package ru.i_novus.common.sign.smev3;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.soap.SOAPBody;
import javax.xml.soap.SOAPException;
import javax.xml.soap.SOAPMessage;
import javax.xml.transform.TransformerException;
import org.apache.commons.lang3.StringUtils;
import org.apache.xml.security.c14n.Canonicalizer;
import org.apache.xml.security.exceptions.XMLSecurityException;
import org.apache.xml.security.transforms.TransformationException;
import org.apache.xpath.XPathAPI;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
import ru.i_novus.common.sign.api.SignAlgorithmType;
import ru.i_novus.common.sign.smev3.enums.Smev3ConvertEnum;
import ru.i_novus.common.sign.util.Base64Util;
import ru.i_novus.common.sign.util.CryptoFormatConverter;
import ru.i_novus.common.sign.util.CryptoIO;
import ru.i_novus.common.sign.util.CryptoUtil;
import ru.i_novus.common.sign.util.DomUtil;

/* loaded from: input_file:ru/i_novus/common/sign/smev3/Smev3RequestSigner.class */
public final class Smev3RequestSigner {
    public static final String CALLER_INFORM_SYSTEM_SIGNATURE_ELEMENT_NAME = "CallerInformationSystemSignature";
    public static final String REFERENCE_URI_ATTRIBUTE_NAME = "Id";
    private static final String SMEV3_MESSAGE_EXCH_TYPES_NAMESPACE_PREFIX = "urn://x-artefacts-smev-gov-ru/services/message-exchange/types/";

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: ru.i_novus.common.sign.smev3.Smev3RequestSigner$1, reason: invalid class name */
    /* loaded from: input_file:ru/i_novus/common/sign/smev3/Smev3RequestSigner$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$ru$i_novus$common$sign$api$SignAlgorithmType = new int[SignAlgorithmType.values().length];

        static {
            try {
                $SwitchMap$ru$i_novus$common$sign$api$SignAlgorithmType[SignAlgorithmType.ECGOST3410.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$ru$i_novus$common$sign$api$SignAlgorithmType[SignAlgorithmType.ECGOST3410_2012_256.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$ru$i_novus$common$sign$api$SignAlgorithmType[SignAlgorithmType.ECGOST3410_2012_512.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
        }
    }

    private Smev3RequestSigner() {
    }

    public static void signSmev3RequestWithPkcs12(SOAPMessage sOAPMessage, String str, String str2) throws IOException, XMLSecurityException, SOAPException, GeneralSecurityException, TransformerException, ParserConfigurationException {
        CryptoIO cryptoIO = CryptoIO.getInstance();
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(Base64Util.getBase64Decoded(str));
        try {
            KeyStore pkcs12KeyStore = cryptoIO.getPkcs12KeyStore(byteArrayInputStream, str2);
            sign(sOAPMessage, cryptoIO.readPrivateKeyFromPKCS12(pkcs12KeyStore, str2), cryptoIO.readCertificateFromPKCS12(pkcs12KeyStore));
            byteArrayInputStream.close();
        } catch (Throwable th) {
            try {
                byteArrayInputStream.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    public static void signSmev3Request(SOAPMessage sOAPMessage, String str, String str2) throws XMLSecurityException, SOAPException, GeneralSecurityException, TransformerException, IOException, ParserConfigurationException {
        CryptoFormatConverter cryptoFormatConverter = CryptoFormatConverter.getInstance();
        X509Certificate certificateFromPEMEncoded = cryptoFormatConverter.getCertificateFromPEMEncoded(str);
        sign(sOAPMessage, cryptoFormatConverter.getPKFromPEMEncoded(SignAlgorithmType.findByCertificate(certificateFromPEMEncoded), str2), certificateFromPEMEncoded);
    }

    public static Element signSmev3Request(Element element, String str, String str2) throws XMLSecurityException, GeneralSecurityException, TransformerException, IOException, ParserConfigurationException {
        CryptoFormatConverter cryptoFormatConverter = CryptoFormatConverter.getInstance();
        X509Certificate certificateFromPEMEncoded = cryptoFormatConverter.getCertificateFromPEMEncoded(str2);
        PrivateKey pKFromPEMEncoded = cryptoFormatConverter.getPKFromPEMEncoded(SignAlgorithmType.findByAlgorithmName(certificateFromPEMEncoded.getSigAlgName()), str);
        return sign(element.getOwnerDocument(), element.getAttribute(REFERENCE_URI_ATTRIBUTE_NAME), pKFromPEMEncoded, certificateFromPEMEncoded);
    }

    public static Element signSmev3RequestWithPkcs12(Element element, String str, String str2) throws IOException, XMLSecurityException, GeneralSecurityException, TransformerException, ParserConfigurationException {
        CryptoIO cryptoIO = CryptoIO.getInstance();
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(Base64Util.getBase64Decoded(str));
        try {
            KeyStore pkcs12KeyStore = cryptoIO.getPkcs12KeyStore(byteArrayInputStream, str2);
            Element sign = sign(element, cryptoIO.readPrivateKeyFromPKCS12(pkcs12KeyStore, str2), cryptoIO.readCertificateFromPKCS12(pkcs12KeyStore));
            byteArrayInputStream.close();
            return sign;
        } catch (Throwable th) {
            try {
                byteArrayInputStream.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    public static void sign(SOAPMessage sOAPMessage, PrivateKey privateKey, X509Certificate x509Certificate) throws SOAPException, GeneralSecurityException, XMLSecurityException, TransformerException, IOException, ParserConfigurationException {
        SOAPBody body = sOAPMessage.getSOAPPart().getEnvelope().getBody();
        Node actionNode = getActionNode(body);
        Node appendChild = actionNode.appendChild(body.getOwnerDocument().createElementNS(actionNode.getNamespaceURI(), CALLER_INFORM_SYSTEM_SIGNATURE_ELEMENT_NAME));
        appendChild.setPrefix("ns2");
        appendChild.appendChild(body.getOwnerDocument().importNode(sign(body.getOwnerDocument(), getContentId(actionNode), privateKey, x509Certificate), true));
    }

    public static Element sign(Element element, PrivateKey privateKey, X509Certificate x509Certificate) throws XMLSecurityException, GeneralSecurityException, TransformerException, IOException, ParserConfigurationException {
        return sign(element.getOwnerDocument(), element.getAttribute(REFERENCE_URI_ATTRIBUTE_NAME), privateKey, x509Certificate);
    }

    public static Element createSignatureElements(String str, String str2, SignAlgorithmType signAlgorithmType) throws ParserConfigurationException {
        Document newDocument = DomUtil.newDocument();
        Element createElementNS = newDocument.createElementNS("http://www.w3.org/2000/09/xmldsig#", "ds:Signature");
        newDocument.appendChild(createElementNS);
        createElementNS.setAttribute("xmlns:ds", "http://www.w3.org/2000/09/xmldsig#");
        Element element = (Element) createElementNS.appendChild(newDocument.createElementNS("http://www.w3.org/2000/09/xmldsig#", "ds:SignedInfo"));
        ((Element) element.appendChild(newDocument.createElementNS("http://www.w3.org/2000/09/xmldsig#", "ds:CanonicalizationMethod"))).setAttribute("Algorithm", "http://www.w3.org/2001/10/xml-exc-c14n#");
        ((Element) element.appendChild(newDocument.createElementNS("http://www.w3.org/2000/09/xmldsig#", "ds:SignatureMethod"))).setAttribute("Algorithm", getSignatureMethodAlgorithm(signAlgorithmType));
        Element element2 = (Element) element.appendChild(newDocument.createElementNS("http://www.w3.org/2000/09/xmldsig#", "ds:Reference"));
        element2.setAttribute("URI", "#" + str);
        Element element3 = (Element) element2.appendChild(newDocument.createElementNS("http://www.w3.org/2000/09/xmldsig#", "ds:Transforms"));
        ((Element) element3.appendChild(newDocument.createElementNS("http://www.w3.org/2000/09/xmldsig#", "ds:Transform"))).setAttribute("Algorithm", "http://www.w3.org/2001/10/xml-exc-c14n#");
        ((Element) element3.appendChild(newDocument.createElementNS("http://www.w3.org/2000/09/xmldsig#", "ds:Transform"))).setAttribute("Algorithm", "urn://smev-gov-ru/xmldsig/transform");
        ((Element) element2.appendChild(newDocument.createElementNS("http://www.w3.org/2000/09/xmldsig#", "ds:DigestMethod"))).setAttribute("Algorithm", getDigestMethodAlgorithm(signAlgorithmType));
        element2.appendChild(newDocument.createElementNS("http://www.w3.org/2000/09/xmldsig#", "ds:DigestValue"));
        createElementNS.appendChild(newDocument.createElementNS("http://www.w3.org/2000/09/xmldsig#", "ds:SignatureValue"));
        ((Element) ((Element) ((Element) createElementNS.appendChild(newDocument.createElementNS("http://www.w3.org/2000/09/xmldsig#", "ds:KeyInfo"))).appendChild(newDocument.createElementNS("http://www.w3.org/2000/09/xmldsig#", "ds:X509Data"))).appendChild(newDocument.createElementNS("http://www.w3.org/2000/09/xmldsig#", "ds:X509Certificate"))).setTextContent(str2);
        return newDocument.getDocumentElement();
    }

    private static Node getActionNode(Element element) {
        Node nodeFirstChild = DomUtil.getNodeFirstChild(element);
        if (nodeFirstChild == null || Smev3ConvertEnum.fromValue(nodeFirstChild.getLocalName()) == null) {
            throw new IllegalArgumentException("Не найден корневой элемент СМЭВ-конверта");
        }
        if (nodeFirstChild.getNamespaceURI().startsWith(SMEV3_MESSAGE_EXCH_TYPES_NAMESPACE_PREFIX)) {
            return nodeFirstChild;
        }
        throw new IllegalArgumentException("Некорректный NamespaceURI корневого элемента СМЭВ-конверта");
    }

    private static String getContentId(Node node) {
        String str = null;
        NodeList childNodes = node.getChildNodes();
        int i = 0;
        while (true) {
            if (i >= childNodes.getLength()) {
                break;
            }
            Node item = childNodes.item(i);
            if (item instanceof Element) {
                String attribute = ((Element) item).getAttribute(REFERENCE_URI_ATTRIBUTE_NAME);
                if (!StringUtils.isEmpty(attribute)) {
                    str = attribute;
                    break;
                }
            }
            i++;
        }
        return str;
    }

    private static Element sign(Document document, String str, PrivateKey privateKey, X509Certificate x509Certificate) throws XMLSecurityException, GeneralSecurityException, TransformerException, IOException, ParserConfigurationException {
        return sign(document, str, privateKey, x509Certificate, CryptoFormatConverter.getInstance().getPEMEncodedCertificate(x509Certificate));
    }

    private static Element sign(Document document, String str, PrivateKey privateKey, X509Certificate x509Certificate, String str2) throws XMLSecurityException, GeneralSecurityException, TransformerException, ParserConfigurationException, IOException {
        Element element = (Element) XPathAPI.selectSingleNode(document, "//*[attribute::*[contains(local-name(), 'Id')]]");
        SignAlgorithmType findByCertificate = SignAlgorithmType.findByCertificate(x509Certificate);
        Element createSignatureElements = createSignatureElements(str, str2, findByCertificate);
        genericDigestValue(element, createSignatureElements, findByCertificate);
        signDigestValue(privateKey, findByCertificate, createSignatureElements);
        return createSignatureElements;
    }

    private static void signDigestValue(PrivateKey privateKey, SignAlgorithmType signAlgorithmType, Element element) throws XMLSecurityException, GeneralSecurityException, TransformerException {
        XPathAPI.selectSingleNode(element, "ds:SignatureValue").setTextContent(new String(Base64Util.getBase64Encoded(CryptoUtil.getSignature(Canonicalizer.getInstance("http://www.w3.org/2001/10/xml-exc-c14n#").canonicalizeSubtree(XPathAPI.selectSingleNode(element, "ds:SignedInfo")), privateKey, signAlgorithmType))));
    }

    public static String getSignatureMethodAlgorithm(SignAlgorithmType signAlgorithmType) {
        String signUrn;
        switch (AnonymousClass1.$SwitchMap$ru$i_novus$common$sign$api$SignAlgorithmType[signAlgorithmType.ordinal()]) {
            case 1:
                signUrn = signAlgorithmType.getSignUri();
                break;
            case 2:
            case 3:
                signUrn = signAlgorithmType.getSignUrn();
                break;
            default:
                throw new IllegalArgumentException("Signature algorithm type " + signAlgorithmType + " is not supported.");
        }
        return signUrn;
    }

    public static String getDigestMethodAlgorithm(SignAlgorithmType signAlgorithmType) {
        String digestUrn;
        switch (AnonymousClass1.$SwitchMap$ru$i_novus$common$sign$api$SignAlgorithmType[signAlgorithmType.ordinal()]) {
            case 1:
                digestUrn = signAlgorithmType.getDigestUri();
                break;
            case 2:
            case 3:
                digestUrn = signAlgorithmType.getDigestUrn();
                break;
            default:
                throw new IllegalArgumentException("Signature algorithm type " + signAlgorithmType + " is not supported.");
        }
        return digestUrn;
    }

    private static void genericDigestValue(Element element, Element element2, SignAlgorithmType signAlgorithmType) throws TransformerException, IOException, TransformationException {
        XPathAPI.selectSingleNode(element2, "ds:SignedInfo/ds:Reference/ds:DigestValue").setTextContent(new String(Base64Util.getBase64Encoded(CryptoUtil.getDigest(Smev3Util.getTransformedXml(element), signAlgorithmType))));
    }
}
