package xades;

import java.security.KeyStore;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.cert.CertStore;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.Collections;
import java.util.Map;
import javax.xml.xpath.XPathConstants;
import javax.xml.xpath.XPathFactory;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
import xades.config.IXAdESConfig;
import xades.config.XAdESConfig;
import xades.provider.GostTimeStampTokenProvider;
import xades.provider.GostTimeStampVerificationProvider;
import xades.util.GostXAdESUtility;
import xades.util.XMLUtility;
import xades4j.UnsupportedAlgorithmException;
import xades4j.algorithms.Algorithm;
import xades4j.algorithms.EnvelopedSignatureTransform;
import xades4j.algorithms.ExclusiveCanonicalXMLWithoutComments;
import xades4j.algorithms.GenericAlgorithm;
import xades4j.production.DataObjectReference;
import xades4j.production.SignedDataObjects;
import xades4j.production.XadesSigner;
import xades4j.production.XadesTSigningProfile;
import xades4j.properties.DataObjectDesc;
import xades4j.providers.impl.DefaultAlgorithmsProviderEx;
import xades4j.providers.impl.DefaultMessageDigestProvider;
import xades4j.providers.impl.DirectKeyingDataProvider;
import xades4j.providers.impl.PKIXCertificateValidationProvider;
import xades4j.verification.SignatureSpecificVerificationOptions;
import xades4j.verification.XadesVerificationProfile;

/* loaded from: classes5.dex */
public class XAdESExample extends GostXAdESUtility {
    public static final String XML_DOC = "<?xml version=\"1.0\"?>\n<PatientRecord>    \n    <Name>John Doe</Name>    \n    <Account Id=\"acct\">123456</Account>    \n    <BankInfo Id=\"bank\">ХомБанк</BankInfo>    \n    <Visit date=\"10pm March 10, 2002\">    \n        <Diagnosis>Сообщение</Diagnosis>    \n    </Visit>\n</PatientRecord>";
    public static final String XML_DOC_ID = "acct";

    public static void main(String[] strArr) throws Exception {
        signAndVerifyExample(XAdESConfig.CONFIG_2012_S);
        signAndVerifyExample(XAdESConfig.CONFIG_2012_L);
    }

    public static Document signAndVerify(IXAdESConfig iXAdESConfig, byte[] bArr, String str, Map<String, String> map, String str2, String str3, char[] cArr, Collection collection, boolean z) throws Exception {
        System.setProperty("com.sun.security.enableCRLDP", Boolean.toString(z));
        System.setProperty("com.ibm.security.enableCRLDP", Boolean.toString(z));
        Document parseFile = parseFile(bArr);
        NodeList nodeList = (NodeList) XPathFactory.newInstance().newXPath().compile(String.format("//*[@Id='%s']", str)).evaluate(parseFile, XPathConstants.NODESET);
        if (nodeList.getLength() == 0) {
            throw new Exception("Can't find node with id: " + str);
        }
        Node item = nodeList.item(0);
        KeyStore keyStore = KeyStore.getInstance(iXAdESConfig.getKeyStoreType(), iXAdESConfig.getDefaultProvider());
        keyStore.load(null, null);
        XadesSigner newSigner = new XadesTSigningProfile(new DirectKeyingDataProvider((X509Certificate) keyStore.getCertificate(iXAdESConfig.getSignatureContainer().getAlias()), (PrivateKey) keyStore.getKey(iXAdESConfig.getSignatureContainer().getAlias(), iXAdESConfig.getSignatureContainer().getPassword()))).withTimeStampTokenProvider(new GostTimeStampTokenProvider(map, iXAdESConfig.getDefaultProvider())).withDigestEngineProvider(new DefaultMessageDigestProvider() { // from class: xades.XAdESExample.2
            public MessageDigest getEngine(String str4) throws UnsupportedAlgorithmException {
                try {
                    return MessageDigest.getInstance(GostXAdESUtility.digestUri2Digest(str4));
                } catch (NoSuchAlgorithmException e) {
                    throw new UnsupportedAlgorithmException(e.getMessage(), str4, e);
                }
            }
        }).withAlgorithmsProviderEx(new DefaultAlgorithmsProviderEx() { // from class: xades.XAdESExample.1
            private String digestUrn = null;

            public Algorithm getCanonicalizationAlgorithmForSignature() {
                return new ExclusiveCanonicalXMLWithoutComments(new String[0]);
            }

            public Algorithm getCanonicalizationAlgorithmForTimeStampProperties() {
                return new ExclusiveCanonicalXMLWithoutComments(new String[0]);
            }

            public String getDigestAlgorithmForDataObjsReferences() {
                return this.digestUrn;
            }

            public String getDigestAlgorithmForReferenceProperties() {
                return this.digestUrn;
            }

            public String getDigestAlgorithmForTimeStampProperties() {
                return this.digestUrn;
            }

            public Algorithm getSignatureAlgorithm(String str4) throws UnsupportedAlgorithmException {
                this.digestUrn = GostXAdESUtility.key2DigestUrn(str4);
                return new GenericAlgorithm(GostXAdESUtility.key2SignatureUrn(str4), new Node[0]);
            }
        }).newSigner();
        DataObjectDesc dataObjectReference = new DataObjectReference("#" + str);
        dataObjectReference.withTransform(new EnvelopedSignatureTransform());
        newSigner.sign(new SignedDataObjects(new DataObjectDesc[]{dataObjectReference}), item);
        System.out.println("XAdES-T signature completed.");
        XMLUtility.saveXml2Stream(parseFile, System.out);
        NodeList elementsByTagNameNS = parseFile.getElementsByTagNameNS("http://www.w3.org/2000/09/xmldsig#", "Signature");
        if (elementsByTagNameNS.getLength() == 0) {
            throw new Exception("Cannot find Signature element");
        }
        PKIXCertificateValidationProvider pKIXCertificateValidationProvider = new PKIXCertificateValidationProvider(GostXAdESUtility.loadCertStore(str3, cArr), true, new CertStore[]{CertStore.getInstance("Collection", new CollectionCertStoreParameters(collection))});
        new XadesVerificationProfile(pKIXCertificateValidationProvider).withTimeStampTokenVerifier(new GostTimeStampVerificationProvider(pKIXCertificateValidationProvider, iXAdESConfig.getDefaultProvider())).withDigestEngineProvider(new DefaultMessageDigestProvider() { // from class: xades.XAdESExample.3
            public MessageDigest getEngine(String str4) throws UnsupportedAlgorithmException {
                try {
                    return MessageDigest.getInstance(GostXAdESUtility.digestUri2Digest(str4));
                } catch (NoSuchAlgorithmException e) {
                    throw new UnsupportedAlgorithmException(e.getMessage(), str4, e);
                }
            }
        }).newVerifier().verify((Element) elementsByTagNameNS.item(0), (SignatureSpecificVerificationOptions) null);
        System.out.println("Validation of XAdES-T completed.");
        return parseFile;
    }

    private static void signAndVerifyExample(IXAdESConfig iXAdESConfig) throws Exception {
        signAndVerify(iXAdESConfig, "<?xml version=\"1.0\"?>\n<PatientRecord>    \n    <Name>John Doe</Name>    \n    <Account Id=\"acct\">123456</Account>    \n    <BankInfo Id=\"bank\">ХомБанк</BankInfo>    \n    <Visit date=\"10pm March 10, 2002\">    \n        <Diagnosis>Сообщение</Diagnosis>    \n    </Visit>\n</PatientRecord>".getBytes("UTF-8"), "acct", GostXAdESUtility.MAP_DIGEST_OID_2_TSA_URL, WORK_DIR, TRUST_STORE, TRUST_PASSWORD, Collections.emptyList(), true);
    }

    public static Document signXAdES_T(IXAdESConfig iXAdESConfig, String str, byte[] bArr, String str2) throws Exception {
        return signAndVerify(iXAdESConfig, bArr, str2, GostXAdESUtility.MAP_DIGEST_OID_2_TSA_URL, str, TRUST_STORE, TRUST_PASSWORD, Collections.emptyList(), true);
    }

    public static void verify(Document document) throws Exception {
        NodeList elementsByTagNameNS = document.getElementsByTagNameNS("http://www.w3.org/2000/09/xmldsig#", "Signature");
        if (elementsByTagNameNS.getLength() == 0) {
            throw new Exception("Cannot find Signature element");
        }
        PKIXCertificateValidationProvider pKIXCertificateValidationProvider = new PKIXCertificateValidationProvider(GostXAdESUtility.loadCertStore(TRUST_STORE, TRUST_PASSWORD), false, new CertStore[]{CertStore.getInstance("Collection", new CollectionCertStoreParameters(Collections.emptyList()))});
        new XadesVerificationProfile(pKIXCertificateValidationProvider).withTimeStampTokenVerifier(new GostTimeStampVerificationProvider(pKIXCertificateValidationProvider, "JCP")).withDigestEngineProvider(new DefaultMessageDigestProvider() { // from class: xades.XAdESExample.4
            public MessageDigest getEngine(String str) throws UnsupportedAlgorithmException {
                try {
                    return MessageDigest.getInstance(GostXAdESUtility.digestUri2Digest(str));
                } catch (NoSuchAlgorithmException e) {
                    throw new UnsupportedAlgorithmException(e.getMessage(), str, e);
                }
            }
        }).newVerifier().verify((Element) elementsByTagNameNS.item(0), (SignatureSpecificVerificationOptions) null);
        System.out.println("Validation of XAdES-T completed.");
    }
}
