package es.ree.eemws.core.utils.security;

import es.ree.eemws.core.utils.i18n.Messages;
import es.ree.eemws.core.utils.security.SignatureVerificationException;
import es.ree.eemws.core.utils.xml.XMLUtil;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateKey;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Date;
import java.util.Enumeration;
import javax.xml.bind.DatatypeConverter;
import javax.xml.crypto.MarshalException;
import javax.xml.crypto.dsig.Reference;
import javax.xml.crypto.dsig.SignedInfo;
import javax.xml.crypto.dsig.XMLSignature;
import javax.xml.crypto.dsig.XMLSignatureException;
import javax.xml.crypto.dsig.XMLSignatureFactory;
import javax.xml.crypto.dsig.dom.DOMSignContext;
import javax.xml.crypto.dsig.dom.DOMValidateContext;
import javax.xml.crypto.dsig.keyinfo.KeyInfoFactory;
import javax.xml.crypto.dsig.spec.C14NMethodParameterSpec;
import javax.xml.crypto.dsig.spec.DigestMethodParameterSpec;
import javax.xml.crypto.dsig.spec.SignatureMethodParameterSpec;
import javax.xml.crypto.dsig.spec.TransformParameterSpec;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.transform.TransformerException;
import org.w3c.dom.Document;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
import org.xml.sax.SAXException;

/* loaded from: input_file:es/ree/eemws/core/utils/security/SignatureManager.class */
public final class SignatureManager {
    private static final String SIGNATURE_URI = "";
    private static final String SIGNATURE_FACTORY_TYPE = "DOM";
    private static final String DIGEST_METHOD = "http://www.w3.org/2001/04/xmlenc#sha256";
    private static final String LEGACY_SHA1_DIGEST_METHOD = "http://www.w3.org/2000/09/xmldsig#sha1";
    private static final String CANONICALIZATION_METHOD = "http://www.w3.org/TR/2001/REC-xml-c14n-20010315";
    private static final String USE_LEGACY_SHA1_SYSTEM_FLAG = "USE_LEGACY_SHA1";
    private static final String SIGNATURE_METHOD = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256";
    private static final String LEGACY_SHA1_SIGNATURE_METHOD = "http://www.w3.org/2000/09/xmldsig#rsa-sha1";
    private static final String TRANSFORM = "http://www.w3.org/2000/09/xmldsig#enveloped-signature";
    private static final String HEADER_TAG = "Header";
    private static final String HEADER_NAME_SPACE = "http://iec.ch/TC57/2011/schema/message";
    private static final String SYSTEM_KEY_STORE_TYPE = "javax.net.ssl.keyStoreType";
    private static final String DEFAULT_KEY_STORE_TYPE = "PKCS12";
    private static final String SYSTEM_KEY_STORE_PASSWORD = "javax.net.ssl.keyStorePassword";
    private static final String DEFAULT_KEY_STORE_PASSWORD = "";
    private static final String SYSTEM_KEY_STORE_FILE = "javax.net.ssl.keyStore";
    private static final String SIGNATURE_TAG = "Signature";

    private SignatureManager() {
    }

    public static X509Certificate verifyString(StringBuilder sb) throws SignatureVerificationException, SignatureSyntaxException {
        try {
            return verifyDocument(XMLUtil.string2Document(sb));
        } catch (IOException | ParserConfigurationException | SAXException e) {
            throw new SignatureVerificationException(Messages.getString("SECURITY_INVALID_DOCUMENT", new Object[0]), e);
        }
    }

    public static X509Certificate verifyDocument(Document document) throws SignatureVerificationException, SignatureSyntaxException {
        try {
            NodeList elementsByTagNameNS = document.getElementsByTagNameNS("http://www.w3.org/2000/09/xmldsig#", SIGNATURE_TAG);
            if (elementsByTagNameNS.getLength() != 1) {
                throw new SignatureVerificationException(Messages.getString("SECURITY_INVALID_DOCUMENT_NO_HEADER", SIGNATURE_TAG, "http://www.w3.org/2000/09/xmldsig#"));
            }
            Node item = elementsByTagNameNS.item(0);
            XMLSignatureFactory xMLSignatureFactory = XMLSignatureFactory.getInstance(SIGNATURE_FACTORY_TYPE);
            KeyValueKeySelector keyValueKeySelector = new KeyValueKeySelector();
            DOMValidateContext dOMValidateContext = new DOMValidateContext(keyValueKeySelector, item);
            XMLSignature unmarshalXMLSignature = xMLSignatureFactory.unmarshalXMLSignature(dOMValidateContext);
            boolean validate = unmarshalXMLSignature.validate(dOMValidateContext);
            boolean z = true;
            X509Certificate x509Certificate = keyValueKeySelector.getX509Certificate();
            String string = Messages.getString("SECURITY_SIGNATURE_VALIDATION_FAILED", new Object[0]);
            CertificateException certificateException = null;
            if (x509Certificate != null) {
                try {
                    X509Util.checkCertificate(x509Certificate);
                } catch (CertificateExpiredException | CertificateNotYetValidException e) {
                    z = false;
                    string = Messages.getString("SECURITY_SIGNATURE_CERTIFICATE_NOT_VALID", new Date(), x509Certificate.getNotBefore(), x509Certificate.getNotAfter());
                    certificateException = e;
                } catch (CertificateException e2) {
                    z = false;
                    string = Messages.getString("SECURITY_SIGNATURE_NO_TRUSTED_CERT", new Object[0]);
                    certificateException = e2;
                }
            }
            if (validate && z) {
                return x509Certificate;
            }
            SignatureVerificationException signatureVerificationException = new SignatureVerificationException(string, certificateException);
            SignatureVerificationException.SignatureVerificationExceptionDetails details = signatureVerificationException.getDetails();
            details.setSignatureValid(unmarshalXMLSignature.getSignatureValue().validate(dOMValidateContext));
            details.setCertificateValid(z);
            details.setSignatureCertificate(x509Certificate);
            for (Reference reference : unmarshalXMLSignature.getSignedInfo().getReferences()) {
                details.addReferenceStatus(Boolean.valueOf(reference.validate(dOMValidateContext)), DatatypeConverter.printBase64Binary(reference.getCalculatedDigestValue()), DatatypeConverter.printBase64Binary(reference.getDigestValue()));
            }
            throw signatureVerificationException;
        } catch (MarshalException | NumberFormatException e3) {
            throw new SignatureSyntaxException(Messages.getString("SECURITY_SIGNATURE_SYNTAX_ERROR", new Object[0]), e3);
        } catch (XMLSignatureException e4) {
            throw new SignatureVerificationException(Messages.getString("SECURITY_UNABLE_TO_VERIFY", new Object[0]), e4);
        }
    }

    public static void signDocument(Document document, RSAPrivateKey rSAPrivateKey, X509Certificate x509Certificate) throws SignatureManagerException {
        signDocument(document, (PrivateKey) rSAPrivateKey, x509Certificate);
    }

    /* JADX WARN: Finally extract failed */
    public static void signDocument(Document document) throws SignatureManagerException {
        RSAPrivateKey rSAPrivateKey = null;
        X509Certificate x509Certificate = null;
        String property = System.getProperty(SYSTEM_KEY_STORE_FILE);
        if (property == null) {
            throw new SignatureManagerException(Messages.getString("SECURITY_NO_SYSTEM_KEY_STORE", SYSTEM_KEY_STORE_FILE));
        }
        String property2 = System.getProperty(SYSTEM_KEY_STORE_PASSWORD, "");
        String property3 = System.getProperty(SYSTEM_KEY_STORE_TYPE, DEFAULT_KEY_STORE_TYPE);
        try {
            FileInputStream fileInputStream = new FileInputStream(property);
            Throwable th = null;
            try {
                KeyStore keyStore = KeyStore.getInstance(property3);
                keyStore.load(fileInputStream, property2.toCharArray());
                Enumeration<String> aliases = keyStore.aliases();
                boolean z = false;
                Exception exc = null;
                while (!z && aliases.hasMoreElements()) {
                    try {
                        String nextElement = aliases.nextElement();
                        rSAPrivateKey = (RSAPrivateKey) keyStore.getKey(nextElement, property2.toCharArray());
                        x509Certificate = (X509Certificate) keyStore.getCertificate(nextElement);
                        x509Certificate.checkValidity();
                        z = rSAPrivateKey != null;
                    } catch (KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException | CertificateException e) {
                        z = false;
                        exc = e;
                    }
                }
                if (!z) {
                    throw new SignatureManagerException(Messages.getString("SECURITY_NO_USABLE_CERTIFICATE_FOUND", new Object[0]), exc);
                }
                if (fileInputStream != null) {
                    if (0 != 0) {
                        try {
                            fileInputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        fileInputStream.close();
                    }
                }
                signDocument(document, rSAPrivateKey, x509Certificate);
            } catch (Throwable th3) {
                if (fileInputStream != null) {
                    if (0 != 0) {
                        try {
                            fileInputStream.close();
                        } catch (Throwable th4) {
                            th.addSuppressed(th4);
                        }
                    } else {
                        fileInputStream.close();
                    }
                }
                throw th3;
            }
        } catch (FileNotFoundException e2) {
            throw new SignatureManagerException(Messages.getString("SECURITY_UNABLE_TO_READ_KEY_STORE", property, SYSTEM_KEY_STORE_FILE), e2);
        } catch (IOException | NoSuchAlgorithmException | CertificateException e3) {
            throw new SignatureManagerException(Messages.getString("SECURITY_UNABLE_TO_LOAD_KEY_STORE", property, SYSTEM_KEY_STORE_TYPE, SYSTEM_KEY_STORE_PASSWORD), e3);
        } catch (KeyStoreException e4) {
            throw new SignatureManagerException(Messages.getString("SECURITY_UNABLE_TO_GET_KEY_STORE", property3, SYSTEM_KEY_STORE_TYPE), e4);
        }
    }

    public static void signString(StringBuilder sb) throws SignatureManagerException {
        Document document = null;
        try {
            try {
                document = XMLUtil.string2Document(sb);
                sb.setLength(0);
                sb.trimToSize();
                signDocument(document);
                if (document != null) {
                    try {
                        sb.append(XMLUtil.document2String(document));
                    } catch (TransformerException e) {
                        throw new SignatureManagerException(Messages.getString("SECURITY_INVALID_DOCUMENT", new Object[0]), e);
                    }
                }
            } catch (Throwable th) {
                if (document != null) {
                    try {
                        sb.append(XMLUtil.document2String(document));
                    } catch (TransformerException e2) {
                        throw new SignatureManagerException(Messages.getString("SECURITY_INVALID_DOCUMENT", new Object[0]), e2);
                    }
                }
                throw th;
            }
        } catch (IOException | ParserConfigurationException | SAXException e3) {
            throw new SignatureManagerException(Messages.getString("SECURITY_INVALID_DOCUMENT", new Object[0]), e3);
        }
    }

    public static void signString(StringBuilder sb, PrivateKey privateKey, X509Certificate x509Certificate) throws SignatureManagerException {
        Document document = null;
        try {
            try {
                document = XMLUtil.string2Document(sb);
                sb.setLength(0);
                sb.trimToSize();
                signDocument(document, privateKey, x509Certificate);
                if (document != null) {
                    try {
                        sb.append(XMLUtil.document2String(document));
                    } catch (TransformerException e) {
                        throw new SignatureManagerException(Messages.getString("SECURITY_INVALID_DOCUMENT", new Object[0]), e);
                    }
                }
            } catch (Throwable th) {
                if (document != null) {
                    try {
                        sb.append(XMLUtil.document2String(document));
                    } catch (TransformerException e2) {
                        throw new SignatureManagerException(Messages.getString("SECURITY_INVALID_DOCUMENT", new Object[0]), e2);
                    }
                }
                throw th;
            }
        } catch (IOException | ParserConfigurationException | SAXException e3) {
            throw new SignatureManagerException(Messages.getString("SECURITY_INVALID_DOCUMENT", new Object[0]), e3);
        }
    }

    public static void signDocument(Document document, PrivateKey privateKey, X509Certificate x509Certificate) throws SignatureManagerException {
        try {
            XMLSignatureFactory xMLSignatureFactory = XMLSignatureFactory.getInstance(SIGNATURE_FACTORY_TYPE);
            SignedInfo newSignedInfo = System.getProperty(USE_LEGACY_SHA1_SYSTEM_FLAG) == null ? xMLSignatureFactory.newSignedInfo(xMLSignatureFactory.newCanonicalizationMethod(CANONICALIZATION_METHOD, (C14NMethodParameterSpec) null), xMLSignatureFactory.newSignatureMethod(SIGNATURE_METHOD, (SignatureMethodParameterSpec) null), Collections.singletonList(xMLSignatureFactory.newReference("", xMLSignatureFactory.newDigestMethod(DIGEST_METHOD, (DigestMethodParameterSpec) null), Collections.singletonList(xMLSignatureFactory.newTransform(TRANSFORM, (TransformParameterSpec) null)), (String) null, (String) null))) : xMLSignatureFactory.newSignedInfo(xMLSignatureFactory.newCanonicalizationMethod(CANONICALIZATION_METHOD, (C14NMethodParameterSpec) null), xMLSignatureFactory.newSignatureMethod(LEGACY_SHA1_SIGNATURE_METHOD, (SignatureMethodParameterSpec) null), Collections.singletonList(xMLSignatureFactory.newReference("", xMLSignatureFactory.newDigestMethod(LEGACY_SHA1_DIGEST_METHOD, (DigestMethodParameterSpec) null), Collections.singletonList(xMLSignatureFactory.newTransform(TRANSFORM, (TransformParameterSpec) null)), (String) null, (String) null)));
            NodeList elementsByTagNameNS = document.getElementsByTagNameNS(HEADER_NAME_SPACE, HEADER_TAG);
            if (elementsByTagNameNS.getLength() != 1) {
                throw new SignatureManagerException(Messages.getString("SECURITY_INVALID_DOCUMENT_NO_HEADER", HEADER_TAG, HEADER_NAME_SPACE));
            }
            DOMSignContext dOMSignContext = new DOMSignContext(privateKey, elementsByTagNameNS.item(0));
            KeyInfoFactory keyInfoFactory = xMLSignatureFactory.getKeyInfoFactory();
            ArrayList arrayList = new ArrayList();
            arrayList.add(keyInfoFactory.newX509IssuerSerial(x509Certificate.getIssuerDN().getName(), x509Certificate.getSerialNumber()));
            arrayList.add(x509Certificate.getSubjectX500Principal().getName());
            arrayList.add(x509Certificate);
            xMLSignatureFactory.newXMLSignature(newSignedInfo, keyInfoFactory.newKeyInfo(Collections.singletonList(keyInfoFactory.newX509Data(arrayList)))).sign(dOMSignContext);
        } catch (MarshalException | XMLSignatureException e) {
            throw new SignatureManagerException(Messages.getString("SECURITY_INVALID_DOCUMENT_CANNOT_SIGN", new Object[0]), e);
        } catch (GeneralSecurityException e2) {
            throw new SignatureManagerException(Messages.getString("SECURITY_INVALID_GENERAL_ERROR", new Object[0]), e2);
        }
    }
}
