package org.eclipse.scada.sec.authz.signature;

import java.security.Key;
import java.security.KeyPair;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.util.Collections;
import java.util.LinkedList;
import javax.xml.crypto.dsig.CanonicalizationMethod;
import javax.xml.crypto.dsig.DigestMethod;
import javax.xml.crypto.dsig.Reference;
import javax.xml.crypto.dsig.SignedInfo;
import javax.xml.crypto.dsig.Transform;
import javax.xml.crypto.dsig.XMLSignatureFactory;
import javax.xml.crypto.dsig.dom.DOMSignContext;
import javax.xml.crypto.dsig.keyinfo.KeyInfoFactory;
import javax.xml.crypto.dsig.spec.C14NMethodParameterSpec;
import javax.xml.crypto.dsig.spec.DigestMethodParameterSpec;
import javax.xml.crypto.dsig.spec.SignatureMethodParameterSpec;
import javax.xml.crypto.dsig.spec.TransformParameterSpec;
import org.w3c.dom.Document;

/* loaded from: input_file:org/eclipse/scada/sec/authz/signature/RequestSigner.class */
public class RequestSigner {
    private final DigestMethod md;
    private final Reference ref;
    private final XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM");
    private final KeyInfoFactory kif = this.fac.getKeyInfoFactory();
    private final Transform t = this.fac.newTransform("http://www.w3.org/2000/09/xmldsig#enveloped-signature", (TransformParameterSpec) null);
    private final CanonicalizationMethod cm = this.fac.newCanonicalizationMethod("http://www.w3.org/TR/2001/REC-xml-c14n-20010315", (C14NMethodParameterSpec) null);

    /* loaded from: input_file:org/eclipse/scada/sec/authz/signature/RequestSigner$Configuration.class */
    public static class Configuration {
        private String digestMethod = "http://www.w3.org/2000/09/xmldsig#sha1";

        public void setDigestMethod(String str) {
            this.digestMethod = str;
        }

        public String getDigestMethod() {
            return this.digestMethod;
        }
    }

    private String fromAlg(String str) {
        if ("DSA".equals(str)) {
            return "http://www.w3.org/2000/09/xmldsig#dsa-sha1";
        }
        if ("RSA".equals(str)) {
            return "http://www.w3.org/2000/09/xmldsig#rsa-sha1";
        }
        if ("HMAC".equals(str)) {
            return "http://www.w3.org/2000/09/xmldsig#hmac-sha1";
        }
        throw new IllegalArgumentException(String.format("Key algorithm '%s' is not supported", str));
    }

    public RequestSigner(Configuration configuration) throws Exception {
        this.md = this.fac.newDigestMethod(configuration.getDigestMethod(), (DigestMethodParameterSpec) null);
        this.ref = this.fac.newReference("", this.md, Collections.singletonList(this.t), (String) null, (String) null);
    }

    public void sign(Key key, Certificate certificate, Document document) throws Exception {
        sign(key, null, certificate, document);
    }

    public synchronized void sign(KeyPair keyPair, Document document) throws Exception {
        sign(keyPair.getPrivate(), keyPair.getPublic(), null, document);
    }

    synchronized void sign(Key key, PublicKey publicKey, Certificate certificate, Document document) throws Exception {
        DOMSignContext dOMSignContext = new DOMSignContext(key, document.getDocumentElement());
        SignedInfo newSignedInfo = this.fac.newSignedInfo(this.cm, this.fac.newSignatureMethod(fromAlg(key.getAlgorithm()), (SignatureMethodParameterSpec) null), Collections.singletonList(this.ref));
        LinkedList linkedList = new LinkedList();
        if (certificate != null) {
            linkedList.add(this.kif.newKeyValue(certificate.getPublicKey()));
            linkedList.add(this.kif.newX509Data(Collections.singletonList(certificate)));
        } else {
            linkedList.add(this.kif.newKeyValue(publicKey));
        }
        this.fac.newXMLSignature(newSignedInfo, this.kif.newKeyInfo(linkedList)).sign(dOMSignContext);
    }
}
