package org.apache.xml.security.stax.impl.processor.input;

import jakarta.xml.bind.JAXBElement;
import java.io.IOException;
import java.io.OutputStream;
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.spec.MGF1ParameterSpec;
import java.security.spec.PSSParameterSpec;
import java.util.ArrayDeque;
import java.util.Collections;
import java.util.Deque;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import javax.security.auth.DestroyFailedException;
import javax.security.auth.Destroyable;
import javax.xml.stream.XMLInputFactory;
import javax.xml.stream.XMLStreamException;
import javax.xml.stream.XMLStreamReader;
import org.apache.xml.security.algorithms.implementations.SignatureBaseRSA;
import org.apache.xml.security.binding.excc14n.InclusiveNamespaces;
import org.apache.xml.security.binding.xmldsig.CanonicalizationMethodType;
import org.apache.xml.security.binding.xmldsig.SignatureType;
import org.apache.xml.security.binding.xmldsig.SignedInfoType;
import org.apache.xml.security.binding.xmldsig.pss.RSAPSSParams;
import org.apache.xml.security.exceptions.XMLSecurityException;
import org.apache.xml.security.signature.XMLSignature;
import org.apache.xml.security.stax.ext.AbstractInputSecurityHeaderHandler;
import org.apache.xml.security.stax.ext.InboundSecurityContext;
import org.apache.xml.security.stax.ext.InputProcessorChain;
import org.apache.xml.security.stax.ext.Transformer;
import org.apache.xml.security.stax.ext.XMLSecurityConstants;
import org.apache.xml.security.stax.ext.XMLSecurityProperties;
import org.apache.xml.security.stax.ext.XMLSecurityUtils;
import org.apache.xml.security.stax.ext.stax.XMLSecEvent;
import org.apache.xml.security.stax.ext.stax.XMLSecEventFactory;
import org.apache.xml.security.stax.impl.algorithms.SignatureAlgorithm;
import org.apache.xml.security.stax.impl.algorithms.SignatureAlgorithmFactory;
import org.apache.xml.security.stax.impl.transformer.canonicalizer.Canonicalizer20010315_Excl;
import org.apache.xml.security.stax.impl.util.IDGenerator;
import org.apache.xml.security.stax.impl.util.SignerOutputStream;
import org.apache.xml.security.stax.securityToken.InboundSecurityToken;
import org.apache.xml.security.utils.UnsyncBufferedOutputStream;
import org.apache.xml.security.utils.UnsyncByteArrayInputStream;
import org.apache.xml.security.utils.UnsyncByteArrayOutputStream;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/xmlsec-3.0.4.jar:org/apache/xml/security/stax/impl/processor/input/AbstractSignatureInputHandler.class */
public abstract class AbstractSignatureInputHandler extends AbstractInputSecurityHeaderHandler {
    private static final transient Logger LOG = LoggerFactory.getLogger((Class<?>) AbstractSignatureInputHandler.class);
    private static final Set<String> C14N_ALGORITHMS;

    /* loaded from: input_file:WEB-INF/lib/xmlsec-3.0.4.jar:org/apache/xml/security/stax/impl/processor/input/AbstractSignatureInputHandler$SignatureVerifier.class */
    public abstract class SignatureVerifier {
        private final SignatureType signatureType;
        private final InboundSecurityToken inboundSecurityToken;
        private SignerOutputStream signerOutputStream;
        private OutputStream bufferedSignerOutputStream;
        private Transformer transformer;

        public SignatureVerifier(SignatureType signatureType, InboundSecurityContext inboundSecurityContext, XMLSecurityProperties xMLSecurityProperties) throws XMLSecurityException {
            this.signatureType = signatureType;
            InboundSecurityToken retrieveSecurityToken = retrieveSecurityToken(signatureType, xMLSecurityProperties, inboundSecurityContext);
            this.inboundSecurityToken = retrieveSecurityToken;
            createSignatureAlgorithm(retrieveSecurityToken, signatureType);
        }

        protected abstract InboundSecurityToken retrieveSecurityToken(SignatureType signatureType, XMLSecurityProperties xMLSecurityProperties, InboundSecurityContext inboundSecurityContext) throws XMLSecurityException;

        public InboundSecurityToken getInboundSecurityToken() {
            return this.inboundSecurityToken;
        }

        protected void createSignatureAlgorithm(InboundSecurityToken inboundSecurityToken, SignatureType signatureType) throws XMLSecurityException {
            Key secretKey;
            String algorithm = signatureType.getSignedInfo().getSignatureMethod().getAlgorithm();
            if (inboundSecurityToken.isAsymmetric()) {
                secretKey = inboundSecurityToken.getPublicKey(algorithm, XMLSecurityConstants.Asym_Sig, signatureType.getId());
            } else {
                secretKey = inboundSecurityToken.getSecretKey(algorithm, XMLSecurityConstants.Sym_Sig, signatureType.getId());
                if (secretKey != null) {
                    secretKey = XMLSecurityUtils.prepareSecretKey(algorithm, secretKey.getEncoded());
                }
            }
            if (secretKey == null) {
                throw new XMLSecurityException("KeyInfo.nokey", new Object[]{"the inbound security token"});
            }
            try {
                SignatureAlgorithm signatureAlgorithm = SignatureAlgorithmFactory.getInstance().getSignatureAlgorithm(algorithm);
                if (XMLSignature.ALGO_ID_SIGNATURE_RSA_PSS.equals(algorithm)) {
                    signatureAlgorithm.engineSetParameter(rsaPSSParameterSpec(signatureType));
                }
                signatureAlgorithm.engineInitVerify(secretKey);
                this.signerOutputStream = new SignerOutputStream(signatureAlgorithm);
                this.bufferedSignerOutputStream = new UnsyncBufferedOutputStream(this.signerOutputStream);
                CanonicalizationMethodType canonicalizationMethod = signatureType.getSignedInfo().getCanonicalizationMethod();
                InclusiveNamespaces inclusiveNamespaces = (InclusiveNamespaces) XMLSecurityUtils.getQNameType(canonicalizationMethod.getContent(), XMLSecurityConstants.TAG_c14nExcl_InclusiveNamespaces);
                HashMap hashMap = null;
                if (inclusiveNamespaces != null) {
                    hashMap = new HashMap();
                    hashMap.put(Canonicalizer20010315_Excl.INCLUSIVE_NAMESPACES_PREFIX_LIST, inclusiveNamespaces.getPrefixList());
                }
                this.transformer = XMLSecurityUtils.getTransformer(null, this.bufferedSignerOutputStream, hashMap, canonicalizationMethod.getAlgorithm(), XMLSecurityConstants.DIRECTION.IN);
                if (secretKey instanceof Destroyable) {
                    try {
                        ((Destroyable) secretKey).destroy();
                    } catch (DestroyFailedException e) {
                        AbstractSignatureInputHandler.LOG.debug("Error destroying key: {}", e.getMessage());
                    }
                }
            } catch (NoSuchAlgorithmException | NoSuchProviderException e2) {
                throw new XMLSecurityException(e2);
            }
        }

        private PSSParameterSpec rsaPSSParameterSpec(SignatureType signatureType) throws XMLSecurityException {
            RSAPSSParams rSAPSSParams = null;
            Iterator<Object> it = signatureType.getSignedInfo().getSignatureMethod().getContent().iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                Object next = it.next();
                if (next instanceof RSAPSSParams) {
                    rSAPSSParams = (RSAPSSParams) next;
                    break;
                }
            }
            if (rSAPSSParams == null) {
                throw new XMLSecurityException("algorithms.MissingRSAPSSParams");
            }
            String xmlDigestAlgorithm = rSAPSSParams.getDigestMethod() == null ? SignatureBaseRSA.SignatureRSASSAPSS.DigestAlgorithm.SHA256.getXmlDigestAlgorithm() : rSAPSSParams.getDigestMethod().getAlgorithm();
            String xmlDigestAlgorithm2 = rSAPSSParams.getMaskGenerationFunction() == null ? SignatureBaseRSA.SignatureRSASSAPSS.DigestAlgorithm.SHA256.getXmlDigestAlgorithm() : rSAPSSParams.getMaskGenerationFunction().getDigestMethod().getAlgorithm();
            SignatureBaseRSA.SignatureRSASSAPSS.DigestAlgorithm fromXmlDigestAlgorithm = SignatureBaseRSA.SignatureRSASSAPSS.DigestAlgorithm.fromXmlDigestAlgorithm(xmlDigestAlgorithm);
            return new PSSParameterSpec(fromXmlDigestAlgorithm.getDigestAlgorithm(), "MGF1", new MGF1ParameterSpec(SignatureBaseRSA.SignatureRSASSAPSS.DigestAlgorithm.fromXmlDigestAlgorithm(xmlDigestAlgorithm2).getDigestAlgorithm()), rSAPSSParams.getSaltLength() == null ? fromXmlDigestAlgorithm.getSaltLength() : rSAPSSParams.getSaltLength().intValue(), rSAPSSParams.getTrailerField() == null ? 1 : rSAPSSParams.getTrailerField().intValue());
        }

        protected void processEvent(XMLSecEvent xMLSecEvent) throws XMLStreamException {
            this.transformer.transform(xMLSecEvent);
        }

        protected void doFinal() throws XMLSecurityException {
            try {
                this.transformer.doFinal();
                this.bufferedSignerOutputStream.close();
                if (!this.signerOutputStream.verify(this.signatureType.getSignatureValue().getValue())) {
                    throw new XMLSecurityException("errorMessages.InvalidSignatureValueException");
                }
            } catch (IOException | XMLStreamException e) {
                throw new XMLSecurityException(e);
            }
        }
    }

    @Override // org.apache.xml.security.stax.ext.XMLSecurityHeaderHandler
    public void handle(InputProcessorChain inputProcessorChain, XMLSecurityProperties xMLSecurityProperties, Deque<XMLSecEvent> deque, Integer num) throws XMLSecurityException {
        SignatureType signatureType = (SignatureType) ((JAXBElement) parseStructure(deque, num.intValue(), xMLSecurityProperties)).getValue();
        if (signatureType.getSignedInfo() == null) {
            throw new XMLSecurityException("stax.signature.signedInfoMissing");
        }
        if (signatureType.getSignedInfo().getSignatureMethod() == null) {
            throw new XMLSecurityException("stax.signature.signatureMethodMissing");
        }
        if (signatureType.getSignedInfo().getCanonicalizationMethod() == null) {
            throw new XMLSecurityException("stax.signature.canonicalizationMethodMissing");
        }
        if (signatureType.getSignatureValue() == null) {
            throw new XMLSecurityException("stax.signature.signatureValueMissing");
        }
        if (signatureType.getId() == null) {
            signatureType.setId(IDGenerator.generateID(null));
        }
        addSignatureReferenceInputProcessorToChain(inputProcessorChain, xMLSecurityProperties, signatureType, verifySignedInfo(inputProcessorChain, xMLSecurityProperties, signatureType, deque, num.intValue()));
    }

    protected abstract void addSignatureReferenceInputProcessorToChain(InputProcessorChain inputProcessorChain, XMLSecurityProperties xMLSecurityProperties, SignatureType signatureType, InboundSecurityToken inboundSecurityToken) throws XMLSecurityException;

    protected InboundSecurityToken verifySignedInfo(InputProcessorChain inputProcessorChain, XMLSecurityProperties xMLSecurityProperties, SignatureType signatureType, Deque<XMLSecEvent> deque, int i) throws XMLSecurityException {
        Iterator<XMLSecEvent> descendingIterator;
        String algorithm = signatureType.getSignedInfo().getCanonicalizationMethod().getAlgorithm();
        if (algorithm == null || !C14N_ALGORITHMS.contains(algorithm)) {
            descendingIterator = reparseSignedInfo(inputProcessorChain, xMLSecurityProperties, signatureType, deque, i).descendingIterator();
        } else {
            descendingIterator = deque.descendingIterator();
            for (int i2 = 0; i2 < i; i2++) {
                descendingIterator.next();
            }
        }
        SignatureVerifier newSignatureVerifier = newSignatureVerifier(inputProcessorChain, xMLSecurityProperties, signatureType);
        while (true) {
            try {
                if (!descendingIterator.hasNext()) {
                    break;
                }
                XMLSecEvent next = descendingIterator.next();
                if (1 == next.getEventType() && next.mo3216asStartElement().getName().equals(XMLSecurityConstants.TAG_dsig_SignedInfo)) {
                    newSignatureVerifier.processEvent(next);
                    break;
                }
            } catch (XMLStreamException e) {
                throw new XMLSecurityException((Exception) e);
            }
        }
        while (descendingIterator.hasNext()) {
            XMLSecEvent next2 = descendingIterator.next();
            newSignatureVerifier.processEvent(next2);
            if (2 == next2.getEventType() && next2.mo3215asEndElement().getName().equals(XMLSecurityConstants.TAG_dsig_SignedInfo)) {
                break;
            }
        }
        newSignatureVerifier.doFinal();
        return newSignatureVerifier.getInboundSecurityToken();
    }

    /* JADX WARN: Failed to calculate best type for var: r13v1 ??
    java.lang.NullPointerException
     */
    /* JADX WARN: Failed to calculate best type for var: r14v0 ??
    java.lang.NullPointerException
     */
    /* JADX WARN: Multi-variable type inference failed. Error: java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.RegisterArg.getSVar()" because the return value of "jadx.core.dex.nodes.InsnNode.getResult()" is null
    	at jadx.core.dex.visitors.typeinference.AbstractTypeConstraint.collectRelatedVars(AbstractTypeConstraint.java:31)
    	at jadx.core.dex.visitors.typeinference.AbstractTypeConstraint.<init>(AbstractTypeConstraint.java:19)
    	at jadx.core.dex.visitors.typeinference.TypeSearch$1.<init>(TypeSearch.java:376)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.makeMoveConstraint(TypeSearch.java:376)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.makeConstraint(TypeSearch.java:361)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.collectConstraints(TypeSearch.java:341)
    	at java.base/java.util.ArrayList.forEach(ArrayList.java:1596)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.run(TypeSearch.java:60)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.runMultiVariableSearch(FixTypesVisitor.java:116)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.visit(FixTypesVisitor.java:91)
     */
    /* JADX WARN: Not initialized variable reg: 13, insn: 0x017b: MOVE (r1 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r13 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]), block:B:60:0x017b */
    /* JADX WARN: Not initialized variable reg: 14, insn: 0x0179: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r14 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) A[TRY_LEAVE], block:B:59:0x0179 */
    /* JADX WARN: Type inference failed for: r13v1, types: [java.lang.AutoCloseable] */
    /* JADX WARN: Type inference failed for: r14v0, types: [java.lang.Throwable] */
    protected Deque<XMLSecEvent> reparseSignedInfo(InputProcessorChain inputProcessorChain, XMLSecurityProperties xMLSecurityProperties, SignatureType signatureType, Deque<XMLSecEvent> deque, int i) throws XMLSecurityException {
        ?? r14;
        ?? r13;
        ArrayDeque arrayDeque = new ArrayDeque();
        try {
            try {
                UnsyncByteArrayOutputStream unsyncByteArrayOutputStream = new UnsyncByteArrayOutputStream();
                Transformer transformer = XMLSecurityUtils.getTransformer(null, unsyncByteArrayOutputStream, null, signatureType.getSignedInfo().getCanonicalizationMethod().getAlgorithm(), XMLSecurityConstants.DIRECTION.IN);
                Iterator<XMLSecEvent> descendingIterator = deque.descendingIterator();
                for (int i2 = 0; i2 < i; i2++) {
                    descendingIterator.next();
                }
                while (true) {
                    if (!descendingIterator.hasNext()) {
                        break;
                    }
                    XMLSecEvent next = descendingIterator.next();
                    if (1 == next.getEventType() && next.mo3216asStartElement().getName().equals(XMLSecurityConstants.TAG_dsig_SignedInfo)) {
                        transformer.transform(next);
                        break;
                    }
                }
                while (descendingIterator.hasNext()) {
                    XMLSecEvent next2 = descendingIterator.next();
                    transformer.transform(next2);
                    if (2 == next2.getEventType() && next2.mo3215asEndElement().getName().equals(XMLSecurityConstants.TAG_dsig_SignedInfo)) {
                        break;
                    }
                }
                transformer.doFinal();
                UnsyncByteArrayInputStream unsyncByteArrayInputStream = new UnsyncByteArrayInputStream(unsyncByteArrayOutputStream.toByteArray());
                try {
                    XMLStreamReader createXMLStreamReader = ((XMLInputFactory) inputProcessorChain.getSecurityContext().get(XMLSecurityConstants.XMLINPUTFACTORY)).createXMLStreamReader(unsyncByteArrayInputStream);
                    while (createXMLStreamReader.hasNext()) {
                        arrayDeque.push(XMLSecEventFactory.allocate(createXMLStreamReader, null));
                        createXMLStreamReader.next();
                    }
                    signatureType.setSignedInfo((SignedInfoType) ((JAXBElement) parseStructure(arrayDeque, 0, xMLSecurityProperties)).getValue());
                    $closeResource(null, unsyncByteArrayInputStream);
                    $closeResource(null, unsyncByteArrayOutputStream);
                    return arrayDeque;
                } catch (Throwable th) {
                    $closeResource(null, unsyncByteArrayInputStream);
                    throw th;
                }
            } catch (Throwable th2) {
                $closeResource(r14, r13);
                throw th2;
            }
        } catch (XMLStreamException | IOException e) {
            throw new XMLSecurityException((Exception) e);
        }
    }

    protected abstract SignatureVerifier newSignatureVerifier(InputProcessorChain inputProcessorChain, XMLSecurityProperties xMLSecurityProperties, SignatureType signatureType) throws XMLSecurityException;

    private static /* synthetic */ void $closeResource(Throwable th, AutoCloseable autoCloseable) {
        if (th == null) {
            autoCloseable.close();
            return;
        }
        try {
            autoCloseable.close();
        } catch (Throwable th2) {
            th.addSuppressed(th2);
        }
    }

    static {
        HashSet hashSet = new HashSet();
        hashSet.add("http://www.w3.org/TR/2001/REC-xml-c14n-20010315");
        hashSet.add("http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments");
        hashSet.add("http://www.w3.org/2001/10/xml-exc-c14n#");
        hashSet.add("http://www.w3.org/2001/10/xml-exc-c14n#WithComments");
        hashSet.add("http://www.w3.org/2006/12/xml-c14n11");
        hashSet.add("http://www.w3.org/2006/12/xml-c14n11#WithComments");
        C14N_ALGORITHMS = Collections.unmodifiableSet(hashSet);
    }
}
