package br.jus.cnj.projudi.mdata;

import br.jus.cnj.projudi.util.EncodingUtil;
import br.jus.cnj.projudi.util.FileUtil;
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.Security;
import java.security.Signature;
import java.security.SignatureException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertStore;
import java.security.cert.CertStoreException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import java.util.StringTokenizer;
import org.apache.log4j.Logger;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.cms.CMSProcessable;
import org.bouncycastle.cms.CMSProcessableByteArray;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.cms.CMSSignedDataGenerator;
import org.bouncycastle.cms.SignerInformation;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.jce.provider.JDKX509CertificateFactory;
import org.bouncycastle.x509.X509Store;

/* loaded from: input_file:br/jus/cnj/projudi/mdata/ArquivoAssinatura.class */
public class ArquivoAssinatura {
    private static final Logger log = Logger.getLogger(ArquivoAssinatura.class);
    private byte[] documentoOriginal;
    private String nomeArquivoOriginal;
    private Set<Chaveiro> listaChaveiro;
    private Chaveiro chaveiro;
    private CMSSignedData cmsSignedData;
    private CMSProcessableByteArray cmsProcessableByteArray;

    public ArquivoAssinatura() {
    }

    public ArquivoAssinatura(String str) throws IOException {
        this(FileUtil.abreArquivo(new File(str)), str);
    }

    public ArquivoAssinatura(byte[] bArr, String str) {
        this.documentoOriginal = bArr;
        this.nomeArquivoOriginal = str;
        try {
            this.cmsSignedData = new CMSSignedData(bArr);
        } catch (CMSException e) {
            this.cmsProcessableByteArray = new CMSProcessableByteArray(bArr);
        }
    }

    public void escreveArquivoP7s() throws UnrecoverableKeyException, CertStoreException, NoSuchAlgorithmException, NoSuchProviderException, IllegalArgumentException, KeyStoreException, InvalidAlgorithmParameterException, IOException, CMSException, InstantiationException, IllegalAccessException, ClassNotFoundException, CertificateEncodingException {
        byte[] arquivoAssinado = getArquivoAssinado();
        if (arquivoAssinado != null) {
            FileOutputStream fileOutputStream = new FileOutputStream(getArquivoP7s());
            fileOutputStream.write(arquivoAssinado);
            fileOutputStream.close();
        }
    }

    public File getArquivoP7s() {
        if (this.nomeArquivoOriginal != null && this.nomeArquivoOriginal.lastIndexOf(46) > 0) {
            return new File(FileUtil.acrescentarExtensaoNomeArquivo(this.nomeArquivoOriginal));
        }
        return null;
    }

    public ArquivoAssinatura adicionaChaveiro(Chaveiro chaveiro) {
        if (this.listaChaveiro == null) {
            this.listaChaveiro = new HashSet();
        }
        this.listaChaveiro.add(chaveiro);
        setChaveiro(chaveiro);
        return this;
    }

    public Chaveiro getChaveiro() {
        return this.chaveiro;
    }

    public void setChaveiro(Chaveiro chaveiro) {
        this.chaveiro = chaveiro;
    }

    public byte[] montarCMSProcessableByte() {
        byte[] bArr = (byte[]) null;
        try {
            Chaveiro chaveiro = getChaveiro();
            if (chaveiro != null) {
                boolean z = false;
                if (chaveiro.getAlias() != null && !chaveiro.getAlias().trim().isEmpty()) {
                    z = true;
                }
                if (bArr == null && this.cmsSignedData == null) {
                    setCMSSignedData(null, chaveiro.getChavePrivada(), chaveiro.getCertificadoEmissor(), chaveiro.getCertStore("BC"), z);
                } else {
                    if (bArr == null && this.cmsSignedData != null) {
                        bArr = this.cmsSignedData.getEncoded();
                    }
                    setCMSSignedData(bArr, chaveiro.getChavePrivada(), chaveiro.getCertificadoEmissor(), chaveiro.getCertStore("BC"), z);
                }
            }
            bArr = this.cmsSignedData.getEncoded();
        } catch (IOException e) {
            log.error(e);
        } catch (IllegalArgumentException e2) {
            log.error(e2);
        } catch (InvalidAlgorithmParameterException e3) {
            log.error(e3);
        } catch (KeyStoreException e4) {
            log.error(e4);
        } catch (NoSuchAlgorithmException e5) {
            log.error(e5);
        } catch (NoSuchProviderException e6) {
            log.error(e6);
        } catch (UnrecoverableKeyException e7) {
            log.error(e7);
        }
        return bArr;
    }

    public void setCMSSignedData(byte[] bArr, PrivateKey privateKey, X509Certificate x509Certificate, CertStore certStore, boolean z) {
        try {
            CMSSignedDataGenerator cMSSignedDataGenerator = new CMSSignedDataGenerator();
            cMSSignedDataGenerator.addSigner(privateKey, x509Certificate, CMSSignedDataGenerator.DIGEST_SHA1);
            cMSSignedDataGenerator.addCertificatesAndCRLs(certStore);
            if (bArr != null) {
                CMSSignedData cMSSignedData = new CMSSignedData(bArr);
                adicionarAssinaturasAntigas(cMSSignedData, cMSSignedDataGenerator);
                this.cmsSignedData = cMSSignedDataGenerator.generate(cMSSignedData.getSignedContent(), true, getProvider(z));
            } else {
                this.cmsSignedData = cMSSignedDataGenerator.generate((CMSProcessable) this.cmsProcessableByteArray, true, getProvider(z));
            }
        } catch (Exception e) {
            log.error(e);
        }
    }

    private void adicionarAssinaturasAntigas(CMSSignedData cMSSignedData, CMSSignedDataGenerator cMSSignedDataGenerator) {
        try {
            CertStore certificatesAndCRLs = cMSSignedData.getCertificatesAndCRLs("Collection", "BC");
            X509Store attributeCertificates = cMSSignedData.getAttributeCertificates("Collection", "BC");
            cMSSignedDataGenerator.addCertificatesAndCRLs(certificatesAndCRLs);
            cMSSignedDataGenerator.addAttributeCertificates(attributeCertificates);
            cMSSignedDataGenerator.addSigners(cMSSignedData.getSignerInfos());
        } catch (Exception e) {
            log.error(e);
        }
    }

    public String getProvider(boolean z) {
        if (!z) {
            Security.addProvider(new BouncyCastleProvider());
            return "BC";
        }
        try {
            Security.addProvider((Provider) Class.forName("sun.security.mscapi.SunMSCAPI").newInstance());
            return "SunMSCAPI";
        } catch (Exception e) {
            log.error(e);
            return "SunMSCAPI";
        }
    }

    public byte[] getArquivoAssinado() {
        byte[] bArr = (byte[]) null;
        try {
            if (this.cmsSignedData != null) {
                bArr = this.cmsSignedData.getEncoded();
            }
        } catch (IOException e) {
            log.error(e);
        } catch (IllegalArgumentException e2) {
            log.error(e2);
        }
        return bArr;
    }

    public byte[] generateArquivoAssinar() {
        return montarCMSProcessableByte();
    }

    public String generateSignature(PrivateKey privateKey, byte[] bArr) {
        try {
            Signature signature = Signature.getInstance("SHA1withRSA");
            signature.initSign(privateKey);
            signature.update(bArr);
            return EncodingUtil.base64Encode(signature.sign());
        } catch (InvalidKeyException e) {
            log.error(e);
            return null;
        } catch (NoSuchAlgorithmException e2) {
            log.error(e2);
            return null;
        } catch (SignatureException e3) {
            log.error(e3);
            return null;
        }
    }

    public String generateCertificationChain(ArrayList<Certificate> arrayList) {
        String str = new String();
        try {
            str = EncodingUtil.base64Encode(new JDKX509CertificateFactory().engineGenerateCertPath(arrayList).getEncoded("PkiPath"));
        } catch (CertificateException e) {
            log.debug("CertificateException");
        } catch (Exception e2) {
            log.error(e2);
        }
        return str;
    }

    public Set<Chaveiro> getListaChaveiro() {
        return this.listaChaveiro;
    }

    public byte[] getDocumentoOriginal() {
        return this.documentoOriginal;
    }

    public String getNomeArquivoOriginal() {
        String str = this.nomeArquivoOriginal;
        return str.substring(str.lastIndexOf("\\") + 1);
    }

    public boolean jaContemAssinatura(Chaveiro chaveiro) {
        return (getListaChaveiro() == null || getListaChaveiro().isEmpty() || !getListaChaveiro().contains(chaveiro)) ? false : true;
    }

    public boolean checkJaAssinado(Chaveiro chaveiro) {
        setChaveiro(chaveiro);
        try {
            if (this.nomeArquivoOriginal.substring(this.nomeArquivoOriginal.lastIndexOf(46)).equalsIgnoreCase(".p7s")) {
                if (!verificaJaAssinou(getDocumentoOriginal())) {
                    return false;
                }
                adicionaChaveiro(chaveiro);
                setChaveiro(null);
                return true;
            }
            if (!verificaJaAssinou(getArquivoAssinado())) {
                return false;
            }
            adicionaChaveiro(chaveiro);
            setChaveiro(null);
            return true;
        } catch (Exception e) {
            log.fatal(e);
            return false;
        }
    }

    private boolean verificaJaAssinou(byte[] bArr) throws Exception {
        if (bArr == null) {
            return false;
        }
        try {
            CMSSignedData cMSSignedData = new CMSSignedData(bArr);
            CertStore certificatesAndCRLs = cMSSignedData.getCertificatesAndCRLs("Collection", getProvider(false));
            Collection signers = cMSSignedData.getSignerInfos().getSigners();
            String nomeEmissorCertificado = getNomeEmissorCertificado(this.chaveiro.getCertificadoEmissor());
            Iterator it = signers.iterator();
            while (it.hasNext()) {
                Iterator<? extends Certificate> it2 = certificatesAndCRLs.getCertificates(((SignerInformation) it.next()).getSID()).iterator();
                while (it2.hasNext()) {
                    if (nomeEmissorCertificado.equals(getNomeEmissorCertificado((X509Certificate) it2.next()))) {
                        return true;
                    }
                }
            }
            return false;
        } catch (CMSException e) {
            log.fatal(e);
            throw new Exception("Problemas ao criar representação do arquivo assinado.", e);
        } catch (Exception e2) {
            log.error(e2);
            throw new Exception("Aquivo assinado com certificado inválido (o período de validade expirou).", e2);
        }
    }

    public String getNomeEmissorCertificado(X509Certificate x509Certificate) {
        StringTokenizer stringTokenizer = new StringTokenizer(x509Certificate.getSubjectDN().getName(), ",");
        String str = new String("");
        while (stringTokenizer.hasMoreTokens()) {
            String nextToken = stringTokenizer.nextToken();
            if (nextToken.trim().startsWith("CN=")) {
                str = nextToken.trim().substring(3);
            }
        }
        return str;
    }
}
