package software.xdev.bzst.dip.client.util;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.InputStream;
import java.nio.charset.StandardCharsets;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import javax.xml.crypto.MarshalException;
import javax.xml.crypto.dom.DOMStructure;
import javax.xml.crypto.dsig.SignedInfo;
import javax.xml.crypto.dsig.XMLObject;
import javax.xml.crypto.dsig.XMLSignature;
import javax.xml.crypto.dsig.XMLSignatureException;
import javax.xml.crypto.dsig.XMLSignatureFactory;
import javax.xml.crypto.dsig.dom.DOMSignContext;
import javax.xml.crypto.dsig.dom.DOMValidateContext;
import javax.xml.crypto.dsig.keyinfo.KeyInfo;
import javax.xml.crypto.dsig.keyinfo.KeyInfoFactory;
import javax.xml.crypto.dsig.spec.C14NMethodParameterSpec;
import javax.xml.crypto.dsig.spec.DigestMethodParameterSpec;
import javax.xml.crypto.dsig.spec.SignatureMethodParameterSpec;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Document;
import org.w3c.dom.NodeList;
import software.xdev.bzst.dip.client.exception.SigningException;
import software.xdev.bzst.dip.client.factory.DocumentBuilderFactoryNoExternalEntities;
import software.xdev.bzst.dip.client.factory.TransformerFactoryExtension;
import software.xdev.bzst.dip.client.model.configuration.BzstDipConfiguration;

/* loaded from: input_file:software/xdev/bzst/dip/client/util/SigningUtil.class */
public final class SigningUtil {
    private static final Logger LOGGER = LoggerFactory.getLogger(SigningUtil.class);
    private static final String DIGEST_METHOD = "http://www.w3.org/2001/04/xmlenc#sha256";
    private static final String SIGNATURE_METHOD = "http://www.w3.org/2007/05/xmldsig-more#sha256-rsa-MGF1";
    public static final String KEYSTORE_TYPE = "JKS";

    private SigningUtil() {
    }

    public static String signXMLDocument(String str, BzstDipConfiguration bzstDipConfiguration) {
        try {
            InputStream inputStream = bzstDipConfiguration.getCertificateKeystoreInputStream().get();
            try {
                ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                try {
                    ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(str.getBytes(StandardCharsets.UTF_8));
                    try {
                        DocumentBuilderFactory newInstance = DocumentBuilderFactoryNoExternalEntities.newInstance();
                        newInstance.setNamespaceAware(true);
                        Document parse = newInstance.newDocumentBuilder().parse(byteArrayInputStream);
                        Document newDocument = newInstance.newDocumentBuilder().newDocument();
                        XMLSignatureFactory xMLSignatureFactory = XMLSignatureFactory.getInstance("DOM");
                        KeyStore.PrivateKeyEntry privateKeyEntry = getPrivateKeyEntry(inputStream, bzstDipConfiguration.getKeyStorePrivateKeyAlias(), bzstDipConfiguration.getCertificateKeystorePassword(), KEYSTORE_TYPE);
                        createDomSignContext(privateKeyEntry, newDocument, xMLSignatureFactory, parse);
                        TransformerFactoryExtension.newInstance().newTransformer().transform(new DOMSource(newDocument), new StreamResult(byteArrayOutputStream));
                        if (!validateSignature(newDocument, xMLSignatureFactory, privateKeyEntry)) {
                            throw new SigningException("The validation of the signature from the XML document has failed.");
                        }
                        String byteArrayOutputStream2 = byteArrayOutputStream.toString(StandardCharsets.UTF_8);
                        byteArrayInputStream.close();
                        byteArrayOutputStream.close();
                        if (inputStream != null) {
                            inputStream.close();
                        }
                        return byteArrayOutputStream2;
                    } catch (Throwable th) {
                        try {
                            byteArrayInputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                        throw th;
                    }
                } catch (Throwable th3) {
                    try {
                        byteArrayOutputStream.close();
                    } catch (Throwable th4) {
                        th3.addSuppressed(th4);
                    }
                    throw th3;
                }
            } finally {
            }
        } catch (Exception e) {
            throw new SigningException("Something wrong happened while signing the xml document.", e);
        }
    }

    private static void createDomSignContext(KeyStore.PrivateKeyEntry privateKeyEntry, Document document, XMLSignatureFactory xMLSignatureFactory, Document document2) throws MarshalException, XMLSignatureException, InvalidAlgorithmParameterException, NoSuchAlgorithmException {
        SignedInfo createSignedInfo = createSignedInfo(xMLSignatureFactory);
        KeyInfo createKeyInfo = createKeyInfo(privateKeyEntry, xMLSignatureFactory);
        XMLObject newXMLObject = xMLSignatureFactory.newXMLObject(Collections.singletonList(new DOMStructure(document2.getDocumentElement())), "object", (String) null, (String) null);
        DOMSignContext dOMSignContext = new DOMSignContext(privateKeyEntry.getPrivateKey(), document);
        dOMSignContext.setDefaultNamespacePrefix("ds");
        xMLSignatureFactory.newXMLSignature(createSignedInfo, createKeyInfo, Collections.singletonList(newXMLObject), (String) null, (String) null).sign(dOMSignContext);
    }

    private static SignedInfo createSignedInfo(XMLSignatureFactory xMLSignatureFactory) throws InvalidAlgorithmParameterException, NoSuchAlgorithmException {
        return xMLSignatureFactory.newSignedInfo(xMLSignatureFactory.newCanonicalizationMethod("http://www.w3.org/TR/2001/REC-xml-c14n-20010315", (C14NMethodParameterSpec) null), xMLSignatureFactory.newSignatureMethod(SIGNATURE_METHOD, (SignatureMethodParameterSpec) null), Collections.singletonList(xMLSignatureFactory.newReference("#object", xMLSignatureFactory.newDigestMethod(DIGEST_METHOD, (DigestMethodParameterSpec) null), List.of(), (String) null, (String) null)));
    }

    private static KeyInfo createKeyInfo(KeyStore.PrivateKeyEntry privateKeyEntry, XMLSignatureFactory xMLSignatureFactory) {
        X509Certificate x509Certificate = (X509Certificate) privateKeyEntry.getCertificate();
        KeyInfoFactory keyInfoFactory = xMLSignatureFactory.getKeyInfoFactory();
        ArrayList arrayList = new ArrayList();
        arrayList.add(x509Certificate.getSubjectX500Principal().getName());
        arrayList.add(x509Certificate);
        return keyInfoFactory.newKeyInfo(Collections.singletonList(keyInfoFactory.newX509Data(arrayList)));
    }

    private static boolean validateSignature(Document document, XMLSignatureFactory xMLSignatureFactory, KeyStore.PrivateKeyEntry privateKeyEntry) throws MarshalException, XMLSignatureException {
        LOGGER.debug("Validating xml signature...");
        NodeList elementsByTagNameNS = document.getElementsByTagNameNS("http://www.w3.org/2000/09/xmldsig#", "Signature");
        if (elementsByTagNameNS.getLength() == 0) {
            throw new SigningException("Cannot find Signature element.");
        }
        DOMValidateContext dOMValidateContext = new DOMValidateContext(privateKeyEntry.getCertificate().getPublicKey(), elementsByTagNameNS.item(0));
        XMLSignature unmarshalXMLSignature = xMLSignatureFactory.unmarshalXMLSignature(dOMValidateContext);
        LOGGER.debug("Finished validating xml signature.");
        return unmarshalXMLSignature.validate(dOMValidateContext);
    }

    public static KeyStore.PrivateKeyEntry getPrivateKeyEntry(InputStream inputStream, String str, String str2, String str3) {
        try {
            LOGGER.debug("Loading keystore file...");
            KeyStore keyStore = KeyStore.getInstance(str3);
            keyStore.load(inputStream, str2.toCharArray());
            KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) keyStore.getEntry(str, new KeyStore.PasswordProtection(str2.toCharArray()));
            if (privateKeyEntry == null) {
                throw new SigningException("The private key entry in the keystore is null.");
            }
            return privateKeyEntry;
        } catch (Exception e) {
            throw new SigningException("Something wrong happened while getting the private key entry from the keystore.", e);
        }
    }
}
