package org.apache.tsik.xmlsig;

import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.security.interfaces.DSAPrivateKey;
import java.security.interfaces.RSAPrivateKey;
import java.util.Enumeration;
import java.util.Hashtable;
import java.util.List;
import java.util.Vector;
import org.apache.tsik.c14n.CanonicalizerFactory;
import org.apache.tsik.c14n.elements.InclusiveNamespacesElement;
import org.apache.tsik.common.Logger;
import org.apache.tsik.common.LoggerFactory;
import org.apache.tsik.domutil.DOMCursor;
import org.apache.tsik.domutil.DOMWriteCursor;
import org.apache.tsik.domutil.elements.ElementExtension;
import org.apache.tsik.uuid.UUID;
import org.apache.tsik.xmlsig.elements.ObjectElement;
import org.apache.tsik.xmlsig.elements.Reference;
import org.apache.tsik.xmlsig.elements.Signature;
import org.apache.tsik.xmlsig.elements.SignedInfo;
import org.apache.tsik.xmlsig.elements.transforms.CanonicalizationTransform;
import org.apache.tsik.xmlsig.elements.transforms.EnvelopedTransform;
import org.apache.tsik.xmlsig.elements.transforms.ExclusiveC14nTransform;
import org.apache.tsik.xpath.XPath;
import org.apache.tsik.xpath.XPathException;
import org.w3c.dom.Document;

/* loaded from: input_file:org/apache/tsik/xmlsig/Signer.class */
public class Signer {
    private static Logger log;
    private Signature signature;
    private Document document;
    static Class class$org$apache$tsik$xmlsig$Signer;
    private Vector refs = new Vector();
    private DOMWriteCursor writeCursor = null;
    private List inclusivePrefixList = null;
    private boolean inPlace = false;

    public void useExclusiveCanonicalizer(List list) {
        if (list == null) {
            throw new IllegalArgumentException("list cannot be null");
        }
        if (log.isDebugEnabled()) {
            log.debug(new StringBuffer().append("using exclusive c14n, include prefix:").append(list).toString());
        }
        this.signature.getSignedInfo().useExclusiveCanonicalizer(list);
        this.inclusivePrefixList = new Vector(list);
    }

    public Signer(Document document, PrivateKey privateKey, PublicKey publicKey) throws InvalidKeyException, NoSuchAlgorithmException {
        create(document, createSigningKey(privateKey), publicKey);
    }

    public Signer(Document document, PrivateKey privateKey) throws InvalidKeyException, NoSuchAlgorithmException {
        create(document, createSigningKey(privateKey));
    }

    public Signer(Document document, SigningKey signingKey) throws InvalidKeyException, NoSuchAlgorithmException {
        create(document, signingKey);
    }

    public Signer(Document document, SigningKey signingKey, VerifyingKey verifyingKey) throws InvalidKeyException, NoSuchAlgorithmException {
        create(document, signingKey, verifyingKey);
    }

    public Signer(Document document, PrivateKey privateKey, X509Certificate[] x509CertificateArr) throws InvalidKeyException, NoSuchAlgorithmException, CertificateException {
        if (x509CertificateArr == null || x509CertificateArr[0] == null) {
            throw new IllegalArgumentException("certificate chain cannot be null");
        }
        create(document, createSigningKey(privateKey));
        setCertificateChain(x509CertificateArr);
    }

    public Signer(Document document, PrivateKey privateKey, X509Certificate x509Certificate) throws InvalidKeyException, NoSuchAlgorithmException, CertificateException {
        if (x509Certificate == null) {
            throw new IllegalArgumentException("certificate cannot be null");
        }
        create(document, createSigningKey(privateKey));
        setCertificate(x509Certificate);
    }

    public Signer(Document document, SigningKey signingKey, KeyInfo keyInfo) throws InvalidKeyException, NoSuchAlgorithmException, CertificateException {
        create(document, signingKey);
        setKeyInfo(keyInfo);
    }

    public Signer(Document document, PrivateKey privateKey, KeyInfo keyInfo) throws InvalidKeyException, NoSuchAlgorithmException, CertificateException {
        create(document, createSigningKey(privateKey));
        setKeyInfo(keyInfo);
    }

    private void create(Document document, SigningKey signingKey) throws InvalidKeyException, NoSuchAlgorithmException {
        create(document, signingKey, (PublicKey) null);
    }

    private void create(Document document, SigningKey signingKey, PublicKey publicKey) throws InvalidKeyException, NoSuchAlgorithmException {
        createSignature(document, signingKey);
        if (publicKey != null) {
            this.signature.getKeyInfo().addKeyValue(publicKey);
        }
    }

    private void createWriteCursor() {
        if (this.writeCursor != null) {
            return;
        }
        if (this.inPlace) {
            if (log.isDebugEnabled()) {
                log.debug("signing in place");
            }
            this.writeCursor = new DOMWriteCursor(this.document);
        } else {
            if (log.isDebugEnabled()) {
                log.debug("signing new document");
            }
            DOMCursor dOMCursor = new DOMCursor(this.document);
            this.writeCursor = new DOMWriteCursor();
            this.writeCursor.copyUnder(dOMCursor);
        }
    }

    private void create(Document document, SigningKey signingKey, VerifyingKey verifyingKey) throws InvalidKeyException, NoSuchAlgorithmException {
        createSignature(document, signingKey);
        if (verifyingKey != null) {
            this.signature.getKeyInfo().setExtension(new ElementExtension(this, verifyingKey) { // from class: org.apache.tsik.xmlsig.Signer.1
                private final VerifyingKey val$verifyingKey;
                private final Signer this$0;

                {
                    this.this$0 = this;
                    this.val$verifyingKey = verifyingKey;
                }

                @Override // org.apache.tsik.domutil.elements.Element
                public void toXml(DOMWriteCursor dOMWriteCursor) {
                    this.val$verifyingKey.writeKeyInfo(dOMWriteCursor.getElement());
                }

                @Override // org.apache.tsik.domutil.elements.ElementExtension
                public ElementExtension fromXml(DOMCursor dOMCursor) {
                    return null;
                }
            });
        }
    }

    private void createSignature(Document document, SigningKey signingKey) throws InvalidKeyException, NoSuchAlgorithmException {
        if (document == null) {
            throw new IllegalArgumentException("document cannot be null");
        }
        this.document = document;
        if (signingKey == null) {
            throw new IllegalArgumentException("signing key cannot be null");
        }
        this.signature = new Signature();
        this.signature.setSigningKey(signingKey);
    }

    private SigningKey createSigningKey(PrivateKey privateKey) throws InvalidKeyException {
        SigningKey hardwareSigningKey;
        if (privateKey instanceof RSAPrivateKey) {
            hardwareSigningKey = new RSASigningKey(privateKey);
        } else if (privateKey instanceof DSAPrivateKey) {
            hardwareSigningKey = new DSASigningKey(privateKey);
        } else {
            if (!(privateKey instanceof HardwarePrivateKey)) {
                throw new IllegalArgumentException("unknown signing key type");
            }
            hardwareSigningKey = new HardwareSigningKey(privateKey);
        }
        return hardwareSigningKey;
    }

    private void checkXPathExpression(XPath xPath) throws XPathException {
        String xPath2 = xPath.getXPath();
        if ("".equals(xPath2)) {
            throw new XPathException("Empty XPath expression is not allowed");
        }
        if (xPath2.indexOf("here()") != -1) {
            throw new XPathException(new StringBuffer().append("'here()' function cannot be used. Expression '").append(xPath2).append("' is illegal.").toString());
        }
        if (xPath2.startsWith("..")) {
            throw new XPathException(new StringBuffer().append("Relative XPath expression '").append(xPath2).append("' is not allowed").toString());
        }
        try {
            new DOMCursor(this.document).moveToXPath(xPath);
        } catch (IllegalArgumentException e) {
            throw new XPathException(e.toString());
        }
    }

    public void addReference(XPath xPath) {
        this.refs.addElement(xPath);
    }

    private static void validateCertificate(X509Certificate x509Certificate) throws CertificateException {
        if (x509Certificate == null) {
            throw new IllegalArgumentException("certificate cannot be null");
        }
        x509Certificate.checkValidity();
    }

    private static void validateCertificateChain(X509Certificate[] x509CertificateArr) throws CertificateException {
        if (x509CertificateArr == null) {
            throw new IllegalArgumentException("chain cannot be null");
        }
        if (x509CertificateArr.length < 1) {
            throw new IllegalArgumentException("chain cannot be empty");
        }
        validateCertificate(x509CertificateArr[0]);
        for (int i = 1; i < x509CertificateArr.length; i++) {
            if (x509CertificateArr[i] != null) {
                validateCertificate(x509CertificateArr[i]);
            }
        }
    }

    private void setCertificate(X509Certificate x509Certificate) throws CertificateException {
        validateCertificate(x509Certificate);
        org.apache.tsik.xmlsig.elements.KeyInfo keyInfo = this.signature.getKeyInfo();
        keyInfo.addCertificate(x509Certificate);
        keyInfo.explodeCertificate();
    }

    private void setKeyInfo(KeyInfo keyInfo) throws CertificateException {
        if (keyInfo != null) {
            X509Certificate[] certificateChain = keyInfo.getCertificateChain();
            if (certificateChain != null) {
                validateCertificateChain(certificateChain);
            }
            this.signature.setKeyInfo(new org.apache.tsik.xmlsig.elements.KeyInfo(keyInfo));
        }
    }

    private void setCertificateChain(X509Certificate[] x509CertificateArr) throws CertificateException {
        validateCertificateChain(x509CertificateArr);
        org.apache.tsik.xmlsig.elements.KeyInfo keyInfo = this.signature.getKeyInfo();
        keyInfo.addCertificateChain(x509CertificateArr);
        keyInfo.explodeCertificate();
    }

    private void addC14nTransform(Reference reference) {
        if (this.inclusivePrefixList == null) {
            reference.addTransform(new CanonicalizationTransform());
            return;
        }
        InclusiveNamespacesElement inclusiveNamespacesElement = new InclusiveNamespacesElement(this.inclusivePrefixList);
        ExclusiveC14nTransform exclusiveC14nTransform = new ExclusiveC14nTransform();
        exclusiveC14nTransform.setExtension(inclusiveNamespacesElement);
        reference.addTransform(exclusiveC14nTransform);
    }

    public void signInPlace() throws SignatureException, InvalidKeyException, NoSuchAlgorithmException, XPathException {
        this.inPlace = true;
        sign();
    }

    public Document sign() throws SignatureException, InvalidKeyException, NoSuchAlgorithmException, XPathException {
        boolean isDebugEnabled = log.isDebugEnabled();
        long currentTimeMillis = isDebugEnabled ? System.currentTimeMillis() : 0L;
        createWriteCursor();
        if (this.refs.size() == 0) {
            addReference(new XPath("/*"));
        }
        Vector vector = new Vector();
        int size = this.refs.size();
        for (int i = 0; i < size; i++) {
            XPath xPath = (XPath) this.refs.elementAt(i);
            checkXPathExpression(xPath);
            DOMCursor cloneCursor = this.writeCursor.cloneCursor();
            if (!cloneCursor.moveToXPath(xPath)) {
                throw new XPathException(new StringBuffer().append("XPath expression '").append(xPath.getXPath()).append("'").append(" evaluates to nothing").toString());
            }
            vector.add(cloneCursor);
        }
        SignedInfo signedInfo = this.signature.getSignedInfo();
        Enumeration elements = vector.elements();
        int i2 = 1;
        while (elements.hasMoreElements()) {
            DOMCursor dOMCursor = (DOMCursor) elements.nextElement();
            Reference reference = new Reference();
            addC14nTransform(reference);
            String uuid = UUID.generate().toString();
            ObjectElement objectElement = new ObjectElement();
            objectElement.setElementCursor(dOMCursor);
            objectElement.setId(uuid);
            reference.setUri(new StringBuffer().append("#").append(uuid).toString());
            reference.setTarget(objectElement);
            signedInfo.addReference(reference);
            i2++;
        }
        this.signature.addObjectsFromReferences(signedInfo.getReferences());
        signedInfo.calculateReferences();
        this.signature.setSignatureValue(this.signature.getSigningKey().signData(signedInfo.canonicalize()));
        if (log.isDebugEnabled()) {
            log.debug(new StringBuffer().append("sign=").append(this.signature).toString());
        }
        DOMWriteCursor dOMWriteCursor = new DOMWriteCursor();
        long currentTimeMillis2 = isDebugEnabled ? System.currentTimeMillis() : 0L;
        this.signature.toXml(dOMWriteCursor);
        long j = 0;
        if (isDebugEnabled) {
            j = System.currentTimeMillis() - currentTimeMillis2;
            currentTimeMillis2 = System.currentTimeMillis();
        }
        if (this.inPlace) {
            this.writeCursor.moveToTop();
            this.writeCursor.remove();
            this.writeCursor.copyUnder(dOMWriteCursor);
        } else {
            this.writeCursor = dOMWriteCursor;
        }
        if (isDebugEnabled) {
            log.debug(new StringBuffer().append("Time to sign: ").append(System.currentTimeMillis() - currentTimeMillis).append(" ms, of which toXml: ").append(j).append(" copy: ").append(System.currentTimeMillis() - currentTimeMillis2).toString());
        }
        return this.writeCursor.getDocument();
    }

    public Document sign(XPath xPath) throws SignatureException, InvalidKeyException, NoSuchAlgorithmException, XPathException {
        return sign(xPath, false);
    }

    public void signInPlace(XPath xPath) throws SignatureException, InvalidKeyException, NoSuchAlgorithmException, XPathException {
        this.inPlace = true;
        sign(xPath, false);
    }

    public void signInPlace(XPath xPath, boolean z) throws SignatureException, InvalidKeyException, NoSuchAlgorithmException, XPathException {
        this.inPlace = true;
        sign(xPath, z);
    }

    public Document sign(XPath xPath, boolean z) throws SignatureException, InvalidKeyException, NoSuchAlgorithmException, XPathException {
        byte[] canonicalize;
        boolean isDebugEnabled = log.isDebugEnabled();
        long currentTimeMillis = isDebugEnabled ? System.currentTimeMillis() : 0L;
        createWriteCursor();
        this.writeCursor.moveToTop();
        checkXPathExpression(xPath);
        if (!this.writeCursor.moveToXPath(xPath)) {
            throw new XPathException(new StringBuffer().append("XPath expression '").append(xPath.getXPath()).append("'").append(" evaluates to nothing").toString());
        }
        if (this.refs.size() == 0) {
            addReference(new XPath("/"));
        }
        Vector vector = new Vector();
        Hashtable hashtable = new Hashtable();
        int size = this.refs.size();
        for (int i = 0; i < size; i++) {
            XPath xPath2 = (XPath) this.refs.elementAt(i);
            checkXPathExpression(xPath2);
            DOMCursor cloneCursor = this.writeCursor.cloneCursor();
            if (!cloneCursor.moveToXPath(xPath2)) {
                throw new XPathException(new StringBuffer().append("XPath expression '").append(xPath2.getXPath()).append("'").append(" evaluates to nothing").toString());
            }
            vector.add(cloneCursor);
            hashtable.put(cloneCursor, xPath2);
        }
        SignedInfo signedInfo = this.signature.getSignedInfo();
        Enumeration elements = vector.elements();
        while (elements.hasMoreElements()) {
            DOMCursor dOMCursor = (DOMCursor) elements.nextElement();
            Reference reference = new Reference();
            if (z ? !dOMCursor.equals(this.writeCursor) && dOMCursor.contains(this.writeCursor) : dOMCursor.contains(this.writeCursor)) {
                if (log.isDebugEnabled()) {
                    log.debug("Adding enveloped transform");
                }
                reference.addTransform(new EnvelopedTransform());
            }
            addC14nTransform(reference);
            reference.setTarget(dOMCursor);
            XPath xPath3 = (XPath) hashtable.get(dOMCursor);
            reference.setUri("/".equals(xPath3.getXPath()) ? "" : xPath3.toXPointer());
            signedInfo.addReference(reference);
        }
        signedInfo.calculateReferences();
        if (CanonicalizerFactory.USE_OLD_IMPL) {
            DOMWriteCursor dOMWriteCursor = new DOMWriteCursor();
            dOMWriteCursor.copyUnder(this.writeCursor);
            canonicalize = signedInfo.canonicalize(dOMWriteCursor.addUnder(null, null, "temp"));
        } else {
            canonicalize = signedInfo.canonicalize(this.writeCursor);
        }
        if (log.isDebugEnabled()) {
            log.debug(new StringBuffer().append("canonical form = ").append(new String(canonicalize)).toString());
        }
        this.signature.setSignatureValue(this.signature.getSigningKey().signData(canonicalize));
        if (log.isDebugEnabled()) {
            log.debug(new StringBuffer().append("sign=").append(this.signature).toString());
        }
        DOMWriteCursor dOMWriteCursor2 = new DOMWriteCursor();
        long currentTimeMillis2 = isDebugEnabled ? System.currentTimeMillis() : 0L;
        this.signature.toXml(dOMWriteCursor2);
        long currentTimeMillis3 = isDebugEnabled ? System.currentTimeMillis() - currentTimeMillis2 : 0L;
        if (z) {
            this.writeCursor.copyBefore(dOMWriteCursor2);
        } else {
            this.writeCursor.copyUnder(dOMWriteCursor2);
        }
        if (isDebugEnabled) {
            log.debug(new StringBuffer().append("Time to sign: ").append(System.currentTimeMillis() - currentTimeMillis).append(" ms, of which toXml: ").append(currentTimeMillis3).toString());
        }
        return this.writeCursor.getDocument();
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }

    static {
        Class cls;
        if (class$org$apache$tsik$xmlsig$Signer == null) {
            cls = class$("org.apache.tsik.xmlsig.Signer");
            class$org$apache$tsik$xmlsig$Signer = cls;
        } else {
            cls = class$org$apache$tsik$xmlsig$Signer;
        }
        log = LoggerFactory.getLogger(cls);
    }
}
