package org.apache.xml.security.test.dom.signature;

import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import org.apache.xml.security.Init;
import org.apache.xml.security.exceptions.XMLSecurityException;
import org.apache.xml.security.signature.XMLSignature;
import org.apache.xml.security.signature.XMLSignatureInput;
import org.apache.xml.security.transforms.TransformationException;
import org.apache.xml.security.transforms.Transforms;
import org.apache.xml.security.utils.XMLUtils;
import org.apache.xml.security.utils.resolver.ResourceResolverContext;
import org.apache.xml.security.utils.resolver.ResourceResolverException;
import org.apache.xml.security.utils.resolver.ResourceResolverSpi;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.TemporaryFolder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.xml.sax.SAXException;

/* loaded from: input_file:org/apache/xml/security/test/dom/signature/PreCalculatedDigestSignatureTest.class */
public class PreCalculatedDigestSignatureTest {
    private static final String EXTERNAL_DOCUMENT_URI = "test.txt";
    private static final String PRE_CALCULATED_DIGEST = "tYpuWTmktpzSwRM8cxRlZfY4aw4wqr4vkXKPs9lwxP4=";
    private static final String ALIAS = "mullan";
    private String signatureFilePath;

    @Rule
    public TemporaryFolder testFolder = new TemporaryFolder();
    private PrivateKey privateKey;
    private X509Certificate signingCert;
    private static final Logger LOG = LoggerFactory.getLogger(PreCalculatedDigestSignatureTest.class);
    private static final char[] PASSWORD = "changeit".toCharArray();

    /* loaded from: input_file:org/apache/xml/security/test/dom/signature/PreCalculatedDigestSignatureTest$ExternalResourceResolver.class */
    public static class ExternalResourceResolver extends ResourceResolverSpi {
        private final String externalDocumentUri;
        private String preCalculatedDigest;

        public ExternalResourceResolver(String str, String str2) {
            this.preCalculatedDigest = str2;
            this.externalDocumentUri = str;
        }

        public XMLSignatureInput engineResolveURI(ResourceResolverContext resourceResolverContext) throws ResourceResolverException {
            String extractDocumentUri = extractDocumentUri(resourceResolverContext);
            XMLSignatureInput xMLSignatureInput = new XMLSignatureInput(this.preCalculatedDigest);
            xMLSignatureInput.setSourceURI(extractDocumentUri);
            xMLSignatureInput.setMIMEType("text/plain");
            return xMLSignatureInput;
        }

        public boolean engineCanResolveURI(ResourceResolverContext resourceResolverContext) {
            return extractDocumentUri(resourceResolverContext).equals(this.externalDocumentUri);
        }

        private String extractDocumentUri(ResourceResolverContext resourceResolverContext) {
            return resourceResolverContext.attr.getNodeValue();
        }
    }

    @Before
    public void setUp() throws Exception {
        Init.init();
        this.signatureFilePath = getAbsolutePath("src/test/resources/org/apache/xml/security/samples/input/signatureWithExternalReference.xml");
        KeyStore openKeyStore = openKeyStore();
        this.privateKey = (PrivateKey) openKeyStore.getKey(ALIAS, PASSWORD);
        this.signingCert = (X509Certificate) openKeyStore.getCertificate(ALIAS);
    }

    @Test
    public void validateSignatureWithCorrectDigestShouldBeValid() throws Exception {
        XMLSignature openSignature = openSignature(this.signatureFilePath);
        openSignature.addResourceResolver(new ExternalResourceResolver(EXTERNAL_DOCUMENT_URI, PRE_CALCULATED_DIGEST));
        Assert.assertTrue(validateSignature(openSignature));
    }

    @Test
    public void validateSignatureWithWrongDigestShouldBeInvalid() throws Exception {
        XMLSignature openSignature = openSignature(this.signatureFilePath);
        openSignature.addResourceResolver(new ExternalResourceResolver(EXTERNAL_DOCUMENT_URI, "BjVs1oFu54LZwQuUA+kHgZApH0pIc8PGOoo0YrLrNUI="));
        Assert.assertFalse(validateSignature(openSignature));
    }

    @Test
    public void createSignatureWithPreCalculatedDigestShouldBeValid() throws Exception {
        XMLSignature createXmlSignature = createXmlSignature();
        createXmlSignature.addDocument(EXTERNAL_DOCUMENT_URI, (Transforms) null, "http://www.w3.org/2001/04/xmlenc#sha256");
        createXmlSignature.addResourceResolver(new ExternalResourceResolver(EXTERNAL_DOCUMENT_URI, PRE_CALCULATED_DIGEST));
        createXmlSignature.addKeyInfo(this.signingCert);
        createXmlSignature.sign(this.privateKey);
        writeSignature(createXmlSignature.getDocument());
        Assert.assertTrue(createXmlSignature.checkSignatureValue(this.signingCert));
    }

    private XMLSignature openSignature(String str) throws ParserConfigurationException, SAXException, IOException, XMLSecurityException {
        return new XMLSignature((Element) createDocumentBuilder().parse(new File(str)).getDocumentElement().getFirstChild(), "");
    }

    private boolean validateSignature(XMLSignature xMLSignature) throws XMLSecurityException {
        boolean checkSignatureValue = xMLSignature.checkSignatureValue(xMLSignature.getKeyInfo().getPublicKey());
        LOG.debug("Is signature valid: " + checkSignatureValue);
        return checkSignatureValue;
    }

    private XMLSignature createXmlSignature() throws ParserConfigurationException, XMLSecurityException {
        Document newDocument = createDocumentBuilder().newDocument();
        Element createSignatureRoot = createSignatureRoot(newDocument);
        XMLSignature xMLSignature = new XMLSignature(newDocument, "", "http://www.w3.org/2000/09/xmldsig#dsa-sha1");
        createSignatureRoot.appendChild(xMLSignature.getElement());
        xMLSignature.addDocument("", createTransformsForSignature(newDocument), "http://www.w3.org/2001/04/xmlenc#sha256");
        return xMLSignature;
    }

    private DocumentBuilder createDocumentBuilder() throws ParserConfigurationException {
        DocumentBuilderFactory newInstance = DocumentBuilderFactory.newInstance();
        newInstance.setNamespaceAware(true);
        return newInstance.newDocumentBuilder();
    }

    private Transforms createTransformsForSignature(Document document) throws TransformationException {
        Transforms transforms = new Transforms(document);
        transforms.addTransform("http://www.w3.org/2000/09/xmldsig#enveloped-signature");
        transforms.addTransform("http://www.w3.org/TR/2001/REC-xml-c14n-20010315");
        return transforms;
    }

    private Element createSignatureRoot(Document document) {
        Element createElementNS = document.createElementNS("http://www.apache.org/ns/#app1", "apache:RootElement");
        createElementNS.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:apache", "http://www.apache.org/ns/#app1");
        document.appendChild(createElementNS);
        return createElementNS;
    }

    private void writeSignature(Document document) throws IOException {
        String path = this.testFolder.newFile("signature.xml").getPath();
        FileOutputStream fileOutputStream = null;
        try {
            fileOutputStream = new FileOutputStream(path);
            XMLUtils.outputDOMc14nWithComments(document, fileOutputStream);
            LOG.debug("Wrote signature to " + path);
            fileOutputStream.close();
        } catch (Throwable th) {
            fileOutputStream.close();
            throw th;
        }
    }

    private KeyStore openKeyStore() throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException {
        FileInputStream fileInputStream = null;
        try {
            KeyStore keyStore = KeyStore.getInstance("JKS");
            fileInputStream = new FileInputStream(getAbsolutePath("src/test/resources/test.jks"));
            keyStore.load(fileInputStream, PASSWORD);
            fileInputStream.close();
            return keyStore;
        } catch (Throwable th) {
            fileInputStream.close();
            throw th;
        }
    }

    private String getAbsolutePath(String str) {
        String property = System.getProperty("basedir");
        if (property != null && !"".equals(property)) {
            str = property + "/" + str;
        }
        return str;
    }
}
