package hk.hku.cecid.phoenix.pki;

import hk.hku.cecid.phoenix.common.util.Logger;
import hk.hku.cecid.phoenix.common.util.Version;
import java.io.IOException;
import java.io.InputStream;
import java.security.KeyStoreException;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import org.apache.xml.security.Init;
import org.apache.xml.security.exceptions.XMLSecurityException;
import org.apache.xml.security.keys.KeyInfo;
import org.apache.xml.security.keys.keyresolver.KeyResolverException;
import org.apache.xml.security.signature.XMLSignature;
import org.apache.xml.security.signature.XMLSignatureException;
import org.apache.xml.security.transforms.TransformationException;
import org.apache.xml.security.transforms.Transforms;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.NodeList;

/* loaded from: input_file:hk/hku/cecid/phoenix/pki/ApacheXMLDSigner.class */
public class ApacheXMLDSigner implements XMLDSigner {
    protected static Logger logger;
    protected static final String DSIG_URI;
    static Class class$hk$hku$cecid$phoenix$pki$ApacheXMLDSigner;
    protected ArrayList documents = new ArrayList();
    protected Document envelope = null;
    protected XMLSignature signature = null;
    protected CompositeKeyStore trusted = null;

    public void setEnvelope(Document document, String str) throws SignException {
        this.envelope = document;
        try {
            this.signature = new XMLSignature(this.envelope, DSIG_URI, new StringBuffer().append(DSIG_URI).append(str).toString());
            logger.debug(new StringBuffer().append("setEnvelope, using algorithm: ").append(str).toString());
        } catch (XMLSecurityException e) {
            throw new SignException(new StringBuffer().append("Cannot create XMLSignature object:\n").append(e.getMessage()).toString());
        }
    }

    @Override // hk.hku.cecid.phoenix.pki.XMLDSigner
    public void setEnvelope(Document document) throws SignException {
        setEnvelope(document, "dsa-sha1");
    }

    @Override // hk.hku.cecid.phoenix.pki.XMLDSigner
    public void addDocument(String str, InputStream inputStream, String str2) {
        DocumentDetail documentDetail = new DocumentDetail();
        documentDetail.uri = str;
        documentDetail.stream = inputStream;
        documentDetail.contentType = str2;
        this.documents.add(documentDetail);
        logger.debug(new StringBuffer().append("addDocument URI: ").append(str).append(", contentType: ").append(str2).toString());
    }

    @Override // hk.hku.cecid.phoenix.pki.XMLDSigner
    public void sign(CompositeKeyStore compositeKeyStore, String str, char[] cArr) throws SignException {
        logger.debug("start signing...");
        if (this.envelope == null) {
            throw new SignException("Envelope element not set!");
        }
        DocumentDetail[] documentDetailArr = new DocumentDetail[this.documents.size()];
        for (int i = 0; i < documentDetailArr.length; i++) {
            documentDetailArr[i] = (DocumentDetail) this.documents.get(i);
        }
        this.signature.addResourceResolver(new DocumentResolver(documentDetailArr));
        logger.debug("created DocumentResolver");
        Transforms transforms = new Transforms(this.envelope);
        try {
            transforms.addTransform("http://www.w3.org/2000/09/xmldsig#enveloped-signature");
            Element createElementNS = this.envelope.createElementNS(DSIG_URI, "XPath");
            createElementNS.setAttribute("xmlns:soap-env", "http://schemas.xmlsoap.org/soap/envelope/");
            createElementNS.appendChild(this.envelope.createTextNode("not(ancestor-or-self::node()[@soap-env:actor=\"urn:oasis:names:tc:ebxml-msg:actor:nextMSH\"] | ancestor-or-self::node()[@soap-env:actor=\"http://schemas.xmlsoap.org/soap/actor/next\"])"));
            createElementNS.setPrefix("ds");
            transforms.addTransform("http://www.w3.org/TR/1999/REC-xpath-19991116", createElementNS);
            transforms.addTransform("http://www.w3.org/TR/2001/REC-xml-c14n-20010315");
            logger.debug("created Transform");
            try {
                this.signature.addDocument("", transforms, "http://www.w3.org/2000/09/xmldsig#sha1");
                logger.debug("added main document (envelope)");
                for (int i2 = 0; i2 < this.documents.size(); i2++) {
                    DocumentDetail documentDetail = (DocumentDetail) this.documents.get(i2);
                    try {
                        this.signature.addDocument(documentDetail.uri);
                    } catch (XMLSignatureException e) {
                        throw new SignException(new StringBuffer().append("Cannot add document ").append(documentDetail.uri).append(":\n").append(e.getMessage()).toString());
                    }
                }
                logger.debug(new StringBuffer().append("added ").append(this.documents.size()).append(" attachment documents").toString());
                try {
                    Certificate[] certificateChain = compositeKeyStore.getCertificateChain(str);
                    if (certificateChain == null) {
                        throw new SignException(new StringBuffer().append("Cannot get certificates path - ").append(str).toString());
                    }
                    logger.debug("got the certificate chain from keystore");
                    for (Certificate certificate : certificateChain) {
                        try {
                            this.signature.addKeyInfo((X509Certificate) certificate);
                        } catch (XMLSecurityException e2) {
                            throw new SignException(new StringBuffer().append("Cannot add key info:\n").append(e2.getMessage()).toString());
                        }
                    }
                    logger.debug("added the certificate chain to signature");
                    try {
                        PrivateKey privateKey = (PrivateKey) compositeKeyStore.getKey(str, cArr);
                        logger.debug("got private key from keystore");
                        try {
                            this.signature.sign(privateKey);
                            logger.debug("signed");
                        } catch (XMLSignatureException e3) {
                            e3.printStackTrace();
                            throw new SignException(new StringBuffer().append("Cannot sign:\n").append(e3.getMessage()).toString());
                        }
                    } catch (Exception e4) {
                        throw new SignException(new StringBuffer().append("Cannot get private key - ").append(str).append(":\n").append(e4.getMessage()).toString());
                    }
                } catch (KeyStoreException e5) {
                    throw new SignException(new StringBuffer().append("Cannot get certificates path - ").append(str).append(":\n").append(e5.getMessage()).toString());
                }
            } catch (XMLSignatureException e6) {
                throw new SignException(new StringBuffer().append("Cannot add envelope document:\n").append(e6.getMessage()).toString());
            }
        } catch (TransformationException e7) {
            throw new SignException(new StringBuffer().append("Cannot add tranform:\n").append(e7.getMessage()).toString());
        }
    }

    @Override // hk.hku.cecid.phoenix.pki.XMLDSigner
    public void setTrustAnchor(CompositeKeyStore compositeKeyStore) {
        this.trusted = compositeKeyStore;
    }

    @Override // hk.hku.cecid.phoenix.pki.XMLDSigner
    public boolean verify() throws VerifyException {
        logger.debug("start verifying...");
        if (this.envelope == null) {
            throw new VerifyException("Envelope element not set!");
        }
        NodeList elementsByTagNameNS = this.envelope.getElementsByTagNameNS(DSIG_URI, "Signature");
        if (elementsByTagNameNS.getLength() == 0) {
            throw new VerifyException("No <ds:Signature> found!");
        }
        Element element = (Element) elementsByTagNameNS.item(0);
        logger.debug("got the signature element");
        try {
            this.signature = new XMLSignature(element, DSIG_URI);
            logger.debug("created signature object");
            DocumentDetail[] documentDetailArr = new DocumentDetail[this.documents.size()];
            for (int i = 0; i < documentDetailArr.length; i++) {
                documentDetailArr[i] = (DocumentDetail) this.documents.get(i);
            }
            this.signature.addResourceResolver(new DocumentResolver(documentDetailArr));
            logger.debug("created document resolver");
            KeyInfo keyInfo = this.signature.getKeyInfo();
            Certificate[] certificateArr = null;
            if (keyInfo != null) {
                try {
                    int lengthX509Data = keyInfo.lengthX509Data();
                    if (lengthX509Data > 0) {
                        certificateArr = new Certificate[lengthX509Data];
                        for (int i2 = 0; i2 < lengthX509Data; i2++) {
                            try {
                                certificateArr[i2] = keyInfo.itemX509Data(i2).itemCertificate(0).getX509Certificate();
                            } catch (XMLSecurityException e) {
                                throw new VerifyException(new StringBuffer().append("Cannot get keys from <ds:KeyInfo>:\n").append(e.getMessage()).toString());
                            }
                        }
                    }
                    X509Certificate x509Certificate = keyInfo.getX509Certificate();
                    r13 = x509Certificate != null ? x509Certificate.getPublicKey() : null;
                } catch (KeyResolverException e2) {
                    throw new VerifyException(new StringBuffer().append("Cannot extract key info:\n").append(e2.getMessage()).toString());
                }
            }
            if (r13 == null) {
                throw new VerifyException("No PublicKey can be found!");
            }
            logger.debug("got public key and certificate chain from signature");
            try {
                boolean checkSignatureValue = this.signature.checkSignatureValue(r13);
                logger.debug(new StringBuffer().append("checked signature value, result: ").append(checkSignatureValue).toString());
                double jDKVersion = Version.getJDKVersion();
                if (!checkSignatureValue || this.trusted == null || certificateArr == null || certificateArr.length <= 1 || jDKVersion < 1.4d) {
                    logger.debug("verification of cert path skipped...");
                } else {
                    logger.debug("start verifying cert path...");
                    CertPathVerifier.verify(certificateArr, this.trusted);
                    logger.debug(new StringBuffer().append("verified, result: ").append(checkSignatureValue).toString());
                }
                return checkSignatureValue;
            } catch (XMLSignatureException e3) {
                throw new VerifyException(new StringBuffer().append("Cannot verify:\n").append(e3.getMessage()).toString());
            }
        } catch (IOException e4) {
            throw new VerifyException(new StringBuffer().append("Cannot create XMLSignature object:\n").append(e4.getMessage()).toString());
        } catch (XMLSecurityException e5) {
            throw new VerifyException(new StringBuffer().append("Cannot create XMLSignature object:\n").append(e5.getMessage()).toString());
        }
    }

    @Override // hk.hku.cecid.phoenix.pki.XMLDSigner
    public Element getElement() {
        if (this.signature != null) {
            return this.signature.getElement();
        }
        return null;
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }

    static {
        Class cls;
        if (class$hk$hku$cecid$phoenix$pki$ApacheXMLDSigner == null) {
            cls = class$("hk.hku.cecid.phoenix.pki.ApacheXMLDSigner");
            class$hk$hku$cecid$phoenix$pki$ApacheXMLDSigner = cls;
        } else {
            cls = class$hk$hku$cecid$phoenix$pki$ApacheXMLDSigner;
        }
        logger = Logger.getLogger(cls.getName());
        DSIG_URI = DSIG_URI;
        Init.init();
    }
}
