package es.gob.afirma.signature;

import es.gob.afirma.signature.SignValidity;
import es.gob.afirma.signers.xml.XMLConstants;
import java.io.ByteArrayInputStream;
import java.security.Key;
import java.security.KeyException;
import java.security.Provider;
import java.security.PublicKey;
import java.util.List;
import javax.xml.crypto.AlgorithmMethod;
import javax.xml.crypto.KeySelector;
import javax.xml.crypto.KeySelectorException;
import javax.xml.crypto.KeySelectorResult;
import javax.xml.crypto.XMLCryptoContext;
import javax.xml.crypto.XMLStructure;
import javax.xml.crypto.dsig.SignatureMethod;
import javax.xml.crypto.dsig.XMLSignatureFactory;
import javax.xml.crypto.dsig.dom.DOMValidateContext;
import javax.xml.crypto.dsig.keyinfo.KeyInfo;
import javax.xml.crypto.dsig.keyinfo.KeyValue;
import javax.xml.parsers.DocumentBuilderFactory;
import org.w3c.dom.NodeList;

/* loaded from: input_file:es/gob/afirma/signature/ValidateXMLSignature.class */
public final class ValidateXMLSignature {

    /* loaded from: input_file:es/gob/afirma/signature/ValidateXMLSignature$KeyValueKeySelector.class */
    static final class KeyValueKeySelector extends KeySelector {
        KeyValueKeySelector() {
        }

        public KeySelectorResult select(KeyInfo keyInfo, KeySelector.Purpose purpose, AlgorithmMethod algorithmMethod, XMLCryptoContext xMLCryptoContext) throws KeySelectorException {
            if (keyInfo == null) {
                throw new KeySelectorException("Objeto KeyInfo nulo");
            }
            List content = keyInfo.getContent();
            for (int i = 0; i < content.size(); i++) {
                KeyValue keyValue = (XMLStructure) content.get(i);
                if (keyValue instanceof KeyValue) {
                    try {
                        PublicKey publicKey = keyValue.getPublicKey();
                        if (algEquals(((SignatureMethod) algorithmMethod).getAlgorithm(), publicKey.getAlgorithm())) {
                            return new SimpleKeySelectorResult(publicKey);
                        }
                    } catch (KeyException e) {
                        throw new KeySelectorException(e);
                    }
                }
            }
            throw new KeySelectorException("No se ha encontrado el elemento KeyValue");
        }

        static boolean algEquals(String str, String str2) {
            if (str2.equalsIgnoreCase("DSA") && str.equalsIgnoreCase("http://www.w3.org/2000/09/xmldsig#dsa-sha1")) {
                return true;
            }
            return str2.equalsIgnoreCase("RSA") && str.equalsIgnoreCase("http://www.w3.org/2000/09/xmldsig#rsa-sha1");
        }
    }

    /* loaded from: input_file:es/gob/afirma/signature/ValidateXMLSignature$SimpleKeySelectorResult.class */
    private static final class SimpleKeySelectorResult implements KeySelectorResult {
        private final PublicKey pk;

        SimpleKeySelectorResult(PublicKey publicKey) {
            this.pk = publicKey;
        }

        public Key getKey() {
            return this.pk;
        }
    }

    private ValidateXMLSignature() {
    }

    public static SignValidity validate(byte[] bArr) {
        DocumentBuilderFactory newInstance = DocumentBuilderFactory.newInstance();
        newInstance.setNamespaceAware(true);
        try {
            NodeList elementsByTagNameNS = newInstance.newDocumentBuilder().parse(new ByteArrayInputStream(bArr)).getElementsByTagNameNS(XMLConstants.DSIGNNS, "Signature");
            if (elementsByTagNameNS.getLength() == 0) {
                return new SignValidity(SignValidity.SIGN_DETAIL_TYPE.KO, SignValidity.VALIDITY_ERROR.NO_SIGN);
            }
            try {
                XMLSignatureFactory xMLSignatureFactory = XMLSignatureFactory.getInstance("DOM", (Provider) Class.forName(System.getProperty("jsr105Provider", "org.jcp.xml.dsig.internal.dom.XMLDSigRI")).newInstance());
                DOMValidateContext dOMValidateContext = new DOMValidateContext(new KeyValueKeySelector(), elementsByTagNameNS.item(0));
                return xMLSignatureFactory.unmarshalXMLSignature(dOMValidateContext).validate(dOMValidateContext) ? new SignValidity(SignValidity.SIGN_DETAIL_TYPE.OK, null) : new SignValidity(SignValidity.SIGN_DETAIL_TYPE.KO, null);
            } catch (Exception e) {
                return new SignValidity(SignValidity.SIGN_DETAIL_TYPE.UNKNOWN, null);
            }
        } catch (Exception e2) {
            return new SignValidity(SignValidity.SIGN_DETAIL_TYPE.KO, SignValidity.VALIDITY_ERROR.CORRUPTED_SIGN);
        }
    }
}
