package com.ibm.etools.xss4j.dsig;

import com.ibm.etools.xss4j.XMLSecuritySuitePlugin;
import com.ibm.xml.dsig.KeyInfo;
import com.ibm.xml.dsig.ResourceShower;
import com.ibm.xml.dsig.SignatureContext;
import com.ibm.xml.dsig.Validity;
import com.ibm.xml.dsig.XSignature;
import com.ibm.xml.dsig.util.AdHocIDResolver;
import java.io.FileOutputStream;
import java.io.IOException;
import java.security.Key;
import java.security.PublicKey;
import java.security.cert.CertificateException;
import java.security.cert.X509CRL;
import java.security.cert.X509CRLEntry;
import java.security.cert.X509Certificate;
import java.util.Set;
import java.util.Vector;
import javax.xml.parsers.DocumentBuilderFactory;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.NodeList;
import org.xml.sax.InputSource;

/* loaded from: input_file:runtime/xmlss.jar:com/ibm/etools/xss4j/dsig/ValidateSignature.class */
public class ValidateSignature {
    boolean validOk;
    protected static final String NL = System.getProperties().getProperty("line.separator");
    Validity validity;
    static Class class$com$ibm$etools$xss4j$XMLSecuritySuitePlugin;
    Vector status = new Vector();
    String summary = "";

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:runtime/xmlss.jar:com/ibm/etools/xss4j/dsig/ValidateSignature$ShowerImpl.class */
    public static class ShowerImpl implements ResourceShower {
        int number;
        String name;

        ShowerImpl(int i, String str) {
            this.number = i;
            this.name = str;
        }

        @Override // com.ibm.xml.dsig.ResourceShower
        public void showSignedResource(Element element, int i, String str, String str2, byte[] bArr, String str3) {
            if (this.number == i) {
                try {
                    FileOutputStream fileOutputStream = new FileOutputStream(this.name);
                    fileOutputStream.write(bArr);
                    fileOutputStream.close();
                } catch (IOException e) {
                    e.printStackTrace();
                }
            }
        }
    }

    public ValidateSignature(String str) {
        Class cls;
        ClassLoader contextClassLoader = Thread.currentThread().getContextClassLoader();
        Thread currentThread = Thread.currentThread();
        if (class$com$ibm$etools$xss4j$XMLSecuritySuitePlugin == null) {
            cls = class$("com.ibm.etools.xss4j.XMLSecuritySuitePlugin");
            class$com$ibm$etools$xss4j$XMLSecuritySuitePlugin = cls;
        } else {
            cls = class$com$ibm$etools$xss4j$XMLSecuritySuitePlugin;
        }
        currentThread.setContextClassLoader(cls.getClassLoader());
        try {
            DocumentBuilderFactory newInstance = DocumentBuilderFactory.newInstance();
            newInstance.setNamespaceAware(true);
            newInstance.setExpandEntityReferences(true);
            newInstance.setAttribute("http://apache.org/xml/features/validation/dynamic", Boolean.TRUE);
            process(newInstance.newDocumentBuilder().parse(new InputSource(str)));
        } catch (Exception e) {
        }
        Thread.currentThread().setContextClassLoader(contextClassLoader);
    }

    public Vector getStatus() {
        return this.status;
    }

    public String getSummary() {
        return this.summary;
    }

    public boolean isValid() {
        return this.validOk;
    }

    public Validity getValidity() {
        return this.validity;
    }

    private void processValidity() {
        if (this.validity.getNumberOfReferences() != 1 || this.validity.getReferenceValidity(0)) {
            return;
        }
        this.summary = this.validity.getReferenceMessage(0);
        this.status.add(0, new StringBuffer().append(XMLSecuritySuitePlugin.instance().getString("_UI_LABEL_REF_URI")).append(" ").append(this.validity.getReferenceURI(0)).toString());
        this.status.add(1, new StringBuffer().append(XMLSecuritySuitePlugin.instance().getString("_UI_LABEL_MSG")).append(" ").append(this.summary).toString());
        this.status.add(2, " ");
        this.validOk = false;
    }

    private void process(Document document) {
        try {
            NodeList elementsByTagNameNS = document.getElementsByTagNameNS(XSignature.XMLDSIG_NAMESPACE, "Signature");
            if (elementsByTagNameNS.getLength() == 0) {
                this.status.add(XMLSecuritySuitePlugin.instance().getString("_MSG_SIG_ELEMENT_IS_ROOT"));
                this.summary = XMLSecuritySuitePlugin.instance().getString("_MSG_NO_SIG_ELEMENT");
                this.validOk = false;
                return;
            }
            Element element = (Element) elementsByTagNameNS.item(0);
            SignatureContext signatureContext = new SignatureContext();
            signatureContext.setIDResolver(new AdHocIDResolver(document));
            signatureContext.setResourceShower(-1 < 0 ? null : new ShowerImpl(-1, null));
            this.validity = 0 != 0 ? verify(signatureContext, element, (Key) null) : verify(signatureContext, element, KeyInfo.searchForKeyInfo(element));
            this.validOk = this.validity.getSignedInfoValidity();
            if (this.validOk) {
                processValidity();
            } else {
                this.summary = this.validity.getSignedInfoMessage();
            }
        } catch (Exception e) {
            e.printStackTrace();
        }
    }

    Validity verify(SignatureContext signatureContext, Element element, Key key) {
        long currentTimeMillis = System.currentTimeMillis();
        Validity verify = signatureContext.verify(element, key);
        this.status.add(new StringBuffer().append(XMLSecuritySuitePlugin.instance().getString("_UI_LABEL_TIME_TO_VERIFY")).append(" ").append(System.currentTimeMillis() - currentTimeMillis).append(" [msec]").toString());
        return verify;
    }

    Validity verify(SignatureContext signatureContext, Element element, Element element2) {
        if (element2 == null) {
            return null;
        }
        Key key = null;
        try {
            KeyInfo keyInfo = new KeyInfo(element2);
            Key keyValue = keyInfo.getKeyValue();
            if (keyValue != null && 0 == 0) {
                key = keyValue;
            }
            KeyInfo.X509Data[] x509Data = keyInfo.getX509Data();
            if (x509Data != null && x509Data.length > 0) {
                for (KeyInfo.X509Data x509Data2 : x509Data) {
                    Key printX509DataInfo = printX509DataInfo(x509Data2);
                    if (key == null) {
                        key = printX509DataInfo;
                    }
                }
            }
            Element[] retrievalMethods = keyInfo.getRetrievalMethods();
            if (retrievalMethods != null && retrievalMethods.length > 0) {
                for (int i = 0; i < retrievalMethods.length; i++) {
                    if (retrievalMethods[i].getAttribute("Type").equals(KeyInfo.X509DATA)) {
                        try {
                            Key printX509DataInfo2 = printX509DataInfo((KeyInfo.X509Data) signatureContext.retrieve(retrievalMethods[i]));
                            if (key == null) {
                                key = printX509DataInfo2;
                            }
                        } catch (Exception e) {
                            e.printStackTrace();
                        }
                    }
                }
            }
            return verify(signatureContext, element, key);
        } catch (Exception e2) {
            e2.printStackTrace();
            return null;
        }
    }

    Key printX509DataInfo(KeyInfo.X509Data x509Data) {
        PublicKey publicKey = null;
        X509CRL crl = x509Data.getCRL();
        if (crl != null) {
            System.err.println("CRL Information:");
            System.err.println(new StringBuffer().append("\tVersion: ").append(crl.getVersion()).toString());
            System.err.println(new StringBuffer().append("\tIssuer: ").append(crl.getIssuerDN()).toString());
            System.err.println(new StringBuffer().append("\tUpdated: ").append(crl.getThisUpdate()).toString());
            System.err.println(new StringBuffer().append("\tNext update: ").append(crl.getNextUpdate()).toString());
            Set<? extends X509CRLEntry> revokedCertificates = crl.getRevokedCertificates();
            System.err.println(new StringBuffer().append("\tNumber of revoked certs: ").append(revokedCertificates != null ? revokedCertificates.size() : 0).toString());
        }
        X509Certificate[] certificates = x509Data.getCertificates();
        if (certificates == null || certificates.length <= 0) {
            this.status.add(XMLSecuritySuitePlugin.instance().getString("_MSG_NO_CERTIFICATES"));
            return null;
        }
        for (X509Certificate x509Certificate : certificates) {
            boolean z = false;
            this.status.add(XMLSecuritySuitePlugin.instance().getString("_UI_LABEL_CERT_INFO"));
            this.status.add(new StringBuffer().append(XMLSecuritySuitePlugin.instance().getString("_UI_LABEL_VERSION")).append(" ").append(x509Certificate.getVersion()).toString());
            String string = XMLSecuritySuitePlugin.instance().getString("_UI_VALIDITY_STATUS_LABEL_OK");
            try {
                x509Certificate.checkValidity();
            } catch (CertificateException e) {
                string = e.getMessage();
            }
            this.status.add(new StringBuffer().append("  ").append(XMLSecuritySuitePlugin.instance().getString("_UI_LABEL_VALIDITY")).append(" ").append(string).toString());
            this.status.add(new StringBuffer().append("  SubjectDN: ").append(x509Certificate.getSubjectDN()).toString());
            this.status.add(new StringBuffer().append("  IssuerDN: ").append(x509Certificate.getIssuerDN()).toString());
            this.status.add(new StringBuffer().append("  Serial#: 0x").append(x509Certificate.getSerialNumber().toString(16)).toString());
            if (crl != null && crl.getIssuerDN().equals(x509Certificate.getIssuerDN()) && crl.getRevokedCertificate(x509Certificate.getSerialNumber()) != null) {
                this.status.add(new StringBuffer().append("   ").append(XMLSecuritySuitePlugin.instance().getString("_MSG_CERT_REVOKED")).append("   ").toString());
                z = true;
            }
            if (!z && publicKey == null) {
                publicKey = x509Certificate.getPublicKey();
            }
        }
        return publicKey;
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }
}
