package com.amazon.mesquite.content;

import com.amazon.mesquite.logging.MLog;
import com.amazon.mesquite.security.PublicKey;
import com.amazon.mesquite.security.SantuarioPublicKey;
import com.amazon.mesquite.security.SecurityException;
import java.io.BufferedOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.concurrent.atomic.AtomicBoolean;
import java.util.regex.Pattern;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import org.apache.xml.security.Init;
import org.apache.xml.security.algorithms.SignatureAlgorithm;
import org.apache.xml.security.exceptions.XMLSecurityException;
import org.apache.xml.security.keys.KeyInfo;
import org.apache.xml.security.keys.keyresolver.KeyResolverException;
import org.apache.xml.security.signature.Reference;
import org.apache.xml.security.signature.ReferenceNotInitializedException;
import org.apache.xml.security.signature.SignedInfo;
import org.apache.xml.security.signature.XMLSignature;
import org.apache.xml.security.signature.XMLSignatureException;
import org.apache.xml.security.utils.Constants;
import org.apache.xml.security.utils.SignerOutputStream;
import org.w3c.dom.Element;
import org.w3c.dom.NodeList;
import org.xml.sax.SAXException;

/* loaded from: classes.dex */
public class SignedContentLoader extends ContentLoaderDecorator {
    public static final String AUTHOR_SIGNATURE_NAME = "author-signature.xml";
    private static final String DISTRIBUTOR_SIGNATURE_NAME_SINGLE = "signature1.xml";
    private static final String LOG_TAG = "SignedContentLoader";
    private final Map<String, List<Reference>> m_contentSignatures;
    public static final Pattern DISTRIBUTOR_SIGNATURE_NAME_PATTERN = Pattern.compile("^signature[1-9][\\p{Digit}]*\\.xml$");
    private static final AtomicBoolean m_isIntialized = new AtomicBoolean(false);

    public SignedContentLoader(ContentLoader contentLoader) throws SignatureInErrorException {
        super(contentLoader);
        init();
        this.m_contentSignatures = populateSignatures();
    }

    private static final List<String> getSignatures(ContentLoader contentLoader) {
        ArrayList arrayList = new ArrayList();
        if (contentLoader.contentExists(DISTRIBUTOR_SIGNATURE_NAME_SINGLE)) {
            arrayList.add(DISTRIBUTOR_SIGNATURE_NAME_SINGLE);
        }
        if (contentLoader.contentExists(AUTHOR_SIGNATURE_NAME)) {
            arrayList.add(AUTHOR_SIGNATURE_NAME);
        }
        return arrayList;
    }

    public static PublicKey getSignedContentKey(ContentLoader contentLoader) throws SecurityException {
        init();
        List<String> signatures = getSignatures(contentLoader);
        if (signatures.size() == 0) {
            return null;
        }
        XMLSignature xMLSignature = getXMLSignature(signatures.get(0), contentLoader);
        xMLSignature.addResourceResolver(new ContentLoaderResourceResolverSpi(contentLoader));
        KeyInfo keyInfo = xMLSignature.getKeyInfo();
        if (keyInfo == null) {
            throw new SecurityException("Mesquite requires that a widget's signature specifies <KeyInfo/> element, but KeyInfo was not specified.");
        }
        return new SantuarioPublicKey(keyInfo);
    }

    private static XMLSignature getXMLSignature(String str, ContentLoader contentLoader) throws SignatureInErrorException {
        InputStream inputStream = null;
        try {
            try {
                InputStream content = contentLoader.getContent(str);
                DocumentBuilderFactory newInstance = DocumentBuilderFactory.newInstance();
                newInstance.setNamespaceAware(true);
                try {
                    NodeList elementsByTagNameNS = newInstance.newDocumentBuilder().parse(content).getElementsByTagNameNS("http://www.w3.org/2000/09/xmldsig#", Constants._TAG_SIGNATURE);
                    if (elementsByTagNameNS.getLength() == 0 || elementsByTagNameNS.getLength() > 1) {
                        throw new SignatureInErrorException("Only one Signature Element must be defined in " + str + ". " + elementsByTagNameNS.getLength() + " were found");
                    }
                    try {
                        XMLSignature xMLSignature = new XMLSignature((Element) elementsByTagNameNS.item(0), com.amazon.kindle.cms.ipc.Constants.COMPATIBILITY_DEFAULT_USER);
                        if (content != null) {
                            try {
                                content.close();
                            } catch (IOException e) {
                                if (MLog.isDebugEnabled()) {
                                    MLog.d(LOG_TAG, "Error while closing signature file " + str, e);
                                }
                                MLog.w(LOG_TAG, "Error while closing signature file");
                            }
                        }
                        return xMLSignature;
                    } catch (XMLSignatureException e2) {
                        throw new SignatureInErrorException("Error while parsing Signature Element in signature file " + str, e2);
                    } catch (XMLSecurityException e3) {
                        throw new SignatureInErrorException("Error while parsing Signature Element in signature file " + str, e3);
                    }
                } catch (IOException e4) {
                    throw new SignatureInErrorException("Error while doing XML parsing of signature file " + str, e4);
                } catch (ParserConfigurationException e5) {
                    throw new SignatureInErrorException("Error while doing XML parsing of signature file " + str, e5);
                } catch (SAXException e6) {
                    throw new SignatureInErrorException("Error while doing XML parsing of signature file " + str, e6);
                }
            } catch (IOException e7) {
                throw new SignatureInErrorException("Error while loading signature file " + str, e7);
            }
        } catch (Throwable th) {
            if (0 != 0) {
                try {
                    inputStream.close();
                } catch (IOException e8) {
                    if (MLog.isDebugEnabled()) {
                        MLog.d(LOG_TAG, "Error while closing signature file " + str, e8);
                    }
                    MLog.w(LOG_TAG, "Error while closing signature file");
                }
            }
            throw th;
        }
    }

    public static void init() {
        synchronized (m_isIntialized) {
            if (!m_isIntialized.get()) {
                Init.init();
                m_isIntialized.set(true);
            }
        }
    }

    public static boolean isSignedWidget(ContentLoader contentLoader) {
        if (contentLoader == null) {
            throw new IllegalArgumentException("loader cannot be null");
        }
        return contentLoader.contentExists(AUTHOR_SIGNATURE_NAME) || contentLoader.contentExists(DISTRIBUTOR_SIGNATURE_NAME_SINGLE);
    }

    private boolean isValidSignature(XMLSignature xMLSignature, String str) throws SignatureInErrorException {
        KeyInfo keyInfo = xMLSignature.getKeyInfo();
        if (keyInfo == null) {
            throw new SignatureInErrorException("KeyInfo element is missing from signature file " + str);
        }
        try {
            java.security.PublicKey publicKey = keyInfo.getPublicKey();
            if (publicKey == null) {
                throw new SignatureInErrorException("There was no public key to validate signature in signature file " + str);
            }
            try {
                try {
                    SignedInfo signedInfo = xMLSignature.getSignedInfo();
                    SignatureAlgorithm signatureAlgorithm = new SignatureAlgorithm(signedInfo.getSignatureMethodElement(), com.amazon.kindle.cms.ipc.Constants.COMPATIBILITY_DEFAULT_USER);
                    signatureAlgorithm.initVerify(publicKey);
                    BufferedOutputStream bufferedOutputStream = new BufferedOutputStream(new SignerOutputStream(signatureAlgorithm));
                    signedInfo.signInOctetStream(bufferedOutputStream);
                    bufferedOutputStream.close();
                    return signatureAlgorithm.verify(xMLSignature.getSignatureValue());
                } catch (XMLSecurityException e) {
                    throw new SignatureInErrorException("XMLSecurityException thrown while validating the SignatureValue in " + str, e);
                }
            } catch (IOException e2) {
                throw new SignatureInErrorException("IOException thrown while validating the SignatureValue in " + str, e2);
            }
        } catch (KeyResolverException e3) {
            throw new SignatureInErrorException("Unable to parse KeyInfo element in signature file " + str, e3);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.amazon.mesquite.content.ContentLoader
    public InputStream doGetContent(String str) throws IOException {
        ContentLoader sourceLoader = getSourceLoader();
        InputStream content = sourceLoader.getContent(str);
        if (content == null) {
            return null;
        }
        boolean z = true;
        if (this.m_contentSignatures.isEmpty()) {
            if (MLog.isDebugEnabled()) {
                MLog.d(LOG_TAG, "No author/distribute widget signature files found. Signature validation is being skipped for " + str);
            }
            return sourceLoader.getContent(str);
        }
        if (str.equals(AUTHOR_SIGNATURE_NAME) || DISTRIBUTOR_SIGNATURE_NAME_PATTERN.matcher(str).matches()) {
            return sourceLoader.getContent(str);
        }
        if (!this.m_contentSignatures.containsKey(str)) {
            if (MLog.isDebugEnabled()) {
                MLog.d(LOG_TAG, "Signature missing for content " + str);
            }
            MLog.w(LOG_TAG, "Signature missing for content");
            return null;
        }
        for (Reference reference : this.m_contentSignatures.get(str)) {
            try {
                if (!reference.verify()) {
                    z = false;
                }
            } catch (ReferenceNotInitializedException e) {
                z = false;
                if (MLog.isDebugEnabled()) {
                    MLog.d(LOG_TAG, "ReferenceNotInitializedException while verifying the Reference element digest for path " + str + "in signature file " + reference, e);
                }
                MLog.w(LOG_TAG, "ReferenceNotInitializedException while verifying the Reference element digest");
            } catch (XMLSecurityException e2) {
                z = false;
                if (MLog.isDebugEnabled()) {
                    MLog.d(LOG_TAG, "XMLSecurityException while verifying the Reference element digest for path " + str + "in signature file " + reference, e2);
                }
                MLog.w(LOG_TAG, "XMLSecurityException while verifying the Reference element digest");
            }
        }
        if (z) {
            return content;
        }
        if (MLog.isDebugEnabled()) {
            MLog.d(LOG_TAG, str + " failed signature validation");
        }
        MLog.w(LOG_TAG, "failed signature validation");
        return null;
    }

    protected void onPostPopulateSignatures(Map<String, List<Reference>> map, ContentLoaderResourceResolverSpi contentLoaderResourceResolverSpi) {
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Map<String, List<Reference>> populateSignatures() throws SignatureInErrorException {
        HashMap hashMap = new HashMap();
        List<String> signatures = getSignatures(getSourceLoader());
        ContentLoaderResourceResolverSpi contentLoaderResourceResolverSpi = new ContentLoaderResourceResolverSpi(getSourceLoader());
        for (String str : signatures) {
            XMLSignature xMLSignature = getXMLSignature(str, getSourceLoader());
            xMLSignature.addResourceResolver(contentLoaderResourceResolverSpi);
            if (!isValidSignature(xMLSignature, str)) {
                throw new SignatureInErrorException("Signature verification failed in " + str);
            }
            SignedInfo signedInfo = xMLSignature.getSignedInfo();
            for (int i = 0; i < signedInfo.getLength(); i++) {
                try {
                    Reference item = signedInfo.item(i);
                    String uri = item.getURI();
                    if (!hashMap.containsKey(uri)) {
                        hashMap.put(uri, new ArrayList());
                    }
                    hashMap.get(uri).add(item);
                } catch (XMLSecurityException e) {
                    throw new SignatureInErrorException("XMLSecurityException while caching the Reference elements in signature file " + str, e);
                }
            }
        }
        onPostPopulateSignatures(hashMap, contentLoaderResourceResolverSpi);
        return hashMap;
    }
}
