain().length <= 0) {
            throw new IllegalStateException("Unexpected exception");
        }
        int i = 0;
        for (X509Certificate x509Certificate : getSigningCertificateChain()) {
            LOG.debug("Adding chain certtificate {}", Integer.valueOf(i));
            addCertificate(x509Certificate, createElement, document, i, input);
            i++;
        }
    }

    protected X509Certificate getSigningCertificate() throws Exception {
        return null;
    }

    protected X509Certificate[] getSigningCertificateChain() throws Exception {
        return null;
    }

    protected void addSigningTime(Document document, Element element, XmlSignatureProperties.Input input) {
        if (isAddSigningTime()) {
            LOG.debug("Adding signing time");
            Element createElement = createElement("SigningTime", document, input);
            element.appendChild(createElement);
            createElement.setTextContent(new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ssXXX").format(new Date()));
        }
    }

    protected void addCertificate(X509Certificate x509Certificate, Element element, Document document, int i, XmlSignatureProperties.Input input) throws CertificateEncodingException, NoSuchAlgorithmException, XmlSignatureException {
        String str;
        Element createElement = createElement("Cert", document, input);
        element.appendChild(createElement);
        String calculateDigest = calculateDigest(getMessageDigestAlgorithm(getDigestAlgorithmForSigningCertificate(), "The digest algorithm '%s' for the signing certificate is invalid"), x509Certificate.getEncoded());
        Element createElement2 = createElement("CertDigest", document, input);
        createElement.appendChild(createElement2);
        Element createDigSigElement = createDigSigElement("DigestMethod", document, input.getPrefixForXmlSignatureNamespace());
        createElement2.appendChild(createDigSigElement);
        setAttribute(createDigSigElement, "Algorithm", getDigestAlgorithmForSigningCertificate());
        Element createDigSigElement2 = createDigSigElement(Constants._TAG_DIGESTVALUE, document, input.getPrefixForXmlSignatureNamespace());
        createElement2.appendChild(createDigSigElement2);
        createDigSigElement2.setTextContent(calculateDigest);
        Element createElement3 = createElement("IssuerSerial", document, input);
        createElement.appendChild(createElement3);
        Element createDigSigElement3 = createDigSigElement("X509IssuerName", document, input.getPrefixForXmlSignatureNamespace());
        createElement3.appendChild(createDigSigElement3);
        createDigSigElement3.setTextContent(x509Certificate.getIssuerX500Principal().getName(X500DNHandler.FORMAT_RFC2253));
        Element createDigSigElement4 = createDigSigElement("X509SerialNumber", document, input.getPrefixForXmlSignatureNamespace());
        createElement3.appendChild(createDigSigElement4);
        createDigSigElement4.setTextContent(x509Certificate.getSerialNumber().toString());
        List<String> signingCertificateURIs = getSigningCertificateURIs();
        if (signingCertificateURIs.isEmpty() || signingCertificateURIs.size() <= i || (str = signingCertificateURIs.get(i)) == null || str.isEmpty()) {
            return;
        }
        setAttribute(createElement, "URI", str);
    }

    protected String getMessageDigestAlgorithm(String str, String str2) throws XmlSignatureException {
        String str3;
        if ("http://www.w3.org/2000/09/xmldsig#sha1".equals(str)) {
            str3 = "SHA-1";
        } else if ("http://www.w3.org/2001/04/xmlenc#sha256".equals(str)) {
            str3 = "SHA-256";
        } else if ("http://www.w3.org/2001/04/xmldsig-more#sha384".equals(str)) {
            str3 = "SHA-384";
        } else {
            if (!"http://www.w3.org/2001/04/xmlenc#sha512".equals(getDigestAlgorithmForSigningCertificate())) {
                throw new XmlSignatureException(String.format(str2, str));
            }
            str3 = "SHA-512";
        }
        return str3;
    }

    protected String calculateDigest(String str, byte[] bArr) throws NoSuchAlgorithmException, CertificateEncodingException {
        return new Base64().encodeAsString(MessageDigest.getInstance(str).digest(bArr));
    }

    protected Element createDigSigElement(String str, Document document, String str2) {
        Element createElementNS = document.createElementNS("http://www.w3.org/2000/09/xmldsig#", str);
        if (str2 != null && !str2.isEmpty()) {
            createElementNS.setPrefix(str2);
        }
        return createElementNS;
    }

    protected Element createElement(String str, Document document, XmlSignatureProperties.Input input) {
        Element createElementNS = document.createElementNS(findNamespace(input.getMessage()), str);
        String findPrefix = findPrefix(input.getMessage());
        if (findPrefix != null && !findPrefix.isEmpty()) {
            createElementNS.setPrefix(findPrefix);
        }
        return createElementNS;
    }

    static {
        SIG_POLICY_VALUES.add(SIG_POLICY_NONE);
        SIG_POLICY_VALUES.add(SIG_POLICY_IMPLIED);
        SIG_POLICY_VALUES.add(SIG_POLICY_EXPLICIT_ID);
    }
}
