package org.spin.tools.crypto.signature;

import java.io.ByteArrayInputStream;
import java.math.BigInteger;
import java.security.Provider;
import java.security.PublicKey;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collections;
import javax.xml.bind.JAXBException;
import javax.xml.crypto.MarshalException;
import javax.xml.crypto.XMLStructure;
import javax.xml.crypto.dsig.XMLSignatureException;
import javax.xml.crypto.dsig.XMLSignatureFactory;
import javax.xml.crypto.dsig.dom.DOMSignContext;
import javax.xml.crypto.dsig.dom.DOMValidateContext;
import javax.xml.crypto.dsig.keyinfo.KeyInfoFactory;
import javax.xml.crypto.dsig.keyinfo.X509IssuerSerial;
import org.apache.log4j.Logger;
import org.spin.tools.ClassTools;
import org.spin.tools.DynamicLoadingException;
import org.spin.tools.JAXBUtils;
import org.spin.tools.PKITool;
import org.spin.tools.crypto.CryptoException;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;

/* loaded from: input_file:WEB-INF/lib/tools-1.13.jar:org/spin/tools/crypto/signature/XMLSignatureUtil.class */
public class XMLSignatureUtil {
    private static final String providerName = System.getProperty("jsr105Provider", "org.jcp.xml.dsig.internal.dom.XMLDSigRI");
    private static final Logger log = Logger.getLogger(XMLSignatureUtil.class);

    /* loaded from: input_file:WEB-INF/lib/tools-1.13.jar:org/spin/tools/crypto/signature/XMLSignatureUtil$SignerStrategy.class */
    public enum SignerStrategy {
        AttachSigningKey,
        DoNotAttachSigningKey
    }

    public static Identity sign(Identity identity) throws XMLSignatureException {
        return (Identity) sign(identity, Identity.class, false);
    }

    public static <T> T sign(T t, Class<T> cls) throws XMLSignatureException {
        return (T) sign(t, cls, false);
    }

    @Deprecated
    public static <T> T sign(T t, Class<T> cls, boolean z) throws XMLSignatureException {
        try {
            return (T) JAXBUtils.unmarshal(signObject(t, z), cls);
        } catch (JAXBException e) {
            throw new XMLSignatureException("Error unmarshalling signed Identity", e);
        }
    }

    public static Element signObject(Object obj) throws XMLSignatureException {
        return signObject(obj, false);
    }

    @Deprecated
    public static Element signObject(Object obj, boolean z) throws XMLSignatureException {
        try {
            PKITool pKITool = PKITool.getInstance();
            XMLSignatureFactory xMLSignatureFactory = getXMLSignatureFactory();
            javax.xml.crypto.dsig.SignedInfo newSignedInfo = xMLSignatureFactory.newSignedInfo(xMLSignatureFactory.newCanonicalizationMethod("http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments", (XMLStructure) null), xMLSignatureFactory.newSignatureMethod("http://www.w3.org/2000/09/xmldsig#rsa-sha1", null), Collections.singletonList(xMLSignatureFactory.newReference("", xMLSignatureFactory.newDigestMethod("http://www.w3.org/2000/09/xmldsig#sha1", null), Collections.singletonList(xMLSignatureFactory.newTransform("http://www.w3.org/2000/09/xmldsig#enveloped-signature", (XMLStructure) null)), null, null)));
            Element marshalToElement = JAXBUtils.marshalToElement(obj);
            DOMSignContext dOMSignContext = new DOMSignContext(pKITool.getMyPrivateKey(), marshalToElement);
            KeyInfoFactory keyInfoFactory = xMLSignatureFactory.getKeyInfoFactory();
            X509Certificate x509Certificate = pKITool.getX509Certificate(pKITool.getMyCertID());
            X509IssuerSerial newX509IssuerSerial = keyInfoFactory.newX509IssuerSerial(x509Certificate.getIssuerX500Principal().getName(), x509Certificate.getSerialNumber());
            xMLSignatureFactory.newXMLSignature(newSignedInfo, keyInfoFactory.newKeyInfo(Arrays.asList(keyInfoFactory.newX509Data(z ? Arrays.asList(newX509IssuerSerial, x509Certificate) : Arrays.asList(newX509IssuerSerial))))).sign(dOMSignContext);
            return marshalToElement;
        } catch (Exception e) {
            throw new XMLSignatureException("Failed to sign object", e);
        }
    }

    public static final boolean verifySignature(Signable signable) throws XMLSignatureException {
        try {
            BigInteger serial = signable.getSignature().getKeyInfo().getCertData().getCertID().getSerial();
            try {
                return verifySignature(signable, PKITool.getInstance().getPublicKey(serial));
            } catch (CryptoException e) {
                log.warn("Error getting signer key with serial '" + serial + "', can't verify signature", e);
                return false;
            } catch (Exception e2) {
                log.warn("Error getting signer key with serial '" + serial + "', can't verify signature", e2);
                return false;
            }
        } catch (NullPointerException e3) {
            log.warn("Can't determine signing key");
            return false;
        }
    }

    public static final boolean verifySignature(Signable signable, PublicKey publicKey) throws XMLSignatureException {
        try {
            return verifySignature(JAXBUtils.marshalToElement(signable), publicKey);
        } catch (JAXBException e) {
            throw new XMLSignatureException("Couldn't unmarshal signed identity", e);
        }
    }

    public static final boolean verifySignature(Element element, PublicKey publicKey) throws XMLSignatureException {
        NodeList elementsByTagNameNS = element.getElementsByTagNameNS("http://www.w3.org/2000/09/xmldsig#", "Signature");
        if (elementsByTagNameNS == null || elementsByTagNameNS.getLength() < 1) {
            throw new XMLSignatureException("No signature found!");
        }
        Node item = elementsByTagNameNS.item(0);
        if (item == null) {
            throw new XMLSignatureException("No signature found!");
        }
        DOMValidateContext dOMValidateContext = new DOMValidateContext(publicKey, item);
        try {
            return getXMLSignatureFactory().unmarshalXMLSignature(dOMValidateContext).validate(dOMValidateContext);
        } catch (MarshalException e) {
            throw new XMLSignatureException("Couldn't unmarshal XML signature", e);
        }
    }

    public static final X509Certificate getX509Certificate(Signature signature) throws CertificateException {
        return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(signature.getKeyInfo().getCertData().getX509Certificate()));
    }

    private static final XMLSignatureFactory getXMLSignatureFactory() throws XMLSignatureException {
        try {
            return XMLSignatureFactory.getInstance("DOM", (Provider) ClassTools.createInstance(providerName, Provider.class));
        } catch (DynamicLoadingException e) {
            throw new XMLSignatureException("Couldn't create XMLSignatureFactory using provider class '" + providerName + "': ", e);
        }
    }
}
