package org.warlock.itk.distributionenvelope;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.StringReader;
import java.io.StringWriter;
import java.security.PrivateKey;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.UUID;
import java.util.zip.GZIPInputStream;
import java.util.zip.GZIPOutputStream;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import javax.xml.crypto.dom.DOMStructure;
import javax.xml.crypto.dsig.Reference;
import javax.xml.crypto.dsig.SignedInfo;
import javax.xml.crypto.dsig.XMLObject;
import javax.xml.crypto.dsig.XMLSignatureFactory;
import javax.xml.crypto.dsig.dom.DOMSignContext;
import javax.xml.crypto.dsig.dom.DOMValidateContext;
import javax.xml.crypto.dsig.keyinfo.KeyInfoFactory;
import javax.xml.crypto.dsig.spec.C14NMethodParameterSpec;
import javax.xml.crypto.dsig.spec.DigestMethodParameterSpec;
import javax.xml.crypto.dsig.spec.SignatureMethodParameterSpec;
import javax.xml.crypto.dsig.spec.TransformParameterSpec;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.transform.Transformer;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
import org.apache.commons.codec.binary.Base64;
import org.apache.xerces.impl.xs.SchemaSymbols;
import org.apache.xml.serialize.Method;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
import org.warlock.util.CfHNamespaceContext;
import org.warlock.util.dsig.SimpleKeySelector;
import org.warlock.util.xsltransform.TransformManager;
import org.xml.sax.InputSource;

/* loaded from: input_file:tkwinstaller/TKW.zip:TKW/lib/DistributionEnvelopeTools.jar:org/warlock/itk/distributionenvelope/Payload.class */
public class Payload {
    private static final int UNCOMPRESSBUFFERSIZE = 10240;
    private static final int AESKEYSIZE = 256;
    private static final int DATAENCIPHERMENTUSAGE = 3;
    private static final int KEYENCIPHERMENTUSAGE = 2;
    private static final int IVLENGTH = 16;
    private static final String SYMMETRICENCRYPTIONALGORITHM = "AES/CBC/PKCS5Padding";
    private String manifestId;
    private String mimeType;
    private String profileId;
    private boolean base64;
    private boolean compressed;
    private boolean encrypted;
    private boolean allowNonUsageCertificates;
    private boolean unmunged;
    private String payloadBody;
    private ArrayList<X509Certificate> readerCerts;
    private String encryptedContent;
    private HashMap<String, String> receivedReaders;

    public Payload(String str) {
        this.manifestId = null;
        this.mimeType = null;
        this.profileId = null;
        this.base64 = false;
        this.compressed = false;
        this.encrypted = false;
        this.allowNonUsageCertificates = true;
        this.unmunged = false;
        this.payloadBody = null;
        this.readerCerts = new ArrayList<>();
        this.encryptedContent = null;
        this.receivedReaders = null;
        this.manifestId = "uuid_" + UUID.randomUUID().toString().toUpperCase();
        this.mimeType = str;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Payload(String str, String str2, String str3, String str4, String str5, String str6) {
        this.manifestId = null;
        this.mimeType = null;
        this.profileId = null;
        this.base64 = false;
        this.compressed = false;
        this.encrypted = false;
        this.allowNonUsageCertificates = true;
        this.unmunged = false;
        this.payloadBody = null;
        this.readerCerts = new ArrayList<>();
        this.encryptedContent = null;
        this.receivedReaders = null;
        this.manifestId = str;
        this.mimeType = str2;
        if (str3 != null && str3.length() > 0) {
            this.profileId = str3;
        }
        this.base64 = str4.contentEquals(SchemaSymbols.ATTVAL_TRUE);
        this.compressed = str5.contentEquals(SchemaSymbols.ATTVAL_TRUE);
        this.encrypted = str6.contentEquals(SchemaSymbols.ATTVAL_TRUE);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setEncryptedContent(String str) {
        this.encryptedContent = str;
        this.receivedReaders = new HashMap<>();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void addReceivedReader(String str, String str2) {
        this.receivedReaders.put(str, str2);
    }

    public void addReaderCertificate(X509Certificate x509Certificate) throws Exception {
        if (x509Certificate == null) {
            throw new Exception("Null certificate");
        }
        x509Certificate.checkValidity();
        boolean[] keyUsage = x509Certificate.getKeyUsage();
        if (keyUsage != null) {
            if (!keyUsage[3]) {
                throw new Exception("Certificate " + x509Certificate.getSubjectDN().getName() + " not valid for data encipherment");
            }
        } else if (!this.allowNonUsageCertificates) {
            throw new Exception("Certificate " + x509Certificate.getSubjectDN().getName() + " has no key usage extension.");
        }
        this.encrypted = true;
        this.readerCerts.add(x509Certificate);
    }

    public void encrypt(PrivateKey privateKey, X509Certificate x509Certificate) throws Exception {
        if (this.readerCerts.isEmpty()) {
            throw new Exception("No recipient public keys");
        }
        if (this.payloadBody == null) {
            throw new Exception("Attempt to encrypt empty content");
        }
        signPayload(privateKey, x509Certificate);
        doEncryption();
    }

    private void signPayload(PrivateKey privateKey, X509Certificate x509Certificate) throws Exception {
        Reference newReference;
        Document newDocument;
        DOMStructure dOMStructure;
        if (privateKey == null || x509Certificate == null) {
            throw new Exception("Null signing material");
        }
        x509Certificate.checkValidity();
        XMLSignatureFactory xMLSignatureFactory = XMLSignatureFactory.getInstance("DOM");
        String str = "uuid" + UUID.randomUUID().toString();
        DocumentBuilderFactory newInstance = DocumentBuilderFactory.newInstance();
        newInstance.setNamespaceAware(true);
        if (this.compressed || this.base64 || !this.mimeType.contains(Method.XML)) {
            newReference = xMLSignatureFactory.newReference("#" + str, xMLSignatureFactory.newDigestMethod("http://www.w3.org/2000/09/xmldsig#sha1", (DigestMethodParameterSpec) null));
            newDocument = newInstance.newDocumentBuilder().newDocument();
            dOMStructure = new DOMStructure(newDocument.createTextNode(this.payloadBody));
        } else {
            newReference = xMLSignatureFactory.newReference("#" + str, xMLSignatureFactory.newDigestMethod("http://www.w3.org/2000/09/xmldsig#sha1", (DigestMethodParameterSpec) null), Collections.singletonList(xMLSignatureFactory.newTransform("http://www.w3.org/2001/10/xml-exc-c14n#", (TransformParameterSpec) null)), (String) null, (String) null);
            newDocument = newInstance.newDocumentBuilder().parse(new InputSource(new StringReader(this.payloadBody)));
            dOMStructure = new DOMStructure(newDocument.getDocumentElement());
        }
        XMLObject newXMLObject = xMLSignatureFactory.newXMLObject(Collections.singletonList(dOMStructure), str, (String) null, (String) null);
        SignedInfo newSignedInfo = xMLSignatureFactory.newSignedInfo(xMLSignatureFactory.newCanonicalizationMethod("http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments", (C14NMethodParameterSpec) null), xMLSignatureFactory.newSignatureMethod("http://www.w3.org/2000/09/xmldsig#rsa-sha1", (SignatureMethodParameterSpec) null), Collections.singletonList(newReference));
        KeyInfoFactory keyInfoFactory = xMLSignatureFactory.getKeyInfoFactory();
        ArrayList arrayList = new ArrayList();
        arrayList.add(x509Certificate);
        xMLSignatureFactory.newXMLSignature(newSignedInfo, keyInfoFactory.newKeyInfo(Collections.singletonList(keyInfoFactory.newX509Data(arrayList))), Collections.singletonList(newXMLObject), (String) null, (String) null).sign(new DOMSignContext(privateKey, newDocument));
        StringWriter stringWriter = new StringWriter();
        TransformManager.getInstance().getTransformerFactory().newTransformer().transform(new DOMSource(newDocument), new StreamResult(stringWriter));
        if (stringWriter.toString().indexOf("<?xml ") == 0) {
            this.payloadBody = stringWriter.toString().substring(stringWriter.toString().indexOf("?>") + "?>".length());
        } else {
            this.payloadBody = stringWriter.toString();
        }
    }

    public void encrypt() throws Exception {
        if (this.readerCerts.isEmpty()) {
            throw new Exception("No recipient public keys");
        }
        if (this.payloadBody == null) {
            throw new Exception("Attempt to encrypt empty content");
        }
        doEncryption();
    }

    private void doEncryption() throws Exception {
        KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
        keyGenerator.init(256);
        SecretKey generateKey = keyGenerator.generateKey();
        String doAESEncryption = doAESEncryption(generateKey);
        StringBuilder sb = new StringBuilder("<xenc:EncryptedData xmlns:xenc=\"http://www.w3.org/2001/04/xmlenc#\">");
        sb.append("<xenc:EncryptionMethod Algorithm=\"http://www.w3.org/2001/04/xmlenc#aes256-cbc\"/>");
        sb.append("<ds:KeyInfo xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\">");
        byte[] encoded = generateKey.getEncoded();
        Iterator<X509Certificate> it = this.readerCerts.iterator();
        while (it.hasNext()) {
            sb.append(doRSASymmetricKeyEncryption(it.next(), encoded));
        }
        sb.append("</ds:KeyInfo>");
        sb.append(doAESEncryption);
        sb.append("</xenc:EncryptedData>");
        this.payloadBody = sb.toString();
        this.encrypted = true;
        for (int i = 0; i < encoded.length; i++) {
            encoded[i] = 0;
        }
    }

    private String doRSASymmetricKeyEncryption(X509Certificate x509Certificate, byte[] bArr) throws Exception {
        Cipher cipher = Cipher.getInstance("RSA");
        cipher.init(1, x509Certificate);
        return "<xenc:EncryptedKey><EncryptionMethod Algorithm=\"http://www.w3.org/2001/04/xmlenc#rsa-1_5\"/><ds:KeyInfo><ds:KeyName>" + x509Certificate.getSubjectDN().getName() + "</ds:KeyName></ds:KeyInfo><xenc:CipherData><xenc:CipherValue>" + new String(new Base64().encode(cipher.doFinal(bArr))) + "</xenc:CipherValue></xenc:CipherData></xenc:EncryptedKey>";
    }

    private String doAESEncryption(SecretKey secretKey) throws Exception {
        Cipher cipher = Cipher.getInstance(SYMMETRICENCRYPTIONALGORITHM);
        cipher.init(1, secretKey, getInitialisationVector());
        return "<xenc:CipherData><xenc:CipherValue>" + new String(new Base64().encode(cipher.doFinal(this.payloadBody.getBytes("UTF-8")))) + "</xenc:CipherValue></xenc:CipherData>";
    }

    public boolean hasKeyForReader(String str) {
        if (this.receivedReaders == null) {
            return false;
        }
        return this.receivedReaders.containsKey(str);
    }

    private IvParameterSpec getInitialisationVector() throws Exception {
        byte[] bArr = new byte[16];
        for (int i = 0; i < 16; i++) {
            bArr[i] = 0;
        }
        int i2 = this.manifestId.startsWith("uuid") ? 4 : 0;
        byte[] bytes = this.manifestId.getBytes("UTF-8");
        for (int i3 = 0; i3 < this.manifestId.length() && i3 != 16; i3++) {
            bArr[i3] = bytes[i3 + i2];
        }
        return new IvParameterSpec(bArr);
    }

    public String decryptTextContent(String str, PrivateKey privateKey) throws Exception {
        byte[] decrypt = decrypt(str, privateKey);
        return decrypt == null ? "" : getTextContent(new String(decrypt));
    }

    public byte[] decryptRawContent(String str, PrivateKey privateKey) throws Exception {
        byte[] decrypt = decrypt(str, privateKey);
        if (decrypt == null) {
            return null;
        }
        return demungeRawContent(new String(decrypt));
    }

    private byte[] decrypt(String str, PrivateKey privateKey) throws Exception {
        if (!this.encrypted) {
            throw new Exception("Not encrypted");
        }
        if (!hasKeyForReader(str)) {
            throw new Exception("No such key");
        }
        byte[] decode = new Base64().decode(this.receivedReaders.get(str).getBytes("UTF-8"));
        Cipher cipher = Cipher.getInstance("RSA");
        cipher.init(2, privateKey);
        byte[] doFinal = cipher.doFinal(decode);
        Cipher cipher2 = Cipher.getInstance(SYMMETRICENCRYPTIONALGORITHM);
        cipher2.init(2, new SecretKeySpec(doFinal, "AES"), getInitialisationVector());
        byte[] doFinal2 = cipher2.doFinal(new Base64().decode(this.encryptedContent.getBytes("UTF-8")));
        for (int i = 0; i < doFinal.length; i++) {
            doFinal[i] = 0;
        }
        return checkSignature(doFinal2);
    }

    private byte[] checkSignature(byte[] bArr) throws Exception {
        try {
            String str = new String(bArr);
            DocumentBuilderFactory newInstance = DocumentBuilderFactory.newInstance();
            newInstance.setNamespaceAware(true);
            Element documentElement = newInstance.newDocumentBuilder().parse(new InputSource(new StringReader(str))).getDocumentElement();
            String localName = documentElement.getLocalName();
            if (localName == null || !localName.contentEquals("Signature")) {
                return bArr;
            }
            String namespaceURI = documentElement.getNamespaceURI();
            if (namespaceURI == null || !namespaceURI.contentEquals(CfHNamespaceContext.DSNAMESPACE)) {
                return bArr;
            }
            verifySignature(documentElement);
            return getSignatureObject(documentElement);
        } catch (Exception e) {
            return bArr;
        }
    }

    private void verifySignature(Element element) throws Exception {
        X509Certificate certificate = getCertificate(element);
        SimpleKeySelector simpleKeySelector = new SimpleKeySelector();
        simpleKeySelector.setFixedKey(certificate.getPublicKey());
        DOMStructure dOMStructure = new DOMStructure(element);
        XMLSignatureFactory xMLSignatureFactory = XMLSignatureFactory.getInstance("DOM");
        DOMValidateContext dOMValidateContext = new DOMValidateContext(simpleKeySelector, element);
        dOMValidateContext.setProperty("javax.xml.crypto.dsig.cacheReference", Boolean.TRUE);
        if (!xMLSignatureFactory.unmarshalXMLSignature(dOMStructure).validate(dOMValidateContext)) {
            throw new Exception("Signature invalid");
        }
    }

    private X509Certificate getCertificate(Element element) throws Exception {
        NodeList elementsByTagNameNS = element.getElementsByTagNameNS(CfHNamespaceContext.DSNAMESPACE, "X509Certificate");
        if (elementsByTagNameNS.getLength() == 0) {
            throw new Exception("Cannot find certificate in signature");
        }
        Element element2 = (Element) elementsByTagNameNS.item(0);
        StringBuilder sb = new StringBuilder("-----BEGIN CERTIFICATE-----\n");
        String textContent = element2.getTextContent();
        sb.append(textContent);
        if (textContent.charAt(textContent.length() - 1) != '\n') {
            sb.append("\n");
        }
        sb.append("-----END CERTIFICATE-----");
        return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(sb.toString().getBytes()));
    }

    private byte[] getSignatureObject(Element element) throws Exception {
        String textContent;
        NodeList elementsByTagNameNS = element.getElementsByTagNameNS(CfHNamespaceContext.DSNAMESPACE, "Object");
        if (elementsByTagNameNS.getLength() == 0) {
            throw new Exception("Error retrieving object from signature");
        }
        StringWriter stringWriter = new StringWriter();
        StreamResult streamResult = new StreamResult(stringWriter);
        Transformer newTransformer = TransformManager.getInstance().getTransformerFactory().newTransformer();
        Node item = elementsByTagNameNS.item(0);
        NodeList childNodes = item.getChildNodes();
        if (childNodes.item(0).hasChildNodes()) {
            newTransformer.transform(new DOMSource(childNodes.item(0)), streamResult);
            textContent = stringWriter.toString();
            if (textContent.indexOf("<?xml ") == 0) {
                textContent = textContent.substring(textContent.indexOf("?>") + "?>".length());
            }
        } else {
            textContent = item.getTextContent();
        }
        return textContent.getBytes();
    }

    public String makeManifestItem(String str) {
        StringBuilder sb = new StringBuilder();
        sb.append("<");
        sb.append(str);
        sb.append(":manifestitem mimetype=\"");
        sb.append(this.mimeType);
        sb.append("\"");
        if (this.profileId != null) {
            sb.append(" profileid=\"");
            sb.append(this.profileId);
            sb.append("\"");
        }
        sb.append(" base64=\"");
        sb.append(Boolean.toString(this.base64));
        sb.append("\" compressed=\"");
        sb.append(Boolean.toString(this.compressed));
        sb.append("\" encrypted=\"");
        sb.append(Boolean.toString(this.encrypted));
        sb.append("\" id=\"");
        sb.append(this.manifestId);
        sb.append("\"/>");
        return sb.toString();
    }

    public void setProfileId(String str) {
        this.profileId = str;
    }

    public void setBody(String str, boolean z) throws Exception {
        this.payloadBody = str;
        if (z) {
            compressIfViable(this.payloadBody.getBytes("UTF8"));
        }
    }

    private void compressIfViable(byte[] bArr) throws Exception {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        GZIPOutputStream gZIPOutputStream = new GZIPOutputStream(byteArrayOutputStream, UNCOMPRESSBUFFERSIZE);
        gZIPOutputStream.write(bArr, 0, bArr.length);
        gZIPOutputStream.finish();
        byte[] byteArray = byteArrayOutputStream.toByteArray();
        if (bArr.length / byteArray.length > 1.34d) {
            this.payloadBody = new String(new Base64().encode(byteArray));
            this.compressed = true;
            return;
        }
        this.compressed = false;
        if (this.payloadBody != null) {
            return;
        }
        this.payloadBody = new String(new Base64().encode(bArr));
        this.base64 = true;
    }

    public void setContent(byte[] bArr, boolean z) throws Exception {
        if (z) {
            compressIfViable(bArr);
        } else {
            this.base64 = true;
            this.payloadBody = new String(new Base64().encode(bArr));
        }
    }

    public void setBase64(boolean z) {
        this.base64 = z;
    }

    public void setCompressed(boolean z) {
        this.compressed = z;
    }

    public void setEncrypted(boolean z) {
        this.encrypted = z;
    }

    public boolean isBase64() {
        return this.base64;
    }

    public boolean isCompressed() {
        return this.compressed;
    }

    public boolean isEncrypted() {
        return this.encrypted;
    }

    public boolean isDecoded() {
        return this.unmunged;
    }

    public String getMimeType() {
        return this.mimeType;
    }

    public String getManifestId() {
        return this.manifestId;
    }

    public String getProfileId() {
        return this.profileId;
    }

    public String getPayloadBody() {
        return this.payloadBody;
    }

    public String getContent() throws Exception {
        if (this.encrypted) {
            throw new Exception("Encrypted body");
        }
        return getTextContent(this.payloadBody);
    }

    private String getTextContent(String str) throws Exception {
        if (stringable()) {
            return this.compressed ? new String(decompressBody(str)) : this.base64 ? new String(new Base64().decode(str.getBytes("UTF-8"))) : str;
        }
        throw new Exception("Not stringable - use getRawContent()");
    }

    private byte[] decompressBody(String str) throws Exception {
        byte[] decode = new Base64().decode(str.getBytes("UTF-8"));
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        GZIPInputStream gZIPInputStream = new GZIPInputStream(new ByteArrayInputStream(decode), UNCOMPRESSBUFFERSIZE);
        byte[] bArr = new byte[UNCOMPRESSBUFFERSIZE];
        while (true) {
            int read = gZIPInputStream.read(bArr, 0, UNCOMPRESSBUFFERSIZE);
            if (read == -1) {
                gZIPInputStream.close();
                return byteArrayOutputStream.toByteArray();
            }
            byteArrayOutputStream.write(bArr, 0, read);
        }
    }

    public byte[] getRawContent() throws Exception {
        if (this.encrypted) {
            throw new Exception("Encrypted body");
        }
        return demungeRawContent(this.payloadBody);
    }

    private byte[] demungeRawContent(String str) throws Exception {
        return this.compressed ? decompressBody(str) : this.base64 ? new Base64().decode(str.getBytes("UTF-8")) : str.getBytes("UTF-8");
    }

    public String[] getEncryptionRecipients() {
        return !this.encrypted ? null : null;
    }

    public void setContent(String str) throws Exception {
        this.payloadBody = str;
    }

    private boolean stringable() {
        if (this.mimeType == null) {
            return false;
        }
        if (this.mimeType.startsWith(Method.TEXT)) {
            return true;
        }
        return this.mimeType.startsWith("application") && this.mimeType.toLowerCase().contains(Method.XML);
    }
}
