package at.gv.egiz.idlink;

import at.gv.e_government.reference.namespace.persondata._20020228_.AbstractPersonType;
import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType;
import at.gv.e_government.reference.namespace.persondata._20020228_.ObjectFactory;
import at.gv.e_government.reference.namespace.persondata._20020228_.PersonNameType;
import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType;
import at.gv.egiz.marshal.MarshallerFactory;
import at.gv.egiz.slbinding.RedirectEventFilter;
import at.gv.egiz.xmldsig.KeyTypeNotSupportedException;
import at.gv.egiz.xmldsig.KeyValueFactory;
import java.io.InputStreamReader;
import java.io.StringWriter;
import java.math.BigInteger;
import java.nio.charset.Charset;
import java.security.InvalidAlgorithmParameterException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Date;
import java.util.GregorianCalendar;
import java.util.HashMap;
import java.util.List;
import java.util.TimeZone;
import javax.xml.bind.JAXBContext;
import javax.xml.bind.JAXBElement;
import javax.xml.bind.JAXBException;
import javax.xml.bind.PropertyException;
import javax.xml.crypto.MarshalException;
import javax.xml.crypto.dsig.CanonicalizationMethod;
import javax.xml.crypto.dsig.Reference;
import javax.xml.crypto.dsig.SignatureMethod;
import javax.xml.crypto.dsig.SignedInfo;
import javax.xml.crypto.dsig.XMLSignature;
import javax.xml.crypto.dsig.XMLSignatureException;
import javax.xml.crypto.dsig.XMLSignatureFactory;
import javax.xml.crypto.dsig.dom.DOMSignContext;
import javax.xml.crypto.dsig.keyinfo.KeyInfo;
import javax.xml.crypto.dsig.keyinfo.KeyInfoFactory;
import javax.xml.crypto.dsig.spec.C14NMethodParameterSpec;
import javax.xml.crypto.dsig.spec.DigestMethodParameterSpec;
import javax.xml.crypto.dsig.spec.SignatureMethodParameterSpec;
import javax.xml.crypto.dsig.spec.TransformParameterSpec;
import javax.xml.crypto.dsig.spec.XPathFilterParameterSpec;
import javax.xml.datatype.DatatypeConfigurationException;
import javax.xml.datatype.DatatypeFactory;
import javax.xml.transform.Transformer;
import javax.xml.transform.TransformerFactory;
import javax.xml.transform.dom.DOMResult;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
import oasis.names.tc.saml._1_0.assertion.AnyType;
import oasis.names.tc.saml._1_0.assertion.AssertionType;
import oasis.names.tc.saml._1_0.assertion.AttributeStatementType;
import oasis.names.tc.saml._1_0.assertion.AttributeType;
import oasis.names.tc.saml._1_0.assertion.SubjectConfirmationType;
import oasis.names.tc.saml._1_0.assertion.SubjectType;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Element;
import org.w3c.dom.Node;

/* loaded from: input_file:at/gv/egiz/idlink/IdentityLinkFactory.class */
public class IdentityLinkFactory {
    private final Logger log = LoggerFactory.getLogger(IdentityLinkFactory.class);
    private static IdentityLinkFactory instance;
    private static JAXBContext jaxbContext;
    private static KeyValueFactory keyValueFactory;

    public static synchronized IdentityLinkFactory getInstance() {
        if (instance == null) {
            instance = new IdentityLinkFactory();
        }
        return instance;
    }

    private IdentityLinkFactory() {
        keyValueFactory = new KeyValueFactory();
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append(ObjectFactory.class.getPackage().getName());
        stringBuffer.append(":");
        stringBuffer.append(org.w3._2000._09.xmldsig_.ObjectFactory.class.getPackage().getName());
        stringBuffer.append(":");
        stringBuffer.append(org.w3._2001._04.xmldsig_more_.ObjectFactory.class.getPackage().getName());
        stringBuffer.append(":");
        stringBuffer.append(at.buergerkarte.namespaces.personenbindung._20020506_.ObjectFactory.class.getPackage().getName());
        stringBuffer.append(":");
        stringBuffer.append(oasis.names.tc.saml._1_0.assertion.ObjectFactory.class.getPackage().getName());
        try {
            jaxbContext = JAXBContext.newInstance(stringBuffer.toString());
        } catch (JAXBException e) {
            throw new RuntimeException((Throwable) e);
        }
    }

    public JAXBElement<AssertionType> createAssertion(String str, Date date, String str2, long j, long j2, AttributeStatementType attributeStatementType) {
        oasis.names.tc.saml._1_0.assertion.ObjectFactory objectFactory = new oasis.names.tc.saml._1_0.assertion.ObjectFactory();
        AssertionType createAssertionType = objectFactory.createAssertionType();
        createAssertionType.setAssertionID(str);
        GregorianCalendar gregorianCalendar = new GregorianCalendar(TimeZone.getTimeZone("UTC"));
        gregorianCalendar.setTime(date);
        try {
            createAssertionType.setIssueInstant(DatatypeFactory.newInstance().newXMLGregorianCalendar(gregorianCalendar));
            createAssertionType.setIssuer(str2);
            createAssertionType.setMajorVersion(BigInteger.valueOf(j));
            createAssertionType.setMinorVersion(BigInteger.valueOf(j2));
            createAssertionType.getStatementOrSubjectStatementOrAuthenticationStatement().add(attributeStatementType);
            return objectFactory.createAssertion(createAssertionType);
        } catch (DatatypeConfigurationException e) {
            throw new RuntimeException(e);
        }
    }

    public AttributeStatementType createAttributeStatement(String str, String str2, String str3, String str4, String str5, PublicKey[] publicKeyArr) throws KeyTypeNotSupportedException {
        oasis.names.tc.saml._1_0.assertion.ObjectFactory objectFactory = new oasis.names.tc.saml._1_0.assertion.ObjectFactory();
        ObjectFactory objectFactory2 = new ObjectFactory();
        AttributeStatementType createAttributeStatementType = objectFactory.createAttributeStatementType();
        SubjectConfirmationType createSubjectConfirmationType = objectFactory.createSubjectConfirmationType();
        createSubjectConfirmationType.getConfirmationMethod().add("urn:oasis:names:tc:SAML:1.0:cm:sender-vouches");
        IdentificationType.Value createIdentificationTypeValue = objectFactory2.createIdentificationTypeValue();
        createIdentificationTypeValue.setValue(str);
        IdentificationType createIdentificationType = objectFactory2.createIdentificationType();
        createIdentificationType.setValue(createIdentificationTypeValue);
        createIdentificationType.setType(str2);
        PersonNameType createPersonNameType = objectFactory2.createPersonNameType();
        PersonNameType.FamilyName createPersonNameTypeFamilyName = objectFactory2.createPersonNameTypeFamilyName();
        createPersonNameTypeFamilyName.setValue(str4);
        createPersonNameTypeFamilyName.setPrimary("undefined");
        createPersonNameType.getFamilyName().add(createPersonNameTypeFamilyName);
        createPersonNameType.getGivenName().add(str3);
        PhysicalPersonType createPhysicalPersonType = objectFactory2.createPhysicalPersonType();
        createPhysicalPersonType.getIdentification().add(createIdentificationType);
        createPhysicalPersonType.setName(createPersonNameType);
        createPhysicalPersonType.setDateOfBirth(str5);
        JAXBElement<AbstractPersonType> createPerson = objectFactory2.createPerson(createPhysicalPersonType);
        AnyType createAnyType = objectFactory.createAnyType();
        createAnyType.getContent().add(createPerson);
        createSubjectConfirmationType.setSubjectConfirmationData(createAnyType);
        JAXBElement<SubjectConfirmationType> createSubjectConfirmation = objectFactory.createSubjectConfirmation(createSubjectConfirmationType);
        SubjectType createSubjectType = objectFactory.createSubjectType();
        createSubjectType.getContent().add(createSubjectConfirmation);
        createAttributeStatementType.setSubject(createSubjectType);
        for (PublicKey publicKey : publicKeyArr) {
            JAXBElement<?> createKeyValue = keyValueFactory.createKeyValue(publicKey);
            AttributeType createAttributeType = objectFactory.createAttributeType();
            createAttributeType.setAttributeName("CitizenPublicKey");
            createAttributeType.setAttributeNamespace("urn:publicid:gv.at:namespaces:identitylink:1.2");
            AnyType createAnyType2 = objectFactory.createAnyType();
            createAnyType2.getContent().add(createKeyValue);
            createAttributeType.getAttributeValue().add(createAnyType2);
            createAttributeStatementType.getAttribute().add(createAttributeType);
        }
        return createAttributeStatementType;
    }

    public void marshallIdentityLink(JAXBElement<AssertionType> jAXBElement, Node node, Node node2) throws JAXBException {
        try {
            MarshallerFactory.createMarshaller(jaxbContext, true).marshal(jAXBElement, new DOMResult(node, node2));
        } catch (PropertyException e) {
            throw new RuntimeException((Throwable) e);
        }
    }

    public void signIdentityLink(Element element, X509Certificate x509Certificate, PrivateKey privateKey) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException, XMLSignatureException, MarshalException {
        signIdentityLink(element, x509Certificate, privateKey, XMLSignatureFactory.getInstance(), KeyInfoFactory.getInstance());
    }

    public void signIdentityLink(Element element, X509Certificate x509Certificate, PrivateKey privateKey, XMLSignatureFactory xMLSignatureFactory, KeyInfoFactory keyInfoFactory) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException, XMLSignatureException, MarshalException {
        SignatureMethod newSignatureMethod;
        ArrayList<Reference> arrayList = new ArrayList();
        HashMap hashMap = new HashMap();
        hashMap.put("pr", "http://reference.e-government.gv.at/namespace/persondata/20020228#");
        ArrayList arrayList2 = new ArrayList();
        arrayList2.add(xMLSignatureFactory.newTransform("http://www.w3.org/TR/1999/REC-xpath-19991116", new XPathFilterParameterSpec("not(ancestor-or-self::pr:Identification)", hashMap)));
        arrayList2.add(xMLSignatureFactory.newTransform("http://www.w3.org/2000/09/xmldsig#enveloped-signature", (TransformParameterSpec) null));
        arrayList.add(xMLSignatureFactory.newReference("", xMLSignatureFactory.newDigestMethod("http://www.w3.org/2000/09/xmldsig#sha1", (DigestMethodParameterSpec) null), arrayList2, (String) null, (String) null));
        arrayList.add(xMLSignatureFactory.newReference("#manifest", xMLSignatureFactory.newDigestMethod("http://www.w3.org/2000/09/xmldsig#sha1", (DigestMethodParameterSpec) null), (List) null, "http://www.w3.org/2000/09/xmldsig#Manifest", (String) null));
        CanonicalizationMethod newCanonicalizationMethod = xMLSignatureFactory.newCanonicalizationMethod("http://www.w3.org/2001/10/xml-exc-c14n#", (C14NMethodParameterSpec) null);
        String algorithm = privateKey.getAlgorithm();
        if ("RSA".equalsIgnoreCase(algorithm)) {
            newSignatureMethod = xMLSignatureFactory.newSignatureMethod("http://www.w3.org/2000/09/xmldsig#rsa-sha1", (SignatureMethodParameterSpec) null);
        } else if ("ECDSA".equalsIgnoreCase(algorithm) || "EC".equalsIgnoreCase(algorithm)) {
            newSignatureMethod = xMLSignatureFactory.newSignatureMethod("http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1", (SignatureMethodParameterSpec) null);
        } else {
            if (!"DSA".equalsIgnoreCase(algorithm)) {
                throw new NoSuchAlgorithmException("Algorithm '" + algorithm + "' not supported.");
            }
            newSignatureMethod = xMLSignatureFactory.newSignatureMethod("http://www.w3.org/2000/09/xmldsig#dsa-sha1", (SignatureMethodParameterSpec) null);
        }
        SignedInfo newSignedInfo = xMLSignatureFactory.newSignedInfo(newCanonicalizationMethod, newSignatureMethod, arrayList);
        KeyInfo newKeyInfo = keyInfoFactory.newKeyInfo(Collections.singletonList(keyInfoFactory.newX509Data(Collections.singletonList(x509Certificate))));
        HashMap hashMap2 = new HashMap();
        hashMap2.put("dsig", "http://www.w3.org/2000/09/xmldsig#");
        Reference newReference = xMLSignatureFactory.newReference("", xMLSignatureFactory.newDigestMethod("http://www.w3.org/2000/09/xmldsig#sha1", (DigestMethodParameterSpec) null), Collections.singletonList(xMLSignatureFactory.newTransform("http://www.w3.org/TR/1999/REC-xpath-19991116", new XPathFilterParameterSpec("not(ancestor-or-self::dsig:Signature)", hashMap2))), (String) null, (String) null);
        XMLSignature newXMLSignature = xMLSignatureFactory.newXMLSignature(newSignedInfo, newKeyInfo, Collections.singletonList(xMLSignatureFactory.newXMLObject(Collections.singletonList(xMLSignatureFactory.newManifest(Collections.singletonList(newReference), "manifest")), (String) null, (String) null, (String) null)), (String) null, (String) null);
        DOMSignContext dOMSignContext = new DOMSignContext(privateKey, element);
        dOMSignContext.putNamespacePrefix("http://www.w3.org/2000/09/xmldsig#", "dsig");
        if (this.log.isTraceEnabled()) {
            dOMSignContext.setProperty("javax.xml.crypto.dsig.cacheReference", Boolean.TRUE);
        }
        newXMLSignature.sign(dOMSignContext);
        if (this.log.isDebugEnabled()) {
            try {
                Transformer newTransformer = TransformerFactory.newInstance().newTransformer();
                StringWriter stringWriter = new StringWriter();
                newTransformer.transform(new DOMSource(element), new StreamResult(stringWriter));
                this.log.debug(stringWriter.toString());
            } catch (Exception e) {
                this.log.debug("Logging assertion failed.", e);
            }
        }
        if (this.log.isTraceEnabled()) {
            StringBuilder sb = new StringBuilder();
            sb.append("Digest input data:\n\n");
            try {
                int i = 0;
                for (Reference reference : arrayList) {
                    sb.append("Reference " + i + "\n");
                    InputStreamReader inputStreamReader = new InputStreamReader(reference.getDigestInputStream(), Charset.forName(RedirectEventFilter.DEFAULT_ENCODING));
                    char[] cArr = new char[512];
                    while (true) {
                        int read = inputStreamReader.read(cArr);
                        if (read != -1) {
                            sb.append(cArr, 0, read);
                        }
                    }
                    sb.append("\n");
                    i++;
                }
                sb.append("Manifest Reference\n");
                InputStreamReader inputStreamReader2 = new InputStreamReader(newReference.getDigestInputStream(), Charset.forName(RedirectEventFilter.DEFAULT_ENCODING));
                char[] cArr2 = new char[512];
                while (true) {
                    int read2 = inputStreamReader2.read(cArr2);
                    if (read2 == -1) {
                        break;
                    } else {
                        sb.append(cArr2, 0, read2);
                    }
                }
            } catch (Exception e2) {
                sb.append(e2.getMessage());
            }
            this.log.trace(sb.toString());
        }
    }
}
