package de.governikus.autent.crypto.utils.xml;

import de.governikus.autent.crypto.utils.exceptions.SignatureException;
import de.governikus.autent.key.utils.KeyStoreWrapper;
import de.governikus.autent.xml.utils.XmlHelper;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import javax.xml.xpath.XPathConstants;
import javax.xml.xpath.XPathExpressionException;
import javax.xml.xpath.XPathFactory;
import org.apache.commons.lang3.StringUtils;
import org.apache.xml.security.exceptions.XMLSecurityException;
import org.apache.xml.security.keys.KeyInfo;
import org.apache.xml.security.keys.keyresolver.KeyResolverException;
import org.apache.xml.security.signature.XMLSignature;
import org.apache.xml.security.signature.XMLSignatureException;
import org.apache.xml.security.transforms.TransformationException;
import org.apache.xml.security.transforms.Transforms;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Document;
import org.w3c.dom.Element;

/* loaded from: input_file:de/governikus/autent/crypto/utils/xml/XmlSigner.class */
public final class XmlSigner {
    private static final Logger log = LoggerFactory.getLogger(XmlSigner.class);

    public static String createEnvelopedSignature(String str, KeyStoreWrapper keyStoreWrapper, String str2) {
        return createEnvelopedSignature(str, (PrivateKey) keyStoreWrapper.getPrivateKey(str2).orElseThrow(() -> {
            return new IllegalStateException("no signing key found for alias: " + str2);
        }), (X509Certificate) keyStoreWrapper.getCertificate(str2).orElseThrow(() -> {
            return new IllegalStateException("no certificate found for alias: " + str2);
        }));
    }

    public static String createEnvelopedSignature(String str, PrivateKey privateKey, X509Certificate x509Certificate) {
        log.trace("signing XML");
        XmlHelper xmlHelper = new XmlHelper();
        if (StringUtils.isBlank(str) || !xmlHelper.isXmlWellFormed(str)) {
            throw new IllegalArgumentException("xml is not valid");
        }
        Document document = xmlHelper.toDocument(str);
        try {
            XMLSignature xMLSignature = new XMLSignature(document, "", "http://www.w3.org/2007/05/xmldsig-more#sha256-rsa-MGF1");
            document.getDocumentElement().appendChild(xMLSignature.getElement());
            Transforms transforms = new Transforms(document);
            try {
                transforms.addTransform("http://www.w3.org/2000/09/xmldsig#enveloped-signature");
                transforms.addTransform("http://www.w3.org/2001/10/xml-exc-c14n#");
                try {
                    xMLSignature.addKeyInfo(x509Certificate);
                    try {
                        xMLSignature.addDocument("", transforms, "http://www.w3.org/2001/04/xmlenc#sha256");
                        xMLSignature.sign(privateKey);
                        log.info("Signing completed");
                        return xmlHelper.documentToString(document);
                    } catch (XMLSignatureException e) {
                        throw new SignatureException("applying signature to xml failed: " + e.getMessage(), e);
                    }
                } catch (XMLSecurityException e2) {
                    throw new SignatureException("could not add X509 certificate information to signature: " + e2.getMessage(), e2);
                }
            } catch (TransformationException e3) {
                throw new SignatureException("transformation could not be applied to xml: " + e3.getMessage(), e3);
            }
        } catch (XMLSecurityException e4) {
            throw new SignatureException("could not create signature element: " + e4.getMessage(), e4);
        }
    }

    public static void verifyXmlSignature(String str) {
        XMLSignature xmlSignatureElement = getXmlSignatureElement(str);
        KeyInfo keyInfo = xmlSignatureElement.getKeyInfo();
        if (keyInfo == null) {
            throw new SignatureException("signature validation failed: no key info element present");
        }
        try {
            X509Certificate x509Certificate = keyInfo.getX509Certificate();
            if (x509Certificate == null) {
                throw new SignatureException("signature validation failed: no certificate added to signature");
            }
            validateXmlSignature(xmlSignatureElement, x509Certificate);
        } catch (KeyResolverException e) {
            throw new SignatureException("signature validation failed: " + e.getMessage(), e);
        }
    }

    public static void verifyXmlSignature(String str, X509Certificate x509Certificate) {
        validateXmlSignature(getXmlSignatureElement(str), x509Certificate);
    }

    private static void validateXmlSignature(XMLSignature xMLSignature, X509Certificate x509Certificate) {
        try {
            if (xMLSignature.checkSignatureValue(x509Certificate)) {
            } else {
                throw new SignatureException("xml signature validation failed: signature was not valid");
            }
        } catch (XMLSignatureException e) {
            throw new SignatureException("xml signature validation failed: " + e.getMessage(), e);
        }
    }

    private static XMLSignature getXmlSignatureElement(String str) {
        XmlHelper xmlHelper = new XmlHelper();
        if (StringUtils.isBlank(str) || !xmlHelper.isXmlWellFormed(str)) {
            throw new SignatureException("siganture validation failed: document is not a valid xml document");
        }
        try {
            Element element = (Element) XPathFactory.newInstance().newXPath().evaluate("//*[local-name()='Signature' and namespace-uri()='http://www.w3.org/2000/09/xmldsig#']", xmlHelper.toDocument(str), XPathConstants.NODE);
            if (element == null) {
                throw new SignatureException("signature validation failed: no signature element found");
            }
            try {
                return new XMLSignature(element, "");
            } catch (XMLSecurityException e) {
                throw new SignatureException("problem while parsing xml signature element to java pojo: " + e.getMessage(), e);
            }
        } catch (XPathExpressionException e2) {
            throw new SignatureException("error while evaluating xpath to find signature element: " + e2.getMessage(), e2);
        }
    }

    private XmlSigner() {
    }
}
