package com.tibco.security.xml.apache;

import com.tibco.security.AXSecurityException;
import com.tibco.security.Cert;
import com.tibco.security.CertChainVerifier;
import com.tibco.security.CertFactory;
import com.tibco.security.TrustedCerts;
import com.tibco.security.xml.XMLDSigVerifier;
import com.tibco.security.xml.XMLTrustManager;
import java.io.InputStream;
import java.io.PrintStream;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import org.apache.xml.security.keys.KeyInfo;
import org.apache.xml.security.keys.content.KeyValue;
import org.apache.xml.security.keys.content.X509Data;
import org.apache.xml.security.keys.content.x509.XMLX509IssuerSerial;
import org.apache.xml.security.keys.content.x509.XMLX509SKI;
import org.apache.xml.security.keys.content.x509.XMLX509SubjectName;
import org.apache.xml.security.signature.Reference;
import org.apache.xml.security.signature.SignedInfo;
import org.apache.xml.security.signature.XMLSignature;
import org.w3c.dom.Document;

/* loaded from: input_file:com/tibco/security/xml/apache/XMLDSigVerifierImpl.class */
public class XMLDSigVerifierImpl implements XMLDSigVerifier {
    Cert o00000;

    /* renamed from: Õ00000, reason: contains not printable characters */
    TrustedCerts f24100000;

    /* renamed from: Ó00000, reason: contains not printable characters */
    PrintStream f24200000;
    XMLDSigAppender String;

    /* renamed from: Ò00000, reason: contains not printable characters */
    XMLSignature f24300000;

    public XMLDSigVerifierImpl(Document document, String str, Cert cert, XMLTrustManager xMLTrustManager, PrintStream printStream) throws AXSecurityException {
        this.String = null;
        try {
            try {
                this.o00000 = cert;
                this.f24200000 = printStream;
                this.f24100000 = xMLTrustManager.getTrustedCerts();
                if (printStream != null) {
                    this.String = new XMLDSigAppender(printStream);
                    this.String.activate();
                }
                this.f24300000 = new XMLSignature(XMLDSigSupportImpl.o00000(document, str, false), new String("memory://"));
                this.f24300000.addResourceResolver(new XMLDSigReferenceResolver());
            } catch (Exception e) {
                if (printStream != null) {
                    printStream.println("error constructing verifier " + e.getMessage());
                }
                throw new AXSecurityException(e);
            }
        } finally {
            if (this.String != null) {
                this.String.deActivate();
            }
        }
    }

    public XMLDSigVerifierImpl(Document document, InputStream inputStream, Cert cert, XMLTrustManager xMLTrustManager, PrintStream printStream) throws AXSecurityException {
        this.String = null;
        try {
            try {
                this.o00000 = cert;
                this.f24200000 = printStream;
                this.f24100000 = xMLTrustManager.getTrustedCerts();
                if (printStream != null) {
                    this.String = new XMLDSigAppender(printStream);
                    this.String.activate();
                }
                this.f24300000 = new XMLSignature(XMLDSigSupportImpl.o00000(document, "/*", false), new String("memory://"));
                XMLDSigReferenceResolver xMLDSigReferenceResolver = new XMLDSigReferenceResolver();
                this.f24300000.addResourceResolver(xMLDSigReferenceResolver);
                SignedInfo signedInfo = this.f24300000.getSignedInfo();
                int length = signedInfo.getLength();
                boolean z = false;
                for (int i = 0; i < length; i++) {
                    Reference item = signedInfo.item(i);
                    if (item != null && (item.getURI() == null || item.getURI().length() == 0)) {
                        if (z) {
                            throw new AXSecurityException("error: no more than one reference may be missing URI information");
                        }
                        if (inputStream == null) {
                            throw new AXSecurityException("error: null or missing reference in signature and no document supplied");
                        }
                        z = true;
                        xMLDSigReferenceResolver.setRawDataForReference(inputStream);
                    }
                }
            } catch (Exception e) {
                if (!(e instanceof AXSecurityException)) {
                    throw new AXSecurityException(e);
                }
                throw ((AXSecurityException) e);
            }
        } finally {
            if (this.String != null) {
                this.String.deActivate();
            }
        }
    }

    @Override // com.tibco.security.xml.XMLDSigVerifier
    public void verify() throws AXSecurityException {
        boolean z = false;
        try {
            try {
                if (this.f24200000 != null && this.String != null) {
                    this.String.activate();
                }
                KeyInfo keyInfo = this.f24300000.getKeyInfo();
                if (keyInfo != null) {
                    if (keyInfo.containsX509Data()) {
                        if (this.f24200000 != null) {
                            this.f24200000.println("Found KeyInfo in signature, containing X509 Data");
                        }
                        int lengthX509Data = keyInfo.lengthX509Data();
                        for (int i = 0; i < lengthX509Data; i++) {
                            Cert[] m144super = m144super(keyInfo.itemX509Data(i));
                            int i2 = 0;
                            while (true) {
                                if (i2 >= m144super.length) {
                                    break;
                                }
                                X509Certificate certificate = m144super[i2].getCertificate();
                                if (this.o00000.equals(m144super[i2])) {
                                    z = this.f24300000.checkSignatureValue(this.o00000.getCertificate());
                                    if (z) {
                                        if (this.f24200000 != null) {
                                            this.f24200000.println("Signature verified using " + certificate);
                                        }
                                    }
                                } else if (this.f24200000 != null) {
                                    this.f24200000.println("Found " + m144super[i2].getCertificate() + " while looking for " + this.o00000.getCertificate());
                                }
                                i2++;
                            }
                            if (z) {
                                break;
                            }
                        }
                    } else {
                        if (!keyInfo.containsKeyValue()) {
                            throw new AXSecurityException("Unsupported types found in KeyInfo. Signature verification failed");
                        }
                        if (this.f24200000 != null) {
                            this.f24200000.println("Found KeyInfo in signature, containing Key Value");
                        }
                        int lengthKeyValue = keyInfo.lengthKeyValue();
                        int i3 = 0;
                        while (true) {
                            if (i3 >= lengthKeyValue) {
                                break;
                            }
                            if (m145super(keyInfo.itemKeyValue(i3)) && this.f24300000.checkSignatureValue(keyInfo.itemKeyValue(i3).getPublicKey())) {
                                z = true;
                                break;
                            }
                            i3++;
                        }
                    }
                } else if (this.f24300000.checkSignatureValue(this.o00000.getCertificate())) {
                    z = true;
                }
                if (!z) {
                    throw new AXSecurityException("Signature verification failed. ");
                }
            } catch (Exception e) {
                if (!(e instanceof AXSecurityException)) {
                    throw new AXSecurityException(e);
                }
                throw ((AXSecurityException) e);
            }
        } finally {
            if (this.String != null) {
                this.String.deActivate();
            }
        }
    }

    @Override // com.tibco.security.xml.XMLDSigVerifier
    public Cert[] getSigningCertificates() throws AXSecurityException {
        Cert[] certArr = (Cert[]) null;
        try {
            try {
                if (this.f24200000 != null && this.String != null) {
                    this.String.activate();
                }
                KeyInfo keyInfo = this.f24300000.getKeyInfo();
                if (keyInfo != null) {
                    X509Certificate x509Certificate = keyInfo.getX509Certificate();
                    if (x509Certificate != null) {
                        certArr = new Cert[]{CertFactory.createCert(x509Certificate)};
                    } else if (keyInfo.containsX509Data()) {
                        int lengthX509Data = keyInfo.lengthX509Data();
                        ArrayList arrayList = new ArrayList();
                        for (int i = 0; i < lengthX509Data; i++) {
                            X509Data itemX509Data = keyInfo.itemX509Data(i);
                            if (itemX509Data.containsCertificate()) {
                                int lengthCertificate = itemX509Data.lengthCertificate();
                                for (int i2 = 0; i2 < lengthCertificate; i2++) {
                                    arrayList.add(CertFactory.createCert(itemX509Data.itemCertificate(i2)));
                                }
                            }
                        }
                        certArr = (Cert[]) arrayList.toArray();
                    }
                }
                return certArr;
            } catch (Exception e) {
                throw new AXSecurityException(e);
            }
        } finally {
            if (this.String != null) {
                this.String.deActivate();
            }
        }
    }

    /* renamed from: super, reason: not valid java name */
    Cert[] m144super(X509Data x509Data) throws AXSecurityException {
        ArrayList arrayList = null;
        Cert[] certArr = (Cert[]) null;
        try {
            Cert[] certificateList = this.f24100000.getCertificateList();
            if (x509Data.containsCertificate()) {
                ArrayList arrayList2 = new ArrayList();
                int lengthCertificate = x509Data.lengthCertificate();
                for (int i = 0; i < lengthCertificate; i++) {
                    arrayList2.add(CertFactory.createCert(x509Data.itemCertificate(i).getX509Certificate()));
                }
                Cert[] certArr2 = new Cert[arrayList2.size()];
                for (int i2 = 0; i2 < arrayList2.size(); i2++) {
                    Object obj = arrayList2.get(i2);
                    if (!(obj instanceof Cert)) {
                        throw new AXSecurityException("Found invalid object " + obj.getClass().getName());
                    }
                    certArr2[i2] = (Cert) obj;
                }
                certArr = CertChainVerifier.validateAndCompleteChain(this.f24200000, certArr2, this.f24100000, null, false, null);
            } else if (x509Data.containsSKI()) {
                int lengthSKI = x509Data.lengthSKI();
                for (int i3 = 0; i3 < lengthSKI; i3++) {
                    XMLX509SKI itemSKI = x509Data.itemSKI(i3);
                    if (itemSKI.equals(XMLX509SKI.getSKIBytesFromCert(this.o00000.getCertificate()))) {
                        arrayList.add(this.o00000.getCertificate());
                    } else {
                        for (int i4 = 0; i4 < certificateList.length; i4++) {
                            if (itemSKI.equals(XMLX509SKI.getSKIBytesFromCert(certificateList[i4].getCertificate()))) {
                                arrayList.add(certificateList[i4].getCertificate());
                            }
                        }
                    }
                }
                if (arrayList.size() > 0) {
                    certArr = (Cert[]) arrayList.toArray();
                }
            } else if (x509Data.containsIssuerSerial()) {
                int lengthIssuerSerial = x509Data.lengthIssuerSerial();
                for (int i5 = 0; i5 < lengthIssuerSerial; i5++) {
                    XMLX509IssuerSerial itemIssuerSerial = x509Data.itemIssuerSerial(i5);
                    if (itemIssuerSerial.getIssuerName().equals(this.o00000.getCertificate().getIssuerDN().getName()) && itemIssuerSerial.getSerialNumber().equals(this.o00000.getCertificate().getSerialNumber())) {
                        arrayList.add(this.o00000.getCertificate());
                    } else {
                        for (int i6 = 0; i6 < certificateList.length; i6++) {
                            if (itemIssuerSerial.getIssuerName().equals(certificateList[i6].getCertificate().getIssuerDN().getName()) && itemIssuerSerial.getSerialNumber().equals(certificateList[i6].getCertificate().getSerialNumber())) {
                                arrayList.add(certificateList[i6].getCertificate());
                            }
                        }
                        if (arrayList.size() > 0) {
                            certArr = (Cert[]) arrayList.toArray();
                        }
                    }
                }
            } else if (x509Data.containsSubjectName()) {
                int lengthSubjectName = x509Data.lengthSubjectName();
                for (int i7 = 0; i7 < lengthSubjectName; i7++) {
                    XMLX509SubjectName itemSubjectName = x509Data.itemSubjectName(i7);
                    if (itemSubjectName.getSubjectName().equals(this.o00000.getCertificate().getSubjectDN().getName())) {
                        arrayList.add(this.o00000.getCertificate());
                    } else {
                        for (int i8 = 0; i8 < certificateList.length; i8++) {
                            if (itemSubjectName.getSubjectName().equals(certificateList[i8].getCertificate().getSubjectDN().getName())) {
                                arrayList.add(certificateList[i8].getCertificate());
                            }
                        }
                        if (arrayList.size() > 0) {
                            certArr = (Cert[]) arrayList.toArray();
                        }
                    }
                }
            } else if (x509Data.containsCRL() || x509Data.containsUnknownElement()) {
                throw new AXSecurityException("Found Unknown or unsupported Element in ds:X509Data");
            }
            return certArr;
        } catch (Exception e) {
            if (e instanceof AXSecurityException) {
                throw ((AXSecurityException) e);
            }
            throw new AXSecurityException(e);
        }
    }

    /* renamed from: super, reason: not valid java name */
    boolean m145super(KeyValue keyValue) throws AXSecurityException {
        try {
            PublicKey publicKey = keyValue.getPublicKey();
            PublicKey publicKey2 = this.o00000.getCertificate().getPublicKey();
            if (publicKey2.equals(publicKey) || m146super(publicKey2.getEncoded(), publicKey.getEncoded())) {
                return true;
            }
            if (this.f24200000 == null) {
                return false;
            }
            this.f24200000.println("Public key of KeyValue contained in public message did not match internally stored");
            this.f24200000.println("KeyValue public key = " + publicKey);
            this.f24200000.println("Internal Cert public key = " + publicKey2);
            return false;
        } catch (Exception e) {
            if (e instanceof AXSecurityException) {
                throw ((AXSecurityException) e);
            }
            throw new AXSecurityException(e);
        }
    }

    /* renamed from: super, reason: not valid java name */
    private boolean m146super(byte[] bArr, byte[] bArr2) {
        if (bArr.length != bArr2.length) {
            return false;
        }
        for (int i = 0; i < bArr.length; i++) {
            if (bArr[i] != bArr2[i]) {
                return false;
            }
        }
        return true;
    }
}
