package hk.hku.cecid.ebms.pkg.pki;

import java.io.InputStream;
import java.security.KeyStoreException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import org.apache.log4j.Logger;
import org.apache.xml.security.Init;
import org.apache.xml.security.exceptions.XMLSecurityException;
import org.apache.xml.security.keys.KeyInfo;
import org.apache.xml.security.keys.keyresolver.KeyResolverException;
import org.apache.xml.security.signature.XMLSignature;
import org.apache.xml.security.signature.XMLSignatureException;
import org.apache.xml.security.transforms.TransformationException;
import org.apache.xml.security.transforms.Transforms;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.NodeList;

/* loaded from: input_file:hermes2_bin.zip:plugins/corvus-ebms/ebxml-pkg.jar:hk/hku/cecid/ebms/pkg/pki/ApacheXMLDSigner.class */
public class ApacheXMLDSigner implements XMLDSigner {
    protected static Logger logger = Logger.getLogger(ApacheXMLDSigner.class);
    public static final String ELEMENT_SIGNATURE = "Signature";
    public static final String ELEMENT_KEY_INFO = "KeyInfo";
    public static final String ELEMENT_XPATH = "XPath";
    public static final String NAMESPACE_URI_XML_NS = "http://www.w3.org/2000/xmlns/";
    public static final String NAMESPACE_PREFIX_DS = "ds";
    public static final String NAMESPACE_URI_DS = "http://www.w3.org/2000/09/xmldsig#";
    public static final String SIGNATURE_METHOD = "dsa-sha1";
    public static final String DIGEST_METHOD = "http://www.w3.org/2000/09/xmldsig#sha1";
    public static final String NAMESPACE_PREFIX_SOAP_ENVELOPE = "SOAP-ENV";
    public static final String NAMESPACE_URI_SOAP_ENVELOPE = "http://schemas.xmlsoap.org/soap/envelope/";
    public static final String TRANSFORM_ALGORITHM_XPATH = "http://www.w3.org/TR/1999/REC-xpath-19991116";
    public static final String ACTOR_NEXT_MSH_URN = "urn:oasis:names:tc:ebxml-msg:actor:nextMSH";
    public static final String ACTOR_NEXT_MSH_SCHEMAS = "http://schemas.xmlsoap.org/soap/actor/next";
    public static final String TRANSFORM_XPATH = "not(ancestor-or-self::node()[@SOAP-ENV:actor=\"urn:oasis:names:tc:ebxml-msg:actor:nextMSH\"] | ancestor-or-self::node()[@SOAP-ENV:actor=\"http://schemas.xmlsoap.org/soap/actor/next\"])";
    private String algo;
    protected ArrayList documents = new ArrayList();
    protected Document envelope = null;
    protected XMLSignature signature = null;
    protected CompositeKeyStore trusted = null;
    private CertResolver certResolver = null;
    private Object obj = null;
    private String digestAlgo = null;

    public void setEnvelope(Document document, String str, String str2) throws SignException {
        setEnvelope(document, str);
        this.digestAlgo = str2;
    }

    public void setEnvelope(Document document, String str) throws SignException {
        this.envelope = document;
        if (str != null) {
            try {
                this.signature = new XMLSignature(this.envelope, "http://www.w3.org/2000/09/xmldsig#", "http://www.w3.org/2000/09/xmldsig#" + str);
            } catch (XMLSecurityException e) {
                String str2 = "Cannot create XMLSignature object - " + e.getMessage();
                logger.error(str2);
                throw new SignException(str2);
            }
        }
        this.algo = str;
        logger.debug("setEnvelope, using algorithm: " + str);
    }

    @Override // hk.hku.cecid.ebms.pkg.pki.XMLDSigner
    public void setEnvelope(Document document) throws SignException {
        setEnvelope(document, null);
    }

    @Override // hk.hku.cecid.ebms.pkg.pki.XMLDSigner
    public void addDocument(String str, InputStream inputStream, String str2) {
        DocumentDetail documentDetail = new DocumentDetail();
        documentDetail.uri = str;
        documentDetail.stream = inputStream;
        documentDetail.contentType = str2;
        this.documents.add(documentDetail);
        logger.debug("addDocument URI: " + str + ", contentType: " + str2);
    }

    public void addCertResolver(CertResolver certResolver, Object obj) {
        this.certResolver = certResolver;
        this.obj = obj;
    }

    @Override // hk.hku.cecid.ebms.pkg.pki.XMLDSigner
    public void sign(CompositeKeyStore compositeKeyStore, String str, char[] cArr) throws SignException {
        logger.debug("start signing");
        try {
            PrivateKey privateKey = (PrivateKey) compositeKeyStore.getKey(str, cArr);
            logger.debug("got private key from keystore");
            if (this.envelope == null) {
                logger.warn("Envelope element not set");
                throw new SignException("Envelope element not set");
            }
            DocumentDetail[] documentDetailArr = new DocumentDetail[this.documents.size()];
            for (int i = 0; i < documentDetailArr.length; i++) {
                documentDetailArr[i] = (DocumentDetail) this.documents.get(i);
            }
            this.signature.getSignedInfo().addResourceResolver(new DocumentResolver(documentDetailArr));
            logger.debug("created DocumentResolver");
            Transforms transforms = new Transforms(this.envelope);
            try {
                transforms.addTransform("http://www.w3.org/2000/09/xmldsig#enveloped-signature");
                Element createElementNS = this.envelope.createElementNS("http://www.w3.org/2000/09/xmldsig#", "XPath");
                createElementNS.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:SOAP-ENV", "http://schemas.xmlsoap.org/soap/envelope/");
                createElementNS.appendChild(this.envelope.createTextNode("not(ancestor-or-self::node()[@SOAP-ENV:actor=\"urn:oasis:names:tc:ebxml-msg:actor:nextMSH\"] | ancestor-or-self::node()[@SOAP-ENV:actor=\"http://schemas.xmlsoap.org/soap/actor/next\"])"));
                createElementNS.setPrefix("ds");
                transforms.addTransform("http://www.w3.org/TR/1999/REC-xpath-19991116", createElementNS);
                transforms.addTransform("http://www.w3.org/TR/2001/REC-xml-c14n-20010315");
                logger.debug("created Transform");
                try {
                    if (this.digestAlgo == null) {
                        this.signature.addDocument("", transforms, "http://www.w3.org/2000/09/xmldsig#sha1");
                    } else {
                        this.signature.addDocument("", transforms, "http://www.w3.org/2000/09/xmldsig#" + this.digestAlgo);
                    }
                    logger.debug("added main document (envelope)");
                    for (int i2 = 0; i2 < this.documents.size(); i2++) {
                        DocumentDetail documentDetail = (DocumentDetail) this.documents.get(i2);
                        try {
                            this.signature.addDocument(documentDetail.uri);
                        } catch (XMLSignatureException e) {
                            String str2 = "cannot add document: " + documentDetail.uri + " - " + e.getMessage();
                            logger.warn(str2);
                            throw new SignException(str2);
                        }
                    }
                    logger.debug("added " + this.documents.size() + " attachment documents");
                    try {
                        Certificate[] certificateChain = compositeKeyStore.getCertificateChain(str);
                        if (certificateChain == null) {
                            String str3 = "Cannot get certificate path: " + str;
                            logger.warn(str3);
                            throw new SignException(str3);
                        }
                        logger.debug("got the certificate chain from keystore");
                        for (Certificate certificate : certificateChain) {
                            try {
                                this.signature.addKeyInfo((X509Certificate) certificate);
                            } catch (XMLSecurityException e2) {
                                String str4 = "Cannot add key info - " + e2.getMessage();
                                logger.warn(str4);
                                throw new SignException(str4);
                            }
                        }
                        logger.debug("added the certificate chain to signature");
                        try {
                            this.signature.sign(privateKey);
                            logger.debug("message signed");
                        } catch (Exception e3) {
                            String str5 = "Cannot sign - " + e3.getMessage();
                            logger.warn(str5);
                            throw new SignException(str5);
                        }
                    } catch (KeyStoreException e4) {
                        String str6 = "Cannot get certificate path: " + str + " - " + e4.getMessage();
                        logger.warn(str6);
                        throw new SignException(str6);
                    }
                } catch (XMLSignatureException e5) {
                    String str7 = "Cannot add envelope document - " + e5.getMessage();
                    logger.warn(str7);
                    throw new SignException(str7);
                }
            } catch (TransformationException e6) {
                String str8 = "Cannot add transform - " + e6.getMessage();
                logger.warn(str8);
                throw new SignException(str8);
            }
        } catch (Exception e7) {
            String str9 = "Cannot get private key: " + str + " - " + e7.getMessage();
            logger.warn(str9);
            throw new SignException(str9);
        }
    }

    @Override // hk.hku.cecid.ebms.pkg.pki.XMLDSigner
    public void setTrustAnchor(CompositeKeyStore compositeKeyStore) {
        this.trusted = compositeKeyStore;
    }

    @Override // hk.hku.cecid.ebms.pkg.pki.XMLDSigner
    public boolean verify() throws VerifyException {
        logger.debug("start verifying");
        if (this.envelope == null) {
            logger.warn("Envelope element not set.");
            throw new VerifyException("Envelope element not set.");
        }
        NodeList elementsByTagNameNS = this.envelope.getElementsByTagNameNS("http://www.w3.org/2000/09/xmldsig#", "Signature");
        if (elementsByTagNameNS.getLength() == 0) {
            logger.warn("No <ds:Signature> found");
            throw new VerifyException("No <ds:Signature> found");
        }
        Element element = (Element) elementsByTagNameNS.item(0);
        logger.debug("got the signature element");
        try {
            this.signature = new XMLSignature(element, "http://www.w3.org/2000/09/xmldsig#");
            logger.debug("created signature object");
            DocumentDetail[] documentDetailArr = new DocumentDetail[this.documents.size()];
            for (int i = 0; i < documentDetailArr.length; i++) {
                documentDetailArr[i] = (DocumentDetail) this.documents.get(i);
            }
            this.signature.addResourceResolver(new DocumentResolver(documentDetailArr));
            logger.debug("created document resolver");
            Certificate[] certificateArr = null;
            if (this.certResolver != null) {
                certificateArr = this.certResolver.resolve(this.obj);
                if (certificateArr == null || certificateArr.length <= 0) {
                    logger.warn("Certificates returned by certResolver is null");
                    throw new VerifyException("Certificates returned by certResolver is null");
                }
            } else if (this.trusted == null) {
                logger.warn("Cannot verify cert path, but certResolver is null");
                throw new VerifyException("Cannot verify cert path, but certResolver is null");
            }
            KeyInfo keyInfo = null;
            PublicKey publicKey = null;
            if (certificateArr == null || certificateArr.length <= 0) {
                keyInfo = this.signature.getKeyInfo();
            } else {
                publicKey = certificateArr[0].getPublicKey();
                logger.debug("got certificate and public key from CertResolver");
            }
            if (keyInfo != null) {
                try {
                    int lengthX509Data = keyInfo.lengthX509Data();
                    if (lengthX509Data > 0) {
                        certificateArr = new Certificate[lengthX509Data];
                        for (int i2 = 0; i2 < lengthX509Data; i2++) {
                            try {
                                certificateArr[i2] = keyInfo.itemX509Data(i2).itemCertificate(0).getX509Certificate();
                            } catch (XMLSecurityException e) {
                                String str = "Cannot get X509 certficate from <" + element.getPrefix() + ":KeyInfo>";
                                logger.warn(str);
                                throw new VerifyException(str);
                            }
                        }
                    }
                    X509Certificate x509Certificate = keyInfo.getX509Certificate();
                    if (x509Certificate != null) {
                        publicKey = x509Certificate.getPublicKey();
                    }
                    logger.debug("got X509 certificate and public key from Signature element in message");
                } catch (KeyResolverException e2) {
                    String str2 = "Cannot get X509 certificate from <" + element.getPrefix() + ":KeyInfo>";
                    logger.warn(str2);
                    throw new VerifyException(str2);
                }
            }
            if (publicKey == null) {
                logger.warn("No PublicKey found");
                throw new VerifyException("No PublicKey found");
            }
            try {
                boolean checkSignatureValue = this.signature.checkSignatureValue(publicKey);
                logger.debug("checked signature value, result: " + checkSignatureValue);
                if (!checkSignatureValue || this.trusted == null || certificateArr == null || certificateArr.length <= 1) {
                    logger.debug("verification of cert path skipped");
                } else {
                    logger.debug("start verifying cert path");
                    checkSignatureValue = CertPathVerifier.verify(certificateArr, this.trusted);
                    logger.debug("verified, result: " + checkSignatureValue);
                }
                return checkSignatureValue;
            } catch (Exception e3) {
                String str3 = "Cannot check signature - " + e3.getMessage();
                logger.warn(str3);
                throw new VerifyException(str3);
            }
        } catch (Exception e4) {
            String str4 = "Cannot create XMLSignature object - " + e4.getMessage();
            logger.error(str4);
            throw new VerifyException(str4);
        }
    }

    @Override // hk.hku.cecid.ebms.pkg.pki.XMLDSigner
    public Element getElement() {
        if (this.signature != null) {
            return this.signature.getElement();
        }
        return null;
    }

    static {
        Init.init();
    }
}
