package wss4j.examples;

import java.io.FileInputStream;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.cert.Certificate;
import java.util.ArrayList;
import java.util.Collections;
import javax.security.auth.callback.CallbackHandler;
import javax.xml.crypto.XMLStructure;
import javax.xml.crypto.dsig.SignedInfo;
import javax.xml.crypto.dsig.Transform;
import javax.xml.crypto.dsig.XMLSignatureFactory;
import javax.xml.crypto.dsig.dom.DOMSignContext;
import javax.xml.crypto.dsig.keyinfo.KeyInfo;
import javax.xml.crypto.dsig.keyinfo.KeyInfoFactory;
import javax.xml.crypto.dsig.spec.C14NMethodParameterSpec;
import javax.xml.crypto.dsig.spec.DigestMethodParameterSpec;
import javax.xml.crypto.dsig.spec.SignatureMethodParameterSpec;
import javax.xml.crypto.dsig.spec.TransformParameterSpec;
import org.apache.ws.security.WSSConfig;
import org.apache.ws.security.WSSecurityEngine;
import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.components.crypto.Merlin;
import org.apache.ws.security.message.WSSecHeader;
import org.apache.ws.security.message.WSSecSignature;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import ru.CryptoPro.JCP.KeyStore.JCPPrivateKeyEntry;
import ru.CryptoPro.JCPxml.Consts;
import ru.CryptoPro.XAdES.SignatureTimeStamp;
import ru.CryptoPro.XAdES.util.XMLUtils;
import xades.config.IXAdESConfig;
import xades.config.XAdESConfig;
import xades.util.GostXAdESUtility;
import xades.util.IXAdESCommon;

/* loaded from: classes5.dex */
public class SMEVSignBodyThenSecurity extends GostXAdESUtility {
    public static final IXAdESConfig CONFIG_2001 = XAdESConfig.CONFIG_2001_S;
    public static Crypto keyLoader = null;
    public static final String securityAlias = "GisSignContainer";
    public static final String securityPassword = "1";

    private static JCPPrivateKeyEntry getKeyEntry() throws Exception {
        KeyStore keyStore = KeyStore.getInstance("HDImageStore");
        keyStore.load(null, null);
        IXAdESConfig iXAdESConfig = CONFIG_2001;
        return new JCPPrivateKeyEntry((PrivateKey) keyStore.getKey(iXAdESConfig.getSignatureContainer().getAlias(), iXAdESConfig.getSignatureContainer().getPassword()), new Certificate[]{keyStore.getCertificate(iXAdESConfig.getSignatureContainer().getAlias())});
    }

    public static void main(String[] strArr) throws Exception {
        signSecurity(signBody(GostXAdESUtility.parseFile(TRUST_DIR + "template.xml"), WORK_DIR + "result.signed_doc.xml", getKeyEntry()), WORK_DIR + "result.signed_security.xml", "GisSignContainer", "1");
    }

    public static Document signBody(Document document, String str, JCPPrivateKeyEntry jCPPrivateKeyEntry) throws Exception {
        XMLSignatureFactory xMLSignatureFactory = XMLSignatureFactory.getInstance("DOM", (Provider) Class.forName(IXAdESCommon.providerName).newInstance());
        Element documentElement = document.getDocumentElement();
        SignedInfo newSignedInfo = xMLSignatureFactory.newSignedInfo(xMLSignatureFactory.newCanonicalizationMethod(SignatureTimeStamp.DEFAULT_CANONICALIZATION_ALGORITHM, (C14NMethodParameterSpec) null), xMLSignatureFactory.newSignatureMethod("http://www.w3.org/2001/04/xmldsig-more#gostr34102001-gostr3411", (SignatureMethodParameterSpec) null), Collections.singletonList(xMLSignatureFactory.newReference("", xMLSignatureFactory.newDigestMethod(Consts.URI_GOST_DIGEST, (DigestMethodParameterSpec) null), new ArrayList<Transform>(xMLSignatureFactory) { // from class: wss4j.examples.SMEVSignBodyThenSecurity.1
            final /* synthetic */ XMLSignatureFactory val$sigFactory;

            {
                this.val$sigFactory = xMLSignatureFactory;
                add(xMLSignatureFactory.newTransform("http://www.w3.org/2000/09/xmldsig#enveloped-signature", (TransformParameterSpec) null));
                add(xMLSignatureFactory.newTransform(SignatureTimeStamp.DEFAULT_CANONICALIZATION_ALGORITHM, (XMLStructure) null));
            }
        }, (String) null, (String) null)));
        KeyInfoFactory keyInfoFactory = xMLSignatureFactory.getKeyInfoFactory();
        KeyInfo newKeyInfo = keyInfoFactory.newKeyInfo(Collections.singletonList(keyInfoFactory.newX509Data(Collections.singletonList(jCPPrivateKeyEntry.getCertificate()))));
        xMLSignatureFactory.newXMLSignature(newSignedInfo, newKeyInfo).sign(new DOMSignContext(jCPPrivateKeyEntry.getPrivateKey(), documentElement));
        if (str != null) {
            XMLUtils.saveXml2File(document, str, false);
        }
        return document;
    }

    public static Document signSecurity(Document document, String str, String str2, String str3) throws Exception {
        WSSConfig.setAddJceProviders(false);
        WSSConfig wSSConfig = new WSSConfig();
        wSSConfig.setWsiBSPCompliant(false);
        Merlin merlin = new Merlin();
        KeyStore keyStore = KeyStore.getInstance("HDImageStore");
        keyStore.load(null, null);
        KeyStore keyStore2 = KeyStore.getInstance("CertStore", "JCP");
        keyStore2.load(new FileInputStream(TRUST_STORE), TRUST_PASSWORD);
        merlin.setKeyStore(keyStore);
        merlin.setTrustStore(keyStore2);
        keyLoader = merlin;
        WSSecHeader wSSecHeader = new WSSecHeader();
        wSSecHeader.setMustUnderstand(true);
        wSSecHeader.setActor(IXAdESCommon.ACTOR);
        wSSecHeader.insertSecurityHeader(document);
        WSSecSignature wSSecSignature = new WSSecSignature();
        wSSecSignature.setWsConfig(wSSConfig);
        wSSecSignature.setUserInfo(str2, str3);
        wSSecSignature.setKeyIdentifierType(1);
        wSSecSignature.setSignatureAlgorithm("http://www.w3.org/2001/04/xmldsig-more#gostr34102001-gostr3411");
        wSSecSignature.setDigestAlgo(Consts.URI_GOST_DIGEST);
        Document build = wSSecSignature.build(document, keyLoader, wSSecHeader);
        if (str != null) {
            XMLUtils.saveXml2File(build, str, true);
        }
        WSSecurityEngine wSSecurityEngine = new WSSecurityEngine();
        wSSecurityEngine.setWssConfig(wSSConfig);
        System.out.println(wSSecurityEngine.processSecurityHeader(build, IXAdESCommon.ACTOR, (CallbackHandler) null, keyLoader));
        return build;
    }
}
