package com.microsoft.onlineid.sts;

import android.util.Base64;
import com.google.firebase.analytics.FirebaseAnalytics;
import com.microsoft.azure.storage.Constants;
import com.microsoft.onlineid.internal.Strings;
import com.microsoft.onlineid.sts.SharedKeyGenerator;
import com.microsoft.onlineid.sts.request.ISignableRequest;
import com.microsoft.onlineid.sts.request.Requests;
import java.io.CharArrayWriter;
import java.security.MessageDigest;
import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.List;
import javax.crypto.spec.SecretKeySpec;
import javax.xml.transform.Transformer;
import javax.xml.transform.TransformerConfigurationException;
import javax.xml.transform.TransformerException;
import javax.xml.transform.TransformerFactory;
import javax.xml.transform.TransformerFactoryConfigurationError;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.xml.sax.SAXException;

/* loaded from: classes4.dex */
public class XmlSigner {
    public static final String SignatureNamespace = "http://www.w3.org/2000/09/xmldsig#";
    private final List<Element> _elementsToDigest = new ArrayList();
    private byte[] _nonce = null;
    private final MessageDigest _elementDigester = Cryptography.getSha256Digester();

    private String getId(Element element) {
        return element.getAttribute(element.getNodeName().equals("wsu:Timestamp") ? "wsu:Id" : Constants.ID);
    }

    private byte[] getOrCreateNonce() {
        if (this._nonce == null) {
            this._nonce = new byte[32];
            new SecureRandom().nextBytes(this._nonce);
        }
        return this._nonce;
    }

    private Transformer getTransformer() {
        try {
            return TransformerFactory.newInstance().newTransformer();
        } catch (TransformerConfigurationException e) {
            throw new RuntimeException(e);
        } catch (TransformerFactoryConfigurationError e2) {
            throw new RuntimeException(e2);
        }
    }

    public void addElementToSign(Element element) {
        this._elementsToDigest.add(element);
    }

    String buildSignedInfoTag() {
        StringBuilder sb = new StringBuilder();
        sb.append("<SignedInfo xmlns=\"");
        sb.append(SignatureNamespace);
        sb.append("\">");
        sb.append("<CanonicalizationMethod Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\">");
        sb.append("</CanonicalizationMethod>");
        sb.append("<SignatureMethod Algorithm=\"http://www.w3.org/2001/04/xmldsig-more#hmac-sha256\">");
        sb.append("</SignatureMethod>");
        for (Element element : this._elementsToDigest) {
            String computeDigest = computeDigest(elementToCanonicalizedString(element));
            sb.append("<Reference URI=\"#");
            sb.append(getId(element));
            sb.append("\">");
            sb.append("<Transforms>");
            sb.append("<Transform Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\"></Transform>");
            sb.append("</Transforms>");
            sb.append("<DigestMethod Algorithm=\"http://www.w3.org/2001/04/xmlenc#sha256\"></DigestMethod>");
            sb.append("<DigestValue>");
            sb.append(computeDigest);
            sb.append("</DigestValue>");
            sb.append("</Reference>");
        }
        sb.append("</SignedInfo>");
        return sb.toString();
    }

    public String computeDigest(String str) {
        return Base64.encodeToString(this._elementDigester.digest(str.getBytes(Strings.Utf8Charset)), 2);
    }

    String computeSignatureForRequest(byte[] bArr, String str) {
        return computeSignatureImplementation(bArr, getOrCreateNonce(), str);
    }

    public String computeSignatureForResponse(byte[] bArr, byte[] bArr2, String str) {
        return computeSignatureImplementation(bArr, bArr2, str.replace("<SignedInfo>", "<SignedInfo xmlns=\"http://www.w3.org/2000/09/xmldsig#\">"));
    }

    String computeSignatureImplementation(byte[] bArr, byte[] bArr2, String str) {
        return Base64.encodeToString(Cryptography.getInitializedHmacSha256Digester(new SecretKeySpec(new SharedKeyGenerator(bArr).generateKey(SharedKeyGenerator.KeyPurpose.STSDigest, bArr2), Cryptography.HmacSha256Algorithm)).doFinal(str.getBytes(Strings.Utf8Charset)), 2);
    }

    String elementToCanonicalizedString(Element element) {
        DOMSource dOMSource = new DOMSource(element);
        StreamResult streamResult = new StreamResult(new CharArrayWriter());
        Transformer transformer = getTransformer();
        transformer.setOutputProperty(FirebaseAnalytics.Param.METHOD, "html");
        transformer.setOutputProperty("indent", "no");
        try {
            transformer.transform(dOMSource, streamResult);
            return streamResult.getWriter().toString();
        } catch (TransformerException e) {
            throw new RuntimeException(e);
        }
    }

    public String getEncodedNonce() {
        return Base64.encodeToString(getOrCreateNonce(), 2);
    }

    public void sign(ISignableRequest iSignableRequest) {
        Element parentOfSignatureNode = iSignableRequest.getParentOfSignatureNode();
        Document ownerDocument = parentOfSignatureNode.getOwnerDocument();
        byte[] signingSessionKey = iSignableRequest.getSigningSessionKey();
        String buildSignedInfoTag = buildSignedInfoTag();
        try {
            parentOfSignatureNode.appendChild(ownerDocument.importNode(Requests.xmlStringToElement("<Signature xmlns=\"" + SignatureNamespace + "\">" + buildSignedInfoTag + "<SignatureValue>" + computeSignatureForRequest(signingSessionKey, buildSignedInfoTag) + "</SignatureValue><KeyInfo><wsse:SecurityTokenReference><wsse:Reference URI=\"#SignKey\"/></wsse:SecurityTokenReference></KeyInfo></Signature>"), true));
        } catch (SAXException e) {
            throw new RuntimeException(e);
        }
    }
}
