package de.gematik.pki.gemlibpki.tsl;

import de.gematik.pki.gemlibpki.exception.GemPkiRuntimeException;
import de.gematik.pki.gemlibpki.utils.GemLibPkiUtils;
import de.gematik.pki.gemlibpki.utils.P12Container;
import lombok.Generated;
import lombok.NonNull;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import xades4j.XAdES4jException;
import xades4j.algorithms.EnvelopedSignatureTransform;
import xades4j.algorithms.ExclusiveCanonicalXMLWithoutComments;
import xades4j.production.BasicSignatureOptions;
import xades4j.production.DataObjectReference;
import xades4j.production.SignatureAlgorithms;
import xades4j.production.SignedDataObjects;
import xades4j.production.XadesBesSigningProfile;
import xades4j.properties.DataObjectDesc;
import xades4j.properties.DataObjectFormatProperty;
import xades4j.providers.impl.DirectKeyingDataProvider;
import xades4j.utils.XadesProfileResolutionException;

/* loaded from: input_file:de/gematik/pki/gemlibpki/tsl/TslSigner.class */
public final class TslSigner {

    @Generated
    private static final Logger log = LoggerFactory.getLogger(TslSigner.class);

    @NonNull
    final Document tslToSign;

    @NonNull
    final P12Container tslSignerP12;
    private final boolean checkSignerKeyUsage;
    private final boolean checkSignerValidity;

    @Generated
    /* loaded from: input_file:de/gematik/pki/gemlibpki/tsl/TslSigner$TslSignerBuilder.class */
    public static class TslSignerBuilder {

        @Generated
        private Document tslToSign;

        @Generated
        private P12Container tslSignerP12;

        @Generated
        private boolean checkSignerKeyUsage$set;

        @Generated
        private boolean checkSignerKeyUsage$value;

        @Generated
        private boolean checkSignerValidity$set;

        @Generated
        private boolean checkSignerValidity$value;

        @Generated
        TslSignerBuilder() {
        }

        @Generated
        public TslSignerBuilder tslToSign(@NonNull Document document) {
            if (document == null) {
                throw new NullPointerException("tslToSign is marked non-null but is null");
            }
            this.tslToSign = document;
            return this;
        }

        @Generated
        public TslSignerBuilder tslSignerP12(@NonNull P12Container p12Container) {
            if (p12Container == null) {
                throw new NullPointerException("tslSignerP12 is marked non-null but is null");
            }
            this.tslSignerP12 = p12Container;
            return this;
        }

        @Generated
        public TslSignerBuilder checkSignerKeyUsage(boolean z) {
            this.checkSignerKeyUsage$value = z;
            this.checkSignerKeyUsage$set = true;
            return this;
        }

        @Generated
        public TslSignerBuilder checkSignerValidity(boolean z) {
            this.checkSignerValidity$value = z;
            this.checkSignerValidity$set = true;
            return this;
        }

        @Generated
        public TslSigner build() {
            boolean z = this.checkSignerKeyUsage$value;
            if (!this.checkSignerKeyUsage$set) {
                z = TslSigner.$default$checkSignerKeyUsage();
            }
            boolean z2 = this.checkSignerValidity$value;
            if (!this.checkSignerValidity$set) {
                z2 = TslSigner.$default$checkSignerValidity();
            }
            return new TslSigner(this.tslToSign, this.tslSignerP12, z, z2);
        }

        @Generated
        public String toString() {
            return "TslSigner.TslSignerBuilder(tslToSign=" + this.tslToSign + ", tslSignerP12=" + this.tslSignerP12 + ", checkSignerKeyUsage$value=" + this.checkSignerKeyUsage$value + ", checkSignerValidity$value=" + this.checkSignerValidity$value + ")";
        }
    }

    public void sign() {
        if (!this.checkSignerKeyUsage) {
            log.info("WARNING! TSL is signed without signerKeyUsage check due to user request.");
        }
        if (!this.checkSignerValidity) {
            log.info("WARNING! TSL is signed without signerValidityCheck check due to user request.");
        }
        Element tslWithoutSignature = getTslWithoutSignature(this.tslToSign);
        DirectKeyingDataProvider directKeyingDataProvider = new DirectKeyingDataProvider(this.tslSignerP12.getCertificate(), this.tslSignerP12.getPrivateKey());
        try {
            new XadesBesSigningProfile(directKeyingDataProvider).withSignatureAlgorithms(new SignatureAlgorithms().withSignatureAlgorithm("RSA", "http://www.w3.org/2007/05/xmldsig-more#sha256-rsa-MGF1").withCanonicalizationAlgorithmForSignature(new ExclusiveCanonicalXMLWithoutComments(new String[0])).withCanonicalizationAlgorithmForTimeStampProperties(new ExclusiveCanonicalXMLWithoutComments(new String[0]))).withBasicSignatureOptions(new BasicSignatureOptions().includeIssuerSerial(false).includeSubjectName(false).checkKeyUsage(this.checkSignerKeyUsage).checkCertificateValidity(this.checkSignerValidity)).newSigner().sign(new SignedDataObjects(new DataObjectDesc[]{new DataObjectReference("").withTransform(new EnvelopedSignatureTransform()).withTransform(new ExclusiveCanonicalXMLWithoutComments(new String[0])).withDataObjectFormat(new DataObjectFormatProperty("text/xml"))}), tslWithoutSignature);
        } catch (XAdES4jException e) {
            throw new GemPkiRuntimeException("Fehler bei erstellen der XAdES Signatur.", e);
        } catch (XadesProfileResolutionException e2) {
            throw new GemPkiRuntimeException("Fehler beim erstellen des XAdES Profil Objektes.", e2);
        }
    }

    private static Element getTslWithoutSignature(Document document) {
        Element signature = TslUtils.getSignature(document);
        if (signature == null) {
            return document.getDocumentElement();
        }
        Element element = (Element) signature.getParentNode();
        element.removeChild(signature);
        return element;
    }

    @Generated
    private static boolean $default$checkSignerKeyUsage() {
        return true;
    }

    @Generated
    private static boolean $default$checkSignerValidity() {
        return true;
    }

    @Generated
    TslSigner(@NonNull Document document, @NonNull P12Container p12Container, boolean z, boolean z2) {
        if (document == null) {
            throw new NullPointerException("tslToSign is marked non-null but is null");
        }
        if (p12Container == null) {
            throw new NullPointerException("tslSignerP12 is marked non-null but is null");
        }
        this.tslToSign = document;
        this.tslSignerP12 = p12Container;
        this.checkSignerKeyUsage = z;
        this.checkSignerValidity = z2;
    }

    @Generated
    public static TslSignerBuilder builder() {
        return new TslSignerBuilder();
    }

    static {
        GemLibPkiUtils.setBouncyCastleProvider();
    }
}
