package org.basex.query.func.crypto;

import java.io.ByteArrayInputStream;
import java.io.FileInputStream;
import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import javax.xml.crypto.MarshalException;
import javax.xml.crypto.dom.DOMStructure;
import javax.xml.crypto.dsig.SignedInfo;
import javax.xml.crypto.dsig.XMLSignature;
import javax.xml.crypto.dsig.XMLSignatureException;
import javax.xml.crypto.dsig.XMLSignatureFactory;
import javax.xml.crypto.dsig.dom.DOMSignContext;
import javax.xml.crypto.dsig.dom.DOMValidateContext;
import javax.xml.crypto.dsig.keyinfo.KeyInfo;
import javax.xml.crypto.dsig.keyinfo.KeyInfoFactory;
import javax.xml.crypto.dsig.keyinfo.KeyValue;
import javax.xml.crypto.dsig.keyinfo.X509IssuerSerial;
import javax.xml.crypto.dsig.spec.C14NMethodParameterSpec;
import javax.xml.crypto.dsig.spec.DigestMethodParameterSpec;
import javax.xml.crypto.dsig.spec.SignatureMethodParameterSpec;
import javax.xml.crypto.dsig.spec.TransformParameterSpec;
import javax.xml.crypto.dsig.spec.XPathFilterParameterSpec;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.xpath.XPathConstants;
import javax.xml.xpath.XPathExpressionException;
import javax.xml.xpath.XPathFactory;
import org.basex.io.out.ArrayOutput;
import org.basex.io.serial.Serializer;
import org.basex.io.serial.SerializerMode;
import org.basex.query.QueryContext;
import org.basex.query.QueryError;
import org.basex.query.QueryException;
import org.basex.query.StaticContext;
import org.basex.query.value.item.Bln;
import org.basex.query.value.item.Item;
import org.basex.query.value.node.ANode;
import org.basex.query.value.type.NodeType;
import org.basex.util.InputInfo;
import org.basex.util.Token;
import org.basex.util.hash.TokenMap;
import org.basex.util.hash.TokenSet;
import org.w3c.dom.Document;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
import org.xml.sax.SAXException;

/* loaded from: input_file:org/basex/query/func/crypto/DigitalSignature.class */
final class DigitalSignature {
    private static final TokenMap CANONICALS = new TokenMap();
    private static final TokenMap DIGESTS = new TokenMap();
    private static final TokenMap SIGNATURES = new TokenMap();
    private static final TokenSet TYPES = new TokenSet();
    private static final byte[] DEFC = Token.token("inclusive-with-comments");
    private static final byte[] DEFD = Token.token("sha1");
    private static final byte[] DEFS = Token.token("rsa_sha1");
    private static final byte[] DEFT = Token.token("enveloped");
    private static final byte[] ENVT = Token.token("enveloping");
    private final InputInfo info;

    static {
        CANONICALS.put("inclusive-with-comments", "http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments");
        CANONICALS.put("exclusive-with-comments", "http://www.w3.org/2001/10/xml-exc-c14n#WithComments");
        CANONICALS.put("inclusive", "http://www.w3.org/TR/2001/REC-xml-c14n-20010315");
        CANONICALS.put("exclusive", "http://www.w3.org/2001/10/xml-exc-c14n#");
        DIGESTS.put("sha1", "http://www.w3.org/2000/09/xmldsig#sha1");
        DIGESTS.put("sha256", "http://www.w3.org/2001/04/xmlenc#sha256");
        DIGESTS.put("sha512", "http://www.w3.org/2001/04/xmlenc#sha512");
        SIGNATURES.put("rsa_sha1", "http://www.w3.org/2000/09/xmldsig#rsa-sha1");
        SIGNATURES.put("dsa_sha1", "http://www.w3.org/2000/09/xmldsig#dsa-sha1");
        TYPES.add(DEFT);
        TYPES.add(ENVT);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public DigitalSignature(InputInfo inputInfo) {
        this.info = inputInfo;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Item generateSignature(ANode aNode, byte[] bArr, byte[] bArr2, byte[] bArr3, byte[] bArr4, byte[] bArr5, byte[] bArr6, ANode aNode2, QueryContext queryContext, InputInfo inputInfo) throws QueryException {
        KeyInfo newKeyInfo;
        PrivateKey privateKey;
        List singletonList;
        XMLSignature newXMLSignature;
        DOMSignContext dOMSignContext;
        byte[] bArr7 = bArr;
        if (bArr7.length == 0) {
            bArr7 = DEFC;
        }
        byte[] bArr8 = CANONICALS.get(Token.lc(bArr7));
        if (bArr8 == null) {
            throw QueryError.CX_CANINV.get(this.info, bArr);
        }
        String string = Token.string(bArr8);
        byte[] bArr9 = bArr2;
        if (bArr9.length == 0) {
            bArr9 = DEFD;
        }
        byte[] bArr10 = DIGESTS.get(Token.lc(bArr9));
        if (bArr10 == null) {
            throw QueryError.CX_DIGINV.get(this.info, bArr2);
        }
        String string2 = Token.string(bArr10);
        byte[] bArr11 = bArr3;
        if (bArr11.length == 0) {
            bArr11 = DEFS;
        }
        byte[] bArr12 = bArr11;
        byte[] bArr13 = SIGNATURES.get(Token.lc(bArr11));
        if (bArr13 == null) {
            throw QueryError.CX_SIGINV.get(this.info, bArr3);
        }
        String string3 = Token.string(bArr13);
        String substring = Token.string(bArr12).substring(0, 3);
        byte[] bArr14 = bArr5;
        if (bArr14.length == 0) {
            bArr14 = DEFT;
        }
        if (!TYPES.contains(Token.lc(bArr14))) {
            throw QueryError.CX_SIGTYPINV.get(this.info, bArr5);
        }
        byte[] bArr15 = bArr14;
        try {
            XMLSignatureFactory xMLSignatureFactory = XMLSignatureFactory.getInstance("DOM");
            if (aNode2 != null) {
                Document dOMNode = toDOMNode(aNode2);
                if (!"digital-certificate".equals(dOMNode.getDocumentElement().getNodeName())) {
                    throw QueryError.CX_INVNM.get(this.info, dOMNode);
                }
                NodeList childNodes = dOMNode.getDocumentElement().getChildNodes();
                int length = childNodes.getLength();
                int i = 0;
                String str = null;
                String str2 = null;
                String str3 = null;
                String str4 = null;
                String str5 = null;
                while (i < length) {
                    int i2 = i;
                    i++;
                    Node item = childNodes.item(i2);
                    String nodeName = item.getNodeName();
                    switch (nodeName.hashCode()) {
                        case -1194613165:
                            if (!nodeName.equals("private-key-password")) {
                                break;
                            } else {
                                str2 = item.getTextContent();
                                break;
                            }
                        case -788990207:
                            if (!nodeName.equals("keystore-uri")) {
                                break;
                            } else {
                                str = item.getTextContent();
                                break;
                            }
                        case 363544102:
                            if (!nodeName.equals("keystore-password")) {
                                break;
                            } else {
                                str4 = item.getTextContent();
                                break;
                            }
                        case 1201063266:
                            if (!nodeName.equals("key-alias")) {
                                break;
                            } else {
                                str3 = item.getTextContent();
                                break;
                            }
                        case 1311084613:
                            if (!nodeName.equals("keystore-type")) {
                                break;
                            } else {
                                str5 = item.getTextContent();
                                break;
                            }
                    }
                }
                try {
                    KeyStore keyStore = KeyStore.getInstance(str5);
                    Throwable th = null;
                    try {
                        FileInputStream fileInputStream = new FileInputStream(str);
                        try {
                            keyStore.load(fileInputStream, str4.toCharArray());
                            if (fileInputStream != null) {
                                fileInputStream.close();
                            }
                            privateKey = (PrivateKey) keyStore.getKey(str3, str2.toCharArray());
                            X509Certificate x509Certificate = (X509Certificate) keyStore.getCertificate(str3);
                            if (x509Certificate == null) {
                                throw QueryError.CX_ALINV_X.get(this.info, str3);
                            }
                            PublicKey publicKey = x509Certificate.getPublicKey();
                            KeyInfoFactory keyInfoFactory = xMLSignatureFactory.getKeyInfoFactory();
                            KeyValue newKeyValue = keyInfoFactory.newKeyValue(publicKey);
                            ArrayList arrayList = new ArrayList();
                            arrayList.add(newKeyValue);
                            ArrayList arrayList2 = new ArrayList();
                            X509IssuerSerial newX509IssuerSerial = keyInfoFactory.newX509IssuerSerial(x509Certificate.getIssuerX500Principal().getName(), x509Certificate.getSerialNumber());
                            arrayList2.add(x509Certificate.getSubjectX500Principal().getName());
                            arrayList2.add(newX509IssuerSerial);
                            arrayList2.add(x509Certificate);
                            arrayList.add(keyInfoFactory.newX509Data(arrayList2));
                            newKeyInfo = keyInfoFactory.newKeyInfo(arrayList);
                        } catch (Throwable th2) {
                            if (fileInputStream != null) {
                                fileInputStream.close();
                            }
                            throw th2;
                        }
                    } catch (Throwable th3) {
                        if (0 == 0) {
                            th = th3;
                        } else if (null != th3) {
                            th.addSuppressed(th3);
                        }
                        throw th;
                    }
                } catch (KeyStoreException e) {
                    throw QueryError.CX_KSNULL_X.get(this.info, e);
                }
            } else {
                KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(substring);
                keyPairGenerator.initialize(512);
                KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
                KeyInfoFactory keyInfoFactory2 = xMLSignatureFactory.getKeyInfoFactory();
                newKeyInfo = keyInfoFactory2.newKeyInfo(Collections.singletonList(keyInfoFactory2.newKeyValue(generateKeyPair.getPublic())));
                privateKey = generateKeyPair.getPrivate();
            }
            Document dOMNode2 = toDOMNode(aNode);
            if (bArr6.length <= 0) {
                singletonList = Collections.singletonList(xMLSignatureFactory.newTransform("http://www.w3.org/2000/09/xmldsig#enveloped-signature", (TransformParameterSpec) null));
            } else {
                if (((NodeList) XPathFactory.newInstance().newXPath().compile(Token.string(bArr6)).evaluate(dOMNode2, XPathConstants.NODESET)).getLength() < 1) {
                    throw QueryError.CX_XPINV.get(this.info, bArr6);
                }
                singletonList = new ArrayList(2);
                singletonList.add(xMLSignatureFactory.newTransform("http://www.w3.org/TR/1999/REC-xpath-19991116", new XPathFilterParameterSpec(Token.string(bArr6))));
                singletonList.add(xMLSignatureFactory.newTransform("http://www.w3.org/2000/09/xmldsig#enveloped-signature", (TransformParameterSpec) null));
            }
            SignedInfo newSignedInfo = xMLSignatureFactory.newSignedInfo(xMLSignatureFactory.newCanonicalizationMethod(string, (C14NMethodParameterSpec) null), xMLSignatureFactory.newSignatureMethod(string3, (SignatureMethodParameterSpec) null), Collections.singletonList(xMLSignatureFactory.newReference("", xMLSignatureFactory.newDigestMethod(string2, (DigestMethodParameterSpec) null), singletonList, (String) null, (String) null)));
            if (Token.eq(bArr15, DEFT)) {
                dOMSignContext = new DOMSignContext(privateKey, dOMNode2.getDocumentElement());
                newXMLSignature = xMLSignatureFactory.newXMLSignature(newSignedInfo, newKeyInfo);
            } else {
                DocumentBuilderFactory.newInstance().setNamespaceAware(true);
                newXMLSignature = xMLSignatureFactory.newXMLSignature(newSignedInfo, newKeyInfo, Collections.singletonList(xMLSignatureFactory.newXMLObject(Collections.singletonList(new DOMStructure(dOMNode2.getDocumentElement())), "", (String) null, (String) null)), (String) null, (String) null);
                dOMSignContext = new DOMSignContext(privateKey, dOMNode2);
            }
            if (bArr4.length > 0) {
                dOMSignContext.setDefaultNamespacePrefix(Token.string(bArr4));
            }
            newXMLSignature.sign(dOMSignContext);
            return NodeType.DOC.cast((Object) dOMNode2, queryContext, (StaticContext) null, inputInfo);
        } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException | CertificateException e2) {
            throw QueryError.CX_ALGEXC.get(this.info, e2);
        } catch (MarshalException | XMLSignatureException e3) {
            throw QueryError.CX_SIGEXC.get(this.info, e3);
        } catch (IOException | ParserConfigurationException | SAXException e4) {
            throw QueryError.CX_IOEXC.get(this.info, e4);
        } catch (KeyException | UnrecoverableKeyException e5) {
            throw QueryError.CX_NOKEY.get(this.info, e5);
        } catch (KeyStoreException e6) {
            throw QueryError.CX_KSEXC.get(this.info, e6);
        } catch (XPathExpressionException e7) {
            throw QueryError.CX_XPINV.get(this.info, e7);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Item validateSignature(ANode aNode) throws QueryException {
        try {
            Document dOMNode = toDOMNode(aNode);
            DOMValidateContext dOMValidateContext = new DOMValidateContext(new MyKeySelector(), dOMNode);
            NodeList elementsByTagNameNS = dOMNode.getElementsByTagNameNS("http://www.w3.org/2000/09/xmldsig#", "Signature");
            if (elementsByTagNameNS.getLength() < 1) {
                throw QueryError.CX_NOSIG.get(this.info, aNode);
            }
            dOMValidateContext.setNode(elementsByTagNameNS.item(0));
            return Bln.get(XMLSignatureFactory.getInstance("DOM").unmarshalXMLSignature(dOMValidateContext).validate(dOMValidateContext));
        } catch (XMLSignatureException | IOException | ParserConfigurationException | SAXException e) {
            throw QueryError.CX_IOEXC.get(this.info, e);
        } catch (MarshalException e2) {
            throw QueryError.CX_SIGEXC.get(this.info, e2);
        }
    }

    private static byte[] nodeToBytes(ANode aNode) throws IOException {
        ArrayOutput arrayOutput = new ArrayOutput();
        Throwable th = null;
        try {
            Serializer serializer = Serializer.get(arrayOutput, SerializerMode.NOINDENT.get());
            try {
                serializer.serialize(aNode);
                if (serializer != null) {
                    serializer.close();
                }
                return arrayOutput.finish();
            } catch (Throwable th2) {
                if (serializer != null) {
                    serializer.close();
                }
                throw th2;
            }
        } catch (Throwable th3) {
            if (0 == 0) {
                th = th3;
            } else if (null != th3) {
                th.addSuppressed(th3);
            }
            throw th;
        }
    }

    private static Document toDOMNode(ANode aNode) throws SAXException, IOException, ParserConfigurationException {
        DocumentBuilderFactory newInstance = DocumentBuilderFactory.newInstance();
        newInstance.setNamespaceAware(true);
        return newInstance.newDocumentBuilder().parse(new ByteArrayInputStream(nodeToBytes(aNode)));
    }
}
