package org.gephi.com.itextpdf.text.pdf.security;

import org.gephi.com.itextpdf.text.DocumentException;
import org.gephi.com.itextpdf.text.error_messages.MessageLocalization;
import org.gephi.com.itextpdf.text.pdf.XmlSignatureAppearance;
import org.gephi.java.io.ByteArrayOutputStream;
import org.gephi.java.io.IOException;
import org.gephi.java.io.StringWriter;
import org.gephi.java.lang.Exception;
import org.gephi.java.lang.Object;
import org.gephi.java.lang.String;
import org.gephi.java.lang.StringBuilder;
import org.gephi.java.lang.UnsupportedOperationException;
import org.gephi.java.security.GeneralSecurityException;
import org.gephi.java.security.Key;
import org.gephi.java.security.MessageDigest;
import org.gephi.java.security.PublicKey;
import org.gephi.java.security.cert.Certificate;
import org.gephi.java.security.cert.X509Certificate;
import org.gephi.java.text.SimpleDateFormat;
import org.gephi.java.util.ArrayList;
import org.gephi.java.util.Arrays;
import org.gephi.java.util.Collections;
import org.gephi.java.util.List;
import org.gephi.java.util.UUID;
import org.gephi.javax.xml.crypto.dom.DOMStructure;
import org.gephi.javax.xml.crypto.dsig.DigestMethod;
import org.gephi.javax.xml.crypto.dsig.Reference;
import org.gephi.javax.xml.crypto.dsig.XMLObject;
import org.gephi.javax.xml.crypto.dsig.XMLSignatureFactory;
import org.gephi.javax.xml.crypto.dsig.dom.DOMSignContext;
import org.gephi.javax.xml.crypto.dsig.keyinfo.KeyInfo;
import org.gephi.javax.xml.crypto.dsig.spec.C14NMethodParameterSpec;
import org.gephi.javax.xml.crypto.dsig.spec.DigestMethodParameterSpec;
import org.gephi.javax.xml.crypto.dsig.spec.SignatureMethodParameterSpec;
import org.gephi.javax.xml.crypto.dsig.spec.TransformParameterSpec;
import org.gephi.javax.xml.crypto.dsig.spec.XPathFilter2ParameterSpec;
import org.gephi.javax.xml.crypto.dsig.spec.XPathType;
import org.gephi.javax.xml.transform.Transformer;
import org.gephi.javax.xml.transform.TransformerFactory;
import org.gephi.javax.xml.transform.dom.DOMSource;
import org.gephi.javax.xml.transform.stream.StreamResult;
import org.gephi.org.apache.jcp.xml.dsig.internal.dom.DOMKeyInfoFactory;
import org.gephi.org.apache.jcp.xml.dsig.internal.dom.DOMSignedInfo;
import org.gephi.org.apache.jcp.xml.dsig.internal.dom.DOMUtils;
import org.gephi.org.apache.jcp.xml.dsig.internal.dom.DOMXMLSignature;
import org.gephi.org.apache.jcp.xml.dsig.internal.dom.XMLDSigRI;
import org.gephi.org.apache.xml.security.utils.Base64;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;

/* loaded from: input_file:org/gephi/com/itextpdf/text/pdf/security/MakeXmlSignature.class */
public class MakeXmlSignature extends Object {

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/gephi/com/itextpdf/text/pdf/security/MakeXmlSignature$EmptyKey.class */
    public static class EmptyKey extends Object implements Key {
        private static EmptyKey instance = new EmptyKey();

        private EmptyKey() {
        }

        public static EmptyKey getInstance() {
            return instance;
        }

        public String getAlgorithm() {
            return null;
        }

        public String getFormat() {
            return null;
        }

        public byte[] getEncoded() {
            return new byte[0];
        }
    }

    public static void signXmlDSig(XmlSignatureAppearance xmlSignatureAppearance, ExternalSignature externalSignature, KeyInfo keyInfo) throws GeneralSecurityException, IOException, DocumentException {
        verifyArguments(xmlSignatureAppearance, externalSignature);
        XMLSignatureFactory createSignatureFactory = createSignatureFactory();
        Reference generateContentReference = generateContentReference(createSignatureFactory, xmlSignatureAppearance, null);
        String string = null;
        if (externalSignature.getEncryptionAlgorithm().equals("RSA")) {
            string = "http://www.w3.org/2000/09/xmldsig#rsa-sha1";
        } else if (externalSignature.getEncryptionAlgorithm().equals("DSA")) {
            string = "http://www.w3.org/2000/09/xmldsig#dsa-sha1";
        }
        sign(createSignatureFactory, externalSignature, xmlSignatureAppearance.getXmlLocator(), createSignatureFactory.newSignedInfo(createSignatureFactory.newCanonicalizationMethod("http://www.w3.org/TR/2001/REC-xml-c14n-20010315", (C14NMethodParameterSpec) null), createSignatureFactory.newSignatureMethod(string, (SignatureMethodParameterSpec) null), Collections.singletonList(generateContentReference)), null, keyInfo, null);
        xmlSignatureAppearance.close();
    }

    public static void signXmlDSig(XmlSignatureAppearance xmlSignatureAppearance, ExternalSignature externalSignature, Certificate[] certificateArr) throws DocumentException, GeneralSecurityException, IOException {
        signXmlDSig(xmlSignatureAppearance, externalSignature, generateKeyInfo(certificateArr, xmlSignatureAppearance));
    }

    public static void signXmlDSig(XmlSignatureAppearance xmlSignatureAppearance, ExternalSignature externalSignature, PublicKey publicKey) throws GeneralSecurityException, DocumentException, IOException {
        signXmlDSig(xmlSignatureAppearance, externalSignature, generateKeyInfo(publicKey));
    }

    public static void signXades(XmlSignatureAppearance xmlSignatureAppearance, ExternalSignature externalSignature, Certificate[] certificateArr, boolean z) throws GeneralSecurityException, DocumentException, IOException {
        verifyArguments(xmlSignatureAppearance, externalSignature);
        String string = null;
        if (externalSignature.getEncryptionAlgorithm().equals("RSA")) {
            string = "http://www.w3.org/2000/09/xmldsig#rsa-sha1";
        } else if (externalSignature.getEncryptionAlgorithm().equals("DSA")) {
            string = "http://www.w3.org/2000/09/xmldsig#dsa-sha1";
        }
        String stringBuilder = new StringBuilder().append("Reference-").append(getRandomId()).toString();
        String stringBuilder2 = new StringBuilder().append("SignedProperties-").append(getRandomId()).toString();
        String stringBuilder3 = new StringBuilder().append("Signature-").append(getRandomId()).toString();
        XMLSignatureFactory createSignatureFactory = createSignatureFactory();
        KeyInfo generateKeyInfo = generateKeyInfo(certificateArr, xmlSignatureAppearance);
        String[] stringArr = null;
        if (z) {
            stringArr = new String[2];
            if (string.equals("http://www.w3.org/2000/09/xmldsig#rsa-sha1")) {
                stringArr[0] = "urn:oid:1.2.840.113549.1.1.5";
                stringArr[1] = "RSA (PKCS #1 v1.5) with SHA-1 signature";
            } else {
                stringArr[0] = "urn:oid:1.2.840.10040.4.3";
                stringArr[1] = "ANSI X9.57 DSA signature generated with SHA-1 hash (DSA x9.30)";
            }
        }
        sign(createSignatureFactory, externalSignature, xmlSignatureAppearance.getXmlLocator(), createSignatureFactory.newSignedInfo(createSignatureFactory.newCanonicalizationMethod("http://www.w3.org/TR/2001/REC-xml-c14n-20010315", (C14NMethodParameterSpec) null), createSignatureFactory.newSignatureMethod(string, (SignatureMethodParameterSpec) null), Arrays.asList(new Reference[]{generateCustomReference(createSignatureFactory, new StringBuilder().append("#").append(stringBuilder2).toString(), "http://uri.etsi.org/01903#SignedProperties", null), generateContentReference(createSignatureFactory, xmlSignatureAppearance, stringBuilder)}), (String) null), generateXadesObject(createSignatureFactory, xmlSignatureAppearance, stringBuilder3, stringBuilder, stringBuilder2, stringArr), generateKeyInfo, stringBuilder3);
        xmlSignatureAppearance.close();
    }

    public static void signXadesBes(XmlSignatureAppearance xmlSignatureAppearance, ExternalSignature externalSignature, Certificate[] certificateArr) throws GeneralSecurityException, DocumentException, IOException {
        signXades(xmlSignatureAppearance, externalSignature, certificateArr, false);
    }

    public static void signXadesEpes(XmlSignatureAppearance xmlSignatureAppearance, ExternalSignature externalSignature, Certificate[] certificateArr) throws GeneralSecurityException, DocumentException, IOException {
        signXades(xmlSignatureAppearance, externalSignature, certificateArr, true);
    }

    private static void verifyArguments(XmlSignatureAppearance xmlSignatureAppearance, ExternalSignature externalSignature) throws DocumentException {
        if (xmlSignatureAppearance.getXmlLocator() == null) {
            throw new DocumentException(MessageLocalization.getComposedMessage((String) "xmllocator.cannot.be.null", new Object[0]));
        }
        if (!externalSignature.getHashAlgorithm().equals("SHA1")) {
            throw new UnsupportedOperationException(MessageLocalization.getComposedMessage((String) "support.only.sha1.hash.algorithm", new Object[0]));
        }
        if (!externalSignature.getEncryptionAlgorithm().equals("RSA") && !externalSignature.getEncryptionAlgorithm().equals("DSA")) {
            throw new UnsupportedOperationException(MessageLocalization.getComposedMessage((String) "support.only.rsa.and.dsa.algorithms", new Object[0]));
        }
    }

    private static Element findElement(NodeList nodeList, String string) {
        for (int length = nodeList.getLength() - 1; length >= 0; length--) {
            Node item = nodeList.item(length);
            if (item.getNodeType() == 1 && item.getLocalName().equals(string)) {
                return (Element) item;
            }
        }
        return null;
    }

    private static KeyInfo generateKeyInfo(Certificate[] certificateArr, XmlSignatureAppearance xmlSignatureAppearance) {
        Certificate certificate = certificateArr[0];
        xmlSignatureAppearance.setCertificate(certificate);
        DOMKeyInfoFactory dOMKeyInfoFactory = new DOMKeyInfoFactory();
        return dOMKeyInfoFactory.newKeyInfo(Collections.singletonList(dOMKeyInfoFactory.newX509Data(Collections.singletonList(certificate))));
    }

    private static KeyInfo generateKeyInfo(PublicKey publicKey) throws GeneralSecurityException {
        DOMKeyInfoFactory dOMKeyInfoFactory = new DOMKeyInfoFactory();
        return dOMKeyInfoFactory.newKeyInfo(Collections.singletonList(dOMKeyInfoFactory.newKeyValue(publicKey)));
    }

    private static String getRandomId() {
        return UUID.randomUUID().toString().substring(24);
    }

    private static XMLSignatureFactory createSignatureFactory() {
        return XMLSignatureFactory.getInstance("DOM", new XMLDSigRI());
    }

    private static XMLObject generateXadesObject(XMLSignatureFactory xMLSignatureFactory, XmlSignatureAppearance xmlSignatureAppearance, String string, String string2, String string3, String[] stringArr) throws GeneralSecurityException {
        MessageDigest messageDigest = MessageDigest.getInstance("SHA1");
        X509Certificate certificate = xmlSignatureAppearance.getCertificate();
        Document document = xmlSignatureAppearance.getXmlLocator().getDocument();
        Element createElementNS = document.createElementNS("http://uri.etsi.org/01903/v1.3.2#", "xades:QualifyingProperties");
        createElementNS.setAttribute("Target", new StringBuilder().append("#").append(string).toString());
        Element createElementNS2 = document.createElementNS("http://uri.etsi.org/01903/v1.3.2#", "xades:SignedProperties");
        createElementNS2.setAttribute("Id", string3);
        createElementNS2.setIdAttribute("Id", true);
        Element createElementNS3 = document.createElementNS("http://uri.etsi.org/01903/v1.3.2#", "xades:SignedSignatureProperties");
        Element createElementNS4 = document.createElementNS("http://uri.etsi.org/01903/v1.3.2#", "xades:SigningTime");
        String format = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ssZ").format(xmlSignatureAppearance.getSignDate().getTime());
        createElementNS4.appendChild(document.createTextNode(format.substring(0, format.length() - 2).concat(":").concat(format.substring(format.length() - 2))));
        createElementNS3.appendChild(createElementNS4);
        Element createElementNS5 = document.createElementNS("http://uri.etsi.org/01903/v1.3.2#", "xades:SigningCertificate");
        Element createElementNS6 = document.createElementNS("http://uri.etsi.org/01903/v1.3.2#", "xades:Cert");
        Element createElementNS7 = document.createElementNS("http://uri.etsi.org/01903/v1.3.2#", "xades:CertDigest");
        Element createElementNS8 = document.createElementNS("http://www.w3.org/2000/09/xmldsig#", "DigestMethod");
        createElementNS8.setAttribute("Algorithm", "http://www.w3.org/2000/09/xmldsig#sha1");
        createElementNS7.appendChild(createElementNS8);
        Element createElementNS9 = document.createElementNS("http://www.w3.org/2000/09/xmldsig#", "DigestValue");
        createElementNS9.appendChild(document.createTextNode(Base64.encode(messageDigest.digest(certificate.getEncoded()))));
        createElementNS7.appendChild(createElementNS9);
        createElementNS6.appendChild(createElementNS7);
        if (certificate instanceof X509Certificate) {
            Element createElementNS10 = document.createElementNS("http://uri.etsi.org/01903/v1.3.2#", "xades:IssuerSerial");
            Element createElementNS11 = document.createElementNS("http://www.w3.org/2000/09/xmldsig#", "X509IssuerName");
            createElementNS11.appendChild(document.createTextNode(getX509IssuerName(certificate)));
            createElementNS10.appendChild(createElementNS11);
            Element createElementNS12 = document.createElementNS("http://www.w3.org/2000/09/xmldsig#", "X509SerialNumber");
            createElementNS12.appendChild(document.createTextNode(getX509SerialNumber(certificate)));
            createElementNS10.appendChild(createElementNS12);
            createElementNS6.appendChild(createElementNS10);
        }
        createElementNS5.appendChild(createElementNS6);
        createElementNS3.appendChild(createElementNS5);
        if (stringArr != null) {
            Element createElementNS13 = document.createElementNS("http://uri.etsi.org/01903/v1.3.2#", "xades:SignaturePolicyIdentifier");
            Element createElementNS14 = document.createElementNS("http://uri.etsi.org/01903/v1.3.2#", "xades:SignaturePolicyId");
            Element createElementNS15 = document.createElementNS("http://uri.etsi.org/01903/v1.3.2#", "xades:SigPolicyId");
            Element createElementNS16 = document.createElementNS("http://uri.etsi.org/01903/v1.3.2#", "xades:Identifier");
            createElementNS16.appendChild(document.createTextNode(stringArr[0]));
            createElementNS16.setAttribute("Qualifier", "OIDAsURN");
            createElementNS15.appendChild(createElementNS16);
            Element createElementNS17 = document.createElementNS("http://uri.etsi.org/01903/v1.3.2#", "xades:Description");
            createElementNS17.appendChild(document.createTextNode(stringArr[1]));
            createElementNS15.appendChild(createElementNS17);
            createElementNS14.appendChild(createElementNS15);
            Element createElementNS18 = document.createElementNS("http://uri.etsi.org/01903/v1.3.2#", "xades:SigPolicyHash");
            Element createElementNS19 = document.createElementNS("http://www.w3.org/2000/09/xmldsig#", "DigestMethod");
            createElementNS19.setAttribute("Algorithm", "http://www.w3.org/2000/09/xmldsig#sha1");
            createElementNS18.appendChild(createElementNS19);
            Element createElementNS20 = document.createElementNS("http://www.w3.org/2000/09/xmldsig#", "DigestValue");
            createElementNS20.appendChild(document.createTextNode(Base64.encode(messageDigest.digest(getByteArrayOfNode(createElementNS15)))));
            createElementNS18.appendChild(createElementNS20);
            createElementNS14.appendChild(createElementNS18);
            createElementNS13.appendChild(createElementNS14);
            createElementNS3.appendChild(createElementNS13);
        }
        createElementNS2.appendChild(createElementNS3);
        Element createElement = document.createElement("xades:SignedDataObjectProperties");
        Element createElement2 = document.createElement("xades:DataObjectFormat");
        createElement2.setAttribute("ObjectReference", new StringBuilder().append("#").append(string2).toString());
        String description = xmlSignatureAppearance.getDescription();
        if (description != null) {
            Element createElement3 = document.createElement("xades:Description");
            createElement3.appendChild(document.createTextNode(description));
            createElement2.appendChild(createElement3);
        }
        Element createElement4 = document.createElement("xades:MimeType");
        createElement4.appendChild(document.createTextNode(xmlSignatureAppearance.getMimeType()));
        createElement2.appendChild(createElement4);
        String encoding = xmlSignatureAppearance.getXmlLocator().getEncoding();
        if (encoding != null) {
            Element createElement5 = document.createElement("xades:Encoding");
            createElement5.appendChild(document.createTextNode(encoding));
            createElement2.appendChild(createElement5);
        }
        createElement.appendChild(createElement2);
        createElementNS2.appendChild(createElement);
        createElementNS.appendChild(createElementNS2);
        return xMLSignatureFactory.newXMLObject(Collections.singletonList(new DOMStructure(createElementNS)), (String) null, (String) null, (String) null);
    }

    private static String getX509IssuerName(X509Certificate x509Certificate) {
        return x509Certificate.getIssuerX500Principal().toString();
    }

    private static String getX509SerialNumber(X509Certificate x509Certificate) {
        return x509Certificate.getSerialNumber().toString();
    }

    private static Reference generateContentReference(XMLSignatureFactory xMLSignatureFactory, XmlSignatureAppearance xmlSignatureAppearance, String string) throws GeneralSecurityException {
        DigestMethod newDigestMethod = xMLSignatureFactory.newDigestMethod("http://www.w3.org/2000/09/xmldsig#sha1", (DigestMethodParameterSpec) null);
        ArrayList arrayList = new ArrayList();
        arrayList.add(xMLSignatureFactory.newTransform("http://www.w3.org/2000/09/xmldsig#enveloped-signature", (TransformParameterSpec) null));
        XpathConstructor xpathConstructor = xmlSignatureAppearance.getXpathConstructor();
        if (xpathConstructor != null && xpathConstructor.getXpathExpression().length() > 0) {
            arrayList.add(xMLSignatureFactory.newTransform("http://www.w3.org/2002/06/xmldsig-filter2", new XPathFilter2ParameterSpec(Collections.singletonList(new XPathType(xpathConstructor.getXpathExpression(), XPathType.Filter.INTERSECT)))));
        }
        return xMLSignatureFactory.newReference("", newDigestMethod, arrayList, (String) null, string);
    }

    private static Reference generateCustomReference(XMLSignatureFactory xMLSignatureFactory, String string, String string2, String string3) throws GeneralSecurityException {
        return xMLSignatureFactory.newReference(string, xMLSignatureFactory.newDigestMethod("http://www.w3.org/2000/09/xmldsig#sha1", (DigestMethodParameterSpec) null), (List) null, string2, string3);
    }

    private static void sign(XMLSignatureFactory xMLSignatureFactory, ExternalSignature externalSignature, XmlLocator xmlLocator, DOMSignedInfo dOMSignedInfo, XMLObject xMLObject, KeyInfo keyInfo, String string) throws DocumentException {
        Document document = xmlLocator.getDocument();
        DOMSignContext dOMSignContext = new DOMSignContext(EmptyKey.getInstance(), document.getDocumentElement());
        DOMXMLSignature newXMLSignature = xMLSignatureFactory.newXMLSignature(dOMSignedInfo, keyInfo, xMLObject != null ? Collections.singletonList(xMLObject) : null, string, (String) null);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            newXMLSignature.marshal(dOMSignContext.getParent(), dOMSignContext.getNextSibling(), DOMUtils.getSignaturePrefix(dOMSignContext), dOMSignContext);
            Element findElement = findElement(document.getDocumentElement().getChildNodes(), "Signature");
            if (string != null) {
                findElement.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:xades", "http://uri.etsi.org/01903/v1.3.2#");
            }
            List references = dOMSignedInfo.getReferences();
            for (int i = 0; i < references.size(); i++) {
                references.get(i).digest(dOMSignContext);
            }
            dOMSignedInfo.canonicalize(dOMSignContext, byteArrayOutputStream);
            findElement(findElement.getChildNodes(), "SignatureValue").appendChild(document.createTextNode(Base64.encode(externalSignature.sign(byteArrayOutputStream.toByteArray()))));
            xmlLocator.setDocument(document);
        } catch (Exception e) {
            throw new DocumentException(e);
        }
    }

    private static byte[] getByteArrayOfNode(Node node) {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            StreamResult streamResult = new StreamResult(new StringWriter());
            TransformerFactory newInstance = TransformerFactory.newInstance();
            newInstance.setFeature("http://javax.xml.XMLConstants/feature/secure-processing", true);
            try {
                newInstance.setAttribute("http://javax.xml.XMLConstants/property/accessExternalDTD", "");
            } catch (Exception e) {
            }
            try {
                newInstance.setAttribute("http://javax.xml.XMLConstants/property/accessExternalStylesheet", "");
            } catch (Exception e2) {
            }
            Transformer newTransformer = newInstance.newTransformer();
            newTransformer.setOutputProperty("omit-xml-declaration", "yes");
            newTransformer.transform(new DOMSource(node), streamResult);
            return streamResult.getWriter().toString().getBytes();
        } catch (Exception e3) {
            return byteArrayOutputStream.toByteArray();
        }
    }
}
