package br.com.fiorilli.issweb.util.assinatura;

import br.com.fiorilli.util.exception.FiorilliException;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.security.Principal;
import java.security.Provider;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.xml.crypto.MarshalException;
import javax.xml.crypto.dom.DOMStructure;
import javax.xml.crypto.dsig.XMLSignature;
import javax.xml.crypto.dsig.XMLSignatureException;
import javax.xml.crypto.dsig.XMLSignatureFactory;
import javax.xml.crypto.dsig.dom.DOMValidateContext;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.soap.SOAPMessage;
import javax.xml.soap.SOAPPart;
import javax.xml.transform.TransformerException;
import javax.xml.transform.TransformerFactory;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
import org.apache.jcp.xml.dsig.internal.dom.DOMX509Data;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.NodeList;
import org.xml.sax.SAXException;

/* loaded from: input_file:br/com/fiorilli/issweb/util/assinatura/AssinaturaXML.class */
public class AssinaturaXML {
    private File xmlFile;

    public AssinaturaXML() {
    }

    public AssinaturaXML(File file) {
        this.xmlFile = file;
    }

    public boolean isAssinaturaValida(Document document) throws CertificateException, Exception {
        boolean z = false;
        try {
            XMLSignatureFactory xMLSignFactory = getXMLSignFactory();
            NodeList elementsByTagNameNS = document.getElementsByTagNameNS("http://www.w3.org/2000/09/xmldsig#", "Signature");
            Element element = (Element) elementsByTagNameNS.item(0);
            XMLSignature unmarshalXMLSignature = xMLSignFactory.unmarshalXMLSignature(new DOMStructure(elementsByTagNameNS.item(elementsByTagNameNS.getLength() - 1)));
            X509Certificate x509Certificate = null;
            if (unmarshalXMLSignature.getKeyInfo().getContent().get(0) instanceof DOMX509Data) {
                for (Object obj : ((DOMX509Data) unmarshalXMLSignature.getKeyInfo().getContent().get(0)).getContent()) {
                    if (obj instanceof X509Certificate) {
                        x509Certificate = (X509Certificate) obj;
                    }
                }
            } else {
                for (Object obj2 : ((org.jcp.xml.dsig.internal.dom.DOMX509Data) unmarshalXMLSignature.getKeyInfo().getContent().get(0)).getContent()) {
                    if (obj2 instanceof X509Certificate) {
                        x509Certificate = (X509Certificate) obj2;
                    }
                }
            }
            if (x509Certificate != null) {
                x509Certificate.checkValidity();
                if (!x509Certificate.getIssuerDN().getName().contains("ICP")) {
                    throw new Exception("Certificado usado para assinar remessa não é parte do ICP-Brasil");
                }
                z = unmarshalXMLSignature.validate(new DOMValidateContext(x509Certificate.getPublicKey(), element));
                if (z) {
                    Logger.getLogger(AssinaturaXML.class.getName()).log(Level.INFO, "A assinatura é válida. {0}", extractDN(x509Certificate.getSubjectDN()));
                } else {
                    Logger.getLogger(AssinaturaXML.class.getName()).log(Level.INFO, "A assinatura NÃO é válida. {0}", extractDN(x509Certificate.getSubjectDN()));
                }
            }
        } catch (XMLSignatureException e) {
            Logger.getLogger(AssinaturaXML.class.getName()).log(Level.SEVERE, (String) null, e);
        } catch (IOException | ParserConfigurationException | SAXException e2) {
            throw new RuntimeException(e2);
        }
        return z || 1 == 0;
    }

    public boolean isAssinaturaValida(SOAPMessage sOAPMessage) throws CertificateException, Exception {
        SOAPPart sOAPPart = sOAPMessage.getSOAPPart();
        boolean z = false;
        try {
            XMLSignatureFactory xMLSignatureFactory = XMLSignatureFactory.getInstance("DOM");
            NodeList elementsByTagNameNS = sOAPPart.getElementsByTagNameNS("http://www.w3.org/2000/09/xmldsig#", "Signature");
            XMLSignature unmarshalXMLSignature = xMLSignatureFactory.unmarshalXMLSignature(new DOMStructure(elementsByTagNameNS.item(elementsByTagNameNS.getLength() - 1)));
            X509Certificate x509Certificate = null;
            if (unmarshalXMLSignature.getKeyInfo().getContent().get(0) instanceof DOMX509Data) {
                for (Object obj : ((DOMX509Data) unmarshalXMLSignature.getKeyInfo().getContent().get(0)).getContent()) {
                    if (obj instanceof X509Certificate) {
                        x509Certificate = (X509Certificate) obj;
                    }
                }
            } else {
                for (Object obj2 : ((org.jcp.xml.dsig.internal.dom.DOMX509Data) unmarshalXMLSignature.getKeyInfo().getContent().get(0)).getContent()) {
                    if (obj2 instanceof X509Certificate) {
                        x509Certificate = (X509Certificate) obj2;
                    }
                }
            }
            if (x509Certificate != null) {
                x509Certificate.checkValidity();
                if (!x509Certificate.getIssuerDN().getName().contains("ICP")) {
                    throw new Exception("Certificado usado para assinar remessa não é parte do ICP-Brasil");
                }
                z = unmarshalXMLSignature.validate(new DOMValidateContext(x509Certificate.getPublicKey(), elementsByTagNameNS.item(0)));
                Logger.getLogger(AssinaturaXML.class.getName()).log(Level.INFO, "A assinatura é válida. {0}", extractDN(x509Certificate.getSubjectDN()));
            }
        } catch (XMLSignatureException e) {
            Logger.getLogger(AssinaturaXML.class.getName()).log(Level.SEVERE, (String) null, e);
        } catch (IOException | ParserConfigurationException | SAXException e2) {
            throw new RuntimeException(e2);
        }
        return z || 1 == 0;
    }

    public boolean isAssinaturaValida() throws Exception {
        boolean z = false;
        XMLSignature xMLSignature = null;
        try {
            DOMValidateContext dOMValidateContext = new DOMValidateContext(new X509KeySelector(), getNodoPorNome("Signature").item(0));
            xMLSignature = getXMLSignFactory().unmarshalXMLSignature(dOMValidateContext);
            z = xMLSignature.validate(dOMValidateContext);
        } catch (MarshalException e) {
            Logger.getLogger(AssinaturaXML.class.getName()).log(Level.SEVERE, "Erro extraindo assinatura do arquivo XML.", e);
        } catch (XMLSignatureException e2) {
            Logger.getLogger(AssinaturaXML.class.getName()).log(Level.SEVERE, "Erro validando assinatura do arquivo XML.", e2);
        }
        return z && isCertificadoValido(xMLSignature);
    }

    private boolean isCertificadoValido(XMLSignature xMLSignature) throws Exception {
        X509Certificate certificate;
        boolean z = false;
        try {
            certificate = getCertificate(xMLSignature);
        } catch (CertificateExpiredException e) {
            Logger.getLogger(AssinaturaXML.class.getName()).log(Level.SEVERE, "Certificado usado para assinatura estava expirado.", (Throwable) e);
        } catch (CertificateNotYetValidException e2) {
            Logger.getLogger(AssinaturaXML.class.getName()).log(Level.SEVERE, "Certificado usado para assinatura ainda não era válido.", (Throwable) e2);
        }
        if (!certificate.getIssuerDN().getName().contains("ICP")) {
            throw new Exception("Certificado usado para assinar remessa não é parte do ICP-Brasil");
        }
        certificate.checkValidity();
        z = true;
        return z;
    }

    private NodeList getNodoPorNome(String str) throws FiorilliException, TransformerException {
        NodeList elementsByTagNameNS = getDOMDocument().getElementsByTagNameNS("http://www.w3.org/2000/09/xmldsig#", str);
        if (elementsByTagNameNS.getLength() == 0) {
            throw new FiorilliException("TAG <" + str + "> não existe, documento não assinado");
        }
        return elementsByTagNameNS;
    }

    private Document getDOMDocument() throws TransformerException {
        Document document = null;
        try {
            DocumentBuilderFactory newInstance = DocumentBuilderFactory.newInstance();
            newInstance.setNamespaceAware(true);
            document = newInstance.newDocumentBuilder().parse(this.xmlFile);
        } catch (UnsupportedEncodingException e) {
            Logger.getLogger(AssinaturaXML.class.getName()).log(Level.SEVERE, "Codificação UTF-8 não suportada.", (Throwable) e);
        } catch (IOException e2) {
            Logger.getLogger(AssinaturaXML.class.getName()).log(Level.SEVERE, "Erro de IO ao parsear o arquivo XML.", (Throwable) e2);
        } catch (ParserConfigurationException e3) {
            Logger.getLogger(AssinaturaXML.class.getName()).log(Level.SEVERE, "Erro de configuração ao instanciar um novo documento DOM", (Throwable) e3);
        } catch (SAXException e4) {
            Logger.getLogger(AssinaturaXML.class.getName()).log(Level.SEVERE, "Erro de parser do arquivo XML.", (Throwable) e4);
        }
        return document;
    }

    private XMLSignatureFactory getXMLSignFactory() {
        XMLSignatureFactory xMLSignatureFactory = null;
        String property = System.getProperty("jsr105Provider", "org.apache.jcp.xml.dsig.internal.dom.XMLDSigRI");
        try {
            xMLSignatureFactory = XMLSignatureFactory.getInstance("DOM", (Provider) Class.forName(property).newInstance());
        } catch (ClassNotFoundException e) {
            Logger.getLogger(AssinaturaXML.class.getName()).log(Level.SEVERE, "Provider class não encontrada. " + property, (Throwable) e);
        } catch (IllegalAccessException e2) {
            Logger.getLogger(AssinaturaXML.class.getName()).log(Level.SEVERE, "Provider class inacessível. " + property, (Throwable) e2);
        } catch (InstantiationException e3) {
            Logger.getLogger(AssinaturaXML.class.getName()).log(Level.SEVERE, "Provider class não pode ser instanciada. " + property, (Throwable) e3);
        }
        return xMLSignatureFactory;
    }

    private X509Certificate getCertificate(XMLSignature xMLSignature) {
        X509Certificate x509Certificate = null;
        if (xMLSignature.getKeyInfo().getContent().get(0) instanceof DOMX509Data) {
            for (Object obj : ((DOMX509Data) xMLSignature.getKeyInfo().getContent().get(0)).getContent()) {
                if (obj instanceof X509Certificate) {
                    x509Certificate = (X509Certificate) obj;
                }
            }
        } else {
            for (Object obj2 : ((org.jcp.xml.dsig.internal.dom.DOMX509Data) xMLSignature.getKeyInfo().getContent().get(0)).getContent()) {
                if (obj2 instanceof X509Certificate) {
                    x509Certificate = (X509Certificate) obj2;
                }
            }
        }
        return x509Certificate;
    }

    private String outputXML(Document document) throws TransformerException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        TransformerFactory.newInstance().newTransformer().transform(new DOMSource(document), new StreamResult(byteArrayOutputStream));
        String byteArrayOutputStream2 = byteArrayOutputStream.toString();
        if (byteArrayOutputStream2 != null && !"".equals(byteArrayOutputStream2)) {
            byteArrayOutputStream2 = byteArrayOutputStream2.replaceAll("\\r\\n", "").replaceAll(" standalone=\"no\"", "");
        }
        return byteArrayOutputStream2;
    }

    private String extractDN(Principal principal) {
        if (principal == null) {
            return null;
        }
        String principal2 = principal.toString();
        return principal2.substring(principal2.indexOf("CN=") + 3, principal2.indexOf(","));
    }
}
