package JCPxml.dsig.internal.xmldsigri.tests;

import java.io.ByteArrayInputStream;
import java.security.Key;
import java.security.KeyException;
import java.security.Provider;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.util.Iterator;
import java.util.List;
import javax.xml.crypto.AlgorithmMethod;
import javax.xml.crypto.KeySelector;
import javax.xml.crypto.KeySelectorException;
import javax.xml.crypto.KeySelectorResult;
import javax.xml.crypto.XMLCryptoContext;
import javax.xml.crypto.XMLStructure;
import javax.xml.crypto.dsig.Reference;
import javax.xml.crypto.dsig.SignatureMethod;
import javax.xml.crypto.dsig.XMLSignature;
import javax.xml.crypto.dsig.XMLSignatureFactory;
import javax.xml.crypto.dsig.dom.DOMValidateContext;
import javax.xml.crypto.dsig.keyinfo.KeyInfo;
import javax.xml.crypto.dsig.keyinfo.KeyValue;
import javax.xml.crypto.dsig.keyinfo.X509Data;
import javax.xml.parsers.DocumentBuilderFactory;
import org.apache.xml.security.Init;
import org.w3c.dom.NodeList;
import ru.CryptoPro.JCP.tools.Array;
import ru.CryptoPro.JCPxml.xmldsig.JCPXMLDSigInit;
import ru.xml.tools.DocumentBuilderFactoryHelper;
import ru.xml.tools.XmlFeatureHelper;
import xades.util.IXAdESCommon;

/* loaded from: classes.dex */
public class ValidateXMLSig {

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public static class KeyValueKeySelector extends KeySelector {
        private KeyValueKeySelector() {
        }

        public KeySelectorResult select(KeyInfo keyInfo, KeySelector.Purpose purpose, AlgorithmMethod algorithmMethod, XMLCryptoContext xMLCryptoContext) throws KeySelectorException {
            if (keyInfo == null) {
                throw new KeySelectorException("Null KeyInfo object!");
            }
            SignatureMethod signatureMethod = (SignatureMethod) algorithmMethod;
            List content = keyInfo.getContent();
            for (int i = 0; i < content.size(); i++) {
                KeyValue keyValue = (XMLStructure) content.get(i);
                if (keyValue instanceof KeyValue) {
                    try {
                        PublicKey publicKey = keyValue.getPublicKey();
                        if (X509CertificateSelector.algEquals(signatureMethod.getAlgorithm(), publicKey.getAlgorithm())) {
                            return new SimpleKeySelectorResult(publicKey);
                        }
                    } catch (KeyException e) {
                        throw new KeySelectorException(e);
                    }
                }
            }
            throw new KeySelectorException("No KeyValue element found!");
        }
    }

    /* loaded from: classes.dex */
    public enum SignatureMethodType {
        SIGN_WITH_KEY,
        SIGN_WITH_CERT
    }

    /* loaded from: classes.dex */
    private static class SimpleKeySelectorResult implements KeySelectorResult {
        private PublicKey pk;

        SimpleKeySelectorResult(PublicKey publicKey) {
            this.pk = publicKey;
        }

        public Key getKey() {
            return this.pk;
        }
    }

    /* loaded from: classes.dex */
    public static class X509CertificateSelector extends KeySelector {
        static boolean algEquals(String str, String str2) {
            if (str2.equalsIgnoreCase("DSA") && str.equalsIgnoreCase("http://www.w3.org/2000/09/xmldsig#dsa-sha1")) {
                return true;
            }
            if (str2.equalsIgnoreCase("RSA") && str.equalsIgnoreCase("http://www.w3.org/2000/09/xmldsig#rsa-sha1")) {
                return true;
            }
            if (str2.equalsIgnoreCase("GOST3410EL") && (str.equalsIgnoreCase("http://www.w3.org/2001/04/xmldsig-more#gostr34102001-gostr3411") || str.equalsIgnoreCase("urn:ietf:params:xml:ns:cpxmlsec:algorithms:gostr34102001-gostr3411"))) {
                return true;
            }
            if (str2.equalsIgnoreCase("GOST3410_2012_256") && str.equalsIgnoreCase("urn:ietf:params:xml:ns:cpxmlsec:algorithms:gostr34102012-gostr34112012-256")) {
                return true;
            }
            return str2.equalsIgnoreCase("GOST3410_2012_512") && str.equalsIgnoreCase("urn:ietf:params:xml:ns:cpxmlsec:algorithms:gostr34102012-gostr34112012-512");
        }

        public KeySelectorResult select(KeyInfo keyInfo, KeySelector.Purpose purpose, AlgorithmMethod algorithmMethod, XMLCryptoContext xMLCryptoContext) throws KeySelectorException {
            if (keyInfo == null) {
                throw new KeySelectorException("Null KeyInfo object!");
            }
            SignatureMethod signatureMethod = (SignatureMethod) algorithmMethod;
            List content = keyInfo.getContent();
            for (int i = 0; i < content.size(); i++) {
                X509Data x509Data = (XMLStructure) content.get(i);
                if (x509Data instanceof X509Data) {
                    X509Certificate x509Certificate = (X509Certificate) x509Data.getContent().get(0);
                    PublicKey publicKey = x509Certificate.getPublicKey();
                    if (algEquals(signatureMethod.getAlgorithm(), publicKey.getAlgorithm())) {
                        System.out.println("Verify by certificate #" + x509Certificate.getSerialNumber().toString(16) + " " + x509Certificate.getSubjectDN());
                        return new SimpleKeySelectorResult(publicKey);
                    }
                }
            }
            throw new KeySelectorException("No KeyValue element found!");
        }
    }

    public static void main(String[] strArr) throws Exception {
        if (strArr.length < 3) {
            System.out.println("Usage: java ValidateXMLSig <fileName> <provider name> <method>");
            throw new Exception("Invalid usage");
        }
        String str = strArr[1];
        String str2 = strArr[2];
        Init.init();
        JCPXMLDSigInit.init();
        SignatureMethodType signatureMethodType = SignatureMethodType.SIGN_WITH_KEY;
        if (str2.equalsIgnoreCase("CERT")) {
            signatureMethodType = SignatureMethodType.SIGN_WITH_CERT;
        }
        main0(Array.readFile(strArr[0]), signatureMethodType, str);
    }

    public static void main0(byte[] bArr, SignatureMethodType signatureMethodType, String str) throws Exception {
        JCPXMLDSigInit.init();
        DocumentBuilderFactory newInstance = DocumentBuilderFactoryHelper.newInstance();
        if (XmlFeatureHelper.XML_XXE_PROTECTED) {
            newInstance.setFeature("http://javax.xml.XMLConstants/feature/secure-processing", true);
            newInstance.setFeature("http://xml.org/sax/features/external-general-entities", false);
            newInstance.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
        }
        newInstance.setNamespaceAware(true);
        NodeList elementsByTagNameNS = newInstance.newDocumentBuilder().parse(new ByteArrayInputStream(bArr)).getElementsByTagNameNS("http://www.w3.org/2000/09/xmldsig#", "Signature");
        if (elementsByTagNameNS.getLength() == 0) {
            throw new Exception("Cannot find Signature element");
        }
        XMLSignatureFactory xMLSignatureFactory = XMLSignatureFactory.getInstance("DOM", (Provider) Class.forName(IXAdESCommon.providerName).newInstance());
        for (int i = 0; i < elementsByTagNameNS.getLength(); i++) {
            DOMValidateContext dOMValidateContext = new DOMValidateContext(signatureMethodType == SignatureMethodType.SIGN_WITH_KEY ? new KeyValueKeySelector() : new X509CertificateSelector(), elementsByTagNameNS.item(i));
            dOMValidateContext.setProperty("org.jcp.xml.dsig.internal.dom.SignatureProvider", str);
            XMLSignature unmarshalXMLSignature = xMLSignatureFactory.unmarshalXMLSignature(dOMValidateContext);
            boolean validate = unmarshalXMLSignature.validate(dOMValidateContext);
            if (validate) {
                System.out.println(String.format("Signature %s passed core validation", Integer.valueOf(i)));
            } else {
                System.out.println(String.format("Signature %s failed core validation", Integer.valueOf(i)));
                System.out.println(String.format("Signature %s validation status: %s", Integer.valueOf(i), Boolean.valueOf(unmarshalXMLSignature.getSignatureValue().validate(dOMValidateContext))));
                Iterator it = unmarshalXMLSignature.getSignedInfo().getReferences().iterator();
                int i2 = 0;
                while (it.hasNext()) {
                    System.out.println(String.format("Signature %s ref['%s'] validity status: %s", Integer.valueOf(i), Integer.valueOf(i2), Boolean.valueOf(((Reference) it.next()).validate(dOMValidateContext))));
                    i2++;
                }
            }
            if (!validate) {
                throw new Exception("Invalid signature detected");
            }
        }
    }
}
