package xades4j.verification;

import java.io.InputStream;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.inject.Inject;
import org.apache.xml.security.Init;
import org.apache.xml.security.exceptions.XMLSecurityException;
import org.apache.xml.security.signature.Reference;
import org.apache.xml.security.signature.SignedInfo;
import org.apache.xml.security.signature.XMLSignature;
import org.apache.xml.security.signature.XMLSignatureException;
import org.apache.xml.security.utils.resolver.ResourceResolverSpi;
import org.w3c.dom.Attr;
import org.w3c.dom.Element;
import xades4j.XAdES4jException;
import xades4j.XAdES4jXMLSigException;
import xades4j.production.XadesSignatureFormatExtender;
import xades4j.properties.QualifyingProperty;
import xades4j.properties.SignatureTimeStampProperty;
import xades4j.properties.UnsignedProperties;
import xades4j.properties.UnsignedSignatureProperty;
import xades4j.properties.data.CertRef;
import xades4j.properties.data.PropertyDataObject;
import xades4j.properties.data.SignatureTimeStampData;
import xades4j.properties.data.SigningCertificateData;
import xades4j.providers.CertificateValidationProvider;
import xades4j.providers.ValidationData;
import xades4j.providers.X500NameStyleProvider;
import xades4j.utils.CollectionUtils;
import xades4j.utils.ObjectUtils;
import xades4j.utils.PropertiesUtils;
import xades4j.utils.ResolverAnonymous;
import xades4j.verification.KeyInfoProcessor;
import xades4j.verification.QualifyingPropertyVerificationContext;
import xades4j.verification.RawSignatureVerifier;
import xades4j.verification.SignatureUtils;
import xades4j.xml.unmarshalling.QualifyingPropertiesUnmarshaller;
import xades4j.xml.unmarshalling.UnmarshalException;

/* loaded from: input_file:xades4j/verification/XadesVerifierImpl.class */
class XadesVerifierImpl implements XadesVerifier {
    private final CertificateValidationProvider certificateValidator;
    private final QualifyingPropertiesVerifier qualifyingPropertiesVerifier;
    private final QualifyingPropertiesUnmarshaller qualifPropsUnmarshaller;
    private final Set<RawSignatureVerifier> rawSigVerifiers;
    private final Set<CustomSignatureVerifier> customSigVerifiers;
    private final X500NameStyleProvider x500NameStyleProvider;
    private boolean secureValidation;
    private static FormExtensionPropsCollector[][] formsExtensionTransitions;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:xades4j/verification/XadesVerifierImpl$FormExtensionPropsCollector.class */
    public interface FormExtensionPropsCollector {
        void addProps(Collection<UnsignedSignatureProperty> collection, XAdESVerificationResult xAdESVerificationResult);
    }

    @Inject
    protected XadesVerifierImpl(CertificateValidationProvider certificateValidationProvider, QualifyingPropertiesVerifier qualifyingPropertiesVerifier, QualifyingPropertiesUnmarshaller qualifyingPropertiesUnmarshaller, Set<RawSignatureVerifier> set, Set<CustomSignatureVerifier> set2, X500NameStyleProvider x500NameStyleProvider) {
        if (ObjectUtils.anyNull(certificateValidationProvider, qualifyingPropertiesVerifier, qualifyingPropertiesUnmarshaller, set, set2)) {
            throw new NullPointerException("One or more arguments are null");
        }
        this.certificateValidator = certificateValidationProvider;
        this.qualifyingPropertiesVerifier = qualifyingPropertiesVerifier;
        this.qualifPropsUnmarshaller = qualifyingPropertiesUnmarshaller;
        this.rawSigVerifiers = set;
        this.customSigVerifiers = set2;
        this.x500NameStyleProvider = x500NameStyleProvider;
        this.secureValidation = false;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setAcceptUnknownProperties(boolean z) {
        this.qualifPropsUnmarshaller.setAcceptUnknownProperties(z);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setSecureValidation(boolean z) {
        this.secureValidation = z;
    }

    @Override // xades4j.verification.XadesVerifier
    public XAdESVerificationResult verify(Element element, SignatureSpecificVerificationOptions signatureSpecificVerificationOptions) throws XAdES4jException {
        boolean[] keyUsage;
        if (null == element) {
            throw new NullPointerException("Signature node not specified");
        }
        if (null == signatureSpecificVerificationOptions) {
            signatureSpecificVerificationOptions = SignatureSpecificVerificationOptions.EMPTY;
        }
        try {
            XMLSignature xMLSignature = new XMLSignature(element, signatureSpecificVerificationOptions.getBaseUri(), this.secureValidation);
            String id = xMLSignature.getId();
            if (null == id) {
                throw new UnmarshalException("XML signature doesn't have an Id");
            }
            SignatureUtils.ReferencesRes processReferences = SignatureUtils.processReferences(xMLSignature);
            RawSignatureVerifier.RawSignatureVerifierContext rawSignatureVerifierContext = new RawSignatureVerifier.RawSignatureVerifierContext(xMLSignature);
            Iterator<RawSignatureVerifier> it = this.rawSigVerifiers.iterator();
            while (it.hasNext()) {
                it.next().verify(rawSignatureVerifierContext);
            }
            Element qualifyingPropertiesElement = SignatureUtils.getQualifyingPropertiesElement(xMLSignature);
            SignatureUtils.checkSignedPropertiesIncorporation(qualifyingPropertiesElement, processReferences.signedPropsReference);
            Attr attributeNodeNS = qualifyingPropertiesElement.getAttributeNodeNS(null, QualifyingProperty.TARGET_ATTR);
            if (null == attributeNodeNS) {
                attributeNodeNS = qualifyingPropertiesElement.getAttributeNodeNS(QualifyingProperty.XADES_XMLNS, QualifyingProperty.TARGET_ATTR);
                if (null == attributeNodeNS) {
                    throw new QualifyingPropertiesIncorporationException("QualifyingProperties Target attribute not present");
                }
            }
            String nodeValue = attributeNodeNS.getNodeValue();
            if (null == nodeValue || !nodeValue.startsWith("#") || !nodeValue.substring(1).equals(id)) {
                throw new QualifyingPropertiesIncorporationException("QualifyingProperties target doesn't match the signature's Id");
            }
            QualifPropsDataCollectorImpl qualifPropsDataCollectorImpl = new QualifPropsDataCollectorImpl();
            this.qualifPropsUnmarshaller.unmarshalProperties(qualifyingPropertiesElement, qualifPropsDataCollectorImpl);
            Collection<PropertyDataObject> propertiesData = qualifPropsDataCollectorImpl.getPropertiesData();
            Date validationDate = getValidationDate(propertiesData, xMLSignature, signatureSpecificVerificationOptions);
            KeyInfoProcessor.KeyInfoRes process = KeyInfoProcessor.process(xMLSignature.getKeyInfo(), tryGetSigningCertificateRef(propertiesData), this.x500NameStyleProvider);
            ValidationData validate = this.certificateValidator.validate(process.certSelector, validationDate, process.keyInfoCerts);
            if (null == validate || validate.getCerts().isEmpty()) {
                throw new NullPointerException("Certificate validator returned null or empty data");
            }
            X509Certificate x509Certificate = validate.getCerts().get(0);
            if (signatureSpecificVerificationOptions.checkKeyUsage() && (keyUsage = x509Certificate.getKeyUsage()) != null && !keyUsage[0] && !keyUsage[1]) {
                throw new SigningCertificateKeyUsageException();
            }
            doCoreVerification(xMLSignature, signatureSpecificVerificationOptions, x509Certificate);
            QualifyingPropertyVerificationContext qualifyingPropertyVerificationContext = new QualifyingPropertyVerificationContext(xMLSignature, new QualifyingPropertyVerificationContext.CertificationChainData(validate.getCerts(), validate.getCrls(), process.issuerSerial, this.x500NameStyleProvider), new QualifyingPropertyVerificationContext.SignedObjectsData(processReferences.dataObjsReferences, xMLSignature));
            Collection<PropertyInfo> verifyProperties = this.qualifyingPropertiesVerifier.verifyProperties(propertiesData, qualifyingPropertyVerificationContext);
            XAdESVerificationResult xAdESVerificationResult = new XAdESVerificationResult(XAdESFormChecker.checkForm(verifyProperties), xMLSignature, validate, verifyProperties, processReferences.dataObjsReferences);
            Iterator<CustomSignatureVerifier> it2 = this.customSigVerifiers.iterator();
            while (it2.hasNext()) {
                it2.next().verify(xAdESVerificationResult, qualifyingPropertyVerificationContext);
            }
            return xAdESVerificationResult;
        } catch (XMLSecurityException e) {
            throw new UnmarshalException("Bad XML signature", e);
        }
    }

    private CertRef tryGetSigningCertificateRef(Collection<PropertyDataObject> collection) {
        List filterByType = CollectionUtils.filterByType(collection, SigningCertificateData.class);
        if (filterByType.size() != 1) {
            return null;
        }
        Collection<CertRef> certRefs = ((SigningCertificateData) filterByType.get(0)).getCertRefs();
        if (certRefs.size() == 1) {
            return certRefs.iterator().next();
        }
        return null;
    }

    private Date getValidationDate(Collection<PropertyDataObject> collection, XMLSignature xMLSignature, SignatureSpecificVerificationOptions signatureSpecificVerificationOptions) throws XAdES4jException {
        List filterByType = CollectionUtils.filterByType(collection, SignatureTimeStampData.class);
        if (filterByType.isEmpty()) {
            return signatureSpecificVerificationOptions.getDefaultVerificationDate();
        }
        return ((SignatureTimeStampProperty) this.qualifyingPropertiesVerifier.verifyProperties(filterByType, new QualifyingPropertyVerificationContext(xMLSignature, new QualifyingPropertyVerificationContext.CertificationChainData(new ArrayList(0), new ArrayList(0), null, this.x500NameStyleProvider), new QualifyingPropertyVerificationContext.SignedObjectsData(new ArrayList(0), xMLSignature))).iterator().next().getProperty()).getTime();
    }

    private static void doCoreVerification(XMLSignature xMLSignature, SignatureSpecificVerificationOptions signatureSpecificVerificationOptions, X509Certificate x509Certificate) throws XAdES4jXMLSigException, InvalidSignatureException {
        List<ResourceResolverSpi> resolvers = signatureSpecificVerificationOptions.getResolvers();
        if (!CollectionUtils.nullOrEmpty(resolvers)) {
            Iterator<ResourceResolverSpi> it = resolvers.iterator();
            while (it.hasNext()) {
                xMLSignature.addResourceResolver(it.next());
            }
        }
        xMLSignature.setFollowNestedManifests(signatureSpecificVerificationOptions.isFollowManifests());
        InputStream dataForAnonymousReference = signatureSpecificVerificationOptions.getDataForAnonymousReference();
        if (dataForAnonymousReference != null) {
            xMLSignature.addResourceResolver(new ResolverAnonymous(dataForAnonymousReference));
        }
        try {
            if (xMLSignature.checkSignatureValue(x509Certificate)) {
                return;
            }
            try {
                if (xMLSignature.getSignedInfo().verifyReferences()) {
                    throw new SignatureValueException(xMLSignature);
                }
                SignedInfo signedInfo = xMLSignature.getSignedInfo();
                for (int i = 0; i < signedInfo.getLength(); i++) {
                    Reference item = signedInfo.item(i);
                    if (!item.verify()) {
                        throw new ReferenceValueException(xMLSignature, item);
                    }
                }
            } catch (XMLSecurityException e) {
                throw new XAdES4jXMLSigException("Error verifying the references", e);
            }
        } catch (XMLSignatureException e2) {
            throw new XAdES4jXMLSigException("Error verifying the signature", e2);
        }
    }

    private static void initFormExtension() {
        XAdESForm[] values = XAdESForm.values();
        formsExtensionTransitions = new FormExtensionPropsCollector[values.length][values.length];
        FormExtensionPropsCollector formExtensionPropsCollector = new FormExtensionPropsCollector() { // from class: xades4j.verification.XadesVerifierImpl.1
            @Override // xades4j.verification.XadesVerifierImpl.FormExtensionPropsCollector
            public void addProps(Collection<UnsignedSignatureProperty> collection, XAdESVerificationResult xAdESVerificationResult) {
                PropertiesUtils.addXadesTProperties(collection);
            }
        };
        formsExtensionTransitions[XAdESForm.BES.ordinal()][XAdESForm.T.ordinal()] = formExtensionPropsCollector;
        formsExtensionTransitions[XAdESForm.EPES.ordinal()][XAdESForm.T.ordinal()] = formExtensionPropsCollector;
        FormExtensionPropsCollector formExtensionPropsCollector2 = new FormExtensionPropsCollector() { // from class: xades4j.verification.XadesVerifierImpl.2
            @Override // xades4j.verification.XadesVerifierImpl.FormExtensionPropsCollector
            public void addProps(Collection<UnsignedSignatureProperty> collection, XAdESVerificationResult xAdESVerificationResult) {
                PropertiesUtils.addXadesCProperties(collection, xAdESVerificationResult.getValidationData());
                PropertiesUtils.addXadesTProperties(collection);
            }
        };
        formsExtensionTransitions[XAdESForm.BES.ordinal()][XAdESForm.C.ordinal()] = formExtensionPropsCollector2;
        formsExtensionTransitions[XAdESForm.EPES.ordinal()][XAdESForm.C.ordinal()] = formExtensionPropsCollector2;
        formsExtensionTransitions[XAdESForm.T.ordinal()][XAdESForm.C.ordinal()] = new FormExtensionPropsCollector() { // from class: xades4j.verification.XadesVerifierImpl.3
            @Override // xades4j.verification.XadesVerifierImpl.FormExtensionPropsCollector
            public void addProps(Collection<UnsignedSignatureProperty> collection, XAdESVerificationResult xAdESVerificationResult) {
                PropertiesUtils.addXadesCProperties(collection, xAdESVerificationResult.getValidationData());
            }
        };
        formsExtensionTransitions[XAdESForm.C.ordinal()][XAdESForm.X.ordinal()] = new FormExtensionPropsCollector() { // from class: xades4j.verification.XadesVerifierImpl.4
            @Override // xades4j.verification.XadesVerifierImpl.FormExtensionPropsCollector
            public void addProps(Collection<UnsignedSignatureProperty> collection, XAdESVerificationResult xAdESVerificationResult) {
                PropertiesUtils.addXadesXProperties(collection);
            }
        };
        formsExtensionTransitions[XAdESForm.C.ordinal()][XAdESForm.X_L.ordinal()] = new FormExtensionPropsCollector() { // from class: xades4j.verification.XadesVerifierImpl.5
            @Override // xades4j.verification.XadesVerifierImpl.FormExtensionPropsCollector
            public void addProps(Collection<UnsignedSignatureProperty> collection, XAdESVerificationResult xAdESVerificationResult) {
                PropertiesUtils.addXadesXLProperties(collection, xAdESVerificationResult.getValidationData());
                PropertiesUtils.addXadesXProperties(collection);
            }
        };
    }

    @Override // xades4j.verification.XadesVerifier
    public XAdESVerificationResult verify(Element element, SignatureSpecificVerificationOptions signatureSpecificVerificationOptions, XadesSignatureFormatExtender xadesSignatureFormatExtender, XAdESForm xAdESForm) throws XAdES4jException {
        if (null == xAdESForm || null == xadesSignatureFormatExtender) {
            throw new NullPointerException("'finalForm' and 'formatExtender' cannot be null");
        }
        if (xAdESForm.before(XAdESForm.T) || xAdESForm.after(XAdESForm.X_L)) {
            throw new IllegalArgumentException("Signature format can only be extended to XAdES-T, C, X or X-L");
        }
        XAdESVerificationResult verify = verify(element, signatureSpecificVerificationOptions);
        XAdESForm signatureForm = verify.getSignatureForm();
        if (signatureForm.before(xAdESForm)) {
            FormExtensionPropsCollector formExtensionPropsCollector = formsExtensionTransitions[signatureForm.ordinal()][xAdESForm.ordinal()];
            if (null == formExtensionPropsCollector) {
                throw new InvalidFormExtensionException(signatureForm, xAdESForm);
            }
            ArrayList arrayList = new ArrayList(3);
            formExtensionPropsCollector.addProps(arrayList, verify);
            xadesSignatureFormatExtender.enrichSignature(verify.getXmlSignature(), new UnsignedProperties(arrayList));
        }
        return verify;
    }

    static {
        Init.init();
        initFormExtension();
    }
}
