package com.mulesoft.modules.cryptography.internal.xml.impl;

import com.mulesoft.modules.cryptography.api.jce.config.JceAsymmetricKeyInfo;
import com.mulesoft.modules.cryptography.api.xml.config.XmlCanonicalizationAlgorithm;
import com.mulesoft.modules.cryptography.api.xml.config.XmlEncryptionAlgorithm;
import com.mulesoft.modules.cryptography.api.xml.config.XmlSignDigestAlgorithm;
import com.mulesoft.modules.cryptography.api.xml.config.XmlSignatureType;
import com.mulesoft.modules.cryptography.internal.errors.CryptoErrors;
import com.mulesoft.modules.cryptography.internal.jce.config.JceConfiguration;
import com.mulesoft.modules.cryptography.internal.xml.XMLUtils;
import com.mulesoft.modules.cryptography.internal.xml.config.XmlSignEncryptionAlgorithm;
import com.mulesoft.modules.cryptography.internal.xml.reference.SignatureContextProvider;
import java.io.ByteArrayInputStream;
import java.io.InputStream;
import java.security.Key;
import java.security.KeyStore;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import javax.xml.crypto.dsig.Reference;
import javax.xml.crypto.dsig.SignedInfo;
import javax.xml.crypto.dsig.XMLSignature;
import javax.xml.crypto.dsig.dom.DOMSignContext;
import javax.xml.crypto.dsig.dom.DOMValidateContext;
import javax.xml.crypto.dsig.keyinfo.KeyInfo;
import javax.xml.crypto.dsig.keyinfo.KeyInfoFactory;
import javax.xml.crypto.dsig.spec.C14NMethodParameterSpec;
import javax.xml.crypto.dsig.spec.SignatureMethodParameterSpec;
import org.mule.runtime.api.i18n.I18nMessageFactory;
import org.mule.runtime.core.api.util.IOUtils;
import org.mule.runtime.core.api.util.StringUtils;
import org.mule.runtime.extension.api.exception.ModuleException;
import org.w3c.dom.Document;
import org.w3c.dom.NodeList;

/* loaded from: input_file:com/mulesoft/modules/cryptography/internal/xml/impl/XmlAsymmetricKeyImpl.class */
public class XmlAsymmetricKeyImpl extends XmlKeyImpl {
    private final JceConfiguration config;
    private final JceAsymmetricKeyInfo keyInfo;

    public XmlAsymmetricKeyImpl(JceConfiguration jceConfiguration, JceAsymmetricKeyInfo jceAsymmetricKeyInfo) {
        this.config = jceConfiguration;
        this.keyInfo = jceAsymmetricKeyInfo;
    }

    @Override // com.mulesoft.modules.cryptography.internal.xml.impl.XmlKeyImpl
    public InputStream encrypt(InputStream inputStream, XmlEncryptionAlgorithm xmlEncryptionAlgorithm, String str) {
        throw new ModuleException(I18nMessageFactory.createStaticMessage("Not yet implemented"), CryptoErrors.PARAMETERS);
    }

    @Override // com.mulesoft.modules.cryptography.internal.xml.impl.XmlKeyImpl
    public InputStream decrypt(InputStream inputStream) {
        throw new ModuleException(I18nMessageFactory.createStaticMessage("Not yet implemented"), CryptoErrors.PARAMETERS);
    }

    @Override // com.mulesoft.modules.cryptography.internal.xml.impl.XmlKeyImpl
    public InputStream sign(InputStream inputStream, XmlSignDigestAlgorithm xmlSignDigestAlgorithm, XmlCanonicalizationAlgorithm xmlCanonicalizationAlgorithm, XmlSignatureType xmlSignatureType, String str) {
        Document documentBasedOnThe = XMLUtils.documentBasedOnThe(IOUtils.toByteArray(inputStream));
        SignatureContextProvider createContextFor = SignatureContextProvider.createContextFor(xmlSignatureType, xmlSignDigestAlgorithm, documentBasedOnThe, str);
        try {
            Reference reference = createContextFor.getReference();
            Key privateKey = this.keyInfo.getPrivateKey(this.config.getKeystore());
            XMLSignature newXMLSignature = fac.newXMLSignature(getSignedInfo(reference, xmlCanonicalizationAlgorithm, privateKey), getKeyInfo((KeyStore.PrivateKeyEntry) this.keyInfo.getEntry(this.config.getKeystore())), createContextFor.getReferencedObjects(), (String) null, (String) null);
            DOMSignContext dOMSignContext = new DOMSignContext(privateKey, createContextFor.getSignatureParentNode());
            dOMSignContext.setDefaultNamespacePrefix("dsig");
            newXMLSignature.sign(dOMSignContext);
            return new ByteArrayInputStream(XMLUtils.createXmlUsing(documentBasedOnThe));
        } catch (ModuleException e) {
            throw e;
        } catch (Exception e2) {
            throw new ModuleException(I18nMessageFactory.createStaticMessage("Could not sign document"), CryptoErrors.SIGNATURE, e2);
        }
    }

    @Override // com.mulesoft.modules.cryptography.internal.xml.impl.XmlKeyImpl
    public boolean validate(InputStream inputStream, String str) {
        try {
            Document documentBasedOnThe = XMLUtils.documentBasedOnThe(IOUtils.toByteArray(inputStream));
            NodeList elementsByTagNameNS = documentBasedOnThe.getElementsByTagNameNS("http://www.w3.org/2000/09/xmldsig#", "Signature");
            if (elementsByTagNameNS.getLength() == 0) {
                throw new IllegalStateException("Could not find Signature element");
            }
            if (elementsByTagNameNS.getLength() > 1) {
                throw new IllegalStateException(XMLUtils.MORE_THAN_ONE_SIGNATURE_FOUND);
            }
            if (!StringUtils.isBlank(str)) {
                XMLUtils.validateXpathInDocument(documentBasedOnThe, str).setIdAttribute("id", true);
            }
            DOMValidateContext dOMValidateContext = new DOMValidateContext(this.keyInfo.getPublicKey(this.config.getKeystore()), elementsByTagNameNS.item(0));
            return fac.unmarshalXMLSignature(dOMValidateContext).validate(dOMValidateContext);
        } catch (Exception e) {
            throw new ModuleException(I18nMessageFactory.createStaticMessage("Could not validate signature"), CryptoErrors.VALIDATION, e);
        } catch (ModuleException e2) {
            throw e2;
        }
    }

    private SignedInfo getSignedInfo(Reference reference, XmlCanonicalizationAlgorithm xmlCanonicalizationAlgorithm, Key key) throws Exception {
        String algorithm;
        if (key.getAlgorithm().toUpperCase().equals("RSA")) {
            algorithm = XmlSignEncryptionAlgorithm.RSA_SHA1.getAlgorithm();
        } else {
            if (!key.getAlgorithm().toUpperCase().equals("DSA")) {
                throw new ModuleException(I18nMessageFactory.createStaticMessage("Supported keys are RSA and DSA, but found " + key.getAlgorithm()), CryptoErrors.PARAMETERS);
            }
            algorithm = XmlSignEncryptionAlgorithm.DSA_SHA1.getAlgorithm();
        }
        return fac.newSignedInfo(fac.newCanonicalizationMethod(xmlCanonicalizationAlgorithm.getAlgorithm(), (C14NMethodParameterSpec) null), fac.newSignatureMethod(algorithm, (SignatureMethodParameterSpec) null), Collections.singletonList(reference));
    }

    public KeyInfo getKeyInfo(KeyStore.PrivateKeyEntry privateKeyEntry) {
        X509Certificate x509Certificate = (X509Certificate) privateKeyEntry.getCertificate();
        KeyInfoFactory keyInfoFactory = fac.getKeyInfoFactory();
        ArrayList arrayList = new ArrayList();
        arrayList.add(x509Certificate.getSubjectX500Principal().getName());
        arrayList.add(x509Certificate);
        return keyInfoFactory.newKeyInfo(Collections.singletonList(keyInfoFactory.newX509Data(arrayList)));
    }
}
