package org.warlock.tk.internalservices.validation;

import java.io.ByteArrayInputStream;
import java.io.CharArrayReader;
import java.io.InputStreamReader;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import javax.xml.crypto.dom.DOMStructure;
import javax.xml.crypto.dsig.Reference;
import javax.xml.crypto.dsig.XMLSignature;
import javax.xml.crypto.dsig.XMLSignatureFactory;
import javax.xml.crypto.dsig.dom.DOMValidateContext;
import javax.xml.parsers.DocumentBuilderFactory;
import org.apache.commons.codec.binary.Base64;
import org.w3c.dom.Document;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
import org.warlock.tk.internalservices.validation.spine.SpineMessage;
import org.warlock.util.CfHNamespaceContext;
import org.warlock.util.dsig.DOMURIdereferencer;
import org.warlock.util.dsig.SimpleKeySelector;
import org.xml.sax.InputSource;

/* loaded from: input_file:tkwinstaller/TKW.zip:TKW/TKW.jar:org/warlock/tk/internalservices/validation/SignatureVerification.class */
public class SignatureVerification implements ValidationCheck {
    private VariableProvider vProvider = null;
    private String checkPart = null;
    private int attachmentNo = -1;

    @Override // org.warlock.tk.internalservices.validation.ValidationCheck
    public void initialise() throws Exception {
    }

    @Override // org.warlock.tk.internalservices.validation.ValidationCheck
    public String getSupportingData() {
        return null;
    }

    @Override // org.warlock.tk.internalservices.validation.ValidationCheck
    public void writeExternalOutput(String str) throws Exception {
    }

    @Override // org.warlock.tk.internalservices.validation.ValidationCheck
    public ValidationReport[] validate(SpineMessage spineMessage) throws Exception {
        if (this.checkPart == null || this.checkPart.toLowerCase().startsWith("attachment")) {
            return validate(spineMessage.getATTACHMENTPart(this.attachmentNo), false).getReport();
        }
        throw new Exception("ITK validation of tertiary MIME part of spine message. Incorrect validation class used");
    }

    @Override // org.warlock.tk.internalservices.validation.ValidationCheck
    public void setType(String str) {
        int indexOf = str.indexOf(95);
        if (indexOf == -1) {
            return;
        }
        this.checkPart = str.substring(0, indexOf);
        this.attachmentNo = Integer.parseInt(this.checkPart.substring(10, this.checkPart.length())) - 1;
    }

    @Override // org.warlock.tk.internalservices.validation.ValidationCheck
    public void setResource(String str) {
    }

    @Override // org.warlock.tk.internalservices.validation.ValidationCheck
    public void setData(String str) throws Exception {
    }

    @Override // org.warlock.tk.internalservices.validation.ValidationCheck
    public ValidatorOutput validate(String str, boolean z) throws Exception {
        ArrayList arrayList = new ArrayList();
        DocumentBuilderFactory newInstance = DocumentBuilderFactory.newInstance();
        newInstance.setNamespaceAware(true);
        Document parse = newInstance.newDocumentBuilder().parse(new InputSource(new CharArrayReader(str.toCharArray())));
        Node item = parse.getElementsByTagNameNS(CfHNamespaceContext.SECEXT, "BinarySecurityToken").item(0);
        if (item == null) {
            arrayList.add(new ValidationReport("BinarySecurityToken not present"));
            return new ValidatorOutput(null, (ValidationReport[]) arrayList.toArray(new ValidationReport[arrayList.size()]));
        }
        Node item2 = parse.getElementsByTagNameNS(CfHNamespaceContext.SECEXT, "Username").item(0);
        NodeList childNodes = item.getChildNodes();
        String str2 = null;
        int i = 0;
        while (true) {
            if (i >= childNodes.getLength()) {
                break;
            }
            Node item3 = childNodes.item(i);
            if (item3.getNodeType() == 3) {
                str2 = item3.getNodeValue();
                break;
            }
            i++;
        }
        if (str2 == null) {
            ValidationReport validationReport = new ValidationReport("Unable to resolve encoded certificate in <BinarySecurityToken>");
            validationReport.setTest("Signature checking cannot proceed");
            return new ValidatorOutput(null, new ValidationReport[]{validationReport});
        }
        StringBuilder sb = new StringBuilder("-----BEGIN CERTIFICATE-----\n");
        sb.append(str2);
        if (str2.charAt(str2.length() - 1) != '\n') {
            sb.append("\n");
        }
        sb.append("-----END CERTIFICATE-----");
        sb.toString();
        X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(sb.toString().getBytes()));
        SimpleKeySelector simpleKeySelector = new SimpleKeySelector();
        simpleKeySelector.setFixedKey(x509Certificate.getPublicKey());
        String name = x509Certificate.getSubjectX500Principal().getName();
        if (name == null) {
            ValidationReport validationReport2 = new ValidationReport("No subject name in message signing certificate!");
            validationReport2.setTest("Username checking cannot be done");
            arrayList.add(validationReport2);
        } else if (item2 != null) {
            String textContent = item2.getTextContent();
            if (!textContent.toUpperCase().startsWith("CN=")) {
                name = name.substring(3);
            }
            if (!name.contentEquals(textContent)) {
                ValidationReport validationReport3 = new ValidationReport("User name and certificate owner do not match");
                validationReport3.setTest("Rejecting message: Username/certificate owner mismatch: Username: " + textContent + " / Certificate: " + name);
                arrayList.add(validationReport3);
            }
        } else {
            arrayList.add(new ValidationReport("User name not present"));
        }
        Node item4 = parse.getElementsByTagNameNS(CfHNamespaceContext.SECEXT, "Security").item(0);
        DOMStructure dOMStructure = new DOMStructure(parse.getElementsByTagNameNS(CfHNamespaceContext.DSNAMESPACE, "Signature").item(0));
        XMLSignatureFactory xMLSignatureFactory = XMLSignatureFactory.getInstance("DOM");
        DOMValidateContext dOMValidateContext = new DOMValidateContext(simpleKeySelector, item4);
        dOMValidateContext.setProperty("javax.xml.crypto.dsig.cacheReference", Boolean.TRUE);
        dOMValidateContext.setURIDereferencer(new DOMURIdereferencer());
        XMLSignature unmarshalXMLSignature = xMLSignatureFactory.unmarshalXMLSignature(dOMStructure);
        if (unmarshalXMLSignature.validate(dOMValidateContext)) {
            ValidationReport validationReport4 = new ValidationReport("Signature valid");
            validationReport4.setTest(" Issuer: " + x509Certificate.getIssuerX500Principal().getName());
            validationReport4.setPassed();
            arrayList.add(validationReport4);
        } else {
            ValidationReport validationReport5 = new ValidationReport("Signature not valid");
            if (unmarshalXMLSignature.getSignatureValue().validate(dOMValidateContext)) {
                StringBuilder sb2 = new StringBuilder();
                int i2 = 0;
                for (Reference reference : unmarshalXMLSignature.getSignedInfo().getReferences()) {
                    String property = System.getProperty("tks.debug.displaydigestvalues");
                    if (property == null || property.toUpperCase().startsWith("Y")) {
                        Base64 base64 = new Base64();
                        String str3 = new String(base64.encode(reference.getDigestValue()));
                        String str4 = new String(base64.encode(reference.getCalculatedDigestValue()));
                        System.err.println("Certificate digest = " + str3);
                        System.err.println("Calculated digest  = " + str4);
                    }
                    if (!reference.validate(dOMValidateContext)) {
                        sb2.append("Reference ");
                        sb2.append(i2);
                        sb2.append(" is invalid: ");
                        InputStreamReader inputStreamReader = new InputStreamReader(reference.getDigestInputStream());
                        char[] cArr = new char[10240];
                        inputStreamReader.read(cArr);
                        sb2.append(new String(cArr).trim());
                        doHtmlEscapes(sb2);
                    }
                    i2++;
                }
                validationReport5.setTest(sb2.toString());
                arrayList.add(validationReport5);
            } else {
                validationReport5.setTest("Signature validation of included digest failed");
                arrayList.add(validationReport5);
            }
        }
        return new ValidatorOutput(null, (ValidationReport[]) arrayList.toArray(new ValidationReport[arrayList.size()]));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void doHtmlEscapes(StringBuilder sb) {
        doEscape(sb, "&", "&amp;");
        doEscape(sb, ">", "&gt;");
        doEscape(sb, "<", "&lt;");
        doEscape(sb, "\"", "&quot;");
        doEscape(sb, "'", "&apos;");
    }

    static void doEscape(StringBuilder sb, String str, String str2) {
        int i = 0;
        do {
            int indexOf = sb.indexOf(str, i);
            if (indexOf == -1) {
                return;
            }
            sb.replace(indexOf, indexOf + str.length(), str2);
            i = indexOf + 1;
        } while (i != sb.length());
    }

    @Override // org.warlock.tk.internalservices.validation.ValidationCheck
    public void setVariableProvider(VariableProvider variableProvider) {
        this.vProvider = variableProvider;
    }
}
