package org.opensaml.lite.signature;

import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.util.Map;
import org.opensaml.lite.common.SignableSAMLObject;
import org.opensaml.lite.security.Credential;
import org.opensaml.lite.signature.digest.IDigester;
import org.opensaml.lite.signature.digest.exc.DigesterException;
import org.opensaml.lite.signature.exc.SignatureException;
import org.opensaml.lite.xml.validation.ValidationException;
import org.opensaml.lite.xml.validation.Validator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/yadda-aas2-common-1.7.0.jar:org/opensaml/lite/signature/SignatureValidator.class */
public class SignatureValidator implements Validator<Signature> {
    protected final Logger log;
    private Credential validationCredential;
    private IDigester digester;
    private Map<String, String> algorithmMapper;

    public SignatureValidator(Credential credential, IDigester iDigester) {
        this(credential, iDigester, null);
    }

    public SignatureValidator(Credential credential, IDigester iDigester, Map<String, String> map) {
        this.log = LoggerFactory.getLogger(getClass());
        this.validationCredential = credential;
        this.digester = iDigester;
        this.algorithmMapper = map;
    }

    @Override // org.opensaml.lite.xml.validation.Validator
    public void validate(Signature signature) throws ValidationException {
        this.log.debug("Attempting to validate signature using key from supplied credential");
        PublicKey publicKey = null;
        if (this.validationCredential != null) {
            if (this.validationCredential.getPublicKey() == null) {
                this.log.warn("Got SecretKey when excpecting PublicKey! Cannot verify signature!");
                throw new ValidationException("Got SecretKey when excpecting PublicKey! Cannot verify signature!");
            }
            publicKey = this.validationCredential.getPublicKey();
        }
        if (publicKey == null) {
            this.log.debug("Supplied credential contained no key suitable for signature validation");
            throw new ValidationException("No key available to validate signature");
        }
        this.log.debug("Validating signature with signature algorithm URI: {}" + signature.getSignatureAlgorithm());
        this.log.debug("Validation credential key algorithm: " + publicKey.getAlgorithm() + ", key instance class: " + publicKey.getClass().getName());
        try {
            if (verifySignature(publicKey, signature)) {
                this.log.debug("Signature validated with key from supplied credential");
            } else {
                this.log.debug("Signature did not validate against the credential's key");
                throw new ValidationException("Signature did not validate against the credential's key");
            }
        } catch (SignatureException e) {
            throw new ValidationException("Unable to evaluate key against signature", e);
        }
    }

    public boolean verifySignature(PublicKey publicKey, Signature signature) throws SignatureException {
        if (publicKey == null) {
            throw new SignatureException("PublicKey is null!");
        }
        if (signature == null) {
            throw new SignatureException("Signature object is null!");
        }
        if (signature.getContentReferences() == null || signature.getContentReferences().size() == 0) {
            throw new SignatureException("No data signed!");
        }
        if (signature.getSignatureValue() == null) {
            throw new SignatureException("No signature value found!");
        }
        return verifySignature(publicKey, getDigestedData(signature), signature.getSignatureValue());
    }

    protected boolean verifySignature(PublicKey publicKey, byte[] bArr, byte[] bArr2) throws SignatureException {
        try {
            java.security.Signature signature = java.security.Signature.getInstance(getTargetAlgorithmName(publicKey.getAlgorithm()));
            signature.initVerify(publicKey);
            signature.update(bArr, 0, bArr.length);
            return signature.verify(bArr2);
        } catch (InvalidKeyException e) {
            throw new SignatureException("Exception occured when verifying signature.", e);
        } catch (NoSuchAlgorithmException e2) {
            throw new SignatureException("Exception occured when verifying signature.", e2);
        } catch (java.security.SignatureException e3) {
            throw new SignatureException("Exception occured when verifying signature.", e3);
        }
    }

    protected String getTargetAlgorithmName(String str) {
        String str2;
        if (this.algorithmMapper != null && (str2 = this.algorithmMapper.get(str)) != null) {
            return str2;
        }
        return str;
    }

    private byte[] getDigestedData(Signature signature) throws SignatureException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        for (SignableSAMLObject signableSAMLObject : signature.getContentReferences()) {
            Signature signature2 = signableSAMLObject.getSignature();
            boolean isSigned = signableSAMLObject.isSigned();
            signableSAMLObject.setSignature(null);
            signableSAMLObject.setSigned(false);
            try {
                byteArrayOutputStream.write(this.digester.digest(signableSAMLObject));
                signableSAMLObject.setSignature(signature2);
                signableSAMLObject.setSigned(isSigned);
            } catch (IOException e) {
                throw new SignatureException("Exception occured when creating hash for object!", e);
            } catch (DigesterException e2) {
                throw new SignatureException("Digester exception occured when creating hash for object!", e2);
            }
        }
        return byteArrayOutputStream.toByteArray();
    }

    public IDigester getDigester() {
        return this.digester;
    }

    public void setDigester(IDigester iDigester) {
        this.digester = iDigester;
    }

    public void setAlgorithmMapper(Map<String, String> map) {
        this.algorithmMapper = map;
    }
}
