package eu.europa.esig.dss.xades.validation.policy;

import eu.europa.esig.dss.DomUtils;
import eu.europa.esig.dss.enumerations.DigestAlgorithm;
import eu.europa.esig.dss.model.DSSDocument;
import eu.europa.esig.dss.model.Digest;
import eu.europa.esig.dss.spi.DSSUtils;
import eu.europa.esig.dss.utils.Utils;
import eu.europa.esig.dss.validation.SignaturePolicy;
import eu.europa.esig.dss.validation.policy.AbstractSignaturePolicyValidator;
import org.apache.xml.security.signature.XMLSignatureInput;
import org.apache.xml.security.transforms.Transforms;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Element;

/* loaded from: input_file:eu/europa/esig/dss/xades/validation/policy/XMLSignaturePolicyValidator.class */
public class XMLSignaturePolicyValidator extends AbstractSignaturePolicyValidator {
    private static final Logger LOG = LoggerFactory.getLogger(XMLSignaturePolicyValidator.class);

    public boolean canValidate() {
        SignaturePolicy signaturePolicy = getSignaturePolicy();
        if (signaturePolicy.getPolicyContent() != null) {
            return DomUtils.startsWithXmlPreamble(signaturePolicy.getPolicyContent());
        }
        return false;
    }

    public void validate() {
        setIdentified(true);
        Digest digest = getSignaturePolicy().getDigest();
        if (digest == null) {
            addError("general", "The policy digest value is not defined.");
            return;
        }
        Digest computedDigest = getComputedDigest(digest.getAlgorithm());
        if (computedDigest != null) {
            if (!digest.equals(computedDigest)) {
                addError("general", "The policy digest value (" + Utils.toBase64(digest.getValue()) + ") does not match the re-calculated digest value (" + Utils.toBase64(computedDigest.getValue()) + ").");
            } else {
                setStatus(true);
                setDigestAlgorithmsEqual(true);
            }
        }
    }

    public Digest getComputedDigest(DigestAlgorithm digestAlgorithm) {
        byte[] bytes;
        SignaturePolicy signaturePolicy = getSignaturePolicy();
        DSSDocument policyContent = signaturePolicy.getPolicyContent();
        Element transforms = signaturePolicy.getTransforms();
        if (transforms != null) {
            try {
                bytes = new Transforms(transforms, "").performTransforms(new XMLSignatureInput(DomUtils.buildDOM(policyContent))).getBytes();
            } catch (Exception e) {
                String format = String.format("Unable to perform transforms on an XML Policy. Reason : %s", e.getMessage());
                LOG.warn(format, e);
                addError("xmlProcessing", format);
                return null;
            }
        } else {
            bytes = DSSUtils.toByteArray(policyContent);
        }
        return new Digest(digestAlgorithm, DSSUtils.digest(digestAlgorithm, bytes));
    }
}
