package xades4j.providers.impl;

import java.security.PrivateKey;
import java.security.Signature;
import java.security.cert.X509Certificate;
import java.util.List;
import java.util.UUID;
import org.junit.Assert;
import org.junit.Test;
import xades4j.production.Enveloped;
import xades4j.production.PtCcAlgorithmsProvider;
import xades4j.production.SignerTestBase;
import xades4j.production.XadesBesSigningProfile;
import xades4j.production.XadesSigner;
import xades4j.providers.KeyingDataProvider;

/* loaded from: input_file:xades4j/providers/impl/PKCS11KeyStoreKeyingDataProviderTest.class */
public class PKCS11KeyStoreKeyingDataProviderTest extends SignerTestBase {
    private static final int N_RETRIES = 3;

    @Test
    public void testCertAndKeyMatch() throws Exception {
        System.out.println("certAndKeyMatch");
        assumePtCcPkcs11OnWindows();
        doTestWithJCA(new PKCS11KeyStoreKeyingDataProvider(PTCC_PKCS11_LIB_PATH, "PT_CC", new FirstCertificateSelector()));
        doTestWithXades4j(new PKCS11KeyStoreKeyingDataProvider(PTCC_PKCS11_LIB_PATH, "PT_CC", new FirstCertificateSelector()));
    }

    private void doTestWithJCA(KeyingDataProvider keyingDataProvider) throws Exception {
        for (int i = 0; i < N_RETRIES; i++) {
            List<X509Certificate> signingCertificateChain = keyingDataProvider.getSigningCertificateChain();
            Assert.assertNotNull(signingCertificateChain);
            Assert.assertEquals(1L, signingCertificateChain.size());
            X509Certificate x509Certificate = signingCertificateChain.get(0);
            PrivateKey signingKey = keyingDataProvider.getSigningKey(x509Certificate);
            Signature signature = Signature.getInstance("SHA1with" + signingKey.getAlgorithm());
            signature.initSign(signingKey);
            byte[] bytes = UUID.randomUUID().toString().getBytes();
            signature.update(bytes);
            byte[] sign = signature.sign();
            Signature signature2 = Signature.getInstance("SHA1with" + signingKey.getAlgorithm());
            signature2.initVerify(x509Certificate);
            signature2.update(bytes);
            Assert.assertTrue(signature2.verify(sign));
        }
    }

    private void doTestWithXades4j(KeyingDataProvider keyingDataProvider) throws Exception {
        XadesSigner newSigner = new XadesBesSigningProfile(keyingDataProvider).withAlgorithmsProviderEx(PtCcAlgorithmsProvider.class).newSigner();
        for (int i = 0; i < N_RETRIES; i++) {
            new Enveloped(newSigner).sign(getTestDocument().getDocumentElement());
        }
    }
}
