package cn.com.infosec.netsign.base.processors.util;

import cn.com.infosec.asn1.x509.X509Name;
import cn.com.infosec.netsign.base.AbstractMessage;
import cn.com.infosec.netsign.base.ErrorInfoRes;
import cn.com.infosec.netsign.base.NSMessage;
import cn.com.infosec.netsign.base.XMLVerifyResult;
import cn.com.infosec.netsign.base.channels.ServerChannel;
import cn.com.infosec.netsign.base.util.CertRevokedException;
import cn.com.infosec.netsign.base.util.CertTrustException;
import cn.com.infosec.netsign.base.util.CertValidateException;
import cn.com.infosec.netsign.base.util.NetSignImpl;
import cn.com.infosec.netsign.base.util.NotInTrustListException;
import cn.com.infosec.netsign.base.util.NotSignatrueXMLException;
import cn.com.infosec.netsign.base.util.ServerKeyStore;
import cn.com.infosec.netsign.base.util.VerifyOCSPException;
import cn.com.infosec.netsign.crypto.util.RadomNumber;
import cn.com.infosec.netsign.exceptions.GenerateXMLException;
import cn.com.infosec.netsign.exceptions.ParseXMLException;
import cn.com.infosec.netsign.exceptions.XMLCoreValidationException;
import cn.com.infosec.netsign.exceptions.XMLReferenceException;
import cn.com.infosec.netsign.logger.ConsoleLogger;
import cn.com.infosec.util.encoders.Base64;
import cn.com.infosec.xmlparser.BinaryXMLParser;
import cn.com.infosec.xmlparser.BinaryXMLParserFactory;
import cn.com.infosec.xmlparser.XMLTag;
import com.sun.org.apache.xml.internal.security.c14n.Canonicalizer;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.math.BigInteger;
import java.security.InvalidAlgorithmParameterException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.xml.crypto.MarshalException;
import javax.xml.crypto.dom.DOMStructure;
import javax.xml.crypto.dsig.Reference;
import javax.xml.crypto.dsig.SignedInfo;
import javax.xml.crypto.dsig.Transform;
import javax.xml.crypto.dsig.XMLObject;
import javax.xml.crypto.dsig.XMLSignature;
import javax.xml.crypto.dsig.XMLSignatureException;
import javax.xml.crypto.dsig.XMLSignatureFactory;
import javax.xml.crypto.dsig.dom.DOMSignContext;
import javax.xml.crypto.dsig.dom.DOMValidateContext;
import javax.xml.crypto.dsig.keyinfo.KeyInfo;
import javax.xml.crypto.dsig.keyinfo.KeyInfoFactory;
import javax.xml.crypto.dsig.spec.C14NMethodParameterSpec;
import javax.xml.crypto.dsig.spec.DigestMethodParameterSpec;
import javax.xml.crypto.dsig.spec.SignatureMethodParameterSpec;
import javax.xml.crypto.dsig.spec.TransformParameterSpec;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.transform.TransformerConfigurationException;
import javax.xml.transform.TransformerException;
import javax.xml.transform.TransformerFactory;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
import org.apache.xml.security.Init;
import org.w3c.dom.Attr;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.NamedNodeMap;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
import org.xml.sax.EntityResolver;
import org.xml.sax.InputSource;
import org.xml.sax.SAXException;

/* loaded from: input_file:cn/com/infosec/netsign/base/processors/util/XMLSignatureUtil.class */
public class XMLSignatureUtil {
    private static XMLSignatureFactory fac;
    private static DocumentBuilderFactory dbf;
    private static final String regex = "(?su)<Signature[^>]*>\\s*<SignedInfo>\\s*<CanonicalizationMethod[^>]*>\\s*<SignatureMethod[^>]*>(<Reference (URI=)?[^>]*>\\s*(<Transforms>.*?</Transforms>)?\\s*<DigestMethod[^>]*>\\s*<DigestValue>.*?</DigestValue>\\s*</Reference>)+\\s*</SignedInfo>\\s*<SignatureValue>.*?</SignatureValue>\\s*(<KeyInfo>.*?</KeyInfo>\\s)?(<Object[^>]*>(<SignatureProperties>.*?</SignaturePropeies>)*(<Manifest>.*?</Manifest>)*.*?</Object>\\s*)*</Signature>";
    private static final String valid_regex = "(?su)<Signature[^>]*>\\s*<SignedInfo>\\s*<CanonicalizationMethod[^>]*>\\s*<SignatureMethod[^>]*>(<Reference (URI=)?[^>]*>\\s*(<Transforms>.*?</Transforms>)?\\s*<DigestMethod[^>]*>\\s*<DigestValue>.*?</DigestValue>\\s*</Reference>)+\\s*</SignedInfo>\\s*<SignatureValue>.*?</SignatureValue>\\s*(<KeyInfo>.*?</KeyInfo>\\s)?.*?</Signature>";
    private static EntityResolver er;

    static {
        fac = null;
        dbf = null;
        fac = XMLSignatureFactory.getInstance("DOM");
        dbf = DocumentBuilderFactory.newInstance();
        dbf.setValidating(false);
        dbf.setNamespaceAware(true);
        er = new EntityResolver() { // from class: cn.com.infosec.netsign.base.processors.util.XMLSignatureUtil.1
            @Override // org.xml.sax.EntityResolver
            public InputSource resolveEntity(String str, String str2) throws SAXException, IOException {
                return new InputSource(new ByteArrayInputStream("<?xml version='1.0' encoding='utf-8'?>".getBytes()));
            }
        };
    }

    private static Document parseXML(byte[] bArr, DocumentBuilder documentBuilder) throws Exception {
        documentBuilder.setEntityResolver(er);
        return documentBuilder.parse(new ByteArrayInputStream(bArr));
    }

    private static SignedInfo generateSignedInfo(XMLSignatureFactory xMLSignatureFactory, Reference reference) throws Exception {
        return xMLSignatureFactory.newSignedInfo(xMLSignatureFactory.newCanonicalizationMethod("http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments", (C14NMethodParameterSpec) null), xMLSignatureFactory.newSignatureMethod("http://www.w3.org/2000/09/xmldsig#rsa-sha1", (SignatureMethodParameterSpec) null), Collections.singletonList(reference));
    }

    private static KeyInfo generateKeyInfo(XMLSignatureFactory xMLSignatureFactory, String str, X509Certificate[] x509CertificateArr) {
        KeyInfoFactory keyInfoFactory = xMLSignatureFactory.getKeyInfoFactory();
        ArrayList arrayList = new ArrayList();
        arrayList.add(str);
        for (X509Certificate x509Certificate : x509CertificateArr) {
            arrayList.add(x509Certificate);
        }
        return keyInfoFactory.newKeyInfo(Collections.singletonList(keyInfoFactory.newX509Data(arrayList)));
    }

    private static byte[] processSignature(Document document, String str, String str2) throws GenerateXMLException, TransformerConfigurationException, UnsupportedEncodingException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            TransformerFactory.newInstance().newTransformer().transform(new DOMSource(document), new StreamResult(byteArrayOutputStream));
            byte[] byteArray = byteArrayOutputStream.toByteArray();
            BinaryUtil binaryUtil = new BinaryUtil();
            binaryUtil.setXML(byteArray);
            byte[] bytes = new StringBuffer("<X509SubjectName>CN=").append(str).append("</X509SubjectName>").toString().getBytes("UTF-8");
            byte[] bArr = (byte[]) null;
            if (binaryUtil.moveto(bytes)) {
                byte[] bytes2 = new StringBuffer("<X509SubjectName>").append(str2).append("</X509SubjectName>").toString().getBytes("UTF-8");
                int location = binaryUtil.getLocation();
                bArr = new byte[byteArray.length + (bytes2.length - bytes.length)];
                System.arraycopy(byteArray, 0, bArr, 0, location);
                System.arraycopy(bytes2, 0, bArr, location, bytes2.length);
                System.arraycopy(byteArray, location + bytes.length, bArr, location + bytes2.length, (byteArray.length - location) - bytes.length);
            }
            if (bArr == null) {
                bArr = byteArray;
            }
            return bArr;
        } catch (Exception e) {
            throw new GenerateXMLException(e.toString());
        }
    }

    private static byte[] getSignatureXml(XMLSignature xMLSignature, DOMSignContext dOMSignContext, Document document, String str, String str2) throws Exception {
        try {
            xMLSignature.sign(dOMSignContext);
            return processSignature(document, str, str2);
        } catch (Exception e) {
            ConsoleLogger.logException(e);
            throw new SignatureException(e.toString());
        }
    }

    private static byte[] parseNS(byte[] bArr) {
        byte[] bArr2 = (byte[]) null;
        BinaryXMLParser binaryXMLParserFactory = BinaryXMLParserFactory.getInstance("Infosec");
        binaryXMLParserFactory.setXML(bArr);
        byte[] bArr3 = (byte[]) null;
        int i = 0;
        byte[] bytes = "xmlns=\"http://www.infosec.com.cn/netsign/innerdata\"".getBytes();
        XMLTag startElement = binaryXMLParserFactory.getStartElement("xmlns=\"".getBytes());
        if (startElement != null) {
            String attributeValue = startElement.getAttributeValue("xmlns");
            if (!attributeValue.equals("http://www.w3.org/2000/09/xmldsig#") && !attributeValue.equals("http://www.infosec.com.cn/netsign/innerdata")) {
                bArr3 = "xmlns=\"\"".getBytes();
                i = startElement.end - bArr3.length;
            }
        } else {
            XMLTag startElement2 = binaryXMLParserFactory.getStartElement("xmlns:".getBytes());
            if (startElement2 != null) {
                Matcher matcher = Pattern.compile("xmlns:.+=['\"].*?['\"]").matcher(new String(bArr));
                if (matcher.find()) {
                    String group = matcher.group();
                    bArr3 = group.getBytes();
                    String substring = group.contains("'") ? group.substring(group.indexOf("'") + 1, group.lastIndexOf("'")) : group.substring(group.indexOf("\"") + 1, group.lastIndexOf("\""));
                    if (!substring.equals("http://www.w3.org/2000/09/xmldsig#") && !substring.equals("http://www.infosec.com.cn/netsign/innerdata")) {
                        i = startElement2.end - bArr3.length;
                    }
                }
            } else {
                String str = new String(bArr);
                int indexOf = str.indexOf("?>");
                i = indexOf > 0 ? str.indexOf(">", indexOf + 2) : str.indexOf(">");
                bArr3 = ">".getBytes();
                bytes = " xmlns=\"http://www.infosec.com.cn/netsign/innerdata\">".getBytes();
            }
        }
        if (i > 0 && bArr3 != null) {
            bArr2 = new byte[bArr.length + (bytes.length - bArr3.length)];
            System.arraycopy(bArr, 0, bArr2, 0, i);
            System.arraycopy(bytes, 0, bArr2, i, bytes.length);
            System.arraycopy(bArr, i + bArr3.length, bArr2, i + bytes.length, (bArr.length - i) - bArr3.length);
        }
        return bArr2 == null ? bArr : bArr2;
    }

    private static byte[] processEncoding(byte[] bArr) {
        byte[] bArr2;
        BinaryUtil binaryUtil = new BinaryUtil();
        binaryUtil.setXML(bArr);
        byte[] bytes = "<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"no\"?>".getBytes();
        if (binaryUtil.moveto("?>".getBytes())) {
            int location = binaryUtil.getLocation() + "?>".getBytes().length;
            bArr2 = new byte[(bArr.length - location) + bytes.length];
            System.arraycopy(bytes, 0, bArr2, 0, bytes.length);
            System.arraycopy(bArr, location, bArr2, bytes.length, bArr.length - location);
        } else {
            bArr2 = new byte[bArr.length + bytes.length];
            System.arraycopy(bytes, 0, bArr2, 0, bytes.length);
            System.arraycopy(bArr, 0, bArr2, bytes.length, bArr.length);
        }
        return bArr2;
    }

    public static Object[] generateXmlEnvelopingSignature(byte[] bArr, ServerKeyStore serverKeyStore, String str, AbstractMessage abstractMessage) throws Exception {
        byte[] parseNS = parseNS(bArr);
        String certDN = serverKeyStore.getCertDN();
        Object[] objArr = new Object[2];
        try {
            DocumentBuilder newDocumentBuilder = dbf.newDocumentBuilder();
            DOMStructure dOMStructure = new DOMStructure(parseXML(parseNS, newDocumentBuilder).getDocumentElement());
            String random = RadomNumber.getRandom();
            XMLObject newXMLObject = fac.newXMLObject(Collections.singletonList(dOMStructure), random, (String) null, (String) null);
            Reference newReference = fac.newReference(new StringBuffer("#").append(random).toString(), fac.newDigestMethod("http://www.w3.org/2000/09/xmldsig#sha1", (DigestMethodParameterSpec) null));
            if (str == null || str.equals("")) {
                str = RadomNumber.getRandom();
            }
            try {
                SignedInfo generateSignedInfo = generateSignedInfo(fac, newReference);
                String random2 = RadomNumber.getRandom();
                XMLSignature newXMLSignature = fac.newXMLSignature(generateSignedInfo, generateKeyInfo(fac, new StringBuffer("CN=").append(random2).toString(), serverKeyStore.getCertChain()), Collections.singletonList(newXMLObject), str, (String) null);
                Document newDocument = newDocumentBuilder.newDocument();
                try {
                    objArr[0] = processEncoding(getSignatureXml(newXMLSignature, new DOMSignContext(serverKeyStore.getPrivateKey(), newDocument), newDocument, random2, certDN));
                    objArr[1] = str;
                    return objArr;
                } catch (Exception e) {
                    ConsoleLogger.logException(e);
                    throw new GenerateXMLException(e.toString());
                }
            } catch (Exception e2) {
                ConsoleLogger.logException(e2);
                throw new SignatureException(e2.toString());
            }
        } catch (Exception e3) {
            ConsoleLogger.logException(e3);
            throw new ParseXMLException(e3.toString());
        }
    }

    public static Object[] generateXmlEnvelopedSignature(byte[] bArr, ServerKeyStore serverKeyStore, String str, AbstractMessage abstractMessage, boolean z) throws Exception {
        byte[] parseNS = parseNS(bArr);
        if (str == null || str.equals("")) {
            str = RadomNumber.getRandom();
        }
        Object[] objArr = new Object[2];
        objArr[1] = str;
        try {
            Document parseXML = parseXML(parseNS, dbf.newDocumentBuilder());
            try {
                SignedInfo generateSignedInfo = generateSignedInfo(fac, fac.newReference("", fac.newDigestMethod("http://www.w3.org/2000/09/xmldsig#sha1", (DigestMethodParameterSpec) null), Collections.singletonList(fac.newTransform("http://www.w3.org/2000/09/xmldsig#enveloped-signature", (TransformParameterSpec) null)), (String) null, (String) null));
                String certDN = serverKeyStore.getCertDN();
                String random = RadomNumber.getRandom();
                try {
                    byte[] signatureXml = getSignatureXml(fac.newXMLSignature(generateSignedInfo, generateKeyInfo(fac, new StringBuffer("CN=").append(random).toString(), serverKeyStore.getCertChain()), (List) null, str, (String) null), new DOMSignContext(serverKeyStore.getPrivateKey(), parseXML.getDocumentElement()), parseXML, random, certDN);
                    if (z) {
                        signatureXml = canonialXML(signatureXml);
                    }
                    objArr[0] = signatureXml;
                    return objArr;
                } catch (Exception e) {
                    ConsoleLogger.logException(e);
                    throw new GenerateXMLException(e.toString());
                }
            } catch (Exception e2) {
                ConsoleLogger.logException(e2);
                throw new SignatureException(e2.toString());
            }
        } catch (Exception e3) {
            ConsoleLogger.logException(e3);
            throw new ParseXMLException(e3.toString());
        }
    }

    public static Object[] generateXmlDetatchedSignature(byte[] bArr, ServerKeyStore serverKeyStore, String str, String str2, AbstractMessage abstractMessage, boolean z) throws Exception {
        byte[] parseNS = parseNS(bArr);
        String certDN = serverKeyStore.getCertDN();
        Object[] objArr = new Object[2];
        try {
            Document parseXML = parseXML(parseNS, dbf.newDocumentBuilder());
            String attribute = parseXML.getDocumentElement().getAttribute("id");
            if (attribute != null && str != null && attribute.equals(str)) {
                throw new SignatureException("分离签名不能指定根元素");
            }
            if (str == null || str.equals("")) {
                throw new XMLReferenceException();
            }
            Reference newReference = fac.newReference(new StringBuffer("#").append(str).toString(), fac.newDigestMethod("http://www.w3.org/2000/09/xmldsig#sha1", (DigestMethodParameterSpec) null));
            if (str2 == null || str2.equals("")) {
                str2 = RadomNumber.getRandom();
            }
            try {
                SignedInfo generateSignedInfo = generateSignedInfo(fac, newReference);
                objArr[1] = str2;
                String random = RadomNumber.getRandom();
                try {
                    byte[] signatureXml = getSignatureXml(fac.newXMLSignature(generateSignedInfo, generateKeyInfo(fac, new StringBuffer("CN=").append(random).toString(), serverKeyStore.getCertChain()), (List) null, str2, (String) null), new DOMSignContext(serverKeyStore.getPrivateKey(), parseXML.getDocumentElement()), parseXML, random, certDN);
                    if (z) {
                        signatureXml = canonialXML(signatureXml);
                    }
                    objArr[0] = signatureXml;
                    return objArr;
                } catch (Exception e) {
                    ConsoleLogger.logException(e);
                    throw new GenerateXMLException(e.toString());
                }
            } catch (Exception e2) {
                ConsoleLogger.logException(e2);
                throw new SignatureException(e2.toString());
            }
        } catch (Exception e3) {
            ConsoleLogger.logException(e3);
            throw new ParseXMLException(e3.toString());
        }
    }

    public static Object[] generateXmlDetatchedSignature(byte[] bArr, ServerKeyStore serverKeyStore, String[] strArr, String str, AbstractMessage abstractMessage, boolean z) throws Exception {
        byte[] parseNS = parseNS(bArr);
        String certDN = serverKeyStore.getCertDN();
        Object[] objArr = new Object[2];
        try {
            Document parseXML = parseXML(parseNS, dbf.newDocumentBuilder());
            String attribute = parseXML.getDocumentElement().getAttribute("id");
            if (attribute != null && strArr != null && attribute.equals(strArr)) {
                throw new SignatureException("分离签名不能指定根元素");
            }
            if (strArr == null || strArr.length == 0) {
                throw new XMLReferenceException();
            }
            ArrayList arrayList = new ArrayList();
            for (String str2 : strArr) {
                arrayList.add(fac.newReference(new StringBuffer("#").append(str2).toString(), fac.newDigestMethod("http://www.w3.org/2000/09/xmldsig#sha1", (DigestMethodParameterSpec) null)));
            }
            if (str == null || str.equals("")) {
                str = RadomNumber.getRandom();
            }
            try {
                SignedInfo newSignedInfo = fac.newSignedInfo(fac.newCanonicalizationMethod("http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments", (C14NMethodParameterSpec) null), fac.newSignatureMethod("http://www.w3.org/2000/09/xmldsig#rsa-sha1", (SignatureMethodParameterSpec) null), Collections.synchronizedList(arrayList));
                objArr[1] = str;
                String random = RadomNumber.getRandom();
                try {
                    byte[] signatureXml = getSignatureXml(fac.newXMLSignature(newSignedInfo, generateKeyInfo(fac, new StringBuffer("CN=").append(random).toString(), serverKeyStore.getCertChain()), (List) null, str, (String) null), new DOMSignContext(serverKeyStore.getPrivateKey(), parseXML.getDocumentElement()), parseXML, random, certDN);
                    if (z) {
                        signatureXml = canonialXML(signatureXml);
                    }
                    objArr[0] = signatureXml;
                    return objArr;
                } catch (Exception e) {
                    ConsoleLogger.logException(e);
                    throw new GenerateXMLException(e.toString());
                }
            } catch (Exception e2) {
                ConsoleLogger.logException(e2);
                throw new SignatureException(e2.toString());
            }
        } catch (Exception e3) {
            ConsoleLogger.logException(e3);
            throw new ParseXMLException(e3.toString());
        }
    }

    private static String nodeToString(Node node) {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            TransformerFactory.newInstance().newTransformer().transform(new DOMSource(node), new StreamResult(byteArrayOutputStream));
        } catch (TransformerConfigurationException e) {
            e.printStackTrace();
        } catch (TransformerException e2) {
            e2.printStackTrace();
        }
        return new String(byteArrayOutputStream.toByteArray()).replaceAll("<\\?.*?\\?>", "").trim();
    }

    public static boolean checkByRegex(String str, String str2) {
        return Pattern.compile(str2).matcher(str).find();
    }

    public static Object[] generateAlipaySignature(byte[] bArr, ServerKeyStore serverKeyStore, String str, AbstractMessage abstractMessage) throws ParseXMLException, XMLReferenceException, NoSuchAlgorithmException, InvalidAlgorithmParameterException, GenerateXMLException {
        String certDN = serverKeyStore.getCertDN();
        Object[] objArr = new Object[2];
        try {
            Document parseXML = parseXML(bArr, dbf.newDocumentBuilder());
            NodeList elementsByTagName = parseXML.getElementsByTagName("Message");
            Transform newTransform = fac.newTransform("http://www.w3.org/2000/09/xmldsig#enveloped-signature", (TransformParameterSpec) null);
            for (int i = 0; i < elementsByTagName.getLength(); i++) {
                boolean z = false;
                Node item = elementsByTagName.item(i);
                Node node = null;
                NodeList childNodes = item.getChildNodes();
                int i2 = 0;
                while (true) {
                    if (i2 >= childNodes.getLength()) {
                        break;
                    }
                    Node item2 = childNodes.item(i2);
                    if (item2.getNodeType() == 1 && item2.getNodeName().equals("Signature") && checkByRegex(nodeToString(item2), regex)) {
                        node = null;
                        z = true;
                        break;
                    }
                    if (item2.getNodeType() == 1 && 0 == 0) {
                        node = item2;
                    }
                    i2++;
                }
                if (node != null && !z) {
                    try {
                        objArr[0] = getSignatureXml(fac.newXMLSignature(fac.newSignedInfo(fac.newCanonicalizationMethod("http://www.w3.org/TR/2001/REC-xml-c14n-20010315", (C14NMethodParameterSpec) null), fac.newSignatureMethod("http://www.w3.org/2000/09/xmldsig#rsa-sha1", (SignatureMethodParameterSpec) null), Collections.singletonList(fac.newReference(new StringBuffer("#").append(getAttributeValueByName(node, "id")).toString(), fac.newDigestMethod("http://www.w3.org/2000/09/xmldsig#sha1", (DigestMethodParameterSpec) null), Collections.singletonList(newTransform), (String) null, (String) null))), (KeyInfo) null), new DOMSignContext(serverKeyStore.getPrivateKey(), item), parseXML, RadomNumber.getRandom(), certDN);
                    } catch (Exception e) {
                        ConsoleLogger.logException(e);
                        throw new GenerateXMLException(e.toString());
                    }
                }
            }
            if (objArr[0] == null) {
                objArr[0] = bArr;
            }
            objArr[1] = str;
            return objArr;
        } catch (Exception e2) {
            ConsoleLogger.logException(e2);
            throw new ParseXMLException(e2.toString());
        }
    }

    public static Object[] generateTenPaySignature(byte[] bArr, ServerKeyStore serverKeyStore, String str, String str2) throws Exception {
        Object[] objArr = new Object[2];
        try {
            Document parseXML = parseXML(bArr, dbf.newDocumentBuilder());
            String attribute = parseXML.getDocumentElement().getAttribute("id");
            if (attribute != null && str != null && attribute.equals(str)) {
                throw new SignatureException("分离签名不能指定根元素");
            }
            Transform newTransform = fac.newTransform("http://www.w3.org/2000/09/xmldsig#enveloped-signature", (TransformParameterSpec) null);
            if (str == null || str.equals("")) {
                throw new XMLReferenceException();
            }
            SignedInfo newSignedInfo = fac.newSignedInfo(fac.newCanonicalizationMethod("http://www.w3.org/TR/2001/REC-xml-c14n-20010315", (C14NMethodParameterSpec) null), fac.newSignatureMethod("http://www.w3.org/2000/09/xmldsig#rsa-sha1", (SignatureMethodParameterSpec) null), Collections.singletonList(fac.newReference(new StringBuffer("#").append(str).toString(), fac.newDigestMethod("http://www.w3.org/2000/09/xmldsig#sha1", (DigestMethodParameterSpec) null), Collections.singletonList(newTransform), (String) null, (String) null)));
            if (str2 == null || str2.equals("")) {
                str2 = RadomNumber.getRandom();
            }
            objArr[1] = str2;
            fac.newXMLSignature(newSignedInfo, (KeyInfo) null, (List) null, str2, (String) null).sign(new DOMSignContext(serverKeyStore.getPrivateKey(), parseXML.getDocumentElement()));
            Document newDocument = DocumentBuilderFactory.newInstance().newDocumentBuilder().newDocument();
            Node adoptNode = newDocument.adoptNode(parseXML.getElementsByTagName("Signature").item(0));
            Node adoptNode2 = newDocument.adoptNode(parseXML.getElementsByTagName("Message").item(0));
            Element createElement = newDocument.createElement("Tenpay");
            adoptNode2.appendChild(adoptNode);
            createElement.appendChild(adoptNode2);
            newDocument.appendChild(createElement);
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            try {
                TransformerFactory.newInstance().newTransformer().transform(new DOMSource(newDocument), new StreamResult(byteArrayOutputStream));
                objArr[0] = canonialXML(byteArrayOutputStream.toByteArray());
                return objArr;
            } catch (Exception e) {
                throw new GenerateXMLException(e.toString());
            }
        } catch (Exception e2) {
            ConsoleLogger.logException(e2);
            throw new ParseXMLException(e2.toString());
        }
    }

    private static byte[] canonialXML(byte[] bArr) {
        Init.init();
        try {
            return Canonicalizer.getInstance("http://www.w3.org/TR/2001/REC-xml-c14n-20010315").canonicalize(bArr);
        } catch (Exception e) {
            return bArr;
        }
    }

    private static String getAttributeValueByName(Node node, String str) {
        if (node.getNodeType() != 1) {
            return null;
        }
        NamedNodeMap attributes = node.getAttributes();
        for (int i = 0; i < attributes.getLength(); i++) {
            Attr attr = (Attr) attributes.item(i);
            if (attr.getName().equals(str)) {
                return attr.getValue();
            }
        }
        return null;
    }

    public static ArrayList alipayVerify(byte[] bArr, ServerChannel serverChannel, X509Certificate x509Certificate) throws SAXException, IOException, ParserConfigurationException, MarshalException, XMLSignatureException, CertTrustException, CertValidateException, VerifyOCSPException, CertRevokedException, NotInTrustListException {
        NetSignImpl netSignImpl = new NetSignImpl();
        if (serverChannel.getService().isVerifyCert()) {
            netSignImpl.verifySingleSignedCert(x509Certificate, null, serverChannel.getTrustConfigs(), serverChannel.isCheckValidity());
        }
        NodeList elementsByTagNameNS = dbf.newDocumentBuilder().parse(new ByteArrayInputStream(bArr)).getElementsByTagNameNS("http://www.w3.org/2000/09/xmldsig#", "Signature");
        ArrayList arrayList = new ArrayList();
        for (int i = 0; i < elementsByTagNameNS.getLength(); i++) {
            Node item = elementsByTagNameNS.item(i);
            XMLVerifyResult xMLVerifyResult = new XMLVerifyResult();
            xMLVerifyResult.setIssuerSubject(x509Certificate.getIssuerDN().toString());
            xMLVerifyResult.setSn(x509Certificate.getSerialNumber());
            xMLVerifyResult.setNotBefore(x509Certificate.getNotBefore().getTime());
            xMLVerifyResult.setNotAfter(x509Certificate.getNotAfter().getTime());
            xMLVerifyResult.setSubject(x509Certificate.getSubjectDN().toString());
            DOMValidateContext dOMValidateContext = new DOMValidateContext(x509Certificate.getPublicKey(), item);
            XMLSignature unmarshalXMLSignature = fac.unmarshalXMLSignature(new DOMStructure(item));
            List references = unmarshalXMLSignature.getSignedInfo().getReferences();
            String[] strArr = (String[]) null;
            for (int i2 = 0; i2 < references.size(); i2++) {
                strArr = new String[references.size()];
                String uri = ((Reference) references.get(i2)).getURI();
                if (uri.startsWith("#")) {
                    uri = uri.substring(1);
                }
                strArr[i2] = uri;
            }
            if (strArr != null) {
                xMLVerifyResult.setReference(strArr);
            }
            xMLVerifyResult.setSigId(unmarshalXMLSignature.getId());
            if (!unmarshalXMLSignature.validate(dOMValidateContext)) {
                xMLVerifyResult.setReturnCode(ErrorInfoRes.XML_CORE_VARIFY_FAILED);
            }
            arrayList.add(xMLVerifyResult);
        }
        return arrayList;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v79 */
    public static ArrayList XMLSignatureVerify(byte[] bArr, ServerChannel serverChannel, String str, NSMessage nSMessage, NSMessage nSMessage2, boolean z, boolean z2) throws SAXException, IOException, ParserConfigurationException, MarshalException, CertificateException, XMLSignatureException, NotSignatrueXMLException, NoSuchProviderException, SignatureException, NoSuchAlgorithmException, InvalidAlgorithmParameterException {
        if (bArr == null) {
            return null;
        }
        ArrayList arrayList = new ArrayList();
        DocumentBuilder newDocumentBuilder = dbf.newDocumentBuilder();
        newDocumentBuilder.setEntityResolver(er);
        NodeList elementsByTagNameNS = newDocumentBuilder.parse(new ByteArrayInputStream(bArr)).getElementsByTagNameNS("http://www.w3.org/2000/09/xmldsig#", "Signature");
        if (elementsByTagNameNS == null) {
            ConsoleLogger.logException(new NotSignatrueXMLException());
            return arrayList;
        }
        NetSignImpl netSignImpl = new NetSignImpl();
        for (int i = 0; i < elementsByTagNameNS.getLength(); i++) {
            Node item = elementsByTagNameNS.item(i);
            if (checkByRegex(nodeToString(item), valid_regex)) {
                ArrayList arrayList2 = new ArrayList();
                XMLVerifyResult xMLVerifyResult = new XMLVerifyResult();
                ArrayList nodesByTagName = getNodesByTagName(item, "X509Certificate", arrayList2);
                if (nodesByTagName.size() == 0) {
                    ConsoleLogger.logException(new CertificateException("there is no X509Certificate element"));
                }
                X509Certificate x509Certificate = null;
                String str2 = null;
                String str3 = null;
                String str4 = null;
                ArrayList nodesByTagName2 = getNodesByTagName(item, "X509SubjectName", new ArrayList());
                String textContent = ((Node) nodesByTagName2.get(0)).getTextContent();
                try {
                    if (nodesByTagName.size() == 1) {
                        String textContent2 = ((Node) nodesByTagName.get(0)).getTextContent();
                        str2 = textContent2;
                        x509Certificate = getCert(textContent2);
                        if (serverChannel.getService().isVerifyCert()) {
                            if (z) {
                                netSignImpl.afterwardsVerifyCert(x509Certificate, serverChannel.getTrustConfigs());
                            } else {
                                netSignImpl.verifySingleSignedCert(x509Certificate, null, serverChannel.getTrustConfigs(), serverChannel.isCheckValidity());
                            }
                        }
                    } else if (nodesByTagName.size() > 1) {
                        X509Certificate[] x509CertificateArr = new X509Certificate[nodesByTagName.size()];
                        if (nodesByTagName2.size() > 0) {
                            for (int i2 = 0; i2 < nodesByTagName.size(); i2++) {
                                String textContent3 = ((Node) nodesByTagName.get(i2)).getTextContent();
                                X509Certificate cert = getCert(textContent3);
                                x509CertificateArr[i2] = cert;
                                if (i2 == 0) {
                                    str3 = textContent3;
                                }
                                if (x509Certificate == null && equalsDN(cert.getSubjectDN().getName(), ((Node) nodesByTagName2.get(0)).getTextContent())) {
                                    x509Certificate = cert;
                                    str2 = textContent3;
                                }
                            }
                        } else {
                            ArrayList nodesByTagName3 = getNodesByTagName(item, "X509IssuerName", nodesByTagName2);
                            str4 = ((Node) nodesByTagName3.get(0)).getTextContent();
                            if (nodesByTagName3.size() < 1) {
                                throw new XMLCoreValidationException();
                                break;
                            }
                            for (int i3 = 0; i3 < nodesByTagName.size(); i3++) {
                                String textContent4 = ((Node) nodesByTagName.get(i3)).getTextContent();
                                X509Certificate cert2 = getCert(textContent4);
                                x509CertificateArr[i3] = cert2;
                                if (x509Certificate == null && equalsDN(cert2.getIssuerX500Principal().getName(), str4)) {
                                    x509Certificate = cert2;
                                    str2 = textContent4;
                                }
                            }
                        }
                        if (x509Certificate == null) {
                            x509Certificate = x509CertificateArr[0];
                            str2 = str3;
                        }
                        if (serverChannel.getService().isVerifyCert()) {
                            if (z) {
                                netSignImpl.afterwardsVerifyCert(x509Certificate, serverChannel.getTrustConfigs());
                            } else {
                                netSignImpl.verifySingleSignedCert(x509Certificate, x509CertificateArr, serverChannel.getTrustConfigs(), serverChannel.isCheckValidity());
                            }
                        }
                    }
                    if (x509Certificate == null) {
                        ProcessUtil.throwDetailException(new CertificateException("There is no Certificate in verify file!"), nSMessage);
                    }
                    if (textContent != null && !equalsDN(textContent, x509Certificate.getSubjectDN().toString())) {
                        xMLVerifyResult.setReturnCode(ErrorInfoRes.XML_SUBJECTDN_FAILED);
                    } else if (str4 != null && !equalsDN(x509Certificate.getIssuerDN().toString(), str4)) {
                        xMLVerifyResult.setReturnCode(ErrorInfoRes.XML_ISSUERDN_FAILED);
                    }
                } catch (CertRevokedException e) {
                    ProcessUtil.throwDetailException(e, nSMessage);
                } catch (CertTrustException e2) {
                    ProcessUtil.throwDetailException(e2, nSMessage);
                } catch (CertValidateException e3) {
                    ProcessUtil.throwDetailException(e3, nSMessage);
                } catch (NotInTrustListException e4) {
                    ProcessUtil.throwDetailException(e4, nSMessage);
                } catch (VerifyOCSPException e5) {
                    ProcessUtil.throwDetailException(e5, nSMessage);
                } catch (XMLCoreValidationException e6) {
                    ProcessUtil.throwDetailException(e6, nSMessage);
                }
                if (z2) {
                    xMLVerifyResult.setB64cert(str2);
                }
                xMLVerifyResult.setIssuerSubject(x509Certificate.getIssuerDN().toString());
                xMLVerifyResult.setSn(x509Certificate.getSerialNumber());
                xMLVerifyResult.setNotBefore(x509Certificate.getNotBefore().getTime());
                xMLVerifyResult.setNotAfter(x509Certificate.getNotAfter().getTime());
                xMLVerifyResult.setSubject(x509Certificate.getSubjectDN().toString());
                newDocumentBuilder.newDocument();
                if (elementsByTagNameNS.getLength() > 1) {
                    NodeList elementsByTagName = ((Element) item).getElementsByTagName("Reference");
                    boolean z3 = false;
                    for (int i4 = 0; i4 < elementsByTagName.getLength(); i4++) {
                        NamedNodeMap attributes = elementsByTagName.item(i4).getAttributes();
                        int i5 = 0;
                        while (true) {
                            if (i5 >= attributes.getLength()) {
                                break;
                            }
                            Attr attr = (Attr) attributes.item(i5);
                            if (attr.getName().equals("URI") && attr.getValue().equals("")) {
                                z3 = true;
                                break;
                            }
                            i5++;
                        }
                    }
                    if (z3) {
                        item = item.cloneNode(true).getOwnerDocument().getElementsByTagNameNS("http://www.w3.org/2000/09/xmldsig#", "Signature").item(0);
                    }
                }
                DOMValidateContext dOMValidateContext = new DOMValidateContext(x509Certificate.getPublicKey(), item);
                XMLSignature unmarshalXMLSignature = fac.unmarshalXMLSignature(dOMValidateContext);
                List references = unmarshalXMLSignature.getSignedInfo().getReferences();
                String[] strArr = new String[references.size()];
                for (int i6 = 0; i6 < references.size(); i6++) {
                    String uri = ((Reference) references.get(i6)).getURI();
                    if (!uri.startsWith("#") && !uri.equals("")) {
                        throw new XMLSignatureException("Unsupport reference uri out side this document");
                    }
                    if (uri.startsWith("#")) {
                        uri = uri.substring(1);
                    }
                    strArr[i6] = uri;
                }
                xMLVerifyResult.setReference(strArr);
                xMLVerifyResult.setSigId(unmarshalXMLSignature.getId());
                if (nSMessage.getResult() < 0) {
                    xMLVerifyResult.setReturnCode(nSMessage.getResult());
                    nSMessage.setResult(1);
                    nSMessage.setErrMsg("");
                    arrayList.add(xMLVerifyResult);
                } else {
                    Iterator it = unmarshalXMLSignature.getSignedInfo().getReferences().iterator();
                    boolean z4 = false;
                    int i7 = 0;
                    while (true) {
                        if (!it.hasNext()) {
                            break;
                        }
                        if (!((Reference) it.next()).validate(dOMValidateContext)) {
                            z4 = true;
                            break;
                        }
                        i7++;
                    }
                    if (z4 > 0) {
                        xMLVerifyResult.setReturnCode(ErrorInfoRes.XML_CORE_VARIFY_FAILED);
                    } else if (!unmarshalXMLSignature.getSignatureValue().validate(dOMValidateContext)) {
                        xMLVerifyResult.setReturnCode(ErrorInfoRes.XML_CORE_VARIFY_FAILED);
                    }
                    arrayList.add(xMLVerifyResult);
                }
            }
        }
        return arrayList;
    }

    private static boolean equalsDN(String str, String str2) {
        String trim = str.trim();
        String trim2 = str2.trim();
        if (trim.length() != trim2.length()) {
            return false;
        }
        if (trim.equals(trim2)) {
            return true;
        }
        return new X509Name(trim).equals(new X509Name(trim2));
    }

    private static X509Certificate getCert(String str) throws CertificateException, NoSuchProviderException {
        X509Certificate x509Certificate = null;
        if (str != null) {
            x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509FX", NetSignImpl.PROVIDER_INFOSEC).generateCertificate(new ByteArrayInputStream(Base64.decode(str)));
        }
        return x509Certificate;
    }

    private static ArrayList getNodesByTagName(Node node, String str, ArrayList arrayList) {
        if (node.getNodeType() == 1 && node.getNodeName().equals(str)) {
            arrayList.add(node);
        }
        NodeList childNodes = node.getChildNodes();
        for (int i = 0; i < childNodes.getLength(); i++) {
            arrayList = getNodesByTagName(childNodes.item(i), str, arrayList);
        }
        return arrayList;
    }

    public static byte[] getVarifyResult(List list) {
        if (list == null || list.size() < 1) {
            return null;
        }
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append("<?xml version=\"1.0\" encoding=\"UTF-8\"?>");
        stringBuffer.append("<XMLSigVerifyResults>");
        for (int i = 0; i < list.size(); i++) {
            stringBuffer.append("<Result>");
            XMLVerifyResult xMLVerifyResult = (XMLVerifyResult) list.get(i);
            stringBuffer.append("<returnCode>").append(xMLVerifyResult.getReturnCode()).append("</returnCode>");
            stringBuffer.append("<SigId>").append(xMLVerifyResult.getSigId() != null ? xMLVerifyResult.getSigId() : "").append("</SigId>");
            stringBuffer.append("<ReferenceURIs>");
            String[] reference = xMLVerifyResult.getReference();
            if (reference != null) {
                for (String str : reference) {
                    stringBuffer.append("<URI>").append(str).append("</URI>");
                }
            }
            stringBuffer.append("</ReferenceURIs>");
            stringBuffer.append("<X509Certificate>").append(xMLVerifyResult.getB64cert()).append("</X509Certificate>");
            stringBuffer.append("<Subject>").append(xMLVerifyResult.getSubject()).append("</Subject>");
            stringBuffer.append("<IssuerSubject>").append(xMLVerifyResult.getIssuerSubject()).append("</IssuerSubject>");
            stringBuffer.append("<NotBefore>").append(xMLVerifyResult.getNotBefore()).append("</NotBefore>");
            stringBuffer.append("<NotAfter>").append(xMLVerifyResult.getNotAfter()).append("</NotAfter>");
            stringBuffer.append("<SerialNumber>").append(xMLVerifyResult.getSn()).append("</SerialNumber>");
            stringBuffer.append("</Result>");
        }
        stringBuffer.append("</XMLSigVerifyResults>");
        return stringBuffer.toString().getBytes();
    }

    public static List getVerifyResults(byte[] bArr) throws SAXException, IOException, ParserConfigurationException {
        NodeList elementsByTagName = dbf.newDocumentBuilder().parse(new ByteArrayInputStream(bArr)).getElementsByTagName("Result");
        ArrayList arrayList = new ArrayList();
        for (int i = 0; i < elementsByTagName.getLength(); i++) {
            NodeList childNodes = elementsByTagName.item(i).getChildNodes();
            XMLVerifyResult xMLVerifyResult = new XMLVerifyResult();
            for (int i2 = 0; i2 < childNodes.getLength(); i2++) {
                Node item = childNodes.item(i2);
                String nodeName = item.getNodeName();
                String textContent = item.getTextContent();
                if (nodeName.equals("returnCode")) {
                    xMLVerifyResult.setReturnCode(Integer.parseInt(textContent));
                } else if (nodeName.equals("SigId")) {
                    xMLVerifyResult.setSigId(textContent);
                } else if (nodeName.equals("X509Certificate")) {
                    xMLVerifyResult.setB64cert(textContent);
                } else if (nodeName.equals("Subject")) {
                    xMLVerifyResult.setSubject(textContent);
                } else if (nodeName.equals("IssuerSubject")) {
                    xMLVerifyResult.setIssuerSubject(textContent);
                } else if (nodeName.equals("NotBefore")) {
                    xMLVerifyResult.setNotBefore(Long.parseLong(textContent));
                } else if (nodeName.equals("NotAfter")) {
                    xMLVerifyResult.setNotAfter(Long.parseLong(textContent));
                } else if (nodeName.equals("SerialNumber")) {
                    xMLVerifyResult.setSn(BigInteger.valueOf(Long.parseLong(textContent)));
                } else if (nodeName.equals("ReferenceURIs")) {
                    NodeList childNodes2 = item.getChildNodes();
                    String[] strArr = new String[childNodes2.getLength()];
                    for (int i3 = 0; i3 < childNodes2.getLength(); i3++) {
                        strArr[i3] = childNodes2.item(i3).getTextContent();
                    }
                    xMLVerifyResult.setReference(strArr);
                }
            }
            arrayList.add(xMLVerifyResult);
        }
        return arrayList;
    }
}
