package kz.gov.pki.knca.applet.utils;

import java.io.StringWriter;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.cert.X509Certificate;
import java.util.Iterator;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.xml.namespace.NamespaceContext;
import javax.xml.transform.TransformerFactory;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
import javax.xml.xpath.XPath;
import javax.xml.xpath.XPathConstants;
import javax.xml.xpath.XPathFactory;
import kz.gov.pki.kalkan.Storage;
import kz.gov.pki.kalkan.asn1.pkcs.PKCSObjectIdentifiers;
import kz.gov.pki.knca.applet.AppletConstants;
import kz.gov.pki.knca.applet.exception.AECodes;
import kz.gov.pki.knca.applet.exception.AppletException;
import org.apache.xml.security.keys.KeyInfo;
import org.apache.xml.security.signature.XMLSignature;
import org.apache.xml.security.transforms.Transforms;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;

/* loaded from: input_file:kz/gov/pki/knca/applet/utils/SignatureUtil.class */
public class SignatureUtil {
    public static String signXml(Storage storage, String str, String str2, char[] cArr, Provider provider, String str3) throws AppletException {
        String str4;
        String str5;
        try {
            try {
                Document parseStringToXMLDocument = XmlUtil.parseStringToXMLDocument(str3, AppletConstants.UTF_8_ENCODING);
                KeyStore keyStore = KeyStoreUtil.getKeyStore(storage, str, cArr, provider);
                if (keyStore == null) {
                    throw new AppletException(AECodes.SIGN_NULL_KEYSTORE.toString());
                }
                PrivateKey privateKey = (PrivateKey) keyStore.getKey(str2, cArr);
                X509Certificate x509Certificate = (X509Certificate) keyStore.getCertificate(str2);
                String sigAlgOID = x509Certificate.getSigAlgOID();
                if (sigAlgOID.equals(PKCSObjectIdentifiers.sha1WithRSAEncryption.getId())) {
                    str4 = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha1";
                    str5 = "http://www.w3.org/2001/04/xmldsig-more#sha1";
                } else if (sigAlgOID.equals(PKCSObjectIdentifiers.sha256WithRSAEncryption.getId())) {
                    str4 = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256";
                    str5 = "http://www.w3.org/2001/04/xmlenc#sha256";
                } else {
                    str4 = "http://www.w3.org/2001/04/xmldsig-more#gost34310-gost34311";
                    str5 = "http://www.w3.org/2001/04/xmldsig-more#gost34311";
                }
                String str6 = null;
                XMLSignature xMLSignature = new XMLSignature(parseStringToXMLDocument, "", str4);
                if (parseStringToXMLDocument.getFirstChild() != null) {
                    parseStringToXMLDocument.getFirstChild().appendChild(xMLSignature.getElement());
                    Transforms transforms = new Transforms(parseStringToXMLDocument);
                    transforms.addTransform("http://www.w3.org/2000/09/xmldsig#enveloped-signature");
                    transforms.addTransform("http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments");
                    xMLSignature.addDocument("", transforms, str5);
                    xMLSignature.addKeyInfo(x509Certificate);
                    xMLSignature.sign(privateKey);
                    StringWriter stringWriter = new StringWriter();
                    TransformerFactory.newInstance().newTransformer().transform(new DOMSource(parseStringToXMLDocument), new StreamResult(stringWriter));
                    stringWriter.close();
                    str6 = stringWriter.toString();
                }
                if (str6 == null) {
                    throw new AppletException(AECodes.BAD_XML_FORMAT.toString());
                }
                return str6;
            } catch (Exception e) {
                Logger.getLogger(KeyStoreUtil.class.getName()).log(Level.SEVERE, (String) null, (Throwable) e);
                throw new AppletException(AECodes.SIGN_COMMON.toString());
            } catch (AppletException e2) {
                throw e2;
            }
        } catch (Throwable th) {
            throw th;
        }
    }

    public static String signXmlById(Storage storage, String str, String str2, char[] cArr, Provider provider, String str3, String str4, String str5, String str6) throws AppletException {
        String str7;
        String str8;
        try {
            try {
                Document parseStringToXMLDocument = XmlUtil.parseStringToXMLDocument(str3, AppletConstants.UTF_8_ENCODING);
                KeyStore keyStore = KeyStoreUtil.getKeyStore(storage, str, cArr, provider);
                if (keyStore == null) {
                    throw new AppletException(AECodes.SIGN_NULL_KEYSTORE.toString());
                }
                PrivateKey privateKey = (PrivateKey) keyStore.getKey(str2, cArr);
                X509Certificate x509Certificate = (X509Certificate) keyStore.getCertificate(str2);
                String sigAlgOID = x509Certificate.getSigAlgOID();
                if (sigAlgOID.equals(PKCSObjectIdentifiers.sha1WithRSAEncryption.getId())) {
                    str7 = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha1";
                    str8 = "http://www.w3.org/2001/04/xmldsig-more#sha1";
                } else if (sigAlgOID.equals(PKCSObjectIdentifiers.sha256WithRSAEncryption.getId())) {
                    str7 = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256";
                    str8 = "http://www.w3.org/2001/04/xmlenc#sha256";
                } else {
                    str7 = "http://www.w3.org/2001/04/xmldsig-more#gost34310-gost34311";
                    str8 = "http://www.w3.org/2001/04/xmldsig-more#gost34311";
                }
                String str9 = null;
                Element element = (Element) parseStringToXMLDocument.getElementsByTagName(str4).item(0);
                element.setIdAttribute(str5, true);
                XMLSignature xMLSignature = new XMLSignature(parseStringToXMLDocument, "", str7);
                if (parseStringToXMLDocument.getFirstChild() != null) {
                    if (str6.isEmpty()) {
                        parseStringToXMLDocument.getFirstChild().appendChild(xMLSignature.getElement());
                    } else {
                        Element element2 = (Element) parseStringToXMLDocument.getElementsByTagName(str6).item(0);
                        if (element2 == null) {
                            element2 = parseStringToXMLDocument.createElement(str6);
                        }
                        element2.appendChild(xMLSignature.getElement());
                    }
                    xMLSignature.addDocument("#" + element.getAttribute(str5), (Transforms) null, str8);
                    xMLSignature.addKeyInfo(x509Certificate);
                    xMLSignature.sign(privateKey);
                    StringWriter stringWriter = new StringWriter();
                    TransformerFactory.newInstance().newTransformer().transform(new DOMSource(parseStringToXMLDocument), new StreamResult(stringWriter));
                    stringWriter.close();
                    str9 = stringWriter.toString();
                }
                if (str9 == null) {
                    throw new AppletException(AECodes.BAD_XML_FORMAT.toString());
                }
                return str9;
            } catch (Exception e) {
                Logger.getLogger(KeyStoreUtil.class.getName()).log(Level.SEVERE, (String) null, (Throwable) e);
                throw new AppletException(AECodes.SIGN_COMMON.toString());
            } catch (AppletException e2) {
                throw e2;
            }
        } catch (Throwable th) {
            throw th;
        }
    }

    public static boolean verifyXml(String str) throws AppletException {
        try {
            Element element = (Element) XmlUtil.parseStringToXMLDocument(str, AppletConstants.UTF_8_ENCODING).getFirstChild();
            boolean z = false;
            NodeList elementsByTagName = element.getElementsByTagName("ds:Signature");
            int length = elementsByTagName.getLength();
            for (int i = 0; i < length; i++) {
                Element element2 = (Element) elementsByTagName.item(length - 1);
                if (element2 == null) {
                    System.err.println("Bad signature: Element 'ds:Reference' is not found in XML document");
                    throw new AppletException(AECodes.SIGNATURE_ELEMENT_NOT_FOUND_WITHIN_XML.name());
                }
                XMLSignature xMLSignature = new XMLSignature(element2, "");
                KeyInfo keyInfo = xMLSignature.getKeyInfo();
                X509Certificate x509Certificate = keyInfo.getX509Certificate();
                if (x509Certificate == null) {
                    return xMLSignature.checkSignatureValue(keyInfo.getPublicKey());
                }
                z = xMLSignature.checkSignatureValue(x509Certificate);
                element.removeChild(element2);
            }
            return z;
        } catch (Exception e) {
            Logger.getLogger(SignatureUtil.class.getName()).log(Level.SEVERE, (String) null, (Throwable) e);
            throw new AppletException(AECodes.SIGNATURE_VALIDATION_ERROR.name());
        }
    }

    public static boolean verifyXml(String str, String str2, String str3) throws AppletException {
        try {
            Document parseStringToXMLDocument = XmlUtil.parseStringToXMLDocument(str, AppletConstants.UTF_8_ENCODING);
            Element element = null;
            if (str3 != null && !str3.isEmpty()) {
                element = (Element) parseStringToXMLDocument.getElementsByTagName(str3).item(0);
            }
            if (element == null) {
                element = (Element) parseStringToXMLDocument.getFirstChild();
            }
            boolean z = false;
            NodeList elementsByTagName = element.getElementsByTagName("ds:Signature");
            int length = elementsByTagName.getLength();
            for (int i = 0; i < length; i++) {
                Element element2 = (Element) elementsByTagName.item(i);
                if (element2 == null) {
                    System.err.println("Bad signature: Element 'ds:Reference' is not found in XML document");
                    throw new AppletException(AECodes.SIGNATURE_ELEMENT_NOT_FOUND_WITHIN_XML.name());
                }
                XPath newXPath = XPathFactory.newInstance().newXPath();
                newXPath.setNamespaceContext(new NamespaceContext() { // from class: kz.gov.pki.knca.applet.utils.SignatureUtil.1
                    @Override // javax.xml.namespace.NamespaceContext
                    public String getNamespaceURI(String str4) {
                        return "http://www.w3.org/2000/09/xmldsig#";
                    }

                    @Override // javax.xml.namespace.NamespaceContext
                    public String getPrefix(String str4) {
                        return "ds";
                    }

                    @Override // javax.xml.namespace.NamespaceContext
                    public Iterator<?> getPrefixes(String str4) {
                        return null;
                    }
                });
                ((Element) ((Node) newXPath.evaluate("//*[@" + str2 + "=\"" + ((Element) newXPath.evaluate("ds:SignedInfo/ds:Reference[@URI]", element2, XPathConstants.NODE)).getAttribute("URI").replaceFirst("#", "") + "\"]", parseStringToXMLDocument, XPathConstants.NODE))).setIdAttribute(str2, true);
                XMLSignature xMLSignature = new XMLSignature(element2, "");
                KeyInfo keyInfo = xMLSignature.getKeyInfo();
                X509Certificate x509Certificate = keyInfo.getX509Certificate();
                if (x509Certificate == null) {
                    return xMLSignature.checkSignatureValue(keyInfo.getPublicKey());
                }
                z = xMLSignature.checkSignatureValue(x509Certificate);
                element.removeChild(element2);
            }
            return z;
        } catch (Exception e) {
            Logger.getLogger(SignatureUtil.class.getName()).log(Level.SEVERE, (String) null, (Throwable) e);
            throw new AppletException(AECodes.SIGNATURE_VALIDATION_ERROR.name());
        }
    }
}
