package me.yanaga.opes;

import com.google.common.base.Preconditions;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InvalidObjectException;
import java.io.ObjectInputStream;
import java.io.Serializable;
import java.security.Key;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.time.Instant;
import java.util.Collections;
import java.util.Enumeration;
import java.util.LinkedList;
import java.util.List;
import java.util.Optional;
import javax.xml.crypto.AlgorithmMethod;
import javax.xml.crypto.KeySelector;
import javax.xml.crypto.KeySelectorException;
import javax.xml.crypto.KeySelectorResult;
import javax.xml.crypto.XMLCryptoContext;
import javax.xml.crypto.dsig.SignedInfo;
import javax.xml.crypto.dsig.XMLSignatureFactory;
import javax.xml.crypto.dsig.dom.DOMSignContext;
import javax.xml.crypto.dsig.dom.DOMValidateContext;
import javax.xml.crypto.dsig.keyinfo.KeyInfo;
import javax.xml.crypto.dsig.keyinfo.KeyInfoFactory;
import javax.xml.crypto.dsig.keyinfo.X509Data;
import javax.xml.crypto.dsig.spec.C14NMethodParameterSpec;
import javax.xml.crypto.dsig.spec.DigestMethodParameterSpec;
import javax.xml.crypto.dsig.spec.SignatureMethodParameterSpec;
import javax.xml.crypto.dsig.spec.TransformParameterSpec;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.DLSequence;
import org.bouncycastle.x509.extension.X509ExtensionUtil;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;

/* loaded from: input_file:me/yanaga/opes/CertificadoDigital.class */
public final class CertificadoDigital implements Serializable {
    private static final long serialVersionUID = 1;
    private static final String C14N_TRANSFORM_METHOD = "http://www.w3.org/TR/2001/REC-xml-c14n-20010315";
    private static final char[] DEFAULT_CERTIFICATE_PASSWORD = {'o', 'p', 'e', 's'};
    private static final ASN1ObjectIdentifier OID_CNPJ = new ASN1ObjectIdentifier("2.16.76.1.3.3");
    private final transient byte[] bytes;
    private final transient CpfCnpj cnpj;
    private final Instant expiry;
    private final transient PrivateKey privateKey;
    private final transient X509Certificate[] certificateChain;

    /* loaded from: input_file:me/yanaga/opes/CertificadoDigital$SerializationProxy.class */
    private static class SerializationProxy implements Serializable {
        private static final long serialVersionUID = 1;
        private final byte[] bytes;

        SerializationProxy(CertificadoDigital certificadoDigital) {
            this.bytes = certificadoDigital.bytes;
        }

        private Object readResolve() {
            return CertificadoDigital.of(new ByteArrayInputStream(this.bytes));
        }
    }

    /* loaded from: input_file:me/yanaga/opes/CertificadoDigital$X509KeySelector.class */
    private static class X509KeySelector extends KeySelector {
        private X509KeySelector() {
        }

        public KeySelectorResult select(KeyInfo keyInfo, KeySelector.Purpose purpose, AlgorithmMethod algorithmMethod, XMLCryptoContext xMLCryptoContext) throws KeySelectorException {
            for (X509Data x509Data : keyInfo.getContent()) {
                if (x509Data instanceof X509Data) {
                    for (Object obj : x509Data.getContent()) {
                        if (obj instanceof X509Certificate) {
                            final PublicKey publicKey = ((X509Certificate) obj).getPublicKey();
                            if (algEquals(algorithmMethod.getAlgorithm(), publicKey.getAlgorithm())) {
                                return new KeySelectorResult() { // from class: me.yanaga.opes.CertificadoDigital.X509KeySelector.1
                                    public Key getKey() {
                                        return publicKey;
                                    }
                                };
                            }
                        }
                    }
                }
            }
            throw new KeySelectorException("No KeyValue element found!");
        }

        static boolean algEquals(String str, String str2) {
            if (str2.equalsIgnoreCase("DSA") && str.equalsIgnoreCase("http://www.w3.org/2000/09/xmldsig#dsa-sha1")) {
                return true;
            }
            return str2.equalsIgnoreCase("RSA") && str.equalsIgnoreCase("http://www.w3.org/2000/09/xmldsig#rsa-sha1");
        }
    }

    private CertificadoDigital(byte[] bArr, CpfCnpj cpfCnpj, Instant instant, PrivateKey privateKey, X509Certificate[] x509CertificateArr) {
        this.bytes = bArr;
        this.cnpj = cpfCnpj;
        this.expiry = instant;
        this.privateKey = privateKey;
        this.certificateChain = x509CertificateArr;
    }

    public static CertificadoDigital of(InputStream inputStream) {
        return of(inputStream, DEFAULT_CERTIFICATE_PASSWORD);
    }

    public static CertificadoDigital of(InputStream inputStream, char[] cArr) {
        try {
            KeyStore keyStore = KeyStore.getInstance("pkcs12");
            keyStore.load(inputStream, cArr);
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                if (keyStore.isKeyEntry(nextElement)) {
                    Key key = keyStore.getKey(nextElement, cArr);
                    if (key instanceof PrivateKey) {
                        Certificate[] certificateChain = keyStore.getCertificateChain(nextElement);
                        if (certificateChain != null && certificateChain.length != 0 && (certificateChain[0] instanceof X509Certificate)) {
                            if (!(certificateChain instanceof X509Certificate[])) {
                                X509Certificate[] x509CertificateArr = new X509Certificate[certificateChain.length];
                                System.arraycopy(certificateChain, 0, x509CertificateArr, 0, certificateChain.length);
                                certificateChain = x509CertificateArr;
                            }
                            Instant instant = ((X509Certificate) certificateChain[0]).getNotAfter().toInstant();
                            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                            keyStore.store(byteArrayOutputStream, DEFAULT_CERTIFICATE_PASSWORD);
                            return new CertificadoDigital(byteArrayOutputStream.toByteArray(), extractCnpj(certificateChain), instant, (PrivateKey) key, (X509Certificate[]) certificateChain);
                        }
                    }
                }
            }
            throw new IllegalArgumentException("Unable to load PrivateKey and CertificateChain from KeyStore.");
        } catch (Exception e) {
            throw new IllegalArgumentException(e);
        }
    }

    public byte[] toBytes() {
        return this.bytes;
    }

    public Optional<CpfCnpj> getCnpj() {
        return Optional.ofNullable(this.cnpj);
    }

    public Instant getExpiry() {
        return this.expiry;
    }

    public <T extends Node> T sign(T t) {
        Preconditions.checkNotNull(t);
        Preconditions.checkArgument((t instanceof Document) || (t instanceof Element));
        try {
            Element documentElement = t instanceof Document ? ((Document) t).getDocumentElement() : (Element) t;
            DOMSignContext dOMSignContext = new DOMSignContext(this.privateKey, documentElement);
            XMLSignatureFactory xMLSignatureFactory = XMLSignatureFactory.getInstance("DOM");
            LinkedList linkedList = new LinkedList();
            linkedList.add(xMLSignatureFactory.newTransform("http://www.w3.org/2000/09/xmldsig#enveloped-signature", (TransformParameterSpec) null));
            linkedList.add(xMLSignatureFactory.newTransform(C14N_TRANSFORM_METHOD, (TransformParameterSpec) null));
            Node findFirstElementChild = findFirstElementChild(documentElement);
            ((Element) findFirstElementChild).setIdAttribute("Id", true);
            SignedInfo newSignedInfo = xMLSignatureFactory.newSignedInfo(xMLSignatureFactory.newCanonicalizationMethod(C14N_TRANSFORM_METHOD, (C14NMethodParameterSpec) null), xMLSignatureFactory.newSignatureMethod("http://www.w3.org/2000/09/xmldsig#rsa-sha1", (SignatureMethodParameterSpec) null), Collections.singletonList(xMLSignatureFactory.newReference(String.format("#%s", findFirstElementChild.getAttributes().getNamedItem("Id").getNodeValue()), xMLSignatureFactory.newDigestMethod("http://www.w3.org/2000/09/xmldsig#sha1", (DigestMethodParameterSpec) null), linkedList, (String) null, (String) null)));
            KeyInfoFactory keyInfoFactory = xMLSignatureFactory.getKeyInfoFactory();
            xMLSignatureFactory.newXMLSignature(newSignedInfo, keyInfoFactory.newKeyInfo(Collections.singletonList(keyInfoFactory.newX509Data(Collections.singletonList(this.certificateChain[0]))))).sign(dOMSignContext);
            return t;
        } catch (Exception e) {
            throw new IllegalArgumentException("Erro ao assinar XML.", e);
        }
    }

    public boolean validate(Document document) {
        Preconditions.checkNotNull(document);
        try {
            DOMValidateContext dOMValidateContext = new DOMValidateContext(new X509KeySelector(), document.getElementsByTagNameNS("http://www.w3.org/2000/09/xmldsig#", "Signature").item(0));
            return XMLSignatureFactory.getInstance("DOM").unmarshalXMLSignature(dOMValidateContext).validate(dOMValidateContext);
        } catch (Exception e) {
            throw new IllegalArgumentException("Erro ao validar o XML.", e);
        }
    }

    private Node findFirstElementChild(Node node) {
        NodeList childNodes = node.getChildNodes();
        Node node2 = null;
        int i = 0;
        while (true) {
            if (i >= childNodes.getLength()) {
                break;
            }
            Node item = childNodes.item(i);
            if (item.getNodeType() == 1) {
                node2 = item;
                break;
            }
            i++;
        }
        return node2;
    }

    private static CpfCnpj extractCnpj(Certificate[] certificateArr) {
        for (X509Certificate x509Certificate : (X509Certificate[]) certificateArr) {
            try {
                for (Object obj : X509ExtensionUtil.getSubjectAlternativeNames(x509Certificate)) {
                    if (obj instanceof List) {
                        List list = (List) obj;
                        if (list.get(1) instanceof DLSequence) {
                            DLSequence dLSequence = (DLSequence) list.get(1);
                            if (OID_CNPJ.equals(dLSequence.getObjectAt(0))) {
                                try {
                                    return CpfCnpj.of(new String(dLSequence.getObjectAt(1).getObject().getEncoded()));
                                } catch (IOException e) {
                                    e.printStackTrace();
                                }
                            } else {
                                continue;
                            }
                        } else {
                            continue;
                        }
                    }
                }
            } catch (CertificateParsingException e2) {
                throw new IllegalArgumentException("Erro ao extrair CNPJ do CertificadoDigital", e2);
            }
        }
        return null;
    }

    private void readObject(ObjectInputStream objectInputStream) throws IOException, ClassNotFoundException {
        throw new InvalidObjectException("Proxy required");
    }

    private Object writeReplace() {
        return new SerializationProxy(this);
    }
}
