package com.bria.common.controller.license.xml.sign;

import com.bria.common.controller.license.xml.LicenseParser;
import com.bria.common.controller.license.xml.element.ClientLicense;
import com.bria.common.controller.license.xml.element.DigestMethod;
import com.bria.common.controller.license.xml.element.SignedInfo;
import com.bria.common.controller.license.xml.element.Transforms;
import java.security.MessageDigest;
import java.security.PrivateKey;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidator;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertStore;
import java.security.cert.CertificateFactory;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Date;
import java.util.Set;

/* loaded from: classes.dex */
public class XmlSignProcessingEngine {
    private static String CANONICALIZATIONMETHOD_ALGORITHM_EXPECTED = "http://www.w3.org/TR/2001/REC-xml-c14n-20010315";
    private static String REFERENCE_URI_EXPECTED = "";
    private static String TRANSFORM_ALGORITHM_EXPECTED = "http://www.w3.org/2000/09/xmldsig#enveloped-signature";
    private static String DIGEST_METHOD_ALGORITHM_EXPECTED = "http://www.w3.org/2000/09/xmldsig#sha1";
    private static String SIGNATURE_METHOD_ALGORITHM_EXPECTED = "http://www.w3.org/2000/09/xmldsig#rsa-sha1";

    public static byte[] digestMessage(byte[] bArr) throws Exception {
        MessageDigest messageDigest = MessageDigest.getInstance("SHA-1");
        messageDigest.update(bArr, 0, bArr.length);
        return messageDigest.digest();
    }

    public static String referenceGeneration(ClientLicense clientLicense) throws Exception {
        return XmlSignUtils.encodeBase64(digestMessage(LicenseParser.canonicalizeUnsignedClientLicense(clientLicense).getBytes()));
    }

    public static boolean refrenceValidation(ClientLicense clientLicense) throws Exception {
        if (clientLicense == null || clientLicense.getSignature() == null || clientLicense.getSignature().getSignedInfo() == null || clientLicense.getSignature().getSignedInfo().getCanonicalizationMethod() == null || clientLicense.getSignature().getSignedInfo().getCanonicalizationMethod().getAlgorithm() == null || !clientLicense.getSignature().getSignedInfo().getCanonicalizationMethod().getAlgorithm().equals(CANONICALIZATIONMETHOD_ALGORITHM_EXPECTED)) {
            throw new Exception("\"" + CANONICALIZATIONMETHOD_ALGORITHM_EXPECTED + "\" canonicalization method algorithm is expected.");
        }
        if (clientLicense.getSignature().getSignedInfo().getReference() == null || !clientLicense.getSignature().getSignedInfo().getReference().getURI().equals(REFERENCE_URI_EXPECTED)) {
            throw new Exception("\"" + REFERENCE_URI_EXPECTED + "\" reference uri is expected.");
        }
        Transforms transforms = clientLicense.getSignature().getSignedInfo().getReference().getTransforms();
        if (transforms == null || transforms.getTransform() == null || transforms.getTransform().getAlgorithm() == null || !transforms.getTransform().getAlgorithm().equals(TRANSFORM_ALGORITHM_EXPECTED)) {
            throw new Exception("\"" + TRANSFORM_ALGORITHM_EXPECTED + "\" transform method algorithm is expected.");
        }
        String trim = LicenseParser.canonicalizeUnsignedClientLicense(clientLicense).trim();
        DigestMethod digestMethod = clientLicense.getSignature().getSignedInfo().getReference().getDigestMethod();
        if (digestMethod == null || digestMethod.getAlgorithm() == null || !digestMethod.getAlgorithm().equals(DIGEST_METHOD_ALGORITHM_EXPECTED)) {
            throw new Exception("\"" + DIGEST_METHOD_ALGORITHM_EXPECTED + "\" digest method algorithm is expected.");
        }
        return XmlSignUtils.encodeBase64(digestMessage(trim.getBytes())).equals(clientLicense.getSignature().getSignedInfo().getReference().getDigestValue());
    }

    public static String signatureGeneration(String str, ClientLicense clientLicense, PrivateKey privateKey, X509Certificate x509Certificate) throws Exception {
        SignedInfo craeateSignedInfo = LicenseParser.craeateSignedInfo(str);
        return LicenseParser.sign(clientLicense, craeateSignedInfo, XmlSignCrypto.crypt(digestMessage(LicenseParser.canonicalizeSignedInfo(craeateSignedInfo).getBytes()), privateKey), XmlSignUtils.encodeBase64(x509Certificate.getEncoded()));
    }

    public static boolean signatureValidation(ClientLicense clientLicense) throws Exception {
        X509Certificate certificateFromString = XmlSignUtils.getCertificateFromString(clientLicense.getSignature().getKeyInfo().getX509Data().getX509Certificate());
        if (clientLicense == null || clientLicense.getSignature() == null || clientLicense.getSignature().getSignedInfo() == null || clientLicense.getSignature().getSignedInfo().getCanonicalizationMethod() == null || clientLicense.getSignature().getSignedInfo().getCanonicalizationMethod().getAlgorithm() == null || !clientLicense.getSignature().getSignedInfo().getCanonicalizationMethod().getAlgorithm().equals(CANONICALIZATIONMETHOD_ALGORITHM_EXPECTED)) {
            throw new Exception("\"" + CANONICALIZATIONMETHOD_ALGORITHM_EXPECTED + "\" canonicalization method algorithm is expected.");
        }
        if (clientLicense == null || clientLicense.getSignature().getSignedInfo().getSignatureMethod() == null || clientLicense.getSignature().getSignedInfo().getSignatureMethod().getAlgorithm() == null || !clientLicense.getSignature().getSignedInfo().getSignatureMethod().getAlgorithm().equals(SIGNATURE_METHOD_ALGORITHM_EXPECTED)) {
            throw new Exception("\"" + SIGNATURE_METHOD_ALGORITHM_EXPECTED + "\" signature method algorithm is expected.");
        }
        return XmlSignCrypto.decrypt(clientLicense.getSignature().getSignatureValue(), certificateFromString.getPublicKey()).equals(XmlSignUtils.encodeBase64(digestMessage(LicenseParser.canonicalizeSignedInfo(clientLicense.getSignature().getSignedInfo()).getBytes())));
    }

    public static boolean validateWithRootCertificate(X509Certificate x509Certificate, ClientLicense clientLicense) throws Exception {
        X509Certificate certificateFromString = XmlSignUtils.getCertificateFromString(clientLicense.getSignature().getKeyInfo().getX509Data().getX509Certificate());
        ArrayList arrayList = new ArrayList();
        arrayList.add(x509Certificate);
        arrayList.add(certificateFromString);
        CertStore certStore = CertStore.getInstance("Collection", new CollectionCertStoreParameters(arrayList));
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        ArrayList arrayList2 = new ArrayList();
        arrayList2.add(certificateFromString);
        CertPath generateCertPath = certificateFactory.generateCertPath(arrayList2);
        Set singleton = Collections.singleton(new TrustAnchor(x509Certificate, null));
        CertPathValidator certPathValidator = CertPathValidator.getInstance("PKIX");
        PKIXParameters pKIXParameters = new PKIXParameters((Set<TrustAnchor>) singleton);
        pKIXParameters.setRevocationEnabled(false);
        pKIXParameters.addCertStore(certStore);
        pKIXParameters.setDate(new Date());
        try {
            certPathValidator.validate(generateCertPath, pKIXParameters);
            return true;
        } catch (CertPathValidatorException e) {
            System.out.println("validation failed on certificate number " + e.getIndex() + ", details: " + e.getMessage());
            return false;
        }
    }
}
