package eu.fisver.a.c;

import com.sunmi.pay.hardware.aidl.AidlConstants;
import eu.fisver.a.b.f.d;
import eu.fisver.a.b.f.o;
import eu.fisver.a.j;
import eu.fisver.exceptions.CertificateValidationException;
import eu.fisver.exceptions.CredentialsException;
import eu.fisver.exceptions.ObjectConversionException;
import eu.fisver.exceptions.SignatureException;
import eu.fisver.utils.CertificateValidator;
import eu.fisver.utils.SignatureCredentials;
import eu.fisver.utils.Util;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.OutputStream;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import org.w3c.dom.Document;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;

/* loaded from: classes.dex */
public class c {
    private Document a;
    private Node b;
    private Node c;
    private Node d;
    private Node e;
    private X509Certificate f;

    static {
        eu.fisver.a.b.a.b();
    }

    public c(String str) throws ObjectConversionException {
        Document a = b.a(str);
        this.a = a;
        this.b = b.b(a, d.z);
        f();
    }

    public c(String str, String str2) throws ObjectConversionException {
        this.a = b.a(str);
        NodeList elementsByTagName = b.a(str2).getElementsByTagName(d.z);
        if (elementsByTagName.getLength() > 0) {
            this.b = this.a.importNode(elementsByTagName.item(0), true);
        }
        f();
        this.e.appendChild(this.b);
    }

    private static List<a> a(Node node) throws SignatureException {
        ArrayList arrayList = new ArrayList();
        if (node != null) {
            NodeList childNodes = node.getChildNodes();
            for (int i = 0; i < childNodes.getLength(); i++) {
                Node item = childNodes.item(i);
                if (d.G.equals(item.getLocalName()) || d.s.equals(item.getLocalName())) {
                    String a = b.a(item, "Algorithm");
                    if (a == null) {
                        throw new SignatureException("Missing Algorithm from " + item);
                    }
                    Node b = b.b(item, eu.fisver.a.b.e.b.a.a);
                    arrayList.add(new a(a, b != null ? b.a(b, eu.fisver.a.b.e.b.a.b) : null));
                }
            }
        }
        return arrayList;
    }

    private void a(SignatureCredentials signatureCredentials, CertificateValidator certificateValidator) throws SignatureException, CertificateValidationException, CredentialsException {
        boolean z = signatureCredentials == null;
        if (z) {
            try {
                X509Certificate g = g();
                this.f = g;
                if (certificateValidator != null) {
                    certificateValidator.validate(g);
                }
            } catch (CertificateValidationException e) {
                throw e;
            } catch (Exception e2) {
                throw new CertificateValidationException(e2);
            }
        }
        byte[] h = h();
        Node b = b.b(this.d, d.u);
        if (b == null) {
            throw new SignatureException("No DigestValue node");
        }
        if (z) {
            if ("1".equals(System.getProperty("eu.fisver.XmlSigner.test.verify.failDigest"))) {
                h[0] = (byte) (h[0] + 1);
            }
            if (!Arrays.equals(h, Util.base64decode(b.getTextContent()))) {
                throw new SignatureException("Invalid digest value of referenced content");
            }
        } else {
            if ("1".equals(System.getProperty("eu.fisver.XmlSigner.test.sign.failDigest"))) {
                h[0] = (byte) (h[0] + 1);
            }
            b.setTextContent(Util.base64encode(h));
        }
        byte[] a = a(this.c, a(this.c));
        Node b2 = b.b(this.b, d.E);
        if (b2 == null) {
            throw new SignatureException("No SignatureValue node");
        }
        if (z) {
            byte[] base64decode = Util.base64decode(b2.getTextContent());
            if ("1".equals(System.getProperty("eu.fisver.XmlSigner.test.verify.failSignature"))) {
                base64decode[0] = (byte) (base64decode[0] + 1);
            }
            a(a, base64decode, this.f);
            return;
        }
        byte[] a2 = a(a, signatureCredentials.getPrivateKey());
        if ("1".equals(System.getProperty("eu.fisver.XmlSigner.test.sign.failSignature"))) {
            a2[0] = (byte) (a2[0] + 1);
        }
        b2.setTextContent(Util.base64encode(a2, false));
        a(signatureCredentials.getCertificate());
    }

    private void a(X509Certificate x509Certificate) throws SignatureException {
        b(x509Certificate);
    }

    private static byte[] a(Node node, List<a> list) throws SignatureException {
        byte[] bArr;
        if (list.size() > 1) {
            throw new SignatureException("Currently max 1 canonicalizer allowed");
        }
        try {
            if (list.size() == 1) {
                a aVar = list.get(0);
                eu.fisver.a.b.b.b a = eu.fisver.a.b.b.b.a(aVar.a());
                bArr = aVar.b() != null ? a.a(node, aVar.b()) : a.a(node);
            } else {
                bArr = null;
            }
            if (bArr != null) {
                return bArr;
            }
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            o.a(node, (OutputStream) byteArrayOutputStream, false);
            return byteArrayOutputStream.toByteArray();
        } catch (Exception e) {
            throw new SignatureException(e);
        }
    }

    private byte[] a(byte[] bArr, PrivateKey privateKey) throws SignatureException, CredentialsException {
        return a(bArr, null, privateKey, null);
    }

    private byte[] a(byte[] bArr, byte[] bArr2, PrivateKey privateKey, X509Certificate x509Certificate) throws SignatureException, CredentialsException {
        String str;
        boolean z = privateKey == null;
        Node b = b.b(this.c, d.A);
        if (b == null) {
            throw new SignatureException("No SignatureMethod node");
        }
        String a = b.a(b, "Algorithm");
        if (a.contains("#rsa-sha256")) {
            str = AidlConstants.Security.RSA_SIGN_ALG_4;
        } else {
            if (!a.contains("#rsa-sha1")) {
                throw new SignatureException("Unsupported signature algorithm: " + a);
            }
            str = AidlConstants.Security.RSA_SIGN_ALG_3;
        }
        try {
            Signature signature = Signature.getInstance(str);
            if (z) {
                signature.initVerify(x509Certificate);
                signature.update(bArr);
                if (signature.verify(bArr2)) {
                    return bArr2;
                }
                throw new SignatureException("Invalid signature");
            }
            try {
                signature.initSign(privateKey);
                signature.update(bArr);
                return signature.sign();
            } catch (Exception e) {
                throw new CredentialsException(e);
            }
        } catch (SignatureException e2) {
            throw e2;
        } catch (Exception e3) {
            throw new SignatureException(e3);
        }
    }

    private byte[] a(byte[] bArr, byte[] bArr2, X509Certificate x509Certificate) throws SignatureException, CredentialsException {
        return a(bArr, bArr2, null, x509Certificate);
    }

    private byte[] b(X509Certificate x509Certificate) throws SignatureException {
        boolean z = x509Certificate == null;
        try {
            Node b = b.b(this.a, "BinarySecurityToken");
            if (b != null) {
                if (z) {
                    return Util.base64decode(b.getTextContent());
                }
                b.setTextContent(Util.base64encode(x509Certificate.getEncoded(), false));
            }
            Node b2 = b.b(this.a, d.N);
            if (b2 != null) {
                Node b3 = b.b(b2, d.ag);
                if (b3 != null) {
                    if (z) {
                        return Util.base64decode(b3.getTextContent());
                    }
                    b3.setTextContent(Util.base64encode(x509Certificate.getEncoded(), false));
                }
                if (z) {
                    return null;
                }
                Node b4 = b.b(b2, d.af);
                if (b4 != null) {
                    b4.setTextContent(j.e(x509Certificate.getSubjectX500Principal().getName()));
                }
                Node b5 = b.b(b2, d.ai);
                if (b5 != null) {
                    b5.setTextContent(j.e(x509Certificate.getIssuerX500Principal().getName()));
                }
                Node b6 = b.b(b2, d.aj);
                if (b6 != null) {
                    b6.setTextContent(String.valueOf(x509Certificate.getSerialNumber()));
                }
            }
            return null;
        } catch (Exception e) {
            throw new SignatureException(e);
        }
    }

    private void f() throws ObjectConversionException {
        Node node = this.b;
        if (node == null) {
            throw new ObjectConversionException("No Signature node");
        }
        Node b = b.b(node, d.F);
        this.c = b;
        if (b == null) {
            throw new ObjectConversionException("No SignedInfo node");
        }
        Node b2 = b.b(b, d.y);
        this.d = b2;
        if (b2 == null) {
            throw new ObjectConversionException("No Reference node");
        }
        String a = b.a(b2, "URI");
        if (a == null) {
            throw new ObjectConversionException("No Reference URI defined");
        }
        if (a.length() < 2 || a.charAt(0) != '#') {
            throw new ObjectConversionException("URI reference must begin with '#'");
        }
        String substring = a.substring(1);
        Node c = b.c(this.a, substring);
        this.e = c;
        if (c != null) {
            return;
        }
        throw new ObjectConversionException("Not found node with referenced ID: " + substring);
    }

    private X509Certificate g() throws SignatureException {
        byte[] b = b(null);
        if (b == null) {
            throw new SignatureException("No certificate in message");
        }
        try {
            return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(b));
        } catch (Exception e) {
            throw new SignatureException(e);
        }
    }

    private byte[] h() throws SignatureException {
        List<a> a = a(b.b(this.d, "Transforms"));
        Iterator<a> it = a.iterator();
        Boolean bool = null;
        while (it.hasNext()) {
            if (it.next().a().equals("http://www.w3.org/2000/09/xmldsig#enveloped-signature")) {
                bool = true;
                it.remove();
            }
        }
        if (bool == null) {
            bool = Boolean.valueOf(b.a(this.e, this.b));
        }
        Node parentNode = this.b.getParentNode();
        if (bool.booleanValue()) {
            parentNode.removeChild(this.b);
        }
        byte[] a2 = a(this.e, a);
        if (bool.booleanValue()) {
            parentNode.appendChild(this.b);
        }
        Node b = b.b(this.d, d.t);
        if (b == null) {
            throw new SignatureException("No DigestMethod node");
        }
        String a3 = b.a(b, "Algorithm");
        if (a3.contains("#sha1")) {
            return Util.sha1Digest(a2);
        }
        if (a3.contains("#sha256")) {
            return Util.sha256Digest(a2);
        }
        throw new SignatureException("Unsupported digest algorithm: " + a3);
    }

    public String a(SignatureCredentials signatureCredentials) throws SignatureException, CredentialsException {
        try {
            a(signatureCredentials, (CertificateValidator) null);
            return b.a(this.a);
        } catch (CertificateValidationException e) {
            throw new CredentialsException(e);
        } catch (ObjectConversionException e2) {
            throw new SignatureException(e2);
        }
    }

    public void a() throws SignatureException, CertificateValidationException {
        a((CertificateValidator) null);
    }

    public void a(CertificateValidator certificateValidator) throws SignatureException, CertificateValidationException {
        try {
            a((SignatureCredentials) null, certificateValidator);
        } catch (CredentialsException e) {
            throw new CertificateValidationException(e);
        }
    }

    public Document b() {
        return this.a;
    }

    public Node c() {
        return this.b;
    }

    public Node d() {
        return this.e;
    }

    public X509Certificate e() {
        return this.f;
    }
}
