package org.cdoc4j;

import asic4j.Container;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.security.GeneralSecurityException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Base64;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.zip.ZipEntry;
import java.util.zip.ZipOutputStream;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.io.IOUtils;
import org.bouncycastle.util.encoders.Hex;
import org.cdoc4j.CDOC;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Document;
import org.w3c.dom.Element;

/* loaded from: input_file:org/cdoc4j/CDOCBuilder.class */
public final class CDOCBuilder {
    private static final Logger log = LoggerFactory.getLogger(CDOCBuilder.class);
    private static final int GCM_IV_LEN = 12;
    private static final int GCM_TAG_LEN = 128;
    private transient SecretKey key;
    private CDOC.Version version;
    private boolean privacy;
    private OutputStream out;
    private ArrayList<X509Certificate> recipients;
    private ArrayList<File> files;
    private ArrayList<Path> paths;
    private HashMap<String, InputStream> streams;
    private boolean validate;

    public CDOCBuilder(CDOC.Version version) {
        this.version = CDOC.Version.CDOC_V1_1;
        this.privacy = false;
        this.out = null;
        this.recipients = new ArrayList<>();
        this.files = new ArrayList<>();
        this.paths = new ArrayList<>();
        this.streams = new HashMap<>();
        this.validate = false;
        this.version = version;
    }

    public CDOCBuilder() {
        this.version = CDOC.Version.CDOC_V1_1;
        this.privacy = false;
        this.out = null;
        this.recipients = new ArrayList<>();
        this.files = new ArrayList<>();
        this.paths = new ArrayList<>();
        this.streams = new HashMap<>();
        this.validate = false;
    }

    private static void encrypt_gcm(InputStream inputStream, SecretKey secretKey, byte[] bArr, OutputStream outputStream) throws IOException, GeneralSecurityException {
        if (bArr.length != GCM_IV_LEN) {
            throw new IllegalArgumentException("IV must be 12 bytes (96 bits)");
        }
        Cipher cipher = Cipher.getInstance(EncryptionMethod.AES256_GCM.getCipherName());
        cipher.init(1, secretKey, new GCMParameterSpec(GCM_TAG_LEN, bArr));
        outputStream.write(bArr);
        outputStream.write(cipher.doFinal(IOUtils.toByteArray(inputStream)));
    }

    public CDOCBuilder withTransportKey(byte[] bArr) {
        this.key = new SecretKeySpec(bArr, "AES");
        checkKey();
        return this;
    }

    public CDOCBuilder setOutputStream(OutputStream outputStream) {
        this.out = outputStream;
        return this;
    }

    public CDOCBuilder setVersion(CDOC.Version version) {
        this.version = version;
        return this;
    }

    public CDOCBuilder withTransportKey(SecretKey secretKey) {
        this.key = secretKey;
        return this;
    }

    public CDOCBuilder withPrivacy(boolean z) {
        this.privacy = z;
        return this;
    }

    public CDOCBuilder withValidation(boolean z) {
        this.validate = z;
        return this;
    }

    public CDOCBuilder addRecipient(X509Certificate x509Certificate) {
        if (this.version == CDOC.Version.CDOC_V1_0 && !x509Certificate.getPublicKey().getAlgorithm().equals("RSA")) {
            throw new IllegalArgumentException("Can do CDOC v1.0 only with RSA keys");
        }
        this.recipients.add(x509Certificate);
        return this;
    }

    public CDOCBuilder addFile(File file) {
        this.files.add(file);
        return this;
    }

    public CDOCBuilder addPath(Path path) {
        this.paths.add(path);
        return this;
    }

    public CDOCBuilder addStream(String str, InputStream inputStream) {
        this.streams.put(str, inputStream);
        return this;
    }

    private void checkKey() {
        if (this.key == null) {
            byte[] bArr = this.version == CDOC.Version.CDOC_V1_0 ? new byte[EncryptionMethod.AES128_CBC.getKeyLength()] : new byte[EncryptionMethod.AES256_GCM.getKeyLength()];
            CDOC.random.nextBytes(bArr);
            this.key = new SecretKeySpec(bArr, "AES");
        }
        if (this.version == CDOC.Version.CDOC_V1_0) {
            if (this.key.getEncoded().length != 16) {
                throw new IllegalArgumentException("Key must be 16 bytes for AES-128");
            }
        } else if (this.key.getEncoded().length != 32) {
            throw new IllegalArgumentException("Key must be 32 bytes for AES-256");
        }
    }

    public void buildToStream(OutputStream outputStream) throws IOException, GeneralSecurityException {
        this.out = outputStream;
        build();
    }

    public void build() throws IOException, GeneralSecurityException {
        ArrayList arrayList = new ArrayList();
        try {
            if (this.out == null || ((this.recipients.size() == 0 && this.key == null) || (this.streams.size() == 0 && this.files.size() == 0 && this.paths.size() == 0))) {
                throw new IllegalStateException("Need to have output stream, files and recipients");
            }
            checkKey();
            Iterator<File> it = this.files.iterator();
            while (it.hasNext()) {
                File next = it.next();
                FileInputStream fileInputStream = new FileInputStream(next);
                arrayList.add(fileInputStream);
                this.streams.put(next.getName(), fileInputStream);
            }
            Iterator<Path> it2 = this.paths.iterator();
            while (it2.hasNext()) {
                Path next2 = it2.next();
                Path fileName = next2.getFileName();
                if (fileName == null) {
                    throw new IOException("Null path name: " + next2);
                }
                InputStream newInputStream = Files.newInputStream(next2, new OpenOption[0]);
                arrayList.add(newInputStream);
                this.streams.put(fileName.toString(), newInputStream);
            }
            if (this.version == CDOC.Version.CDOC_V1_0 || this.version == CDOC.Version.CDOC_V1_1) {
                Document makeRecipientsXML = XMLENC.makeRecipientsXML(this.version, this.recipients, this.key, this.privacy);
                ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(Legacy.makePayload(this.streams));
                ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                if (this.version == CDOC.Version.CDOC_V1_0) {
                    byte[] bArr = new byte[16];
                    CDOC.random.nextBytes(bArr);
                    Legacy.encrypt_cbc(byteArrayInputStream, this.key, bArr, byteArrayOutputStream);
                } else {
                    byte[] bArr2 = new byte[GCM_IV_LEN];
                    CDOC.random.nextBytes(bArr2);
                    encrypt_gcm(byteArrayInputStream, this.key, bArr2, byteArrayOutputStream);
                }
                Element createElement = makeRecipientsXML.createElement("xenc:CipherData");
                Element createElement2 = makeRecipientsXML.createElement("xenc:CipherValue");
                createElement2.setTextContent(Base64.getEncoder().encodeToString(byteArrayOutputStream.toByteArray()));
                createElement.appendChild(createElement2);
                makeRecipientsXML.getDocumentElement().appendChild(createElement);
                if (!this.privacy) {
                    makeRecipientsXML.getDocumentElement().appendChild(makeRecipientsXML.createComment(" XXX: This is non-standard brainfart in CDOC-1.X and qdigidoc client "));
                    Element createElement3 = makeRecipientsXML.createElement("xenc:EncryptionProperties");
                    for (String str : this.streams.keySet()) {
                        Element createElement4 = makeRecipientsXML.createElement("xenc:EncryptionProperty");
                        createElement4.setAttribute("Name", "orig_file");
                        createElement4.setTextContent(String.format("%s|666|application/octet-stream|D0", str));
                        createElement3.appendChild(createElement4);
                    }
                    makeRecipientsXML.getDocumentElement().appendChild(createElement3);
                } else if (this.version == CDOC.Version.CDOC_V1_0) {
                    makeRecipientsXML.getDocumentElement().appendChild(makeRecipientsXML.createComment(" XXX: This is non-standard brainfart in CDOC-1.X and qdigidoc client "));
                    Element createElement5 = makeRecipientsXML.createElement("xenc:EncryptionProperties");
                    for (String str2 : this.streams.keySet()) {
                        Element createElement6 = makeRecipientsXML.createElement("xenc:EncryptionProperty");
                        createElement6.setAttribute("Name", "orig_file");
                        createElement6.setTextContent("☠   DECRYPT FIRST   ☠|666|application/octet-stream|D0");
                        createElement5.appendChild(createElement6);
                    }
                    makeRecipientsXML.getDocumentElement().appendChild(createElement5);
                }
                if (this.validate && !XML.validate_cdoc(XML.dom2bytes(makeRecipientsXML))) {
                    throw new IllegalStateException("Generated XML did not validate!");
                }
                XML.dom2stream(makeRecipientsXML, this.out);
            } else {
                ZipOutputStream buildZipOutputStream = buildZipOutputStream();
                try {
                    for (Map.Entry<String, InputStream> entry : this.streams.entrySet()) {
                        ZipEntry zipEntry = new ZipEntry(entry.getKey());
                        if (this.privacy) {
                            zipEntry = Container.strip(zipEntry);
                        }
                        log.trace("Storing {}", zipEntry.getName());
                        buildZipOutputStream.putNextEntry(zipEntry);
                        IOUtils.copyLarge(entry.getValue(), buildZipOutputStream);
                        buildZipOutputStream.closeEntry();
                    }
                    buildZipOutputStream.flush();
                    buildZipOutputStream.finish();
                    if (buildZipOutputStream != null) {
                        buildZipOutputStream.close();
                    }
                } finally {
                }
            }
        } finally {
            Iterator it3 = arrayList.iterator();
            while (it3.hasNext()) {
                try {
                    ((AutoCloseable) it3.next()).close();
                } catch (Exception e) {
                }
            }
        }
    }

    public ZipOutputStream buildZipOutputStream() throws IOException, GeneralSecurityException {
        if (this.version != CDOC.Version.CDOC_V2_0) {
            throw new IllegalStateException("ZIP output stream is only available for CDOC 2.0");
        }
        if (this.out == null || (this.recipients.size() == 0 && this.key == null)) {
            throw new IllegalStateException("Need to have output stream and recipients!");
        }
        checkKey();
        Document makeRecipientsXML = XMLENC.makeRecipientsXML(this.version, this.recipients, this.key, this.privacy);
        Element createElement = makeRecipientsXML.createElement("xenc:CipherData");
        Element createElement2 = makeRecipientsXML.createElement("xenc:CipherReference");
        createElement2.setAttribute("URI", CDOC.PAYLOAD_ZIP);
        createElement.appendChild(createElement2);
        makeRecipientsXML.getDocumentElement().appendChild(createElement);
        byte[] dom2bytes = XML.dom2bytes(makeRecipientsXML);
        if (this.validate && !XML.validate_cdoc(dom2bytes)) {
            throw new IllegalStateException("Generated recipients.xml did not validate!");
        }
        Container container = new Container(CDOC.MIMETYPE, this.out, this.privacy);
        container.put_meta(CDOC.RECIPIENTS_XML, dom2bytes);
        container.declare(CDOC.PAYLOAD_ZIP, "application/zip", -1L);
        container.writeHeader();
        container.writeMetas();
        ZipOutputStream zipOutputStream = container.getZipOutputStream();
        byte[] bArr = new byte[GCM_IV_LEN];
        CDOC.random.nextBytes(bArr);
        log.trace("IV: {}", Hex.toHexString(bArr));
        Cipher cipher = Cipher.getInstance(EncryptionMethod.AES256_GCM.getCipherName());
        cipher.init(1, this.key, new GCMParameterSpec(GCM_TAG_LEN, bArr));
        return new CDOCZipOutputStream(zipOutputStream, new ByteArrayOutputStream(), cipher, container.getManifest(), this.privacy);
    }
}
