package org.adullact.parapheur.applets.splittedsign;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.cert.CRLException;
import java.security.cert.CertPathBuilderException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.concurrent.atomic.AtomicReference;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.swing.JDialog;
import javax.swing.JOptionPane;
import javax.swing.SwingUtilities;
import javax.xml.crypto.dsig.XMLSignatureException;
import org.apache.commons.lang.StringUtils;
import org.bouncycastle.cms.CMSException;

/* loaded from: input_file:org/adullact/parapheur/applets/splittedsign/SignUtil.class */
public class SignUtil {
    private Map<String, Digest> digests;
    private boolean acceptSelfSigned;

    public SignUtil(Map<String, Digest> map, boolean z) {
        this.digests = new HashMap();
        this.acceptSelfSigned = false;
        this.digests = map;
        this.acceptSelfSigned = z;
    }

    private static byte[] hexDecode(String str) {
        int length = str.length();
        if (length % 2 != 0) {
            throw new IllegalArgumentException("Odd number of characters.");
        }
        try {
            byte[] bArr = new byte[length / 2];
            int i = 0;
            for (int i2 = 0; i2 < length; i2 += 2) {
                int i3 = i;
                i++;
                bArr[i3] = (byte) Integer.parseInt(str.substring(i2, i2 + 2), 16);
            }
            return bArr;
        } catch (NumberFormatException e) {
            throw new IllegalArgumentException("Illegal hexadecimal character.", e);
        }
    }

    boolean validateCertificate(X509Certificate x509Certificate, List<String> list, SignHandler signHandler) throws CRLException, CRLNotFoundException, IOException, KeyStoreException, NoSuchAlgorithmException, CertificateException, CertificateVerificationException, CertPathBuilderException {
        signHandler.progress("Vérification validité certificat en cours.");
        x509Certificate.checkValidity();
        signHandler.progress("Vérification validité certificat... OK!");
        if (!x509Certificate.getIssuerDN().equals(x509Certificate.getSubjectDN()) || this.acceptSelfSigned) {
            signHandler.validateCertificate(x509Certificate, list);
            return true;
        }
        signHandler.progress("Vérification validité certificat... KO !");
        throw new CertificateSelfSignedException("Self signed certificates are refused");
    }

    public void sign(X509Certificate x509Certificate, PrivateKey privateKey, SignHandler signHandler) {
        byte[] signAndCreateP7;
        HashMap<String, String> hashMap = new HashMap<>();
        ArrayList arrayList = new ArrayList();
        try {
            validateCertificate(x509Certificate, arrayList, signHandler);
        } catch (IOException e) {
            System.err.println(e.getLocalizedMessage() + "\n" + e.toString() + "\n");
            signHandler.print("Erreur inconnue lors de la vérification de la validité du certificat.\nConsulter votre administrateur.\n  " + e.getMessage());
            return;
        } catch (KeyStoreException e2) {
            System.err.println(e2.getLocalizedMessage() + "\n" + e2.toString() + "\n");
            signHandler.print("Erreur inconnue lors de la vérification de la validité du certificat.\nConsulter votre administrateur.\n  " + e2.getMessage());
            return;
        } catch (NoSuchAlgorithmException e3) {
            System.err.println(e3.getLocalizedMessage() + "\n" + e3.toString() + "\n");
            signHandler.print("Erreur inconnue lors de la vérification de la validité du certificat.\nConsulter votre administrateur.\n  " + e3.getMessage());
            return;
        } catch (CRLException e4) {
            System.err.println(e4.getLocalizedMessage() + "\n" + e4.toString() + "\n");
            signHandler.print("Erreur inconnue lors de la vérification de la validité du certificat.\nConsulter votre administrateur.\n  " + e4.getMessage());
            return;
        } catch (CertPathBuilderException e5) {
            signHandler.print("La chaîne de confiance n'a pas pu être construite.\nL'autorité de certification n'est pas valide, ou inconnue.");
            return;
        } catch (CertificateExpiredException e6) {
            signHandler.print("Votre certificat est expiré depuis le " + x509Certificate.getNotAfter());
            return;
        } catch (CertificateNotYetValidException e7) {
            signHandler.print("Votre certificat ne sera valide qu'à partir du " + x509Certificate.getNotBefore());
            return;
        } catch (CertificateSelfSignedException e8) {
            signHandler.print("Votre certificat est auto-signé.\nIl est impropre à la signature électronique.");
            return;
        } catch (CertificateException e9) {
            System.err.println(e9.getLocalizedMessage() + "\n" + e9.toString() + "\n");
            signHandler.print("Erreur inconnue lors de la vérification de la validité du certificat.\nConsulter votre administrateur.\n  " + e9.getMessage());
            return;
        } catch (CRLNotFoundException e10) {
            final AtomicReference atomicReference = new AtomicReference();
            try {
                SwingUtilities.invokeAndWait(new Runnable() { // from class: org.adullact.parapheur.applets.splittedsign.SignUtil.1
                    @Override // java.lang.Runnable
                    public void run() {
                        JDialog jDialog = new JDialog();
                        jDialog.setVisible(false);
                        jDialog.setAlwaysOnTop(true);
                        jDialog.toFront();
                        atomicReference.set(Integer.valueOf(JOptionPane.showConfirmDialog(jDialog, "ATTENTION: La CRL '" + e10.getCrlLocation() + "' ne peut être contactée. \nSouhaitez-vous quand même continuer ?", "CRL inconnue", 0)));
                    }
                });
            } catch (Exception e11) {
                e11.printStackTrace();
            }
            if (((Integer) atomicReference.get()).intValue() != 0) {
                return;
            } else {
                arrayList.add(e10.getCrlLocation());
            }
        } catch (CertificateRevokedException e12) {
            signHandler.print("Votre certificat a été révoqué.\nIl est impropre à la signature électronique.");
            return;
        } catch (CertificateVerificationException e13) {
            System.err.println(e13.getLocalizedMessage() + "\n" + e13.toString() + "\n");
            signHandler.print("La vérification du certificat sélectionné a échoué. \nConsulter votre administrateur système, message:\n  " + e13.getMessage());
            return;
        }
        try {
            int size = this.digests.size();
            int i = 0;
            for (String str : this.digests.keySet()) {
                i++;
                String str2 = this.digests.get(str).formatSignature;
                signHandler.progress("Patientez, signature n°" + i + "/" + size + " en cours. Format : " + str2);
                if ("CMS".equalsIgnoreCase(str2) || "PADES-basic".equalsIgnoreCase(str2)) {
                    if ("PADES-basic".equalsIgnoreCase(str2)) {
                        System.out.println("Bonjour, je vais signer en PAdES-basique");
                    } else {
                        System.out.println("\tiddoc=\"" + str + "\", digest=\"" + this.digests.get(str) + "\"");
                    }
                    if (this.digests.get(str).digests.contains(",")) {
                        StringBuilder sb = new StringBuilder();
                        boolean z = true;
                        for (String str3 : this.digests.get(str).digests.split(",")) {
                            if (z) {
                                z = false;
                            } else {
                                sb.append(",");
                            }
                            sb.append(new String(Base64Coder.encode(Base64Coder.der2pem(PKCS7SignUtil.signAndCreateP7(x509Certificate, privateKey, hexDecode(str3))))));
                        }
                        hashMap.put(str, sb.toString());
                    } else {
                        hashMap.put(str, new String(Base64Coder.encode(Base64Coder.der2pem(PKCS7SignUtil.signAndCreateP7(x509Certificate, privateKey, hexDecode(this.digests.get(str).digests))))));
                    }
                } else if ("PKCS1_SHA256_RSA".equalsIgnoreCase(str2)) {
                    hashMap.put(str, String.valueOf(Base64Coder.encode(this.digests.get(str).digests.contains(":") ? PKCS1SignUtil.sign(x509Certificate, privateKey, this.digests.get(str).digests.getBytes(), true) : PKCS1SignUtil.sign(x509Certificate, privateKey, Base64.decode(this.digests.get(str).digests), false))) + ";" + String.valueOf(Base64Coder.encode(x509Certificate.getEncoded())));
                } else if ("CMS-Allin1".equalsIgnoreCase(str2)) {
                    String str4 = this.digests.get(str).p7s;
                    if (str4 == null || str4.trim().isEmpty() || "null".equalsIgnoreCase(str4)) {
                        signAndCreateP7 = PKCS7SignUtil.signAndCreateP7(x509Certificate, privateKey, hexDecode(this.digests.get(str).digests));
                    } else {
                        System.out.println("param currentP7s=" + str4.substring(0, str4.length() > 20 ? 20 : str4.length()));
                        byte[] decode = Base64.decode(str4);
                        String str5 = new String(decode);
                        System.out.println("param currentP7sDECODED=" + str5.substring(0, str5.length() > 10 ? 10 : str5.length()));
                        signAndCreateP7 = str5.contains("-----BEGIN") ? PKCS7SignUtil.updateP7Signature(x509Certificate, privateKey, hexDecode(this.digests.get(str).digests), PKCS7VerUtil.pem2der(Base64.decode(str4.replaceAll("![a-zA-Z0-9+/=]", StringUtils.EMPTY)), "-----BEGIN".getBytes(), "-----END".getBytes())) : PKCS7SignUtil.updateP7Signature(x509Certificate, privateKey, hexDecode(this.digests.get(str).digests), decode);
                    }
                    hashMap.put(str, new String(Base64Coder.encode(Base64Coder.der2pem(signAndCreateP7))));
                } else if ("XADES".equalsIgnoreCase(str2)) {
                    System.out.println("##### iddoc=" + str + ", digest=" + this.digests.get(str));
                    XADESSignUtil xADESSignUtil = new XADESSignUtil(this.digests.get(str).pesIds);
                    if (this.digests.get(str).digests.contains(",")) {
                        StringBuilder sb2 = new StringBuilder();
                        boolean z2 = true;
                        for (String str6 : this.digests.get(str).digests.split(",")) {
                            if (z2) {
                                z2 = false;
                            } else {
                                sb2.append(",");
                            }
                            sb2.append(new String(Base64Coder.encode(xADESSignUtil.signXAdES132(x509Certificate, privateKey, hexDecode(str6)))));
                        }
                        hashMap.put(str, sb2.toString());
                    } else {
                        hashMap.put(str, new String(Base64Coder.encode(xADESSignUtil.signXAdES132(x509Certificate, privateKey, hexDecode(this.digests.get(str).digests)))));
                    }
                } else if ("XADES132".equalsIgnoreCase(str2)) {
                    hashMap.put(str, new String(Base64Coder.encode(new XADESSignUtil(this.digests.get(str).pesIds, this.digests.get(str).pespolicyid, this.digests.get(str).pespolicydesc, this.digests.get(str).pespolicyhash, this.digests.get(str).pesspuri, this.digests.get(str).pescity, this.digests.get(str).pespostalcode, this.digests.get(str).pescountryname, this.digests.get(str).pesclaimedrole).signXAdES132(x509Certificate, privateKey, hexDecode(this.digests.get(str).digests)))));
                } else if ("PESV2".equalsIgnoreCase(str2) || "XADES-env".equalsIgnoreCase(str2) || "xades-env-1.2.2-sha256".equalsIgnoreCase(str2)) {
                    XadesHeliosSignUtil xADES122Sha256SignUtil = "xades-env-1.2.2-sha256".equalsIgnoreCase(str2) ? new XADES122Sha256SignUtil(this.digests.get(str).pesIds, this.digests.get(str).pespolicyid, this.digests.get(str).pespolicydesc, this.digests.get(str).pespolicyhash, this.digests.get(str).pesspuri, this.digests.get(str).pescity, this.digests.get(str).pespostalcode, this.digests.get(str).pescountryname, this.digests.get(str).pesclaimedrole, this.digests.get(str).encodingMap) : new XADES111SignUtil(this.digests.get(str).pesIds, this.digests.get(str).pespolicyid, this.digests.get(str).pespolicydesc, this.digests.get(str).pespolicyhash, this.digests.get(str).pesspuri, this.digests.get(str).pescity, this.digests.get(str).pespostalcode, this.digests.get(str).pescountryname, this.digests.get(str).pesclaimedrole, this.digests.get(str).encodingMap);
                    System.out.println("\tiddoc=\"" + str + "\", pes_id=\"" + this.digests.get(str).pesIds + "\"");
                    if (this.digests.get(str).pesIds.contains(",")) {
                        StringBuilder sb3 = new StringBuilder();
                        String[] split = this.digests.get(str).pesIds.split(",");
                        String[] split2 = this.digests.get(str).digests.split(",");
                        boolean z3 = true;
                        for (int i2 = 0; i2 < split2.length; i2++) {
                            if (z3) {
                                z3 = false;
                            } else {
                                sb3.append(",");
                            }
                            String str7 = split2[i2];
                            xADES122Sha256SignUtil.setDocumentID(split[i2]);
                            sb3.append(new String(Base64Coder.encode(xADES122Sha256SignUtil.signPES(null, x509Certificate, privateKey, hexDecode(str7)))));
                        }
                        hashMap.put(str, sb3.toString());
                    } else {
                        hashMap.put(str, new String(Base64Coder.encode(xADES122Sha256SignUtil.signPES(null, x509Certificate, privateKey, hexDecode(this.digests.get(str).digests)))));
                    }
                } else if ("XADES-env-xpath".equalsIgnoreCase(str2)) {
                    System.out.print("Signature DIA :  ");
                    XADESCosigner.setSignParameters(this.digests.get(str).pesIds, this.digests.get(str).pespolicyid, this.digests.get(str).pespolicydesc, this.digests.get(str).pespolicyhash, this.digests.get(str).pesspuri, this.digests.get(str).pescity, this.digests.get(str).pespostalcode, this.digests.get(str).pescountryname, this.digests.get(str).pesclaimedrole);
                    String lowerCase = this.digests.get(str).pesclaimedrole.toLowerCase();
                    ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(hexDecode(this.digests.get(str).digests));
                    System.out.println(new String(hexDecode(this.digests.get(str).digests)));
                    byte[] departmentSign = lowerCase.contains("departement") ? XADESCosigner.departmentSign(x509Certificate, privateKey, byteArrayInputStream, StringUtils.EMPTY) : (lowerCase.contains("conservatoire") && lowerCase.contains("littoral")) ? XADESCosigner.conservatoireLittoralSign(x509Certificate, privateKey, byteArrayInputStream, StringUtils.EMPTY) : lowerCase.contains("commune") ? XADESCosigner.communeSign(x509Certificate, privateKey, byteArrayInputStream, StringUtils.EMPTY) : XADESCosigner.organismSign(x509Certificate, privateKey, str, null, byteArrayInputStream, StringUtils.EMPTY);
                    System.out.println(new String(departmentSign));
                    hashMap.put(str, new String(Base64Coder.encode(departmentSign)));
                } else {
                    Logger.getLogger("org.adullact.parapheur.applets.splittedsignatureapplet").severe("unsupportedSignatureFormatExeptionCN");
                }
            }
            signHandler.success(hashMap);
        } catch (XMLSignatureException e14) {
            signHandler.print(e14.getMessage());
            Logger.getLogger("global").log(Level.SEVERE, (String) null, e14);
        } catch (IOException e15) {
            signHandler.print(e15.getMessage());
            Logger.getLogger(SignUtil.class.getName()).log(Level.SEVERE, (String) null, (Throwable) e15);
        } catch (InvalidKeyException e16) {
            signHandler.print("Clé privée inaccessible.\nVotre certificat est-il bien connecté?");
        } catch (CertificateEncodingException e17) {
            signHandler.print(e17.getMessage());
            Logger.getLogger(SignUtil.class.getName()).log(Level.SEVERE, (String) null, (Throwable) e17);
        } catch (CMSException e18) {
            signHandler.print(e18.getMessage());
            Logger.getLogger(SignUtil.class.getName()).log(Level.SEVERE, (String) null, e18);
        }
    }
}
