package es.gob.afirma.signvalidation;

import es.gob.afirma.signers.xml.Utils;
import es.gob.afirma.signers.xml.dereference.CustomUriDereferencer;
import es.gob.afirma.signvalidation.SignValidity;
import java.io.ByteArrayInputStream;
import java.security.Key;
import java.security.KeyException;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.util.Iterator;
import java.util.List;
import java.util.logging.Logger;
import javax.xml.crypto.AlgorithmMethod;
import javax.xml.crypto.KeySelector;
import javax.xml.crypto.KeySelectorException;
import javax.xml.crypto.KeySelectorResult;
import javax.xml.crypto.XMLCryptoContext;
import javax.xml.crypto.XMLStructure;
import javax.xml.crypto.dsig.Reference;
import javax.xml.crypto.dsig.XMLSignature;
import javax.xml.crypto.dsig.XMLSignatureFactory;
import javax.xml.crypto.dsig.dom.DOMValidateContext;
import javax.xml.crypto.dsig.keyinfo.KeyInfo;
import javax.xml.crypto.dsig.keyinfo.KeyValue;
import javax.xml.crypto.dsig.keyinfo.X509Data;
import javax.xml.parsers.DocumentBuilderFactory;
import org.w3c.dom.NodeList;

/* loaded from: input_file:es/gob/afirma/signvalidation/ValidateXMLSignature.class */
public final class ValidateXMLSignature implements SignValider {
    static final Logger LOGGER = Logger.getLogger("es.gob.afirma");
    private static final SignValidity KO = new SignValidity(SignValidity.SIGN_DETAIL_TYPE.KO, null);

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:es/gob/afirma/signvalidation/ValidateXMLSignature$KeyValueKeySelector.class */
    public static final class KeyValueKeySelector extends KeySelector {
        KeyValueKeySelector() {
        }

        public KeySelectorResult select(KeyInfo keyInfo, KeySelector.Purpose purpose, AlgorithmMethod algorithmMethod, XMLCryptoContext xMLCryptoContext) throws KeySelectorException {
            if (keyInfo == null) {
                throw new KeySelectorException("Objeto KeyInfo nulo");
            }
            List content = keyInfo.getContent();
            try {
                xMLCryptoContext.setURIDereferencer(new CustomUriDereferencer());
            } catch (Exception e) {
                ValidateXMLSignature.LOGGER.warning("No se ha podido instalar un dereferenciador a medida: " + e);
            }
            for (int i = 0; i < content.size(); i++) {
                X509Data x509Data = (XMLStructure) content.get(i);
                if (x509Data instanceof KeyValue) {
                    try {
                        return new SimpleKeySelectorResult(((KeyValue) x509Data).getPublicKey());
                    } catch (KeyException e2) {
                        throw new KeySelectorException(e2);
                    }
                }
                if (x509Data instanceof X509Data) {
                    for (Object obj : x509Data.getContent()) {
                        if (obj instanceof Certificate) {
                            return new SimpleKeySelectorResult(((Certificate) obj).getPublicKey());
                        }
                    }
                }
            }
            throw new KeySelectorException("No se ha encontrado la clave publica dentro del XML firmado");
        }
    }

    /* loaded from: input_file:es/gob/afirma/signvalidation/ValidateXMLSignature$SimpleKeySelectorResult.class */
    private static final class SimpleKeySelectorResult implements KeySelectorResult {
        private final PublicKey pk;

        SimpleKeySelectorResult(PublicKey publicKey) {
            this.pk = publicKey;
        }

        public Key getKey() {
            return this.pk;
        }
    }

    @Override // es.gob.afirma.signvalidation.SignValider
    public SignValidity validate(byte[] bArr) {
        return validate(bArr, true);
    }

    @Override // es.gob.afirma.signvalidation.SignValider
    public SignValidity validate(byte[] bArr, boolean z) {
        DocumentBuilderFactory newInstance = DocumentBuilderFactory.newInstance();
        newInstance.setNamespaceAware(true);
        try {
            NodeList elementsByTagNameNS = newInstance.newDocumentBuilder().parse(new ByteArrayInputStream(bArr)).getElementsByTagNameNS("http://www.w3.org/2000/09/xmldsig#", "Signature");
            if (elementsByTagNameNS.getLength() == 0) {
                return new SignValidity(SignValidity.SIGN_DETAIL_TYPE.KO, SignValidity.VALIDITY_ERROR.NO_SIGN);
            }
            try {
                DOMValidateContext dOMValidateContext = new DOMValidateContext(new KeyValueKeySelector(), elementsByTagNameNS.item(0));
                XMLSignature unmarshalXMLSignature = Utils.getDOMFactory().unmarshalXMLSignature(dOMValidateContext);
                if (!unmarshalXMLSignature.validate(dOMValidateContext)) {
                    LOGGER.info("La firma es invalida");
                    return KO;
                }
                if (!unmarshalXMLSignature.getSignatureValue().validate(dOMValidateContext)) {
                    LOGGER.info("El valor de la firma es invalido");
                    return KO;
                }
                if (z) {
                    for (X509Data x509Data : XMLSignatureFactory.getInstance("DOM").unmarshalXMLSignature(dOMValidateContext).getKeyInfo().getContent()) {
                        if (x509Data instanceof X509Data) {
                            List content = x509Data.getContent();
                            for (int i = 0; i < content.size(); i++) {
                                if (content.get(i) instanceof X509Certificate) {
                                    try {
                                        ((X509Certificate) content.get(i)).checkValidity();
                                    } catch (CertificateExpiredException e) {
                                        return new SignValidity(SignValidity.SIGN_DETAIL_TYPE.KO, SignValidity.VALIDITY_ERROR.CERTIFICATE_EXPIRED, e);
                                    } catch (CertificateNotYetValidException e2) {
                                        return new SignValidity(SignValidity.SIGN_DETAIL_TYPE.KO, SignValidity.VALIDITY_ERROR.CERTIFICATE_NOT_VALID_YET, e2);
                                    }
                                }
                            }
                        }
                    }
                }
                Iterator it = unmarshalXMLSignature.getSignedInfo().getReferences().iterator();
                int i2 = 0;
                while (it.hasNext()) {
                    if (!((Reference) it.next()).validate(dOMValidateContext)) {
                        LOGGER.info("La referencia " + i2 + " de la firma es invalida");
                        return KO;
                    }
                    i2++;
                }
                return new SignValidity(SignValidity.SIGN_DETAIL_TYPE.OK, null);
            } catch (Exception e3) {
                LOGGER.warning("No se ha podido validar la firma: " + e3);
                return new SignValidity(SignValidity.SIGN_DETAIL_TYPE.UNKNOWN, null);
            }
        } catch (Exception e4) {
            return new SignValidity(SignValidity.SIGN_DETAIL_TYPE.KO, SignValidity.VALIDITY_ERROR.NO_SIGN);
        }
    }
}
