package cin.uvote.voting.client.logic;

import cin.net.NetworkConnection;
import cin.security.crypto.BlindFactor;
import cin.security.crypto.RSAFunctions;
import cin.security.dsig.objects.ProcessableContentType;
import cin.security.dsig.objects.SignatureFormType;
import cin.security.dsig.objects.SignatureFormatType;
import cin.security.dsig.objects.SignatureTemplateType;
import cin.security.dsig.objects.XMLSignatureExtensionsType;
import cin.security.dsig.objects.XMLSignatureReferenceType;
import cin.security.dsig.objects.XMLTransformType;
import cin.security.dsig.xml.XMLSignatureFactory;
import cin.security.dsig.xml.apache.XMLSignature;
import cin.security.encoders.SignatureEncoder;
import cin.uvote.voting.client.communication.CEOSoapClientOperationPool;
import cin.uvote.xmldata.ceo.voting.BallotSignatureResponse;
import cin.uvote.xmldata.core.BallotToken;
import cin.uvote.xmldata.core.CastVoteStructure;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.security.SecureRandom;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPublicKey;
import java.util.logging.Level;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.xml.bind.JAXBContext;
import javax.xml.bind.Marshaller;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.transform.Transformer;
import javax.xml.transform.TransformerFactory;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
import oasis.names.tc.evs.schema.eml.VoterIdentificationStructure;
import org.apache.commons.logging.LogFactory;
import org.apache.commons.logging.impl.Jdk14Logger;
import org.apache.xml.security.Init;
import org.apache.xml.security.encryption.EncryptedData;
import org.apache.xml.security.encryption.EncryptedKey;
import org.apache.xml.security.encryption.XMLCipher;
import org.apache.xml.security.keys.KeyInfo;
import org.apache.xml.security.keys.content.RetrievalMethod;
import org.apache.xml.security.signature.Reference;
import org.apache.xml.security.transforms.Transforms;
import org.apache.xml.security.utils.XMLUtils;
import org.apache.xpath.XPathAPI;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.NodeList;

/* loaded from: input_file:cin/uvote/voting/client/logic/BallotSignatureLogic.class */
public class BallotSignatureLogic {
    private static final int seedLength = 20;
    private CEOSoapClientOperationPool ceoSoapClient;
    private DocumentBuilder db;
    private Marshaller m;
    private CertificateFactory certificateFactory = CertificateFactory.getInstance("X509");
    private XMLCipher keyCipher = XMLCipher.getInstance("http://www.w3.org/2001/04/xmlenc#rsa-1_5");
    private KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
    private TransformerFactory tf = TransformerFactory.newInstance();
    private Transformer trans = this.tf.newTransformer();
    private XMLCipher xmlCipher = XMLCipher.getInstance("http://www.w3.org/2001/04/xmlenc#aes128-cbc");
    private BlindFactor blindFactor = new BlindFactor();

    /* loaded from: input_file:cin/uvote/voting/client/logic/BallotSignatureLogic$BallotBundle.class */
    public class BallotBundle {
        private BallotToken ballotToken;
        private byte[] signedEncryptedVote;

        public BallotBundle(BallotToken ballotToken, byte[] bArr) {
            this.ballotToken = ballotToken;
            this.signedEncryptedVote = bArr;
        }

        public BallotToken getBallotToken() {
            return this.ballotToken;
        }

        public byte[] getSignedEncryptedVote() {
            return this.signedEncryptedVote;
        }
    }

    public BallotSignatureLogic(CEOSoapClientOperationPool cEOSoapClientOperationPool, JAXBContext jAXBContext) throws Exception {
        this.ceoSoapClient = cEOSoapClientOperationPool;
        this.m = jAXBContext.createMarshaller();
        DocumentBuilderFactory newInstance = DocumentBuilderFactory.newInstance();
        newInstance.setNamespaceAware(true);
        this.db = newInstance.newDocumentBuilder();
        SecureRandom secureRandom = SecureRandom.getInstance("SHA1PRNG");
        secureRandom.setSeed(secureRandom.generateSeed(seedLength));
        this.keyGenerator.init(128, secureRandom);
    }

    public BallotBundle getBallotSignature(VoterIdentificationStructure voterIdentificationStructure, CastVoteStructure castVoteStructure, byte[] bArr, byte[] bArr2) throws Exception {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        X509Certificate x509Certificate = (X509Certificate) this.certificateFactory.generateCertificate(byteArrayInputStream);
        byteArrayInputStream.close();
        ByteArrayInputStream byteArrayInputStream2 = new ByteArrayInputStream(bArr2);
        X509Certificate x509Certificate2 = (X509Certificate) this.certificateFactory.generateCertificate(byteArrayInputStream2);
        byteArrayInputStream2.close();
        Document encryptBallot = encryptBallot(castVoteStructure, x509Certificate2);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        this.trans.transform(new DOMSource(encryptBallot), new StreamResult(byteArrayOutputStream));
        byte[] byteArray = byteArrayOutputStream.toByteArray();
        byteArrayOutputStream.close();
        SignatureTemplateType signatureTemplateType = new SignatureTemplateType();
        signatureTemplateType.setSignatureFormat(SignatureFormatType.XML);
        signatureTemplateType.setSignatureForm(SignatureFormType.ENVELOPING);
        signatureTemplateType.setSignatureID("EncryptedBallotSignature");
        XMLSignatureExtensionsType xMLSignatureExtensionsType = new XMLSignatureExtensionsType();
        xMLSignatureExtensionsType.setSignatureValueID("EncryptedBallotSignatureValue");
        xMLSignatureExtensionsType.setEnvelopingContentID("EncryptedBallot");
        XMLSignatureReferenceType xMLSignatureReferenceType = new XMLSignatureReferenceType();
        xMLSignatureReferenceType.setReferenceURI("#EncryptedBallot");
        XMLTransformType xMLTransformType = new XMLTransformType();
        xMLTransformType.setType("http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments");
        xMLSignatureReferenceType.getTransforms().add(xMLTransformType);
        xMLSignatureExtensionsType.getReferences().add(xMLSignatureReferenceType);
        signatureTemplateType.setXMLSignatureExtensions(xMLSignatureExtensionsType);
        ProcessableContentType processableContentType = new ProcessableContentType();
        processableContentType.setMimeType(NetworkConnection.CONTENT_TYPE_XML);
        processableContentType.setContentValue(byteArray);
        signatureTemplateType.setToSignContent(processableContentType);
        XMLSignature newSignature = XMLSignatureFactory.newInstance().newSignature(signatureTemplateType, x509Certificate);
        byte[] digestedValue = newSignature.getDigestedValue();
        RSAPublicKey rSAPublicKey = (RSAPublicKey) x509Certificate.getPublicKey();
        this.blindFactor.generateBlindFactor(rSAPublicKey);
        BallotSignatureResponse callBallotSignature = this.ceoSoapClient.callBallotSignature(voterIdentificationStructure, castVoteStructure.getElection().getElectionIdentifier(), RSAFunctions.blind(SignatureEncoder.getInstance(2).encode(digestedValue, rSAPublicKey), this.blindFactor, rSAPublicKey));
        BallotToken ballotToken = callBallotSignature.getBallotToken();
        newSignature.setSignatureValue(RSAFunctions.unBlind(callBallotSignature.getSignedValue(), this.blindFactor, rSAPublicKey));
        Document document = (Document) newSignature.getSignedData().getContentObject();
        verifySignature(document, x509Certificate);
        ByteArrayOutputStream byteArrayOutputStream2 = new ByteArrayOutputStream();
        this.trans.transform(new DOMSource(document), new StreamResult(byteArrayOutputStream2));
        byteArrayOutputStream2.flush();
        byte[] byteArray2 = byteArrayOutputStream2.toByteArray();
        byteArrayOutputStream2.close();
        return new BallotBundle(ballotToken, byteArray2);
    }

    protected Document encryptBallot(CastVoteStructure castVoteStructure, X509Certificate x509Certificate) throws Exception {
        Document newDocument = this.db.newDocument();
        this.m.marshal(castVoteStructure, newDocument);
        SecretKey generateKey = this.keyGenerator.generateKey();
        this.keyCipher.init(3, x509Certificate.getPublicKey());
        EncryptedKey encryptKey = this.keyCipher.encryptKey(newDocument, generateKey);
        KeyInfo keyInfo = new KeyInfo(newDocument);
        keyInfo.add(new RetrievalMethod(newDocument, castVoteStructure.getElection().getElectionIdentifier().getId(), (Transforms) null, "RSAKey"));
        encryptKey.setKeyInfo(keyInfo);
        this.xmlCipher.init(1, generateKey);
        EncryptedData encryptedData = this.xmlCipher.getEncryptedData();
        KeyInfo keyInfo2 = new KeyInfo(newDocument);
        keyInfo2.add(encryptKey);
        encryptedData.setKeyInfo(keyInfo2);
        this.xmlCipher.doFinal(newDocument, newDocument.getDocumentElement(), false);
        return newDocument;
    }

    private void verifySignature(Document document, X509Certificate x509Certificate) throws Exception {
        NodeList selectNodeList = XPathAPI.selectNodeList(document, "//ds:Signature", XMLUtils.createDSctx(document, "ds", "http://www.w3.org/2000/09/xmldsig#"));
        if (selectNodeList.getLength() != 1) {
            throw new SignatureException("Wrong signature items number (" + selectNodeList.getLength() + ")");
        }
        org.apache.xml.security.signature.XMLSignature xMLSignature = new org.apache.xml.security.signature.XMLSignature((Element) selectNodeList.item(0), (String) null);
        KeyInfo keyInfo = xMLSignature.getKeyInfo();
        X509Certificate x509Certificate2 = null;
        if (keyInfo != null) {
            x509Certificate2 = keyInfo.getX509Certificate();
        }
        if (x509Certificate2 == null) {
            throw new CertificateException("Unrecoverable certificate");
        }
        if (!x509Certificate2.equals(x509Certificate)) {
            throw new CertificateException("Wrong certificate");
        }
        if (!xMLSignature.checkSignatureValue(x509Certificate2)) {
            throw new SignatureException("Wrong signature");
        }
    }

    static {
        Init.init();
        ((Jdk14Logger) LogFactory.getLog(Reference.class.getName())).getLogger().setLevel(Level.WARNING);
    }
}
