package com.genexus.cryptography;

import com.genexus.cryptography.signing.xml.Canonicalizer;
import com.genexus.internet.StringCollection;
import java.io.ByteArrayOutputStream;
import java.security.InvalidAlgorithmParameterException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.List;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.xpath.XPathConstants;
import javax.xml.xpath.XPathFactory;
import org.apache.xml.security.exceptions.XMLSecurityException;
import org.apache.xml.security.keys.content.X509Data;
import org.apache.xml.security.signature.XMLSignature;
import org.apache.xml.security.signature.XMLSignatureException;
import org.apache.xml.security.transforms.Transforms;
import org.apache.xml.security.utils.ElementProxy;
import org.apache.xml.security.utils.XMLUtils;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.NodeList;

/* loaded from: classes2.dex */
public class GXXMLDsig {
    private X509Certificate _cert;
    private GXCertificate _gxCert;
    private int _lastError;
    private String _lastErrorDescription;
    private PrivateKey _pKey;
    private boolean _validateCertificate;
    private List<String> _references = new ArrayList();
    private StringCollection _keyInfoClauses = new StringCollection() { // from class: com.genexus.cryptography.GXXMLDsig.1
        {
            add("X509IssuerSerial");
            add("X509SubjectName");
            add("X509Certificate");
        }
    };
    private String _canonicalizationMethod = "http://www.w3.org/TR/2001/REC-xml-c14n-20010315";
    private boolean _detached = false;

    private Boolean anyError() {
        GXCertificate gXCertificate = this._gxCert;
        if (gXCertificate == null || (gXCertificate != null && !gXCertificate.certLoaded())) {
            setError(4);
        }
        return Boolean.valueOf(this._lastError != 0);
    }

    private void initialize() {
        setError(0);
    }

    private void setError(int i) {
        setError(i, "");
    }

    private void setError(int i, String str) {
        this._lastError = i;
        switch (i) {
            case 0:
                this._lastErrorDescription = "";
                break;
            case 1:
                this._lastErrorDescription = "Cannot sign an empty xml.";
                break;
            case 2:
                this._lastErrorDescription = "Input XML is not valid";
                break;
            case 3:
                this._lastErrorDescription = "Invalid Algorithm format";
                break;
            case 4:
                this._lastErrorDescription = Constants.CERT_NOT_INITIALIZED;
                break;
            case 5:
                this._lastErrorDescription = Constants.PRIVATEKEY_NOT_PRESENT;
                break;
            case 6:
                this._lastErrorDescription = Constants.SIGNATURE_EXCEPTION;
                break;
            case 7:
                this._lastErrorDescription = "Certificate is not valid";
                break;
            case 8:
                this._lastErrorDescription = "Signature element was not found";
                break;
            case 9:
                this._lastErrorDescription = "Signature is not valid";
                break;
        }
        if (str.equals("")) {
            return;
        }
        if (this._lastErrorDescription.equals("")) {
            this._lastErrorDescription = str;
        } else {
            this._lastErrorDescription = String.format("%s - %s", this._lastErrorDescription, str);
        }
    }

    private void setKeyInfo(XMLSignature xMLSignature) {
        X509Data x509Data = new X509Data(xMLSignature.getDocument());
        if (this._keyInfoClauses.getCount() > 0) {
            ArrayList arrayList = new ArrayList();
            for (int i = 1; i <= this._keyInfoClauses.getCount(); i++) {
                String item = this._keyInfoClauses.item(i);
                if (item.equals("X509IssuerSerial")) {
                    x509Data.addIssuerSerial(this._gxCert.getCertificate().getIssuerDN().getName(), this._gxCert.getCertificate().getSerialNumber());
                } else if (item.equals("X509SubjectName")) {
                    arrayList.add(this._cert.getIssuerDN().getName());
                } else if (item.equals("X509Certificate")) {
                    try {
                        x509Data.addCertificate(this._gxCert.getCertificate());
                    } catch (XMLSecurityException unused) {
                    }
                } else if (item.equals("RSAKeyValue")) {
                    xMLSignature.getKeyInfo().add(this._gxCert.getCertificate().getPublicKey());
                }
            }
        }
        xMLSignature.getKeyInfo().add(x509Data);
    }

    public void addReference(String str) {
        this._references.add(str);
    }

    public GXCertificate getCertificate() {
        return this._gxCert;
    }

    public int getErrCode() {
        return this._lastError;
    }

    public String getErrDescription() {
        return this._lastErrorDescription;
    }

    public StringCollection getKeyInfoClauses() {
        return this._keyInfoClauses;
    }

    public Boolean getValidateCertificate() {
        return Boolean.valueOf(this._validateCertificate);
    }

    public void setCertificate(GXCertificate gXCertificate) {
        this._gxCert = gXCertificate;
        this._pKey = gXCertificate.getPrivateKey();
        this._cert = gXCertificate.getCertificate();
    }

    public void setValidateCertificate(Boolean bool) {
        this._validateCertificate = bool.booleanValue();
    }

    public String sign(String str) {
        return signElements(str, "");
    }

    public String signElements(String str, String str2) {
        initialize();
        if (!anyError().booleanValue()) {
            if (!this._gxCert.hasPrivateKey()) {
                setError(5);
                return "";
            }
            try {
                Document documentFromString = Utils.documentFromString(Canonicalizer.canonize(str), true);
                if (documentFromString == null) {
                    setError(2);
                    return "";
                }
                ArrayList arrayList = new ArrayList();
                if (str2.equals("")) {
                    arrayList.add(documentFromString.getDocumentElement());
                } else {
                    NodeList nodeList = (NodeList) XPathFactory.newInstance().newXPath().evaluate(str2, documentFromString, XPathConstants.NODESET);
                    for (int i = 0; i < nodeList.getLength(); i++) {
                        arrayList.add((Element) nodeList.item(i));
                    }
                }
                for (int i2 = 0; i2 < arrayList.size(); i2++) {
                    Element element = (Element) arrayList.get(i2);
                    NodeList elementsByTagName = element.getElementsByTagName("Signature");
                    for (int i3 = 0; i3 < elementsByTagName.getLength(); i3++) {
                        elementsByTagName.item(i3).getParentNode().removeChild(elementsByTagName.item(i3));
                    }
                    Document newDocument = DocumentBuilderFactory.newInstance().newDocumentBuilder().newDocument();
                    newDocument.appendChild(newDocument.importNode(element, true));
                    ElementProxy.setDefaultPrefix("http://www.w3.org/2000/09/xmldsig#", "");
                    XMLSignature xMLSignature = new XMLSignature(newDocument, "", "http://www.w3.org/2000/09/xmldsig#rsa-sha1");
                    newDocument.getDocumentElement().appendChild(xMLSignature.getElement());
                    Transforms transforms = new Transforms(newDocument);
                    transforms.addTransform("http://www.w3.org/2000/09/xmldsig#enveloped-signature");
                    if (this._references.size() > 0) {
                        for (int i4 = 0; i4 < this._references.size(); i4++) {
                            xMLSignature.addDocument(this._references.get(i4), transforms, "http://www.w3.org/2000/09/xmldsig#sha1");
                        }
                    } else {
                        xMLSignature.addDocument("", transforms, "http://www.w3.org/2000/09/xmldsig#sha1");
                    }
                    setKeyInfo(xMLSignature);
                    xMLSignature.sign(this._gxCert.getPrivateKey());
                    element.getParentNode().replaceChild(documentFromString.importNode(newDocument.getDocumentElement(), true), element);
                }
                ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                XMLUtils.outputDOMc14nWithComments(documentFromString, byteArrayOutputStream);
                return new String(byteArrayOutputStream.toByteArray());
            } catch (InvalidAlgorithmParameterException e) {
                Utils.logError(e);
            } catch (NoSuchAlgorithmException e2) {
                Utils.logError(e2);
                setError(3);
            } catch (Exception e3) {
                Utils.logError(e3);
                setError(6, e3.getMessage());
            }
        }
        return "";
    }

    public boolean verify(String str) {
        Document document;
        boolean z;
        boolean checkSignatureValue;
        initialize();
        try {
            document = Utils.documentFromString(Canonicalizer.canonize(str), true);
        } catch (Exception unused) {
            document = null;
        }
        if (document == null) {
            setError(2);
            return false;
        }
        NodeList elementsByTagNameNS = document.getElementsByTagNameNS("http://www.w3.org/2000/09/xmldsig#", "Signature");
        if (elementsByTagNameNS.getLength() == 0) {
            return false;
        }
        try {
            XMLSignature xMLSignature = new XMLSignature((Element) elementsByTagNameNS.item(0), "");
            if (this._validateCertificate) {
                z = this._gxCert.verify();
                if (!z) {
                    setError(7);
                }
            } else {
                z = true;
            }
            if (xMLSignature.getKeyInfo() == null) {
                setError(8);
            }
            X509Certificate x509Certificate = xMLSignature.getKeyInfo().getX509Certificate();
            if (x509Certificate == null) {
                PublicKey publicKey = xMLSignature.getKeyInfo().getPublicKey();
                if (publicKey == null) {
                    setError(7);
                }
                checkSignatureValue = xMLSignature.checkSignatureValue(publicKey);
            } else {
                checkSignatureValue = xMLSignature.checkSignatureValue(x509Certificate);
            }
            if (!checkSignatureValue) {
                setError(9);
            }
            return checkSignatureValue && z;
        } catch (XMLSecurityException e) {
            Utils.logError((Exception) e);
            setError(6);
            return false;
        } catch (XMLSignatureException e2) {
            Utils.logError((Exception) e2);
            setError(6);
            return false;
        }
    }
}
