package li.strolch.utils.helper;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.UUID;
import javassist.bytecode.SignatureAttribute;
import javax.xml.crypto.dsig.Reference;
import javax.xml.crypto.dsig.SignedInfo;
import javax.xml.crypto.dsig.XMLSignature;
import javax.xml.crypto.dsig.XMLSignatureFactory;
import javax.xml.crypto.dsig.dom.DOMSignContext;
import javax.xml.crypto.dsig.dom.DOMValidateContext;
import javax.xml.crypto.dsig.keyinfo.KeyInfo;
import javax.xml.crypto.dsig.keyinfo.KeyInfoFactory;
import javax.xml.crypto.dsig.spec.C14NMethodParameterSpec;
import javax.xml.crypto.dsig.spec.DigestMethodParameterSpec;
import javax.xml.crypto.dsig.spec.SignatureMethodParameterSpec;
import javax.xml.crypto.dsig.spec.TransformParameterSpec;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.transform.Transformer;
import javax.xml.transform.TransformerException;
import javax.xml.transform.TransformerFactory;
import javax.xml.transform.TransformerFactoryConfigurationError;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
import li.strolch.utils.dbc.DBC;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.NodeList;

/* loaded from: input_file:WEB-INF/lib/li.strolch.utils-1.4.3.jar:li/strolch/utils/helper/XmlDomSigner.class */
public class XmlDomSigner {
    private static final Logger logger = LoggerFactory.getLogger(XmlDomSigner.class);
    private KeyStore keyStore;
    private String privateKeyAlias;
    private String trustAlias;
    private char[] password;

    public XmlDomSigner(File file, String str, String str2, char[] cArr) {
        DBC.PRE.assertNotEmpty("privateKeyAlias", str);
        DBC.PRE.assertNotEmpty("trustAlias", str2);
        try {
            KeyStore keyStore = KeyStore.getInstance("JKS");
            keyStore.load(new FileInputStream(file), cArr);
            this.keyStore = keyStore;
            this.privateKeyAlias = str;
            this.trustAlias = str2;
            this.password = cArr;
        } catch (Exception e) {
            throw new RuntimeException("Failed to read keystore " + file);
        }
    }

    public void sign(Document document) throws RuntimeException {
        try {
            String str = "Signed_" + UUID.randomUUID().toString();
            Element documentElement = document.getDocumentElement();
            documentElement.setAttribute("ID", str);
            documentElement.setIdAttribute("ID", true);
            XMLSignatureFactory xMLSignatureFactory = XMLSignatureFactory.getInstance("DOM");
            ArrayList arrayList = new ArrayList();
            arrayList.add(xMLSignatureFactory.newTransform("http://www.w3.org/2000/09/xmldsig#enveloped-signature", (TransformParameterSpec) null));
            arrayList.add(xMLSignatureFactory.newTransform("http://www.w3.org/2001/10/xml-exc-c14n#", (TransformParameterSpec) null));
            SignedInfo newSignedInfo = xMLSignatureFactory.newSignedInfo(xMLSignatureFactory.newCanonicalizationMethod("http://www.w3.org/2001/10/xml-exc-c14n#", (C14NMethodParameterSpec) null), xMLSignatureFactory.newSignatureMethod("http://www.w3.org/2000/09/xmldsig#rsa-sha1", (SignatureMethodParameterSpec) null), Collections.singletonList(xMLSignatureFactory.newReference("#" + str, xMLSignatureFactory.newDigestMethod("http://www.w3.org/2000/09/xmldsig#sha1", (DigestMethodParameterSpec) null), arrayList, (String) null, (String) null)));
            KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) this.keyStore.getEntry(this.privateKeyAlias, new KeyStore.PasswordProtection(this.password));
            PrivateKey privateKey = privateKeyEntry.getPrivateKey();
            X509Certificate x509Certificate = (X509Certificate) privateKeyEntry.getCertificate();
            KeyInfoFactory keyInfoFactory = xMLSignatureFactory.getKeyInfoFactory();
            ArrayList arrayList2 = new ArrayList();
            arrayList2.add(x509Certificate.getSubjectX500Principal().getName());
            arrayList2.add(x509Certificate);
            KeyInfo newKeyInfo = keyInfoFactory.newKeyInfo(Collections.singletonList(keyInfoFactory.newX509Data(arrayList2)));
            DOMSignContext dOMSignContext = new DOMSignContext(privateKey, documentElement);
            dOMSignContext.putNamespacePrefix("http://www.w3.org/2000/09/xmldsig#", "ds");
            xMLSignatureFactory.newXMLSignature(newSignedInfo, newKeyInfo).sign(dOMSignContext);
        } catch (Exception e) {
            throw new RuntimeException("Failed to sign document", e);
        }
    }

    public void validate(Document document) throws RuntimeException {
        try {
            XMLSignatureFactory xMLSignatureFactory = XMLSignatureFactory.getInstance("DOM");
            NodeList elementsByTagNameNS = document.getElementsByTagNameNS("http://www.w3.org/2000/09/xmldsig#", SignatureAttribute.tag);
            if (elementsByTagNameNS.getLength() == 0) {
                throw new Exception("Cannot find Signature element!");
            }
            if (elementsByTagNameNS.getLength() > 1) {
                throw new Exception("Found multiple Signature elements!");
            }
            DOMValidateContext dOMValidateContext = new DOMValidateContext(((KeyStore.TrustedCertificateEntry) this.keyStore.getEntry(this.trustAlias, null)).getTrustedCertificate().getPublicKey(), elementsByTagNameNS.item(0));
            dOMValidateContext.setProperty("javax.xml.crypto.dsig.cacheReference", Boolean.TRUE);
            XMLSignature unmarshalXMLSignature = xMLSignatureFactory.unmarshalXMLSignature(dOMValidateContext);
            if (unmarshalXMLSignature.validate(dOMValidateContext)) {
                return;
            }
            logger.error("Signature failed core validation");
            boolean validate = unmarshalXMLSignature.getSignatureValue().validate(dOMValidateContext);
            logger.error("signature validation status: " + validate);
            if (!validate) {
                Iterator it = unmarshalXMLSignature.getSignedInfo().getReferences().iterator();
                int i = 0;
                while (it.hasNext()) {
                    logger.error("ref[" + i + "] validity status: " + ((Reference) it.next()).validate(dOMValidateContext));
                    i++;
                }
            }
            throw new RuntimeException("Uh-oh validation, failed!");
        } catch (Exception e) {
            if (!(e instanceof RuntimeException)) {
                throw new RuntimeException("Failed to validate document", e);
            }
            throw ((RuntimeException) e);
        }
    }

    public static byte[] transformToBytes(Document document) {
        return transformToBytes(document, false);
    }

    public static byte[] transformToBytes(Document document, boolean z) {
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            Transformer newTransformer = TransformerFactory.newInstance().newTransformer();
            if (z) {
                newTransformer.setOutputProperty("indent", "yes");
                newTransformer.setOutputProperty("{http://xml.apache.org/xalan}indent-amount", "2");
            }
            newTransformer.transform(new DOMSource(document), new StreamResult(byteArrayOutputStream));
            return byteArrayOutputStream.toByteArray();
        } catch (TransformerException | TransformerFactoryConfigurationError e) {
            throw new RuntimeException("Failed to transform document to bytes!", e);
        }
    }

    public static void writeTo(Document document, File file) {
        try {
            writeTo(document, new FileOutputStream(file));
        } catch (FileNotFoundException e) {
            throw new RuntimeException("Failed to write document to " + file.getAbsolutePath(), e);
        }
    }

    public static void writeTo(Document document, OutputStream outputStream) {
        try {
            TransformerFactory.newInstance().newTransformer().transform(new DOMSource(document), new StreamResult(outputStream));
        } catch (Exception e) {
            throw new RuntimeException("Failed to write document to output stream!", e);
        }
    }

    public static Document parse(byte[] bArr) {
        return parse(new ByteArrayInputStream(bArr));
    }

    public static Document parse(File file) {
        try {
            return parse(new FileInputStream(file));
        } catch (Exception e) {
            throw new RuntimeException("Failed to parse signed file at " + file.getAbsolutePath(), e);
        }
    }

    public static Document parse(InputStream inputStream) {
        try {
            DocumentBuilderFactory newInstance = DocumentBuilderFactory.newInstance();
            newInstance.setNamespaceAware(true);
            return newInstance.newDocumentBuilder().parse(inputStream);
        } catch (Exception e) {
            throw new RuntimeException("Failed to parse input stream", e);
        }
    }
}
