package pl.edu.icm.unicore.security.dsig;

import java.security.InvalidAlgorithmParameterException;
import java.security.KeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.PublicKey;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.security.interfaces.DSAPrivateKey;
import java.security.interfaces.RSAPrivateKey;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Vector;
import javax.xml.crypto.MarshalException;
import javax.xml.crypto.dsig.CanonicalizationMethod;
import javax.xml.crypto.dsig.DigestMethod;
import javax.xml.crypto.dsig.SignatureMethod;
import javax.xml.crypto.dsig.SignedInfo;
import javax.xml.crypto.dsig.XMLSignatureException;
import javax.xml.crypto.dsig.XMLSignatureFactory;
import javax.xml.crypto.dsig.dom.DOMSignContext;
import javax.xml.crypto.dsig.dom.DOMValidateContext;
import javax.xml.crypto.dsig.keyinfo.KeyInfoFactory;
import javax.xml.crypto.dsig.spec.C14NMethodParameterSpec;
import javax.xml.crypto.dsig.spec.DigestMethodParameterSpec;
import javax.xml.crypto.dsig.spec.SignatureMethodParameterSpec;
import javax.xml.crypto.dsig.spec.TransformParameterSpec;
import org.w3c.dom.Document;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
import xmlbeans.org.w3.x2000.x09.xmldsig.KeyInfoType;
import xmlbeans.org.w3.x2000.x09.xmldsig.X509DataType;

/* loaded from: input_file:pl/edu/icm/unicore/security/dsig/DigSignatureUtil.class */
public class DigSignatureUtil {
    private static final String PROVIDER = "org.jcp.xml.dsig.internal.dom.XMLDSigRI";
    private static XMLSignatureFactory fac = null;

    public DigSignatureUtil() throws DSigException {
        try {
            fac = XMLSignatureFactory.getInstance("DOM", (Provider) Class.forName(PROVIDER).newInstance());
        } catch (Exception e) {
            throw new DSigException("Initialization of digital signature engine failed", e);
        }
    }

    public void genEnvelopedSignature(PrivateKey privateKey, PublicKey publicKey, X509Certificate[] x509CertificateArr, Document document, Node node) throws DSigException {
        try {
            genEnvelopedSignatureInternal(privateKey, publicKey, x509CertificateArr, document, node);
        } catch (Exception e) {
            throw new DSigException("Creation of enveloped signature failed", e);
        }
    }

    private void genEnvelopedSignatureInternal(PrivateKey privateKey, PublicKey publicKey, X509Certificate[] x509CertificateArr, Document document, Node node) throws MarshalException, XMLSignatureException, NoSuchAlgorithmException, InvalidAlgorithmParameterException, KeyException {
        SignatureMethod newSignatureMethod;
        DigestMethod newDigestMethod = fac.newDigestMethod("http://www.w3.org/2000/09/xmldsig#sha1", (DigestMethodParameterSpec) null);
        Vector vector = new Vector();
        vector.add(fac.newTransform("http://www.w3.org/2000/09/xmldsig#enveloped-signature", (TransformParameterSpec) null));
        vector.add(fac.newTransform("http://www.w3.org/2001/10/xml-exc-c14n#", (TransformParameterSpec) null));
        CanonicalizationMethod newCanonicalizationMethod = fac.newCanonicalizationMethod("http://www.w3.org/2001/10/xml-exc-c14n#", (C14NMethodParameterSpec) null);
        if (privateKey instanceof RSAPrivateKey) {
            newSignatureMethod = fac.newSignatureMethod("http://www.w3.org/2000/09/xmldsig#rsa-sha1", (SignatureMethodParameterSpec) null);
        } else {
            if (!(privateKey instanceof DSAPrivateKey)) {
                throw new KeyException("Unsupported private key algorithm (must be DSA or RSA) :" + privateKey.getAlgorithm());
            }
            newSignatureMethod = fac.newSignatureMethod("http://www.w3.org/2000/09/xmldsig#dsa-sha1", (SignatureMethodParameterSpec) null);
        }
        Node namedItem = document.getDocumentElement().getAttributes().getNamedItem("ID");
        SignedInfo newSignedInfo = fac.newSignedInfo(newCanonicalizationMethod, newSignatureMethod, Collections.singletonList(fac.newReference(namedItem != null ? "#" + namedItem.getNodeValue() : null, newDigestMethod, vector, (String) null, (String) null)));
        DOMSignContext dOMSignContext = node == null ? new DOMSignContext(privateKey, document.getDocumentElement()) : new DOMSignContext(privateKey, document.getDocumentElement(), node);
        dOMSignContext.putNamespacePrefix("http://www.w3.org/2000/09/xmldsig#", "dsig");
        KeyInfoFactory keyInfoFactory = fac.getKeyInfoFactory();
        Vector vector2 = new Vector();
        if (publicKey != null) {
            vector2.add(keyInfoFactory.newKeyValue(publicKey));
        }
        if (x509CertificateArr != null) {
            ArrayList arrayList = new ArrayList();
            for (X509Certificate x509Certificate : x509CertificateArr) {
                arrayList.add(x509Certificate);
            }
            vector2.add(keyInfoFactory.newX509Data(arrayList));
        }
        fac.newXMLSignature(newSignedInfo, vector2.size() > 0 ? keyInfoFactory.newKeyInfo(vector2) : null).sign(dOMSignContext);
    }

    public boolean verifyEnvelopedSignature(Document document, PublicKey publicKey) throws DSigException {
        try {
            return verifyEnvelopedSignatureInternal(document, publicKey);
        } catch (Exception e) {
            throw new DSigException("Verification of enveloped signature failed", e);
        }
    }

    private boolean verifyEnvelopedSignatureInternal(Document document, PublicKey publicKey) throws MarshalException, XMLSignatureException {
        NodeList elementsByTagNameNS = document.getElementsByTagNameNS("http://www.w3.org/2000/09/xmldsig#", "Signature");
        if (elementsByTagNameNS.getLength() == 0) {
            throw new XMLSignatureException("Document not signed");
        }
        return verifySignatureInternal(document, publicKey, elementsByTagNameNS.item(0));
    }

    public boolean verifyDetachedSignature(Document document, PublicKey publicKey, Node node) throws DSigException {
        try {
            return verifySignatureInternal(document, publicKey, node);
        } catch (Exception e) {
            throw new DSigException("Verification of enveloped signature failed", e);
        }
    }

    private boolean verifySignatureInternal(Document document, PublicKey publicKey, Node node) throws MarshalException, XMLSignatureException {
        DOMValidateContext dOMValidateContext = new DOMValidateContext(publicKey, node);
        return fac.unmarshalXMLSignature(dOMValidateContext).validate(dOMValidateContext);
    }

    public static KeyInfoType generateX509KeyInfo(X509Certificate[] x509CertificateArr) throws CertificateEncodingException {
        KeyInfoType newInstance = KeyInfoType.Factory.newInstance();
        X509DataType addNewX509Data = newInstance.addNewX509Data();
        for (X509Certificate x509Certificate : x509CertificateArr) {
            addNewX509Data.addNewX509Certificate().setByteArrayValue(x509Certificate.getEncoded());
        }
        return newInstance;
    }
}
