package ru.i_novus.common.sign.soap;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.time.ZonedDateTime;
import java.time.format.DateTimeFormatter;
import java.util.Iterator;
import java.util.UUID;
import javax.xml.namespace.QName;
import javax.xml.soap.SOAPElement;
import javax.xml.soap.SOAPException;
import javax.xml.soap.SOAPHeaderElement;
import javax.xml.soap.SOAPMessage;
import javax.xml.transform.TransformerException;
import javax.xml.transform.stream.StreamSource;
import org.apache.commons.lang3.StringUtils;
import org.apache.xml.security.c14n.CanonicalizationException;
import org.apache.xml.security.c14n.Canonicalizer;
import org.apache.xml.security.c14n.InvalidCanonicalizerException;
import org.apache.xpath.XPathAPI;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
import ru.i_novus.common.sign.api.SignAlgorithmType;
import ru.i_novus.common.sign.soap.dto.SecurityElementInfo;
import ru.i_novus.common.sign.util.Base64Util;
import ru.i_novus.common.sign.util.CryptoFormatConverter;
import ru.i_novus.common.sign.util.CryptoUtil;
import ru.i_novus.common.sign.util.DomUtil;

/* loaded from: input_file:ru/i_novus/common/sign/soap/GostSoapSignature.class */
public class GostSoapSignature {
    public static final String WSSE_NS = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
    public static final String WSU_NS = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
    public static final String DS_NS = "http://www.w3.org/2000/09/xmldsig#";
    public static final String BASE64_ENCODING = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary";
    public static final String X509_V3_TYPE = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3";
    public static final DateTimeFormatter DATE_TIME_FORMATTER = DateTimeFormatter.ISO_INSTANT;
    public static final String BODY_REFERENCE_ID = "body";
    public static final String DIGEST_VALUE_LOCAL_NAME = "DigestValue";
    public static final String CERT_ID_LOCAL_NAME = "CertId";
    public static final String REFERENCE_LIST_XPATH = "//*[@wsu:Id[namespace-uri()='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'] and not(local-name()='BinarySecurityToken') and not(local-name()='RelatesTo')]";

    private GostSoapSignature() {
    }

    public static void addSecurityElement(SecurityElementInfo securityElementInfo) throws SOAPException {
        SOAPElement addHeaderElement;
        String actor = securityElementInfo.getActor();
        SOAPMessage message = securityElementInfo.getMessage();
        SignAlgorithmType signAlgorithmType = securityElementInfo.getSignAlgorithmType();
        if (StringUtils.isBlank(actor)) {
            addHeaderElement = message.getSOAPHeader().addChildElement("Security", "wsse");
        } else {
            addHeaderElement = message.getSOAPHeader().addHeaderElement(new QName(WSSE_NS, "Security", "wsse"));
            ((SOAPHeaderElement) addHeaderElement).setActor(actor);
        }
        String str = "X509-" + UUID.randomUUID().toString();
        addBinarySecurityTokenElement(addHeaderElement, str, CryptoFormatConverter.getInstance().getPEMEncodedCertificate(securityElementInfo.getCertificate()));
        SOAPElement addChildElement = addHeaderElement.addChildElement("Signature", "ds");
        addChildElement.setAttribute("Id", "SIG-" + UUID.randomUUID().toString());
        SOAPElement addChildElement2 = addChildElement.addChildElement("SignedInfo", "ds");
        addChildElement2.addChildElement("CanonicalizationMethod", "ds").setAttribute("Algorithm", "http://www.w3.org/2001/10/xml-exc-c14n#");
        addChildElement2.addChildElement("SignatureMethod", "ds").setAttribute("Algorithm", securityElementInfo.getSignAlgorithmType().getSignUri());
        addReferenceElement(signAlgorithmType, addChildElement2, securityElementInfo.getBodyReferenceId());
        String str2 = "TS-" + UUID.randomUUID().toString();
        addReferenceElement(signAlgorithmType, addChildElement2, str2);
        addReferenceElement(signAlgorithmType, addChildElement2, securityElementInfo.getMessageIdReferenceId());
        addReferenceElement(signAlgorithmType, addChildElement2, securityElementInfo.getReplyToReferenceId());
        addReferenceElement(signAlgorithmType, addChildElement2, securityElementInfo.getToReferenceId());
        addReferenceElement(signAlgorithmType, addChildElement2, securityElementInfo.getActionReferenceId());
        addChildElement.addChildElement("SignatureValue", "ds");
        addKeyInfoElementWithId(addChildElement, str);
        addTimestampElement(addHeaderElement, securityElementInfo.getExpireDateTime(), str2);
    }

    public static void addSecurityElement(SOAPMessage sOAPMessage, String str, String str2, SignAlgorithmType signAlgorithmType) throws SOAPException {
        SOAPElement addHeaderElement;
        if (StringUtils.isBlank(str2)) {
            addHeaderElement = sOAPMessage.getSOAPHeader().addChildElement("Security", "wsse");
        } else {
            addHeaderElement = sOAPMessage.getSOAPHeader().addHeaderElement(new QName(WSSE_NS, "Security", "wsse"));
            ((SOAPHeaderElement) addHeaderElement).setActor(str2);
        }
        SOAPElement addChildElement = addHeaderElement.addChildElement("Signature", "ds");
        SOAPElement addChildElement2 = addChildElement.addChildElement("SignedInfo", "ds");
        addChildElement2.addChildElement("CanonicalizationMethod", "ds").setAttribute("Algorithm", "http://www.w3.org/2001/10/xml-exc-c14n#");
        addChildElement2.addChildElement("SignatureMethod", "ds").setAttribute("Algorithm", signAlgorithmType.getSignUri());
        addReferenceElement(signAlgorithmType, addChildElement2, BODY_REFERENCE_ID);
        addChildElement.addChildElement("SignatureValue", "ds");
        addKeyInfoElement(addChildElement, CERT_ID_LOCAL_NAME);
        addBinarySecurityTokenElement(addHeaderElement, CERT_ID_LOCAL_NAME, str);
    }

    public static void addSecurityElement(SOAPMessage sOAPMessage, X509Certificate x509Certificate, String str) throws SOAPException {
        addSecurityElement(sOAPMessage, CryptoFormatConverter.getInstance().getPEMEncodedCertificate(x509Certificate), str, SignAlgorithmType.findByCertificate(x509Certificate));
    }

    public static void sign(SOAPMessage sOAPMessage, String str, SignAlgorithmType signAlgorithmType) throws IOException, SOAPException, TransformerException, InvalidCanonicalizerException, CanonicalizationException, GeneralSecurityException {
        sign(sOAPMessage, CryptoFormatConverter.getInstance().getPKFromPEMEncoded(signAlgorithmType, str), signAlgorithmType);
    }

    public static void sign(SOAPMessage sOAPMessage, PrivateKey privateKey, SignAlgorithmType signAlgorithmType) throws IOException, SOAPException, TransformerException, InvalidCanonicalizerException, CanonicalizationException, GeneralSecurityException {
        sOAPMessage.saveChanges();
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            sOAPMessage.writeTo(byteArrayOutputStream);
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(byteArrayOutputStream.toByteArray());
            try {
                sOAPMessage.getSOAPPart().setContent(new StreamSource(byteArrayInputStream));
                byteArrayInputStream.close();
                byteArrayOutputStream.close();
                NodeList selectNodeList = XPathAPI.selectNodeList(sOAPMessage.getSOAPHeader(), REFERENCE_LIST_XPATH);
                byteArrayOutputStream = new ByteArrayOutputStream();
                try {
                    Iterator it = DomUtil.iterable(selectNodeList).iterator();
                    while (it.hasNext()) {
                        addDigestValue(sOAPMessage, signAlgorithmType, byteArrayOutputStream, (Node) it.next());
                    }
                    byteArrayOutputStream.reset();
                    signSignedInfo(sOAPMessage, privateKey, signAlgorithmType, byteArrayOutputStream);
                    byteArrayOutputStream.close();
                } finally {
                }
            } finally {
            }
        } finally {
        }
    }

    private static void signSignedInfo(SOAPMessage sOAPMessage, PrivateKey privateKey, SignAlgorithmType signAlgorithmType, ByteArrayOutputStream byteArrayOutputStream) throws CanonicalizationException, InvalidCanonicalizerException, TransformerException, SOAPException, GeneralSecurityException {
        Canonicalizer.getInstance("http://www.w3.org/2001/10/xml-exc-c14n#").canonicalizeSubtree(XPathAPI.selectSingleNode(sOAPMessage.getSOAPHeader(), "//*[local-name()='SignedInfo']"), byteArrayOutputStream);
        XPathAPI.selectSingleNode(sOAPMessage.getSOAPHeader(), "//*[local-name()='SignatureValue']").addTextNode(Base64Util.getBase64EncodedString(CryptoUtil.getSignature(byteArrayOutputStream.toByteArray(), privateKey, signAlgorithmType)));
    }

    private static void addDigestValue(SOAPMessage sOAPMessage, SignAlgorithmType signAlgorithmType, ByteArrayOutputStream byteArrayOutputStream, Node node) throws TransformerException, SOAPException, CanonicalizationException, InvalidCanonicalizerException {
        SOAPElement lastChild;
        Node selectSingleNode = XPathAPI.selectSingleNode(sOAPMessage.getSOAPHeader(), "//*[local-name()='Reference' and @URI='#" + node.getAttributes().getNamedItem("wsu:Id").getNodeValue() + "']");
        if (selectSingleNode == null || (lastChild = selectSingleNode.getLastChild()) == null || !DIGEST_VALUE_LOCAL_NAME.equals(lastChild.getLocalName())) {
            return;
        }
        byteArrayOutputStream.reset();
        Canonicalizer.getInstance("http://www.w3.org/2001/10/xml-exc-c14n#").canonicalizeSubtree(node, byteArrayOutputStream);
        lastChild.addTextNode(CryptoUtil.getBase64Digest(new String(byteArrayOutputStream.toByteArray()), signAlgorithmType));
    }

    private static void addReferenceElement(SignAlgorithmType signAlgorithmType, SOAPElement sOAPElement, String str) throws SOAPException {
        SOAPElement addAttribute = sOAPElement.addChildElement("Reference", "ds").addAttribute(new QName("URI"), "#" + str);
        addAttribute.addChildElement("Transforms", "ds").addChildElement("Transform", "ds").setAttribute("Algorithm", "http://www.w3.org/2001/10/xml-exc-c14n#");
        addAttribute.addChildElement("DigestMethod", "ds").setAttribute("Algorithm", signAlgorithmType.getDigestUri());
        addAttribute.addChildElement(DIGEST_VALUE_LOCAL_NAME, "ds");
    }

    private static void addTimestampElement(SOAPElement sOAPElement, ZonedDateTime zonedDateTime, String str) throws SOAPException {
        SOAPElement addChildElement = sOAPElement.addChildElement(new QName(WSU_NS, "Timestamp", "wsu"));
        addChildElement.setAttribute("wsu:Id", str);
        addChildElement.addChildElement(new QName(WSU_NS, "Created", "wsu")).setTextContent(ZonedDateTime.now().format(DATE_TIME_FORMATTER));
        addChildElement.addChildElement(new QName(WSU_NS, "Expires", "wsu")).setTextContent(zonedDateTime.format(DATE_TIME_FORMATTER));
    }

    private static void addBinarySecurityTokenElement(SOAPElement sOAPElement, String str, String str2) throws SOAPException {
        sOAPElement.addChildElement("BinarySecurityToken", "wsse").addAttribute(new QName("EncodingType"), BASE64_ENCODING).addAttribute(new QName("ValueType"), X509_V3_TYPE).addAttribute(new QName("wsu:Id"), str).addTextNode(str2);
    }

    private static void addKeyInfoElement(SOAPElement sOAPElement, String str) throws SOAPException {
        sOAPElement.addChildElement("KeyInfo", "ds").addChildElement("SecurityTokenReference", "wsse").addChildElement("Reference", "wsse").addAttribute(new QName("URI"), "#" + str).addAttribute(new QName("ValueType"), X509_V3_TYPE);
    }

    private static void addKeyInfoElementWithId(SOAPElement sOAPElement, String str) throws SOAPException {
        SOAPElement addChildElement = sOAPElement.addChildElement("KeyInfo", "ds");
        addChildElement.setAttribute("Id", "KI-" + UUID.randomUUID().toString());
        SOAPElement addChildElement2 = addChildElement.addChildElement("SecurityTokenReference", "wsse");
        addChildElement2.setAttribute("wsu:Id", "STR-" + UUID.randomUUID().toString());
        addChildElement2.addChildElement("Reference", "wsse").addAttribute(new QName("URI"), "#" + str).addAttribute(new QName("ValueType"), X509_V3_TYPE);
    }
}
