package br.com.fiorilli.issweb.util.assinatura;

import br.com.fiorilli.issweb.ws.retorno.MontaMensagemRetorno;
import br.org.abrasf.nfse.TcMensagemRetorno;
import java.security.Principal;
import java.security.Provider;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.xml.crypto.MarshalException;
import javax.xml.crypto.dsig.Reference;
import javax.xml.crypto.dsig.XMLSignature;
import javax.xml.crypto.dsig.XMLSignatureFactory;
import javax.xml.crypto.dsig.dom.DOMValidateContext;
import org.apache.jcp.xml.dsig.internal.dom.DOMX509Data;
import org.bouncycastle.asn1.DERObjectIdentifier;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.DERPrintableString;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.DERUTF8String;
import org.bouncycastle.x509.extension.X509ExtensionUtil;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.NodeList;

/* loaded from: input_file:br/com/fiorilli/issweb/util/assinatura/SignatureValidator.class */
public final class SignatureValidator {
    private static final Logger _log = Logger.getLogger(SignatureValidator.class.getName());
    public static final DERObjectIdentifier CPF = new DERObjectIdentifier("2.16.76.1.3.1");
    public static final DERObjectIdentifier CNPJ = new DERObjectIdentifier("2.16.76.1.3.3");

    private SignatureValidator() {
    }

    public static boolean containsSignature(Document document) {
        if (document == null) {
            throw new NullPointerException("document");
        }
        return document.getElementsByTagNameNS("http://www.w3.org/2000/09/xmldsig#", "Signature").getLength() > 0;
    }

    public static Boolean validateSignature(Document document, List<TcMensagemRetorno> list) throws Exception {
        if (document == null) {
            throw new NullPointerException("doc");
        }
        NodeList elementsByTagNameNS = document.getElementsByTagNameNS("http://www.w3.org/2000/09/xmldsig#", "Signature");
        if (elementsByTagNameNS.getLength() == 1) {
            return validateSignature((Element) elementsByTagNameNS.item(0), list);
        }
        for (int i = 0; i < elementsByTagNameNS.getLength(); i++) {
            if (!validateSignature((Element) elementsByTagNameNS.item(i), list).booleanValue()) {
                return Boolean.FALSE;
            }
        }
        return Boolean.TRUE;
    }

    private static Boolean validateSignature(Element element, List<TcMensagemRetorno> list) throws Exception {
        XMLSignatureFactory xMLSignFactory = getXMLSignFactory();
        DOMValidateContext dOMValidateContext = new DOMValidateContext(new X509KeySelector(), element);
        XMLSignature unmarshalXMLSignature = xMLSignFactory.unmarshalXMLSignature(dOMValidateContext);
        boolean validate = unmarshalXMLSignature.validate(dOMValidateContext);
        if (validate) {
            _log.info("Signature passed core validation");
        } else {
            _log.info("Signature failed core validation");
            boolean validate2 = unmarshalXMLSignature.getSignatureValue().validate(dOMValidateContext);
            _log.log(Level.INFO, "signature validation status: {0}", Boolean.valueOf(validate2));
            if (validate2) {
                _log.log(Level.INFO, "signature common name: {0}", extractDN(getCertificate(unmarshalXMLSignature).getIssuerDN()));
            }
            Iterator it = unmarshalXMLSignature.getSignedInfo().getReferences().iterator();
            int i = 0;
            while (it.hasNext()) {
                _log.log(Level.INFO, "ref[{0}] validity status: {1}", new Object[]{Integer.valueOf(i), Boolean.valueOf(((Reference) it.next()).validate(dOMValidateContext))});
                i++;
            }
        }
        return (validate && isCertificateValid(unmarshalXMLSignature, list)) ? Boolean.TRUE : Boolean.FALSE;
    }

    private static XMLSignatureFactory getXMLSignFactory() {
        XMLSignatureFactory xMLSignatureFactory = null;
        String property = System.getProperty("jsr105Provider", "org.apache.jcp.xml.dsig.internal.dom.XMLDSigRI");
        try {
            xMLSignatureFactory = XMLSignatureFactory.getInstance("DOM", (Provider) Class.forName(property).newInstance());
        } catch (ClassNotFoundException e) {
            _log.log(Level.SEVERE, "Provider class não encontrada. " + property, (Throwable) e);
        } catch (IllegalAccessException e2) {
            _log.log(Level.SEVERE, "Provider class inacessível. " + property, (Throwable) e2);
        } catch (InstantiationException e3) {
            _log.log(Level.SEVERE, "Provider class não pode ser instanciada. " + property, (Throwable) e3);
        }
        return xMLSignatureFactory;
    }

    private static String extractDN(Principal principal) {
        if (principal == null) {
            return null;
        }
        String principal2 = principal.toString();
        return principal2.substring(principal2.indexOf("CN=") + 3, principal2.indexOf(","));
    }

    private static boolean isCertificateValid(XMLSignature xMLSignature, List<TcMensagemRetorno> list) {
        X509Certificate certificate = getCertificate(xMLSignature);
        boolean booleanValue = Boolean.TRUE.booleanValue();
        if (certificate != null) {
            try {
                certificate.checkValidity();
                if (!certificate.getIssuerDN().getName().contains("ICP")) {
                    Logger.getLogger(SignatureValidator.class.getName()).log(Level.SEVERE, (String) null, (Throwable) new Exception("Certificado usado para assinar remessa não é parte do ICP-Brasil"));
                    list.add(MontaMensagemRetorno.getTcMensagemRetorno("E189"));
                    booleanValue = Boolean.FALSE.booleanValue();
                }
            } catch (CertificateExpiredException | CertificateNotYetValidException e) {
                Logger.getLogger(SignatureValidator.class.getName()).log(Level.SEVERE, (String) null, e);
                list.add(MontaMensagemRetorno.getTcMensagemRetorno("L92"));
                booleanValue = Boolean.FALSE.booleanValue();
            }
        }
        return booleanValue;
    }

    private static X509Certificate getCertificate(XMLSignature xMLSignature) {
        X509Certificate x509Certificate = null;
        if (xMLSignature.getKeyInfo().getContent().get(0) instanceof DOMX509Data) {
            for (Object obj : ((DOMX509Data) xMLSignature.getKeyInfo().getContent().get(0)).getContent()) {
                if (obj instanceof X509Certificate) {
                    x509Certificate = (X509Certificate) obj;
                }
            }
        } else {
            for (Object obj2 : ((org.jcp.xml.dsig.internal.dom.DOMX509Data) xMLSignature.getKeyInfo().getContent().get(0)).getContent()) {
                if (obj2 instanceof X509Certificate) {
                    x509Certificate = (X509Certificate) obj2;
                }
            }
        }
        return x509Certificate;
    }

    private static X509Certificate getX509Certificate(Document document) {
        XMLSignature xMLSignature = null;
        try {
            xMLSignature = getXMLSignFactory().unmarshalXMLSignature(new DOMValidateContext(new X509KeySelector(), (Element) document.getElementsByTagNameNS("http://www.w3.org/2000/09/xmldsig#", "Signature").item(0)));
        } catch (MarshalException e) {
            Logger.getLogger(SignatureValidator.class.getName()).log(Level.SEVERE, (String) null, e);
        }
        return getCertificate(xMLSignature);
    }

    public static String getCpfCnpjAssinatura(Document document) throws CertificateParsingException {
        for (Object obj : X509ExtensionUtil.getSubjectAlternativeNames(getX509Certificate(document))) {
            if (obj instanceof ArrayList) {
                Object obj2 = ((ArrayList) obj).get(1);
                if (obj2 instanceof DERSequence) {
                    DERSequence dERSequence = (DERSequence) obj2;
                    DERObjectIdentifier objectAt = dERSequence.getObjectAt(0);
                    DEROctetString object = dERSequence.getObjectAt(1).getObject();
                    String str = "";
                    if (object instanceof DEROctetString) {
                        str = new String(object.getOctets());
                    } else if (object instanceof DERPrintableString) {
                        str = new String(((DERPrintableString) object).getOctets());
                    } else if (object instanceof DERUTF8String) {
                        str = ((DERUTF8String) object).getString();
                    }
                    if (str != null && !"".equals(str)) {
                        if (objectAt.equals(CPF)) {
                            return str.substring(8, 19);
                        }
                        if (objectAt.equals(CNPJ)) {
                            return str;
                        }
                    }
                } else {
                    continue;
                }
            }
        }
        return null;
    }
}
