package com.peterphi.std.crypto.signing;

import com.peterphi.std.crypto.keystore.Keystore;
import com.peterphi.std.net.IpHelper;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.StringReader;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Security;
import java.security.UnrecoverableEntryException;
import java.security.cert.CertificateException;
import java.util.ArrayList;
import java.util.Enumeration;
import javax.xml.parsers.DocumentBuilderFactory;
import org.apache.log4j.Logger;
import org.apache.xml.security.Init;
import org.apache.xml.security.exceptions.XMLSecurityException;
import org.apache.xml.security.signature.XMLSignature;
import org.apache.xml.security.signature.XMLSignatureException;
import org.apache.xml.security.transforms.Transforms;
import org.apache.xml.security.utils.XMLUtils;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.xml.sax.InputSource;

/* loaded from: input_file:com/peterphi/std/crypto/signing/XMLDocumentSigner.class */
public class XMLDocumentSigner {
    private static final Logger log;
    private static int seq;
    private static double instanceId;
    private final Document doc;
    static final /* synthetic */ boolean $assertionsDisabled;

    public XMLDocumentSigner(String str) throws Exception {
        if (!$assertionsDisabled && str == null) {
            throw new AssertionError("XML string must be provided");
        }
        if (!$assertionsDisabled && str.length() == 0) {
            throw new AssertionError("XML string must not be empty");
        }
        try {
            log.debug("[XmlDocSigner] <ctor> Constructing document builder factory");
            DocumentBuilderFactory newInstance = DocumentBuilderFactory.newInstance();
            newInstance.setNamespaceAware(true);
            log.debug("[XmlDocSigner] <ctor> Reading document");
            this.doc = newInstance.newDocumentBuilder().parse(new InputSource(new StringReader(str)));
        } catch (Exception e) {
            log.error("[XMLDocumentSigning] {ctor} Could not load XML document: " + e.getMessage(), e);
            throw new Exception("Could not load the XML document: " + e.getMessage(), e);
        }
    }

    public XMLDocumentSigner(File file) throws Exception {
        if (!$assertionsDisabled && file == null) {
            throw new AssertionError("File must be provided");
        }
        if (!$assertionsDisabled && !file.exists()) {
            throw new AssertionError("XML file must exist");
        }
        try {
            DocumentBuilderFactory newInstance = DocumentBuilderFactory.newInstance();
            newInstance.setNamespaceAware(true);
            this.doc = newInstance.newDocumentBuilder().parse(new FileInputStream(file));
        } catch (Exception e) {
            log.error("[XMLDocumentSigning] {ctor} Could not load XML document: " + e.getMessage(), e);
            throw new Exception("Could not load the XML document: " + e.getMessage(), e);
        }
    }

    public XMLDocumentSigner(Document document) {
        if (!$assertionsDisabled && document == null) {
            throw new AssertionError("XML Document must be provided");
        }
        this.doc = document;
    }

    public Document sign(String str, KeyPair keyPair) {
        return sign(str, keyPair.getPublic(), keyPair.getPrivate());
    }

    public static KeyPair getKeypair(KeyStore keyStore, String str, char[] cArr) throws NoSuchAlgorithmException, UnrecoverableEntryException, KeyStoreException {
        KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) keyStore.getEntry(str, new KeyStore.PasswordProtection(cArr));
        return new KeyPair(privateKeyEntry.getCertificate().getPublicKey(), privateKeyEntry.getPrivateKey());
    }

    public Document sign(String str, PublicKey publicKey, PrivateKey privateKey) {
        try {
            XMLSignature xMLSignature = new XMLSignature(this.doc, "", "http://www.w3.org/2001/04/xmldsig-more#rsa-sha512");
            this.doc.getFirstChild().appendChild(xMLSignature.getElement());
            Transforms transforms = new Transforms(this.doc);
            transforms.addTransform("http://www.w3.org/2000/09/xmldsig#enveloped-signature");
            transforms.addTransform("http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments");
            xMLSignature.addDocument("", transforms, "http://www.w3.org/2000/09/xmldsig#sha1");
            StringBuilder append = new StringBuilder().append((("id:" + str + " ") + "ip:" + IpHelper.getLocalIp() + " ") + "inst:" + instanceId + " ").append("seq:");
            int i = seq + 1;
            seq = i;
            String str2 = append.append(i).append(" ").toString() + "now:" + System.currentTimeMillis();
            xMLSignature.setId(str2);
            xMLSignature.addKeyInfo(publicKey);
            xMLSignature.sign(privateKey);
            log.info("[XMLDocumentSigner] {sign} Issued signature " + str2);
            return xMLSignature.getDocument();
        } catch (XMLSecurityException e) {
            log.error("[XMLDocumentSigning] {sign} Error signing document: " + e.getMessage(), e);
            return null;
        }
    }

    public boolean save(File file) {
        if (file.exists()) {
            file.delete();
        }
        try {
            XMLUtils.outputDOMc14nWithComments(this.doc, new FileOutputStream(file));
            return true;
        } catch (FileNotFoundException e) {
            log.error("[XMLDocumentSigner] {save} Couldn't save to file " + file);
            return false;
        }
    }

    public Document stripSignature() {
        if (hasSignature()) {
            Element element = (Element) this.doc.getLastChild().getLastChild();
            element.getParentNode().removeChild(element);
        } else {
            log.warn("[XMLDocumentSigner] {stripSignature} Signature not found: nothing stripped");
        }
        return this.doc;
    }

    public boolean hasSignature() {
        Node lastChild = this.doc.getLastChild().getLastChild();
        if (!(lastChild instanceof Element)) {
            return false;
        }
        Element element = (Element) lastChild;
        return element.getNamespaceURI().equals("http://www.w3.org/2000/09/xmldsig#") && element.getLocalName().equals("Signature");
    }

    public String toString() {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        XMLUtils.outputDOMc14nWithComments(this.doc, byteArrayOutputStream);
        return byteArrayOutputStream.toString();
    }

    public boolean validate(Keystore keystore) throws CertificateException, FileNotFoundException, IOException, KeyStoreException, NoSuchAlgorithmException {
        FileInputStream fileInputStream = null;
        try {
            fileInputStream = new FileInputStream(keystore.file);
            KeyStore keyStore = KeyStore.getInstance(keystore.getType());
            keyStore.load(fileInputStream, keystore.password.toCharArray());
            ArrayList arrayList = new ArrayList();
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                PublicKey publicKey = keyStore.getCertificate(aliases.nextElement()).getPublicKey();
                if (publicKey != null) {
                    arrayList.add(publicKey);
                }
            }
            PublicKey[] publicKeyArr = new PublicKey[arrayList.size()];
            for (int i = 0; i < publicKeyArr.length; i++) {
                publicKeyArr[i] = (PublicKey) arrayList.get(i);
            }
            boolean validate = validate(publicKeyArr);
            if (fileInputStream != null) {
                try {
                    fileInputStream.close();
                } catch (IOException e) {
                    log.warn("[XMLDocumentSigner] {validate} Error closing truststore file: " + e.getMessage(), e);
                }
            }
            return validate;
        } catch (Throwable th) {
            if (fileInputStream != null) {
                try {
                    fileInputStream.close();
                } catch (IOException e2) {
                    log.warn("[XMLDocumentSigner] {validate} Error closing truststore file: " + e2.getMessage(), e2);
                    throw th;
                }
            }
            throw th;
        }
    }

    public boolean validate(PublicKey... publicKeyArr) {
        try {
            XMLSignature xMLSignature = new XMLSignature((Element) this.doc.getLastChild().getLastChild(), "");
            for (PublicKey publicKey : publicKeyArr) {
                if (publicKey != null) {
                    try {
                        if (xMLSignature.checkSignatureValue(publicKey)) {
                            return true;
                        }
                    } catch (XMLSignatureException e) {
                        log.error("[XMLDocumentSigning] {validate} Error with signature/key combo: " + e.getMessage(), e);
                    }
                }
            }
            return false;
        } catch (XMLSecurityException e2) {
            log.error("[XMLDocumentSigning] {validate} Error loading signature from document");
            return false;
        }
    }

    static {
        $assertionsDisabled = !XMLDocumentSigner.class.desiredAssertionStatus();
        log = Logger.getLogger(XMLDocumentSigner.class);
        seq = 0;
        instanceId = Math.random();
        log.debug("[XMLDocumentSigning] <init> Initialising apache xml security");
        Init.init();
        log.debug("[XMLDocumentSigning] <init> Apache xml security initialised.");
        if (Security.getProvider("BC") == null) {
            log.info("[XMLDocumentSigner] Loading Bouncy Castle Provider");
            Security.addProvider(new BouncyCastleProvider());
            log.debug("[XMLDocumentSigner] Bouncy Castle Provider loaded");
        }
        log.info("[XMLDocumentSigner] initialised. instanceId is " + instanceId);
    }
}
