package org.basex.query.util.crypto;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.StringWriter;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import java.util.Vector;
import javax.xml.crypto.MarshalException;
import javax.xml.crypto.dom.DOMStructure;
import javax.xml.crypto.dsig.SignedInfo;
import javax.xml.crypto.dsig.XMLSignature;
import javax.xml.crypto.dsig.XMLSignatureException;
import javax.xml.crypto.dsig.XMLSignatureFactory;
import javax.xml.crypto.dsig.dom.DOMSignContext;
import javax.xml.crypto.dsig.dom.DOMValidateContext;
import javax.xml.crypto.dsig.keyinfo.KeyInfo;
import javax.xml.crypto.dsig.keyinfo.KeyInfoFactory;
import javax.xml.crypto.dsig.keyinfo.KeyValue;
import javax.xml.crypto.dsig.keyinfo.X509IssuerSerial;
import javax.xml.crypto.dsig.spec.C14NMethodParameterSpec;
import javax.xml.crypto.dsig.spec.DigestMethodParameterSpec;
import javax.xml.crypto.dsig.spec.SignatureMethodParameterSpec;
import javax.xml.crypto.dsig.spec.TransformParameterSpec;
import javax.xml.crypto.dsig.spec.XPathFilterParameterSpec;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.transform.Transformer;
import javax.xml.transform.TransformerException;
import javax.xml.transform.TransformerFactory;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
import javax.xml.xpath.XPathConstants;
import javax.xml.xpath.XPathExpressionException;
import javax.xml.xpath.XPathFactory;
import org.basex.build.MemBuilder;
import org.basex.build.Parser;
import org.basex.core.Command;
import org.basex.core.Prop;
import org.basex.io.IO;
import org.basex.io.serial.Serializer;
import org.basex.io.serial.SerializerProp;
import org.basex.query.QueryException;
import org.basex.query.item.ANode;
import org.basex.query.item.Bln;
import org.basex.query.item.DBNode;
import org.basex.query.item.Item;
import org.basex.query.util.Err;
import org.basex.util.InputInfo;
import org.basex.util.Token;
import org.basex.util.hash.TokenMap;
import org.basex.util.hash.TokenSet;
import org.w3c.dom.Document;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
import org.xml.sax.SAXException;

/* loaded from: input_file:org/basex/query/util/crypto/DigitalSignature.class */
public final class DigitalSignature {
    private static final TokenMap CANONICALIZATIONS = new TokenMap();
    private static final TokenMap DIGESTS = new TokenMap();
    private static final TokenMap SIGNATURES = new TokenMap();
    private static final TokenSet TYPES = new TokenSet();
    private static final byte[] DEFC = Token.token("inclusive-with-comments");
    private static final byte[] DEFD = Token.token("SHA1");
    private static final byte[] DEFS = Token.token("RSA_SHA1");
    private static final byte[] DEFT = Token.token("enveloped");
    private static final byte[] ENVT = Token.token("enveloping");
    private final InputInfo input;

    static {
        CANONICALIZATIONS.add(DEFC, Token.token("http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"));
        CANONICALIZATIONS.add(Token.token("exclusive-with-comments"), Token.token("http://www.w3.org/2001/10/xml-exc-c14n#WithComments"));
        CANONICALIZATIONS.add(Token.token("inclusive"), Token.token("http://www.w3.org/TR/2001/REC-xml-c14n-20010315"));
        CANONICALIZATIONS.add(Token.token("exclusive"), Token.token("http://www.w3.org/2001/10/xml-exc-c14n#"));
        DIGESTS.add(DEFD, Token.token("http://www.w3.org/2000/09/xmldsig#sha1"));
        DIGESTS.add(Token.token("SHA256"), Token.token("http://www.w3.org/2001/04/xmlenc#sha256"));
        DIGESTS.add(Token.token("SHA512"), Token.token("http://www.w3.org/2001/04/xmlenc#sha512"));
        SIGNATURES.add(DEFS, Token.token("http://www.w3.org/2000/09/xmldsig#rsa-sha1"));
        SIGNATURES.add(Token.token("DSA_SHA1"), Token.token("http://www.w3.org/2000/09/xmldsig#dsa-sha1"));
        TYPES.add(DEFT);
        TYPES.add(ENVT);
    }

    public DigitalSignature(InputInfo inputInfo) {
        this.input = inputInfo;
    }

    public ANode generateSignature(ANode aNode, byte[] bArr, byte[] bArr2, byte[] bArr3, byte[] bArr4, byte[] bArr5, byte[] bArr6, ANode aNode2) throws QueryException {
        KeyInfo newKeyInfo;
        PrivateKey privateKey;
        List singletonList;
        XMLSignature newXMLSignature;
        DOMSignContext dOMSignContext;
        byte[] bArr7 = bArr;
        if (bArr7.length == 0) {
            bArr7 = DEFC;
        }
        byte[] bArr8 = CANONICALIZATIONS.get(bArr7);
        if (bArr8 == null) {
            Err.CRYPTOCANINV.thrw(this.input, bArr8);
        }
        String string = Token.string(bArr8);
        byte[] bArr9 = bArr2;
        if (bArr9.length == 0) {
            bArr9 = DEFD;
        }
        byte[] bArr10 = DIGESTS.get(bArr9);
        if (bArr10 == null) {
            Err.CRYPTODIGINV.thrw(this.input, bArr10);
        }
        String string2 = Token.string(bArr10);
        byte[] bArr11 = bArr3;
        if (bArr11.length == 0) {
            bArr11 = DEFS;
        }
        byte[] bArr12 = bArr11;
        byte[] bArr13 = SIGNATURES.get(bArr11);
        if (bArr13 == null) {
            Err.CRYPTOSIGINV.thrw(this.input, bArr13);
        }
        String string3 = Token.string(bArr13);
        String substring = Token.string(bArr12).substring(0, 3);
        byte[] bArr14 = bArr5;
        if (bArr14.length == 0) {
            bArr14 = DEFT;
        }
        if (TYPES.id(bArr14) == 0) {
            Err.CRYPTOSIGTYPINV.thrw(this.input, bArr14);
        }
        byte[] bArr15 = bArr14;
        ANode aNode3 = null;
        try {
            XMLSignatureFactory xMLSignatureFactory = XMLSignatureFactory.getInstance("DOM");
            if (aNode2 != null) {
                String str = null;
                String str2 = null;
                String str3 = null;
                String str4 = null;
                String str5 = null;
                Document dOMNode = toDOMNode(aNode2);
                if (!dOMNode.getDocumentElement().getNodeName().equals("digital-certificate")) {
                    Err.CRYPTOINVNM.thrw(this.input, dOMNode);
                }
                NodeList childNodes = dOMNode.getDocumentElement().getChildNodes();
                int length = childNodes.getLength();
                int i = 0;
                while (i < length) {
                    int i2 = i;
                    i++;
                    Node item = childNodes.item(i2);
                    String nodeName = item.getNodeName();
                    if (nodeName.equals("keystore-type")) {
                        str = item.getTextContent();
                    } else if (nodeName.equals("keystore-password")) {
                        str2 = item.getTextContent();
                    } else if (nodeName.equals("key-alias")) {
                        str3 = item.getTextContent();
                    } else if (nodeName.equals("private-key-password")) {
                        str4 = item.getTextContent();
                    } else if (nodeName.equals("keystore-uri")) {
                        str5 = item.getTextContent();
                    }
                }
                KeyStore keyStore = KeyStore.getInstance(str);
                if (keyStore == null) {
                    Err.CRYPTOKSNULL.thrw(this.input, keyStore);
                }
                keyStore.load(new FileInputStream(str5), str2.toCharArray());
                privateKey = (PrivateKey) keyStore.getKey(str3, str4.toCharArray());
                X509Certificate x509Certificate = (X509Certificate) keyStore.getCertificate(str3);
                if (x509Certificate == null) {
                    Err.CRYPTOALINV.thrw(this.input, str3);
                }
                PublicKey publicKey = x509Certificate.getPublicKey();
                KeyInfoFactory keyInfoFactory = xMLSignatureFactory.getKeyInfoFactory();
                KeyValue newKeyValue = keyInfoFactory.newKeyValue(publicKey);
                Vector vector = new Vector();
                vector.add(newKeyValue);
                ArrayList arrayList = new ArrayList();
                X509IssuerSerial newX509IssuerSerial = keyInfoFactory.newX509IssuerSerial(x509Certificate.getIssuerX500Principal().getName(), x509Certificate.getSerialNumber());
                arrayList.add(x509Certificate.getSubjectX500Principal().getName());
                arrayList.add(newX509IssuerSerial);
                arrayList.add(x509Certificate);
                vector.add(keyInfoFactory.newX509Data(arrayList));
                newKeyInfo = keyInfoFactory.newKeyInfo(vector);
            } else {
                KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(substring);
                keyPairGenerator.initialize(Command.DATAREF);
                KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
                KeyInfoFactory keyInfoFactory2 = xMLSignatureFactory.getKeyInfoFactory();
                newKeyInfo = keyInfoFactory2.newKeyInfo(Collections.singletonList(keyInfoFactory2.newKeyValue(generateKeyPair.getPublic())));
                privateKey = generateKeyPair.getPrivate();
            }
            Document dOMNode2 = toDOMNode(aNode);
            if (bArr6.length > 0) {
                if (((NodeList) XPathFactory.newInstance().newXPath().compile(Token.string(bArr6)).evaluate(dOMNode2, XPathConstants.NODESET)).getLength() < 1) {
                    Err.CRYPTOXPINV.thrw(this.input, bArr6);
                }
                singletonList = new ArrayList(2);
                singletonList.add(xMLSignatureFactory.newTransform("http://www.w3.org/TR/1999/REC-xpath-19991116", new XPathFilterParameterSpec(Token.string(bArr6))));
                singletonList.add(xMLSignatureFactory.newTransform("http://www.w3.org/2000/09/xmldsig#enveloped-signature", (TransformParameterSpec) null));
            } else {
                singletonList = Collections.singletonList(xMLSignatureFactory.newTransform("http://www.w3.org/2000/09/xmldsig#enveloped-signature", (TransformParameterSpec) null));
            }
            SignedInfo newSignedInfo = xMLSignatureFactory.newSignedInfo(xMLSignatureFactory.newCanonicalizationMethod(string, (C14NMethodParameterSpec) null), xMLSignatureFactory.newSignatureMethod(string3, (SignatureMethodParameterSpec) null), Collections.singletonList(xMLSignatureFactory.newReference("", xMLSignatureFactory.newDigestMethod(string2, (DigestMethodParameterSpec) null), singletonList, (String) null, (String) null)));
            if (Token.eq(bArr15, DEFT)) {
                dOMSignContext = new DOMSignContext(privateKey, dOMNode2.getDocumentElement());
                newXMLSignature = xMLSignatureFactory.newXMLSignature(newSignedInfo, newKeyInfo);
            } else {
                DocumentBuilderFactory.newInstance().setNamespaceAware(true);
                newXMLSignature = xMLSignatureFactory.newXMLSignature(newSignedInfo, newKeyInfo, Collections.singletonList(xMLSignatureFactory.newXMLObject(Collections.singletonList(new DOMStructure(dOMNode2.getDocumentElement())), "", (String) null, (String) null)), (String) null, (String) null);
                dOMSignContext = new DOMSignContext(privateKey, dOMNode2);
            }
            if (bArr4.length > 0) {
                dOMSignContext.setDefaultNamespacePrefix(new String(bArr4));
            }
            newXMLSignature.sign(dOMSignContext);
            aNode3 = toDBNode(dOMNode2);
        } catch (IOException e) {
            Err.CRYPTOIOEXC.thrw(this.input, e);
        } catch (InvalidAlgorithmParameterException e2) {
            Err.CRYPTOALGEXC.thrw(this.input, e2);
        } catch (KeyException e3) {
            Err.CRYPTONOKEY.thrw(this.input, e3);
        } catch (KeyStoreException e4) {
            Err.CRYPTOKSEXC.thrw(this.input, e4);
        } catch (NoSuchAlgorithmException e5) {
            Err.CRYPTOALGEXC.thrw(this.input, e5);
        } catch (UnrecoverableKeyException e6) {
            Err.CRYPTONOKEY.thrw(this.input, e6);
        } catch (CertificateException e7) {
            Err.CRYPTOALGEXC.thrw(this.input, e7);
        } catch (ParserConfigurationException e8) {
            Err.CRYPTOIOEXC.thrw(this.input, e8);
        } catch (XPathExpressionException e9) {
            Err.CRYPTOXPINV.thrw(this.input, e9);
        } catch (SAXException e10) {
            Err.CRYPTOIOEXC.thrw(this.input, e10);
        } catch (XMLSignatureException e11) {
            Err.CRYPTOSIGEXC.thrw(this.input, e11);
        } catch (MarshalException e12) {
            Err.CRYPTOSIGEXC.thrw(this.input, e12);
        }
        return aNode3;
    }

    public Item validateSignature(ANode aNode) throws QueryException {
        boolean z = false;
        try {
            Document dOMNode = toDOMNode(aNode);
            DOMValidateContext dOMValidateContext = new DOMValidateContext(new MyKeySelector(), dOMNode);
            NodeList elementsByTagNameNS = dOMNode.getElementsByTagNameNS("http://www.w3.org/2000/09/xmldsig#", "Signature");
            if (elementsByTagNameNS.getLength() < 1) {
                Err.CRYPTONOSIG.thrw(this.input, aNode);
            }
            dOMValidateContext.setNode(elementsByTagNameNS.item(0));
            z = XMLSignatureFactory.getInstance("DOM").unmarshalXMLSignature(dOMValidateContext).validate(dOMValidateContext);
            return Bln.get(z);
        } catch (XMLSignatureException e) {
            Err.CRYPTOIOEXC.thrw(this.input, e);
            return Bln.get(z);
        } catch (SAXException e2) {
            Err.CRYPTOIOEXC.thrw(this.input, e2);
            return Bln.get(z);
        } catch (MarshalException e3) {
            Err.CRYPTOSIGEXC.thrw(this.input, e3);
            return Bln.get(z);
        } catch (IOException e4) {
            Err.CRYPTOIOEXC.thrw(this.input, e4);
            return Bln.get(z);
        } catch (ParserConfigurationException e5) {
            Err.CRYPTOIOEXC.thrw(this.input, e5);
            return Bln.get(z);
        }
    }

    private ANode toDBNode(Node node) throws QueryException {
        DBNode dBNode = null;
        try {
            Transformer newTransformer = TransformerFactory.newInstance().newTransformer();
            StringWriter stringWriter = new StringWriter();
            newTransformer.transform(new DOMSource(node), new StreamResult(stringWriter));
            dBNode = new DBNode(new MemBuilder("", Parser.xmlParser(IO.get(stringWriter.toString()), new Prop()), new Prop()).build(), 1);
        } catch (IOException e) {
            Err.CRYPTOIOEXC.thrw(this.input, e);
        } catch (TransformerException e2) {
            Err.CRYPTOIOEXC.thrw(this.input, e2);
        }
        return dBNode;
    }

    private static byte[] nodeToBytes(ANode aNode) throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        Serializer serializer = Serializer.get(byteArrayOutputStream, new SerializerProp("format=no"));
        aNode.serialize(serializer);
        serializer.close();
        return byteArrayOutputStream.toByteArray();
    }

    private static Document toDOMNode(ANode aNode) throws SAXException, IOException, ParserConfigurationException {
        DocumentBuilderFactory newInstance = DocumentBuilderFactory.newInstance();
        newInstance.setNamespaceAware(true);
        return newInstance.newDocumentBuilder().parse(new ByteArrayInputStream(nodeToBytes(aNode)));
    }
}
