package com.rsa.certj.xml.dsig;

import com.rsa.certj.CertJ;
import com.rsa.certj.CertJException;
import com.rsa.certj.DatabaseService;
import com.rsa.certj.cert.Certificate;
import com.rsa.certj.cert.CertificateException;
import com.rsa.certj.cert.X509Certificate;
import com.rsa.certj.spi.path.CertPathCtx;
import com.rsa.certj.xml.Base64Transformer;
import com.rsa.certj.xml.KeyInfo;
import com.rsa.certj.xml.NodeListImpl;
import com.rsa.certj.xml.ParserHandler;
import com.rsa.certj.xml.Transformer;
import com.rsa.certj.xml.XMLException;
import com.rsa.jsafe.JSAFE_Exception;
import com.rsa.jsafe.JSAFE_Key;
import com.rsa.jsafe.JSAFE_MAC;
import com.rsa.jsafe.JSAFE_PrivateKey;
import com.rsa.jsafe.JSAFE_PublicKey;
import com.rsa.jsafe.JSAFE_SecretKey;
import com.rsa.jsafe.JSAFE_SecureRandom;
import com.rsa.jsafe.JSAFE_Signature;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.Serializable;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.Vector;
import org.apache.xerces.dom.DocumentImpl;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
import org.xml.sax.InputSource;

/* loaded from: input_file:lib/external/certj.jar:com/rsa/certj/xml/dsig/XMLSignature.class */
public class XMLSignature implements Cloneable, Serializable {
    public static final int SIGNATURE_MASK = 14;
    public static final int DETACHED_SIGNATURE = 8;
    public static final int ENVELOPING_SIGNATURE = 4;
    public static final int ENVELOPED_SIGNATURE = 2;
    private int signatureType;
    private String signatureId;
    private String namespacePrefix;
    private String c14nMethod;
    private String signatureMethod;
    private int hmacLength;
    private String xmlNamespace;
    public static final String DEFAULT_MAC_ALGORITHM = "http://www.w3.org/2000/09/xmldsig#hmac-sha1";
    public static final String[] SUPPORTED_MAC_ALGORITHMS = {DEFAULT_MAC_ALGORITHM, "http://www.w3.org/2000/07/xmldsig#hmac-sha1"};
    public static final String DSA_SIGNATURE_ALGORITHM = "http://www.w3.org/2000/09/xmldsig#dsa-sha1";
    public static final String RSA_SIGNATURE_ALGORITHM = "http://www.w3.org/2000/09/xmldsig#rsa-sha1";
    public static final String[] SUPPORTED_SIGNATURE_ALGORITHMS = {DSA_SIGNATURE_ALGORITHM, "http://www.w3.org/2000/07/xmldsig#dsa-sha1", RSA_SIGNATURE_ALGORITHM, "http://www.w3.org/2000/07/xmldsig#rsa-sha1", DEFAULT_MAC_ALGORITHM, "http://www.w3.org/2000/07/xmldsig#hmac-sha1"};
    public static final String DEFAULT_XML_NAMESPACE = "http://www.w3.org/2000/09/xmldsig#";
    public static final String[] SUPPORTED_XML_NAMESPACES = {DEFAULT_XML_NAMESPACE, "http://www.w3.org/2000/07/xmldsig#"};
    public static final String DEFAULT_DIGEST_ALGORITHM = "http://www.w3.org/2000/09/xmldsig#sha1";
    public static final String[] SUPPORTED_DIGEST_ALGORITHMS = {DEFAULT_DIGEST_ALGORITHM, "http://www.w3.org/2000/07/xmldsig#sha1"};
    private Vector references = null;
    private Vector xmlObjects = null;
    private Vector keyInfos = null;
    private Certificate[] certificates = null;
    private int verifyingCertIndex = -1;
    private JSAFE_PublicKey key = null;
    private byte[] signatureValue = null;
    private Node signedInfo = null;
    private Document document = null;
    private Node originalDataNode = null;
    private Element signatureElement = null;
    private int flags = 0;
    public boolean useTemplate = false;
    protected boolean commentXPointer = false;
    public boolean foundET = false;

    public XMLSignature() {
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v25, types: [java.io.InputStream] */
    public XMLSignature(String str) throws XMLException {
        FileInputStream fileInputStream;
        if (str == null) {
            throw new XMLException("Can't read file: file is null");
        }
        try {
            fileInputStream = new URL(str).openStream();
        } catch (MalformedURLException e) {
            try {
                fileInputStream = new FileInputStream(str);
            } catch (IOException e2) {
                throw new XMLException(new StringBuffer().append("Can't intialize the XMLSignature object:\n").append(e.getMessage()).append("\n or ").append(e2.getMessage()).toString());
            }
        } catch (IOException e3) {
            throw new XMLException(new StringBuffer().append("Can't initialize the XMLSignature object:\n").append(e3.getMessage()).toString());
        }
        parseInput(new InputSource(fileInputStream));
        try {
            fileInputStream.close();
        } catch (IOException e4) {
            throw new XMLException(new StringBuffer().append("Can't initialize the XMLSignature object:\n").append(e4.getMessage()).toString());
        }
    }

    private void parseInput(InputSource inputSource) throws XMLException {
        try {
            if (ParserHandler.SYSTEM_ID != null) {
                inputSource.setSystemId(ParserHandler.SYSTEM_ID);
            }
            if (ParserHandler.PUBLIC_ID != null) {
                inputSource.setPublicId(ParserHandler.PUBLIC_ID);
            }
            this.document = ParserHandler.parseXML(inputSource);
            this.originalDataNode = this.document;
        } catch (Exception e) {
            throw new XMLException(new StringBuffer().append("Can't parse the XML document\n").append(e.getMessage()).toString());
        }
    }

    public XMLSignature(File file) throws XMLException {
        if (file == null) {
            throw new XMLException("Can't read file: file is null");
        }
        try {
            parseInput(new InputSource(new FileInputStream(file)));
        } catch (IOException e) {
            throw new XMLException(new StringBuffer().append("Can't intialize the XMLSignature object:\n").append(e.getMessage()).toString());
        }
    }

    public XMLSignature(InputStream inputStream) throws XMLException {
        if (inputStream == null) {
            throw new XMLException("Can't read inputStream: inputStream is null");
        }
        parseInput(new InputSource(inputStream));
    }

    protected Node getOriginalDataNode() {
        return this.originalDataNode;
    }

    protected void setOriginalDataNode(Node node) {
        this.originalDataNode = node;
    }

    public void setSignedInfo(Node node) {
        this.signedInfo = node;
    }

    protected Node getSignedInfo() {
        return this.signedInfo;
    }

    public void setSignatureType(int i) {
        this.signatureType = i;
    }

    public int getSignatureType() {
        return this.signatureType;
    }

    public void setSignatureID(String str) {
        this.signatureId = str;
    }

    public String getSignatureID() {
        return this.signatureId;
    }

    public void setNamespacePrefix(String str) {
        if (this.useTemplate) {
            return;
        }
        this.namespacePrefix = str;
    }

    public String getNamespacePrefix() {
        return this.namespacePrefix;
    }

    public void setCertificates(Certificate[] certificateArr) {
        if (certificateArr != null) {
            this.certificates = new Certificate[certificateArr.length];
            for (int i = 0; i < certificateArr.length; i++) {
                this.certificates[i] = certificateArr[i];
            }
        }
    }

    public void setKey(JSAFE_PublicKey jSAFE_PublicKey) {
        this.key = jSAFE_PublicKey;
    }

    public void addReference(Reference reference) {
        if (reference != null) {
            if (this.references == null) {
                this.references = new Vector();
            }
            this.references.addElement(reference);
        }
    }

    public void setReferences(Reference[] referenceArr) {
        if (referenceArr != null) {
            if (this.references == null) {
                this.references = new Vector(referenceArr.length);
            } else {
                this.references.ensureCapacity(referenceArr.length);
                this.references.removeAllElements();
            }
            for (Reference reference : referenceArr) {
                this.references.addElement(reference);
            }
        }
    }

    public Reference[] getReferences() {
        Reference[] referenceArr = null;
        if (this.references != null) {
            referenceArr = new Reference[this.references.size()];
            this.references.copyInto(referenceArr);
        }
        return referenceArr;
    }

    public void setHMACOutputLen(int i) {
        this.hmacLength = i;
    }

    public int getHMACOutputLen() {
        return this.hmacLength;
    }

    public void setKeyInfos(KeyInfo[] keyInfoArr) {
        if (keyInfoArr != null) {
            if (this.keyInfos == null) {
                this.keyInfos = new Vector(keyInfoArr.length);
            } else {
                this.keyInfos.removeAllElements();
            }
            for (KeyInfo keyInfo : keyInfoArr) {
                this.keyInfos.addElement(keyInfo);
            }
        }
    }

    public void addKeyInfo(KeyInfo keyInfo) {
        if (this.keyInfos == null) {
            this.keyInfos = new Vector();
        }
        this.keyInfos.addElement(keyInfo);
    }

    public KeyInfo[] getKeyInfos() {
        KeyInfo[] keyInfoArr = null;
        if (this.keyInfos != null) {
            keyInfoArr = new KeyInfo[this.keyInfos.size()];
            this.keyInfos.copyInto(keyInfoArr);
        }
        return keyInfoArr;
    }

    public void setSignatureMethod(String str) throws XMLException {
        if (str != null) {
            for (int i = 0; i < SUPPORTED_SIGNATURE_ALGORITHMS.length; i++) {
                if (str.equals(SUPPORTED_SIGNATURE_ALGORITHMS[i])) {
                    this.signatureMethod = str;
                    if (this.xmlNamespace == null) {
                        this.xmlNamespace = str.substring(0, str.indexOf("#") + 1);
                        return;
                    }
                    return;
                }
            }
            throw new XMLException("Unsupported signature method");
        }
    }

    public String getSignatureMethod() {
        return this.signatureMethod;
    }

    public void setCanonicalizationMethod(String str) throws XMLException {
        if (str != null) {
            for (int i = 0; i < Transformer.C14N_LIST.length; i++) {
                if (str.equals(Transformer.C14N_LIST[i])) {
                    this.c14nMethod = str;
                    return;
                }
            }
            for (int i2 = 0; i2 < Transformer.C14N_WITH_COMMENTS_LIST.length; i2++) {
                if (str.equals(Transformer.C14N_WITH_COMMENTS_LIST[i2])) {
                    this.c14nMethod = str;
                    return;
                }
            }
            throw new XMLException("Not supported canonicalization aglorithm");
        }
    }

    public String getCanonicalizationMethod() {
        return this.c14nMethod;
    }

    public void setSignatureValue(byte[] bArr) {
        if (bArr != null) {
            this.signatureValue = new byte[bArr.length];
            System.arraycopy(bArr, 0, this.signatureValue, 0, bArr.length);
        }
    }

    public byte[] getSignatureValue() {
        return this.signatureValue;
    }

    public void setXMLObjects(Element[] elementArr) {
        if (elementArr != null) {
            if (this.xmlObjects == null) {
                this.xmlObjects = new Vector(elementArr.length);
            } else {
                this.xmlObjects.removeAllElements();
            }
            for (Element element : elementArr) {
                this.xmlObjects.addElement(element);
            }
        }
    }

    public void addXMLObject(Element element) {
        if (this.xmlObjects == null) {
            this.xmlObjects = new Vector();
        }
        this.xmlObjects.addElement(element);
    }

    public Element[] getXMLObjects() {
        Element[] elementArr = null;
        if (this.xmlObjects != null) {
            elementArr = new Element[this.xmlObjects.size()];
            this.xmlObjects.copyInto(elementArr);
        }
        return elementArr;
    }

    public Element getXMLObjectByID(String str) {
        if (str == null || this.xmlObjects == null) {
            return null;
        }
        for (int i = 0; i < this.xmlObjects.size(); i++) {
            if (this.xmlObjects.elementAt(i) != null && ((Element) this.xmlObjects.elementAt(i)).getAttribute(SigNodeNameList.ID_ATTR_NAME).equals(str)) {
                return (Element) this.xmlObjects.elementAt(i);
            }
        }
        return null;
    }

    public void includeCommentsForXPointer(boolean z) {
        this.commentXPointer = z;
    }

    public void sign(CertJ certJ) throws XMLException {
        JSAFE_PrivateKey selectPrivateKeyByPublicKey;
        if (certJ == null) {
            throw new XMLException("Can't sign the document: certj is null");
        }
        try {
            if (this.certificates == null || this.key == null) {
                getCertificateAndKey(certJ);
            }
            if (this.certificates == null && this.key == null) {
                throw new XMLException("Can't sign: No certificates or key available");
            }
            DatabaseService databaseService = (DatabaseService) certJ.bindServices(1);
            if (this.key != null && this.certificates == null) {
                selectPrivateKeyByPublicKey = databaseService.selectPrivateKeyByPublicKey(this.key);
            } else if (this.key != null || this.certificates.length < 1) {
                selectPrivateKeyByPublicKey = databaseService.selectPrivateKeyByPublicKey(this.key);
            } else {
                int i = 0;
                JSAFE_PrivateKey jSAFE_PrivateKey = null;
                for (int i2 = 0; i2 < this.certificates.length; i2++) {
                    JSAFE_PrivateKey selectPrivateKeyByCertificate = databaseService.selectPrivateKeyByCertificate(this.certificates[i2]);
                    if (selectPrivateKeyByCertificate != null) {
                        i++;
                        jSAFE_PrivateKey = selectPrivateKeyByCertificate;
                    }
                }
                if (i != 1) {
                    throw new XMLException("Private key not set, can't choose the right certificate");
                }
                selectPrivateKeyByPublicKey = jSAFE_PrivateKey;
            }
            sign(certJ, selectPrivateKeyByPublicKey, certJ.getRandomObject(), certJ.getDevice());
        } catch (CertJException e) {
            throw new XMLException(new StringBuffer().append("Can't sign the XML document:\n").append(e.getMessage()).toString());
        }
    }

    public void sign(JSAFE_Key jSAFE_Key, JSAFE_SecureRandom jSAFE_SecureRandom, String str) throws XMLException {
        sign(null, jSAFE_Key, jSAFE_SecureRandom, str);
    }

    public void sign(CertJ certJ, JSAFE_Key jSAFE_Key, JSAFE_SecureRandom jSAFE_SecureRandom, String str) throws XMLException {
        if (jSAFE_Key == null) {
            throw new XMLException("Error in signing: signKey not set");
        }
        if (str == null) {
            throw new XMLException("Error in signing: device not set");
        }
        internalSign(jSAFE_Key, jSAFE_SecureRandom, str, generateSignedInfo(), certJ);
    }

    public byte[] generateSignedInfo() throws XMLException {
        String str = this.namespacePrefix;
        String stringBuffer = str == null ? "" : new StringBuffer().append(str).append(":").toString();
        if (this.useTemplate) {
            if (this.document == null) {
                throw new XMLException("Error in Template signing:No signature document available");
            }
            parseTemplate();
            if (this.keyInfos != null) {
                this.signatureElement.insertBefore(ParserHandler.generateKeyInfo(this, this.document), ((Element) this.signatureElement.getElementsByTagNameNS(this.xmlNamespace, SigNodeNameList.SIGNATURE_VALUE_ELE_NAME).item(0)).getNextSibling());
            }
            processReferences(this.document, true);
        } else {
            if (this.signatureMethod == null) {
                throw new XMLException("Error in signing: signature method not set");
            }
            if (this.references == null) {
                throw new XMLException("Error in signing: References not set");
            }
            switch (this.signatureType & 14) {
                case 2:
                    if (this.document == null) {
                        throw new XMLException("Error in generating signature element:Root document not available");
                    }
                    if (this.originalDataNode != null && this.originalDataNode != this.document) {
                        throw new XMLException("Error in generating signature element:Can't specify more than more root");
                    }
                    this.signatureElement = ParserHandler.generateSignatureElement(this, this.document);
                    if (this.xmlObjects != null) {
                        for (int i = 0; i < this.xmlObjects.size(); i++) {
                            if (this.xmlObjects.elementAt(i) != null) {
                                this.signatureElement.appendChild((Element) this.xmlObjects.elementAt(i));
                            }
                        }
                    }
                    if (this.document.getDocumentElement() != null) {
                        this.document.getDocumentElement().appendChild(this.signatureElement);
                    }
                    if (this.originalDataNode == null) {
                        this.originalDataNode = this.document;
                    }
                    processReferences(this.document, false);
                    break;
                case 4:
                    if (this.document == null) {
                        throw new XMLException("Error in generating signature element:root document not available");
                    }
                    if (this.originalDataNode != null && this.originalDataNode != this.document) {
                        throw new XMLException("Error in signing:Can't specify more than one root document");
                    }
                    this.signatureElement = ParserHandler.generateSignatureElement(this, this.document);
                    if (this.xmlObjects != null) {
                        for (int i2 = 0; i2 < this.xmlObjects.size(); i2++) {
                            if (this.xmlObjects.elementAt(i2) != null) {
                                this.signatureElement.appendChild((Element) this.xmlObjects.elementAt(i2));
                            }
                        }
                    }
                    if (this.originalDataNode != null) {
                        Element createElementNS = this.document.createElementNS(this.xmlNamespace, new StringBuffer().append(stringBuffer).append("Object").toString());
                        int i3 = 0;
                        while (true) {
                            if (i3 < this.references.size()) {
                                if (this.references.elementAt(i3) != null) {
                                    Reference reference = (Reference) this.references.elementAt(i3);
                                    if (reference.getURI() == null) {
                                        reference.setURI("");
                                    }
                                    if (reference.getURI().indexOf("#") == -1) {
                                        createElementNS.setAttribute(SigNodeNameList.ID_ATTR_NAME, reference.getURI());
                                    } else {
                                        createElementNS.setAttribute(SigNodeNameList.ID_ATTR_NAME, reference.getURI().substring(1));
                                    }
                                } else {
                                    i3++;
                                }
                            }
                        }
                        createElementNS.setAttribute("xmlns", "");
                        createElementNS.appendChild(this.document.getDocumentElement());
                        this.signatureElement.appendChild(createElementNS);
                    }
                    this.document.appendChild(this.signatureElement);
                    if (this.originalDataNode == null) {
                        this.originalDataNode = this.document;
                    }
                    processReferences(this.document, false);
                    break;
                case 8:
                    if (this.document != null && this.document == this.originalDataNode) {
                        this.document = new DocumentImpl();
                    } else if (this.document == null) {
                        this.document = new DocumentImpl();
                    }
                    this.signatureElement = ParserHandler.generateSignatureElement(this, this.document);
                    if (this.xmlObjects != null) {
                        for (int i4 = 0; i4 < this.xmlObjects.size(); i4++) {
                            if (this.xmlObjects.elementAt(i4) != null) {
                                this.signatureElement.appendChild((Element) this.xmlObjects.elementAt(i4));
                            }
                        }
                    }
                    this.document.appendChild(this.signatureElement);
                    if (this.originalDataNode == null) {
                        this.originalDataNode = this.document;
                    }
                    processReferences(this.originalDataNode, false);
                    break;
                default:
                    throw new XMLException(new StringBuffer().append("Unknown signature algorithm:").append(this.signatureType).toString());
            }
        }
        if (this.signedInfo == null) {
            NodeList elementsByTagNameNS = this.signatureElement.getElementsByTagNameNS(this.xmlNamespace, SigNodeNameList.SIGNEDINFO_ELE_NAME);
            if (elementsByTagNameNS.getLength() != 0) {
                this.signedInfo = elementsByTagNameNS.item(0);
            }
        }
        return getCanonicalizedSignedInfo();
    }

    public byte[] getCanonicalizedSignedInfo() throws XMLException {
        if (this.c14nMethod == null) {
            throw new XMLException("Canonicalization method required");
        }
        return this.c14nMethod.indexOf("#") != -1 ? ParserHandler.nodeToByteArray(this.signedInfo, true, true, (String) null) : ParserHandler.nodeToByteArray(this.signedInfo, true, false, (String) null);
    }

    public void setSignatureValueElement(byte[] bArr) throws XMLException {
        setSignatureValue(bArr);
        setSignatureValueElement();
    }

    private void setSignatureValueElement() throws XMLException {
        Node item;
        if (this.signatureValue == null) {
            throw new XMLException("No signature value provided.");
        }
        if (this.signatureElement == null) {
            parseTemplate();
        }
        NodeList elementsByTagNameNS = this.signatureElement.getElementsByTagNameNS(this.xmlNamespace, SigNodeNameList.SIGNATURE_VALUE_ELE_NAME);
        if (elementsByTagNameNS.getLength() == 0) {
            item = this.signatureElement.getOwnerDocument().createElementNS(this.xmlNamespace, SigNodeNameList.SIGNATURE_VALUE_ELE_NAME);
            this.signatureElement.appendChild(item);
        } else {
            item = elementsByTagNameNS.item(0);
        }
        item.appendChild(this.signatureElement.getOwnerDocument().createTextNode(new String(Base64Transformer.encodeBase64(this.signatureValue, 0, this.signatureValue.length))));
    }

    private void parseTemplate() throws XMLException {
        String stringBuffer;
        NodeList elementsByTagNameNS = this.document.getElementsByTagNameNS("*", SigNodeNameList.SIGNATURE_ELE_NAME);
        if (elementsByTagNameNS.getLength() == 0) {
            throw new XMLException("This document does not contain XML signature.");
        }
        NodeListImpl nodeListImpl = new NodeListImpl();
        for (int i = 0; i < elementsByTagNameNS.getLength(); i++) {
            Element element = (Element) elementsByTagNameNS.item(i);
            String prefix = element.getPrefix();
            String attribute = element.getAttribute(new StringBuffer().append("xmlns").append(prefix == null ? "" : new StringBuffer().append(":").append(prefix).toString()).toString());
            if (attribute.equals(SUPPORTED_XML_NAMESPACES[0]) || attribute.equals(SUPPORTED_XML_NAMESPACES[1])) {
                nodeListImpl.add(element);
            }
        }
        if (nodeListImpl.getLength() == 0) {
            throw new XMLException("No valid template is found.");
        }
        String str = null;
        int i2 = 0;
        while (true) {
            if (i2 >= nodeListImpl.getLength()) {
                break;
            }
            Element element2 = (Element) nodeListImpl.item(i2);
            if (element2.hasAttribute(SigNodeNameList.ID_ATTR_NAME)) {
                str = element2.getAttributes().getNamedItem(SigNodeNameList.ID_ATTR_NAME).getNodeValue();
            }
            NodeList elementsByTagNameNS2 = element2.getElementsByTagNameNS("*", SigNodeNameList.SIGNATURE_VALUE_ELE_NAME);
            if (elementsByTagNameNS2.getLength() == 1) {
                Node firstChild = elementsByTagNameNS2.item(0).getFirstChild();
                if (firstChild == null) {
                    if (ParserHandler.TEMPLATE_ID == null) {
                        this.signatureElement = element2;
                        break;
                    } else if (ParserHandler.TEMPLATE_ID != null && str != null && str.equals(ParserHandler.TEMPLATE_ID)) {
                        this.signatureElement = element2;
                        break;
                    }
                } else if (firstChild != null && firstChild.getNodeType() == 3) {
                    try {
                        byte[] bytes = firstChild.getNodeValue().getBytes();
                        int length = Base64Transformer.decodeBase64Data(bytes, 0, bytes.length).length;
                        if (ParserHandler.TEMPLATE_ID != null || length != 0) {
                            if (ParserHandler.TEMPLATE_ID != null && str != null && length == 0 && str.equals(ParserHandler.TEMPLATE_ID)) {
                                this.signatureElement = element2;
                                break;
                            }
                        } else {
                            this.signatureElement = element2;
                            break;
                        }
                    } catch (XMLException e) {
                        throw new XMLException(new StringBuffer().append("The template has an invalid <SignatureValue> element:").append(e.getMessage()).toString());
                    }
                }
            }
            i2++;
        }
        if (this.signatureElement == null) {
            throw new XMLException("A given file does not contain an empty signature template or an invalid template id is set.");
        }
        String prefix2 = this.signatureElement.getPrefix();
        if (prefix2 == null) {
            stringBuffer = "";
        } else {
            this.namespacePrefix = prefix2;
            stringBuffer = new StringBuffer().append(":").append(prefix2).toString();
        }
        if (this.signatureElement.hasAttribute(new StringBuffer().append("xmlns").append(stringBuffer).toString())) {
            this.xmlNamespace = this.signatureElement.getAttribute(new StringBuffer().append("xmlns").append(stringBuffer).toString());
        }
        if (this.signatureElement.hasAttribute(SigNodeNameList.ID_ATTR_NAME)) {
            this.signatureId = this.signatureElement.getAttribute(SigNodeNameList.ID_ATTR_NAME);
        }
        ParserHandler.parseSignedInfo(this, this.signatureElement);
        this.signatureType = ParserHandler.checkSignatureType(this);
    }

    private void processReferences(Node node, boolean z) throws XMLException {
        Transformer[] transforms;
        for (int i = 0; i < this.references.size(); i++) {
            if (this.references.elementAt(i) != null) {
                Reference reference = (Reference) this.references.elementAt(i);
                if (z && (transforms = reference.getTransforms()) != null) {
                    for (Transformer transformer : transforms) {
                        boolean equals = transformer.getTransformAlgorithm().equals(Transformer.ENVELOPED_SIGNATURE_LIST[0]);
                        boolean equals2 = transformer.getTransformAlgorithm().equals(Transformer.ENVELOPED_SIGNATURE_LIST[1]);
                        if (equals || equals2) {
                            this.foundET = true;
                        }
                    }
                }
                if (reference.getDigestValue() == null) {
                    String namespacePrefix = getNamespacePrefix();
                    String stringBuffer = namespacePrefix == null ? "" : new StringBuffer().append(namespacePrefix).append(":").toString();
                    reference.commentXPointer = this.commentXPointer;
                    reference.makeDigestValue(node, false, stringBuffer, getXMLNamespace());
                }
            }
        }
    }

    private void internalSign(JSAFE_Key jSAFE_Key, JSAFE_SecureRandom jSAFE_SecureRandom, String str, byte[] bArr, CertJ certJ) throws XMLException {
        JSAFE_Signature jSAFE_Signature = null;
        try {
            String substring = this.signatureMethod.substring(this.signatureMethod.indexOf("#") + 1);
            if (substring.equals("dsa-sha1")) {
                if (jSAFE_SecureRandom == null) {
                    throw new XMLException("Error in DSA signing:SecureRandom not set");
                }
                jSAFE_Signature = JSAFE_Signature.getInstance("SHA1/DSA", str);
                if (certJ == null) {
                    jSAFE_Signature.signInit((JSAFE_PrivateKey) jSAFE_Key, jSAFE_SecureRandom);
                } else {
                    jSAFE_Signature.signInit((JSAFE_PrivateKey) jSAFE_Key, null, jSAFE_SecureRandom, certJ.getPKCS11Sessions());
                }
                jSAFE_Signature.signUpdate(bArr, 0, bArr.length);
                this.signatureValue = encodeRSfromASN1(jSAFE_Signature.signFinal());
            } else if (substring.equals("rsa-sha1")) {
                jSAFE_Signature = JSAFE_Signature.getInstance("SHA1/RSA/PKCS1Block01Pad", str);
                if (certJ == null) {
                    jSAFE_Signature.signInit((JSAFE_PrivateKey) jSAFE_Key, jSAFE_SecureRandom);
                } else {
                    jSAFE_Signature.signInit((JSAFE_PrivateKey) jSAFE_Key, null, jSAFE_SecureRandom, certJ.getPKCS11Sessions());
                }
                jSAFE_Signature.signUpdate(bArr, 0, bArr.length);
                this.signatureValue = new byte[jSAFE_Signature.getSignatureSize()];
                jSAFE_Signature.signFinal(this.signatureValue, 0);
            } else {
                if (!substring.equals("hmac-sha1")) {
                    throw new XMLException("Error in signing:Unsupported signatureMethod");
                }
                JSAFE_MAC jsafe_mac = JSAFE_MAC.getInstance("HMAC/SHA1", str);
                jsafe_mac.macInit((JSAFE_SecretKey) jSAFE_Key, jSAFE_SecureRandom);
                jsafe_mac.macUpdate(bArr, 0, bArr.length);
                if (this.hmacLength < 0 || this.hmacLength % 8 != 0 || this.hmacLength / 8 > 20) {
                    throw new XMLException(new StringBuffer().append("Error in signing: Wrong HMAC output length: ").append(this.hmacLength).toString());
                }
                if (this.hmacLength != 0) {
                    this.signatureValue = new byte[this.hmacLength / 8];
                    byte[] bArr2 = new byte[jsafe_mac.getMACSize()];
                    jsafe_mac.macFinal(bArr2, 0);
                    System.arraycopy(bArr2, 0, this.signatureValue, 0, this.hmacLength / 8);
                } else {
                    this.signatureValue = new byte[jsafe_mac.getMACSize()];
                    jsafe_mac.macFinal(this.signatureValue, 0);
                }
                jsafe_mac.clearSensitiveData();
            }
            if (jSAFE_Signature != null) {
                jSAFE_Signature.clearSensitiveData();
            }
            setSignatureValueElement();
        } catch (JSAFE_Exception e) {
            throw new XMLException(new StringBuffer().append("Error in signing XML document:\n").append(e.getMessage()).toString());
        }
    }

    public VerificationInfo verify(CertJ certJ, CertPathCtx certPathCtx) throws XMLException {
        JSAFE_PublicKey jSAFE_PublicKey = null;
        this.verifyingCertIndex = -1;
        try {
            if (certJ == null) {
                throw new XMLException("Can't verify signature: certj not available");
            }
            if (this.certificates == null && this.key == null) {
                getCertificateAndKey(certJ);
            }
            if (this.certificates == null && this.key != null) {
                jSAFE_PublicKey = this.key;
            } else if (this.certificates != null && this.key == null) {
                if (certPathCtx != null) {
                    int i = 0;
                    while (true) {
                        if (i >= this.certificates.length) {
                            break;
                        }
                        if (this.certificates[i] != null && certJ.verifyCertPath(certPathCtx, this.certificates[i])) {
                            jSAFE_PublicKey = this.certificates[i].getSubjectPublicKey(certJ.getDevice());
                            this.verifyingCertIndex = i;
                            break;
                        }
                        i++;
                    }
                } else if (this.certificates[0] == null) {
                    jSAFE_PublicKey = null;
                } else {
                    jSAFE_PublicKey = this.certificates[0].getSubjectPublicKey(certJ.getDevice());
                    this.verifyingCertIndex = 0;
                }
            } else if (this.certificates != null && this.key != null) {
                int i2 = 0;
                while (true) {
                    if (i2 >= this.certificates.length) {
                        break;
                    }
                    if (certPathCtx != null) {
                        if (this.certificates[i2] != null && certJ.verifyCertPath(certPathCtx, this.certificates[i2])) {
                            if (this.certificates[i2].getSubjectPublicKey(certJ.getDevice()).equals(this.key)) {
                                jSAFE_PublicKey = this.key;
                            } else if (certJ.validateCertificate(certPathCtx, this.certificates[i2], this.key)) {
                                jSAFE_PublicKey = this.key;
                            }
                        }
                    } else if (this.certificates[i2] != null) {
                        if (this.certificates[i2].getSubjectPublicKey(certJ.getDevice()).equals(this.key)) {
                            jSAFE_PublicKey = this.key;
                        } else if (this.certificates[i2].verifyCertificateSignature(certJ.getDevice(), this.key, certJ.getRandomObject())) {
                            jSAFE_PublicKey = this.key;
                        }
                    }
                    if (jSAFE_PublicKey != null) {
                        this.verifyingCertIndex = i2;
                        break;
                    }
                    i2++;
                }
            }
            return verify(certJ, jSAFE_PublicKey, certJ.getDevice());
        } catch (CertJException e) {
            throw new XMLException(new StringBuffer().append("Error in verifying certificate:\n").append(e.getMessage()).toString());
        } catch (CertificateException e2) {
            throw new XMLException(new StringBuffer().append("Error in verifying certificate:\n").append(e2.getMessage()).toString());
        }
    }

    public VerificationInfo verify(JSAFE_Key jSAFE_Key, String str) throws XMLException {
        return verify(null, jSAFE_Key, str);
    }

    public VerificationInfo verify(CertJ certJ, JSAFE_Key jSAFE_Key, String str) throws XMLException {
        if (this.c14nMethod == null) {
            throw new XMLException("Canonicalization require");
        }
        VerificationInfo verificationInfo = new VerificationInfo();
        if (this.signatureValue == null) {
            throw new XMLException("Error in verify: no signature value present");
        }
        if (jSAFE_Key == null) {
            throw new XMLException("Error in verify: verify key is null");
        }
        if (str == null) {
            throw new XMLException("Error in verify: device not set");
        }
        if (this.references == null) {
            throw new XMLException("Can't verify: no references present");
        }
        int[] iArr = new int[0];
        String[] strArr = new String[0];
        boolean z = true;
        for (int i = 0; i < this.references.size(); i++) {
            if (this.references.elementAt(i) != null) {
                StringBuffer stringBuffer = new StringBuffer();
                if (!((Reference) this.references.elementAt(i)).verify(this, stringBuffer)) {
                    z = false;
                    int[] iArr2 = new int[iArr.length];
                    String[] strArr2 = new String[strArr.length];
                    for (int i2 = 0; i2 < iArr.length; i2++) {
                        iArr2[i2] = iArr[i2];
                        System.arraycopy(strArr, 0, strArr2, 0, strArr.length);
                    }
                    iArr = new int[iArr2.length + 1];
                    strArr = new String[strArr.length + 1];
                    for (int i3 = 0; i3 < iArr2.length; i3++) {
                        iArr[i3] = iArr2[i3];
                        strArr[i3] = strArr2[i3];
                    }
                    iArr[iArr2.length] = i;
                    strArr[strArr2.length] = new String(stringBuffer);
                }
            }
        }
        if (iArr.length > 0) {
            verificationInfo.setFailedReferenceIndexes(iArr);
            verificationInfo.setDescriptions(strArr);
        }
        byte[] nodeToByteArray = this.c14nMethod.indexOf("#") != -1 ? ParserHandler.nodeToByteArray(this.signedInfo, true, true, (String) null) : ParserHandler.nodeToByteArray(this.signedInfo, true, false, (String) null);
        boolean internalVerify = internalVerify(certJ, jSAFE_Key, str, nodeToByteArray, 0, nodeToByteArray.length);
        if (internalVerify && z) {
            verificationInfo.setStatus(0);
        }
        if (!internalVerify && !z) {
            verificationInfo.setStatus(3);
        }
        if (internalVerify && !z) {
            verificationInfo.setStatus(2);
        }
        if (!internalVerify && z) {
            verificationInfo.setStatus(1);
        }
        return verificationInfo;
    }

    private boolean internalVerify(CertJ certJ, JSAFE_Key jSAFE_Key, String str, byte[] bArr, int i, int i2) throws XMLException {
        boolean verifyFinal;
        if (jSAFE_Key == null) {
            return false;
        }
        String substring = this.signatureMethod.substring(this.signatureMethod.indexOf("#") + 1);
        try {
            if (substring.equals("dsa-sha1")) {
                JSAFE_Signature jSAFE_Signature = JSAFE_Signature.getInstance("SHA1/DSA", str);
                if (certJ == null) {
                    jSAFE_Signature.verifyInit((JSAFE_PublicKey) jSAFE_Key, null);
                } else {
                    jSAFE_Signature.verifyInit((JSAFE_PublicKey) jSAFE_Key, null, null, certJ.getPKCS11Sessions());
                }
                jSAFE_Signature.verifyUpdate(bArr, i, i2);
                byte[] decodeRSinASN1 = decodeRSinASN1(this.signatureValue);
                verifyFinal = jSAFE_Signature.verifyFinal(decodeRSinASN1, 0, decodeRSinASN1.length);
                jSAFE_Signature.clearSensitiveData();
            } else if (substring.equals("rsa-sha1")) {
                JSAFE_Signature jSAFE_Signature2 = JSAFE_Signature.getInstance("SHA1/RSA/PKCS1Block01Pad", str);
                if (certJ == null) {
                    jSAFE_Signature2.verifyInit((JSAFE_PublicKey) jSAFE_Key, null);
                } else {
                    jSAFE_Signature2.verifyInit((JSAFE_PublicKey) jSAFE_Key, null, null, certJ.getPKCS11Sessions());
                }
                jSAFE_Signature2.verifyUpdate(bArr, i, i2);
                verifyFinal = jSAFE_Signature2.verifyFinal(this.signatureValue, 0, this.signatureValue.length);
                jSAFE_Signature2.clearSensitiveData();
            } else {
                if (!substring.equals("hmac-sha1")) {
                    return false;
                }
                JSAFE_MAC jsafe_mac = JSAFE_MAC.getInstance("HMAC/SHA1", str);
                jsafe_mac.verifyInit((JSAFE_SecretKey) jSAFE_Key, null);
                jsafe_mac.verifyUpdate(bArr, i, i2);
                if (this.hmacLength == 0) {
                    verifyFinal = jsafe_mac.verifyFinal(this.signatureValue, 0, this.signatureValue.length);
                } else {
                    if (this.hmacLength < 0 || this.hmacLength % 8 != 0 || this.hmacLength / 8 > 20) {
                        throw new XMLException(new StringBuffer().append("Error in signing:Wrong HMAC output length: ").append(this.hmacLength).toString());
                    }
                    jsafe_mac.macInit((JSAFE_SecretKey) jSAFE_Key, null);
                    jsafe_mac.macUpdate(bArr, i, i2);
                    byte[] bArr2 = new byte[jsafe_mac.getMACSize()];
                    jsafe_mac.macFinal(bArr2, 0);
                    for (int i3 = 0; i3 < this.signatureValue.length; i3++) {
                        if (this.signatureValue[i3] != bArr2[i3]) {
                            jsafe_mac.clearSensitiveData();
                            return false;
                        }
                    }
                    verifyFinal = true;
                }
                jsafe_mac.clearSensitiveData();
            }
            return verifyFinal;
        } catch (JSAFE_Exception e) {
            throw new XMLException(new StringBuffer().append("Can't verify signature:\n").append(e.getMessage()).toString());
        }
    }

    public Certificate getVerifyingCert() throws CloneNotSupportedException {
        if (this.certificates == null || this.verifyingCertIndex == -1 || !(this.certificates[this.verifyingCertIndex] instanceof X509Certificate)) {
            return null;
        }
        return (Certificate) ((X509Certificate) this.certificates[this.verifyingCertIndex]).clone();
    }

    public void setSignatureElement(Element element) {
        this.signatureElement = element;
    }

    public Element getSignatureElement() {
        return this.signatureElement;
    }

    public void setXMLNamespace(String str) throws XMLException {
        if (str != null) {
            for (int i = 0; i < SUPPORTED_XML_NAMESPACES.length; i++) {
                if (str.equals(SUPPORTED_XML_NAMESPACES[i])) {
                    this.xmlNamespace = str;
                    return;
                }
            }
            throw new XMLException(new StringBuffer().append("Not suppored XML namespace value:").append(str).toString());
        }
    }

    public String getXMLNamespace() {
        return this.xmlNamespace;
    }

    public void setDocument(Document document) {
        this.document = document;
    }

    public void setDocument(Document document, boolean z) {
        this.document = document;
        this.useTemplate = z;
        if (z) {
            this.namespacePrefix = null;
        }
    }

    public boolean useTemplate() {
        return this.useTemplate;
    }

    public Document getDocument() {
        return this.document;
    }

    public void setFlags(int i) {
        this.flags = i;
    }

    public int getFlags() {
        return this.flags;
    }

    private void getCertificateAndKey(CertJ certJ) throws XMLException {
        try {
            if (this.keyInfos != null) {
                for (int i = 0; i < this.keyInfos.size(); i++) {
                    if (this.keyInfos.elementAt(i) != null) {
                        if (((KeyInfo) this.keyInfos.elementAt(i)).hasCertificate()) {
                            Certificate[] certificateArr = new Certificate[0];
                            if (this.certificates != null) {
                                certificateArr = new Certificate[this.certificates.length];
                                System.arraycopy(this.certificates, 0, certificateArr, 0, this.certificates.length);
                            }
                            Certificate[] certificates = ((KeyInfo) this.keyInfos.elementAt(i)).getCertificates(certJ);
                            this.certificates = new Certificate[certificateArr.length + certificates.length];
                            System.arraycopy(certificateArr, 0, this.certificates, 0, certificateArr.length);
                            System.arraycopy(certificates, 0, this.certificates, certificateArr.length, certificates.length);
                        }
                        if (((KeyInfo) this.keyInfos.elementAt(i)).hasKey()) {
                            this.key = ((KeyInfo) this.keyInfos.elementAt(i)).getKey();
                        }
                    }
                }
            }
        } catch (CertJException e) {
            throw new XMLException(new StringBuffer().append("Error in retrieving certificates/publicKey:\n").append(e.getMessage()).toString());
        }
    }

    private static byte[] decodeRSinASN1(byte[] bArr) throws XMLException {
        if (bArr.length != 40) {
            throw new XMLException(new StringBuffer().append("Wrong R S length: ").append(bArr.length).toString());
        }
        int i = (bArr[0] & 128) == 128 ? 21 : 20;
        int i2 = (bArr[20] & 128) == 128 ? 21 : 20;
        byte[] bArr2 = new byte[i + i2 + 6];
        bArr2[0] = 48;
        bArr2[1] = (byte) (i + i2 + 4);
        bArr2[2] = 2;
        bArr2[3] = (byte) i;
        int i3 = 4;
        if ((bArr[0] & 128) == 128) {
            bArr2[4] = 0;
            i3 = 4 + 1;
        }
        System.arraycopy(bArr, 0, bArr2, i3, 20);
        int i4 = i3 + 20;
        int i5 = i4 + 1;
        bArr2[i4] = 2;
        int i6 = i5 + 1;
        bArr2[i5] = (byte) i2;
        if ((bArr[20] & 128) == 128) {
            bArr2[i6] = 0;
            i6++;
        }
        System.arraycopy(bArr, 20, bArr2, i6, 20);
        return bArr2;
    }

    private static byte[] encodeRSfromASN1(byte[] bArr) {
        byte[] bArr2 = new byte[40];
        byte b = bArr[3];
        byte b2 = bArr[4 + b + 1];
        System.arraycopy(bArr, (4 + b) - 20, bArr2, 0, 20);
        System.arraycopy(bArr, (((4 + b) + 2) + b2) - 20, bArr2, 20, 20);
        return bArr2;
    }
}
