package eu.fisver.intern;

import com.sunmi.pay.hardware.aidl.AidlConstants;
import eu.fisver.exceptions.CertificateValidationException;
import eu.fisver.exceptions.SignatureException;
import eu.fisver.intern.commons.codec.CharEncoding;
import eu.fisver.utils.CertificateValidator;
import eu.fisver.utils.Util;
import java.io.ByteArrayInputStream;
import java.security.Signature;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.text.MessageFormat;
import java.util.Arrays;
import java.util.Collection;
import java.util.TreeSet;
import java.util.regex.Matcher;
import java.util.regex.Pattern;

/* loaded from: classes2.dex */
public class XmlSignatureValidator {
    private static final Pattern PATTERN_SIG_VALUE = Pattern.compile("<SignatureValue>(.*)</SignatureValue>", 34);
    private static final Pattern PATTERN_CERT = Pattern.compile("<X509Certificate>(.*)</X509Certificate>", 34);
    private static final Pattern PATTERN_SIG_INFO = Pattern.compile("(<SignedInfo>.*</SignedInfo>)", 34);
    private static final Pattern PATTERN_REF_ID = Pattern.compile("<Reference URI=\"#([^\"]+)\"", 34);
    private static final Pattern PATTERN_DIGEST_VALUE = Pattern.compile("<DigestValue>(.*)</DigestValue>", 34);
    private static final Pattern PATTERN_SIGNATURE = Pattern.compile("(.*)(<Signature\\s+[^>]*>.*</Signature\\s*>)(.*)", 34);

    public static X509Certificate findCertificate(String str) throws IllegalArgumentException, CertificateValidationException {
        Matcher matcher = PATTERN_CERT.matcher(str);
        if (!matcher.find()) {
            throw new CertificateValidationException("Cannot find X509Certificate node");
        }
        try {
            return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(Util.base64decode(matcher.group(1))));
        } catch (Exception e) {
            throw new CertificateValidationException("Cannot create certificate from given binary data: " + e.getMessage(), e);
        }
    }

    public static byte[] findDigestValue(String str) throws SignatureException {
        Matcher matcher = PATTERN_DIGEST_VALUE.matcher(str);
        if (matcher.find()) {
            return Util.base64decode(matcher.group(1));
        }
        throw new SignatureException("Cannot find DigestValue node");
    }

    private static String findNode(String str, String str2) throws SignatureException {
        Matcher matcher = Pattern.compile("<([a-zA-Z0-9:]+)\\s+[^>]*?((?i)id\\s*=\\s*\"" + str2 + "\".*?)", 32).matcher(str);
        if (!matcher.find()) {
            throw new SignatureException("Cannot find tag with ID=" + str2);
        }
        String group = matcher.group(1);
        Matcher matcher2 = Pattern.compile("<" + group + "\\s+.*</" + group + "\\s*>", 32).matcher(str);
        if (matcher2.find()) {
            return matcher2.group();
        }
        throw new SignatureException("Cannot find contents of the tag with ID=" + str2);
    }

    public static String findReferenceID(String str) throws SignatureException {
        Matcher matcher = PATTERN_REF_ID.matcher(str);
        if (matcher.find()) {
            return matcher.group(1);
        }
        throw new SignatureException("Cannot find Reference ID");
    }

    public static byte[] findSignatureValue(String str) throws SignatureException {
        Matcher matcher = PATTERN_SIG_VALUE.matcher(str);
        if (matcher.find()) {
            return Util.base64decode(matcher.group(1));
        }
        throw new SignatureException("Cannot find SignatureValue node");
    }

    public static String findSignedInfo(String str) throws SignatureException {
        Matcher matcher = PATTERN_SIG_INFO.matcher(str);
        if (matcher.find()) {
            return matcher.group(1);
        }
        throw new SignatureException("Cannot find SignedInfo node");
    }

    public static boolean hasSignature(String str) {
        return str != removeSignature(str);
    }

    public static String removeSignature(String str) {
        Matcher matcher = PATTERN_SIGNATURE.matcher(str);
        if (!matcher.find()) {
            return str;
        }
        return String.valueOf(matcher.group(1)) + matcher.group(3);
    }

    public static String[] splitSignatureFromDocument(String str) throws SignatureException {
        Matcher matcher = PATTERN_SIGNATURE.matcher(str);
        if (!matcher.find()) {
            return null;
        }
        return new String[]{matcher.group(2), String.valueOf(matcher.group(1)) + matcher.group(3)};
    }

    public static boolean validate(String str, CertificateValidator certificateValidator) throws CertificateValidationException, SignatureException {
        try {
            String[] splitSignatureFromDocument = splitSignatureFromDocument(str);
            if (splitSignatureFromDocument == null) {
                return false;
            }
            String str2 = splitSignatureFromDocument[0];
            String str3 = splitSignatureFromDocument[1];
            Collection<String> namespaces = XmlUtil.getNamespaces(str3);
            TreeSet treeSet = new TreeSet(namespaces);
            treeSet.add("xmlns=\"http://www.w3.org/2000/09/xmldsig#\"");
            String canonicalize = XmlUtil.canonicalize(findSignedInfo(str2), treeSet);
            X509Certificate findCertificate = findCertificate(str2);
            if (certificateValidator != null) {
                certificateValidator.validate(findCertificate);
            }
            Signature signature = Signature.getInstance(AidlConstants.Security.RSA_SIGN_ALG_4);
            signature.initVerify(findCertificate);
            signature.update(canonicalize.getBytes(CharEncoding.UTF_8));
            if (!signature.verify(findSignatureValue(str2))) {
                throw new SignatureException("Invalid signature");
            }
            String findReferenceID = findReferenceID(str2);
            if (Arrays.equals(Util.sha256Digest(XmlUtil.canonicalize(findNode(str3, findReferenceID), namespaces).getBytes(CharEncoding.UTF_8)), findDigestValue(str2))) {
                return true;
            }
            throw new SignatureException(MessageFormat.format("Invalid digest value for reference \"{0}\"", findReferenceID));
        } catch (CertificateValidationException e) {
            throw e;
        } catch (SignatureException e2) {
            throw e2;
        } catch (Exception e3) {
            throw new SignatureException(e3.getMessage(), e3);
        }
    }
}
