package com.google.step2.xmlsimplesign;

import com.google.step2.util.EncodingUtil;
import com.google.step2.util.Preconditions;
import com.google.step2.util.RandUtil;
import com.google.step2.util.XmlUtil;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import org.jdom.Document;
import org.jdom.Element;
import org.jdom.JDOMException;
import org.jdom.output.Format;
import org.jdom.output.XMLOutputter;

/* JADX WARN: Classes with same name are omitted:
  input_file:com/google/step2/xmlsimplesign/Signer.class
 */
/* loaded from: input_file:step2-common-1.0.0-wso2v1.jar:com/google/step2/xmlsimplesign/Signer.class */
public class Signer {
    private byte[] document;
    private PrivateKey privateKey;
    private X509Certificate signingCert;
    private List<X509Certificate> certificateChain = new ArrayList();
    private String signatureFilePrefix;

    public Signer setDocument(byte[] bArr) {
        this.document = bArr;
        return this;
    }

    public Signer setSigningKey(X509Certificate x509Certificate, PrivateKey privateKey) {
        this.signingCert = x509Certificate;
        this.privateKey = privateKey;
        return this;
    }

    public Signer setSignatureFilePrefix(String str) {
        this.signatureFilePrefix = str;
        return this;
    }

    public Signer addIntermediateCert(X509Certificate x509Certificate) {
        this.certificateChain.add(x509Certificate);
        return this;
    }

    public SignatureResult sign() throws XmlSimpleSignException {
        Preconditions.checkNotNull(this.document);
        Preconditions.checkNotNull(this.signingCert);
        Preconditions.checkNotNull(this.certificateChain);
        try {
            String str = this.signatureFilePrefix == null ? null : this.signatureFilePrefix + RandUtil.getRandomString(8);
            Document jdomDocument = XmlUtil.getJdomDocument(new ByteArrayInputStream(this.document));
            jdomDocument.getRootElement().addContent(0, createSignatureElement(str));
            XMLOutputter xMLOutputter = new XMLOutputter();
            xMLOutputter.setFormat(Format.getPrettyFormat());
            byte[] utf8Bytes = EncodingUtil.getUtf8Bytes(xMLOutputter.outputString(jdomDocument));
            return new SignatureResult(utf8Bytes, str, signDoc(utf8Bytes));
        } catch (JDOMException e) {
            throw new XmlSimpleSignException("Can't parse input XML", (Throwable) e);
        } catch (IOException e2) {
            throw new XmlSimpleSignException("Can't parse input XML", e2);
        } catch (GeneralSecurityException e3) {
            throw new XmlSimpleSignException("Can't sign document", e3);
        }
    }

    private Element createSignatureElement(String str) throws GeneralSecurityException {
        Element element = new Element(Constants.SIGNATURE_ELEMENT, Constants.XML_DSIG_NS);
        Element dsigElement = dsigElement(Constants.SIGNED_INFO_ELEMENT);
        Element dsigElement2 = dsigElement(Constants.CANONICALIZATION_METHOD_ELEMENT);
        dsigElement2.setAttribute(Constants.ALGORITHM_ATTRIBUTE, Constants.CANONICALIZE_RAW_OCTETS);
        Element dsigElement3 = dsigElement(Constants.SIGNATURE_METHOD_ELEMENT);
        dsigElement3.setAttribute(Constants.ALGORITHM_ATTRIBUTE, Constants.RSA_SHA1_ALGORITHM);
        Element element2 = null;
        if (str != null) {
            element2 = simpleSigElement(Constants.SIGNATURE_LOCATION_ELEMENT);
            element2.setText(str);
        }
        Element dsigElement4 = dsigElement(Constants.KEY_INFO_ELEMENT);
        Element dsigElement5 = dsigElement(Constants.X509_DATA_ELEMENT);
        dsigElement5.addContent(certificateElement(this.signingCert));
        Iterator<X509Certificate> it = this.certificateChain.iterator();
        while (it.hasNext()) {
            dsigElement5.addContent(certificateElement(it.next()));
        }
        element.addContent(dsigElement);
        dsigElement.addContent(dsigElement2);
        dsigElement.addContent(dsigElement3);
        if (element2 != null) {
            element.addContent(element2);
        }
        element.addContent(dsigElement4);
        dsigElement4.addContent(dsigElement5);
        return element;
    }

    private Element certificateElement(X509Certificate x509Certificate) throws GeneralSecurityException {
        Element dsigElement = dsigElement(Constants.X509_CERTIFICATE);
        dsigElement.setText(getCertAsString(x509Certificate));
        return dsigElement;
    }

    private String getCertAsString(X509Certificate x509Certificate) throws GeneralSecurityException {
        return EncodingUtil.encodeBase64(x509Certificate.getEncoded());
    }

    private String signDoc(byte[] bArr) throws GeneralSecurityException {
        Signature signature = Signature.getInstance("SHA1withRSA");
        signature.initSign(this.privateKey);
        signature.update(bArr);
        return EncodingUtil.encodeBase64(signature.sign());
    }

    private Element dsigElement(String str) {
        return new Element(str, Constants.XML_DSIG_NS);
    }

    private Element simpleSigElement(String str) {
        return new Element(str, Constants.SIMPLE_SIGN_NS);
    }
}
