package org.apache.poi.poifs.crypt.dsig.facets;

import com.itextpdf.text.pdf.security.SecurityConstants;
import dj.f;
import dj.g;
import dj.m;
import dj.n;
import dj.o;
import dj.u;
import dj.v;
import dj.w;
import java.io.IOException;
import java.math.BigInteger;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import java.util.Optional;
import java.util.function.Supplier;
import javax.xml.crypto.MarshalException;
import org.apache.poi.ooxml.POIXMLTypeLoader;
import org.apache.poi.poifs.crypt.dsig.SignatureConfig;
import org.apache.poi.poifs.crypt.dsig.SignatureInfo;
import org.apache.poi.poifs.crypt.dsig.services.RevocationData;
import org.apache.poi.poifs.crypt.dsig.services.RevocationDataService;
import org.apache.xml.security.c14n.Canonicalizer;
import org.apache.xmlbeans.XmlException;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.x509.Extension;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
import xj.dP.jUUz;
import zh.l;

/* loaded from: classes6.dex */
public class XAdESXLSignatureFacet implements SignatureFacet {
    private static final ki.d LOG = ki.c.e(XAdESXLSignatureFacet.class);
    private final CertificateFactory certificateFactory;

    public XAdESXLSignatureFacet() {
        try {
            this.certificateFactory = CertificateFactory.getInstance("X.509");
        } catch (CertificateException e10) {
            throw new RuntimeException("X509 JCA error: " + e10.getMessage(), e10);
        }
    }

    private void addCertificateValues(v vVar, SignatureConfig signatureConfig) {
        List<X509Certificate> signingCertificateChain = signatureConfig.getSigningCertificateChain();
        if (signingCertificateChain.size() < 2) {
            return;
        }
        vVar.y1();
        try {
            Iterator<X509Certificate> it = signingCertificateChain.subList(1, signingCertificateChain.size()).iterator();
            if (it.hasNext()) {
                it.next();
                throw null;
            }
        } catch (CertificateEncodingException e10) {
            throw new RuntimeException("certificate encoding error: " + e10.getMessage(), e10);
        }
    }

    private void addRevocationCRL(g gVar, SignatureConfig signatureConfig, RevocationData revocationData) {
        if (revocationData.hasCRLs()) {
            gVar.W0();
            gVar.s1(null);
            Iterator<byte[]> it = revocationData.getCRLs().iterator();
            if (it.hasNext()) {
                it.next();
                throw null;
            }
        }
    }

    private void addRevocationOCSP(g gVar, SignatureConfig signatureConfig, RevocationData revocationData) {
        if (revocationData.hasOCSPs()) {
            gVar.y0();
            Iterator<byte[]> it = revocationData.getOCSPs().iterator();
            if (it.hasNext()) {
                it.next();
                try {
                    throw null;
                } catch (Exception e10) {
                    throw new RuntimeException("OCSP decoding error: " + e10.getMessage(), e10);
                }
            }
        }
    }

    private f completeCertificateRefs(v vVar, SignatureConfig signatureConfig) {
        vVar.I();
        throw null;
    }

    private void createRevocationValues(o oVar, RevocationData revocationData) {
        if (revocationData.hasCRLs()) {
            oVar.O();
            Iterator<byte[]> it = revocationData.getCRLs().iterator();
            if (it.hasNext()) {
                it.next();
                throw null;
            }
        }
        if (revocationData.hasOCSPs()) {
            oVar.f0();
            Iterator<byte[]> it2 = revocationData.getOCSPs().iterator();
            if (it2.hasNext()) {
                it2.next();
                throw null;
            }
        }
    }

    private ej.a createValidationData(RevocationData revocationData) {
        ej.a.f17545m0.newInstance().e0();
        if (revocationData.getX509chain().size() > 1) {
            throw null;
        }
        throw null;
    }

    private w createXAdESTimeStamp(SignatureInfo signatureInfo, RevocationData revocationData, Node... nodeArr) {
        SignatureConfig signatureConfig = signatureInfo.getSignatureConfig();
        try {
            signatureConfig.getTspService().timeStamp(signatureInfo, getC14nValue(Arrays.asList(nodeArr), signatureConfig.getXadesCanonicalizationMethod()), revocationData);
            w.f17011k0.newInstance().v0();
            signatureConfig.getXadesCanonicalizationMethod();
            throw null;
        } catch (Exception e10) {
            throw new RuntimeException("error while creating a time-stamp: " + e10.getMessage(), e10);
        }
    }

    private static byte[] getC14nValue(List<Node> list, String str) {
        try {
            l lVar = new l();
            try {
                Iterator<Node> it = list.iterator();
                while (it.hasNext()) {
                    Canonicalizer.getInstance(str).canonicalizeSubtree(it.next(), lVar);
                }
                byte[] i10 = lVar.i();
                lVar.close();
                return i10;
            } finally {
            }
        } catch (RuntimeException e10) {
            throw e10;
        } catch (Exception e11) {
            throw new RuntimeException("c14n error: " + e11.getMessage(), e11);
        }
    }

    private BigInteger getCrlNumber(X509CRL x509crl) {
        byte[] extensionValue = x509crl.getExtensionValue(Extension.cRLNumber.getId());
        if (extensionValue == null) {
            return null;
        }
        try {
            ASN1InputStream aSN1InputStream = new ASN1InputStream(extensionValue);
            try {
                ASN1InputStream aSN1InputStream2 = new ASN1InputStream(aSN1InputStream.readObject().getOctets());
                try {
                    BigInteger positiveValue = aSN1InputStream2.readObject().getPositiveValue();
                    aSN1InputStream2.close();
                    aSN1InputStream.close();
                    return positiveValue;
                } finally {
                }
            } catch (Throwable th2) {
                try {
                    throw th2;
                } finally {
                }
            }
        } catch (IOException e10) {
            throw new RuntimeException(jUUz.Hkn + e10.getMessage(), e10);
        }
    }

    private n getQualProps(NodeList nodeList) {
        if (nodeList.getLength() != 1) {
            throw new MarshalException("no XAdES-BES extension present");
        }
        try {
            return m.f17007g0.parse(nodeList.item(0), POIXMLTypeLoader.DEFAULT_XML_OPTIONS).H();
        } catch (XmlException e10) {
            throw new MarshalException(e10);
        }
    }

    private static /* synthetic */ void lambda$completeCertificateRefs$0(dj.c cVar, SignatureConfig signatureConfig, X509Certificate x509Certificate) {
        cVar.j1();
        XAdESSignatureFacet.setCertID(null, signatureConfig, false, x509Certificate);
    }

    @Override // org.apache.poi.poifs.crypt.dsig.facets.SignatureFacet
    public void postSign(SignatureInfo signatureInfo, Document document) {
        ki.d dVar = LOG;
        dVar.m().h("XAdES-X-L post sign phase");
        SignatureConfig signatureConfig = signatureInfo.getSignatureConfig();
        NodeList elementsByTagNameNS = document.getElementsByTagNameNS("http://uri.etsi.org/01903/v1.3.2#", "QualifyingProperties");
        final n qualProps = getQualProps(elementsByTagNameNS);
        final u uVar = (u) Optional.ofNullable(qualProps.F()).orElseGet(new Supplier() { // from class: org.apache.poi.poifs.crypt.dsig.facets.d
            @Override // java.util.function.Supplier
            public final Object get() {
                return n.this.l();
            }
        });
        v vVar = (v) Optional.ofNullable(uVar.J0()).orElseGet(new Supplier() { // from class: org.apache.poi.poifs.crypt.dsig.facets.e
            @Override // java.util.function.Supplier
            public final Object get() {
                return u.this.r();
            }
        });
        NodeList elementsByTagNameNS2 = document.getElementsByTagNameNS("http://www.w3.org/2000/09/xmldsig#", SecurityConstants.SignatureValue);
        if (elementsByTagNameNS2.getLength() != 1) {
            throw new IllegalArgumentException("SignatureValue is not set.");
        }
        Element element = (Element) elementsByTagNameNS2.item(0);
        RevocationDataService revocationDataService = signatureConfig.getRevocationDataService();
        if (revocationDataService != null) {
            addCertificateValues(vVar, signatureConfig);
        }
        dVar.m().h("creating XAdES-T time-stamp");
        try {
            RevocationData revocationData = new RevocationData();
            w createXAdESTimeStamp = createXAdESTimeStamp(signatureInfo, revocationData, element);
            vVar.k1().set(createXAdESTimeStamp);
            if (revocationData.hasRevocationDataEntries()) {
                XAdESSignatureFacet.insertXChild(vVar, createValidationData(revocationData));
            }
            if (revocationDataService == null) {
                Element element2 = (Element) document.importNode(qualProps.getDomNode(), true);
                NodeList elementsByTagName = element2.getElementsByTagName("TimeStampValidationData");
                for (int i10 = 0; i10 < elementsByTagName.getLength(); i10++) {
                    ((Element) elementsByTagName.item(i10)).setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns", SignatureFacet.XADES_141_NS);
                }
                Node item = elementsByTagNameNS.item(0);
                item.getParentNode().replaceChild(element2, item);
                return;
            }
            completeCertificateRefs(vVar, signatureConfig);
            RevocationData revocationData2 = revocationDataService.getRevocationData(signatureConfig.getSigningCertificateChain());
            vVar.o();
            addRevocationCRL(null, signatureConfig, revocationData2);
            addRevocationOCSP(null, signatureConfig, revocationData2);
            vVar.w();
            createRevocationValues(null, revocationData2);
            dVar.m().h("creating XAdES-X time-stamp");
            new RevocationData();
            createXAdESTimeStamp.getDomNode();
            throw null;
        } catch (CertificateEncodingException e10) {
            throw new MarshalException("unable to create XAdES signatrue", e10);
        }
    }
}
