package com.nuodb.impl.security;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.StringWriter;
import java.math.BigInteger;
import java.security.InvalidAlgorithmParameterException;
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.SignatureException;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import javax.xml.crypto.AlgorithmMethod;
import javax.xml.crypto.KeySelector;
import javax.xml.crypto.KeySelectorException;
import javax.xml.crypto.KeySelectorResult;
import javax.xml.crypto.MarshalException;
import javax.xml.crypto.XMLCryptoContext;
import javax.xml.crypto.dsig.SignedInfo;
import javax.xml.crypto.dsig.XMLSignatureException;
import javax.xml.crypto.dsig.XMLSignatureFactory;
import javax.xml.crypto.dsig.dom.DOMSignContext;
import javax.xml.crypto.dsig.dom.DOMValidateContext;
import javax.xml.crypto.dsig.keyinfo.KeyInfo;
import javax.xml.crypto.dsig.keyinfo.KeyInfoFactory;
import javax.xml.crypto.dsig.keyinfo.X509Data;
import javax.xml.crypto.dsig.keyinfo.X509IssuerSerial;
import javax.xml.crypto.dsig.spec.C14NMethodParameterSpec;
import javax.xml.crypto.dsig.spec.DigestMethodParameterSpec;
import javax.xml.crypto.dsig.spec.SignatureMethodParameterSpec;
import javax.xml.crypto.dsig.spec.TransformParameterSpec;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.transform.Transformer;
import javax.xml.transform.TransformerException;
import javax.xml.transform.TransformerFactory;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.NodeList;
import org.xml.sax.SAXException;

/* loaded from: input_file:com/nuodb/impl/security/Signatures.class */
public final class Signatures {

    /* loaded from: input_file:com/nuodb/impl/security/Signatures$IssuerKeySelector.class */
    private static class IssuerKeySelector extends KeySelector {
        private final Map<String, X509Certificate> certificates = new HashMap();

        IssuerKeySelector(Collection<X509Certificate> collection) {
            Iterator<X509Certificate> it = collection.iterator();
            while (it.hasNext()) {
                addCertificate(it.next());
            }
        }

        void addCertificate(X509Certificate x509Certificate) {
            this.certificates.put(getIdString(x509Certificate.getIssuerX500Principal().getName(), x509Certificate.getSerialNumber()), x509Certificate);
        }

        public KeySelectorResult select(KeyInfo keyInfo, KeySelector.Purpose purpose, AlgorithmMethod algorithmMethod, XMLCryptoContext xMLCryptoContext) throws KeySelectorException {
            if (keyInfo == null || purpose != KeySelector.Purpose.VERIFY) {
                throw new KeySelectorException("Cannot supply a result");
            }
            for (Object obj : keyInfo.getContent()) {
                if (obj instanceof X509Data) {
                    for (Object obj2 : ((X509Data) obj).getContent()) {
                        if (obj2 instanceof X509IssuerSerial) {
                            X509IssuerSerial x509IssuerSerial = (X509IssuerSerial) obj2;
                            X509Certificate x509Certificate = this.certificates.get(getIdString(x509IssuerSerial.getIssuerName(), x509IssuerSerial.getSerialNumber()));
                            if (x509Certificate != null) {
                                return new KeySelectorResultImpl(x509Certificate.getPublicKey());
                            }
                        }
                    }
                }
            }
            throw new KeySelectorException("No applicable keys were found");
        }

        private static String getIdString(String str, BigInteger bigInteger) {
            return str + "/" + bigInteger.toString();
        }
    }

    /* loaded from: input_file:com/nuodb/impl/security/Signatures$KeySelectorResultImpl.class */
    private static class KeySelectorResultImpl implements KeySelectorResult {
        private final Key key;

        KeySelectorResultImpl(Key key) {
            this.key = key;
        }

        public Key getKey() {
            return this.key;
        }
    }

    public static String signAndEnvelop(String str, PrivateKey privateKey, X509Certificate x509Certificate) throws IOException, SignatureException {
        Element documentElement = fromString("<SignedData>" + str.trim() + "</SignedData>").getDocumentElement();
        documentElement.setAttribute("ContentElement", documentElement.getFirstChild().getNodeName());
        DOMSignContext dOMSignContext = new DOMSignContext(privateKey, documentElement);
        XMLSignatureFactory xMLSignatureFactory = XMLSignatureFactory.getInstance("DOM");
        try {
            try {
                SignedInfo newSignedInfo = xMLSignatureFactory.newSignedInfo(xMLSignatureFactory.newCanonicalizationMethod("http://www.w3.org/TR/2001/REC-xml-c14n-20010315", (C14NMethodParameterSpec) null), xMLSignatureFactory.newSignatureMethod("http://www.w3.org/2000/09/xmldsig#rsa-sha1", (SignatureMethodParameterSpec) null), Collections.singletonList(xMLSignatureFactory.newReference("", xMLSignatureFactory.newDigestMethod("http://www.w3.org/2001/04/xmlenc#sha256", (DigestMethodParameterSpec) null), Collections.singletonList(xMLSignatureFactory.newTransform("http://www.w3.org/2000/09/xmldsig#enveloped-signature", (TransformParameterSpec) null)), (String) null, (String) null)));
                KeyInfoFactory keyInfoFactory = xMLSignatureFactory.getKeyInfoFactory();
                try {
                    xMLSignatureFactory.newXMLSignature(newSignedInfo, keyInfoFactory.newKeyInfo(Collections.singletonList(keyInfoFactory.newX509Data(Collections.singletonList(keyInfoFactory.newX509IssuerSerial(x509Certificate.getIssuerX500Principal().getName(), x509Certificate.getSerialNumber())))))).sign(dOMSignContext);
                    return toString(documentElement, true);
                } catch (MarshalException e) {
                    throw new SignatureException("Failed to construct signed data", e);
                } catch (XMLSignatureException e2) {
                    throw new SignatureException("Failed to sign data", e2);
                }
            } catch (InvalidAlgorithmParameterException e3) {
                throw new IllegalStateException("Failed to use algorithm", e3);
            } catch (NoSuchAlgorithmException e4) {
                throw new IllegalStateException("Failed to resolve algorithm", e4);
            }
        } catch (InvalidAlgorithmParameterException e5) {
            throw new IllegalStateException("Failed to use algorithm", e5);
        } catch (NoSuchAlgorithmException e6) {
            throw new IllegalStateException("Failed to resolve algorithm", e6);
        }
    }

    public static String verifyAndExtract(String str, Collection<X509Certificate> collection) throws IOException, SignatureException {
        Document fromString = fromString(str);
        Element documentElement = fromString.getDocumentElement();
        if (!documentElement.getTagName().equals("SignedData")) {
            throw new IllegalArgumentException("Unexpecetd XML structure");
        }
        String attribute = documentElement.getAttribute("ContentElement");
        if (attribute.isEmpty()) {
            throw new IllegalArgumentException("No content element reference");
        }
        NodeList elementsByTagName = fromString.getElementsByTagName(attribute);
        if (elementsByTagName.getLength() != 1) {
            throw new IllegalArgumentException("Failed to resolve content root");
        }
        Element element = (Element) elementsByTagName.item(0);
        NodeList elementsByTagNameNS = fromString.getElementsByTagNameNS("http://www.w3.org/2000/09/xmldsig#", "Signature");
        if (elementsByTagNameNS.getLength() != 1) {
            throw new IllegalArgumentException("Cannot find Signature element");
        }
        DOMValidateContext dOMValidateContext = new DOMValidateContext(new IssuerKeySelector(collection), elementsByTagNameNS.item(0));
        try {
            try {
                if (XMLSignatureFactory.getInstance("DOM").unmarshalXMLSignature(dOMValidateContext).validate(dOMValidateContext)) {
                    return toString(element, false);
                }
                throw new SignatureException("Signature validation failed");
            } catch (XMLSignatureException e) {
                throw new SignatureException("Signature validation failed", e);
            }
        } catch (MarshalException e2) {
            throw new IOException("Failed to demarshal signature content", e2);
        }
    }

    public static String extract(String str) throws IOException {
        Document fromString = fromString(str);
        Element documentElement = fromString.getDocumentElement();
        if (!documentElement.getTagName().equals("SignedData")) {
            throw new IllegalArgumentException("Unexpecetd XML structure");
        }
        String attribute = documentElement.getAttribute("ContentElement");
        if (attribute.isEmpty()) {
            throw new IllegalArgumentException("No content element reference");
        }
        NodeList elementsByTagName = fromString.getElementsByTagName(attribute);
        if (elementsByTagName.getLength() != 1) {
            throw new IllegalArgumentException("Failed to resolve content root");
        }
        return toString((Element) elementsByTagName.item(0), false);
    }

    private static Document fromString(String str) throws IOException {
        DocumentBuilderFactory newInstance = DocumentBuilderFactory.newInstance();
        newInstance.setNamespaceAware(true);
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(str.getBytes());
        try {
            try {
                try {
                    Document parse = newInstance.newDocumentBuilder().parse(byteArrayInputStream);
                    byteArrayInputStream.close();
                    return parse;
                } catch (SAXException e) {
                    throw new IOException("Input parsing failed", e);
                }
            } catch (ParserConfigurationException e2) {
                throw new IOException("Failed to create XML parser", e2);
            }
        } catch (Throwable th) {
            byteArrayInputStream.close();
            throw th;
        }
    }

    private static String toString(Element element, boolean z) throws IOException {
        StringWriter stringWriter = new StringWriter();
        try {
            Transformer newTransformer = TransformerFactory.newInstance().newTransformer();
            if (!z) {
                newTransformer.setOutputProperty("omit-xml-declaration", "yes");
            }
            newTransformer.setOutputProperty("standalone", "yes");
            try {
                newTransformer.transform(new DOMSource(element), new StreamResult(stringWriter));
                return stringWriter.toString();
            } catch (TransformerException e) {
                throw new IOException("Failed to transform XML to a string", e);
            }
        } catch (TransformerException e2) {
            throw new IOException("Failed to create XML transformer", e2);
        }
    }
}
