package br.net.woodstock.rockframework.security.sign.impl;

import br.net.woodstock.rockframework.io.ByteArrayWriter;
import br.net.woodstock.rockframework.security.Alias;
import br.net.woodstock.rockframework.security.sign.DocumentSigner;
import br.net.woodstock.rockframework.security.sign.Signature;
import br.net.woodstock.rockframework.security.sign.SignatureParameters;
import br.net.woodstock.rockframework.security.sign.SignatureType;
import br.net.woodstock.rockframework.security.sign.SignerException;
import br.net.woodstock.rockframework.security.store.PrivateKeyEntry;
import br.net.woodstock.rockframework.security.store.Store;
import br.net.woodstock.rockframework.security.store.StoreEntryType;
import br.net.woodstock.rockframework.util.Assert;
import br.net.woodstock.rockframework.xml.dom.XmlWriter;
import java.io.ByteArrayInputStream;
import java.io.OutputStreamWriter;
import java.nio.charset.Charset;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.util.Collections;
import javax.xml.crypto.KeySelector;
import javax.xml.crypto.dsig.SignedInfo;
import javax.xml.crypto.dsig.XMLSignatureFactory;
import javax.xml.crypto.dsig.dom.DOMSignContext;
import javax.xml.crypto.dsig.dom.DOMValidateContext;
import javax.xml.crypto.dsig.keyinfo.KeyInfo;
import javax.xml.crypto.dsig.keyinfo.KeyInfoFactory;
import javax.xml.crypto.dsig.spec.C14NMethodParameterSpec;
import javax.xml.crypto.dsig.spec.DigestMethodParameterSpec;
import javax.xml.crypto.dsig.spec.SignatureMethodParameterSpec;
import javax.xml.crypto.dsig.spec.TransformParameterSpec;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.transform.TransformerFactory;
import javax.xml.transform.dom.DOMResult;
import javax.xml.transform.dom.DOMSource;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;

/* loaded from: input_file:br/net/woodstock/rockframework/security/sign/impl/XMLSigner.class */
public class XMLSigner implements DocumentSigner {
    private static final String SIGNATURE_FACTORY = "DOM";
    private static final String REFERENCE_URI = "";
    private static final String SIGNATURE_ELEMENT = "Signature";
    private static final String XMLNS_ATTRIBUTE = "xmlns";
    private DocumentBuilderFactory documentBuilderFactory;
    private XMLSignatureFactory xmlSignatureFactory;
    private SignedInfo signedInfo;
    private KeyInfo keyInfo;
    private SignatureParameters request;

    public XMLSigner(SignatureParameters signatureParameters) {
        Assert.notNull(signatureParameters, "request");
        this.request = signatureParameters;
        this.xmlSignatureFactory = XMLSignatureFactory.getInstance(SIGNATURE_FACTORY);
        this.documentBuilderFactory = DocumentBuilderFactory.newInstance();
    }

    @Override // br.net.woodstock.rockframework.security.sign.Signer
    public byte[] sign(byte[] bArr) {
        Assert.notEmpty(bArr, "data");
        try {
            Store store = this.request.getStore();
            byte[] bArr2 = bArr;
            for (Alias alias : this.request.getAliases()) {
                PrivateKeyEntry privateKeyEntry = (PrivateKeyEntry) store.get(alias, StoreEntryType.PRIVATE_KEY);
                PrivateKey value = privateKeyEntry.getValue();
                X509Certificate x509Certificate = (X509Certificate) privateKeyEntry.getChain()[0];
                PublicKey publicKey = x509Certificate.getPublicKey();
                this.signedInfo = this.xmlSignatureFactory.newSignedInfo(this.xmlSignatureFactory.newCanonicalizationMethod("http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments", (C14NMethodParameterSpec) null), this.xmlSignatureFactory.newSignatureMethod(getSignatureDigestName(x509Certificate.getSigAlgName()), (SignatureMethodParameterSpec) null), Collections.singletonList(this.xmlSignatureFactory.newReference(REFERENCE_URI, this.xmlSignatureFactory.newDigestMethod(getDigestMethodName(x509Certificate.getSigAlgName()), (DigestMethodParameterSpec) null), Collections.singletonList(this.xmlSignatureFactory.newTransform("http://www.w3.org/2000/09/xmldsig#enveloped-signature", (TransformParameterSpec) null)), (String) null, (String) null)));
                KeyInfoFactory keyInfoFactory = this.xmlSignatureFactory.getKeyInfoFactory();
                this.keyInfo = keyInfoFactory.newKeyInfo(Collections.singletonList(keyInfoFactory.newKeyValue(publicKey)));
                Document parse = this.documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(bArr2));
                this.xmlSignatureFactory.newXMLSignature(this.signedInfo, this.keyInfo).sign(new DOMSignContext(value, parse.getDocumentElement()));
                Document newDocument = this.documentBuilderFactory.newDocumentBuilder().newDocument();
                TransformerFactory.newInstance().newTransformer().transform(new DOMSource(parse), new DOMResult(newDocument));
                ByteArrayWriter byteArrayWriter = new ByteArrayWriter();
                XmlWriter.getInstance().write(newDocument, byteArrayWriter, Charset.defaultCharset());
                bArr2 = byteArrayWriter.toByteArray();
            }
            return bArr2;
        } catch (Exception e) {
            throw new SignerException(e);
        }
    }

    @Override // br.net.woodstock.rockframework.security.sign.Signer
    public boolean verify(byte[] bArr, byte[] bArr2) {
        Assert.notEmpty(bArr, "data");
        Assert.notEmpty(bArr2, "signature");
        try {
            Store store = this.request.getStore();
            boolean z = true;
            for (Alias alias : this.request.getAliases()) {
                PublicKey publicKey = ((X509Certificate) ((PrivateKeyEntry) store.get(alias, StoreEntryType.PRIVATE_KEY)).getChain()[0]).getPublicKey();
                NodeList elementsByTagName = this.documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(bArr2)).getElementsByTagName(SIGNATURE_ELEMENT);
                if (elementsByTagName == null || elementsByTagName.getLength() <= 0) {
                    z = false;
                    break;
                }
                Node item = elementsByTagName.item(0);
                if (item instanceof Element) {
                    Element element = (Element) item;
                    if ("http://www.w3.org/2000/09/xmldsig#".equals(element.getAttribute(XMLNS_ATTRIBUTE))) {
                        XmlWriter.getInstance().write(element, new OutputStreamWriter(System.out), Charset.defaultCharset());
                        DOMValidateContext dOMValidateContext = new DOMValidateContext(KeySelector.singletonKeySelector(publicKey), element);
                        z = this.xmlSignatureFactory.unmarshalXMLSignature(dOMValidateContext).getSignatureValue().validate(dOMValidateContext);
                        if (!z) {
                            break;
                        }
                    }
                }
            }
            return z;
        } catch (Exception e) {
            throw new SignerException(e);
        }
    }

    @Override // br.net.woodstock.rockframework.security.sign.DocumentSigner
    public Signature[] getSignatures(byte[] bArr) {
        throw new UnsupportedOperationException();
    }

    private String getDigestMethodName(String str) {
        return SignatureType.getSignType(str).getDigestType().getDigestMethod();
    }

    private String getSignatureDigestName(String str) {
        return SignatureType.getSignType(str).getSignatureMethod();
    }
}
