package org.apache.poi.poifs.crypt.dsig.facets;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.Closeable;
import java.io.IOException;
import java.math.BigInteger;
import java.security.cert.CRLException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import java.util.TimeZone;
import java.util.UUID;
import javax.xml.crypto.MarshalException;
import org.apache.poi.POIXMLTypeLoader;
import org.apache.poi.poifs.crypt.dsig.services.RevocationData;
import org.apache.poi.util.IOUtils;
import org.apache.poi.util.POILogFactory;
import org.apache.poi.util.POILogger;
import org.apache.xml.security.c14n.Canonicalizer;
import org.apache.xmlbeans.bt;
import org.b.a.a.a.a;
import org.b.a.a.a.b;
import org.b.a.a.a.c;
import org.b.a.a.a.d;
import org.b.a.a.a.f;
import org.b.a.a.a.g;
import org.b.a.a.a.h;
import org.b.a.a.a.m;
import org.b.a.a.a.n;
import org.b.a.a.a.o;
import org.b.a.a.a.q;
import org.b.a.a.a.s;
import org.b.a.a.a.w;
import org.b.a.a.a.x;
import org.b.a.a.a.y;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.DERTaggedObject;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.cert.ocsp.BasicOCSPResp;
import org.bouncycastle.cert.ocsp.OCSPResp;
import org.etsi.uri.x01903.v14.ValidationDataType;
import org.w3c.dom.Document;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;

/* loaded from: classes2.dex */
public class XAdESXLSignatureFacet extends SignatureFacet {

    /* renamed from: a, reason: collision with root package name */
    private static final POILogger f2196a = POILogFactory.getLogger((Class<?>) XAdESXLSignatureFacet.class);
    private final CertificateFactory b;

    public XAdESXLSignatureFacet() {
        try {
            this.b = CertificateFactory.getInstance("X.509");
        } catch (CertificateException e) {
            throw new RuntimeException("X509 JCA error: " + e.getMessage(), e);
        }
    }

    private static BigInteger a(X509CRL x509crl) {
        ASN1InputStream aSN1InputStream;
        byte[] extensionValue = x509crl.getExtensionValue(Extension.cRLNumber.getId());
        Closeable closeable = null;
        try {
            if (extensionValue == null) {
                return null;
            }
            try {
                aSN1InputStream = new ASN1InputStream(extensionValue);
                try {
                    Closeable aSN1InputStream2 = new ASN1InputStream(aSN1InputStream.readObject().getOctets());
                    try {
                        BigInteger positiveValue = aSN1InputStream2.readObject().getPositiveValue();
                        IOUtils.closeQuietly(aSN1InputStream2);
                        IOUtils.closeQuietly(aSN1InputStream);
                        return positiveValue;
                    } catch (Throwable th) {
                        th = th;
                        closeable = aSN1InputStream2;
                        IOUtils.closeQuietly(closeable);
                        IOUtils.closeQuietly(aSN1InputStream);
                        throw th;
                    }
                } catch (Throwable th2) {
                    th = th2;
                }
            } catch (Throwable th3) {
                th = th3;
                aSN1InputStream = null;
            }
        } catch (IOException e) {
            throw new RuntimeException("I/O error: " + e.getMessage(), e);
        }
    }

    private y a(List<Node> list, RevocationData revocationData) {
        return a(getC14nValue(list, this.signatureConfig.getXadesCanonicalizationMethod()), revocationData);
    }

    private y a(byte[] bArr, RevocationData revocationData) {
        try {
            byte[] timeStamp = this.signatureConfig.getTspService().timeStamp(bArr, revocationData);
            y yVar = (y) POIXMLTypeLoader.newInstance(y.f3532a, null);
            new StringBuilder("time-stamp-").append(UUID.randomUUID());
            this.signatureConfig.getXadesCanonicalizationMethod();
            yVar.a().setByteArrayValue(timeStamp);
            new StringBuilder("time-stamp-token-").append(UUID.randomUUID());
            return yVar;
        } catch (Exception e) {
            throw new RuntimeException("error while creating a time-stamp: " + e.getMessage(), e);
        }
    }

    private static ValidationDataType a(RevocationData revocationData) {
        ValidationDataType newInstance = ValidationDataType.Factory.newInstance();
        a((s) newInstance.addNewRevocationValues(), revocationData);
        return newInstance;
    }

    private static void a(s sVar, RevocationData revocationData) {
        if (revocationData.hasCRLs()) {
            c a2 = sVar.a();
            Iterator<byte[]> it = revocationData.getCRLs().iterator();
            while (it.hasNext()) {
                a2.a().setByteArrayValue(it.next());
            }
        }
        if (revocationData.hasOCSPs()) {
            n b = sVar.b();
            Iterator<byte[]> it2 = revocationData.getOCSPs().iterator();
            while (it2.hasNext()) {
                b.a().setByteArrayValue(it2.next());
            }
        }
    }

    public static byte[] getC14nValue(List<Node> list, String str) {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            Iterator<Node> it = list.iterator();
            while (it.hasNext()) {
                byteArrayOutputStream.write(Canonicalizer.getInstance(str).canonicalizeSubtree(it.next()));
            }
            return byteArrayOutputStream.toByteArray();
        } catch (RuntimeException e) {
            throw e;
        } catch (Exception e2) {
            throw new RuntimeException("c14n error: " + e2.getMessage(), e2);
        }
    }

    @Override // org.apache.poi.poifs.crypt.dsig.facets.SignatureFacet
    public void postSign(Document document) {
        f2196a.log(1, "XAdES-X-L post sign phase");
        NodeList elementsByTagNameNS = document.getElementsByTagNameNS(SignatureFacet.XADES_132_NS, "QualifyingProperties");
        if (elementsByTagNameNS.getLength() != 1) {
            throw new MarshalException("no XAdES-BES extension present");
        }
        try {
            q a2 = ((o) POIXMLTypeLoader.parse(elementsByTagNameNS.item(0), o.f3528a, POIXMLTypeLoader.DEFAULT_XML_OPTIONS)).a();
            w b = a2.b();
            if (b == null) {
                b = a2.c();
            }
            x a3 = b.a();
            if (a3 == null) {
                a3 = b.b();
            }
            NodeList elementsByTagNameNS2 = document.getElementsByTagNameNS(SignatureFacet.XML_DIGSIG_NS, "SignatureValue");
            if (elementsByTagNameNS2.getLength() != 1) {
                throw new IllegalArgumentException("SignatureValue is not set.");
            }
            RevocationData revocationData = new RevocationData();
            f2196a.log(1, "creating XAdES-T time-stamp");
            y a4 = a(Collections.singletonList(elementsByTagNameNS2.item(0)), revocationData);
            a3.a().set(a4);
            if (revocationData.hasRevocationDataEntries()) {
                XAdESSignatureFacet.insertXChild(a3, a(revocationData));
            }
            if (this.signatureConfig.getRevocationDataService() == null) {
                return;
            }
            g b2 = a3.b();
            d a5 = b2.a();
            List<X509Certificate> signingCertificateChain = this.signatureConfig.getSigningCertificateChain();
            int size = signingCertificateChain.size();
            if (size > 1) {
                Iterator<X509Certificate> it = signingCertificateChain.subList(1, size).iterator();
                while (it.hasNext()) {
                    XAdESSignatureFacet.setCertID(a5.a(), this.signatureConfig, false, it.next());
                }
            }
            h c = a3.c();
            RevocationData revocationData2 = this.signatureConfig.getRevocationDataService().getRevocationData(signingCertificateChain);
            if (revocationData2.hasCRLs()) {
                b a6 = c.a();
                Iterator<byte[]> it2 = revocationData2.getCRLs().iterator();
                while (it2.hasNext()) {
                    byte[] next = it2.next();
                    a a7 = a6.a();
                    try {
                        b bVar = a6;
                        X509CRL x509crl = (X509CRL) this.b.generateCRL(new ByteArrayInputStream(next));
                        x509crl.getIssuerDN().getName().replace(",", ", ");
                        Calendar.getInstance(TimeZone.getTimeZone("Z"), Locale.ROOT).setTime(x509crl.getThisUpdate());
                        a(x509crl);
                        XAdESSignatureFacet.setDigestAlgAndValue(a7.a(), next, this.signatureConfig.getDigestAlgo());
                        a6 = bVar;
                        it2 = it2;
                        elementsByTagNameNS = elementsByTagNameNS;
                    } catch (CRLException e) {
                        throw new RuntimeException("CRL parse error: " + e.getMessage(), e);
                    }
                }
            }
            NodeList nodeList = elementsByTagNameNS;
            if (revocationData2.hasOCSPs()) {
                m b3 = c.b();
                for (byte[] bArr : revocationData2.getOCSPs()) {
                    try {
                        XAdESSignatureFacet.setDigestAlgAndValue(b3.a().a(), bArr, this.signatureConfig.getDigestAlgo());
                        BasicOCSPResp basicOCSPResp = (BasicOCSPResp) new OCSPResp(bArr).getResponseObject();
                        Calendar.getInstance(TimeZone.getTimeZone("Z"), Locale.ROOT).setTime(basicOCSPResp.getProducedAt());
                        DERTaggedObject aSN1Primitive = basicOCSPResp.getResponderId().toASN1Primitive().toASN1Primitive();
                        if (2 == aSN1Primitive.getTagNo()) {
                            aSN1Primitive.getObject().getOctets();
                        } else {
                            X500Name.getInstance(aSN1Primitive.getObject());
                        }
                    } catch (Exception e2) {
                        throw new RuntimeException("OCSP decoding error: " + e2.getMessage(), e2);
                    }
                }
            }
            ArrayList arrayList = new ArrayList();
            arrayList.add(elementsByTagNameNS2.item(0));
            arrayList.add(a4.getDomNode());
            arrayList.add(b2.getDomNode());
            arrayList.add(c.getDomNode());
            RevocationData revocationData3 = new RevocationData();
            f2196a.log(1, "creating XAdES-X time-stamp");
            y a8 = a(arrayList, revocationData3);
            if (revocationData3.hasRevocationDataEntries()) {
                XAdESSignatureFacet.insertXChild(a3, a(revocationData3));
            }
            a3.d().set(a8);
            f e3 = a3.e();
            Iterator<X509Certificate> it3 = signingCertificateChain.iterator();
            while (it3.hasNext()) {
                try {
                    e3.a().setByteArrayValue(it3.next().getEncoded());
                } catch (CertificateEncodingException e4) {
                    throw new RuntimeException("certificate encoding error: " + e4.getMessage(), e4);
                }
            }
            a(a3.f(), revocationData2);
            nodeList.item(0).getParentNode().replaceChild(document.importNode(a2.getDomNode(), true), nodeList.item(0));
        } catch (bt e5) {
            throw new MarshalException(e5);
        }
    }
}
