package gov.nist.secautotrust.signer;

import gov.nist.secautotrust.signature.Signature;
import gov.nist.secautotrust.signer.config.ScapResultSignerConfig;
import gov.nist.secautotrust.util.ScapNamespaceContext;
import gov.nist.secautotrust.util.Util;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import javax.xml.crypto.dsig.spec.XPathType;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.transform.TransformerConfigurationException;
import javax.xml.transform.TransformerException;
import javax.xml.transform.TransformerFactory;
import javax.xml.transform.TransformerFactoryConfigurationError;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
import javax.xml.xpath.XPath;
import javax.xml.xpath.XPathConstants;
import javax.xml.xpath.XPathExpression;
import javax.xml.xpath.XPathExpressionException;
import javax.xml.xpath.XPathFactory;
import org.w3c.dom.Document;
import org.w3c.dom.Element;

/* loaded from: input_file:gov/nist/secautotrust/signer/ScapResultsSigner.class */
public class ScapResultsSigner {
    private static final XPathExpression extendedInfosExpr;
    private static final String ARF_NS = "http://scap.nist.gov/schema/asset-reporting-format/1.1";
    private static final String INSERT_XPATH = "arf:asset-report-collection/arf:extended-infos/arf:extended-info[last()]";
    private static final String EXCLUDE_XPATH = "/arf:asset-report-collection/arf:extended-infos/arf:extended-info[dsig:Signature]";
    private static final String EXCLUDE_WRAPPER_ELEMENT_XPATH = "/arf:asset-report-collection/arf:extended-infos[count(arf:extended-info[dsig:Signature]) = count(*)]";
    private static final String SIG_XPATH = "arf:asset-report-collection/arf:extended-infos/arf:extended-info/dsig:Signature";

    private ScapResultsSigner() {
    }

    public static void signResultStream(ScapResultSignerConfig scapResultSignerConfig) throws TransformerFactoryConfigurationError, Exception {
        DocumentBuilderFactory newInstance = DocumentBuilderFactory.newInstance();
        newInstance.setNamespaceAware(true);
        Document parse = newInstance.newDocumentBuilder().parse(scapResultSignerConfig.getContent());
        Signature.Builder insertXpathNamespaceMap = new Signature.Builder().sigType(scapResultSignerConfig.getSigType()).outputStream(scapResultSignerConfig.getOutputStream()).keyInfoBuilder(scapResultSignerConfig.getKeyInfo()).insertXpath(INSERT_XPATH).insertXpathNamespaceMap(ScapNamespaceContext.createPrefixNamespaceMap("arf"));
        prepareSourceOutput(parse);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        if (scapResultSignerConfig.isCounterSigning()) {
            XPath newXPath = XPathFactory.newInstance().newXPath();
            newXPath.setNamespaceContext(new ScapNamespaceContext());
            Element element = (Element) newXPath.evaluate(SIG_XPATH, parse, XPathConstants.NODE);
            element.getParentNode().getParentNode().removeChild(element.getParentNode());
            ByteArrayOutputStream byteArrayOutputStream2 = new ByteArrayOutputStream();
            TransformerFactory.newInstance().newTransformer().transform(new DOMSource(element), new StreamResult(byteArrayOutputStream2));
            insertXpathNamespaceMap.newObject(Util.generateId("obj-cs"), new ByteArrayInputStream(byteArrayOutputStream2.toByteArray()));
            TransformerFactory.newInstance().newTransformer().transform(new DOMSource(parse), new StreamResult(byteArrayOutputStream));
        } else {
            TransformerFactory.newInstance().newTransformer().transform(new DOMSource(parse), new StreamResult(byteArrayOutputStream));
            insertXpathNamespaceMap.newDetachedReferenceBuilder().uri("").xpath(new XPathType(EXCLUDE_WRAPPER_ELEMENT_XPATH, XPathType.Filter.SUBTRACT, ScapNamespaceContext.createPrefixNamespaceMap("arf", "dsig"))).xpath(new XPathType(EXCLUDE_XPATH, XPathType.Filter.SUBTRACT, ScapNamespaceContext.createPrefixNamespaceMap("arf", "dsig"))).hashType(scapResultSignerConfig.getHashType());
        }
        insertXpathNamespaceMap.sourceForOutput(new ByteArrayInputStream(byteArrayOutputStream.toByteArray()));
        insertXpathNamespaceMap.build().signContents();
    }

    private static void prepareSourceOutput(Document document) throws TransformerConfigurationException, TransformerException, TransformerFactoryConfigurationError, XPathExpressionException {
        Element element = (Element) extendedInfosExpr.evaluate(document, XPathConstants.NODE);
        if (element == null) {
            element = document.createElementNS(ARF_NS, "extended-infos");
            document.getFirstChild().appendChild(element);
        }
        Element createElementNS = document.createElementNS(ARF_NS, "extended-info");
        createElementNS.setAttribute("id", Util.generateId("dsig"));
        element.appendChild(createElementNS);
    }

    static {
        XPathExpression xPathExpression;
        XPath newXPath = XPathFactory.newInstance().newXPath();
        newXPath.setNamespaceContext(new ScapNamespaceContext());
        try {
            xPathExpression = newXPath.compile("arf:asset-report-collection/arf:extended-infos");
        } catch (XPathExpressionException e) {
            xPathExpression = null;
        }
        extendedInfosExpr = xPathExpression;
    }
}
