package org.apache.jcp.xml.dsig.internal.dom;

import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.MGF1ParameterSpec;
import java.security.spec.PSSParameterSpec;
import javax.xml.crypto.MarshalException;
import javax.xml.crypto.dom.DOMCryptoContext;
import javax.xml.crypto.dsig.SignedInfo;
import javax.xml.crypto.dsig.XMLSignContext;
import javax.xml.crypto.dsig.XMLValidateContext;
import javax.xml.crypto.dsig.spec.SignatureMethodParameterSpec;
import org.apache.jcp.xml.dsig.internal.SignerOutputStream;
import org.apache.jcp.xml.dsig.internal.dom.AbstractDOMSignatureMethod;
import org.apache.xml.security.algorithms.implementations.SignatureBaseRSA;
import org.apache.xml.security.signature.XMLSignatureException;
import org.apache.xml.security.utils.Constants;
import org.apache.xml.security.utils.XMLUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.DOMException;
import org.w3c.dom.Element;
import org.w3c.dom.Node;

/* loaded from: input_file:org/apache/jcp/xml/dsig/internal/dom/DOMRSAPSSSignatureMethod.class */
public abstract class DOMRSAPSSSignatureMethod extends AbstractDOMSignatureMethod {
    private static final String DOM_SIGNATURE_PROVIDER = "org.jcp.xml.dsig.internal.dom.SignatureProvider";
    private static final Logger LOG = LoggerFactory.getLogger(DOMRSAPSSSignatureMethod.class);
    private final SignatureMethodParameterSpec params;
    private Signature signature;
    static final String RSA_PSS = "http://www.w3.org/2007/05/xmldsig-more#rsa-pss";
    private int trailerField = 1;
    private int saltLength = 32;
    private String digestName = "SHA-256";

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/apache/jcp/xml/dsig/internal/dom/DOMRSAPSSSignatureMethod$RSAPSS.class */
    public static final class RSAPSS extends DOMRSAPSSSignatureMethod {
        /* JADX INFO: Access modifiers changed from: package-private */
        public RSAPSS(AlgorithmParameterSpec algorithmParameterSpec) throws InvalidAlgorithmParameterException {
            super(algorithmParameterSpec);
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public RSAPSS(Element element) throws MarshalException {
            super(element);
        }

        public String getAlgorithm() {
            return "http://www.w3.org/2007/05/xmldsig-more#rsa-pss";
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        @Override // org.apache.jcp.xml.dsig.internal.dom.AbstractDOMSignatureMethod
        public String getJCAAlgorithm() {
            return "RSASSA-PSS";
        }

        @Override // org.apache.jcp.xml.dsig.internal.dom.AbstractDOMSignatureMethod
        AbstractDOMSignatureMethod.Type getAlgorithmType() {
            return AbstractDOMSignatureMethod.Type.RSA;
        }
    }

    DOMRSAPSSSignatureMethod(AlgorithmParameterSpec algorithmParameterSpec) throws InvalidAlgorithmParameterException {
        if (algorithmParameterSpec != null && !(algorithmParameterSpec instanceof SignatureMethodParameterSpec)) {
            throw new InvalidAlgorithmParameterException("params must be of type SignatureMethodParameterSpec");
        }
        algorithmParameterSpec = algorithmParameterSpec == null ? getDefaultParameterSpec() : algorithmParameterSpec;
        checkParams((SignatureMethodParameterSpec) algorithmParameterSpec);
        this.params = (SignatureMethodParameterSpec) algorithmParameterSpec;
    }

    DOMRSAPSSSignatureMethod(Element element) throws MarshalException {
        Element firstChildElement = DOMUtils.getFirstChildElement(element);
        if (firstChildElement != null) {
            this.params = unmarshalParams(firstChildElement);
        } else {
            this.params = getDefaultParameterSpec();
        }
        try {
            checkParams(this.params);
        } catch (InvalidAlgorithmParameterException e) {
            throw new MarshalException(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // org.apache.jcp.xml.dsig.internal.dom.AbstractDOMSignatureMethod
    public void checkParams(SignatureMethodParameterSpec signatureMethodParameterSpec) throws InvalidAlgorithmParameterException {
        if (signatureMethodParameterSpec != null) {
            if (!(signatureMethodParameterSpec instanceof RSAPSSParameterSpec)) {
                throw new InvalidAlgorithmParameterException("params must be of type RSAPSSParameterSpec");
            }
            if (((RSAPSSParameterSpec) signatureMethodParameterSpec).getTrailerField() > 0) {
                this.trailerField = ((RSAPSSParameterSpec) signatureMethodParameterSpec).getTrailerField();
                LOG.debug("Setting trailerField from RSAPSSParameterSpec to: {}", Integer.valueOf(this.trailerField));
            }
            if (((RSAPSSParameterSpec) signatureMethodParameterSpec).getSaltLength() > 0) {
                this.saltLength = ((RSAPSSParameterSpec) signatureMethodParameterSpec).getSaltLength();
                LOG.debug("Setting saltLength from RSAPSSParameterSpec to: {}", Integer.valueOf(this.saltLength));
            }
            if (((RSAPSSParameterSpec) signatureMethodParameterSpec).getDigestName() != null) {
                this.digestName = ((RSAPSSParameterSpec) signatureMethodParameterSpec).getDigestName();
                LOG.debug("Setting digestName from RSAPSSParameterSpec to: {}", this.digestName);
            }
        }
    }

    public final AlgorithmParameterSpec getParameterSpec() {
        return this.params;
    }

    @Override // org.apache.jcp.xml.dsig.internal.dom.AbstractDOMSignatureMethod
    void marshalParams(Element element, String str) throws MarshalException {
        Element createElementNS = DOMUtils.getOwnerDocument(element).createElementNS("http://www.w3.org/2007/05/xmldsig-more#", "pss:RSAPSSParams");
        createElementNS.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:pss", "http://www.w3.org/2007/05/xmldsig-more#");
        Element createElement = DOMUtils.createElement(createElementNS.getOwnerDocument(), "DigestMethod", "http://www.w3.org/2000/09/xmldsig#", str);
        try {
            createElement.setAttributeNS(null, "Algorithm", SignatureBaseRSA.SignatureRSASSAPSS.DigestAlgorithm.fromDigestAlgorithm(this.digestName).getXmlDigestAlgorithm());
            createElementNS.appendChild(createElement);
            Element createElementNS2 = createElementNS.getOwnerDocument().createElementNS("http://www.w3.org/2007/05/xmldsig-more#", "pss:SaltLength");
            createElementNS2.appendChild(createElementNS.getOwnerDocument().createTextNode(String.valueOf(this.saltLength)));
            createElementNS.appendChild(createElementNS2);
            Element createElementNS3 = createElementNS.getOwnerDocument().createElementNS("http://www.w3.org/2007/05/xmldsig-more#", "pss:TrailerField");
            createElementNS3.appendChild(createElementNS.getOwnerDocument().createTextNode(String.valueOf(this.trailerField)));
            createElementNS.appendChild(createElementNS3);
            element.appendChild(createElementNS);
        } catch (XMLSignatureException | DOMException e) {
            throw new MarshalException("Invalid digest name supplied: " + this.digestName);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // org.apache.jcp.xml.dsig.internal.dom.AbstractDOMSignatureMethod
    public SignatureMethodParameterSpec unmarshalParams(Element element) throws MarshalException {
        if (element == null) {
            return getDefaultParameterSpec();
        }
        Element selectNode = XMLUtils.selectNode(element.getFirstChild(), "http://www.w3.org/2007/05/xmldsig-more#", Constants._TAG_SALTLENGTH, 0);
        Element selectNode2 = XMLUtils.selectNode(element.getFirstChild(), "http://www.w3.org/2007/05/xmldsig-more#", Constants._TAG_TRAILERFIELD, 0);
        int i = 1;
        if (selectNode2 != null) {
            try {
                i = Integer.parseInt(selectNode2.getTextContent());
            } catch (NumberFormatException e) {
                throw new MarshalException("Invalid trailer field supplied: " + selectNode2.getTextContent());
            }
        }
        String attribute = XMLUtils.selectDsNode(element.getFirstChild(), "DigestMethod", 0).getAttribute("Algorithm");
        try {
            SignatureBaseRSA.SignatureRSASSAPSS.DigestAlgorithm fromXmlDigestAlgorithm = SignatureBaseRSA.SignatureRSASSAPSS.DigestAlgorithm.fromXmlDigestAlgorithm(attribute);
            String digestAlgorithm = fromXmlDigestAlgorithm.getDigestAlgorithm();
            RSAPSSParameterSpec rSAPSSParameterSpec = new RSAPSSParameterSpec();
            rSAPSSParameterSpec.setTrailerField(i);
            try {
                rSAPSSParameterSpec.setSaltLength(selectNode == null ? fromXmlDigestAlgorithm.getSaltLength() : Integer.parseInt(selectNode.getTextContent()));
                rSAPSSParameterSpec.setDigestName(digestAlgorithm);
                return rSAPSSParameterSpec;
            } catch (NumberFormatException e2) {
                throw new MarshalException("Invalid salt length supplied: " + selectNode.getTextContent());
            }
        } catch (XMLSignatureException e3) {
            throw new MarshalException("Invalid digest algorithm supplied: " + attribute);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // org.apache.jcp.xml.dsig.internal.dom.AbstractDOMSignatureMethod
    public boolean verify(Key key, SignedInfo signedInfo, byte[] bArr, XMLValidateContext xMLValidateContext) throws InvalidKeyException, SignatureException, javax.xml.crypto.dsig.XMLSignatureException {
        if (key == null || signedInfo == null || bArr == null) {
            throw new NullPointerException();
        }
        if (!(key instanceof PublicKey)) {
            throw new InvalidKeyException("key must be PublicKey");
        }
        if (this.signature == null) {
            try {
                Provider provider = (Provider) xMLValidateContext.getProperty(DOM_SIGNATURE_PROVIDER);
                this.signature = provider == null ? Signature.getInstance(getJCAAlgorithm()) : Signature.getInstance(getJCAAlgorithm(), provider);
            } catch (NoSuchAlgorithmException e) {
                throw new javax.xml.crypto.dsig.XMLSignatureException(e);
            }
        }
        this.signature.initVerify((PublicKey) key);
        try {
            this.signature.setParameter(new PSSParameterSpec(this.digestName, "MGF1", new MGF1ParameterSpec(this.digestName), this.saltLength, this.trailerField));
            LOG.debug("Signature provider: {}", this.signature.getProvider());
            LOG.debug("Verifying with key: {}", key);
            LOG.debug("JCA Algorithm: {}", getJCAAlgorithm());
            LOG.debug("Signature Bytes length: {}", Integer.valueOf(bArr.length));
            try {
                SignerOutputStream signerOutputStream = new SignerOutputStream(this.signature);
                Throwable th = null;
                try {
                    try {
                        ((DOMSignedInfo) signedInfo).canonicalize(xMLValidateContext, signerOutputStream);
                        boolean verify = this.signature.verify(bArr);
                        $closeResource(null, signerOutputStream);
                        return verify;
                    } finally {
                    }
                } catch (Throwable th2) {
                    $closeResource(th, signerOutputStream);
                    throw th2;
                }
            } catch (IOException e2) {
                throw new javax.xml.crypto.dsig.XMLSignatureException(e2);
            }
        } catch (InvalidAlgorithmParameterException e3) {
            throw new javax.xml.crypto.dsig.XMLSignatureException(e3);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // org.apache.jcp.xml.dsig.internal.dom.AbstractDOMSignatureMethod
    public byte[] sign(Key key, SignedInfo signedInfo, XMLSignContext xMLSignContext) throws InvalidKeyException, javax.xml.crypto.dsig.XMLSignatureException {
        if (key == null || signedInfo == null) {
            throw new NullPointerException();
        }
        if (!(key instanceof PrivateKey)) {
            throw new InvalidKeyException("key must be PrivateKey");
        }
        if (this.signature == null) {
            try {
                Provider provider = (Provider) xMLSignContext.getProperty(DOM_SIGNATURE_PROVIDER);
                this.signature = provider == null ? Signature.getInstance(getJCAAlgorithm()) : Signature.getInstance(getJCAAlgorithm(), provider);
            } catch (NoSuchAlgorithmException e) {
                throw new javax.xml.crypto.dsig.XMLSignatureException(e);
            }
        }
        this.signature.initSign((PrivateKey) key);
        try {
            this.signature.setParameter(new PSSParameterSpec(this.digestName, "MGF1", new MGF1ParameterSpec(this.digestName), this.saltLength, this.trailerField));
            LOG.debug("Signature provider: {}", this.signature.getProvider());
            LOG.debug("Signing with key: {}", key);
            LOG.debug("JCA Algorithm: {}", getJCAAlgorithm());
            try {
                SignerOutputStream signerOutputStream = new SignerOutputStream(this.signature);
                Throwable th = null;
                try {
                    try {
                        ((DOMSignedInfo) signedInfo).canonicalize(xMLSignContext, signerOutputStream);
                        byte[] sign = this.signature.sign();
                        $closeResource(null, signerOutputStream);
                        return sign;
                    } finally {
                    }
                } catch (Throwable th2) {
                    $closeResource(th, signerOutputStream);
                    throw th2;
                }
            } catch (IOException | SignatureException e2) {
                throw new javax.xml.crypto.dsig.XMLSignatureException(e2);
            }
        } catch (InvalidAlgorithmParameterException e3) {
            throw new javax.xml.crypto.dsig.XMLSignatureException(e3);
        }
    }

    @Override // org.apache.jcp.xml.dsig.internal.dom.AbstractDOMSignatureMethod
    boolean paramsEqual(AlgorithmParameterSpec algorithmParameterSpec) {
        return getParameterSpec().equals(algorithmParameterSpec);
    }

    private SignatureMethodParameterSpec getDefaultParameterSpec() {
        RSAPSSParameterSpec rSAPSSParameterSpec = new RSAPSSParameterSpec();
        rSAPSSParameterSpec.setTrailerField(this.trailerField);
        rSAPSSParameterSpec.setSaltLength(this.saltLength);
        rSAPSSParameterSpec.setDigestName(this.digestName);
        return rSAPSSParameterSpec;
    }

    @Override // org.apache.jcp.xml.dsig.internal.dom.AbstractDOMSignatureMethod
    public /* bridge */ /* synthetic */ int hashCode() {
        return super.hashCode();
    }

    @Override // org.apache.jcp.xml.dsig.internal.dom.AbstractDOMSignatureMethod
    public /* bridge */ /* synthetic */ boolean equals(Object obj) {
        return super.equals(obj);
    }

    @Override // org.apache.jcp.xml.dsig.internal.dom.AbstractDOMSignatureMethod, org.apache.jcp.xml.dsig.internal.dom.DOMStructure
    public /* bridge */ /* synthetic */ void marshal(Node node, String str, DOMCryptoContext dOMCryptoContext) throws MarshalException {
        super.marshal(node, str, dOMCryptoContext);
    }

    private static /* synthetic */ void $closeResource(Throwable th, AutoCloseable autoCloseable) {
        if (th == null) {
            autoCloseable.close();
            return;
        }
        try {
            autoCloseable.close();
        } catch (Throwable th2) {
            th.addSuppressed(th2);
        }
    }
}
