package org.warlock.tk.internalservices.validation;

import java.io.ByteArrayInputStream;
import java.io.CharArrayReader;
import java.io.InputStreamReader;
import java.net.URI;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import javax.xml.crypto.dom.DOMStructure;
import javax.xml.crypto.dsig.Reference;
import javax.xml.crypto.dsig.XMLSignature;
import javax.xml.crypto.dsig.XMLSignatureFactory;
import javax.xml.crypto.dsig.dom.DOMValidateContext;
import javax.xml.parsers.DocumentBuilderFactory;
import org.w3c.dom.Attr;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
import org.warlock.tk.internalservices.validation.spine.SpineMessage;
import org.warlock.util.CfHNamespaceContext;
import org.warlock.util.dsig.SimpleKeySelector;
import org.xml.sax.InputSource;

/* loaded from: input_file:tkwinstaller/TKW.zip:TKW/TKW.jar:org/warlock/tk/internalservices/validation/ContentSignatureVerification.class */
public class ContentSignatureVerification implements ValidationCheck {
    private VariableProvider vProvider = null;
    private String checkPart = null;
    private int attachmentNo = -1;

    @Override // org.warlock.tk.internalservices.validation.ValidationCheck
    public void initialise() throws Exception {
    }

    @Override // org.warlock.tk.internalservices.validation.ValidationCheck
    public String getSupportingData() {
        return null;
    }

    @Override // org.warlock.tk.internalservices.validation.ValidationCheck
    public ValidationReport[] validate(SpineMessage spineMessage) throws Exception {
        if (this.checkPart == null || this.checkPart.toLowerCase().startsWith("attachment")) {
            return validate(spineMessage.getATTACHMENTPart(this.attachmentNo), false).getReport();
        }
        throw new Exception("ITK validation of tertiary MIME part of spine message. Incorrect validation class used");
    }

    @Override // org.warlock.tk.internalservices.validation.ValidationCheck
    public void writeExternalOutput(String str) throws Exception {
    }

    @Override // org.warlock.tk.internalservices.validation.ValidationCheck
    public void setType(String str) {
        int indexOf = str.indexOf(95);
        if (indexOf == -1) {
            return;
        }
        this.checkPart = str.substring(0, indexOf);
        this.attachmentNo = Integer.parseInt(this.checkPart.substring(10, this.checkPart.length())) - 1;
    }

    @Override // org.warlock.tk.internalservices.validation.ValidationCheck
    public void setResource(String str) {
    }

    @Override // org.warlock.tk.internalservices.validation.ValidationCheck
    public void setData(String str) throws Exception {
    }

    @Override // org.warlock.tk.internalservices.validation.ValidationCheck
    public ValidatorOutput validate(String str, boolean z) throws Exception {
        ArrayList arrayList = new ArrayList();
        DocumentBuilderFactory newInstance = DocumentBuilderFactory.newInstance();
        newInstance.setNamespaceAware(true);
        Document parse = newInstance.newDocumentBuilder().parse(new InputSource(new CharArrayReader(str.toCharArray())));
        NodeList elementsByTagNameNS = parse.getElementsByTagNameNS(CfHNamespaceContext.DSNAMESPACE, "Signature");
        boolean z2 = false;
        for (int i = 0; i < elementsByTagNameNS.getLength(); i++) {
            z2 = true;
            arrayList.addAll(validateSignature(parse, (Element) elementsByTagNameNS.item(i)));
        }
        if (!z2) {
            ValidationReport validationReport = new ValidationReport("No content signatures found");
            validationReport.setPassed();
            arrayList.add(validationReport);
        }
        return new ValidatorOutput(null, (ValidationReport[]) arrayList.toArray(new ValidationReport[arrayList.size()]));
    }

    private ArrayList<ValidationReport> validateSignature(Document document, Element element) {
        ArrayList<ValidationReport> arrayList = new ArrayList<>();
        try {
            SimpleKeySelector resolveKey = resolveKey(document, element);
            DOMStructure dOMStructure = new DOMStructure(element);
            XMLSignatureFactory xMLSignatureFactory = XMLSignatureFactory.getInstance("DOM");
            DOMValidateContext dOMValidateContext = new DOMValidateContext(resolveKey, element);
            dOMValidateContext.setProperty("javax.xml.crypto.dsig.cacheReference", Boolean.TRUE);
            XMLSignature unmarshalXMLSignature = xMLSignatureFactory.unmarshalXMLSignature(dOMStructure);
            boolean validate = unmarshalXMLSignature.validate(dOMValidateContext);
            new InputStreamReader(unmarshalXMLSignature.getSignedInfo().getCanonicalizedData());
            if (validate) {
                ValidationReport validationReport = new ValidationReport("Content Signature valid");
                validationReport.setTest(" Enveloping element: " + element.getTagName());
                validationReport.setPassed();
                arrayList.add(validationReport);
            } else {
                ValidationReport validationReport2 = new ValidationReport("Signature not valid");
                if (unmarshalXMLSignature.getSignatureValue().validate(dOMValidateContext)) {
                    StringBuilder sb = new StringBuilder();
                    int i = 0;
                    for (Reference reference : unmarshalXMLSignature.getSignedInfo().getReferences()) {
                        if (!reference.validate(dOMValidateContext)) {
                            sb.append("Reference ");
                            sb.append(i);
                            sb.append(" is invalid: ");
                            InputStreamReader inputStreamReader = new InputStreamReader(reference.getDigestInputStream());
                            char[] cArr = new char[10240];
                            inputStreamReader.read(cArr);
                            sb.append(new String(cArr).trim());
                            SignatureVerification.doHtmlEscapes(sb);
                        }
                        i++;
                    }
                    validationReport2.setTest(sb.toString());
                    arrayList.add(validationReport2);
                } else {
                    validationReport2.setTest("Signature validation of included digest failed");
                    arrayList.add(validationReport2);
                }
            }
            return arrayList;
        } catch (Exception e) {
            e.printStackTrace();
            arrayList.add(new ValidationReport("Cannot resolve certificate for validation: " + e.toString()));
            return arrayList;
        }
    }

    private SimpleKeySelector resolveKey(Document document, Element element) throws Exception {
        SimpleKeySelector simpleKeySelector = new SimpleKeySelector();
        NodeList elementsByTagNameNS = element.getElementsByTagNameNS(CfHNamespaceContext.DSNAMESPACE, "X509Certificate");
        if (elementsByTagNameNS.getLength() == 0) {
            NodeList elementsByTagNameNS2 = element.getElementsByTagNameNS(CfHNamespaceContext.DSNAMESPACE, "RetrievalMethod");
            if (elementsByTagNameNS2.getLength() == 0) {
                throw new Exception("No X509Certificate or RetrievalMethod given in KeyInfo - certificate cannot be resolved to verify signature");
            }
            String attribute = ((Element) elementsByTagNameNS2.item(0)).getAttribute("URI");
            if (attribute == null || attribute.trim().length() == 0) {
                throw new Exception("No X509Certificate resolved: KeyInfo/RetrievalMethod/@URI absent or empty");
            }
            X509Certificate resolveUri = resolveUri(document, attribute);
            if (resolveUri == null) {
                throw new Exception("Cannot resolve X509Certificate at URI " + attribute);
            }
            simpleKeySelector.setFixedKey(resolveUri.getPublicKey());
        } else {
            String textContent = ((Element) elementsByTagNameNS.item(0)).getTextContent();
            StringBuilder sb = new StringBuilder("-----BEGIN CERTIFICATE-----\n");
            sb.append(textContent);
            if (textContent.charAt(textContent.length() - 1) != '\n') {
                sb.append("\n");
            }
            sb.append("-----END CERTIFICATE-----");
            simpleKeySelector.setFixedKey(((X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(sb.toString().getBytes()))).getPublicKey());
        }
        return simpleKeySelector;
    }

    private X509Certificate resolveUri(Document document, String str) throws Exception {
        X509Certificate x509Certificate;
        if (str.startsWith("#")) {
            x509Certificate = resolveId(document, str);
        } else {
            x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new URI(str).toURL().openStream());
        }
        return x509Certificate;
    }

    private X509Certificate resolveId(Document document, String str) throws Exception {
        String substring = str.substring(1);
        X509Certificate lookupReferences = lookupReferences(document, "id", substring);
        if (lookupReferences == null) {
            lookupReferences = lookupReferences(document, "Id", substring);
        }
        return lookupReferences;
    }

    private X509Certificate lookupReferences(Document document, String str, String str2) throws Exception {
        NodeList elementsByTagName = document.getElementsByTagName(str);
        for (int i = 0; i < elementsByTagName.getLength(); i++) {
            Node item = elementsByTagName.item(i);
            if (item.getNodeType() == 2) {
                Attr attr = (Attr) item;
                if (attr.getValue().contentEquals(str2)) {
                    String textContent = ((Element) attr.getParentNode()).getTextContent();
                    if (textContent == null || textContent.trim().length() == 0) {
                        throw new Exception("URI " + str2 + " resolved but no certificate found");
                    }
                    return getCertificate(textContent);
                }
            }
        }
        return null;
    }

    private X509Certificate getCertificate(String str) throws Exception {
        String sb;
        if (str.contains("-----BEGIN CERTIFICATE-----")) {
            sb = str;
        } else {
            StringBuilder sb2 = new StringBuilder("-----BEGIN CERTIFICATE-----\n");
            sb2.append(str);
            if (str.charAt(str.length() - 1) != '\n') {
                sb2.append("\n");
            }
            sb2.append("-----END CERTIFICATE-----");
            sb = sb2.toString();
        }
        return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(sb.getBytes()));
    }

    @Override // org.warlock.tk.internalservices.validation.ValidationCheck
    public void setVariableProvider(VariableProvider variableProvider) {
        this.vProvider = variableProvider;
    }
}
