package network.oxalis.vefa.peppol.security.xmldsig;

import java.security.cert.X509Certificate;
import javax.xml.crypto.MarshalException;
import javax.xml.crypto.dsig.XMLSignatureException;
import javax.xml.crypto.dsig.XMLSignatureFactory;
import javax.xml.crypto.dsig.dom.DOMValidateContext;
import network.oxalis.vefa.peppol.security.lang.PeppolSecurityException;
import org.w3c.dom.Document;
import org.w3c.dom.NodeList;

/* loaded from: input_file:WEB-INF/lib/peppol-security-2.5.0.jar:network/oxalis/vefa/peppol/security/xmldsig/XmldsigVerifier.class */
public class XmldsigVerifier {
    public static X509Certificate verify(Document document) throws PeppolSecurityException {
        try {
            NodeList elementsByTagNameNS = document.getElementsByTagNameNS("http://www.w3.org/2000/09/xmldsig#", "Signature");
            if (elementsByTagNameNS.getLength() == 0) {
                throw new PeppolSecurityException("Cannot find Signature element");
            }
            X509KeySelector x509KeySelector = new X509KeySelector();
            DOMValidateContext dOMValidateContext = new DOMValidateContext(x509KeySelector, elementsByTagNameNS.item(0));
            if (XMLSignatureFactory.getInstance("DOM").unmarshalXMLSignature(dOMValidateContext).validate(dOMValidateContext)) {
                return x509KeySelector.getCertificate();
            }
            throw new PeppolSecurityException("Signature failed.");
        } catch (XMLSignatureException | MarshalException e) {
            throw new PeppolSecurityException("Unable to verify document signature.", e);
        }
    }

    XmldsigVerifier() {
    }
}
