package de.governikus.bea.beaToolkit.crypto.sign;

import de.bos_bremen.basecard.common.crypto.Algorithm;
import de.bos_bremen.basecard.common.crypto.UsageRelated;
import de.bos_bremen.commons.base64.Base64;
import de.bos_bremen.gov2.jca_provider.OCFPrivateKey;
import de.governikus.bea.beaToolkit.BeaToolkitContext;
import de.governikus.bea.beaToolkit.util.XML;
import java.io.ByteArrayOutputStream;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.PrivateKey;
import java.security.Signature;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.xml.transform.Transformer;
import javax.xml.transform.TransformerFactory;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.apache.xml.security.Init;
import org.w3c.dom.Document;
import org.w3c.dom.Element;

/* loaded from: input_file:de/governikus/bea/beaToolkit/crypto/sign/CoCoSigner.class */
public class CoCoSigner {
    private static final Map<String, String> SIGNATURE_ALGORITHM_BY_KEY = new HashMap();
    private static final Map<String, String> XML_SIGNATURE_ALGORITHM_BY_KEY = new HashMap();
    private static final String HASH_ALGORITHM = "SHA-256";
    Logger log = LogManager.getLogger(CoCoSigner.class);

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:de/governikus/bea/beaToolkit/crypto/sign/CoCoSigner$AttachmentData.class */
    public static class AttachmentData extends ContentData {
        String externalId;

        /* JADX INFO: Access modifiers changed from: package-private */
        public AttachmentData(String str, String str2, Element element) {
            super(str, element);
            this.externalId = str2;
        }

        public String getExternalId() {
            return this.externalId;
        }

        @Override // de.governikus.bea.beaToolkit.crypto.sign.CoCoSigner.ContentData
        public String toString() {
            return "[Attachment] id: " + this.id + " | externalId: " + this.externalId;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:de/governikus/bea/beaToolkit/crypto/sign/CoCoSigner$ContentData.class */
    public static class ContentData {
        String id;
        Element elem;

        /* JADX INFO: Access modifiers changed from: package-private */
        public ContentData(String str, Element element) {
            this.id = str;
            this.elem = element;
        }

        public String getId() {
            return this.id;
        }

        public Element getElement() {
            return this.elem;
        }

        public String toString() {
            return "[ContentData] id: " + this.id;
        }
    }

    public void signCoco(Document document, OutputStream outputStream, PrivateKey privateKey, String str, List<Attachment> list) throws Exception {
        String str2 = privateKey.getAlgorithm() + getKeySuffix(privateKey);
        List<ContentData> contentData = CoCoUtils.getContentData(document);
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        for (ContentData contentData2 : contentData) {
            if (contentData2 instanceof AttachmentData) {
                AttachmentData attachmentData = (AttachmentData) contentData2;
                String id = attachmentData.getId();
                Iterator<Attachment> it = list.iterator();
                while (true) {
                    if (!it.hasNext()) {
                        this.log.warn("No matching attachment for name '" + id + "' found inside attachment map '" + list + "'.");
                        break;
                    }
                    Attachment next = it.next();
                    if (id.equals(next.getName())) {
                        this.log.debug("Found matching attachment with name '" + id + "' for signing.");
                        Element element = attachmentData.getElement();
                        next.setElementDigest(CoCoUtils.getBase64Digest(("<osci:Content" + " xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\" xmlns:osci=\"http://www.osci.de/2002/04/osci\" xmlns:soap=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:xenc=\"http://www.w3.org/2001/04/xmlenc#\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"" + " Id=\"" + element.getAttribute("Id") + "\" href=\"" + element.getAttribute("href") + "\"></osci:Content>").getBytes(BeaToolkitContext.getInstance().getDefaultEncoding()), HASH_ALGORITHM));
                        arrayList2.add(next);
                        break;
                    }
                }
            } else {
                byte[] binary = Base64.toBinary(contentData2.getElement().getTextContent().trim());
                this.log.debug("Found content with name '" + contentData2.getId() + "' for signing.");
                arrayList.add(new Content(contentData2.getId(), CoCoUtils.getBase64Digest(binary, HASH_ALGORITHM)));
            }
        }
        list.removeAll(arrayList2);
        arrayList2.addAll(list);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        TemplateProcessor.processSignatureInfoTemplate(byteArrayOutputStream, arrayList, arrayList2, XML_SIGNATURE_ALGORITHM_BY_KEY.get(str2));
        byte[] byteArray = byteArrayOutputStream.toByteArray();
        this.log.info("key.getAlgorithm():" + privateKey.getAlgorithm());
        Signature signature = Signature.getInstance(SIGNATURE_ALGORITHM_BY_KEY.get(str2));
        signature.initSign(privateKey);
        signature.update(byteArray);
        byte[] sign = signature.sign();
        ByteArrayOutputStream byteArrayOutputStream2 = new ByteArrayOutputStream();
        TemplateProcessor.processSignatureTemplate(byteArrayOutputStream2, Base64.toBase64String(sign), str, byteArrayOutputStream.toString("UTF-8"));
        TransformerFactory newInstance = TransformerFactory.newInstance();
        XML.setFeatures(newInstance);
        Transformer newTransformer = newInstance.newTransformer();
        ByteArrayOutputStream byteArrayOutputStream3 = new ByteArrayOutputStream();
        newTransformer.transform(new DOMSource(document), new StreamResult(byteArrayOutputStream3));
        String byteArrayOutputStream4 = byteArrayOutputStream3.toString();
        String substring = byteArrayOutputStream4.substring(0, byteArrayOutputStream4.indexOf("</osci:ContentContainer>"));
        String substring2 = byteArrayOutputStream4.substring(byteArrayOutputStream4.indexOf("</osci:ContentContainer>"));
        outputStream.write(substring.getBytes(BeaToolkitContext.getInstance().getDefaultEncoding()));
        outputStream.write(byteArrayOutputStream2.toByteArray());
        outputStream.write(substring2.getBytes(BeaToolkitContext.getInstance().getDefaultEncoding()));
        outputStream.close();
    }

    private String getKeySuffix(PrivateKey privateKey) {
        if (!(privateKey instanceof OCFPrivateKey) || "EC".equals(privateKey.getAlgorithm())) {
            return "";
        }
        Algorithm recommendedAlgorithm = ((OCFPrivateKey) privateKey).getRecommendedAlgorithm(UsageRelated.Usage.SIGNATURE);
        return (recommendedAlgorithm.getAlgorithmName().contains("MGF1") || recommendedAlgorithm.getAlgorithmName().contains("PSS") || BeaToolkitContext.getInstance().getSignatureSchemeJCEJCA().equals("PSS")) ? "" : "old";
    }

    public void signCoco(InputStream inputStream, OutputStream outputStream, PrivateKey privateKey, String str, List<Attachment> list) throws Exception {
        signCoco(CoCoUtils.getDocument(inputStream), outputStream, privateKey, str, list);
    }

    static {
        Init.init();
        SIGNATURE_ALGORITHM_BY_KEY.put("RSA", "SHA256withRSAandMGF1");
        SIGNATURE_ALGORITHM_BY_KEY.put("RSAold", "SHA256withRSA");
        SIGNATURE_ALGORITHM_BY_KEY.put("EC", "SHA256withCVC-ECDSA");
        XML_SIGNATURE_ALGORITHM_BY_KEY.put("RSA", "http://www.w3.org/2007/05/xmldsig-more#sha256-rsa-MGF1");
        XML_SIGNATURE_ALGORITHM_BY_KEY.put("RSAold", "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256");
        XML_SIGNATURE_ALGORITHM_BY_KEY.put("EC", "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256");
    }
}
