package org.apache.poi.poifs.crypt.dsig;

import java.io.IOException;
import java.io.OutputStream;
import java.security.GeneralSecurityException;
import java.security.PrivateKey;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.NoSuchElementException;
import javax.xml.bind.DatatypeConverter;
import javax.xml.crypto.MarshalException;
import javax.xml.crypto.URIDereferencer;
import javax.xml.crypto.dsig.Manifest;
import javax.xml.crypto.dsig.TransformException;
import javax.xml.crypto.dsig.XMLObject;
import javax.xml.crypto.dsig.XMLSignatureException;
import javax.xml.crypto.dsig.XMLSignatureFactory;
import javax.xml.crypto.dsig.dom.DOMSignContext;
import javax.xml.crypto.dsig.keyinfo.KeyInfo;
import javax.xml.crypto.dsig.spec.C14NMethodParameterSpec;
import javax.xml.crypto.dsig.spec.SignatureMethodParameterSpec;
import org.apache.jcp.xml.dsig.internal.dom.DOMReference;
import org.apache.jcp.xml.dsig.internal.dom.DOMSignedInfo;
import org.apache.jcp.xml.dsig.internal.dom.DOMSubTreeData;
import org.apache.poi.EncryptedDocumentException;
import org.apache.poi.ooxml.POIXMLTypeLoader;
import org.apache.poi.ooxml.util.DocumentHelper;
import org.apache.poi.openxml4j.exceptions.InvalidFormatException;
import org.apache.poi.openxml4j.opc.ContentTypes;
import org.apache.poi.openxml4j.opc.OPCPackage;
import org.apache.poi.openxml4j.opc.PackagePart;
import org.apache.poi.openxml4j.opc.PackagePartName;
import org.apache.poi.openxml4j.opc.PackageRelationship;
import org.apache.poi.openxml4j.opc.PackageRelationshipTypes;
import org.apache.poi.openxml4j.opc.PackagingURIHelper;
import org.apache.poi.openxml4j.opc.TargetMode;
import org.apache.poi.poifs.crypt.CryptoFunctions;
import org.apache.poi.poifs.crypt.HashAlgorithm;
import org.apache.poi.poifs.crypt.dsig.SignatureConfig;
import org.apache.poi.poifs.crypt.dsig.facets.SignatureFacet;
import org.apache.poi.poifs.crypt.dsig.services.RelationshipTransformService;
import org.apache.poi.util.POILogFactory;
import org.apache.poi.util.POILogger;
import org.apache.xml.security.Init;
import org.apache.xml.security.utils.XMLUtils;
import org.apache.xmlbeans.XmlOptions;
import org.w3.x2000.x09.xmldsig.SignatureDocument;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.NodeList;
import org.w3c.dom.events.EventListener;
import org.w3c.dom.events.EventTarget;

/* loaded from: classes.dex */
public class SignatureInfo implements SignatureConfig.SignatureConfigurable {
    private static final POILogger LOG = POILogFactory.getLogger((Class<?>) SignatureInfo.class);
    private static boolean isInitialized;
    private SignatureConfig signatureConfig;

    public SignatureInfo() {
        initXmlProvider();
    }

    private static DigestOutputStream getDigestStream(HashAlgorithm hashAlgorithm, PrivateKey privateKey) {
        switch (hashAlgorithm) {
            case md2:
            case md5:
            case sha1:
            case sha256:
            case sha384:
            case sha512:
                return new SignatureOutputStream(hashAlgorithm, privateKey);
            default:
                return new DigestOutputStream(hashAlgorithm, privateKey);
        }
    }

    private Element getDsigElement(Document document, String str) {
        NodeList elementsByTagNameNS = document.getElementsByTagNameNS(SignatureFacet.XML_DIGSIG_NS, str);
        if (elementsByTagNameNS.getLength() == 1) {
            return (Element) elementsByTagNameNS.item(0);
        }
        POILogger pOILogger = LOG;
        Object[] objArr = new Object[1];
        StringBuilder sb = new StringBuilder();
        sb.append("Signature element '");
        sb.append(str);
        sb.append("' was ");
        sb.append(elementsByTagNameNS.getLength() == 0 ? "not found" : "multiple times");
        objArr[0] = sb.toString();
        pOILogger.log(5, objArr);
        return null;
    }

    protected static synchronized void initXmlProvider() {
        synchronized (SignatureInfo.class) {
            if (isInitialized) {
                return;
            }
            isInitialized = true;
            try {
                Init.init();
                RelationshipTransformService.registerDsigProvider();
                CryptoFunctions.registerBouncyCastle();
            } catch (Exception e) {
                throw new RuntimeException("Xml & BouncyCastle-Provider initialization failed", e);
            }
        }
    }

    public void confirmSignature() throws XMLSignatureException, MarshalException {
        DOMSignContext createXMLSignContext = createXMLSignContext(DocumentHelper.createDocument());
        postSign(createXMLSignContext, signDigest(createXMLSignContext, preSign(createXMLSignContext)));
    }

    public DOMSignContext createXMLSignContext(Document document) {
        return new DOMSignContext(this.signatureConfig.getKey(), document);
    }

    public SignatureConfig getSignatureConfig() {
        return this.signatureConfig;
    }

    public Iterable<SignaturePart> getSignatureParts() {
        this.signatureConfig.init(true);
        return new Iterable<SignaturePart>() { // from class: org.apache.poi.poifs.crypt.dsig.SignatureInfo.1
            @Override // java.lang.Iterable
            public Iterator<SignaturePart> iterator() {
                return new Iterator<SignaturePart>() { // from class: org.apache.poi.poifs.crypt.dsig.SignatureInfo.1.1
                    OPCPackage pkg;
                    Iterator<PackageRelationship> sigOrigRels;
                    PackagePart sigPart;
                    Iterator<PackageRelationship> sigRels;

                    {
                        this.pkg = SignatureInfo.this.signatureConfig.getOpcPackage();
                        this.sigOrigRels = this.pkg.getRelationshipsByType(PackageRelationshipTypes.DIGITAL_SIGNATURE_ORIGIN).iterator();
                    }

                    @Override // java.util.Iterator
                    public boolean hasNext() {
                        while (true) {
                            Iterator<PackageRelationship> it = this.sigRels;
                            if (it != null && it.hasNext()) {
                                return true;
                            }
                            if (!this.sigOrigRels.hasNext()) {
                                return false;
                            }
                            this.sigPart = this.pkg.getPart(this.sigOrigRels.next());
                            SignatureInfo.LOG.log(1, "Digital Signature Origin part", this.sigPart);
                            try {
                                this.sigRels = this.sigPart.getRelationshipsByType(PackageRelationshipTypes.DIGITAL_SIGNATURE).iterator();
                            } catch (InvalidFormatException e) {
                                SignatureInfo.LOG.log(5, "Reference to signature is invalid.", e);
                            }
                        }
                    }

                    @Override // java.util.Iterator
                    public SignaturePart next() {
                        PackagePart packagePart = null;
                        do {
                            try {
                                if (!hasNext()) {
                                    throw new NoSuchElementException();
                                    break;
                                }
                                packagePart = this.sigPart.getRelatedPart(this.sigRels.next());
                                SignatureInfo.LOG.log(1, "XML Signature part", packagePart);
                            } catch (InvalidFormatException e) {
                                SignatureInfo.LOG.log(5, "Reference to signature is invalid.", e);
                            }
                        } while (packagePart == null);
                        return new SignaturePart(packagePart, SignatureInfo.this.signatureConfig);
                    }

                    @Override // java.util.Iterator
                    public void remove() {
                        throw new UnsupportedOperationException();
                    }
                };
            }
        };
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    public void postSign(DOMSignContext dOMSignContext, String str) throws MarshalException {
        LOG.log(1, "postSign");
        Document document = (Document) dOMSignContext.getParent();
        String packageSignatureId = this.signatureConfig.getPackageSignatureId();
        if (!packageSignatureId.equals(document.getDocumentElement().getAttribute(PackageRelationship.ID_ATTRIBUTE_NAME))) {
            throw new RuntimeException("ds:Signature not found for @Id: " + packageSignatureId);
        }
        Element dsigElement = getDsigElement(document, "SignatureValue");
        if (dsigElement == null) {
            throw new RuntimeException("preSign has to be called before postSign");
        }
        dsigElement.setTextContent(str);
        Iterator<SignatureFacet> it = this.signatureConfig.getSignatureFacets().iterator();
        while (it.hasNext()) {
            it.next().postSign(document);
        }
        writeDocument(document);
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    public DOMSignedInfo preSign(DOMSignContext dOMSignContext) throws XMLSignatureException, MarshalException {
        this.signatureConfig.init(false);
        Document document = (Document) dOMSignContext.getParent();
        EventTarget eventTarget = (EventTarget) document;
        EventListener signatureMarshalListener = this.signatureConfig.getSignatureMarshalListener();
        if (signatureMarshalListener != null) {
            if (signatureMarshalListener instanceof SignatureMarshalListener) {
                ((SignatureMarshalListener) signatureMarshalListener).setEventTarget(eventTarget);
            }
            SignatureMarshalListener.setListener(eventTarget, signatureMarshalListener, true);
        }
        URIDereferencer uriDereferencer = this.signatureConfig.getUriDereferencer();
        if (uriDereferencer != null) {
            dOMSignContext.setURIDereferencer(uriDereferencer);
        }
        for (Map.Entry<String, String> entry : this.signatureConfig.getNamespacePrefixes().entrySet()) {
            dOMSignContext.putNamespacePrefix(entry.getKey(), entry.getValue());
        }
        dOMSignContext.setDefaultNamespacePrefix("");
        XMLSignatureFactory signatureFactory = this.signatureConfig.getSignatureFactory();
        ArrayList arrayList = new ArrayList();
        ArrayList<XMLObject> arrayList2 = new ArrayList();
        for (SignatureFacet signatureFacet : this.signatureConfig.getSignatureFacets()) {
            LOG.log(1, "invoking signature facet: " + signatureFacet.getClass().getSimpleName());
            signatureFacet.preSign(document, arrayList, arrayList2);
        }
        try {
            DOMSignedInfo newSignedInfo = signatureFactory.newSignedInfo(signatureFactory.newCanonicalizationMethod(this.signatureConfig.getCanonicalizationMethod(), (C14NMethodParameterSpec) null), signatureFactory.newSignatureMethod(this.signatureConfig.getSignatureMethodUri(), (SignatureMethodParameterSpec) null), arrayList);
            signatureFactory.newXMLSignature(newSignedInfo, (KeyInfo) null, arrayList2, this.signatureConfig.getPackageSignatureId(), this.signatureConfig.getPackageSignatureId() + "-signature-value").sign(dOMSignContext);
            for (XMLObject xMLObject : arrayList2) {
                LOG.log(1, "object java type: " + xMLObject.getClass().getName());
                for (Manifest manifest : xMLObject.getContent()) {
                    LOG.log(1, "object content java type: " + manifest.getClass().getName());
                    if (manifest instanceof Manifest) {
                        for (DOMReference dOMReference : manifest.getReferences()) {
                            if (dOMReference.getDigestValue() == null) {
                                dOMReference.digest(dOMSignContext);
                            }
                        }
                    }
                }
            }
            for (DOMReference dOMReference2 : newSignedInfo.getReferences()) {
                if (dOMReference2.getDigestValue() == null) {
                    dOMReference2.digest(dOMSignContext);
                }
            }
            return newSignedInfo;
        } catch (GeneralSecurityException e) {
            throw new XMLSignatureException(e);
        }
    }

    @Override // org.apache.poi.poifs.crypt.dsig.SignatureConfig.SignatureConfigurable
    public void setSignatureConfig(SignatureConfig signatureConfig) {
        this.signatureConfig = signatureConfig;
    }

    public String signDigest(DOMSignContext dOMSignContext, DOMSignedInfo dOMSignedInfo) {
        PrivateKey key = this.signatureConfig.getKey();
        HashAlgorithm digestAlgo = this.signatureConfig.getDigestAlgo();
        if ((digestAlgo.hashSize * 4) / 3 > 76 && !XMLUtils.ignoreLineBreaks()) {
            throw new EncryptedDocumentException("The hash size of the choosen hash algorithm (" + digestAlgo + " = " + digestAlgo.hashSize + " bytes), will motivate XmlSec to add linebreaks to the generated digest, which results in an invalid signature (... at least for Office) - please persuade it otherwise by adding '-Dorg.apache.xml.security.ignoreLineBreaks=true' to the JVM system properties.");
        }
        try {
            DigestOutputStream digestStream = getDigestStream(digestAlgo, key);
            Throwable th = null;
            try {
                digestStream.init();
                dOMSignedInfo.getCanonicalizationMethod().transform(new DOMSubTreeData(getDsigElement((Document) dOMSignContext.getParent(), "SignedInfo"), true), dOMSignContext, digestStream);
                String printBase64Binary = DatatypeConverter.printBase64Binary(digestStream.sign());
                if (digestStream != null) {
                    digestStream.close();
                }
                return printBase64Binary;
            } catch (Throwable th2) {
                if (digestStream != null) {
                    if (0 != 0) {
                        try {
                            digestStream.close();
                        } catch (Throwable th3) {
                            th.addSuppressed(th3);
                        }
                    } else {
                        digestStream.close();
                    }
                }
                throw th2;
            }
        } catch (IOException | GeneralSecurityException | TransformException e) {
            throw new EncryptedDocumentException(e);
        }
    }

    public boolean verifySignature() {
        Iterator<SignaturePart> it = getSignatureParts().iterator();
        if (it.hasNext()) {
            return it.next().validate();
        }
        return false;
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    protected void writeDocument(Document document) throws MarshalException {
        XmlOptions xmlOptions = new XmlOptions();
        HashMap hashMap = new HashMap();
        for (Map.Entry<String, String> entry : this.signatureConfig.getNamespacePrefixes().entrySet()) {
            hashMap.put(entry.getValue(), entry.getKey());
        }
        xmlOptions.setSaveSuggestedPrefixes(hashMap);
        xmlOptions.setUseDefaultNamespace();
        LOG.log(1, "output signed Office OpenXML document");
        OPCPackage opcPackage = this.signatureConfig.getOpcPackage();
        try {
            PackagePartName createPartName = PackagingURIHelper.createPartName("/_xmlsignatures/sig1.xml");
            PackagePartName createPartName2 = PackagingURIHelper.createPartName("/_xmlsignatures/origin.sigs");
            PackagePart part = opcPackage.getPart(createPartName);
            if (part == null) {
                part = opcPackage.createPart(createPartName, ContentTypes.DIGITAL_SIGNATURE_XML_SIGNATURE_PART);
            }
            try {
                OutputStream outputStream = part.getOutputStream();
                SignatureDocument.Factory.parse(document, POIXMLTypeLoader.DEFAULT_XML_OPTIONS).save(outputStream, xmlOptions);
                outputStream.close();
                PackagePart part2 = opcPackage.getPart(createPartName2);
                if (part2 == null) {
                    part2 = opcPackage.createPart(createPartName2, ContentTypes.DIGITAL_SIGNATURE_ORIGIN_PART);
                }
                Iterator<PackageRelationship> it = opcPackage.getRelationshipsByType(PackageRelationshipTypes.DIGITAL_SIGNATURE_ORIGIN).iterator();
                while (it.hasNext()) {
                    opcPackage.removeRelationship(it.next().getId());
                }
                opcPackage.addRelationship(createPartName2, TargetMode.INTERNAL, PackageRelationshipTypes.DIGITAL_SIGNATURE_ORIGIN);
                part2.addRelationship(createPartName, TargetMode.INTERNAL, PackageRelationshipTypes.DIGITAL_SIGNATURE);
            } catch (Exception e) {
                throw new MarshalException("Unable to write signature document", e);
            }
        } catch (InvalidFormatException e2) {
            throw new MarshalException(e2);
        }
    }
}
