package org.adullact.libersign.actions;

import com.sun.jna.Pointer;
import com.sun.jna.platform.win32.Kernel32;
import com.sun.jna.platform.win32.User32;
import com.sun.jna.platform.win32.WinDef;
import java.io.BufferedReader;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.lang.reflect.Method;
import java.net.URL;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.cert.CRLException;
import java.security.cert.CertPathBuilderException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateKey;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import org.adullact.libersign.Sender;
import org.adullact.libersign.utils.HashUtils;
import org.adullact.libersign.utils.KeystoreVerifier;
import org.adullact.libersign.utils.OSUtil;
import org.adullact.libersign.utils.ProcessUtils;
import org.adullact.parapheur.applets.splittedsign.Base64;
import org.adullact.parapheur.applets.splittedsign.CRLNotFoundException;
import org.adullact.parapheur.applets.splittedsign.CertListUtil;
import org.adullact.parapheur.applets.splittedsign.CertificateVerificationException;
import org.adullact.parapheur.applets.splittedsign.CertificateVerifier;
import org.adullact.parapheur.applets.splittedsign.Digest;
import org.adullact.parapheur.applets.splittedsign.SignHandler;
import org.adullact.parapheur.applets.splittedsign.SignUtil;
import org.apache.commons.lang.ArrayUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.lang.reflect.MethodUtils;
import org.json.JSONArray;
import org.json.JSONObject;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:org/adullact/libersign/actions/SignAction.class */
public class SignAction {
    HashMap<String, Digest> digests;
    HashMap<String, String> signs;
    private JSONObject stub;
    private boolean useNewMethod;

    /* loaded from: input_file:org/adullact/libersign/actions/SignAction$Unthread.class */
    private class Unthread extends Thread {
        private Unthread() {
        }

        private void setChildWindowsOnTop() {
            try {
                Iterator<WinDef.HWND> it = ProcessUtils.getProcessWindows(Kernel32.INSTANCE.GetCurrentProcessId()).iterator();
                while (it.hasNext()) {
                    User32.INSTANCE.SetWindowPos(it.next(), new WinDef.HWND(Pointer.createConstant(-1)), 0, 0, 0, 0, 3);
                }
            } catch (Exception e) {
                e.printStackTrace();
            }
        }

        @Override // java.lang.Thread, java.lang.Runnable
        public void run() {
            long currentTimeMillis = System.currentTimeMillis();
            while (System.currentTimeMillis() < currentTimeMillis + 1000) {
                try {
                    Thread.sleep(500L);
                } catch (InterruptedException e) {
                }
            }
            setChildWindowsOnTop();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SignAction(JSONObject jSONObject) {
        this.stub = jSONObject;
        this.useNewMethod = this.stub.has("sign") && (this.stub.get("sign") instanceof JSONObject) && ((JSONObject) this.stub.get("sign")).has("dataToSign");
        if (this.useNewMethod) {
            return;
        }
        this.digests = getDigests();
    }

    private String getElement(JSONObject jSONObject, String str) {
        String str2 = null;
        if (jSONObject.has(str) && (jSONObject.get(str) instanceof String)) {
            str2 = jSONObject.getString(str);
        }
        return str2;
    }

    private static String join(String str, List<String> list) {
        if (list == null || list.size() <= 0) {
            return StringUtils.EMPTY;
        }
        StringBuilder sb = new StringBuilder();
        for (int i = 0; i < list.size(); i++) {
            sb.append(list.get(i));
            if (i != list.size() - 1) {
                sb.append(str);
            }
        }
        return sb.toString();
    }

    private HashMap<String, Digest> getDigests() {
        HashMap<String, Digest> hashMap = new HashMap<>();
        JSONArray jSONArray = this.stub.getJSONArray("sign");
        int length = jSONArray.length();
        System.out.println("Number of documents to be signed: " + length);
        for (int i = 0; i < length; i++) {
            JSONObject jSONObject = jSONArray.getJSONObject(i);
            String element = jSONObject.has("iddoc") ? getElement(jSONObject, "iddoc") : String.valueOf(i);
            Digest digest = new Digest(getElement(jSONObject, "hash"), getElement(jSONObject, "format"), getElement(jSONObject, "p7s"), getElement(jSONObject, "pesid"), getElement(jSONObject, "pespolicyid"), getElement(jSONObject, "pespolicydesc"), getElement(jSONObject, "pespolicyhash"), getElement(jSONObject, "pesspuri"), getElement(jSONObject, "pescity"), getElement(jSONObject, "pespostalcode"), getElement(jSONObject, "pescountryname"), getElement(jSONObject, "pesclaimedrole"), getElement(jSONObject, "pesencoding"));
            System.out.println("   Document #" + i + ": " + element);
            hashMap.put(element, digest);
        }
        return hashMap;
    }

    public static String sign(byte[] bArr, PrivateKey privateKey) throws Exception {
        Signature signature = privateKey instanceof RSAPrivateKey ? Signature.getInstance("SHA256WithRSA", "BC") : System.getProperty("os.name").startsWith("Windows") ? Signature.getInstance("SHA256WithRSA", "SunMSCAPI") : Signature.getInstance("SHA256WithRSA", "SunRsaSign");
        signature.initSign(privateKey);
        signature.update(bArr);
        return Base64.encodeBytes(signature.sign());
    }

    public static String signPKCS1(byte[] bArr, PrivateKey privateKey) throws Exception {
        if (!System.getProperty("os.name").startsWith("Windows")) {
            Signature signature = privateKey instanceof RSAPrivateKey ? Signature.getInstance("NONEWithRSA", "BC") : Signature.getInstance("NONEwithRSA", "SunRsaSign");
            signature.initSign(privateKey);
            signature.update(bArr);
            return Base64.encodeBytes(signature.sign());
        }
        try {
            long longValue = ((Long) MethodUtils.invokeMethod((Object) privateKey, "getHCryptKey", (Object[]) null)).longValue();
            long longValue2 = ((Long) MethodUtils.invokeMethod((Object) privateKey, "getHCryptProvider", (Object[]) null)).longValue();
            Class<?> cls = Class.forName("sun.security.mscapi.RSASignature");
            Method declaredMethod = cls.getDeclaredMethod("signHash", Boolean.TYPE, byte[].class, Integer.TYPE, String.class, Long.TYPE, Long.TYPE);
            declaredMethod.setAccessible(true);
            byte[] bArr2 = (byte[]) declaredMethod.invoke(cls, false, bArr, Integer.valueOf(bArr.length), "SHA-256", Long.valueOf(longValue2), Long.valueOf(longValue));
            ArrayUtils.reverse(bArr2);
            return Base64.encodeBytes(bArr2);
        } catch (Exception e) {
            e.printStackTrace();
            throw e;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void get() {
        String string;
        String thumbPrint;
        JSONObject jSONObject = new JSONObject();
        String str = (String) this.stub.get("nonce");
        jSONObject.put("nonce", str);
        if (!new KeystoreVerifier().integrityChecking()) {
            jSONObject.put("result", "ko");
            jSONObject.put("exception", "TrustStore corrompu");
            Sender.sendMessage(jSONObject.toString());
            return;
        }
        CertListUtil certListUtil = new CertListUtil();
        List<Certificate> availableCertificates = certListUtil.getAvailableCertificates();
        X509Certificate x509Certificate = null;
        PrivateKey privateKey = null;
        jSONObject.put("result", "ok");
        if (this.useNewMethod) {
            string = this.stub.getString("cert");
            System.out.println("SignAction::get - useNewMethod - certId : " + string);
        } else {
            string = ((JSONObject) this.stub.get("cert")).getString("ID");
        }
        for (Certificate certificate : availableCertificates) {
            try {
                thumbPrint = HashUtils.getThumbPrint((X509Certificate) certificate);
                System.out.println("SignAction::get - thumbprint : " + thumbPrint);
            } catch (NoSuchAlgorithmException | CertificateEncodingException e) {
                e.printStackTrace();
            }
            if (thumbPrint.equalsIgnoreCase(string)) {
                System.out.println("SignAction::get - found cert");
                x509Certificate = (X509Certificate) certificate;
                if (OSUtil.isWindows()) {
                    new Unthread().start();
                }
                privateKey = certListUtil.getKey(x509Certificate);
                System.out.println("SignAction::get - privKey");
            } else {
                continue;
            }
        }
        try {
            if (this.useNewMethod) {
                signWithNewMethod((JSONArray) ((JSONObject) this.stub.get("sign")).get("dataToSign"), privateKey);
            } else {
                signWithOldMethod(str, x509Certificate, privateKey);
            }
        } catch (Exception e2) {
            e2.printStackTrace();
        }
        if (this.signs != null) {
            JSONArray jSONArray = new JSONArray();
            for (int i = 0; i < this.signs.size(); i++) {
                if (this.signs.containsKey(String.valueOf(i))) {
                    jSONArray.put(this.signs.get(String.valueOf(i)));
                }
            }
            if (jSONArray.length() == 0) {
                jSONObject.put("result", "ko");
            } else {
                jSONObject.put("result", "ok");
            }
            jSONObject.put("sign", jSONArray);
            Sender.sendMessage(jSONObject.toString());
        }
    }

    private void signWithNewMethod(JSONArray jSONArray, PrivateKey privateKey) throws Exception {
        this.signs = new HashMap<>();
        for (int i = 0; i < jSONArray.length(); i++) {
            String string = jSONArray.getString(i);
            ArrayList arrayList = new ArrayList();
            for (String str : string.split(",")) {
                if (str.startsWith("pkcs1:")) {
                    arrayList.add(signPKCS1(Base64.decode(str.substring(6)), privateKey));
                } else {
                    arrayList.add(sign(Base64.decode(str), privateKey));
                }
            }
            this.signs.put(String.valueOf(i), join(",", arrayList));
        }
    }

    private void signWithOldMethod(final String str, X509Certificate x509Certificate, PrivateKey privateKey) {
        new SignUtil(this.digests, false).sign(x509Certificate, privateKey, new SignHandler() { // from class: org.adullact.libersign.actions.SignAction.1
            @Override // org.adullact.parapheur.applets.splittedsign.SignHandler
            public void print(String str2) {
                JSONObject jSONObject = new JSONObject();
                jSONObject.put("exception", str2);
                jSONObject.put("result", "ko");
                jSONObject.put("nonce", str);
                Sender.sendMessage(jSONObject.toString());
            }

            @Override // org.adullact.parapheur.applets.splittedsign.SignHandler
            public void progress(String str2) {
                System.out.println(str2);
                JSONObject jSONObject = new JSONObject();
                jSONObject.put("progress", str2);
                Sender.sendMessage(jSONObject.toString());
            }

            @Override // org.adullact.parapheur.applets.splittedsign.SignHandler
            public void validateCertificate(X509Certificate x509Certificate2, List<String> list) throws CRLException, CRLNotFoundException, IOException, KeyStoreException, NoSuchAlgorithmException, CertificateException, CertificateVerificationException, CertPathBuilderException {
                InputStream resourceAsStream = SignAction.class.getResourceAsStream("/ac-truststore.password");
                ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                byte[] bArr = new byte[256];
                while (true) {
                    int read = resourceAsStream.read(bArr);
                    if (read == -1) {
                        break;
                    } else {
                        byteArrayOutputStream.write(bArr, 0, read);
                    }
                }
                String str2 = new String(byteArrayOutputStream.toByteArray());
                progress("Vérification validité certificat: CRL locale.");
                InputStream resourceAsStream2 = SignAction.class.getResourceAsStream("/ac-truststore.jks");
                KeyStore keyStore = KeyStore.getInstance("JKS");
                keyStore.load(resourceAsStream2, str2.toCharArray());
                InputStream resourceAsStream3 = SignAction.class.getResourceAsStream("/crl-list.conf");
                InputStream inputStream = null;
                ArrayList arrayList = new ArrayList();
                CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
                BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(resourceAsStream3));
                while (true) {
                    String readLine = bufferedReader.readLine();
                    if (readLine == null) {
                        bufferedReader.close();
                        progress("Vérification validité certificat: CRL locale... OK!");
                        arrayList.add(x509Certificate2);
                        Enumeration<String> aliases = keyStore.aliases();
                        HashSet hashSet = new HashSet();
                        if (aliases != null) {
                            while (aliases.hasMoreElements()) {
                                String nextElement = aliases.nextElement();
                                if (keyStore.isCertificateEntry(nextElement)) {
                                    hashSet.add(keyStore.getCertificate(nextElement));
                                }
                            }
                        }
                        progress("Vérification validité certificat: chaine de certification et non-révocation en cours");
                        CertificateVerifier.verifyCertificate(x509Certificate2, hashSet, list);
                        progress("Vérification validité certificat... OK!");
                        System.out.println("CertAndCrls.size = " + arrayList.size());
                        return;
                    }
                    String trim = readLine.trim();
                    if (!trim.isEmpty() && !trim.startsWith("#")) {
                        try {
                            if (trim.startsWith("http")) {
                                inputStream = new URL(trim).openStream();
                            } else if (trim.startsWith("file://")) {
                                System.out.println("Info: loading local CRL: " + trim.substring("file://".length()));
                                inputStream = SignAction.class.getResourceAsStream(trim.substring("file://".length()));
                            }
                            X509CRL x509crl = (X509CRL) certificateFactory.generateCRL(inputStream);
                            arrayList.add(x509crl);
                            if (x509crl.isRevoked(x509Certificate2)) {
                                throw new CRLNotFoundException("Certificate is revoked", trim);
                                break;
                            } else if (inputStream != null) {
                                inputStream.close();
                            }
                        } catch (IOException e) {
                            if (!list.contains(trim)) {
                                throw new CRLNotFoundException(e.getMessage(), trim);
                            }
                        }
                    }
                }
            }

            @Override // org.adullact.parapheur.applets.splittedsign.SignHandler
            public void success(HashMap<String, String> hashMap) {
                SignAction.this.signs = hashMap;
            }
        });
    }
}
