package oracle.security.xmlsec.dsig;

import java.io.IOException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import javax.xml.parsers.ParserConfigurationException;
import oracle.security.xmlsec.transform.TransformationException;
import oracle.security.xmlsec.util.XMLURI;
import oracle.security.xmlsec.util.XMLUtils;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;

/* loaded from: input_file:oracle/security/xmlsec/dsig/DSigUtils.class */
public class DSigUtils {
    private DSigUtils() {
    }

    public static Document signDetached(String str, PrivateKey privateKey, X509Certificate x509Certificate) throws IOException, SigningException {
        try {
            boolean z = XMLUtils.getProperty(XMLUtils.PROPERTY_USE_EXPLICIT_C14N11) != null;
            XSSignature newInstance = XSSignature.newInstance(null);
            XSKeyInfo createKeyInfo = newInstance.createKeyInfo();
            createKeyInfo.addKeyInfoData(createKeyInfo.createX509Data(x509Certificate));
            newInstance.setKeyInfo(createKeyInfo);
            XSSignedInfo createSignedInfo = newInstance.createSignedInfo(z ? XMLURI.alg_c14n11 : XMLURI.alg_c14n, getSigMethodURI(privateKey), null);
            newInstance.setSignedInfo(createSignedInfo);
            XSReference createReference = newInstance.createReference();
            createReference.setURI(str);
            createReference.setDigestMethod(XMLURI.alg_sha1);
            if (z) {
                createReference.addTransform(newInstance.createTransform(XMLURI.alg_c14n11));
            }
            createSignedInfo.addReference(createReference);
            newInstance.sign(privateKey, (String) null);
            return newInstance.getOwnerDocument();
        } catch (ParserConfigurationException e) {
            throw new SigningException(e);
        } catch (TransformationException e2) {
            throw new SigningException(e2);
        }
    }

    public static Document signEnveloped(Document document, PrivateKey privateKey, X509Certificate x509Certificate) throws SigningException {
        boolean z = XMLUtils.getProperty(XMLUtils.PROPERTY_USE_EXPLICIT_C14N11) != null;
        Element documentElement = document.getDocumentElement();
        if (documentElement == null) {
            documentElement = document;
        }
        XSSignature newInstance = XSSignature.newInstance(document, null);
        newInstance.appendTo(documentElement);
        XSKeyInfo createKeyInfo = newInstance.createKeyInfo();
        createKeyInfo.addKeyInfoData(createKeyInfo.createX509Data(x509Certificate));
        newInstance.setKeyInfo(createKeyInfo);
        XSSignedInfo createSignedInfo = newInstance.createSignedInfo(z ? XMLURI.alg_c14n11 : XMLURI.alg_c14n, getSigMethodURI(privateKey), null);
        newInstance.setSignedInfo(createSignedInfo);
        XSReference createReference = newInstance.createReference();
        createReference.setURI("");
        createReference.setDigestMethod(XMLURI.alg_sha1);
        if (z) {
            createReference.addTransform(newInstance.createTransform(XMLURI.alg_c14n11));
        }
        createSignedInfo.addReference(createReference);
        createReference.addTransform(newInstance.createTransform(XMLURI.alg_envelopedSignature));
        try {
            newInstance.sign(privateKey, (String) null);
            return document;
        } catch (TransformationException e) {
            throw new SigningException(e);
        }
    }

    public static Document signEnveloping(Document document, PrivateKey privateKey, X509Certificate x509Certificate) throws SigningException {
        try {
            boolean z = XMLUtils.getProperty(XMLUtils.PROPERTY_USE_EXPLICIT_C14N11) != null;
            NodeList childNodes = document.getChildNodes();
            if (childNodes.getLength() == 0) {
                throw new IllegalArgumentException("Input document contains no data");
            }
            XSSignature newInstance = XSSignature.newInstance(null);
            Document ownerDocument = newInstance.getOwnerDocument();
            String str = "DSig.Object_" + XMLUtils.randomName();
            XSObject createObject = newInstance.createObject(str, "text/xml", null);
            int length = childNodes.getLength();
            for (int i = 0; i < length; i++) {
                Node item = childNodes.item(i);
                if (item.getNodeType() != 10) {
                    createObject.appendChild(ownerDocument.importNode(item, true));
                }
            }
            newInstance.addObject(createObject);
            XSKeyInfo createKeyInfo = newInstance.createKeyInfo();
            createKeyInfo.addKeyInfoData(createKeyInfo.createX509Data(x509Certificate));
            newInstance.setKeyInfo(createKeyInfo);
            XSSignedInfo createSignedInfo = newInstance.createSignedInfo(z ? XMLURI.alg_c14n11 : XMLURI.alg_c14n, getSigMethodURI(privateKey), null);
            newInstance.setSignedInfo(createSignedInfo);
            XSReference createReference = newInstance.createReference(null, "#" + str, XMLURI.obj_Object, XMLURI.alg_sha1);
            if (z) {
                createReference.addTransform(newInstance.createTransform(XMLURI.alg_c14n11));
            }
            createSignedInfo.addReference(createReference);
            newInstance.sign(privateKey, (String) null);
            return ownerDocument;
        } catch (ParserConfigurationException e) {
            throw new SigningException(e);
        } catch (TransformationException e2) {
            throw new SigningException(e2);
        }
    }

    public static Document signSubTree(Element element, String str, PrivateKey privateKey, X509Certificate x509Certificate) throws SigningException {
        boolean z = XMLUtils.getProperty(XMLUtils.PROPERTY_USE_EXPLICIT_C14N11) != null;
        Document ownerDocument = element.getOwnerDocument();
        Element documentElement = ownerDocument.getDocumentElement();
        if (documentElement == null || documentElement == element) {
            throw new SigningException("Sub-tree may not be rooted in document root element");
        }
        XSSignature newInstance = XSSignature.newInstance(ownerDocument, null);
        newInstance.appendTo(documentElement);
        XSKeyInfo createKeyInfo = newInstance.createKeyInfo();
        createKeyInfo.addKeyInfoData(createKeyInfo.createX509Data(x509Certificate));
        newInstance.setKeyInfo(createKeyInfo);
        XSSignedInfo createSignedInfo = newInstance.createSignedInfo(z ? XMLURI.alg_c14n11 : XMLURI.alg_c14n, getSigMethodURI(privateKey), null);
        newInstance.setSignedInfo(createSignedInfo);
        String attribute = element.getAttribute(str);
        if (attribute == null || attribute.length() == 0) {
            throw new SigningException("Reference target ID attribute value not found");
        }
        XSReference createReference = newInstance.createReference();
        createReference.setURI(attribute);
        createReference.setDigestMethod(XMLURI.alg_sha1);
        if (z) {
            createReference.addTransform(newInstance.createTransform(XMLURI.alg_c14n11));
        }
        createSignedInfo.addReference(createReference);
        try {
            newInstance.sign(privateKey, (String) null);
            return ownerDocument;
        } catch (TransformationException e) {
            throw new SigningException(e);
        }
    }

    public static boolean verify(Document document) throws VerifyException {
        return verify(document, null);
    }

    public static boolean verify(Document document, PublicKey publicKey) throws VerifyException {
        NodeList elementsByTagNameNS = document.getElementsByTagNameNS(XMLURI.ns_xmldsig, "Signature");
        if (elementsByTagNameNS.getLength() == 0) {
            throw new IllegalArgumentException("No XML-DSIG Signature elements found.");
        }
        int length = elementsByTagNameNS.getLength();
        for (int i = 0; i < length; i++) {
            XSSignature xSSignature = new XSSignature((Element) elementsByTagNameNS.item(i));
            if (publicKey == null) {
                if (!xSSignature.verify()) {
                    return false;
                }
            } else if (!xSSignature.verify(publicKey)) {
                return false;
            }
        }
        return true;
    }

    private static String getSigMethodURI(PrivateKey privateKey) throws SigningException {
        String algorithm = privateKey.getAlgorithm();
        if ("RSA".equals(algorithm)) {
            return XMLURI.alg_rsaWithSHA1;
        }
        if ("DSA".equals(algorithm)) {
            return XMLURI.alg_dsaWithSHA1;
        }
        throw new SigningException("Unsupported key algorithm " + algorithm);
    }
}
