package services.zapret_info;

import CMS_samples.CMStools;
import com.objsys.asn1j.runtime.Asn1BerDecodeBuffer;
import com.objsys.asn1j.runtime.Asn1BerEncodeBuffer;
import com.objsys.asn1j.runtime.Asn1Null;
import com.objsys.asn1j.runtime.Asn1ObjectIdentifier;
import com.objsys.asn1j.runtime.Asn1OctetString;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import ru.CryptoPro.JCP.ASN.CryptographicMessageSyntax.CMSVersion;
import ru.CryptoPro.JCP.ASN.CryptographicMessageSyntax.CertificateChoices;
import ru.CryptoPro.JCP.ASN.CryptographicMessageSyntax.CertificateSet;
import ru.CryptoPro.JCP.ASN.CryptographicMessageSyntax.ContentInfo;
import ru.CryptoPro.JCP.ASN.CryptographicMessageSyntax.DigestAlgorithmIdentifier;
import ru.CryptoPro.JCP.ASN.CryptographicMessageSyntax.DigestAlgorithmIdentifiers;
import ru.CryptoPro.JCP.ASN.CryptographicMessageSyntax.EncapsulatedContentInfo;
import ru.CryptoPro.JCP.ASN.CryptographicMessageSyntax.IssuerAndSerialNumber;
import ru.CryptoPro.JCP.ASN.CryptographicMessageSyntax.SignatureAlgorithmIdentifier;
import ru.CryptoPro.JCP.ASN.CryptographicMessageSyntax.SignatureValue;
import ru.CryptoPro.JCP.ASN.CryptographicMessageSyntax.SignedData;
import ru.CryptoPro.JCP.ASN.CryptographicMessageSyntax.SignerIdentifier;
import ru.CryptoPro.JCP.ASN.CryptographicMessageSyntax.SignerInfo;
import ru.CryptoPro.JCP.ASN.CryptographicMessageSyntax.SignerInfos;
import ru.CryptoPro.JCP.ASN.PKIX1Explicit88.Certificate;
import ru.CryptoPro.JCP.ASN.PKIX1Explicit88.CertificateSerialNumber;
import ru.CryptoPro.JCP.ASN.PKIX1Explicit88.Name;
import ru.CryptoPro.JCP.JCP;
import ru.CryptoPro.JCP.params.OID;
import ru.CryptoPro.JCP.tools.Array;

/* loaded from: classes5.dex */
public class ZapretInfoExample {
    private static final String ALIAS = "gost_exch";
    private static final char[] PASSWORD = "Pass1234".toCharArray();
    private static final String PATH_TO_SAVE = "C:\\";
    private static final String REQUEST = "<?xml version=\"1.0\" encoding=\"windows-1251\"?>\n<request>\n<requestTime>2012-01-01T01:01:01.000+04:00</requestTime>\n<operatorName>Наименование оператора</operatorName>\n<inn>1234567890</inn>\n<ogrn>1234567890123</ogrn>\n<email>email@email.ru</email>\n</request>";

    public static byte[] createPKCS7(byte[] bArr, PrivateKey privateKey, X509Certificate x509Certificate) throws Exception {
        Signature signature = Signature.getInstance(JCP.GOST_DHEL_SIGN_NAME);
        signature.initSign(privateKey);
        signature.update(bArr);
        byte[] sign = signature.sign();
        ContentInfo contentInfo = new ContentInfo();
        contentInfo.contentType = new Asn1ObjectIdentifier(new OID(CMStools.STR_CMS_OID_SIGNED).value);
        SignedData signedData = new SignedData();
        contentInfo.content = signedData;
        signedData.version = new CMSVersion(1L);
        signedData.digestAlgorithms = new DigestAlgorithmIdentifiers(1);
        DigestAlgorithmIdentifier digestAlgorithmIdentifier = new DigestAlgorithmIdentifier(new OID("1.2.643.2.2.9").value);
        digestAlgorithmIdentifier.parameters = new Asn1Null();
        signedData.digestAlgorithms.elements[0] = digestAlgorithmIdentifier;
        signedData.encapContentInfo = new EncapsulatedContentInfo(new Asn1ObjectIdentifier(new OID(CMStools.STR_CMS_OID_DATA).value), (Asn1OctetString) null);
        signedData.certificates = new CertificateSet(1);
        Certificate certificate = new Certificate();
        certificate.decode(new Asn1BerDecodeBuffer(x509Certificate.getEncoded()));
        signedData.certificates.elements = new CertificateChoices[1];
        signedData.certificates.elements[0] = new CertificateChoices();
        signedData.certificates.elements[0].set_certificate(certificate);
        signedData.signerInfos = new SignerInfos(1);
        signedData.signerInfos.elements[0] = new SignerInfo();
        signedData.signerInfos.elements[0].version = new CMSVersion(1L);
        signedData.signerInfos.elements[0].sid = new SignerIdentifier();
        Asn1BerDecodeBuffer asn1BerDecodeBuffer = new Asn1BerDecodeBuffer(x509Certificate.getIssuerX500Principal().getEncoded());
        Name name = new Name();
        name.decode(asn1BerDecodeBuffer);
        signedData.signerInfos.elements[0].sid.set_issuerAndSerialNumber(new IssuerAndSerialNumber(name, new CertificateSerialNumber(x509Certificate.getSerialNumber())));
        signedData.signerInfos.elements[0].digestAlgorithm = new DigestAlgorithmIdentifier(new OID("1.2.643.2.2.9").value);
        signedData.signerInfos.elements[0].digestAlgorithm.parameters = new Asn1Null();
        signedData.signerInfos.elements[0].signatureAlgorithm = new SignatureAlgorithmIdentifier(new OID("1.2.643.2.2.19").value);
        signedData.signerInfos.elements[0].signatureAlgorithm.parameters = new Asn1Null();
        signedData.signerInfos.elements[0].signature = new SignatureValue(sign);
        Asn1BerEncodeBuffer asn1BerEncodeBuffer = new Asn1BerEncodeBuffer();
        contentInfo.encode(asn1BerEncodeBuffer, true);
        return asn1BerEncodeBuffer.getMsgCopy();
    }

    public static void main(String[] strArr) throws Exception {
        KeyStore keyStore = KeyStore.getInstance("HDImageStore");
        keyStore.load(null, null);
        PrivateKey privateKey = (PrivateKey) keyStore.getKey("gost_exch", PASSWORD);
        X509Certificate x509Certificate = (X509Certificate) keyStore.getCertificate("gost_exch");
        byte[] createPKCS7 = createPKCS7(REQUEST.getBytes(), privateKey, x509Certificate);
        if (!verifyPKCS7(createPKCS7, REQUEST.getBytes(), x509Certificate)) {
            System.err.println("Invalid signature");
            return;
        }
        System.out.println("Valid signature");
        Array.writeFile("C:\\request.xml", REQUEST.getBytes());
        Array.writeFile("C:\\pkcs7.p7s", createPKCS7);
    }

    public static boolean verifyPKCS7(byte[] bArr, byte[] bArr2, X509Certificate x509Certificate) throws Exception {
        Asn1BerDecodeBuffer asn1BerDecodeBuffer = new Asn1BerDecodeBuffer(bArr);
        ContentInfo contentInfo = new ContentInfo();
        contentInfo.decode(asn1BerDecodeBuffer);
        if (!new OID(CMStools.STR_CMS_OID_SIGNED).eq(contentInfo.contentType.value)) {
            throw new Exception("Not supported");
        }
        SignedData signedData = (SignedData) contentInfo.content;
        if (signedData.version.value != 1) {
            throw new Exception("Incorrect version");
        }
        if (!new OID(CMStools.STR_CMS_OID_DATA).eq(signedData.encapContentInfo.eContentType.value)) {
            throw new Exception("Nested not supported");
        }
        OID oid = null;
        if (bArr2 == null) {
            bArr2 = signedData.encapContentInfo.eContent != null ? signedData.encapContentInfo.eContent.value : null;
        }
        if (bArr2 == null) {
            throw new Exception("No content");
        }
        DigestAlgorithmIdentifier digestAlgorithmIdentifier = new DigestAlgorithmIdentifier(new OID("1.2.643.2.2.9").value);
        int i = 0;
        int i2 = 0;
        while (true) {
            if (i2 >= signedData.digestAlgorithms.elements.length) {
                break;
            }
            if (signedData.digestAlgorithms.elements[i2].algorithm.equals(digestAlgorithmIdentifier.algorithm)) {
                oid = new OID(signedData.digestAlgorithms.elements[i2].algorithm.value);
                break;
            }
            i2++;
        }
        if (oid == null) {
            throw new Exception("Unknown digest");
        }
        while (true) {
            if (i >= signedData.certificates.elements.length) {
                i = -1;
                break;
            }
            Asn1BerEncodeBuffer asn1BerEncodeBuffer = new Asn1BerEncodeBuffer();
            signedData.certificates.elements[i].encode(asn1BerEncodeBuffer);
            if (Arrays.equals(asn1BerEncodeBuffer.getMsgCopy(), x509Certificate.getEncoded())) {
                System.out.println("Selected certificate: " + x509Certificate.getSubjectDN());
                break;
            }
            i++;
        }
        if (i == -1) {
            throw new Exception("Not signed on certificate");
        }
        SignerInfo signerInfo = signedData.signerInfos.elements[i];
        if (signerInfo.version.value != 1) {
            throw new Exception("Incorrect version");
        }
        if (!oid.equals(new OID(signerInfo.digestAlgorithm.algorithm.value))) {
            throw new Exception("Not signed on certificate");
        }
        byte[] bArr3 = signerInfo.signature.value;
        Signature signature = Signature.getInstance("GOST3411withGOST3410EL");
        signature.initVerify(x509Certificate);
        signature.update(bArr2);
        return signature.verify(bArr3);
    }
}
