package xmlSign.prfgost;

import com.sun.org.apache.xml.internal.security.Init;
import java.io.ByteArrayInputStream;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.xml.parsers.DocumentBuilderFactory;
import org.apache.ws.security.message.WSSecHeader;
import org.apache.ws.security.util.XMLUtils;
import org.apache.xml.security.encryption.XMLCipher;
import org.apache.xml.security.utils.EncryptionConstants;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import ru.CryptoPro.Crypto.Key.GostSecretKey;
import ru.CryptoPro.JCP.Key.SecretKeySpec;
import ru.CryptoPro.JCP.params.CryptParamsInterface;
import ru.CryptoPro.JCP.tools.Platform;
import ru.CryptoPro.JCPxml.Consts;
import ru.CryptoPro.JCPxml.XmlInit;

/* loaded from: classes4.dex */
public class DeriveKeySimpleSchemeExample {
    protected static final String CLIENT_ALIAS = "gost_exch";
    public static final String LABEL = "WS-SecureConversation";
    protected static final String SERVICE_ALIAS = "localhost_cont";
    protected static final char[] CLIENT_PASSWORD = "Pass1234".toCharArray();
    protected static final char[] SERVICE_PASSWORD = null;
    private static DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance();
    protected static PrivateKey clientPrivateKey = null;
    protected static X509Certificate clientCertificate = null;
    protected static PrivateKey servicePrivateKey = null;
    protected static X509Certificate serviceCertificate = null;
    private static SecretKey clientSecretKey = null;
    private static SecretKey serviceSecretKey = null;

    /* loaded from: classes4.dex */
    public enum OperationType {
        OT_ENCRYPT,
        OT_DECRYPT
    }

    /* loaded from: classes4.dex */
    public static class TransportMessage {
        public Document encryptedDocument;
        public byte[] encryptedKey;
        public byte[] nonce;

        public TransportMessage(byte[] bArr, byte[] bArr2, Document document) {
            this.encryptedKey = null;
            this.nonce = null;
            this.encryptedDocument = null;
            this.encryptedKey = bArr;
            this.nonce = bArr2;
            this.encryptedDocument = document;
        }
    }

    static {
        init();
    }

    public static void clientProcess(TransportMessage transportMessage) throws Exception {
        Document decryptMessage = decryptMessage(transportMessage.encryptedDocument, deriveSecretKey((SecretKeySpec) ((GostSecretKey) clientSecretKey).getSpec(), LABEL, LABEL, transportMessage.nonce));
        System.out.println("Decrypted service message:\n" + XMLUtils.PrettyDocumentToString(decryptMessage));
    }

    public static TransportMessage clientSendRequest() throws Exception {
        SecretKey generateKey = KeyGenerator.getInstance("GOST28147").generateKey();
        clientSecretKey = generateKey;
        SecretKeySpec secretKeySpec = (SecretKeySpec) ((GostSecretKey) generateKey).getSpec();
        byte[] wrapSecretKey = wrapSecretKey(clientSecretKey, serviceCertificate);
        byte[] generateNonce = generateNonce(16);
        SecretKey deriveSecretKey = deriveSecretKey(secretKeySpec, LABEL, LABEL, generateNonce);
        Document clientDocumentSample = getClientDocumentSample();
        System.out.println("Source client message:\n" + XMLUtils.PrettyDocumentToString(clientDocumentSample));
        Document encryptMessage = encryptMessage(clientDocumentSample, deriveSecretKey);
        System.out.println("Encrypted client message:\n" + XMLUtils.PrettyDocumentToString(encryptMessage));
        return new TransportMessage(wrapSecretKey, generateNonce, encryptMessage);
    }

    public static Document decryptMessage(Document document, SecretKey secretKey) throws Exception {
        return proceedMessage(document, (Element) document.getElementsByTagNameNS(EncryptionConstants.EncryptionSpecNS, EncryptionConstants._TAG_ENCRYPTEDDATA).item(0), secretKey, OperationType.OT_DECRYPT);
    }

    public static SecretKey deriveSecretKey(SecretKeySpec secretKeySpec, String str, String str2, byte[] bArr) throws Exception {
        byte[] bytes = (str + str2).getBytes("UTF-8");
        byte[] bArr2 = new byte[bytes.length + bArr.length];
        System.arraycopy(bytes, 0, bArr2, 0, bytes.length);
        System.arraycopy(bArr, 0, bArr2, bytes.length, bArr.length);
        byte[][] bArr3 = {bArr2};
        byte[] bArr4 = new byte[32];
        secretKeySpec.methodGOSTR3411PRF(bArr3, bArr4, false);
        return new GostSecretKey(new SecretKeySpec(bArr4, (CryptParamsInterface) secretKeySpec.getParams()));
    }

    public static Document encryptMessage(Document document, SecretKey secretKey) throws Exception {
        return proceedMessage(document, document.getDocumentElement(), secretKey, OperationType.OT_ENCRYPT);
    }

    protected static byte[] generateNonce(int i) throws Exception {
        SecureRandom secureRandom = SecureRandom.getInstance("CPRandom");
        secureRandom.setSeed(System.nanoTime());
        byte[] bArr = new byte[i];
        secureRandom.nextBytes(bArr);
        return bArr;
    }

    public static Document getClientDocumentSample() throws Exception {
        return getDocumentSample(getMessage("From client."));
    }

    public static Document getDocumentSample(String str) throws Exception {
        Document sOAPPart = toSOAPPart(str);
        new WSSecHeader().insertSecurityHeader(sOAPPart);
        return sOAPPart;
    }

    protected static String getMessage(String str) {
        return "<?xml version=\"1.0\" encoding=\"UTF-8\"?><SOAP-ENV:Envelope xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"><SOAP-ENV:Body><add xmlns=\"http://ws.apache.org/counter/counter_port_type\"><value xmlns=\"\">" + str + "</value></add></SOAP-ENV:Body></SOAP-ENV:Envelope>";
    }

    public static Document getServiceDocumentSample() throws Exception {
        return getDocumentSample(getMessage("From service."));
    }

    public static void init() {
        Init.init();
        XmlInit.init();
        documentBuilderFactory.setNamespaceAware(true);
        if (!Platform.isAndroid) {
            try {
                documentBuilderFactory.setFeature("http://javax.xml.XMLConstants/feature/secure-processing", true);
                documentBuilderFactory.setFeature("http://xml.org/sax/features/external-general-entities", false);
                documentBuilderFactory.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
            } catch (Exception e) {
                throw new RuntimeException(e);
            }
        }
        try {
            KeyStore keyStore = KeyStore.getInstance("HDImageStore");
            keyStore.load(null, null);
            clientPrivateKey = (PrivateKey) keyStore.getKey("gost_exch", CLIENT_PASSWORD);
            clientCertificate = (X509Certificate) keyStore.getCertificate("gost_exch");
            servicePrivateKey = (PrivateKey) keyStore.getKey(SERVICE_ALIAS, SERVICE_PASSWORD);
            serviceCertificate = (X509Certificate) keyStore.getCertificate(SERVICE_ALIAS);
        } catch (Exception e2) {
            e2.printStackTrace();
        }
    }

    public static void main(String[] strArr) throws Exception {
        clientProcess(serviceProcess(clientSendRequest()));
    }

    private static Document proceedMessage(Document document, Element element, SecretKey secretKey, OperationType operationType) throws Exception {
        XMLCipher xMLCipher = XMLCipher.getInstance(Consts.URI_GOST_CIPHER);
        xMLCipher.init(operationType == OperationType.OT_ENCRYPT ? 1 : 2, secretKey);
        if (operationType == OperationType.OT_ENCRYPT) {
            xMLCipher.doFinal(document, element, true);
        } else {
            xMLCipher.doFinal(document, element);
        }
        return document;
    }

    public static TransportMessage serviceProcess(TransportMessage transportMessage) throws Exception {
        SecretKey unwrapSecretKey = unwrapSecretKey(transportMessage.encryptedKey, servicePrivateKey);
        serviceSecretKey = unwrapSecretKey;
        SecretKeySpec secretKeySpec = (SecretKeySpec) ((GostSecretKey) unwrapSecretKey).getSpec();
        Document decryptMessage = decryptMessage(transportMessage.encryptedDocument, deriveSecretKey(secretKeySpec, LABEL, LABEL, transportMessage.nonce));
        System.out.println("Decrypted client message:\n" + XMLUtils.PrettyDocumentToString(decryptMessage));
        byte[] generateNonce = generateNonce(16);
        SecretKey deriveSecretKey = deriveSecretKey(secretKeySpec, LABEL, LABEL, generateNonce);
        Document serviceDocumentSample = getServiceDocumentSample();
        System.out.println("Source service message:\n" + XMLUtils.PrettyDocumentToString(serviceDocumentSample));
        Document encryptMessage = encryptMessage(serviceDocumentSample, deriveSecretKey);
        System.out.println("Encrypted service message:\n" + XMLUtils.PrettyDocumentToString(encryptMessage));
        return new TransportMessage(null, generateNonce, encryptMessage);
    }

    private static Document toSOAPPart(String str) throws Exception {
        return documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(str.getBytes()));
    }

    protected static SecretKey unwrapSecretKey(byte[] bArr, PrivateKey privateKey) throws Exception {
        Cipher cipher = Cipher.getInstance("GostTransport");
        cipher.init(4, privateKey);
        return (SecretKey) cipher.unwrap(bArr, null, 3);
    }

    protected static byte[] wrapSecretKey(SecretKey secretKey, X509Certificate x509Certificate) throws Exception {
        Cipher cipher = Cipher.getInstance("GostTransport");
        cipher.init(3, x509Certificate);
        return cipher.wrap(secretKey);
    }
}
