package ru.i_novus.common.sign.smev3;

import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.Signature;
import java.security.cert.X509Certificate;
import java.util.Base64;
import javax.xml.soap.SOAPBody;
import javax.xml.transform.TransformerException;
import javax.xml.xpath.XPathExpressionException;
import org.apache.xml.security.c14n.Canonicalizer;
import org.apache.xml.security.exceptions.XMLSecurityException;
import org.apache.xml.security.transforms.TransformationException;
import org.apache.xpath.XPathAPI;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Element;
import ru.i_novus.common.sign.api.SignAlgorithmType;
import ru.i_novus.common.sign.context.DSNamespaceContext;
import ru.i_novus.common.sign.util.Base64Util;
import ru.i_novus.common.sign.util.CryptoFormatConverter;
import ru.i_novus.common.sign.util.CryptoUtil;
import ru.i_novus.common.sign.util.XPathUtil;

/* loaded from: input_file:ru/i_novus/common/sign/smev3/Smev3Verifier.class */
public class Smev3Verifier {
    private static final Logger logger = LoggerFactory.getLogger(Smev3Verifier.class);

    private Smev3Verifier() {
    }

    public static boolean verifyDigest(SOAPBody sOAPBody, String str, String str2) throws TransformerException, XPathExpressionException, IOException, TransformationException {
        return verifyDigest((Element) XPathAPI.selectSingleNode(sOAPBody, "//*[attribute::*[contains(local-name(), '" + str + "' )]]"), (Element) XPathUtil.evaluate("//*[local-name() = 'Signature']", sOAPBody, new DSNamespaceContext()), str2);
    }

    public static boolean verifyDigest(Element element, Element element2, String str) throws XPathExpressionException, TransformationException, TransformerException, IOException {
        String evaluateString = XPathUtil.evaluateString("ds:SignedInfo/ds:Reference/ds:DigestValue/text()", element2, new DSNamespaceContext());
        SignAlgorithmType findByCertificate = SignAlgorithmType.findByCertificate(CryptoFormatConverter.getInstance().getCertificateFromPEMEncoded(XPathUtil.evaluateString("ds:KeyInfo/ds:X509Data/ds:X509Certificate/text()", element2, new DSNamespaceContext())));
        if (!str.equals(XPathUtil.evaluateString("ds:SignedInfo/ds:Reference/ds:DigestMethod/@Algorithm", element2, new DSNamespaceContext()))) {
            return false;
        }
        return new String(Base64.getEncoder().encode(CryptoUtil.getDigest(Smev3Util.getTransformedXml(element), findByCertificate))).equals(evaluateString);
    }

    public static boolean verifySignature(X509Certificate x509Certificate, SOAPBody sOAPBody, String str) throws XMLSecurityException, GeneralSecurityException, XPathExpressionException {
        return verifySignature(x509Certificate, (Element) XPathUtil.evaluate("//*[local-name() = 'Signature']", sOAPBody, new DSNamespaceContext()), str);
    }

    public static boolean verifySignature(X509Certificate x509Certificate, Element element, String str) throws XMLSecurityException, GeneralSecurityException, XPathExpressionException {
        SignAlgorithmType findByCertificate = SignAlgorithmType.findByCertificate(x509Certificate);
        Element element2 = (Element) XPathUtil.evaluate("//*[local-name() = 'SignedInfo']", element, new DSNamespaceContext());
        byte[] canonicalizeSubtree = Canonicalizer.getInstance("http://www.w3.org/2001/10/xml-exc-c14n#").canonicalizeSubtree(element2);
        String evaluateString = XPathUtil.evaluateString("ds:SignatureValue/text()", element, new DSNamespaceContext());
        if (evaluateString == null) {
            throw new RuntimeException("retrieving encoded signature value");
        }
        byte[] base64Decoded = Base64Util.getBase64Decoded(evaluateString.trim());
        String evaluateString2 = XPathUtil.evaluateString("ds:SignatureMethod/@Algorithm", element2, new DSNamespaceContext());
        if (evaluateString2 == null) {
            throw new RuntimeException("retrieving signature method algorithm");
        }
        if (!str.equals(evaluateString2)) {
            return false;
        }
        Signature signatureInstance = CryptoUtil.getSignatureInstance(findByCertificate);
        signatureInstance.initVerify(x509Certificate);
        signatureInstance.update(canonicalizeSubtree);
        return signatureInstance.verify(base64Decoded);
    }
}
