package es.gob.afirma.signers.batch.client;

import es.gob.afirma.core.AOException;
import es.gob.afirma.core.misc.Base64;
import es.gob.afirma.core.misc.LoggerUtil;
import es.gob.afirma.core.misc.SecureXmlBuilder;
import es.gob.afirma.core.misc.http.HttpError;
import es.gob.afirma.core.misc.http.UrlHttpManagerFactory;
import es.gob.afirma.core.misc.http.UrlHttpMethod;
import es.gob.afirma.core.signers.AOPkcs1Signer;
import es.gob.afirma.core.signers.TriphaseData;
import es.gob.afirma.core.signers.TriphaseDataSigner;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.util.List;
import java.util.Properties;
import java.util.logging.Logger;
import org.json.JSONException;
import org.json.JSONObject;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.NamedNodeMap;
import org.w3c.dom.Node;

/* loaded from: input_file:es/gob/afirma/signers/batch/client/BatchSigner.class */
public final class BatchSigner {
    private static final String BATCH_XML_PARAM = "xml";
    private static final String BATCH_JSON_PARAM = "json";
    private static final String BATCH_CRT_PARAM = "certs";
    private static final String BATCH_TRI_PARAM = "tridata";
    private static final String EQU = "=";
    private static final String AMP = "&";
    private static final Logger LOGGER = Logger.getLogger("es.gob.afirma");
    private static final Charset DEFAULT_CHARSET = StandardCharsets.UTF_8;

    private BatchSigner() {
    }

    public static String signXML(String str, String str2, String str3, Certificate[] certificateArr, PrivateKey privateKey) throws CertificateEncodingException, IOException, AOException {
        if (str == null || str.isEmpty()) {
            throw new IllegalArgumentException("El lote de firma no puede ser nulo ni vacio");
        }
        if (str2 == null || str2.isEmpty()) {
            throw new IllegalArgumentException("La URL de preproceso de lotes no puede se nula ni vacia");
        }
        if (str3 == null || str3.isEmpty()) {
            throw new IllegalArgumentException("La URL de postproceso de lotes no puede ser nula ni vacia");
        }
        if (certificateArr == null || certificateArr.length < 1) {
            throw new IllegalArgumentException("La cadena de certificados del firmante no puede ser nula ni vacia");
        }
        String replace = str.replace("+", "-").replace("/", "_");
        try {
            try {
                return new String(UrlHttpManagerFactory.getInstalledManager().readUrl(str3 + "?" + BATCH_XML_PARAM + EQU + replace + AMP + BATCH_CRT_PARAM + EQU + getCertChainAsBase64(certificateArr) + AMP + BATCH_TRI_PARAM + EQU + Base64.encode(TriphaseDataSigner.doSign(new AOPkcs1Signer(), getAlgorithmForXML(str), privateKey, certificateArr, TriphaseData.parser(UrlHttpManagerFactory.getInstalledManager().readUrl(str2 + "?" + BATCH_XML_PARAM + EQU + replace + AMP + BATCH_CRT_PARAM + EQU + getCertChainAsBase64(certificateArr), UrlHttpMethod.POST)), (Properties) null).toString().getBytes(DEFAULT_CHARSET), true), UrlHttpMethod.POST), DEFAULT_CHARSET);
            } catch (HttpError e) {
                LOGGER.warning("El servicio de firma devolvio un  error durante la postfirma: " + e.getResponseDescription());
                throw e;
            }
        } catch (HttpError e2) {
            LOGGER.warning("El servicio de firma devolvio un  error durante la prefirma: " + e2.getResponseDescription());
            throw e2;
        }
    }

    public static String signJSON(String str, String str2, String str3, Certificate[] certificateArr, PrivateKey privateKey) throws CertificateEncodingException, IOException, AOException {
        if (str == null || str.isEmpty()) {
            throw new IllegalArgumentException("El lote de firma no puede ser nulo ni vacio");
        }
        if (str2 == null || str2.isEmpty()) {
            throw new IllegalArgumentException("La URL de preproceso de lotes no puede se nula ni vacia");
        }
        if (str3 == null || str3.isEmpty()) {
            throw new IllegalArgumentException("La URL de postproceso de lotes no puede ser nula ni vacia");
        }
        if (certificateArr == null || certificateArr.length < 1) {
            throw new IllegalArgumentException("La cadena de certificados del firmante no puede ser nula ni vacia");
        }
        String replace = str.replace("+", "-").replace("/", "_");
        try {
            PresignBatch parseFromJSON = JSONPreSignBatchParser.parseFromJSON(UrlHttpManagerFactory.getInstalledManager().readUrl(str2 + "?" + BATCH_JSON_PARAM + EQU + replace + AMP + BATCH_CRT_PARAM + EQU + getCertChainAsBase64(certificateArr), UrlHttpMethod.POST));
            TriphaseData triphaseData = parseFromJSON.getTriphaseData();
            List<BatchDataResult> errors = parseFromJSON.getErrors();
            if (triphaseData == null && errors == null) {
                return JSONBatchInfoParser.buildEmptyResult().toString();
            }
            if (triphaseData == null) {
                return JSONBatchInfoParser.buildResult(errors).toString();
            }
            if (errors != null) {
                BatchInfo parse = JSONBatchInfoParser.parse(Base64.decode(str));
                parse.updateResults(errors);
                replace = Base64.encode(parse.getInfoString().getBytes(StandardCharsets.UTF_8), true);
            }
            try {
                return new String(UrlHttpManagerFactory.getInstalledManager().readUrl(str3 + "?" + BATCH_JSON_PARAM + EQU + replace + AMP + BATCH_CRT_PARAM + EQU + getCertChainAsBase64(certificateArr) + AMP + BATCH_TRI_PARAM + EQU + Base64.encode(TriphaseDataParser.triphaseDataToJsonString(TriphaseDataSigner.doSign(new AOPkcs1Signer(), getAlgorithmForJSON(str), privateKey, certificateArr, triphaseData, (Properties) null)).getBytes(DEFAULT_CHARSET), true), UrlHttpMethod.POST), DEFAULT_CHARSET);
            } catch (HttpError e) {
                LOGGER.warning("El servicio de firma devolvio un  error durante la postfirma: " + e);
                throw e;
            }
        } catch (HttpError e2) {
            LOGGER.warning("El servicio de firma devolvio un  error durante la prefirma: " + e2);
            throw e2;
        }
    }

    private static String getCertChainAsBase64(Certificate[] certificateArr) throws CertificateEncodingException {
        StringBuilder sb = new StringBuilder();
        for (Certificate certificate : certificateArr) {
            sb.append(Base64.encode(certificate.getEncoded(), true));
            sb.append(";");
        }
        String sb2 = sb.toString();
        return sb2.substring(0, sb2.length() - 1);
    }

    private static String getAlgorithmForXML(String str) throws IOException {
        byte[] decode = Base64.decode(str.replace("-", "+").replace("_", "/"));
        try {
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(decode);
            Throwable th = null;
            try {
                try {
                    Document parse = SecureXmlBuilder.getSecureDocumentBuilder().parse(byteArrayInputStream);
                    if (byteArrayInputStream != null) {
                        if (0 != 0) {
                            try {
                                byteArrayInputStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            byteArrayInputStream.close();
                        }
                    }
                    Element documentElement = parse.getDocumentElement();
                    if (!"signbatch".equalsIgnoreCase(documentElement.getNodeName())) {
                        throw new IllegalArgumentException("No se encontro el nodo 'signbatch' en el XML proporcionado");
                    }
                    NamedNodeMap attributes = documentElement.getAttributes();
                    if (attributes == null) {
                        throw new IllegalArgumentException("El nodo 'signbatch' debe contener al manos el atributo de algoritmo");
                    }
                    Node namedItem = attributes.getNamedItem("algorithm");
                    if (namedItem != null) {
                        return namedItem.getNodeValue();
                    }
                    throw new IllegalArgumentException("El nodo 'signbatch' debe contener al manos el atributo de algoritmo");
                } finally {
                }
            } finally {
            }
        } catch (Exception e) {
            LOGGER.severe("Error al cargar el fichero XML de lote: " + e + "\n" + LoggerUtil.getTrimBytes(decode));
            throw new IOException("Error al cargar el fichero XML de lote: " + e, e);
        }
    }

    private static String getAlgorithmForJSON(String str) throws IOException {
        try {
            JSONObject jSONObject = new JSONObject(new String(Base64.decode(str), DEFAULT_CHARSET));
            if (jSONObject.has("algorithm")) {
                return jSONObject.getString("algorithm");
            }
            throw new IllegalArgumentException("El nodo 'signbatch' debe contener al manos el atributo de algoritmo");
        } catch (JSONException e) {
            LOGGER.severe("Error al parsear JSON");
            throw new JSONException("El JSON de definicion de lote de firmas no esta formado correctamente");
        }
    }
}
