package com.icbc.hsm.software.temp;

import cn.hutool.crypto.KeyUtil;
import com.icbc.bcprov.org.bouncycastle.crypto.params.RSAKeyParameters;
import com.icbc.hsm.software.basic.Signature;
import com.icbc.hsm.utils.encoders.Base64;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateKey;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import javax.xml.crypto.dsig.Reference;
import javax.xml.crypto.dsig.SignedInfo;
import javax.xml.crypto.dsig.XMLSignature;
import javax.xml.crypto.dsig.XMLSignatureFactory;
import javax.xml.crypto.dsig.dom.DOMSignContext;
import javax.xml.crypto.dsig.dom.DOMValidateContext;
import javax.xml.crypto.dsig.keyinfo.KeyInfoFactory;
import javax.xml.crypto.dsig.keyinfo.X509IssuerSerial;
import javax.xml.crypto.dsig.spec.C14NMethodParameterSpec;
import javax.xml.crypto.dsig.spec.DigestMethodParameterSpec;
import javax.xml.crypto.dsig.spec.SignatureMethodParameterSpec;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.transform.TransformerFactory;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
import org.apache.commons.jxpath.xml.DocumentContainer;
import org.apache.poi.poifs.crypt.dsig.facets.SignatureFacet;
import org.w3c.dom.Document;
import org.w3c.dom.NodeList;

/* loaded from: input_file:BOOT-INF/lib/hsm-software-share-1.0.5.jar:com/icbc/hsm/software/temp/XmlSignatureImpl.class */
public class XmlSignatureImpl {
    private static final Long version = -1L;
    private static HashMap<String, String> algMap = new HashMap<>();
    private String baseURI = null;
    private String defaultNamespacePrefix = null;
    private boolean insertCertificate = true;

    public static XmlSignatureImpl getInstance() throws Exception {
        return new XmlSignatureImpl();
    }

    public void setBaseURI(String str) {
        this.baseURI = str;
    }

    public void setDefaultNamespacePrefix(String str) {
        this.defaultNamespacePrefix = str;
    }

    public void setInsertCertificate(boolean z) {
        this.insertCertificate = z;
    }

    public String generateDetachedXmlSignature(String str, String str2, String str3, PrivateKey privateKey, X509Certificate x509Certificate) throws Exception {
        String str4 = algMap.get(str2);
        String str5 = algMap.get(str3);
        XMLSignatureFactory xMLSignatureFactory = XMLSignatureFactory.getInstance(DocumentContainer.MODEL_DOM);
        DocumentBuilderFactory newInstance = DocumentBuilderFactory.newInstance();
        newInstance.setNamespaceAware(true);
        Document newDocument = newInstance.newDocumentBuilder().newDocument();
        DOMSignContext dOMSignContext = new DOMSignContext(privateKey, newDocument);
        if (this.baseURI != null) {
            dOMSignContext.setBaseURI(this.baseURI);
        }
        if (this.defaultNamespacePrefix != null) {
            dOMSignContext.setDefaultNamespacePrefix(this.defaultNamespacePrefix);
        }
        dOMSignContext.setProperty("javax.xml.crypto.dsig.cacheReference", true);
        Reference newReference = xMLSignatureFactory.newReference(str, xMLSignatureFactory.newDigestMethod(str4, (DigestMethodParameterSpec) null));
        ArrayList arrayList = new ArrayList();
        Collections.addAll(arrayList, newReference);
        SignedInfo newSignedInfo = xMLSignatureFactory.newSignedInfo(xMLSignatureFactory.newCanonicalizationMethod("http://www.w3.org/TR/2001/REC-xml-c14n-20010315", (C14NMethodParameterSpec) null), xMLSignatureFactory.newSignatureMethod(str5, (SignatureMethodParameterSpec) null), arrayList);
        KeyInfoFactory keyInfoFactory = KeyInfoFactory.getInstance(DocumentContainer.MODEL_DOM);
        ArrayList arrayList2 = new ArrayList();
        if (this.insertCertificate) {
            arrayList2.add(x509Certificate);
        } else {
            X509IssuerSerial newX509IssuerSerial = keyInfoFactory.newX509IssuerSerial(x509Certificate.getIssuerDN().getName(), x509Certificate.getSerialNumber());
            arrayList2.add(x509Certificate.getSubjectDN().getName());
            arrayList2.add(newX509IssuerSerial);
        }
        XMLSignature newXMLSignature = xMLSignatureFactory.newXMLSignature(newSignedInfo, keyInfoFactory.newKeyInfo(Collections.singletonList(keyInfoFactory.newX509Data(arrayList2))));
        newXMLSignature.sign(dOMSignContext);
        System.out.println("ref.getDigestValue(): " + newReference.getDigestValue());
        System.out.println("ref.getDigestInputStream(): " + newReference.getDigestInputStream());
        System.out.println("si.getCanonicalizedData(): " + newSignedInfo.getCanonicalizedData());
        System.out.println("signature.getSignatureValue().getValue(): " + Base64.toBase64String(newXMLSignature.getSignatureValue().getValue()));
        byte[] bArr = new byte[81920];
        System.out.println("newSignature SHA256withRSA:\n" + Base64.toBase64String(Signature.sign("SHA256withRSA", new RSAKeyParameters(true, ((RSAPrivateKey) privateKey).getModulus(), ((RSAPrivateKey) privateKey).getPrivateExponent()), Arrays.copyOf(bArr, newSignedInfo.getCanonicalizedData().read(bArr)))));
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        TransformerFactory.newInstance().newTransformer().transform(new DOMSource(newDocument), new StreamResult(byteArrayOutputStream));
        return byteArrayOutputStream.toString();
    }

    public static String generateXmlSignature(String str, String str2, String str3, PrivateKey privateKey, javax.security.cert.X509Certificate x509Certificate) throws Exception {
        String str4 = null;
        if ("SHA256".equalsIgnoreCase(str2)) {
            str4 = "http://www.w3.org/2001/04/xmlenc#sha256";
        } else if ("SHA512".equalsIgnoreCase(str2)) {
            str4 = "http://www.w3.org/2001/04/xmlenc#sha512";
        } else if ("SHA1".equalsIgnoreCase(str2)) {
            str4 = "http://www.w3.org/2000/09/xmldsig#sha1";
        }
        String str5 = null;
        if ("SHA256withRSA".equalsIgnoreCase(str3)) {
            str5 = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256";
        } else if ("SHA1withRSA".equalsIgnoreCase(str3)) {
            str5 = "http://www.w3.org/2000/09/xmldsig#rsa-sha1";
        } else if ("SHA512withRSA".equalsIgnoreCase(str3)) {
            str5 = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha512";
        }
        XMLSignatureFactory xMLSignatureFactory = XMLSignatureFactory.getInstance(DocumentContainer.MODEL_DOM);
        DocumentBuilderFactory newInstance = DocumentBuilderFactory.newInstance();
        newInstance.setNamespaceAware(true);
        Document newDocument = newInstance.newDocumentBuilder().newDocument();
        DOMSignContext dOMSignContext = new DOMSignContext(privateKey, newDocument.getDocumentElement());
        dOMSignContext.setProperty("javax.xml.crypto.dsig.cacheReference", true);
        Reference newReference = xMLSignatureFactory.newReference(str, xMLSignatureFactory.newDigestMethod(str4, (DigestMethodParameterSpec) null));
        ArrayList arrayList = new ArrayList();
        Collections.addAll(arrayList, newReference);
        SignedInfo newSignedInfo = xMLSignatureFactory.newSignedInfo(xMLSignatureFactory.newCanonicalizationMethod("http://www.w3.org/TR/2001/REC-xml-c14n-20010315", (C14NMethodParameterSpec) null), xMLSignatureFactory.newSignatureMethod(str5, (SignatureMethodParameterSpec) null), arrayList);
        KeyInfoFactory keyInfoFactory = KeyInfoFactory.getInstance(DocumentContainer.MODEL_DOM);
        X509IssuerSerial newX509IssuerSerial = keyInfoFactory.newX509IssuerSerial(x509Certificate.getIssuerDN().getName(), x509Certificate.getSerialNumber());
        ArrayList arrayList2 = new ArrayList();
        arrayList2.add(x509Certificate.getIssuerDN().getName());
        arrayList2.add(newX509IssuerSerial);
        xMLSignatureFactory.newXMLSignature(newSignedInfo, keyInfoFactory.newKeyInfo(Collections.singletonList(keyInfoFactory.newX509Data(arrayList2)))).sign(dOMSignContext);
        byte[] bArr = new byte[81920];
        System.out.println("newSignature SHA256withRSA:\n" + Base64.toBase64String(Signature.sign("SHA256withRSA", new RSAKeyParameters(true, ((RSAPrivateKey) privateKey).getModulus(), ((RSAPrivateKey) privateKey).getPrivateExponent()), Arrays.copyOf(bArr, newSignedInfo.getCanonicalizedData().read(bArr)))));
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        TransformerFactory.newInstance().newTransformer().transform(new DOMSource(newDocument), new StreamResult(byteArrayOutputStream));
        return byteArrayOutputStream.toString();
    }

    public boolean validateXmlSignature(String str, X509Certificate x509Certificate) throws Exception {
        DocumentBuilderFactory newInstance = DocumentBuilderFactory.newInstance();
        newInstance.setNamespaceAware(true);
        NodeList elementsByTagNameNS = newInstance.newDocumentBuilder().parse(new FileInputStream(str)).getElementsByTagNameNS(SignatureFacet.XML_DIGSIG_NS, "Signature");
        if (elementsByTagNameNS.getLength() == 0) {
            throw new Exception("Cannot find Signature element");
        }
        XMLSignatureFactory xMLSignatureFactory = XMLSignatureFactory.getInstance(DocumentContainer.MODEL_DOM);
        if (x509Certificate == null) {
            throw new Exception("x509cert is null");
        }
        DOMValidateContext dOMValidateContext = new DOMValidateContext(x509Certificate.getPublicKey(), elementsByTagNameNS.item(0));
        if (this.baseURI != null) {
            dOMValidateContext.setBaseURI(this.baseURI);
        }
        XMLSignature unmarshalXMLSignature = xMLSignatureFactory.unmarshalXMLSignature(dOMValidateContext);
        boolean validate = unmarshalXMLSignature.validate(dOMValidateContext);
        System.out.println("signature.validate(valContext): " + validate);
        if (!validate) {
            StringBuilder sb = new StringBuilder();
            sb.append("signature validation status: " + unmarshalXMLSignature.getSignatureValue().validate(dOMValidateContext) + "\n");
            Iterator it = unmarshalXMLSignature.getSignedInfo().getReferences().iterator();
            int i = 0;
            while (it.hasNext()) {
                sb.append("ref[" + i + "] validity status: " + ((Reference) it.next()).validate(dOMValidateContext) + "\n");
                i++;
            }
            System.out.println(sb.toString());
        }
        return validate;
    }

    public static void test1() throws Exception {
        KeyStore keyStore = getKeyStore("E:\\xmlfiletest\\070-BULK-SIGN-UAT_20200518.jks", "070-BULK-SIGN-UAT_20200518", "jks");
        PrivateKey privateKey = (PrivateKey) keyStore.getKey("070-BULK-SIGN-UAT_20200518", "070-BULK-SIGN-UAT_20200518".toCharArray());
        X509Certificate x509Certificate = (X509Certificate) keyStore.getCertificate("070-BULK-SIGN-UAT_20200518");
        XmlSignatureImpl xmlSignatureImpl = getInstance();
        xmlSignatureImpl.setBaseURI("file:///E://xmlfiletest//");
        xmlSignatureImpl.setInsertCertificate(false);
        String generateDetachedXmlSignature = xmlSignatureImpl.generateDetachedXmlSignature("070-20201220-OC-SDVA-00002-002.xml", "SHA256", "SHA256withRSA", privateKey, x509Certificate);
        System.out.println("=====================================================");
        System.out.println(generateDetachedXmlSignature);
        FileOutputStream fileOutputStream = new FileOutputStream("E:\\xmlfiletest\\signature.xml");
        fileOutputStream.write(generateDetachedXmlSignature.getBytes());
        fileOutputStream.close();
        System.out.println(xmlSignatureImpl.validateXmlSignature("E:\\xmlfiletest\\signature.xml", x509Certificate));
        System.out.println(xmlSignatureImpl.generateDetachedXmlSignature("file:///E://test.xml", "SHA256", "SHA256withRSA", privateKey, (X509Certificate) CertificateFactory.getInstance(KeyUtil.CERT_TYPE_X509).generateCertificate(new ByteArrayInputStream(x509Certificate.getEncoded()))));
    }

    public static void main(String[] strArr) throws Exception {
        test1();
    }

    public static KeyStore getKeyStore(String str, String str2, String str3) throws NoSuchAlgorithmException, CertificateException, IOException, KeyStoreException {
        KeyStore keyStore = KeyStore.getInstance(str3);
        FileInputStream fileInputStream = new FileInputStream(str);
        keyStore.load(fileInputStream, str2.toCharArray());
        fileInputStream.close();
        return keyStore;
    }

    static {
        algMap.put("SHA256", "http://www.w3.org/2001/04/xmlenc#sha256");
        algMap.put("SHA512", "http://www.w3.org/2001/04/xmlenc#sha512");
        algMap.put("SHA1", "http://www.w3.org/2000/09/xmldsig#sha1");
        algMap.put("SHA256withRSA", "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256");
        algMap.put("SHA512withRSA", "http://www.w3.org/2001/04/xmldsig-more#rsa-sha512");
        algMap.put("SHA1withRSA", "http://www.w3.org/2000/09/xmldsig#rsa-sha1");
    }
}
