package org.orbeon.oxf.processor;

import java.security.KeyFactory;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.spec.X509EncodedKeySpec;
import org.orbeon.dom.Document;
import org.orbeon.dom.DocumentFactory;
import org.orbeon.dom.Element;
import org.orbeon.dom.Node;
import org.orbeon.oxf.common.OXFException;
import org.orbeon.oxf.pipeline.api.PipelineContext;
import org.orbeon.oxf.processor.ProcessorImpl;
import org.orbeon.oxf.util.Base64;
import org.orbeon.oxf.util.StringUtils;
import org.orbeon.oxf.xml.XMLReceiver;
import org.orbeon.oxf.xml.XPathUtils;
import org.orbeon.oxf.xml.dom4j.Dom4jUtils;
import org.orbeon.oxf.xml.dom4j.LocationSAXWriter;

/* loaded from: input_file:WEB-INF/lib/orbeon-core.jar:org/orbeon/oxf/processor/SignatureVerifierProcessor.class */
public class SignatureVerifierProcessor extends ProcessorImpl {
    public static final String SIGNATURE_DATA_URI = "http://www/orbeon.com/oxf/signature";
    public static final String SIGNATURE_PUBLIC_KEY_URI = "http://www/orbeon.com/oxf/signature/public-key";
    public static final String INPUT_PUBLIC_KEY = "public-key";

    public SignatureVerifierProcessor() {
        addInputInfo(new ProcessorInputOutputInfo("data", SIGNATURE_DATA_URI));
        addInputInfo(new ProcessorInputOutputInfo(INPUT_PUBLIC_KEY, SIGNATURE_PUBLIC_KEY_URI));
        addOutputInfo(new ProcessorInputOutputInfo("data"));
    }

    @Override // org.orbeon.oxf.processor.ProcessorImpl, org.orbeon.oxf.processor.Processor
    public ProcessorOutput createOutput(String str) {
        ProcessorImpl.ProcessorOutputImpl processorOutputImpl = new ProcessorImpl.ProcessorOutputImpl(this, str) { // from class: org.orbeon.oxf.processor.SignatureVerifierProcessor.1
            @Override // org.orbeon.oxf.processor.impl.ProcessorOutputImpl
            public void readImpl(PipelineContext pipelineContext, XMLReceiver xMLReceiver) {
                try {
                    PublicKey generatePublic = KeyFactory.getInstance("DSA").generatePublic(new X509EncodedKeySpec(Base64.decode(XPathUtils.selectStringValueNormalize(SignatureVerifierProcessor.this.readCacheInputAsDOM4J(pipelineContext, SignatureVerifierProcessor.INPUT_PUBLIC_KEY), "/public-key"))));
                    Signature signature = Signature.getInstance("SHA1withDSA");
                    signature.initVerify(generatePublic);
                    Document readInputAsOrbeonDom = SignatureVerifierProcessor.this.readInputAsOrbeonDom(pipelineContext, "data");
                    Element element = readInputAsOrbeonDom.getRootElement().elements("data").get(0).elements().get(0);
                    String trimAllToEmpty = StringUtils.trimAllToEmpty(XPathUtils.selectStringValue(readInputAsOrbeonDom, "/signed-data/signature"));
                    element.detach();
                    Document createDocument = DocumentFactory.createDocument();
                    createDocument.add((Node) element);
                    signature.update(Dom4jUtils.domToString(createDocument).getBytes("utf-8"));
                    try {
                        try {
                            if (!signature.verify(Base64.decode(trimAllToEmpty))) {
                                throw new OXFException("Signature verification failed");
                            }
                            LocationSAXWriter locationSAXWriter = new LocationSAXWriter();
                            locationSAXWriter.setContentHandler(xMLReceiver);
                            locationSAXWriter.write(createDocument);
                        } catch (Exception e) {
                            throw new SignatureException("Signature verification failed");
                        }
                    } catch (SignatureException e2) {
                        throw e2;
                    }
                } catch (Exception e3) {
                    throw new OXFException(e3);
                }
            }
        };
        addOutput(str, processorOutputImpl);
        return processorOutputImpl;
    }
}
