package org.linagora.linsign.test;

import java.io.File;
import java.io.FilenameFilter;
import java.security.GeneralSecurityException;
import java.security.Provider;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import javax.xml.crypto.dom.DOMStructure;
import javax.xml.crypto.dsig.Reference;
import javax.xml.crypto.dsig.XMLSignature;
import javax.xml.crypto.dsig.XMLSignatureException;
import javax.xml.crypto.dsig.XMLSignatureFactory;
import javax.xml.crypto.dsig.dom.DOMValidateContext;
import javax.xml.crypto.dsig.keyinfo.X509Data;
import javax.xml.parsers.DocumentBuilderFactory;
import org.junit.BeforeClass;
import org.junit.Test;
import org.linagora.linsign.client.keystore.KeyStoreEntry;
import org.linagora.linsign.client.keystore.KeystoreType;
import org.linagora.linsign.client.keystore.filters.IssuerDnCertificateFilter;
import org.linagora.linsign.client.keystore.filters.KeyUsageSignatureFilter;
import org.linagora.linsign.client.keystore.filters.KeystoreFilters;
import org.linagora.linsign.client.services.impl.SignatureServiceImpl;
import org.linagora.linsign.client.ui.UiService;
import org.linagora.linsign.client.ui.impl.UiServiceImpl;
import org.linagora.linsign.server.portal.impl.ServerImpl;
import org.linagora.linsign.utils.archive.ArchiveFile;
import org.linagora.linsign.utils.archive.XadesZipArchiveManager;
import org.linagora.linsign.utils.encode.HashUtils;
import org.linagora.linsign.utils.sign.config.SignaturePolicies;
import org.w3c.dom.NodeList;

/* loaded from: input_file:WEB-INF/lib/linsign-1.0.jar:org/linagora/linsign/test/TestUiCmdDetachedXades.class */
public class TestUiCmdDetachedXades {
    public static final String WORKSPACE = "/DEV_JAVA/workspace_esignbox/linSign";
    public static final String P12FILE = "/DEV_JAVA/workspace_esignbox/linSign/src/test/resources/web1.p12";
    public static final String JKSFILE = "/DEV_JAVA/workspace_esignbox/linSign/src/test/resources/web1.jks";
    public static final String P11FILE = "C:/WINDOWS/system32/eTPKCS11.dll";
    public static final String READ_FILES_FROM_DIR = "/DEV_JAVA/workspace_esignbox/linSign/src/test/resources/files/testUICmd";
    public static final String XADES_TEST_FILE = "textpourxades.txt";
    public static final String P12PASSWORD = "password";
    public static final String JKSPASSWORD = "password";
    public static final String P11PASSWORD = "crotale";
    public static final String CHOOSECN = "web1";
    public static final String OID_POLICY_CHOICE = "a.b.c.3";
    public static final boolean DELETE_ALL_FILES_END_PROCESS = false;
    public static File[] originalFiles;
    public static UiService ui;
    public static String policyChoice;

    @BeforeClass
    public static void start() {
        originalFiles = new File("/DEV_JAVA/workspace_esignbox/linSign/src/test/resources/files/testUICmd").listFiles(new FilenameFilter() { // from class: org.linagora.linsign.test.TestUiCmdDetachedXades.1
            @Override // java.io.FilenameFilter
            public boolean accept(File file, String str) {
                return !str.endsWith(".svn") && str.equalsIgnoreCase(TestUiCmdDetachedXades.XADES_TEST_FILE);
            }
        });
        ServerImpl serverImpl = new ServerImpl();
        SignatureServiceImpl signatureServiceImpl = new SignatureServiceImpl();
        ui = new UiServiceImpl();
        ((UiServiceImpl) ui).setServerInterface(serverImpl);
        ((UiServiceImpl) ui).setSignatureService(signatureServiceImpl);
        if ("a.b.c.3" == 0) {
            policyChoice = SignaturePolicies.getInstance().getAvailableSignaturePolicyOID().iterator().next();
        } else {
            policyChoice = "a.b.c.3";
        }
    }

    @Test
    public void testUserUiP12() throws Exception {
        String initSignatureProcess = ui.initSignatureProcess(policyChoice);
        ui.sendDocuments(initSignatureProcess, HashUtils.hashSha1withBase64((List<File>) Arrays.asList(originalFiles)), true);
        File file = new File("/DEV_JAVA/workspace_esignbox/linSign/src/test/resources/web1.p12");
        List<KeyStoreEntry> certificates = ui.getCertificates(KeystoreType.PKCS12, file.toString(), "password", null);
        X509Certificate x509Certificate = (X509Certificate) certificates.get(0).getCertificateChain()[0];
        String alias = certificates.get(0).getAlias();
        ui.sendCertificate(initSignatureProcess, x509Certificate.getEncoded());
        ui.finalizeDocument(initSignatureProcess, ui.sign(ui.getAllBase64HashTBS(initSignatureProcess), KeystoreType.PKCS12, file.toString(), alias, "password"));
        unzipAndValidateSignedXades(ui.getFinalizedDocument(initSignatureProcess).get(0));
        ui.cleanSignatureProcess(initSignatureProcess, false);
    }

    @Test
    public void testUserUiMSCAPI() throws Exception {
        String initSignatureProcess = ui.initSignatureProcess(policyChoice);
        ui.sendDocuments(initSignatureProcess, HashUtils.hashSha1withBase64((List<File>) Arrays.asList(originalFiles)), true);
        KeystoreFilters keystoreFilters = new KeystoreFilters();
        keystoreFilters.add(new KeyUsageSignatureFilter(false));
        keystoreFilters.add(new IssuerDnCertificateFilter(new String[]{"AdminCA1"}));
        List<KeyStoreEntry> certificates = ui.getCertificates(KeystoreType.MSCAPI, null, null, keystoreFilters);
        int i = -1;
        Iterator<KeyStoreEntry> it2 = certificates.iterator();
        while (it2.hasNext()) {
            i++;
            if (it2.next().getSubjectCN().equals("web1")) {
                break;
            }
        }
        X509Certificate x509Certificate = (X509Certificate) certificates.get(i).getCertificateChain()[0];
        String alias = certificates.get(i).getAlias();
        ui.sendCertificate(initSignatureProcess, x509Certificate.getEncoded());
        ui.finalizeDocument(initSignatureProcess, ui.sign(ui.getAllBase64HashTBS(initSignatureProcess), KeystoreType.MSCAPI, null, alias, null));
        unzipAndValidateSignedXades(ui.getFinalizedDocument(initSignatureProcess).get(0));
        ui.cleanSignatureProcess(initSignatureProcess, false);
    }

    @Test
    public void testUserUiJks() throws Exception {
        String initSignatureProcess = ui.initSignatureProcess(policyChoice);
        ui.sendDocuments(initSignatureProcess, HashUtils.hashSha1withBase64((List<File>) Arrays.asList(originalFiles)), true);
        File file = new File("/DEV_JAVA/workspace_esignbox/linSign/src/test/resources/web1.jks");
        List<KeyStoreEntry> certificates = ui.getCertificates(KeystoreType.JKS, file.toString(), "password", null);
        X509Certificate x509Certificate = (X509Certificate) certificates.get(0).getCertificateChain()[0];
        String alias = certificates.get(0).getAlias();
        ui.sendCertificate(initSignatureProcess, x509Certificate.getEncoded());
        ui.finalizeDocument(initSignatureProcess, ui.sign(ui.getAllBase64HashTBS(initSignatureProcess), KeystoreType.JKS, file.toString(), alias, "password"));
        unzipAndValidateSignedXades(ui.getFinalizedDocument(initSignatureProcess).get(0));
        ui.cleanSignatureProcess(initSignatureProcess, false);
    }

    @Test
    public void testUserUiPkcs11WindowsToken() throws Exception {
        String initSignatureProcess = ui.initSignatureProcess(policyChoice);
        ui.sendDocuments(initSignatureProcess, HashUtils.hashSha1withBase64((List<File>) Arrays.asList(originalFiles)), true);
        File file = new File("C:/WINDOWS/system32/eTPKCS11.dll");
        List<KeyStoreEntry> certificates = ui.getCertificates(KeystoreType.PKCS11, file.toString(), "crotale", null);
        X509Certificate x509Certificate = (X509Certificate) certificates.get(0).getCertificateChain()[0];
        String alias = certificates.get(0).getAlias();
        ui.sendCertificate(initSignatureProcess, x509Certificate.getEncoded());
        ui.finalizeDocument(initSignatureProcess, ui.sign(ui.getAllBase64HashTBS(initSignatureProcess), KeystoreType.PKCS11, file.toString(), alias, "crotale"));
        unzipAndValidateSignedXades(ui.getFinalizedDocument(initSignatureProcess).get(0));
        ui.cleanSignatureProcess(initSignatureProcess, false);
    }

    @Test
    public void testUserUiFirefox() throws Exception {
        String initSignatureProcess = ui.initSignatureProcess(policyChoice);
        ui.sendDocuments(initSignatureProcess, HashUtils.hashSha1withBase64((List<File>) Arrays.asList(originalFiles)), true);
        KeystoreFilters keystoreFilters = new KeystoreFilters();
        keystoreFilters.add(new KeyUsageSignatureFilter(false));
        keystoreFilters.add(new IssuerDnCertificateFilter(new String[]{"AdminCA1"}));
        List<KeyStoreEntry> certificates = ui.getCertificates(KeystoreType.FIREFOX, null, null, keystoreFilters);
        int i = -1;
        Iterator<KeyStoreEntry> it2 = certificates.iterator();
        while (it2.hasNext() && !it2.next().getSubjectCN().equals("web1")) {
            i++;
        }
        X509Certificate x509Certificate = (X509Certificate) certificates.get(i).getCertificateChain()[0];
        String alias = certificates.get(i).getAlias();
        ui.sendCertificate(initSignatureProcess, x509Certificate.getEncoded());
        ui.finalizeDocument(initSignatureProcess, ui.sign(ui.getAllBase64HashTBS(initSignatureProcess), KeystoreType.FIREFOX, null, alias, null));
        unzipAndValidateSignedXades(ui.getFinalizedDocument(initSignatureProcess).get(0));
        ui.cleanSignatureProcess(initSignatureProcess, false);
    }

    public void testUserMacKeychain() throws Exception {
        String initSignatureProcess = ui.initSignatureProcess(policyChoice);
        ui.sendDocuments(initSignatureProcess, HashUtils.hashSha1withBase64((List<File>) Arrays.asList(originalFiles)), true);
        List<KeyStoreEntry> certificates = ui.getCertificates(KeystoreType.KEYCHAIN, null, null, new KeystoreFilters());
        int i = -1;
        Iterator<KeyStoreEntry> it2 = certificates.iterator();
        while (it2.hasNext() && !it2.next().getSubjectCN().equals("web1")) {
            i++;
        }
        X509Certificate x509Certificate = (X509Certificate) certificates.get(i).getCertificateChain()[0];
        String alias = certificates.get(i).getAlias();
        ui.sendCertificate(initSignatureProcess, x509Certificate.getEncoded());
        ui.finalizeDocument(initSignatureProcess, ui.sign(ui.getAllBase64HashTBS(initSignatureProcess), KeystoreType.KEYCHAIN, null, alias, null));
        unzipAndValidateSignedXades(ui.getFinalizedDocument(initSignatureProcess).get(0));
        ui.cleanSignatureProcess(initSignatureProcess, false);
    }

    private void unzipAndValidateSignedXades(File file) throws Exception {
        File file2 = new File("/tmp2");
        if (file2.exists()) {
            XadesZipArchiveManager.deleteDirectory(file2);
        }
        XadesZipArchiveManager.extract(file, file2);
        testValidateAllXml(file2);
    }

    private void testValidateAllXml(File file) throws Exception {
        if (file.listFiles(new FilenameFilter() { // from class: org.linagora.linsign.test.TestUiCmdDetachedXades.2
            @Override // java.io.FilenameFilter
            public boolean accept(File file2, String str) {
                return str.endsWith(ArchiveFile.ARCHIVE_XADES_SIGNATURE_FILE);
            }
        }) == null) {
            return;
        }
        File file2 = new File("C:/tmp2/signature.xml");
        System.out.println("check:" + file2);
        try {
            DocumentBuilderFactory newInstance = DocumentBuilderFactory.newInstance();
            newInstance.setNamespaceAware(true);
            NodeList elementsByTagNameNS = newInstance.newDocumentBuilder().parse(file2).getElementsByTagNameNS("http://www.w3.org/2000/09/xmldsig#", "Signature");
            if (elementsByTagNameNS.getLength() == 0) {
                throw new XMLSignatureException("Cannot find any Signature elements");
            }
            for (int i = 0; i < elementsByTagNameNS.getLength(); i++) {
                String nodeValue = elementsByTagNameNS.item(i).getAttributes().getNamedItem("Id").getNodeValue();
                XMLSignature unmarshalXMLSignature = XMLSignatureFactory.getInstance("DOM", (Provider) Class.forName(System.getProperty("jsr105Provider", "org.jcp.xml.dsig.internal.dom.XMLDSigRI")).newInstance()).unmarshalXMLSignature(new DOMStructure(elementsByTagNameNS.item(i)));
                DOMValidateContext dOMValidateContext = new DOMValidateContext(getPubKey(unmarshalXMLSignature).getPublicKey(), elementsByTagNameNS.item(i));
                File parentFile = file2.getParentFile();
                if (parentFile == null) {
                    parentFile = new File(".");
                }
                dOMValidateContext.setBaseURI(parentFile.getCanonicalFile().toURI().toString());
                boolean validate = unmarshalXMLSignature.validate(dOMValidateContext);
                String str = "Signature id=" + nodeValue;
                if (validate) {
                    System.out.println(str + " has passed core validation");
                } else {
                    System.out.println(str + " failed core validation");
                    System.out.println(str + " signature validation: " + unmarshalXMLSignature.getSignatureValue().validate(dOMValidateContext));
                    int i2 = 0;
                    for (Reference reference : unmarshalXMLSignature.getSignedInfo().getReferences()) {
                        System.out.println(str + " - ref[" + i2 + "] \"" + reference.getURI() + "\" validity status: " + reference.validate(dOMValidateContext));
                        i2++;
                    }
                }
            }
        } catch (Exception e) {
            throw e;
        }
    }

    private static X509Certificate getPubKey(XMLSignature xMLSignature) throws GeneralSecurityException {
        X509Certificate x509Certificate = null;
        List list = null;
        Iterator it2 = xMLSignature.getKeyInfo().getContent().iterator();
        while (true) {
            if (!it2.hasNext()) {
                break;
            }
            Object next = it2.next();
            if (next instanceof X509Data) {
                list = ((X509Data) next).getContent();
                break;
            }
        }
        if (list == null) {
            throw new SecurityException("getPubKey: X509Data element not found");
        }
        Iterator it3 = list.iterator();
        while (true) {
            if (!it3.hasNext()) {
                break;
            }
            Object next2 = it3.next();
            if (next2 instanceof X509Certificate) {
                x509Certificate = (X509Certificate) next2;
                break;
            }
        }
        if (x509Certificate == null) {
            throw new SecurityException("getPubKey: X509Certificate element not found");
        }
        return x509Certificate;
    }
}
