package iaik.xml.crypto.dsig;

import iaik.xml.crypto.XSecProvider;
import iaik.xml.crypto.utils.Debug;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStreamWriter;
import java.security.AlgorithmParameters;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.spec.InvalidParameterSpecException;
import java.util.Arrays;
import javax.crypto.Mac;
import javax.xml.crypto.MarshalException;
import javax.xml.crypto.XMLCryptoContext;
import javax.xml.crypto.dom.DOMCryptoContext;
import javax.xml.crypto.dsig.SignatureMethod;
import javax.xml.crypto.dsig.XMLSignatureException;
import javax.xml.crypto.dsig.dom.DOMValidateContext;
import javax.xml.crypto.dsig.spec.HMACParameterSpec;
import javax.xml.crypto.dsig.spec.SignatureMethodParameterSpec;
import org.apache.commons.configuration.tree.DefaultExpressionEngine;
import org.w3c.dom.Node;

/* loaded from: input_file:BKULocal.war:WEB-INF/lib/iaik_xsect-2.13.jar:iaik/xml/crypto/dsig/SignatureMethodImpl.class */
public class SignatureMethodImpl extends AbstractSignatureMethodImpl implements SignatureMethod {
    protected Signature signature_;
    protected Mac mac_;
    static Class h;

    public SignatureMethodImpl(String str, SignatureMethodParameterSpec signatureMethodParameterSpec) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException {
        super(str, signatureMethodParameterSpec);
        if (XSecProvider.lateAlgorithmInstantiation()) {
            return;
        }
        getAlgorithmInstanceUncaught(null);
    }

    public SignatureMethodImpl(DOMCryptoContext dOMCryptoContext, Node node) throws MarshalException {
        super(dOMCryptoContext, node);
        unmarshal(dOMCryptoContext);
        if (XSecProvider.lateAlgorithmInstantiation()) {
            return;
        }
        try {
            getAlgorithmInstanceUncaught(null);
        } catch (NoSuchAlgorithmException e) {
            throw new l(this, e);
        }
    }

    @Override // iaik.xml.crypto.dsig.AlgorithmMethodImpl
    protected void getAlgorithmInstanceUncaught(XSecProvider.Purpose purpose) throws NoSuchAlgorithmException {
        Class cls;
        String uri = this.algorithm_.toString();
        try {
            Provider delegationProvider = XSecProvider.getDelegationProvider(new StringBuffer().append("Mac.").append(uri).toString(), purpose);
            if (delegationProvider != null) {
                try {
                    this.mac_ = Mac.getInstance(uri, delegationProvider);
                } catch (NoSuchMethodError e) {
                    try {
                        this.mac_ = Mac.getInstance(uri, delegationProvider.getName());
                    } catch (NoSuchProviderException e2) {
                        throw new m(this, new StringBuffer().append("Mac.").append(uri).append(" delegation provider not registered, any more.").toString(), e2);
                    }
                }
            }
            if (this.mac_ == null) {
                this.mac_ = Mac.getInstance(uri);
            }
        } catch (NoSuchAlgorithmException e3) {
            Provider delegationProvider2 = XSecProvider.getDelegationProvider(new StringBuffer().append("Signature.").append(uri).toString(), purpose);
            if (delegationProvider2 != null) {
                try {
                    this.signature_ = Signature.getInstance(uri, delegationProvider2);
                } catch (NoSuchMethodError e4) {
                    try {
                        this.signature_ = Signature.getInstance(uri, delegationProvider2.getName());
                    } catch (NoSuchProviderException e5) {
                        throw new n(this, new StringBuffer().append("Signature.").append(uri).append(" delegation provider not registered, any more.").toString(), e5);
                    }
                }
            }
            if (this.signature_ == null) {
                this.signature_ = Signature.getInstance(uri);
            }
        }
        super.getParamInstanceUncaught(purpose);
        if (this.params_ != null) {
            try {
                AlgorithmParameters algorithmParameters = this.params_;
                if (h == null) {
                    cls = b("javax.xml.crypto.dsig.spec.SignatureMethodParameterSpec");
                    h = cls;
                } else {
                    cls = h;
                }
                this.spec_ = algorithmParameters.getParameterSpec(cls);
            } catch (InvalidParameterSpecException e6) {
                throw new o(this, e6);
            }
        }
    }

    @Override // iaik.xml.crypto.dsig.AbstractSignatureMethodImpl, iaik.xml.crypto.dom.DOMStructure
    public String getLocalName() {
        return "SignatureMethod";
    }

    @Override // iaik.xml.crypto.dsig.AbstractSignatureMethodImpl, iaik.xml.crypto.dom.DOMStructure
    public String getNamespace() {
        return "http://www.w3.org/2000/09/xmldsig#";
    }

    private boolean a(XMLCryptoContext xMLCryptoContext, boolean z) throws XMLSignatureException {
        int macLength = this.mac_.getMacLength() * 8;
        int i = macLength;
        if (this.spec_ instanceof HMACParameterSpec) {
            i = this.spec_.getOutputLength();
        }
        Integer num = null;
        Boolean bool = null;
        Boolean bool2 = null;
        Boolean bool3 = null;
        if (xMLCryptoContext != null) {
            num = (Integer) xMLCryptoContext.getProperty("iaik.xml.crypto.dsig.HMAC.minimum.OutputLength");
            bool = (Boolean) xMLCryptoContext.getProperty("iaik.xml.crypto.dsig.HMAC.minimum.HalfLength");
            bool2 = (Boolean) xMLCryptoContext.getProperty("iaik.xml.crypto.dsig.HMAC.OutputLength.mod8");
            bool3 = (Boolean) xMLCryptoContext.getProperty("iaik.xml.crypto.dsig.HMAC.minimum.ThrowExceptionOnVerify");
        }
        Integer num2 = num != null ? num : new Integer(80);
        Boolean bool4 = bool != null ? bool : Boolean.TRUE;
        Boolean bool5 = bool2 != null ? bool2 : Boolean.TRUE;
        Boolean bool6 = bool3 != null ? bool3 : Boolean.FALSE;
        boolean z2 = i < num2.intValue();
        boolean z3 = z2;
        boolean z4 = bool4.booleanValue() && 2.0d < ((double) (((float) macLength) / ((float) i)));
        boolean z5 = z4;
        boolean z6 = z2 | z4;
        boolean z7 = bool5.booleanValue() && i % 8 != 0;
        boolean z8 = z7;
        if (!z6 && !z7) {
            return true;
        }
        String stringBuffer = new StringBuffer().append("Insecure HMAC: ").append(z3 ? new StringBuffer().append("\n * a) macOutputLenBits (").append(i).append(") < minMacOutputLenBits (").append(num2.intValue()).append(DefaultExpressionEngine.DEFAULT_INDEX_END).toString() : "").append(z5 ? new StringBuffer().append("\n * b) macOutputLenBits (").append(i).append(") shorter than half macLenBits(").append(macLength).append(DefaultExpressionEngine.DEFAULT_INDEX_END).toString() : "").append(z8 ? new StringBuffer().append("\n * c) macOutputLenBits (").append(i).append(") is not divisible by 8").toString() : "").toString();
        if (bool6.booleanValue() || z) {
            throw new XMLSignatureException(stringBuffer);
        }
        OutputStreamWriter outputStreamWriterFrom = Debug.getOutputStreamWriterFrom(xMLCryptoContext);
        if (outputStreamWriterFrom == null) {
            return false;
        }
        try {
            outputStreamWriterFrom.write(stringBuffer);
            outputStreamWriterFrom.flush();
            return false;
        } catch (IOException e) {
            Debug.topLevelLog(new StringBuffer().append("Failed to write to debug output stream. ").append(e.getMessage()).append("\n, Could not log: ").append(stringBuffer).toString());
            return false;
        }
    }

    public boolean validateSignatureValue(Key key, byte[] bArr, InputStream inputStream) throws XMLSignatureException, IOException {
        return validateSignatureValue(new DOMValidateContext(key, getNode().getParentNode().getParentNode()), key, bArr, inputStream);
    }

    @Override // iaik.xml.crypto.dsig.AbstractSignatureMethodImpl
    public boolean validateSignatureValue(XMLCryptoContext xMLCryptoContext, Key key, byte[] bArr, InputStream inputStream) throws XMLSignatureException, IOException {
        int outputLength;
        int outputLength2;
        if (this.signature_ == null && this.mac_ == null) {
            try {
                getAlgorithmInstance(XSecProvider.Purpose.SignaturePurpose.VERIFY);
            } catch (NoSuchAlgorithmException e) {
                throw new XMLSignatureException(e);
            }
        }
        if (this.signature_ != null) {
            if (this.spec_ != null) {
                try {
                    this.signature_.setParameter(this.spec_);
                } catch (InvalidAlgorithmParameterException e2) {
                    throw new XMLSignatureException(e2);
                }
            }
            try {
                if (!(key instanceof PublicKey)) {
                    throw new InvalidKeyException(new StringBuffer().append("Key '").append(key).append("' is not a valid public key.").toString());
                }
                this.signature_.initVerify((PublicKey) key);
                try {
                    byte[] bArr2 = new byte[1024];
                    while (true) {
                        int read = inputStream.read(bArr2);
                        if (read == -1) {
                            return this.signature_.verify(bArr);
                        }
                        this.signature_.update(bArr2, 0, read);
                    }
                } catch (SignatureException e3) {
                    throw new XMLSignatureException(e3);
                }
            } catch (InvalidKeyException e4) {
                throw new XMLSignatureException(e4);
            }
        } else {
            Boolean bool = (Boolean) xMLCryptoContext.getProperty(iaik.xml.crypto.dom.DOMCryptoContext.HMAC_OUTPUT_LENGTH_ALLOW_FLOORED_MOD8);
            if (bool != null && bool.booleanValue() && (this.spec_ instanceof HMACParameterSpec) && (outputLength2 = (outputLength = this.spec_.getOutputLength()) % 8) != 0) {
                this.spec_ = new HMACParameterSpec(outputLength - outputLength2);
            }
            try {
                this.mac_.init(key, this.spec_);
                if (!a(xMLCryptoContext, false)) {
                    this.mac_.reset();
                    return false;
                }
                byte[] bArr3 = new byte[1024];
                while (true) {
                    int read2 = inputStream.read(bArr3);
                    if (read2 == -1) {
                        byte[] doFinal = this.mac_.doFinal();
                        this.mac_.reset();
                        return Arrays.equals(doFinal, bArr);
                    }
                    this.mac_.update(bArr3, 0, read2);
                }
            } catch (InvalidAlgorithmParameterException e5) {
                throw new XMLSignatureException(e5);
            } catch (InvalidKeyException e6) {
                throw new XMLSignatureException(e6);
            }
        }
    }

    public byte[] calculateSignatureValue(Key key, InputStream inputStream) throws XMLSignatureException, IOException {
        return calculateSignatureValue(null, key, inputStream);
    }

    @Override // iaik.xml.crypto.dsig.AbstractSignatureMethodImpl
    public byte[] calculateSignatureValue(XMLCryptoContext xMLCryptoContext, Key key, InputStream inputStream) throws XMLSignatureException, IOException {
        if (this.signature_ == null && this.mac_ == null) {
            try {
                getAlgorithmInstance(XSecProvider.Purpose.SignaturePurpose.SIGN);
            } catch (NoSuchAlgorithmException e) {
                throw new XMLSignatureException(e);
            }
        }
        if (this.signature_ != null) {
            try {
                if (!(key instanceof PrivateKey)) {
                    throw new InvalidKeyException(new StringBuffer().append("Key '").append(key).append("' is not a valid private key.").toString());
                }
                this.signature_.initSign((PrivateKey) key);
                try {
                    if (this.spec_ != null) {
                        try {
                            this.signature_.setParameter(this.spec_);
                        } catch (InvalidAlgorithmParameterException e2) {
                            throw new XMLSignatureException(e2);
                        }
                    }
                    byte[] bArr = new byte[1024];
                    while (true) {
                        int read = inputStream.read(bArr);
                        if (read == -1) {
                            return this.signature_.sign();
                        }
                        this.signature_.update(bArr, 0, read);
                    }
                } catch (SignatureException e3) {
                    throw new XMLSignatureException(e3);
                }
            } catch (InvalidKeyException e4) {
                throw new XMLSignatureException(e4);
            }
        } else {
            try {
                this.mac_.init(key, this.spec_);
                try {
                    try {
                        a(xMLCryptoContext, true);
                        this.mac_.reset();
                        byte[] bArr2 = new byte[1024];
                        while (true) {
                            int read2 = inputStream.read(bArr2);
                            if (read2 == -1) {
                                byte[] doFinal = this.mac_.doFinal();
                                this.mac_.reset();
                                return doFinal;
                            }
                            this.mac_.update(bArr2, 0, read2);
                        }
                    } catch (XMLSignatureException e5) {
                        throw e5;
                    }
                } catch (Throwable th) {
                    this.mac_.reset();
                    throw th;
                }
            } catch (InvalidAlgorithmParameterException e6) {
                throw new XMLSignatureException(e6);
            } catch (InvalidKeyException e7) {
                throw new XMLSignatureException(e7);
            }
        }
    }

    @Override // iaik.xml.crypto.dsig.AlgorithmMethodImpl
    protected Class getParameterSpecClass() {
        if (h != null) {
            return h;
        }
        Class b = b("javax.xml.crypto.dsig.spec.SignatureMethodParameterSpec");
        h = b;
        return b;
    }

    static Class b(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }
}
