package org.apache.abdera.security.xmlsec;

import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import org.apache.abdera.Abdera;
import org.apache.abdera.i18n.iri.IRI;
import org.apache.abdera.model.Content;
import org.apache.abdera.model.Element;
import org.apache.abdera.model.Entry;
import org.apache.abdera.model.Link;
import org.apache.abdera.model.Source;
import org.apache.abdera.security.SecurityException;
import org.apache.abdera.security.SignatureOptions;
import org.apache.abdera.security.util.Constants;
import org.apache.abdera.security.util.SignatureBase;
import org.apache.xml.security.Init;
import org.apache.xml.security.exceptions.XMLSecurityException;
import org.apache.xml.security.keys.KeyInfo;
import org.apache.xml.security.signature.XMLSignature;
import org.apache.xml.security.signature.XMLSignatureException;
import org.apache.xml.security.transforms.Transforms;
import org.w3c.dom.Document;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;

/* loaded from: input_file:install/FeedSphereApp.zip:FeedSphere/WebContent/WEB-INF/lib/abdera-security-0.4.0-incubating-retro.jar:org/apache/abdera/security/xmlsec/XmlSignature.class */
public class XmlSignature extends SignatureBase {
    public XmlSignature() {
        super(new Abdera());
    }

    public XmlSignature(Abdera abdera) {
        super(abdera);
    }

    private <T extends Element> T _sign(T t, SignatureOptions signatureOptions) throws XMLSecurityException {
        t.setBaseUri(t.getResolvedBaseUri());
        org.w3c.dom.Element fomToDom = fomToDom((Element) t.clone(), signatureOptions);
        Document ownerDocument = fomToDom.getOwnerDocument();
        PrivateKey signingKey = signatureOptions.getSigningKey();
        X509Certificate certificate = signatureOptions.getCertificate();
        PublicKey publicKey = signatureOptions.getPublicKey();
        IRI resolvedBaseUri = t.getResolvedBaseUri();
        XMLSignature xMLSignature = new XMLSignature(ownerDocument, resolvedBaseUri != null ? resolvedBaseUri.toString() : "", signatureOptions.getSigningAlgorithm());
        fomToDom.appendChild(xMLSignature.getElement());
        Transforms transforms = new Transforms(ownerDocument);
        transforms.addTransform("http://www.w3.org/2000/09/xmldsig#enveloped-signature");
        transforms.addTransform("http://www.w3.org/2001/10/xml-exc-c14n#");
        xMLSignature.addDocument("", transforms, "http://www.w3.org/2000/09/xmldsig#sha1");
        for (String str : signatureOptions.getReferences()) {
            xMLSignature.addDocument(str);
        }
        if (signatureOptions.isSignLinks()) {
            String[] signLinkRels = signatureOptions.getSignLinkRels();
            List<Link> list = null;
            Content content = null;
            if (t instanceof Source) {
                list = signLinkRels == null ? ((Source) t).getLinks() : ((Source) t).getLinks(signLinkRels);
            } else if (t instanceof Entry) {
                list = signLinkRels == null ? ((Entry) t).getLinks() : ((Entry) t).getLinks(signLinkRels);
                content = ((Entry) t).getContentElement();
            }
            if (list != null) {
                Iterator<Link> it = list.iterator();
                while (it.hasNext()) {
                    xMLSignature.addDocument(it.next().getResolvedHref().toASCIIString());
                }
            }
            if (content != null && content.getResolvedSrc() != null) {
                xMLSignature.addDocument(content.getResolvedSrc().toASCIIString());
            }
        }
        if (certificate != null) {
            xMLSignature.addKeyInfo(certificate);
        }
        if (publicKey != null) {
            xMLSignature.addKeyInfo(publicKey);
        }
        xMLSignature.sign(signingKey);
        return (T) domToFom(fomToDom, signatureOptions);
    }

    @Override // org.apache.abdera.security.Signature
    public <T extends Element> T sign(T t, SignatureOptions signatureOptions) throws SecurityException {
        try {
            return (T) _sign(t, signatureOptions);
        } catch (Exception e) {
            throw new SecurityException(e);
        }
    }

    private boolean is_valid_signature(XMLSignature xMLSignature, SignatureOptions signatureOptions) throws XMLSignatureException, XMLSecurityException {
        KeyInfo keyInfo = xMLSignature.getKeyInfo();
        if (keyInfo != null) {
            X509Certificate x509Certificate = keyInfo.getX509Certificate();
            if (x509Certificate != null) {
                return xMLSignature.checkSignatureValue(x509Certificate);
            }
            PublicKey publicKey = keyInfo.getPublicKey();
            if (publicKey != null) {
                return xMLSignature.checkSignatureValue(publicKey);
            }
            return false;
        }
        if (signatureOptions == null) {
            return false;
        }
        PublicKey publicKey2 = signatureOptions.getPublicKey();
        X509Certificate certificate = signatureOptions.getCertificate();
        if (publicKey2 != null) {
            return xMLSignature.checkSignatureValue(publicKey2);
        }
        if (certificate != null) {
            return xMLSignature.checkSignatureValue(certificate);
        }
        return false;
    }

    private <T extends Element> X509Certificate[] _getcerts(T t, SignatureOptions signatureOptions) throws XMLSignatureException, XMLSecurityException {
        KeyInfo keyInfo;
        X509Certificate x509Certificate;
        ArrayList arrayList = new ArrayList();
        NodeList childNodes = fomToDom(t, signatureOptions).getChildNodes();
        for (int i = 0; i < childNodes.getLength(); i++) {
            try {
                Node item = childNodes.item(i);
                if (item.getNodeType() == 1) {
                    org.w3c.dom.Element element = (org.w3c.dom.Element) item;
                    if (Constants.DSIG_NS.equals(element.getNamespaceURI()) && Constants.LN_SIGNATURE.equals(element.getLocalName())) {
                        IRI resolvedBaseUri = t.getResolvedBaseUri();
                        XMLSignature xMLSignature = new XMLSignature(element, resolvedBaseUri != null ? resolvedBaseUri.toString() : "");
                        if (is_valid_signature(xMLSignature, signatureOptions) && (keyInfo = xMLSignature.getKeyInfo()) != null && (x509Certificate = keyInfo.getX509Certificate()) != null) {
                            arrayList.add(x509Certificate);
                        }
                    }
                }
            } catch (Exception e) {
            }
        }
        return (X509Certificate[]) arrayList.toArray(new X509Certificate[arrayList.size()]);
    }

    @Override // org.apache.abdera.security.Signature
    public <T extends Element> X509Certificate[] getValidSignatureCertificates(T t, SignatureOptions signatureOptions) throws SecurityException {
        try {
            return _getcerts(t, signatureOptions);
        } catch (Exception e) {
            return null;
        }
    }

    @Override // org.apache.abdera.security.Signature
    public <T extends Element> KeyInfo getSignatureKeyInfo(T t, SignatureOptions signatureOptions) throws SecurityException {
        KeyInfo keyInfo = null;
        NodeList childNodes = fomToDom(t, signatureOptions).getChildNodes();
        for (int i = 0; i < childNodes.getLength(); i++) {
            try {
                Node item = childNodes.item(i);
                if (item.getNodeType() == 1) {
                    org.w3c.dom.Element element = (org.w3c.dom.Element) item;
                    if (Constants.DSIG_NS.equals(element.getNamespaceURI()) && Constants.LN_SIGNATURE.equals(element.getLocalName())) {
                        IRI resolvedBaseUri = t.getResolvedBaseUri();
                        keyInfo = new XMLSignature(element, resolvedBaseUri != null ? resolvedBaseUri.toString() : "").getKeyInfo();
                    }
                }
            } catch (Exception e) {
            }
        }
        return keyInfo;
    }

    private boolean _verify(Element element, SignatureOptions signatureOptions) throws XMLSignatureException, XMLSecurityException {
        boolean z = false;
        NodeList childNodes = fomToDom(element, signatureOptions).getChildNodes();
        for (int i = 0; i < childNodes.getLength(); i++) {
            Node item = childNodes.item(i);
            if (item.getNodeType() == 1) {
                org.w3c.dom.Element element2 = (org.w3c.dom.Element) item;
                if (Constants.DSIG_NS.equals(element2.getNamespaceURI()) && Constants.LN_SIGNATURE.equals(element2.getLocalName())) {
                    IRI resolvedBaseUri = element.getResolvedBaseUri();
                    z = is_valid_signature(new XMLSignature(element2, resolvedBaseUri != null ? resolvedBaseUri.toString() : ""), signatureOptions);
                }
            }
        }
        return z;
    }

    @Override // org.apache.abdera.security.Signature
    public <T extends Element> boolean verify(T t, SignatureOptions signatureOptions) throws SecurityException {
        if (!isSigned(t)) {
            return false;
        }
        try {
            return _verify(t, signatureOptions);
        } catch (Exception e) {
            throw new SecurityException(e);
        }
    }

    @Override // org.apache.abdera.security.Signature
    public SignatureOptions getDefaultSignatureOptions() throws SecurityException {
        return new XmlSignatureOptions(getAbdera());
    }

    @Override // org.apache.abdera.security.Signature
    public <T extends Element> T removeInvalidSignatures(T t, SignatureOptions signatureOptions) throws SecurityException {
        ArrayList arrayList = new ArrayList();
        org.w3c.dom.Element fomToDom = fomToDom(t, signatureOptions);
        NodeList childNodes = fomToDom.getChildNodes();
        for (int i = 0; i < childNodes.getLength(); i++) {
            try {
                Node item = childNodes.item(i);
                if (item.getNodeType() == 1) {
                    org.w3c.dom.Element element = (org.w3c.dom.Element) item;
                    if (Constants.DSIG_NS.equals(element.getNamespaceURI()) && Constants.LN_SIGNATURE.equals(element.getLocalName())) {
                        IRI resolvedBaseUri = t.getResolvedBaseUri();
                        if (!is_valid_signature(new XMLSignature(element, resolvedBaseUri != null ? resolvedBaseUri.toString() : ""), signatureOptions)) {
                            arrayList.add(element);
                        }
                    }
                }
            } catch (Exception e) {
            }
        }
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            fomToDom.removeChild((org.w3c.dom.Element) it.next());
        }
        return (T) domToFom(fomToDom, signatureOptions);
    }

    static {
        if (Init.isInitialized()) {
            return;
        }
        Init.init();
    }
}
