package org.digidoc4j.dss.xades;

import eu.europa.esig.dss.enumerations.DigestAlgorithm;
import eu.europa.esig.dss.model.DSSException;
import eu.europa.esig.dss.model.Policy;
import eu.europa.esig.dss.spi.DSSRevocationUtils;
import eu.europa.esig.dss.utils.Utils;
import eu.europa.esig.dss.xades.XAdESSignatureParameters;
import eu.europa.esig.dss.xml.utils.DomUtils;
import eu.europa.esig.xades.definition.XAdESPath;
import java.io.Serializable;
import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.ocsp.OCSPObjectIdentifiers;
import org.bouncycastle.asn1.x509.Extension;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;

/* loaded from: input_file:org/digidoc4j/dss/xades/BDocTmSupport.class */
public class BDocTmSupport implements Serializable {
    private static final Logger LOG = LoggerFactory.getLogger(BDocTmSupport.class);
    public static final String BDOC_TM_POLICY_ID = "urn:oid:1.3.6.1.4.1.10015.1000.3.2.1";
    public static final String BDOC_TM_POLICY_QUALIFIER = "OIDAsURN";

    public static boolean isBdocTmSignatureProfile(XAdESSignatureParameters xAdESSignatureParameters) {
        Policy signaturePolicy = xAdESSignatureParameters.bLevel().getSignaturePolicy();
        if (signaturePolicy == null) {
            return false;
        }
        return BDOC_TM_POLICY_ID.equals(Utils.trim(signaturePolicy.getId()));
    }

    public static boolean hasBDocTmPolicyId(Element element, XAdESPath xAdESPath) {
        Element element2;
        Element element3 = DomUtils.getElement(element, xAdESPath.getSignaturePolicyIdentifierPath());
        if (element3 == null || (element2 = DomUtils.getElement(element3, xAdESPath.getCurrentSignaturePolicyId())) == null) {
            return false;
        }
        return Utils.areStringsEqualIgnoreCase(BDOC_TM_POLICY_ID, Utils.trim(element2.getTextContent()));
    }

    public static boolean hasBDocTmOcsp(Element element, XAdESPath xAdESPath) {
        if (!hasBDocTmPolicyId(element, xAdESPath)) {
            return false;
        }
        NodeList nodeList = DomUtils.getNodeList(element, xAdESPath.getRevocationValuesPath() + xAdESPath.getCurrentOCSPValuesChildren().substring(1));
        for (int i = 0; i < nodeList.getLength(); i++) {
            try {
                Extension extension = DSSRevocationUtils.loadOCSPFromBinaries(getEncapsulatedTokenBinaries((Element) nodeList.item(i))).getExtension(new ASN1ObjectIdentifier(OCSPObjectIdentifiers.id_pkix_ocsp_nonce.getId()));
                if (extension != null && isOcspNonceInValidFormat(extension)) {
                    return true;
                }
            } catch (Exception e) {
                if (LOG.isDebugEnabled()) {
                    LOG.error("Unable to parse OCSP response binaries : {}", e.getMessage(), e);
                } else {
                    LOG.warn("Unable to parse OCSP response binaries : {}", e.getMessage());
                }
            }
        }
        return false;
    }

    private static byte[] getEncapsulatedTokenBinaries(Element element) {
        if (element.hasChildNodes()) {
            Node firstChild = element.getFirstChild();
            if (3 == firstChild.getNodeType()) {
                String textContent = firstChild.getTextContent();
                if (Utils.isBase64Encoded(textContent)) {
                    return Utils.fromBase64(textContent);
                }
            }
        }
        throw new DSSException(String.format("Cannot create the token reference. The element with local name [%s] must contain an encapsulated base64 token value!", element.getLocalName()));
    }

    private static boolean isOcspNonceInValidFormat(Extension extension) {
        try {
            byte[] octets = extension.getExtnValue().getOctets();
            return getExtensionDigestAlgorithm(octets).getSaltLength() == ASN1Sequence.getInstance(octets).getObjectAt(1).getOctets().length;
        } catch (Exception e) {
            return false;
        }
    }

    private static DigestAlgorithm getExtensionDigestAlgorithm(byte[] bArr) {
        return DigestAlgorithm.forOID(ASN1Sequence.getInstance(bArr).getObjectAt(0).getObjects().nextElement().toString());
    }

    public static String uriEncode(String str) {
        try {
            return URLEncoder.encode(str, "UTF-8").replaceAll("\\+", "%20").replaceAll("\\%7E", "~");
        } catch (UnsupportedEncodingException e) {
            LOG.error("Unable to decode '" + str + "' : " + e.getMessage(), e);
            return str;
        }
    }

    public static String fixEncoding(String str) {
        return str.replaceAll("\\+", "%2B");
    }
}
