package com.ftc.appmod;

import com.ftc.xml.dsig.SignatureVerifyException;
import com.ftc.xml.dsig.VerifyMS;
import com.sun.net.ssl.TrustManagerFactory;
import com.sun.net.ssl.X509TrustManager;
import java.io.FileInputStream;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.Enumeration;
import java.util.Vector;
import org.w3c.dom.Element;

/* loaded from: input_file:com/ftc/appmod/XMLVerifier.class */
public class XMLVerifier {
    private Vector objects = new Vector();
    private Vector certificates = new Vector();
    private String trustStorePath = "jks.store";
    private String trustStorePassword = "";
    private VerifyMS vms;
    protected X509TrustManager tm;

    public void verify(Element element) throws SignatureVerifyException {
        if (element == null) {
            return;
        }
        if (XmlUtils.getFirstChildElement(element) == null) {
            throw new SignatureVerifyException("No data in the Document");
        }
        this.vms = new VerifyMS();
        this.vms.verify(element);
        if (!this.vms.isValid()) {
            throw new SignatureVerifyException("Invalid signature");
        }
        Certificate[] certificates = this.vms.getCertificates();
        for (int i = 0; i < certificates.length; i++) {
            Certificate certificate = certificates[i];
            if (certificate instanceof X509Certificate) {
                try {
                    X509Certificate[] x509CertificateArr = {(X509Certificate) certificate};
                    if (this.tm == null) {
                        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("SunX509");
                        KeyStore keyStore = KeyStore.getInstance("JKS");
                        keyStore.load(new FileInputStream(this.trustStorePath), this.trustStorePassword.toCharArray());
                        trustManagerFactory.init(keyStore);
                        this.tm = trustManagerFactory.getTrustManagers()[0];
                    }
                    if (!this.tm.isClientTrusted(x509CertificateArr)) {
                        throw new SignatureVerifyException("Untrusted certificate found.");
                    }
                } catch (Exception e) {
                    throw new SignatureVerifyException(new StringBuffer().append("Can't verify certificate:").append(e.getMessage()).toString());
                }
            }
            this.certificates.add(certificates[i]);
        }
        Enumeration elements = this.vms.objectHash.elements();
        while (elements.hasMoreElements()) {
            Element element2 = (Element) XmlUtils.getFirstChildElement((Element) elements.nextElement());
            if (element2 != null && !element2.getNodeName().equals("SignatureProperties")) {
                this.objects.add(element2);
            }
        }
    }

    public Collection getObjects() {
        return this.objects;
    }

    public Collection getCertificates() {
        return this.certificates;
    }

    public String getTrustStorePath() {
        return this.trustStorePath;
    }

    public void setTrustStorePath(String str) {
        this.trustStorePath = str;
    }

    public String getTrustStorePassword() {
        return this.trustStorePassword;
    }

    public void setTrustStorePassword(String str) {
        this.trustStorePassword = str;
    }
}
