package com.tibco.security.xml.entrust61;

import com.tibco.security.AXSecurityException;
import com.tibco.security.Cert;
import com.tibco.security.CertUtils;
import com.tibco.security.Identity;
import com.tibco.security.xml.Base64DecodeTransform;
import com.tibco.security.xml.CanonicalXMLTransform;
import com.tibco.security.xml.CanonicalXMLWithCommentsTransform;
import com.tibco.security.xml.EnvelopedSignatureTransform;
import com.tibco.security.xml.NSDeclaration;
import com.tibco.security.xml.Reference;
import com.tibco.security.xml.SignedInfo;
import com.tibco.security.xml.Transform;
import com.tibco.security.xml.XMLDSigVerifier;
import com.tibco.security.xml.XMLTrustManager;
import com.tibco.security.xml.XPathTransform;
import com.tibco.security.xml.XSLTTransform;
import com.tibco.security.xml.impl.XMLDSigSupport;
import iaik.ixsil.algorithms.CanonicalizationAlgorithmImplCanonicalXML;
import iaik.ixsil.algorithms.DigestAlgorithmImplSHA1;
import iaik.ixsil.algorithms.SignatureAlgorithm;
import iaik.ixsil.algorithms.SignatureAlgorithmImplDSA;
import iaik.ixsil.algorithms.SignatureAlgorithmImplRSA;
import iaik.ixsil.algorithms.TransformImplBase64Decode;
import iaik.ixsil.algorithms.TransformImplCanonicalXML;
import iaik.ixsil.algorithms.TransformImplCanonicalXMLWithComments;
import iaik.ixsil.algorithms.TransformImplEnvelopedSignature;
import iaik.ixsil.algorithms.TransformImplXPath;
import iaik.ixsil.core.Position;
import iaik.ixsil.core.Signer;
import iaik.ixsil.core.SignerReference;
import iaik.ixsil.core.SignerSignature;
import iaik.ixsil.core.SignerSignedInfo;
import iaik.ixsil.exceptions.KeyProviderException;
import iaik.ixsil.exceptions.SignatureException;
import iaik.ixsil.init.IXSILInit;
import iaik.ixsil.keyinfo.KeyManagerImpl;
import iaik.ixsil.keyinfo.KeyProviderImplKeyValue;
import iaik.ixsil.keyinfo.x509.KeyProviderImplX509Data;
import iaik.ixsil.keyinfo.x509.X509Data;
import iaik.ixsil.util.DOMUtilsImpl;
import iaik.ixsil.util.URI;
import iaik.utils.RFC2253NameParserException;
import iaik.x509.X509Certificate;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.InputStream;
import java.io.PrintStream;
import java.security.PrivateKey;
import java.util.Iterator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Document;

/* loaded from: input_file:com/tibco/security/xml/entrust61/XMLDSigSupportImpl.class */
public class XMLDSigSupportImpl implements XMLDSigSupport {
    static final Logger o00000 = LoggerFactory.getLogger(XMLDSigSupport.class);

    public XMLDSigSupportImpl() throws AXSecurityException {
        String str = null;
        try {
            str = System.getProperty("entrust.init.properties", "init.properties");
            String url = new File(str).toURI().toURL().toString();
            System.out.println("initializing with URI " + url);
            IXSILInit.init(new URI(url));
        } catch (Exception e) {
            o00000.error(e.toString(), e);
            o00000.error("Failed to initialize Entrust XML D-SIG support: " + e.getMessage());
            o00000.error("Check location & contents of " + str + ".");
            throw new AXSecurityException(e.getMessage());
        }
    }

    @Override // com.tibco.security.xml.impl.XMLDSigSupport
    public Document signEnveloped(Identity identity, Document document, SignedInfo signedInfo, String str, String str2, int i, int i2, PrintStream printStream) throws AXSecurityException {
        try {
            Signer signer = new Signer(document, new URI("null://null/null"), new Position(str2, "", i));
            SignerSignature signature = signer.getSignature();
            if (str != null) {
                signature.setId(str);
            }
            o00000(signature, identity, signedInfo, false);
            o00000(signer, identity.getSigningCertChain(), i2);
            if (printStream != null) {
                printStream.println("signing, using certificate " + CertUtils.getCertificateDescription(identity.getSigningCertificate().getCertificate()));
            }
            signer.getSignature().sign();
            return signer.toDocument();
        } catch (Exception e) {
            throw new AXSecurityException(e);
        }
    }

    @Override // com.tibco.security.xml.impl.XMLDSigSupport
    public byte[] serializeSignature(Document document) throws AXSecurityException {
        try {
            DOMUtilsImpl dOMUtilsImpl = new DOMUtilsImpl();
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            dOMUtilsImpl.serializeDocument(document, byteArrayOutputStream);
            return byteArrayOutputStream.toByteArray();
        } catch (Exception e) {
            throw new AXSecurityException(e);
        }
    }

    @Override // com.tibco.security.xml.impl.XMLDSigSupport
    public Document signDetached(Identity identity, Document document, SignedInfo signedInfo, String str, int i, PrintStream printStream) throws AXSecurityException {
        try {
            Signer signer = new Signer(new URI("null://null"));
            SignerSignature signature = signer.getSignature();
            signature.setId(str);
            o00000(signature, identity, signedInfo, true);
            o00000(signer, identity.getSigningCertChain(), i);
            if (printStream != null) {
                printStream.println("signing, using certificate " + CertUtils.getCertificateDescription(identity.getSigningCertificate().getCertificate()));
            }
            signer.getSignature().sign();
            return signer.toDocument();
        } catch (Exception e) {
            throw new AXSecurityException(e);
        }
    }

    SignerSignedInfo o00000(SignerSignature signerSignature, Identity identity, SignedInfo signedInfo, boolean z) throws Exception {
        TransformImplXPath transformImplBase64Decode;
        SignerSignedInfo signerSignedInfo = signerSignature.getSignerSignedInfo();
        CanonicalizationAlgorithmImplCanonicalXML canonicalizationAlgorithmImplCanonicalXML = new CanonicalizationAlgorithmImplCanonicalXML();
        canonicalizationAlgorithmImplCanonicalXML.setURI(new URI(signedInfo.getCanonicalizationMethod()));
        signerSignedInfo.setCanonicalizationAlgorithm(canonicalizationAlgorithmImplCanonicalXML);
        signerSignedInfo.setSignatureAlgorithm(m148new(identity));
        Iterator references = signedInfo.getReferences();
        while (references.hasNext()) {
            Reference reference = (Reference) references.next();
            SignerReference createReference = signerSignedInfo.createReference();
            if (reference.getURI() != null) {
                createReference.setURI(new URI(reference.getURI()));
            }
            if (reference.getData() != null) {
                createReference.setExplicitData(reference.getData(), false);
            }
            Iterator transforms = reference.getTransforms();
            while (transforms.hasNext()) {
                Transform transform = (Transform) transforms.next();
                if (transform instanceof XPathTransform) {
                    transformImplBase64Decode = new TransformImplXPath();
                    transformImplBase64Decode.setURI(new URI(transform.getAlgorithm()));
                    transformImplBase64Decode.setXPath(((XPathTransform) transform).getXPath());
                    Iterator nSDeclarations = ((XPathTransform) transform).getNSDeclarations();
                    while (nSDeclarations.hasNext()) {
                        NSDeclaration nSDeclaration = (NSDeclaration) nSDeclarations.next();
                        transformImplBase64Decode.addNSDeclaration(nSDeclaration.getPrefix(), new URI(nSDeclaration.getURI()));
                    }
                } else if (transform instanceof EnvelopedSignatureTransform) {
                    transformImplBase64Decode = new TransformImplEnvelopedSignature();
                    transformImplBase64Decode.setURI(new URI(transform.getAlgorithm()));
                } else {
                    if (transform instanceof XSLTTransform) {
                        throw new AXSecurityException("XSLT transform not supported by Entrust");
                    }
                    if (transform instanceof CanonicalXMLTransform) {
                        transformImplBase64Decode = new TransformImplCanonicalXML();
                        transformImplBase64Decode.setURI(new URI(transform.getAlgorithm()));
                    } else if (transform instanceof CanonicalXMLWithCommentsTransform) {
                        transformImplBase64Decode = new TransformImplCanonicalXMLWithComments();
                        transformImplBase64Decode.setURI(new URI(transform.getAlgorithm()));
                    } else {
                        if (!(transform instanceof Base64DecodeTransform)) {
                            throw new AXSecurityException("unsupported transform type");
                        }
                        transformImplBase64Decode = new TransformImplBase64Decode();
                    }
                }
                if (transformImplBase64Decode != null) {
                    createReference.insertTransformAt(transformImplBase64Decode, createReference.getTransformsNumber());
                }
            }
            DigestAlgorithmImplSHA1 digestAlgorithmImplSHA1 = new DigestAlgorithmImplSHA1();
            digestAlgorithmImplSHA1.setURI(new URI("http://www.w3.org/2000/09/xmldsig#sha1"));
            createReference.setDigestAlgorithm(digestAlgorithmImplSHA1);
            signerSignedInfo.addReference(createReference);
        }
        return signerSignedInfo;
    }

    /* renamed from: new, reason: not valid java name */
    SignatureAlgorithm m148new(Identity identity) throws Exception {
        SignatureAlgorithm signatureAlgorithmImplRSA;
        PrivateKey privateKey = identity.getSigningKey().getPrivateKey();
        if (privateKey.getAlgorithm().equals("DSA")) {
            signatureAlgorithmImplRSA = new SignatureAlgorithmImplDSA();
            signatureAlgorithmImplRSA.setURI(new URI("http://www.w3.org/2000/09/xmldsig#dsa-sha1"));
        } else {
            signatureAlgorithmImplRSA = new SignatureAlgorithmImplRSA();
            signatureAlgorithmImplRSA.setURI(new URI("http://www.w3.org/2000/09/xmldsig#rsa-sha1"));
        }
        signatureAlgorithmImplRSA.setSignerKey(privateKey);
        return signatureAlgorithmImplRSA;
    }

    void o00000(Signer signer, Cert[] certArr, int i) throws KeyProviderException, RFC2253NameParserException, SignatureException, AXSecurityException {
        Document document = signer.toDocument();
        KeyManagerImpl keyManagerImpl = new KeyManagerImpl(document);
        if ((i & 2) != 0) {
            KeyProviderImplX509Data keyProviderImplX509Data = new KeyProviderImplX509Data(document);
            X509Data x509Data = new X509Data();
            for (Cert cert : certArr) {
                x509Data.insertHintAt((X509Certificate) cert.getContents(), 0);
            }
            keyProviderImplX509Data.insertX509DataAt(x509Data, 0);
            keyManagerImpl.addKeyProvider(keyProviderImplX509Data);
        } else if ((i & 1) != 0) {
            KeyProviderImplX509Data keyProviderImplX509Data2 = new KeyProviderImplX509Data(document);
            X509Data x509Data2 = new X509Data();
            for (Cert cert2 : certArr) {
                x509Data2.insertHintAt((X509Certificate) cert2.getContents(), 0);
            }
            keyProviderImplX509Data2.insertX509DataAt(x509Data2, 0);
            keyManagerImpl.addKeyProvider(keyProviderImplX509Data2);
        }
        if ((i & 4) != 0) {
            KeyProviderImplKeyValue keyProviderImplKeyValue = new KeyProviderImplKeyValue(document);
            keyProviderImplKeyValue.setVerifierKey(certArr[0].getCertificate().getPublicKey());
            keyManagerImpl.addKeyProvider(keyProviderImplKeyValue);
        }
        signer.getSignature().setKeyManager(keyManagerImpl);
    }

    @Override // com.tibco.security.xml.impl.XMLDSigSupport
    public XMLDSigVerifier createVerifierEnveloped(Document document, String str, Cert cert, XMLTrustManager xMLTrustManager, PrintStream printStream) throws AXSecurityException {
        return new XMLDSigVerifierImpl(document, str, cert, xMLTrustManager, printStream);
    }

    @Override // com.tibco.security.xml.impl.XMLDSigSupport
    public XMLDSigVerifier createVerifierDetached(Document document, InputStream inputStream, Cert cert, XMLTrustManager xMLTrustManager, PrintStream printStream) throws AXSecurityException {
        return new XMLDSigVerifierImpl(document, inputStream, cert, xMLTrustManager, printStream);
    }
}
