package org.apache.poi.poifs.crypt.dsig.facets;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.cert.CRLException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import java.util.TimeZone;
import java.util.UUID;
import javax.xml.crypto.MarshalException;
import ld.f;
import org.apache.poi.POIXMLTypeLoader;
import org.apache.poi.poifs.crypt.dsig.services.RevocationData;
import org.apache.poi.util.IOUtils;
import org.apache.poi.util.POILogFactory;
import org.apache.poi.util.POILogger;
import org.apache.xml.security.c14n.Canonicalizer;
import org.apache.xml.security.keys.content.x509.XMLX509Certificate;
import org.apache.xml.security.utils.Constants;
import org.apache.xmlbeans.XmlException;
import org.w3c.dom.Document;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
import ue.b;
import ue.c;
import ue.d;
import ue.e;
import ue.g0;
import ue.h0;
import ue.i0;
import ue.j;
import ue.k;
import ue.n;
import ue.q;
import ue.r;
import ue.s;
import ue.t;
import ue.v;
import ue.w;
import ue.y;
import ve.a;
import wc.g;
import wc.h;
import wc.l;

/* loaded from: classes6.dex */
public class XAdESXLSignatureFacet extends SignatureFacet {
    private static final POILogger LOG = POILogFactory.getLogger((Class<?>) XAdESXLSignatureFacet.class);
    private final CertificateFactory certificateFactory;

    public XAdESXLSignatureFacet() {
        try {
            this.certificateFactory = CertificateFactory.getInstance(XMLX509Certificate.JCA_CERT_ID);
        } catch (CertificateException e10) {
            throw new RuntimeException("X509 JCA error: " + e10.getMessage(), e10);
        }
    }

    private void createRevocationValues(y yVar, RevocationData revocationData) {
        if (revocationData.hasCRLs()) {
            e s02 = yVar.s0();
            Iterator<byte[]> it = revocationData.getCRLs().iterator();
            while (it.hasNext()) {
                s02.T0().setByteArrayValue(it.next());
            }
        }
        if (revocationData.hasOCSPs()) {
            t J0 = yVar.J0();
            Iterator<byte[]> it2 = revocationData.getOCSPs().iterator();
            while (it2.hasNext()) {
                J0.M().setByteArrayValue(it2.next());
            }
        }
    }

    private a createValidationData(RevocationData revocationData) {
        a a10 = a.C0406a.a();
        createRevocationValues(a10.g(), revocationData);
        return a10;
    }

    private i0 createXAdESTimeStamp(List<Node> list, RevocationData revocationData) {
        return createXAdESTimeStamp(getC14nValue(list, this.signatureConfig.getXadesCanonicalizationMethod()), revocationData);
    }

    private i0 createXAdESTimeStamp(byte[] bArr, RevocationData revocationData) {
        try {
            byte[] timeStamp = this.signatureConfig.getTspService().timeStamp(bArr, revocationData);
            i0 a10 = i0.a.a();
            a10.setId("time-stamp-" + UUID.randomUUID());
            a10.j1().v(this.signatureConfig.getXadesCanonicalizationMethod());
            n j22 = a10.j2();
            j22.setByteArrayValue(timeStamp);
            j22.setId("time-stamp-token-" + UUID.randomUUID());
            return a10;
        } catch (Exception e10) {
            throw new RuntimeException("error while creating a time-stamp: " + e10.getMessage(), e10);
        }
    }

    public static byte[] getC14nValue(List<Node> list, String str) {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            Iterator<Node> it = list.iterator();
            while (it.hasNext()) {
                byteArrayOutputStream.write(Canonicalizer.getInstance(str).canonicalizeSubtree(it.next()));
            }
            return byteArrayOutputStream.toByteArray();
        } catch (RuntimeException e10) {
            throw e10;
        } catch (Exception e11) {
            throw new RuntimeException("c14n error: " + e11.getMessage(), e11);
        }
    }

    private BigInteger getCrlNumber(X509CRL x509crl) {
        g gVar;
        byte[] extensionValue = x509crl.getExtensionValue(f.I0.m());
        g gVar2 = null;
        try {
            if (extensionValue == null) {
                return null;
            }
            try {
                gVar = new g(extensionValue);
                try {
                    g gVar3 = new g(((l) gVar.t()).l());
                    try {
                        BigInteger l10 = ((h) gVar3.t()).l();
                        IOUtils.closeQuietly(gVar3);
                        IOUtils.closeQuietly(gVar);
                        return l10;
                    } catch (Throwable th) {
                        th = th;
                        gVar2 = gVar3;
                        IOUtils.closeQuietly(gVar2);
                        IOUtils.closeQuietly(gVar);
                        throw th;
                    }
                } catch (Throwable th2) {
                    th = th2;
                }
            } catch (Throwable th3) {
                th = th3;
                gVar = null;
            }
        } catch (IOException e10) {
            throw new RuntimeException("I/O error: " + e10.getMessage(), e10);
        }
    }

    @Override // org.apache.poi.poifs.crypt.dsig.facets.SignatureFacet
    public void postSign(Document document) throws MarshalException {
        POILogger pOILogger = LOG;
        pOILogger.log(1, "XAdES-X-L post sign phase");
        NodeList elementsByTagNameNS = document.getElementsByTagNameNS(SignatureFacet.XADES_132_NS, "QualifyingProperties");
        if (elementsByTagNameNS.getLength() != 1) {
            throw new MarshalException("no XAdES-BES extension present");
        }
        try {
            w n02 = v.a.b(elementsByTagNameNS.item(0), POIXMLTypeLoader.DEFAULT_XML_OPTIONS).n0();
            g0 i02 = n02.i0();
            if (i02 == null) {
                i02 = n02.G();
            }
            h0 I1 = i02.I1();
            if (I1 == null) {
                I1 = i02.Q();
            }
            NodeList elementsByTagNameNS2 = document.getElementsByTagNameNS("http://www.w3.org/2000/09/xmldsig#", Constants._TAG_SIGNATUREVALUE);
            if (elementsByTagNameNS2.getLength() != 1) {
                throw new IllegalArgumentException("SignatureValue is not set.");
            }
            RevocationData revocationData = new RevocationData();
            pOILogger.log(1, "creating XAdES-T time-stamp");
            i0 createXAdESTimeStamp = createXAdESTimeStamp(Collections.singletonList(elementsByTagNameNS2.item(0)), revocationData);
            I1.l2().set(createXAdESTimeStamp);
            if (revocationData.hasRevocationDataEntries()) {
                XAdESSignatureFacet.insertXChild(I1, createValidationData(revocationData));
            }
            if (this.signatureConfig.getRevocationDataService() == null) {
                return;
            }
            j o02 = I1.o0();
            ue.f U0 = o02.U0();
            List<X509Certificate> signingCertificateChain = this.signatureConfig.getSigningCertificateChain();
            int size = signingCertificateChain.size();
            if (size > 1) {
                Iterator<X509Certificate> it = signingCertificateChain.subList(1, size).iterator();
                while (it.hasNext()) {
                    XAdESSignatureFacet.setCertID(U0.g2(), this.signatureConfig, false, it.next());
                }
            }
            k L = I1.L();
            RevocationData revocationData2 = this.signatureConfig.getRevocationDataService().getRevocationData(signingCertificateChain);
            if (revocationData2.hasCRLs()) {
                d Y1 = L.Y1();
                L.v0(Y1);
                for (Iterator<byte[]> it2 = revocationData2.getCRLs().iterator(); it2.hasNext(); it2 = it2) {
                    byte[] next = it2.next();
                    c e12 = Y1.e1();
                    try {
                        d dVar = Y1;
                        X509CRL x509crl = (X509CRL) this.certificateFactory.generateCRL(new ByteArrayInputStream(next));
                        b m22 = e12.m2();
                        m22.Z0(x509crl.getIssuerDN().getName().replace(",", ", "));
                        Calendar calendar = Calendar.getInstance(TimeZone.getTimeZone("Z"), Locale.ROOT);
                        calendar.setTime(x509crl.getThisUpdate());
                        m22.O0(calendar);
                        m22.H(getCrlNumber(x509crl));
                        XAdESSignatureFacet.setDigestAlgAndValue(e12.n(), next, this.signatureConfig.getDigestAlgo());
                        Y1 = dVar;
                        elementsByTagNameNS = elementsByTagNameNS;
                    } catch (CRLException e10) {
                        throw new RuntimeException("CRL parse error: " + e10.getMessage(), e10);
                    }
                }
            }
            NodeList nodeList = elementsByTagNameNS;
            if (revocationData2.hasOCSPs()) {
                s q12 = L.q1();
                for (byte[] bArr : revocationData2.getOCSPs()) {
                    try {
                        r r12 = q12.r1();
                        XAdESSignatureFacet.setDigestAlgAndValue(r12.n(), bArr, this.signatureConfig.getDigestAlgo());
                        q z22 = r12.z2();
                        od.a aVar = (od.a) new od.b(bArr).a();
                        Calendar calendar2 = Calendar.getInstance(TimeZone.getTimeZone("Z"), Locale.ROOT);
                        calendar2.setTime(aVar.a());
                        z22.B2(calendar2);
                        z22.W0();
                        aVar.b();
                    } catch (Exception e11) {
                        throw new RuntimeException("OCSP decoding error: " + e11.getMessage(), e11);
                    }
                }
            }
            ArrayList arrayList = new ArrayList();
            arrayList.add(elementsByTagNameNS2.item(0));
            arrayList.add(createXAdESTimeStamp.getDomNode());
            arrayList.add(o02.getDomNode());
            arrayList.add(L.getDomNode());
            RevocationData revocationData3 = new RevocationData();
            LOG.log(1, "creating XAdES-X time-stamp");
            i0 createXAdESTimeStamp2 = createXAdESTimeStamp(arrayList, revocationData3);
            if (revocationData3.hasRevocationDataEntries()) {
                XAdESSignatureFacet.insertXChild(I1, createValidationData(revocationData3));
            }
            I1.m0().set(createXAdESTimeStamp2);
            ue.h I2 = I1.I2();
            Iterator<X509Certificate> it3 = signingCertificateChain.iterator();
            while (it3.hasNext()) {
                try {
                    I2.M1().setByteArrayValue(it3.next().getEncoded());
                } catch (CertificateEncodingException e13) {
                    throw new RuntimeException("certificate encoding error: " + e13.getMessage(), e13);
                }
            }
            createRevocationValues(I1.g(), revocationData2);
            nodeList.item(0).getParentNode().replaceChild(document.importNode(n02.getDomNode(), true), nodeList.item(0));
        } catch (XmlException e14) {
            throw new MarshalException(e14);
        }
    }
}
