package es.juntadeandalucia.afirma.client.util;

import es.juntadeandalucia.afirma.client.AfirmaClient;
import es.juntadeandalucia.afirma.client.AfirmaException;
import es.juntadeandalucia.afirma.client.beans.SignedData;
import es.juntadeandalucia.afirma.client.beans.VerifySignatureResponse;
import es.juntadeandalucia.afirma.client.beans.xml.namespaces.AfirmaArchiveProfileSchemaNS;
import es.juntadeandalucia.afirma.client.beans.xml.namespaces.AfirmaXSSProfileSchemaNS;
import es.juntadeandalucia.afirma.client.beans.xml.namespaces.OasisDssAdesSchemaNS;
import es.juntadeandalucia.afirma.client.beans.xml.namespaces.OasisDssCoreSchemaNS;
import es.juntadeandalucia.afirma.client.beans.xml.namespaces.OasisDssProfilesAsynchronousprocessing;
import es.juntadeandalucia.afirma.client.beans.xml.namespaces.OasisDssSignaturePolicySchemaNS;
import es.juntadeandalucia.afirma.client.beans.xml.namespaces.OasisDssVRSchemaNS;
import es.juntadeandalucia.afirma.client.beans.xml.namespaces.W3CXmldsigNS;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.StringWriter;
import java.io.UnsupportedEncodingException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.text.ParseException;
import java.util.HashMap;
import javax.xml.namespace.NamespaceContext;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.transform.Transformer;
import javax.xml.transform.TransformerConfigurationException;
import javax.xml.transform.TransformerException;
import javax.xml.transform.TransformerFactory;
import javax.xml.transform.TransformerFactoryConfigurationError;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
import javax.xml.xpath.XPath;
import javax.xml.xpath.XPathConstants;
import javax.xml.xpath.XPathExpressionException;
import javax.xml.xpath.XPathFactory;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.ws.commons.util.Base64;
import org.w3c.dom.DOMException;
import org.w3c.dom.Document;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
import org.xml.sax.SAXException;

/* loaded from: input_file:es/juntadeandalucia/afirma/client/util/XPathUtils.class */
public class XPathUtils {
    public static final String HASH_MIME_TYPE = "hash/";
    private static final Log log = LogFactory.getLog(XPathUtils.class);

    public static VerifySignatureResponse generateResponse(String str, String str2, String str3, String str4, String str5, AfirmaClient.XmlSignatureMode xmlSignatureMode, boolean z) throws UnsupportedEncodingException, SAXException, IOException, XPathExpressionException, TransformerException, DOMException, TransformerFactoryConfigurationError, ParserConfigurationException, ParseException, AfirmaException, NoSuchAlgorithmException {
        VerifySignatureResponse verifySignatureResponse = new VerifySignatureResponse();
        log.info("Inicio de parseo de la respuesta");
        Document doc = getDoc(str4);
        XPath xPath = getXPath();
        xPath.setNamespaceContext(getNamespaceContext());
        log.info("Inicio de obtencion de datos mediante XPath");
        verifySignatureResponse.setSignatureForm(evaluateXPath(doc, xPath, "/dss:VerifyResponse/dss:OptionalOutputs/ades:SignatureForm"));
        verifySignatureResponse.setSignatureType(evaluateXPath(doc, xPath, "/dss:VerifyResponse/dss:OptionalOutputs/dss:SignatureType"));
        verifySignatureResponse.setResultMajor(evaluateXPath(doc, xPath, "/dss:VerifyResponse/dss:Result/dss:ResultMajor"));
        verifySignatureResponse.setResultMinor(evaluateXPath(doc, xPath, "/dss:VerifyResponse/dss:Result/dss:ResultMinor"));
        verifySignatureResponse.setResultMessage(evaluateXPath(doc, xPath, "/dss:VerifyResponse/dss:Result/dss:ResultMessage"));
        SignedData buildSignedData = buildSignedData(str, str2, str3, str5, xmlSignatureMode, verifySignatureResponse, doc, xPath, z);
        verifySignatureResponse.setSignedData(buildSignedData);
        if (buildSignedData.getXadesExplicitMatch() == null && ResultMajor.ValidSignature.equalsIgnoreCase(verifySignatureResponse.getResultMajor())) {
            log.info("Firma XADES explicita, se modifica el ResultMajor:urn:oasis:names:tc:dss:1.0:resultmajor:Warning");
            verifySignatureResponse.setResultMajor(ResultMajor.Warning);
            verifySignatureResponse.setResultMinor(ResultMinor.SignedDataNotProvided);
            verifySignatureResponse.setResultMessage("No se han especificado los datos originalmente firmados para validar la firma explícita.");
        } else if (buildSignedData.getXadesExplicitMatch() != null && !buildSignedData.getXadesExplicitMatch().booleanValue() && ResultMajor.ValidSignature.equalsIgnoreCase(verifySignatureResponse.getResultMajor())) {
            log.info("Firma XADES explicita, se modifica el ResultMajor:urn:afirma:dss:1.0:profile:XSS:resultmajor:InvalidSignature");
            verifySignatureResponse.setResultMajor(ResultMajor.InvalidSignature);
            verifySignatureResponse.setResultMinor(ResultMinor.MismatchedSignedData);
            verifySignatureResponse.setResultMessage("Los datos contenidos en la Firma Electrónica no se corresponden con los proporcionados.");
        } else if (buildSignedData.getXadesExplicitMatch() != null && buildSignedData.getXadesExplicitMatch().booleanValue() && ResultMajor.ValidSignature.equalsIgnoreCase(verifySignatureResponse.getResultMajor())) {
            log.info("Firma XADES explicita, se mantiene el ResultMajor:" + verifySignatureResponse.getResultMajor());
            verifySignatureResponse.setResultMessage("La firma es valida");
        } else {
            log.info("Firma CADES o XADES implicita, no se modifica el ResultMajor");
        }
        return verifySignatureResponse;
    }

    private static SignedData buildSignedData(String str, String str2, String str3, String str4, AfirmaClient.XmlSignatureMode xmlSignatureMode, VerifySignatureResponse verifySignatureResponse, Document document, XPath xPath, boolean z) throws XPathExpressionException, DOMException, TransformerFactoryConfigurationError, TransformerConfigurationException, TransformerException, ParserConfigurationException, SAXException, IOException, AfirmaException, NoSuchAlgorithmException {
        SignedData signedData = new SignedData();
        signedData.setMatchSignedFile(false);
        signedData.setXadesExplicitMatch(true);
        boolean z2 = false;
        boolean z3 = false;
        if (StringUtils.isNotBlank(str)) {
            z2 = true;
        } else if (StringUtils.isNotBlank(str2) && StringUtils.isNotBlank(str3)) {
            z3 = true;
        }
        if (SignatureTypes.CAdES.equalsIgnoreCase(verifySignatureResponse.getSignatureType()) || SignatureTypes.CMS.equalsIgnoreCase(verifySignatureResponse.getSignatureType()) || SignatureTypes.CMS_T.equalsIgnoreCase(verifySignatureResponse.getSignatureType())) {
            buildSignedDataBinarySign(document, xPath, signedData);
        } else if ("http://uri.etsi.org/01903/v1.1.1#".equalsIgnoreCase(verifySignatureResponse.getSignatureType()) || "http://uri.etsi.org/01903/v1.2.2#".equalsIgnoreCase(verifySignatureResponse.getSignatureType()) || "http://uri.etsi.org/01903/v1.3.2#".equalsIgnoreCase(verifySignatureResponse.getSignatureType()) || SignatureTypes.XMLSignature.equalsIgnoreCase(verifySignatureResponse.getSignatureType())) {
            buildSignedDataXMLSignature(str, str2, str3, str4, xmlSignatureMode, document, xPath, signedData, z2, z3, z);
        }
        return signedData;
    }

    private static void buildSignedDataXMLSignature(String str, String str2, String str3, String str4, AfirmaClient.XmlSignatureMode xmlSignatureMode, Document document, XPath xPath, SignedData signedData, boolean z, boolean z2, boolean z3) throws XPathExpressionException, DOMException, Base64.DecodingException, ParserConfigurationException, SAXException, IOException, TransformerFactoryConfigurationError, TransformerConfigurationException, TransformerException, NoSuchAlgorithmException {
        String str5 = "";
        switch (xmlSignatureMode) {
            case DETACHED:
                if (z3) {
                    str5 = "//afxp:SignedDataRef[contains(.,\"@Id='CONTENT\")]";
                    break;
                } else {
                    str5 = "//afxp:SignedDataRef[contains(.,'@Id=CONTENT')]";
                    break;
                }
            case ENVELOPING:
                if (z3) {
                    str5 = "//afxp:SignedDataRef[contains(.,\"@Id='Object\")]";
                    break;
                } else {
                    str5 = "//afxp:SignedDataRef[contains(.,'@Id=Object')]";
                    break;
                }
            case ENVELOPED:
                str5 = "//afxp:SignedDataRef[contains(.,'application/xml')]";
                break;
        }
        if (StringUtils.isNotBlank(str5)) {
            NodeList nodeList = (NodeList) xPath.compile(str5).evaluate(document, XPathConstants.NODESET);
            if (nodeList == null || nodeList.getLength() == 0) {
                switch (xmlSignatureMode) {
                    case DETACHED:
                        if (z3) {
                            str5 = "//afxp:SignedDataRef[contains(.,\"@Id='SignedDataElement\")]";
                            break;
                        } else {
                            str5 = "//afxp:SignedDataRef[contains(.,'@Id=SignedDataElement')]";
                            break;
                        }
                    case ENVELOPING:
                        if (z3) {
                            str5 = "//afxp:SignedDataRef[contains(.,\"@Id='SignedDataObject\")]";
                            break;
                        } else {
                            str5 = "//afxp:SignedDataRef[contains(.,'@Id=SignedDataObject')]";
                            break;
                        }
                }
                nodeList = (NodeList) xPath.compile(str5).evaluate(document, XPathConstants.NODESET);
            }
            for (int i = 0; i < nodeList.getLength(); i++) {
                Node item = nodeList.item(i);
                if (item.getNodeType() == 1) {
                    NodeList childNodes = item.getChildNodes();
                    for (int i2 = 0; i2 < childNodes.getLength(); i2++) {
                        Node item2 = childNodes.item(i2);
                        if (item2.getNodeName().equals("afxp:XPath")) {
                            signedData.setxPath(item2.getTextContent());
                        } else if (item2.getNodeName().equals("afxp:Encoding")) {
                            signedData.setEncoding(item2.getTextContent());
                        } else if (item2.getNodeName().equals("afxp:HashAlgorithm")) {
                            signedData.setHashAlgorithm(item2.getTextContent());
                        } else if (item2.getNodeName().equals("afxp:ReferenceType")) {
                            signedData.setReferenceType(item2.getTextContent());
                        } else if (item2.getNodeName().equals("afxp:MimeType")) {
                            signedData.setMimeType(item2.getTextContent());
                        }
                    }
                }
            }
        }
        parseXMLSignature(str, str2, str3, str4, xmlSignatureMode, signedData, z, z2, "", z3);
        log.info("FIN de obtencion de datos mediante XPath");
    }

    private static void parseXMLSignature(String str, String str2, String str3, String str4, AfirmaClient.XmlSignatureMode xmlSignatureMode, SignedData signedData, boolean z, boolean z2, String str5, boolean z3) throws Base64.DecodingException, ParserConfigurationException, SAXException, IOException, XPathExpressionException, DOMException, TransformerFactoryConfigurationError, TransformerConfigurationException, TransformerException, NoSuchAlgorithmException {
        log.info("Inicio de parseo de la firma para obtener los datos firmados");
        String str6 = xmlSignatureMode.equals(AfirmaClient.XmlSignatureMode.ENVELOPING) ? str4 : new String(Base64.decode(str4));
        log.info(str6);
        Document doc = getDoc(str6);
        XPath xPath = getXPath();
        xPath.setNamespaceContext(getNamespaceContext());
        if (xmlSignatureMode.equals(AfirmaClient.XmlSignatureMode.ENVELOPED)) {
            log.info("Examinando firma XADES ENVELOPED");
            log.debug("Eliminando elementos ds:Signature de la firma XADES ENVELOPED");
            NodeList nodeList = (NodeList) xPath.compile("//ds:Signature").evaluate(doc, XPathConstants.NODESET);
            for (int i = 0; i < nodeList.getLength(); i++) {
                Node item = nodeList.item(i);
                item.getParentNode().removeChild(item);
            }
            StringWriter stringWriter = new StringWriter();
            TransformerFactory.newInstance().newTransformer().transform(new DOMSource(doc), new StreamResult(stringWriter));
            log.info("Datos firmados: " + stringWriter.toString());
            signedData.setData(stringWriter.toString());
            return;
        }
        if (!z3) {
            switch (xmlSignatureMode) {
                case DETACHED:
                    log.info("Examinando firma XADES DETACHED");
                    str5 = signedData.getxPath().replace("//", "//CONTENT").replace("@Id=", "@Id=\"").replace("]", "\"]");
                    break;
                case ENVELOPING:
                    log.info("Examinando firma XADES ENVELOPING");
                    str5 = signedData.getxPath().replace("//", "//ds:Object").replace("@Id=", "@Id=\"").replace("]", "\"]");
                    break;
            }
        } else {
            str5 = signedData.getxPath();
        }
        String evaluateXPathElement = evaluateXPathElement(doc, xPath, str5 + "/node()");
        String evaluateXPath = evaluateXPath(doc, xPath, str5 + "/@Encoding");
        signedData.setMimeType(evaluateXPath(doc, xPath, str5 + "/@MimeType"));
        signedData.setEncoding(evaluateXPath);
        signedData.setData(evaluateXPathElement);
        if (StringUtils.isNotBlank(signedData.getMimeType()) && signedData.getMimeType().contains(HASH_MIME_TYPE)) {
            if (z) {
                signedData.setMatchSignedFile(true);
                String substring = signedData.getMimeType().substring(5);
                if (StringUtils.isNotBlank(substring)) {
                    MessageDigest messageDigest = MessageDigest.getInstance(substring.toUpperCase());
                    messageDigest.update(Base64.decode(str));
                    if (signedData.getData().equals(Base64.encode(messageDigest.digest()).trim())) {
                        log.info("Se verifica que el hash del documento aportado coincide con el contenido en la firma");
                        return;
                    } else {
                        signedData.setXadesExplicitMatch(false);
                        return;
                    }
                }
                return;
            }
            if (!z2) {
                signedData.setXadesExplicitMatch(null);
                return;
            }
            String hashDocumentAlgorithm = MappingUtils.getHashDocumentAlgorithm(signedData.getMimeType().substring(5));
            log.info("Se aporta el hash y el algoritmo");
            log.info("Algoritmo del hash contenido en la firma: " + hashDocumentAlgorithm);
            String hashDocumentAlgorithm2 = MappingUtils.getHashDocumentAlgorithm(str3);
            log.info("Algoritmo del hash aportado como parametro: " + hashDocumentAlgorithm2);
            if (!hashDocumentAlgorithm.equalsIgnoreCase(hashDocumentAlgorithm2)) {
                log.error("No coinciden los algoritmos de hash");
                signedData.setXadesExplicitMatch(false);
                return;
            }
            log.info("Coinciden ambos algoritmos");
            log.info("Resumen de datos contenidos en la firma " + signedData.getData());
            log.info("Resumen de datos aportados " + str2);
            if (signedData.getData().equals(str2)) {
                log.info("Coinciden los hash");
                log.info("Se verifica que el HASH aportado como parametro coincide con el hash contenido en la firma");
            } else {
                log.error("No coinciden los hash");
                signedData.setXadesExplicitMatch(false);
            }
        }
    }

    private static void buildSignedDataBinarySign(Document document, XPath xPath, SignedData signedData) throws XPathExpressionException, AfirmaException {
        signedData.setHashAlgorithm(evaluateXPath(document, xPath, "/dss:VerifyResponse/dss:OptionalOutputs/afxp:SignedDataInfo/afxp:DataInfo/dss:DocumentHash/ds:DigestMethod/@Algorithm"));
        signedData.setData(evaluateXPath(document, xPath, "/dss:VerifyResponse/dss:OptionalOutputs/afxp:SignedDataInfo/afxp:DataInfo/afxp:ContentData/afxp:BinaryValue"));
        signedData.setMimeType("");
        signedData.setEncoding("base64");
        signedData.setxPath("");
        if (StringUtils.isBlank(signedData.getData())) {
            signedData.setData(evaluateXPath(document, xPath, "/dss:VerifyResponse/dss:OptionalOutputs/afxp:SignedDataInfo/afxp:DataInfo/dss:DocumentHash/ds:DigestValue"));
            signedData.setMatchSignedFile(true);
            if (StringUtils.isNotBlank(signedData.getHashAlgorithm())) {
                signedData.setMimeType(HASH_MIME_TYPE + MappingUtils.getHashAlgorithm(signedData.getHashAlgorithm()));
            }
        }
    }

    public static String getValuePath(String str, String str2) throws ParserConfigurationException, SAXException, IOException, XPathExpressionException {
        Document doc = getDoc(str);
        XPath xPath = getXPath();
        xPath.setNamespaceContext(getNamespaceContext());
        return evaluateXPath(doc, xPath, str2);
    }

    private static String evaluateXPath(Document document, XPath xPath, String str) throws XPathExpressionException {
        String evaluate = xPath.compile(str).evaluate(document);
        log.info(str + " --> " + evaluate);
        return evaluate;
    }

    private static String evaluateXPathElement(Document document, XPath xPath, String str) throws XPathExpressionException {
        String nodeToString = nodeToString((Node) xPath.evaluate(str, document.getDocumentElement(), XPathConstants.NODE));
        log.info(str + " -- [ELEMENT] --> " + nodeToString);
        return nodeToString;
    }

    private static Document getDoc(String str) throws ParserConfigurationException, SAXException, IOException {
        DocumentBuilderFactory newInstance = DocumentBuilderFactory.newInstance();
        newInstance.setNamespaceAware(true);
        newInstance.setIgnoringComments(true);
        return newInstance.newDocumentBuilder().parse(new ByteArrayInputStream(str.getBytes("UTF-8")));
    }

    private static XPath getXPath() {
        return XPathFactory.newInstance().newXPath();
    }

    private static NamespaceContext getNamespaceContext() {
        HashMap hashMap = new HashMap();
        hashMap.put(OasisDssCoreSchemaNS.prefix, OasisDssCoreSchemaNS.namespace);
        hashMap.put(W3CXmldsigNS.prefix, "http://www.w3.org/2000/09/xmldsig#");
        hashMap.put(OasisDssVRSchemaNS.prefix, OasisDssVRSchemaNS.namespace);
        hashMap.put(AfirmaXSSProfileSchemaNS.prefix, AfirmaXSSProfileSchemaNS.namespace);
        hashMap.put(OasisDssAdesSchemaNS.prefix, OasisDssAdesSchemaNS.namespace);
        hashMap.put(AfirmaArchiveProfileSchemaNS.prefix, AfirmaArchiveProfileSchemaNS.namespace);
        hashMap.put(OasisDssProfilesAsynchronousprocessing.prefix, OasisDssProfilesAsynchronousprocessing.namespace);
        hashMap.put(OasisDssSignaturePolicySchemaNS.prefix, OasisDssSignaturePolicySchemaNS.namespace);
        return new NamespaceContextMap(hashMap);
    }

    private static String nodeToString(Node node) {
        StringWriter stringWriter = new StringWriter();
        try {
            Transformer newTransformer = TransformerFactory.newInstance().newTransformer();
            newTransformer.setOutputProperty("omit-xml-declaration", "yes");
            newTransformer.transform(new DOMSource(node), new StreamResult(stringWriter));
        } catch (TransformerException e) {
            System.out.println("nodeToString Transformer Exception");
        }
        return stringWriter.toString();
    }
}
