package de.bos_bremen.vii.xkms.eu.impl;

import de.bos_bremen.vii.xkms.LocalIdResourceResolver;
import java.security.Key;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import org.apache.xml.security.exceptions.XMLSecurityException;
import org.apache.xml.security.signature.XMLSignature;
import org.apache.xml.security.transforms.Transforms;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.NodeList;

/* loaded from: input_file:de/bos_bremen/vii/xkms/eu/impl/XKMSRequestSigner.class */
public class XKMSRequestSigner {
    public static final String DEFAULT_HASH_ALGO_URI = "http://www.w3.org/2001/04/xmlenc#sha256";
    private final Key key;
    private final X509Certificate certificate;
    private final String signatureAlgoURI;

    public XKMSRequestSigner(KeyStore keyStore, String str, char[] cArr, String str2) throws SecurityException {
        this.key = getKey(keyStore, str, cArr);
        this.certificate = getCertificate(keyStore, str);
        this.signatureAlgoURI = str2;
    }

    private Key getKey(KeyStore keyStore, String str, char[] cArr) throws SecurityException {
        try {
            Key key = keyStore.getKey(str, cArr);
            if (key == null) {
                throw new SecurityException("No key contained for alias " + str);
            }
            return key;
        } catch (Exception e) {
            throw new SecurityException("Cannot get the key from keystore", e);
        }
    }

    private X509Certificate getCertificate(KeyStore keyStore, String str) throws SecurityException {
        try {
            Certificate certificate = keyStore.getCertificate(str);
            if (certificate instanceof X509Certificate) {
                return (X509Certificate) certificate;
            }
            throw new SecurityException("No X509 certificate contained for alias " + str);
        } catch (Exception e) {
            throw new SecurityException("Cannot get the key from keystore", e);
        }
    }

    public void sign(Document document) throws XMLSecurityException {
        Element xKMSCompoundRequestElement = getXKMSCompoundRequestElement(document);
        String xKMSCompoundRequestId = getXKMSCompoundRequestId(document);
        XMLSignature xMLSignature = new XMLSignature(document, xKMSCompoundRequestId, this.signatureAlgoURI, "http://www.w3.org/2001/10/xml-exc-c14n#WithComments");
        xMLSignature.addResourceResolver(new LocalIdResourceResolver(document));
        xKMSCompoundRequestElement.insertBefore(xMLSignature.getElement(), xKMSCompoundRequestElement.getFirstChild());
        Transforms transforms = new Transforms(document);
        transforms.addTransform("http://www.w3.org/2000/09/xmldsig#enveloped-signature");
        transforms.addTransform("http://www.w3.org/2001/10/xml-exc-c14n#WithComments");
        xMLSignature.addDocument("#" + xKMSCompoundRequestId, transforms, DEFAULT_HASH_ALGO_URI);
        xMLSignature.addKeyInfo(this.certificate);
        xMLSignature.addKeyInfo(this.certificate.getPublicKey());
        xMLSignature.sign(this.key);
    }

    private Element getXKMSCompoundRequestElement(Document document) {
        NodeList elementsByTagName = document.getElementsByTagName("xkms:CompoundRequest");
        if (elementsByTagName.getLength() != 1) {
            throw new IllegalArgumentException("Cannot find element xkms:CompoundRequest for signing");
        }
        return (Element) elementsByTagName.item(0);
    }

    private String getXKMSCompoundRequestId(Document document) {
        String attribute = getXKMSCompoundRequestElement(document).getAttribute("Id");
        if (attribute == null || attribute.trim().isEmpty()) {
            throw new IllegalArgumentException("Attribute Id of element xkms:CompoundRequest not set");
        }
        return attribute;
    }
}
