package org.demoiselle.signer.policy.impl.xades.xml.impl;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Security;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.text.ParseException;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import javax.xml.crypto.MarshalException;
import javax.xml.crypto.dsig.XMLSignatureException;
import javax.xml.crypto.dsig.XMLSignatureFactory;
import javax.xml.crypto.dsig.dom.DOMValidateContext;
import org.apache.commons.io.IOUtils;
import org.apache.xml.security.Init;
import org.apache.xml.security.c14n.CanonicalizationException;
import org.apache.xml.security.c14n.Canonicalizer;
import org.apache.xml.security.c14n.InvalidCanonicalizerException;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.tsp.TSPException;
import org.bouncycastle.tsp.TimeStampToken;
import org.bouncycastle.util.encoders.Base64;
import org.demoiselle.signer.core.ca.manager.CAManager;
import org.demoiselle.signer.core.exception.CertificateCoreException;
import org.demoiselle.signer.core.exception.CertificateRevocationException;
import org.demoiselle.signer.core.exception.CertificateValidatorCRLException;
import org.demoiselle.signer.core.exception.CertificateValidatorException;
import org.demoiselle.signer.core.extension.BasicCertificate;
import org.demoiselle.signer.core.util.MessagesBundle;
import org.demoiselle.signer.core.validator.CRLValidator;
import org.demoiselle.signer.core.validator.PeriodValidator;
import org.demoiselle.signer.policy.engine.factory.PolicyFactory;
import org.demoiselle.signer.policy.engine.xml.icpb.XMLPolicyValidator;
import org.demoiselle.signer.policy.engine.xml.icpb.XMLSignaturePolicy;
import org.demoiselle.signer.policy.engine.xml.icpb.XMLSignerAlgConstraint;
import org.demoiselle.signer.policy.impl.xades.XMLSignatureInformations;
import org.demoiselle.signer.policy.impl.xades.XMLSignerException;
import org.demoiselle.signer.policy.impl.xades.util.DocumentUtils;
import org.demoiselle.signer.policy.impl.xades.util.PolicyUtils;
import org.demoiselle.signer.policy.impl.xades.xml.Checker;
import org.demoiselle.signer.timestamp.Timestamp;
import org.demoiselle.signer.timestamp.connector.TimeStampOperator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.DOMException;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.NodeList;

/* loaded from: input_file:org/demoiselle/signer/policy/impl/xades/xml/impl/XMLChecker.class */
public class XMLChecker implements Checker {
    public static final String XAdESv1_3_2 = "http://uri.etsi.org/01903/v1.3.2#";
    private static final Logger logger = LoggerFactory.getLogger(XMLChecker.class);
    private static MessagesBundle xadesMessagesBundle = new MessagesBundle();
    private boolean isDetached = false;
    private List<XMLSignatureInformations> signaturesInfo = new ArrayList();
    private Timestamp varTimestampToSignature = null;
    private LinkedList<String> validationErrors = new LinkedList<>();
    private LinkedList<String> validationWaring = new LinkedList<>();

    @Override // org.demoiselle.signer.policy.impl.xades.xml.Checker
    public boolean check(boolean z, String str) throws XMLSignerException, NoSuchProviderException {
        if (!z) {
            logger.error(xadesMessagesBundle.getString("error.xml.false.to.file"));
            throw new XMLSignerException(xadesMessagesBundle.getString("error.xml.false.to.file"));
        }
        if (str == null || str.isEmpty()) {
            logger.error(xadesMessagesBundle.getString("error.xml.file.null", new Object[]{"xmlSignedFile"}));
            throw new XMLSignerException(xadesMessagesBundle.getString("error.xml.file.null", new Object[]{"xmlSignedFile"}));
        }
        if (str.substring(str.lastIndexOf(".") + 1).equalsIgnoreCase("xml")) {
            return verify(DocumentUtils.loadXMLDocument(str));
        }
        logger.error(xadesMessagesBundle.getString("error.xml.not.valid.file"));
        throw new XMLSignerException(xadesMessagesBundle.getString("error.xml.not.valid.file"));
    }

    @Override // org.demoiselle.signer.policy.impl.xades.xml.Checker
    public boolean check(byte[] bArr) throws XMLSignerException, NoSuchProviderException {
        if (bArr != null && bArr.length > 0) {
            return verify(DocumentUtils.loadXMLDocument(bArr));
        }
        logger.error(xadesMessagesBundle.getString("error.xml.parameter.null", new Object[]{"byte[] docData"}));
        throw new XMLSignerException(xadesMessagesBundle.getString("error.xml.parameter.null", new Object[]{"byte[] docData"}));
    }

    @Override // org.demoiselle.signer.policy.impl.xades.xml.Checker
    public boolean check(Document document) throws XMLSignerException, NoSuchProviderException {
        if (document != null && document.getChildNodes().getLength() > 0) {
            return verify(document);
        }
        logger.error(xadesMessagesBundle.getString("error.xml.parameter.null", new Object[]{"Document doc"}));
        throw new XMLSignerException(xadesMessagesBundle.getString("error.xml.parameter.null", new Object[]{"Document doc"}));
    }

    @Override // org.demoiselle.signer.policy.impl.xades.xml.Checker
    public boolean check(String str, String str2) throws XMLSignerException, NoSuchProviderException {
        if (str == null || str.isEmpty()) {
            logger.error(xadesMessagesBundle.getString("error.xml.parameter.null", new Object[]{"String signedContentFileName"}));
            throw new XMLSignerException(xadesMessagesBundle.getString("error.xml.parameter.null", new Object[]{"String signedContentFileName"}));
        }
        if (str2 == null || str2.isEmpty()) {
            logger.error(xadesMessagesBundle.getString("error.xml.parameter.null", new Object[]{"String signatureFileName"}));
            throw new XMLSignerException(xadesMessagesBundle.getString("error.xml.parameter.null", new Object[]{"String signatureFileName"}));
        }
        if (str2.substring(str2.lastIndexOf(".") + 1).equalsIgnoreCase("xml")) {
            return check(DocumentUtils.readContent(str), DocumentUtils.loadXMLDocument(str2));
        }
        logger.error(xadesMessagesBundle.getString("error.xml.not.valid.file"));
        throw new XMLSignerException(xadesMessagesBundle.getString("error.xml.not.valid.file"));
    }

    @Override // org.demoiselle.signer.policy.impl.xades.xml.Checker
    public boolean check(byte[] bArr, byte[] bArr2) throws XMLSignerException, NoSuchProviderException {
        if (bArr == null || bArr.length <= 0) {
            logger.error(xadesMessagesBundle.getString("error.xml.parameter.null", new Object[]{"byte[] signedContent"}));
            throw new XMLSignerException(xadesMessagesBundle.getString("error.xml.parameter.null", new Object[]{"byte[] signedContent"}));
        }
        if (bArr2 != null && bArr2.length > 0) {
            return check(bArr, DocumentUtils.loadXMLDocument(bArr2));
        }
        logger.error(xadesMessagesBundle.getString("error.xml.parameter.null", new Object[]{"byte[] signature"}));
        throw new XMLSignerException(xadesMessagesBundle.getString("error.xml.parameter.null", new Object[]{"byte[] signature"}));
    }

    @Override // org.demoiselle.signer.policy.impl.xades.xml.Checker
    public boolean check(InputStream inputStream) throws XMLSignerException, NoSuchProviderException {
        if (inputStream != null) {
            return check(DocumentUtils.loadXMLDocument(inputStream));
        }
        logger.error(xadesMessagesBundle.getString("error.xml.parameter.null", new Object[]{"InputStream isXMLFile"}));
        throw new XMLSignerException(xadesMessagesBundle.getString("error.xml.parameter.null", new Object[]{"InputStream isXMLFile"}));
    }

    @Override // org.demoiselle.signer.policy.impl.xades.xml.Checker
    public boolean check(InputStream inputStream, InputStream inputStream2) throws XMLSignerException, NoSuchProviderException {
        if (inputStream == null) {
            logger.error(xadesMessagesBundle.getString("error.xml.parameter.null", new Object[]{"InputStream isContent"}));
            throw new XMLSignerException(xadesMessagesBundle.getString("error.xml.parameter.null", new Object[]{"InputStream isContent"}));
        }
        if (inputStream2 == null) {
            logger.error(xadesMessagesBundle.getString("error.xml.parameter.null", new Object[]{"InputStream isXMLSignature"}));
            throw new XMLSignerException(xadesMessagesBundle.getString("error.xml.parameter.null", new Object[]{"InputStream isXMLSignature"}));
        }
        try {
            return check(IOUtils.toByteArray(inputStream), DocumentUtils.loadXMLDocument(inputStream2));
        } catch (IOException e) {
            logger.error(xadesMessagesBundle.getString("error.io", new Object[]{e.getMessage()}));
            throw new XMLSignerException(xadesMessagesBundle.getString("error.io", new Object[]{e.getMessage()}));
        }
    }

    @Override // org.demoiselle.signer.policy.impl.xades.xml.Checker
    public boolean checkHash(byte[] bArr, String str) throws XMLSignerException, NoSuchProviderException {
        if (bArr == null || bArr.length <= 0) {
            logger.error(xadesMessagesBundle.getString("error.xml.parameter.null", new Object[]{"byte[] contentHash"}));
            throw new XMLSignerException(xadesMessagesBundle.getString("error.xml.parameter.null", new Object[]{"byte[] contentHash"}));
        }
        if (str != null && !str.isEmpty()) {
            return checkHash(bArr, DocumentUtils.loadXMLDocument(str));
        }
        logger.error(xadesMessagesBundle.getString("error.xml.parameter.null", new Object[]{"String xmlSignature"}));
        throw new XMLSignerException(xadesMessagesBundle.getString("error.xml.parameter.null", new Object[]{"String xmlSignature"}));
    }

    @Override // org.demoiselle.signer.policy.impl.xades.xml.Checker
    public boolean checkHash(InputStream inputStream, Document document) throws XMLSignerException, NoSuchProviderException {
        if (inputStream == null) {
            logger.error(xadesMessagesBundle.getString("error.xml.parameter.null", new Object[]{"InputStream isContent"}));
            throw new XMLSignerException(xadesMessagesBundle.getString("error.xml.parameter.null", new Object[]{"InputStream isContent"}));
        }
        if (document == null) {
            logger.error(xadesMessagesBundle.getString("error.xml.parameter.null", new Object[]{"Document xmlSignature"}));
            throw new XMLSignerException(xadesMessagesBundle.getString("error.xml.parameter.null", new Object[]{"Document xmlSignature"}));
        }
        try {
            return checkHash(IOUtils.toByteArray(inputStream), document);
        } catch (IOException e) {
            logger.error(xadesMessagesBundle.getString("error.io", new Object[]{e.getMessage()}));
            throw new XMLSignerException(xadesMessagesBundle.getString("error.io", new Object[]{e.getMessage()}));
        }
    }

    @Override // org.demoiselle.signer.policy.impl.xades.xml.Checker
    public boolean checkHash(InputStream inputStream, InputStream inputStream2) throws XMLSignerException, NoSuchProviderException {
        if (inputStream == null) {
            logger.error(xadesMessagesBundle.getString("error.xml.parameter.null", new Object[]{"InputStream isContent"}));
            throw new XMLSignerException(xadesMessagesBundle.getString("error.xml.parameter.null", new Object[]{"InputStream isContent"}));
        }
        if (inputStream2 == null) {
            logger.error(xadesMessagesBundle.getString("error.xml.parameter.null", new Object[]{"InputStream isXMLSignature"}));
            throw new XMLSignerException(xadesMessagesBundle.getString("error.xml.parameter.null", new Object[]{"InputStream isXMLSignature"}));
        }
        try {
            return checkHash(IOUtils.toByteArray(inputStream), DocumentUtils.loadXMLDocument(inputStream2));
        } catch (IOException e) {
            logger.error(xadesMessagesBundle.getString("error.io", new Object[]{e.getMessage()}));
            throw new XMLSignerException(xadesMessagesBundle.getString("error.io", new Object[]{e.getMessage()}));
        }
    }

    @Override // org.demoiselle.signer.policy.impl.xades.xml.Checker
    public boolean checkHash(InputStream inputStream, String str) throws XMLSignerException, NoSuchProviderException {
        if (inputStream == null) {
            logger.error(xadesMessagesBundle.getString("error.xml.parameter.null", new Object[]{"InputStream isContent"}));
            throw new XMLSignerException(xadesMessagesBundle.getString("error.xml.parameter.null", new Object[]{"InputStream isContent"}));
        }
        if (str == null) {
            logger.error(xadesMessagesBundle.getString("error.xml.parameter.null", new Object[]{"String  xmlSignature"}));
            throw new XMLSignerException(xadesMessagesBundle.getString("error.xml.parameter.null", new Object[]{"String  xmlSignature"}));
        }
        try {
            return checkHash(IOUtils.toByteArray(inputStream), DocumentUtils.loadXMLDocument(str));
        } catch (IOException e) {
            logger.error(xadesMessagesBundle.getString("error.io", new Object[]{e.getMessage()}));
            throw new XMLSignerException(xadesMessagesBundle.getString("error.io", new Object[]{e.getMessage()}));
        }
    }

    @Override // org.demoiselle.signer.policy.impl.xades.xml.Checker
    public boolean checkHash(byte[] bArr, byte[] bArr2) throws NoSuchProviderException, XMLSignerException {
        if (bArr == null || bArr.length <= 0) {
            logger.error(xadesMessagesBundle.getString("error.xml.parameter.null", new Object[]{"byte[] docHash"}));
            throw new XMLSignerException(xadesMessagesBundle.getString("error.xml.parameter.null", new Object[]{"byte[] docHash"}));
        }
        if (bArr2 != null && bArr2.length > 0) {
            return checkHash(bArr, DocumentUtils.loadXMLDocument(bArr2));
        }
        logger.error(xadesMessagesBundle.getString("error.xml.parameter.null", new Object[]{"byte[] signature"}));
        throw new XMLSignerException(xadesMessagesBundle.getString("error.xml.parameter.null", new Object[]{"byte[] signature"}));
    }

    @Override // org.demoiselle.signer.policy.impl.xades.xml.Checker
    public boolean check(String str) throws NoSuchProviderException {
        if (str != null && !str.isEmpty()) {
            return verify(DocumentUtils.loadXMLDocumentFromString(str));
        }
        logger.error(xadesMessagesBundle.getString("error.xml.string.file.null", new Object[]{"String xmlAsString"}));
        throw new XMLSignerException(xadesMessagesBundle.getString("error.xml.file.null", new Object[]{"String xmlAsString"}));
    }

    private boolean check(byte[] bArr, Document document) throws NoSuchProviderException {
        this.isDetached = true;
        boolean z = true;
        verify(document);
        try {
            NodeList elementsByTagNameNS = getSignatureElement("SignedInfo", (Element) document.getChildNodes().item(0), true).getElementsByTagNameNS("http://www.w3.org/2000/09/xmldsig#", "Reference");
            for (int i = 0; i < elementsByTagNameNS.getLength(); i++) {
                if (((Element) elementsByTagNameNS.item(i)).getAttribute("Type").isEmpty()) {
                    Element signatureElement = getSignatureElement("DigestMethod", (Element) elementsByTagNameNS.item(i), true);
                    Element signatureElement2 = getSignatureElement("DigestValue", (Element) elementsByTagNameNS.item(i), true);
                    String digestOnSignature = AlgorithmsValues.getDigestOnSignature(signatureElement.getAttribute("Algorithm"));
                    String textContent = signatureElement2.getTextContent();
                    if (digestOnSignature.isEmpty()) {
                        logger.error(xadesMessagesBundle.getString("error.xml. hash.not.found"));
                        this.validationErrors.add(xadesMessagesBundle.getString("error.xml. hash.not.found"));
                    } else if (!textContent.equals(Base64.toBase64String(MessageDigest.getInstance(digestOnSignature).digest(bArr)))) {
                        this.validationErrors.add(xadesMessagesBundle.getString("error.xml.hash.invalid"));
                        logger.error(xadesMessagesBundle.getString("error.xml.hash.invalid"));
                        z = false;
                    }
                }
            }
            return z;
        } catch (NoSuchAlgorithmException e) {
            this.validationErrors.add(xadesMessagesBundle.getString("error.xml. hash.not.found"));
            logger.error(xadesMessagesBundle.getString("error.xml. hash.not.found"));
            return false;
        }
    }

    @Override // org.demoiselle.signer.policy.impl.xades.xml.Checker
    public boolean checkHash(byte[] bArr, Document document) throws NoSuchProviderException {
        this.isDetached = true;
        verify(document);
        NodeList elementsByTagNameNS = getSignatureElement("SignedInfo", (Element) document.getChildNodes().item(0), true).getElementsByTagNameNS("http://www.w3.org/2000/09/xmldsig#", "Reference");
        for (int i = 0; i < elementsByTagNameNS.getLength(); i++) {
            if (((Element) elementsByTagNameNS.item(i)).getAttribute("Type").isEmpty() && !getSignatureElement("DigestValue", (Element) elementsByTagNameNS.item(i), true).getTextContent().equals(Base64.toBase64String(bArr))) {
                this.validationErrors.add(xadesMessagesBundle.getString("error.xml.hash.invalid"));
                logger.error(xadesMessagesBundle.getString("error.xml.hash.invalid"));
            }
        }
        return true;
    }

    private Element getSignatureElement(String str, Element element, boolean z) {
        try {
            NodeList elementsByTagNameNS = element.getElementsByTagNameNS("http://www.w3.org/2000/09/xmldsig#", str);
            if (elementsByTagNameNS.getLength() == 0) {
                if (z) {
                    this.validationErrors.add(xadesMessagesBundle.getString("error.xml.element.not.found", new Object[]{str}));
                    logger.error(xadesMessagesBundle.getString("error.xml.element.not.found", new Object[]{str}));
                } else {
                    this.validationWaring.add(xadesMessagesBundle.getString("error.xml.element.not.found", new Object[]{str}));
                    logger.warn(xadesMessagesBundle.getString("error.xml.element.not.found", new Object[]{str}));
                }
            }
            return (Element) elementsByTagNameNS.item(0);
        } catch (Exception e) {
            this.validationErrors.add(xadesMessagesBundle.getString("error.xml.element.not.found", new Object[]{str}));
            logger.error(xadesMessagesBundle.getString("error.xml.element.not.found", new Object[]{str}));
            return null;
        }
    }

    private Element getXadesElement(String str, Element element, boolean z) {
        if (element == null) {
            this.validationWaring.add(xadesMessagesBundle.getString("error.xml.parent.element.not.found", new Object[]{str}));
            logger.warn(xadesMessagesBundle.getString("error.xml.parent.element.not.found", new Object[]{str}));
            return null;
        }
        if (str == null) {
            this.validationErrors.add(xadesMessagesBundle.getString("error.xml.invalid.name", new Object[]{element.getTagName()}));
            logger.error(xadesMessagesBundle.getString("error.xml.invalid.name", new Object[]{element.getTagName()}));
            return null;
        }
        NodeList elementsByTagNameNS = element.getElementsByTagNameNS("http://uri.etsi.org/01903/v1.3.2#", str);
        if (elementsByTagNameNS.getLength() != 0) {
            return (Element) elementsByTagNameNS.item(0);
        }
        if (z) {
            this.validationErrors.add(xadesMessagesBundle.getString("error.xml.element.not.found", new Object[]{str}));
            logger.error(xadesMessagesBundle.getString("error.xml.element.not.found", new Object[]{str}));
            return null;
        }
        this.validationWaring.add(xadesMessagesBundle.getString("error.xml.element.not.found", new Object[]{str}));
        logger.warn(xadesMessagesBundle.getString("error.xml.element.not.found", new Object[]{str}));
        return null;
    }

    private String getAttribute(Element element, String str, boolean z) {
        String attribute = element.getAttribute(str);
        if (str.isEmpty()) {
            if (z) {
                this.validationErrors.add(xadesMessagesBundle.getString("error.xml.element.not.found", new Object[]{str}));
                logger.error(xadesMessagesBundle.getString("error.xml.element.not.found", new Object[]{str}));
            } else {
                this.validationWaring.add(xadesMessagesBundle.getString("error.xml.element.not.found", new Object[]{str}));
                logger.warn(xadesMessagesBundle.getString("error.xml.element.not.found", new Object[]{str}));
            }
        }
        return attribute;
    }

    private boolean verifyDigest(Element element, String str, String str2, String str3) {
        Init.init();
        try {
            byte[] canonicalizeSubtree = Canonicalizer.getInstance(str3).canonicalizeSubtree(((Element) element.getElementsByTagNameNS("http://www.w3.org/2000/09/xmldsig#", "Object").item(0)).getElementsByTagName("xades:SignedProperties").item(0));
            try {
                String digestOnSignature = AlgorithmsValues.getDigestOnSignature(str);
                if (digestOnSignature == null) {
                    this.validationErrors.add(xadesMessagesBundle.getString("error.xml.invalid.digest.method", new Object[]{str}));
                    logger.error(xadesMessagesBundle.getString("error.xml.invalid.digest.method", new Object[]{str}));
                    return false;
                }
                if (Base64.toBase64String(MessageDigest.getInstance(digestOnSignature).digest(canonicalizeSubtree)).equals(str2)) {
                    return true;
                }
                this.validationErrors.add(xadesMessagesBundle.getString("error.xml.hash.invalid"));
                logger.error(xadesMessagesBundle.getString("error.xml.hash.invalid"));
                return false;
            } catch (NoSuchAlgorithmException e) {
                this.validationErrors.add(xadesMessagesBundle.getString("error.xml.invalid.digest.method", new Object[]{str}));
                logger.error(xadesMessagesBundle.getString("error.xml.invalid.digest.method", new Object[]{str}));
                return false;
            }
        } catch (InvalidCanonicalizerException | CanonicalizationException e2) {
            this.validationErrors.add(xadesMessagesBundle.getString("error.xml.hash.data.invalid", new Object[]{str}));
            logger.error(xadesMessagesBundle.getString("error.xml.hash.data.invalid", new Object[]{str}));
            return false;
        }
    }

    private boolean verifyXPath(Document document, String str, String str2, NodeList nodeList) {
        String str3 = "";
        for (int i = 0; i < nodeList.getLength(); i++) {
            NodeList elementsByTagNameNS = ((Element) nodeList.item(i)).getElementsByTagNameNS("http://www.w3.org/2000/09/xmldsig#", "Transform");
            int i2 = 0;
            while (true) {
                if (i2 >= elementsByTagNameNS.getLength()) {
                    break;
                }
                if (AlgorithmsValues.isCanonicalMethods(((Element) elementsByTagNameNS.item(i2)).getAttribute("Algorithm"))) {
                    str3 = ((Element) elementsByTagNameNS.item(i2)).getAttribute("Algorithm");
                    break;
                }
                i2++;
            }
        }
        if (str3.isEmpty()) {
            this.validationErrors.add(xadesMessagesBundle.getString("error.xml.Invalid.Canonicalizer", new Object[]{str}));
            logger.error(xadesMessagesBundle.getString("error.xml.Invalid.Canonicalizer", new Object[]{str}));
        }
        try {
            if (Base64.toBase64String(DocumentUtils.getShaCanonizedValue(AlgorithmsValues.getDigestOnSignature(str), DocumentUtils.getDocumentData(document), str3)).equals(str2)) {
                return true;
            }
            this.validationErrors.add(xadesMessagesBundle.getString("error.xml.digest.invalid"));
            logger.error(xadesMessagesBundle.getString("error.xml.digest.invalid"));
            return false;
        } catch (Exception e) {
            this.validationErrors.add(xadesMessagesBundle.getString("error.xml.digest.invalid"));
            logger.error(xadesMessagesBundle.getString("error.xml.digest.invalid"));
            return false;
        }
    }

    private X509Certificate getCertificate(String str) throws CertificateException, NoSuchProviderException {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(Base64.decode(str));
        Security.addProvider(new BouncyCastleProvider());
        return (X509Certificate) CertificateFactory.getInstance("X.509", "BC").generateCertificate(byteArrayInputStream);
    }

    private boolean verifyHash(Element element, Element element2, String str, X509Certificate x509Certificate) {
        try {
            Element element3 = (Element) element.getElementsByTagNameNS("http://www.w3.org/2000/09/xmldsig#", "CanonicalizationMethod").item(0);
            Element element4 = (Element) element.getElementsByTagNameNS("http://www.w3.org/2000/09/xmldsig#", "SignatureMethod").item(0);
            Init.init();
            byte[] canonicalizeSubtree = Canonicalizer.getInstance(element3.getAttribute("Algorithm")).canonicalizeSubtree(element2);
            Signature signature = Signature.getInstance(AlgorithmsValues.getAlgorithmsOnSignature(element4.getAttribute("Algorithm")));
            signature.initVerify(x509Certificate);
            signature.update(canonicalizeSubtree);
            if (signature.verify(Base64.decode(str))) {
                return true;
            }
            this.validationErrors.add(xadesMessagesBundle.getString("error.xml.signature.invalid"));
            logger.error(xadesMessagesBundle.getString("error.xml.signature.invalid"));
            return false;
        } catch (NoSuchAlgorithmException e) {
            this.validationErrors.add(xadesMessagesBundle.getString("error.xml.nosuch.algorithm.exception"));
            logger.error(xadesMessagesBundle.getString("error.xml.nosuch.algorithm.exception"));
            return false;
        } catch (InvalidCanonicalizerException | CanonicalizationException | InvalidKeyException | DOMException e2) {
            this.validationErrors.add(xadesMessagesBundle.getString("error.xml.signature.invalid"));
            logger.error(xadesMessagesBundle.getString("error.xml.signature.invalid"));
            return false;
        } catch (SignatureException e3) {
            this.validationErrors.add(xadesMessagesBundle.getString("error.xml.signature.exception", new Object[]{e3.getMessage()}));
            logger.error(xadesMessagesBundle.getString("error.xml.signature.exception", new Object[]{e3.getMessage()}));
            return false;
        }
    }

    private void verifyCertificate(X509Certificate x509Certificate) {
        try {
            new CRLValidator().validate(x509Certificate);
        } catch (CertificateRevocationException e) {
            this.validationErrors.add(xadesMessagesBundle.getString("error.certificate.repealed", new Object[]{e.getMessage()}));
            logger.error("certificado revogado");
        } catch (CertificateValidatorCRLException e2) {
            this.validationErrors.add(e2.getMessage());
            logger.error(e2.getMessage());
        }
        try {
            new PeriodValidator().valDate(x509Certificate);
        } catch (CertificateValidatorException e3) {
            this.validationWaring.add(e3.getMessage());
            logger.warn(e3.getMessage());
        }
    }

    private XMLSignaturePolicy verifyPolicy(Element element, String str, String str2, String str3) {
        boolean z = false;
        if (str == null) {
            this.validationWaring.add(xadesMessagesBundle.getString("error.xml.policy.null"));
            logger.warn(xadesMessagesBundle.getString("error.xml.policy.null"));
        }
        if (str.contains("urn:oid:")) {
            str = str.substring(str.lastIndexOf(":") + 1, str.length());
        }
        XMLPolicyValidator xMLPolicyValidator = new XMLPolicyValidator(PolicyFactory.getInstance().loadXMLPolicy(PolicyUtils.getPolicyByOid(str)));
        if (!xMLPolicyValidator.validate()) {
            logger.warn(xadesMessagesBundle.getString("error.policy.not.recognized", new Object[]{str}));
            this.validationWaring.add(xadesMessagesBundle.getString("error.policy.not.recognized", new Object[]{str}));
        }
        Iterator it = xMLPolicyValidator.getXmlSignaturePolicy().getXmlSignerAlgConstraintList().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            XMLSignerAlgConstraint xMLSignerAlgConstraint = (XMLSignerAlgConstraint) it.next();
            if (xMLSignerAlgConstraint.getAlgId().equals(str2)) {
                if (xMLSignerAlgConstraint.getMinKeyLength() != null) {
                    if (8 * Base64.decode(str3).length >= Integer.parseInt(xMLSignerAlgConstraint.getMinKeyLength())) {
                        z = true;
                    } else {
                        this.validationErrors.add(xadesMessagesBundle.getString("error.xml.size.not.allowed"));
                        logger.error(xadesMessagesBundle.getString("error.xml.size.not.allowed"));
                    }
                }
            }
        }
        if (!z) {
            this.validationErrors.add(xadesMessagesBundle.getString("error.xml.invalid.algorithm", new Object[]{str}));
            logger.error(xadesMessagesBundle.getString("error.xml.invalid.algorithm", new Object[]{str}));
        }
        return xMLPolicyValidator.getXmlSignaturePolicy();
    }

    private void verifySignature(Element element, X509Certificate x509Certificate) {
        try {
            Init.init();
            Element signatureElement = getSignatureElement("CanonicalizationMethod", element, true);
            Element signatureElement2 = getSignatureElement("SignatureMethod", element, true);
            Element signatureElement3 = getSignatureElement("SignatureValue", element, true);
            String attribute = getAttribute(signatureElement, "Algorithm", true);
            String algorithmsOnSignature = AlgorithmsValues.getAlgorithmsOnSignature(getAttribute(signatureElement2, "Algorithm", true));
            byte[] canonicalizeSubtree = Canonicalizer.getInstance(attribute).canonicalizeSubtree(element.getElementsByTagName("ds:SignedInfo").item(0));
            byte[] decode = Base64.decode(signatureElement3.getTextContent());
            if (!AlgorithmsValues.isCanonicalMethods(attribute)) {
                this.validationErrors.add(xadesMessagesBundle.getString("error.xml.canonicalizer.not.allowed"));
                logger.error(xadesMessagesBundle.getString("error.xml.canonicalizer.not.allowed"));
            }
            Signature signature = Signature.getInstance(algorithmsOnSignature);
            signature.initVerify(x509Certificate);
            signature.update(canonicalizeSubtree);
            if (!signature.verify(decode)) {
                this.validationErrors.add(xadesMessagesBundle.getString("error.xml.signature.hash"));
                logger.error(xadesMessagesBundle.getString("error.xml.signature.hash"));
            }
        } catch (CanonicalizationException e) {
            this.validationErrors.add(xadesMessagesBundle.getString("error.xml.Invalid.canonicalizer", new Object[]{e.getMessage()}));
            logger.error(xadesMessagesBundle.getString("error.xml.Invalid.canonicalizer", new Object[]{e.getMessage()}));
        } catch (NoSuchAlgorithmException e2) {
            this.validationErrors.add(xadesMessagesBundle.getString("error.xml.nosuch.algorithm.exception"));
            logger.error(xadesMessagesBundle.getString("error.xml.nosuch.algorithm.exception"));
        } catch (SignatureException e3) {
            this.validationErrors.add(xadesMessagesBundle.getString("error.xml.signature.exception", new Object[]{e3.getMessage()}));
            logger.error(xadesMessagesBundle.getString("error.xml.signature.exception", new Object[]{e3.getMessage()}));
        } catch (InvalidCanonicalizerException e4) {
            this.validationErrors.add(xadesMessagesBundle.getString("error.xml.Invalid.canonicalizer", new Object[]{e4.getMessage()}));
            logger.error(xadesMessagesBundle.getString("error.xml.Invalid.canonicalizer", new Object[]{e4.getMessage()}));
        } catch (InvalidKeyException e5) {
            this.validationErrors.add(xadesMessagesBundle.getString("error.xml.invalid.key.exception"));
            logger.error(xadesMessagesBundle.getString("error.xml.invalid.key.exception"));
        }
    }

    private boolean verify(Document document) throws NoSuchProviderException {
        Init.init();
        boolean z = false;
        NodeList childNodes = document.getChildNodes();
        NodeList elementsByTagNameNS = document.getElementsByTagNameNS("http://www.w3.org/2000/09/xmldsig#", "Signature");
        if (childNodes.item(0) == elementsByTagNameNS.item(0) && !this.isDetached) {
            this.validationErrors.add(xadesMessagesBundle.getString("error.xml.detached.content"));
            logger.error(xadesMessagesBundle.getString("error.xml.detached.content"));
            XMLSignatureInformations xMLSignatureInformations = new XMLSignatureInformations();
            xMLSignatureInformations.setValidatorErrors(this.validationErrors);
            this.signaturesInfo.add(xMLSignatureInformations);
            return false;
        }
        int length = elementsByTagNameNS.getLength();
        if (length < 1) {
            this.validationErrors.add(xadesMessagesBundle.getString("error.xml.signature.not.found"));
            logger.error(xadesMessagesBundle.getString("error.xml.signature.not.found"));
            XMLSignatureInformations xMLSignatureInformations2 = new XMLSignatureInformations();
            xMLSignatureInformations2.setValidatorErrors(this.validationErrors);
            this.signaturesInfo.add(xMLSignatureInformations2);
            return false;
        }
        for (int i = 0; i < length; i++) {
            XMLSignatureInformations xMLSignatureInformations3 = new XMLSignatureInformations();
            Element element = (Element) elementsByTagNameNS.item(i);
            X509Certificate x509Certificate = null;
            try {
                x509Certificate = getCertificate(getSignatureElement("X509Certificate", getSignatureElement("X509Data", getSignatureElement("KeyInfo", element, true), true), true).getTextContent());
            } catch (CertificateException e) {
                z = false;
                this.validationErrors.add(xadesMessagesBundle.getString("error.invalid.certificate"));
            }
            if (x509Certificate != null) {
                verifyCertificate(x509Certificate);
                LinkedList<X509Certificate> linkedList = (LinkedList) CAManager.getInstance().getCertificateChain(x509Certificate);
                xMLSignatureInformations3.setIcpBrasilcertificate(new BasicCertificate(x509Certificate));
                xMLSignatureInformations3.setChain(linkedList);
                xMLSignatureInformations3.setNotAfter(x509Certificate.getNotAfter());
            }
            Element signatureElement = getSignatureElement("Object", element, false);
            if (signatureElement != null) {
                Element xadesElement = getXadesElement("QualifyingProperties", signatureElement, true);
                Element xadesElement2 = getXadesElement("SigPolicyId", getXadesElement("SignaturePolicyIdentifier", xadesElement, false), false);
                NodeList elementsByTagNameNS2 = element.getElementsByTagNameNS("http://www.w3.org/2000/09/xmldsig#", "Reference");
                for (int i2 = 0; i2 < elementsByTagNameNS2.getLength(); i2++) {
                    z = true;
                    Element element2 = (Element) elementsByTagNameNS2.item(i2);
                    NodeList elementsByTagNameNS3 = element2.getElementsByTagNameNS("http://www.w3.org/2000/09/xmldsig#", "Transforms");
                    String attribute = getAttribute(getSignatureElement("DigestMethod", (Element) elementsByTagNameNS2.item(i2), true), "Algorithm", true);
                    String textContent = getSignatureElement("DigestValue", (Element) elementsByTagNameNS2.item(i2), true).getTextContent();
                    if (element2.getElementsByTagNameNS("http://www.w3.org/2000/09/xmldsig#", "XPath").getLength() > 0) {
                        if (!verifyXPath(document, attribute, textContent, elementsByTagNameNS3)) {
                            this.validationErrors.add(xadesMessagesBundle.getString("error.xml.document.fail"));
                            z = false;
                        }
                    } else if (((Element) elementsByTagNameNS2.item(i2)).hasAttribute("Type") && ((Element) elementsByTagNameNS2.item(i2)).getAttribute("Type").endsWith("#SignedProperties") && !verifyDigest((Element) elementsByTagNameNS.item(i), attribute, textContent, ((Element) ((Element) elementsByTagNameNS2.item(i2)).getElementsByTagNameNS("http://www.w3.org/2000/09/xmldsig#", "Transform").item(0)).getAttribute("Algorithm"))) {
                        this.validationErrors.add(xadesMessagesBundle.getString("error.xml.digest.invalid"));
                        z = false;
                    }
                }
                Element xadesElement3 = getXadesElement("SignedProperties", xadesElement, true);
                Element xadesElement4 = getXadesElement("SignedSignatureProperties", xadesElement3, true);
                Element xadesElement5 = getXadesElement("SigningTime", xadesElement4, true);
                if (xadesElement5 == null) {
                    this.validationWaring.add(xadesMessagesBundle.getString("error.xml.signing.time.not.found"));
                } else {
                    try {
                        xMLSignatureInformations3.setSignDate(new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss").parse(xadesElement5.getTextContent()));
                    } catch (ParseException | DOMException e2) {
                        this.validationWaring.add(xadesMessagesBundle.getString("error.date.parser", new Object[]{e2.getMessage()}));
                    }
                }
                Element xadesElement6 = getXadesElement("SigningCertificate", xadesElement4, true);
                if (xadesElement6 == null) {
                    xadesElement6 = getXadesElement("SigningCertificateV2", xadesElement4, true);
                }
                Element xadesElement7 = getXadesElement("Cert", xadesElement6, true);
                Element xadesElement8 = getXadesElement("CertDigest", xadesElement7, true);
                if (getSignatureElement("DigestMethod", xadesElement8, true) == null) {
                    z = false;
                    this.validationWaring.add(xadesMessagesBundle.getString("error.xml.element.not.found.signature", new Object[]{"DigestMethod", "Cert"}));
                }
                if (getSignatureElement("DigestValue", xadesElement8, true) == null) {
                    z = false;
                    this.validationWaring.add(xadesMessagesBundle.getString("error.xml.element.not.found.signature", new Object[]{"IssuerSerial", "Cert"}));
                }
                if (getXadesElement("IssuerSerial", xadesElement7, true) == null) {
                    z = false;
                    this.validationWaring.add(xadesMessagesBundle.getString("error.xml.element.not.found.signature", new Object[]{"DigestValue", "Cert"}));
                }
                if (getXadesElement("SignedDataObjectProperties", xadesElement3, true) == null) {
                    z = false;
                    this.validationWaring.add(xadesMessagesBundle.getString("error.xml.element.not.found.signature", new Object[]{"SignedDataObjectProperties", "Cert"}));
                }
                if (x509Certificate != null) {
                    verifySignature(element, x509Certificate);
                    Element signatureElement2 = getSignatureElement("SignedInfo", element, true);
                    String textContent2 = getSignatureElement("SignatureValue", element, true).getTextContent();
                    verifyHash(element, signatureElement2, textContent2, x509Certificate);
                    if (xadesElement2 != null) {
                        String str = "";
                        Element signatureElement3 = getSignatureElement("SignatureMethod", element, true);
                        if (signatureElement3 != null) {
                            str = getAttribute(signatureElement3, "Algorithm", true);
                        } else {
                            this.validationErrors.add(xadesMessagesBundle.getString("error.xml.signature.method.not.found"));
                            z = false;
                        }
                        Element xadesElement9 = getXadesElement("Identifier", xadesElement2, true);
                        if (xadesElement9 != null) {
                            XMLSignaturePolicy verifyPolicy = verifyPolicy(element, xadesElement9.getTextContent(), str, textContent2);
                            xMLSignatureInformations3.setSignaturePolicy(verifyPolicy);
                            List<String> mandatedUnsignedQProperties = verifyPolicy.getXmlSignerRules().getMandatedUnsignedQProperties();
                            if (!mandatedUnsignedQProperties.isEmpty()) {
                                VerifyMandatedUnsignedQProperties(mandatedUnsignedQProperties, element, textContent2);
                                xMLSignatureInformations3.setTimeStampSigner(getVarTimestampToSignature());
                                setVarTimestampToSignature(null);
                            }
                        } else {
                            this.validationErrors.add(xadesMessagesBundle.getString("error.xml.policy.id.not.found"));
                            z = false;
                        }
                    }
                }
            } else {
                this.validationWaring.add(xadesMessagesBundle.getString("error.xml.policy.id.not.found"));
                z = verifySignatureNoICPBrasil(element, x509Certificate);
            }
            xMLSignatureInformations3.setValidatorErrors(this.validationErrors);
            xMLSignatureInformations3.setValidatorWarnins(this.validationWaring);
            this.signaturesInfo.add(xMLSignatureInformations3);
        }
        return z;
    }

    /* JADX WARN: Failed to find 'out' block for switch in B:5:0x002a. Please report as an issue. */
    private void VerifyMandatedUnsignedQProperties(List<String> list, Element element, String str) {
        for (String str2 : list) {
            boolean z = -1;
            switch (str2.hashCode()) {
                case -2091726018:
                    if (str2.equals("SignatureTimeStamp")) {
                        z = false;
                        break;
                    }
                    break;
                case -1660535431:
                    if (str2.equals("CertificateValues")) {
                        z = 4;
                        break;
                    }
                    break;
                case -679266096:
                    if (str2.equals("SigAndRefsTimeStamp")) {
                        z = 3;
                        break;
                    }
                    break;
                case -575008290:
                    if (str2.equals("CompleteCertificateRefs")) {
                        z = true;
                        break;
                    }
                    break;
                case 720860788:
                    if (str2.equals("ArchiveTimeStamp")) {
                        z = 6;
                        break;
                    }
                    break;
                case 1815145655:
                    if (str2.equals("CompleteRevocationRefs")) {
                        z = 2;
                        break;
                    }
                    break;
                case 2128784000:
                    if (str2.equals("RevocationValues")) {
                        z = 5;
                        break;
                    }
                    break;
            }
            switch (z) {
                case false:
                    checkSignatureTimeStampPropertie(element, str);
                    break;
                case true:
                    logger.error(xadesMessagesBundle.getString("error.attribute.not.implemented", new Object[]{str2}));
                    this.validationErrors.add(xadesMessagesBundle.getString("error.attribute.not.implemented", new Object[]{str2}));
                    break;
                case true:
                    logger.error(xadesMessagesBundle.getString("error.attribute.not.implemented", new Object[]{str2}));
                    this.validationErrors.add(xadesMessagesBundle.getString("error.attribute.not.implemented", new Object[]{str2}));
                    break;
                case true:
                    logger.error(xadesMessagesBundle.getString("error.attribute.not.implemented", new Object[]{str2}));
                    this.validationErrors.add(xadesMessagesBundle.getString("error.attribute.not.implemented", new Object[]{str2}));
                    break;
                case true:
                    logger.error(xadesMessagesBundle.getString("error.attribute.not.implemented", new Object[]{str2}));
                    this.validationErrors.add(xadesMessagesBundle.getString("error.attribute.not.implemented", new Object[]{str2}));
                    break;
                case true:
                    logger.error(xadesMessagesBundle.getString("error.attribute.not.implemented", new Object[]{str2}));
                    this.validationErrors.add(xadesMessagesBundle.getString("error.attribute.not.implemented", new Object[]{str2}));
                    break;
                case true:
                    logger.error(xadesMessagesBundle.getString("error.attribute.not.implemented", new Object[]{str2}));
                    this.validationErrors.add(xadesMessagesBundle.getString("error.attribute.not.implemented", new Object[]{str2}));
                    break;
                default:
                    this.validationErrors.add(xadesMessagesBundle.getString("error.attribute.not.implemented", new Object[]{str2}));
                    logger.error(xadesMessagesBundle.getString("error.attribute.not.implemented", new Object[]{str2}));
                    break;
            }
        }
    }

    private void checkSignatureTimeStampPropertie(Element element, String str) {
        try {
            Security.addProvider(new BouncyCastleProvider());
            String textContent = element.getElementsByTagName("xades:EncapsulatedTimeStamp").item(0).getTextContent();
            TimeStampOperator timeStampOperator = new TimeStampOperator();
            byte[] decode = Base64.decode(textContent);
            byte[] decode2 = Base64.decode(str);
            Timestamp timestamp = new Timestamp(new TimeStampToken(new CMSSignedData(decode)));
            timeStampOperator.validate(decode2, decode, (byte[]) null);
            setVarTimestampToSignature(timestamp);
        } catch (CertificateCoreException | IOException | TSPException | CMSException e) {
            setVarTimestampToSignature(null);
            this.validationErrors.add(xadesMessagesBundle.getString("error.xml.invalid.signature.timestamp", new Object[]{e.getMessage()}));
        }
    }

    @Override // org.demoiselle.signer.policy.impl.xades.xml.Checker
    public List<XMLSignatureInformations> getSignaturesInfo() {
        return this.signaturesInfo;
    }

    public Timestamp getVarTimestampToSignature() {
        return this.varTimestampToSignature;
    }

    private void setVarTimestampToSignature(Timestamp timestamp) {
        this.varTimestampToSignature = timestamp;
    }

    private boolean verifySignatureNoICPBrasil(Element element, X509Certificate x509Certificate) {
        DOMValidateContext dOMValidateContext = new DOMValidateContext(x509Certificate.getPublicKey(), element);
        try {
            try {
                return XMLSignatureFactory.getInstance("DOM").unmarshalXMLSignature(dOMValidateContext).validate(dOMValidateContext);
            } catch (XMLSignatureException e) {
                return false;
            }
        } catch (MarshalException e2) {
            return false;
        }
    }
}
