package com.google.step2.xmlsimplesign;

import com.google.step2.http.FetchException;
import com.google.step2.http.FetchRequest;
import com.google.step2.http.HttpFetcher;
import com.google.step2.util.EncodingUtil;
import com.google.step2.util.XmlUtil;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.net.URI;
import java.security.GeneralSecurityException;
import java.security.Signature;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import org.jdom.Element;
import org.jdom.JDOMException;
import org.jdom.Namespace;

/* loaded from: input_file:tomcat-portal.zip:webapps/jetspeed/WEB-INF/lib/com-google-step2-common-2.3.1.jar:com/google/step2/xmlsimplesign/Verifier.class */
public class Verifier {
    private final CachedCertPathValidator validator;
    private final HttpFetcher fetcher;

    public Verifier(CachedCertPathValidator cachedCertPathValidator, HttpFetcher httpFetcher) {
        this.validator = cachedCertPathValidator;
        this.fetcher = httpFetcher;
    }

    public VerificationResult verify(byte[] bArr, String str) throws XmlSimpleSignException {
        try {
            Element findDsig = findDsig(XmlUtil.getJdomDocument(new ByteArrayInputStream(bArr)).getRootElement(), "Signature");
            parseSignatureInfo(findDsig);
            return checkSignature(bArr, str == null ? parseSignatureValue(findDsig) : EncodingUtil.decodeBase64(str), parseCerts(findDsig));
        } catch (CertValidatorException e) {
            throw new XmlSimpleSignException("Untrusted certificate", e);
        } catch (IOException e2) {
            throw new XmlSimpleSignException("XML error", e2);
        } catch (GeneralSecurityException e3) {
            throw new XmlSimpleSignException("Signature verification error", e3);
        } catch (JDOMException e4) {
            throw new XmlSimpleSignException("XML error", e4);
        }
    }

    private void parseSignatureInfo(Element element) throws XmlSimpleSignException {
        if (element == null) {
            throw new XmlSimpleSignException("no Signature element");
        }
        Element findDsig = findDsig(element, "SignedInfo");
        if (findDsig == null) {
            throw new XmlSimpleSignException("No SignedInfo element");
        }
        Element findDsig2 = findDsig(findDsig, "CanonicalizationMethod");
        if (findDsig2 == null) {
            throw new XmlSimpleSignException("No CanonicalizationMethod element");
        }
        String attributeValue = findDsig2.getAttributeValue("Algorithm");
        if (!Constants.CANONICALIZE_RAW_OCTETS.equals(attributeValue)) {
            throw new XmlSimpleSignException("Unknown canonicalization algorithm: " + attributeValue);
        }
        Element findDsig3 = findDsig(findDsig, "SignatureMethod");
        if (findDsig3 == null) {
            throw new XmlSimpleSignException("No SignatureMethod element");
        }
        String attributeValue2 = findDsig3.getAttributeValue("Algorithm");
        if (!"http://www.w3.org/2000/09/xmldsig#rsa-sha1".equals(attributeValue2)) {
            throw new XmlSimpleSignException("Unknown signing algorithm: " + attributeValue2);
        }
    }

    private byte[] parseSignatureValue(Element element) throws XmlSimpleSignException {
        Element findSimpleSig = findSimpleSig(element, Constants.SIGNATURE_LOCATION_ELEMENT);
        if (findSimpleSig == null) {
            throw new XmlSimpleSignException("No SignatureLocation element found");
        }
        String textTrim = findSimpleSig.getTextTrim();
        if (textTrim == null) {
            throw new XmlSimpleSignException("No SignatureLocation text found");
        }
        try {
            return EncodingUtil.decodeBase64(this.fetcher.fetch(FetchRequest.createGetRequest(URI.create(textTrim))).getContentAsBytes());
        } catch (FetchException e) {
            throw new XmlSimpleSignException("couldn't fetch signature from " + textTrim, e);
        }
    }

    private List<X509Certificate> parseCerts(Element element) throws XmlSimpleSignException, GeneralSecurityException {
        Element findDsig = findDsig(element, "KeyInfo");
        if (findDsig == null) {
            throw new XmlSimpleSignException("No KeyInfo element found");
        }
        Element findDsig2 = findDsig(findDsig, "X509Data");
        if (findDsig2 == null) {
            throw new XmlSimpleSignException("No X509Data element found");
        }
        List<Element> findElements = findElements(findDsig2, "X509Certificate");
        if (findElements.isEmpty()) {
            throw new XmlSimpleSignException("No X509Certificate elements found");
        }
        ArrayList arrayList = new ArrayList();
        Iterator<Element> it = findElements.iterator();
        while (it.hasNext()) {
            arrayList.add(CertUtil.getCertFromBase64Bytes(it.next().getTextNormalize()));
        }
        return arrayList;
    }

    private VerificationResult checkSignature(byte[] bArr, byte[] bArr2, List<X509Certificate> list) throws GeneralSecurityException, XmlSimpleSignException, CertValidatorException {
        Signature signature = Signature.getInstance("SHA1withRSA");
        signature.initVerify(list.get(0).getPublicKey());
        signature.update(bArr);
        if (!signature.verify(bArr2)) {
            throw new XmlSimpleSignException("Signature is invalid");
        }
        this.validator.validate(list);
        return new VerificationResult(list);
    }

    private List<Element> findElements(Element element, String str) {
        ArrayList arrayList = new ArrayList();
        for (Element element2 : getChildren(element)) {
            if (str.equals(element2.getName()) && Constants.XML_DSIG_NS.equals(element2.getNamespace())) {
                arrayList.add(element2);
            }
        }
        return arrayList;
    }

    private Element findDsig(Element element, String str) {
        return find(element, str, Constants.XML_DSIG_NS);
    }

    private Element findSimpleSig(Element element, String str) {
        return find(element, str, Constants.SIMPLE_SIGN_NS);
    }

    private Element find(Element element, String str, Namespace namespace) {
        for (Element element2 : getChildren(element)) {
            if (str.equals(element2.getName()) && namespace.equals(element2.getNamespace())) {
                return element2;
            }
        }
        return null;
    }

    private List<Element> getChildren(Element element) {
        return element.getChildren();
    }
}
