package org.orbeon.oxf.processor;

import java.security.KeyFactory;
import java.security.PublicKey;
import java.security.Signature;
import java.security.spec.X509EncodedKeySpec;
import org.dom4j.Document;
import org.dom4j.Node;
import org.orbeon.oxf.common.OXFException;
import org.orbeon.oxf.pipeline.api.PipelineContext;
import org.orbeon.oxf.processor.ProcessorImpl;
import org.orbeon.oxf.util.Base64;
import org.orbeon.oxf.xml.XMLUtils;
import org.orbeon.oxf.xml.XPathUtils;
import org.orbeon.oxf.xml.dom4j.LocationSAXWriter;
import org.xml.sax.ContentHandler;

/* loaded from: input_file:WEB-INF/lib/orbeon.jar:org/orbeon/oxf/processor/SignatureVerifierProcessor.class */
public class SignatureVerifierProcessor extends ProcessorImpl {
    public static final String SIGNATURE_DATA_URI = "http://www/orbeon.com/oxf/signature";
    public static final String SIGNATURE_PUBLIC_KEY_URI = "http://www/orbeon.com/oxf/signature/public-key";
    public static final String INPUT_PUBLIC_KEY = "public-key";

    public SignatureVerifierProcessor() {
        addInputInfo(new ProcessorInputOutputInfo("data", SIGNATURE_DATA_URI));
        addInputInfo(new ProcessorInputOutputInfo(INPUT_PUBLIC_KEY, SIGNATURE_PUBLIC_KEY_URI));
        addOutputInfo(new ProcessorInputOutputInfo("data"));
    }

    @Override // org.orbeon.oxf.processor.ProcessorImpl, org.orbeon.oxf.processor.Processor
    public ProcessorOutput createOutput(String str) {
        ProcessorImpl.ProcessorOutputImpl processorOutputImpl = new ProcessorImpl.ProcessorOutputImpl(this, getClass(), str) { // from class: org.orbeon.oxf.processor.SignatureVerifierProcessor.1
            private final SignatureVerifierProcessor this$0;

            {
                this.this$0 = this;
            }

            @Override // org.orbeon.oxf.processor.ProcessorImpl.ProcessorOutputImpl
            public void readImpl(PipelineContext pipelineContext, ContentHandler contentHandler) {
                try {
                    PublicKey generatePublic = KeyFactory.getInstance("DSA").generatePublic(new X509EncodedKeySpec(Base64.decode(XPathUtils.selectStringValueNormalize(this.this$0.readCacheInputAsDOM4J(pipelineContext, SignatureVerifierProcessor.INPUT_PUBLIC_KEY), "/public-key"))));
                    Signature signature = Signature.getInstance("SHA1withDSA");
                    signature.initVerify(generatePublic);
                    Document readInputAsDOM4J = this.this$0.readInputAsDOM4J(pipelineContext, "data");
                    Node selectSingleNode = readInputAsDOM4J.selectSingleNode("/signed-data/data/*");
                    String selectStringValueNormalize = XPathUtils.selectStringValueNormalize(readInputAsDOM4J, "/signed-data/signature");
                    selectSingleNode.detach();
                    Document createDOM4JDocument = XMLUtils.createDOM4JDocument();
                    createDOM4JDocument.add(selectSingleNode);
                    signature.update(XMLUtils.domToString(createDOM4JDocument).getBytes());
                    if (!signature.verify(Base64.decode(selectStringValueNormalize))) {
                        throw new OXFException("Invalid Signature");
                    }
                    LocationSAXWriter locationSAXWriter = new LocationSAXWriter();
                    locationSAXWriter.setContentHandler(contentHandler);
                    locationSAXWriter.write(createDOM4JDocument);
                } catch (Exception e) {
                    throw new OXFException(e);
                }
            }
        };
        addOutput(str, processorOutputImpl);
        return processorOutputImpl;
    }
}
