package de.fuberlin.wiwiss.ng4j.swp.util;

import com.hp.hpl.jena.graph.Node;
import de.fuberlin.wiwiss.ng4j.NamedGraph;
import de.fuberlin.wiwiss.ng4j.NamedGraphSet;
import de.fuberlin.wiwiss.ng4j.impl.NamedGraphSetImpl;
import de.fuberlin.wiwiss.ng4j.swp.c14n.RDFC14NImpl;
import de.fuberlin.wiwiss.ng4j.swp.exceptions.SWPAlgorithmNotSupportedException;
import de.fuberlin.wiwiss.ng4j.swp.exceptions.SWPCertificateException;
import de.fuberlin.wiwiss.ng4j.swp.exceptions.SWPCertificateValidationException;
import de.fuberlin.wiwiss.ng4j.swp.exceptions.SWPInvalidKeyException;
import de.fuberlin.wiwiss.ng4j.swp.exceptions.SWPNoSuchAlgorithmException;
import de.fuberlin.wiwiss.ng4j.swp.exceptions.SWPNoSuchDigestMethodException;
import de.fuberlin.wiwiss.ng4j.swp.exceptions.SWPSignatureException;
import de.fuberlin.wiwiss.ng4j.swp.exceptions.SWPValidationException;
import de.fuberlin.wiwiss.ng4j.swp.vocabulary.SWP;
import de.fuberlin.wiwiss.ng4j.swp.vocabulary.SWP_V;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Security;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.security.interfaces.DSAPrivateKey;
import java.security.interfaces.RSAPrivateKey;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import org.apache.axis.components.uuid.SimpleUUIDGen;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.bouncycastle.crypto.Digest;
import org.bouncycastle.crypto.digests.SHA1Digest;
import org.bouncycastle.crypto.digests.SHA224Digest;
import org.bouncycastle.crypto.digests.SHA256Digest;
import org.bouncycastle.crypto.digests.SHA384Digest;
import org.bouncycastle.crypto.digests.SHA512Digest;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openpgp.PGPPrivateKey;
import org.bouncycastle.util.encoders.Hex;

/* loaded from: input_file:WEB-INF/lib/ng4j-0.9.4.jar:de/fuberlin/wiwiss/ng4j/swp/util/SWPSignatureUtilities.class */
public class SWPSignatureUtilities {
    public static final String ALG_ID_SIGNATURE_SHA1withRSA = "SHA1withRSA";
    public static final String ALG_ID_SIGNATURE_SHA224withRSA = "SHA224withRSA";
    public static final String ALG_ID_SIGNATURE_SHA256withRSA = "SHA256withRSA";
    public static final String ALG_ID_SIGNATURE_SHA384withRSA = "SHA384withRSA";
    public static final String ALG_ID_SIGNATURE_SHA512withRSA = "SHA512withRSA";
    public static final String ALG_ID_SIGNATURE_SHA1withDSA = "SHA1withDSA";
    public static final String X509_CERTIFICATE_TYPE = "X.509";
    private static final Log logger = LogFactory.getLog(SWPSignatureUtilities.class);

    /* renamed from: info, reason: collision with root package name */
    private static boolean f2info = logger.isInfoEnabled();
    private static SimpleUUIDGen uuidGen = new SimpleUUIDGen();

    public static String getCanonicalGraph(NamedGraph namedGraph) {
        ArrayList arrayList = new ArrayList();
        NamedGraphSetImpl namedGraphSetImpl = new NamedGraphSetImpl();
        try {
            namedGraphSetImpl.addGraph(namedGraph);
            Iterator<String> it = new RDFC14NImpl(namedGraphSetImpl.asJenaModel(namedGraph.getGraphName().toString())).getCanonicalStringsArray().iterator();
            arrayList.add(namedGraph.getGraphName().toString());
            while (it.hasNext()) {
                arrayList.add(it.next());
            }
            return arrayList.toString();
        } finally {
            namedGraphSetImpl.removeGraph(namedGraph.getGraphName());
        }
    }

    public static String getCanonicalGraphSet(NamedGraphSet namedGraphSet) {
        String str = "urn:uuid" + uuidGen.nextUUID();
        ArrayList arrayList = new ArrayList();
        ArrayList<String> canonicalStringsArray = new RDFC14NImpl(namedGraphSet.asJenaModel(str)).getCanonicalStringsArray();
        namedGraphSet.removeGraph(str);
        Iterator<NamedGraph> listGraphs = namedGraphSet.listGraphs();
        while (listGraphs.hasNext()) {
            arrayList.add(listGraphs.next().getGraphName().toString());
        }
        Collections.sort(arrayList);
        Iterator<String> it = canonicalStringsArray.iterator();
        while (it.hasNext()) {
            arrayList.add(it.next());
        }
        return arrayList.toString();
    }

    protected static String calculateDigest(String str, Node node) throws SWPNoSuchDigestMethodException {
        Digest sHA512Digest;
        Security.addProvider(new BouncyCastleProvider());
        if (node.equals(SWP.JjcRdfC14N_sha1)) {
            sHA512Digest = new SHA1Digest();
        } else if (node.equals(SWP.JjcRdfC14N_sha224)) {
            sHA512Digest = new SHA224Digest();
        } else if (node.equals(SWP.JjcRdfC14N_sha256)) {
            sHA512Digest = new SHA256Digest();
        } else if (node.equals(SWP.JjcRdfC14N_sha384)) {
            sHA512Digest = new SHA384Digest();
        } else {
            if (!node.equals(SWP.JjcRdfC14N_sha512)) {
                throw new SWPNoSuchDigestMethodException("The digest method: " + node + " does not exist.");
            }
            sHA512Digest = new SHA512Digest();
        }
        byte[] bArr = new byte[sHA512Digest.getDigestSize()];
        sHA512Digest.update(str.getBytes(), 0, str.getBytes().length);
        sHA512Digest.doFinal(bArr, 0);
        return new String(Base64.encodeBase64(Hex.encode(bArr)));
    }

    public static String calculateDigest(NamedGraph namedGraph, Node node) throws SWPNoSuchDigestMethodException {
        return calculateDigest(getCanonicalGraph(namedGraph), node);
    }

    public static String calculateDigest(NamedGraphSet namedGraphSet, Node node) throws SWPNoSuchDigestMethodException {
        return calculateDigest(getCanonicalGraphSet(namedGraphSet), node);
    }

    public static Signature getSignature(String str, Node node) throws SWPNoSuchAlgorithmException {
        try {
            Signature signature = Signature.getInstance(str, new BouncyCastleProvider());
            if (f2info) {
                logger.info("Using algorithm: " + str);
            }
            return signature;
        } catch (NoSuchAlgorithmException e) {
            logger.fatal(str + " not found! " + e.getMessage());
            throw new SWPNoSuchAlgorithmException("The signaturemethod: " + node.toString() + " does not exist.", e);
        }
    }

    public static Signature determineSignature(Node node, Object obj) throws SWPNoSuchAlgorithmException, SWPAlgorithmNotSupportedException {
        Signature signature = null;
        if (obj instanceof RSAPrivateKey) {
            if (node.equals(SWP.JjcRdfC14N_rsa_sha1)) {
                signature = getSignature(ALG_ID_SIGNATURE_SHA1withRSA, node);
            } else if (node.equals(SWP.JjcRdfC14N_rsa_sha224)) {
                signature = getSignature(ALG_ID_SIGNATURE_SHA224withRSA, node);
            } else if (node.equals(SWP.JjcRdfC14N_rsa_sha256)) {
                signature = getSignature(ALG_ID_SIGNATURE_SHA256withRSA, node);
            } else if (node.equals(SWP.JjcRdfC14N_rsa_sha384)) {
                signature = getSignature(ALG_ID_SIGNATURE_SHA384withRSA, node);
            } else {
                if (!node.equals(SWP.JjcRdfC14N_rsa_sha512)) {
                    if (node.equals(SWP.JjcRdfC14N_dsa_sha1)) {
                        throw new SWPAlgorithmNotSupportedException("RSA private key detected. DSA encyption is not supported.");
                    }
                    throw new SWPNoSuchAlgorithmException("The signaturemethod: " + node + " does not exist.");
                }
                signature = getSignature(ALG_ID_SIGNATURE_SHA512withRSA, node);
            }
        } else if (obj instanceof PGPPrivateKey) {
            if (node.equals(SWP.JjcRdfC14N_rsa_sha1)) {
                signature = getSignature(ALG_ID_SIGNATURE_SHA1withRSA, node);
            } else if (node.equals(SWP.JjcRdfC14N_rsa_sha224)) {
                signature = getSignature(ALG_ID_SIGNATURE_SHA224withRSA, node);
            } else if (node.equals(SWP.JjcRdfC14N_rsa_sha256)) {
                signature = getSignature(ALG_ID_SIGNATURE_SHA256withRSA, node);
            } else if (node.equals(SWP.JjcRdfC14N_rsa_sha384)) {
                signature = getSignature(ALG_ID_SIGNATURE_SHA384withRSA, node);
            } else {
                if (!node.equals(SWP.JjcRdfC14N_rsa_sha512)) {
                    if (node.equals(SWP.JjcRdfC14N_dsa_sha1)) {
                        throw new SWPAlgorithmNotSupportedException("RSA private key detected. PGP DSA encryption is not supported.");
                    }
                    throw new SWPNoSuchAlgorithmException("The signaturemethod: " + node + " does not exist.");
                }
                signature = getSignature(ALG_ID_SIGNATURE_SHA512withRSA, node);
            }
        } else if (obj instanceof DSAPrivateKey) {
            if (node.equals(SWP.JjcRdfC14N_rsa_sha1) || node.equals(SWP.JjcRdfC14N_rsa_sha224) || node.equals(SWP.JjcRdfC14N_rsa_sha256) || node.equals(SWP.JjcRdfC14N_rsa_sha384) || node.equals(SWP.JjcRdfC14N_rsa_sha512)) {
                throw new SWPAlgorithmNotSupportedException("DSA private key detected. RSA is not supported.");
            }
            if (!node.equals(SWP.JjcRdfC14N_dsa_sha1)) {
                throw new SWPNoSuchAlgorithmException("The signaturemethod: " + node + " does not exist.");
            }
            signature = getSignature(ALG_ID_SIGNATURE_SHA1withDSA, node);
        }
        return signature;
    }

    public static String calculateSignature(NamedGraph namedGraph, Node node, Object obj) throws SWPNoSuchAlgorithmException, SWPSignatureException, SWPInvalidKeyException, SWPAlgorithmNotSupportedException {
        Security.addProvider(new BouncyCastleProvider());
        String canonicalGraph = getCanonicalGraph(namedGraph);
        Signature determineSignature = determineSignature(node, obj);
        try {
            if (obj instanceof PrivateKey) {
                determineSignature.initSign((PrivateKey) obj);
            } else {
                if (!(obj instanceof PGPPrivateKey)) {
                    throw new SWPInvalidKeyException("No suitable private key found.");
                }
                determineSignature.initSign(((PGPPrivateKey) obj).getKey());
            }
            determineSignature.update(canonicalGraph.getBytes("UTF-8"));
            try {
                return new String(Base64.encodeBase64(determineSignature.sign()));
            } catch (SignatureException e) {
                logger.fatal("Error generating signature. " + e.getMessage());
                throw new SWPSignatureException("Error generating signature.", e);
            }
        } catch (UnsupportedEncodingException e2) {
            throw new RuntimeException(e2);
        } catch (InvalidKeyException e3) {
            logger.fatal("Public key supplied is invalid. " + e3.getMessage());
            throw new SWPInvalidKeyException("Public key supplied is invalid.", e3);
        } catch (SignatureException e4) {
            logger.fatal("Error updating input data. " + e4.getMessage());
            throw new SWPSignatureException("Error updating input data.", e4);
        }
    }

    public static String calculateSignature(NamedGraphSet namedGraphSet, Node node, PrivateKey privateKey) throws SWPNoSuchAlgorithmException, SWPSignatureException, SWPInvalidKeyException {
        String canonicalGraphSet = getCanonicalGraphSet(namedGraphSet);
        Signature signatureAlgorithm = getSignatureAlgorithm(node);
        try {
            signatureAlgorithm.initSign(privateKey);
            signatureAlgorithm.update(canonicalGraphSet.getBytes());
            try {
                return new String(Base64.encodeBase64(signatureAlgorithm.sign()));
            } catch (SignatureException e) {
                logger.fatal("Error generating signature. " + e.getMessage());
                throw new SWPSignatureException("Error generating signature.", e);
            }
        } catch (InvalidKeyException e2) {
            logger.fatal("Public key supplied is invalid. " + e2.getMessage());
            throw new SWPInvalidKeyException("Public key supplied is invalid.", e2);
        } catch (SignatureException e3) {
            logger.fatal("Error updating input data. " + e3.getMessage());
            throw new SWPSignatureException("Error updating input data.", e3);
        }
    }

    public static Signature getSignatureAlgorithm(Node node) throws SWPNoSuchAlgorithmException {
        Signature signature;
        if (node.equals(SWP.JjcRdfC14N_rsa_sha1)) {
            signature = getSignature(ALG_ID_SIGNATURE_SHA1withRSA, node);
        } else if (node.equals(SWP.JjcRdfC14N_rsa_sha224)) {
            signature = getSignature(ALG_ID_SIGNATURE_SHA224withRSA, node);
        } else if (node.equals(SWP.JjcRdfC14N_rsa_sha256)) {
            signature = getSignature(ALG_ID_SIGNATURE_SHA256withRSA, node);
        } else if (node.equals(SWP.JjcRdfC14N_rsa_sha384)) {
            signature = getSignature(ALG_ID_SIGNATURE_SHA384withRSA, node);
        } else if (node.equals(SWP.JjcRdfC14N_rsa_sha512)) {
            signature = getSignature(ALG_ID_SIGNATURE_SHA512withRSA, node);
        } else {
            if (!node.equals(SWP.JjcRdfC14N_dsa_sha1)) {
                throw new SWPNoSuchAlgorithmException("The signaturemethod: " + node + " does not exist.");
            }
            signature = getSignature(ALG_ID_SIGNATURE_SHA1withDSA, node);
        }
        return signature;
    }

    public static boolean validateSignature(NamedGraph namedGraph, Node node, String str, String str2) throws SWPNoSuchAlgorithmException, SWPValidationException, SWPInvalidKeyException, SWPSignatureException, CertificateException {
        return validateSignature(namedGraph, node, str, (X509Certificate) CertificateFactory.getInstance(X509_CERTIFICATE_TYPE).generateCertificate(new ByteArrayInputStream(str2.getBytes())));
    }

    public static boolean validateSignature(NamedGraph namedGraph, Node node, String str, X509Certificate x509Certificate) throws SWPNoSuchAlgorithmException, SWPValidationException, SWPInvalidKeyException, SWPSignatureException, SWPCertificateException {
        String canonicalGraph = getCanonicalGraph(namedGraph);
        Signature signatureAlgorithm = getSignatureAlgorithm(node);
        try {
            if (str == null) {
                throw new SWPSignatureException("The input signature value was empty.");
            }
            byte[] decodeBase64 = Base64.decodeBase64(str.getBytes());
            if (x509Certificate.getPublicKey() == null) {
                throw new SWPCertificateException("Input X.509 certificate was found to be empty.");
            }
            signatureAlgorithm.initVerify(x509Certificate.getPublicKey());
            signatureAlgorithm.update(canonicalGraph.getBytes("UTF-8"));
            try {
                return signatureAlgorithm.verify(decodeBase64);
            } catch (SignatureException e) {
                logger.fatal("Error verifying signature. " + e.getMessage());
                throw new SWPSignatureException("Error verifying signature.", e);
            }
        } catch (IOException e2) {
            logger.fatal("Unable to access signature: " + e2.getMessage());
            throw new SWPValidationException("I/O error: Unable to access signature value.", e2);
        } catch (InvalidKeyException e3) {
            logger.fatal("Public key supplied is invalid. " + e3.getMessage());
            throw new SWPInvalidKeyException("Public key supplied is invalid.", e3);
        } catch (SignatureException e4) {
            logger.fatal("Error updating input data. " + e4.getMessage());
            throw new SWPSignatureException("Error updating input data. " + e4.getMessage(), e4);
        }
    }

    public static boolean validateSignature(NamedGraph namedGraph, Node node, String str, X509Certificate x509Certificate, ArrayList<X509Certificate> arrayList) throws SWPNoSuchAlgorithmException, SWPValidationException, SWPInvalidKeyException, SWPSignatureException, SWPCertificateException {
        try {
            verifyCertificate(x509Certificate, arrayList);
            return validateSignature(namedGraph, node, str, x509Certificate);
        } catch (CertificateExpiredException e) {
            logger.warn("Certificate has expired.");
            throw new SWPValidationException("Certificate has expired.", e);
        } catch (CertificateNotYetValidException e2) {
            logger.warn("Certificate not yet valid.");
            throw new SWPValidationException("Certificate not yet valid.", e2);
        } catch (GeneralSecurityException e3) {
            logger.warn("Certificate not signed by some trusted certificates.");
            throw new SWPValidationException("Certificate not signed by some trusted certificates.", e3);
        }
    }

    public static void verifyCertificate(X509Certificate x509Certificate, ArrayList<X509Certificate> arrayList) throws GeneralSecurityException, CertificateExpiredException, CertificateNotYetValidException {
        x509Certificate.checkValidity();
        Iterator<X509Certificate> it = arrayList.iterator();
        if (it.hasNext()) {
            while (it.hasNext()) {
                X509Certificate next = it.next();
                try {
                    x509Certificate.verify(next.getPublicKey());
                    return;
                } catch (GeneralSecurityException e) {
                    logger.warn("Certificate not signed by: " + next.getIssuerDN().getName());
                }
            }
        }
        throw new SWPCertificateValidationException("Can not find trusted parent certificate.");
    }

    public static boolean isEverySignatureValid(NamedGraph namedGraph) {
        if (SWP_V.default_graph.equals(namedGraph.getGraphName())) {
            return (namedGraph.contains(Node.ANY, SWP_V.notSuccessful, Node.createLiteral("true")) || namedGraph.contains(Node.ANY, SWP_V.successful, Node.createLiteral("false"))) ? false : true;
        }
        throw new IllegalArgumentException("provided graph is not 'verifiedSignatures' graph");
    }
}
