package org.adullact.parapheur.applets.splittedsign.sign;

import java.security.Security;
import java.security.cert.X509Certificate;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.Set;
import java.util.logging.Logger;
import org.adullact.parapheur.applets.splittedsign.providers.SignHandler;
import org.adullact.parapheur.applets.splittedsign.providers.SignProvider;
import org.adullact.parapheur.applets.splittedsign.sign.cms.ExternalSignerInfoGenerator;
import org.adullact.parapheur.applets.splittedsign.utils.CRLVerifier;
import org.adullact.parapheur.applets.splittedsign.utils.PropertyConstants;
import org.adullact.parapheur.applets.splittedsign.utils.SignType;
import org.adullact.parapheur.applets.splittedsign.utils.TimeStampTokenUtil;
import org.adullact.parapheur.applets.splittedsign.utils.X509Util;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.tsp.TimeStampToken;

/* loaded from: input_file:org/adullact/parapheur/applets/splittedsign/sign/BaseSign.class */
public abstract class BaseSign implements Sign {
    private SignHandler signHandler;
    private SignProvider signProvider;
    private List<X509Certificate> certificateChain;
    private final Logger logger = Logger.getLogger("BaseSign");
    private boolean initialized = false;
    private Properties properties = new Properties(getDefault());

    public BaseSign(SignProvider signProvider, SignHandler signHandler, Properties properties) {
        this.signProvider = signProvider;
        this.signHandler = signHandler;
        for (Map.Entry entry : properties.entrySet()) {
            this.logger.info(String.format("updating property key:%s value:%s", (String) entry.getKey(), (String) entry.getValue()));
            this.properties.setProperty((String) entry.getKey(), (String) entry.getValue());
        }
        if ("BC".equals(this.properties.getProperty(PropertyConstants.SecurityProvider.getLiteral())) && Security.getProvider(this.properties.getProperty(PropertyConstants.SecurityProvider.getLiteral())) == null) {
            Security.addProvider(new BouncyCastleProvider());
            this.logger.info("Add bouncy castle provider");
        }
    }

    public static Properties getDefault() {
        Properties properties = new Properties();
        properties.setProperty(PropertyConstants.SecurityProvider.getLiteral(), "BC");
        properties.setProperty(PropertyConstants.DigestAlgName.getLiteral(), "SHA256");
        properties.setProperty(PropertyConstants.EncryptionAlgName.getLiteral(), "RSA");
        properties.setProperty(PropertyConstants.EnvelopeEncode.getLiteral(), "DER");
        properties.setProperty(PropertyConstants.EnvelopeSignType.getLiteral(), SignType.PAdES_BES.getLiteral());
        properties.setProperty(PropertyConstants.TSAURL.getLiteral(), "http://timestamping.edelweb.fr/service/tsp");
        properties.setProperty(PropertyConstants.TSAUser.getLiteral(), "");
        properties.setProperty(PropertyConstants.TSAPassword.getLiteral(), "");
        properties.setProperty(PropertyConstants.VerifyCRL.getLiteral(), "true");
        properties.setProperty(PropertyConstants.VerifyCertificate.getLiteral(), "true");
        properties.setProperty(PropertyConstants.FileKeyStoreTrustedRootCerts.getLiteral(), "certs.ks");
        properties.setProperty(PropertyConstants.PassKeyStoreTrustedRootCerts.getLiteral(), "j4ops");
        return properties;
    }

    public String getProperty(String str) {
        return this.properties.getProperty(str);
    }

    public void setProperty(String str, String str2) {
        this.properties.setProperty(str, str2);
    }

    public Properties getProperties() {
        return this.properties;
    }

    public String getDigestAlgOID() {
        return ExternalSignerInfoGenerator.getOIDFromDigestAlgName(getProperty(PropertyConstants.DigestAlgName.getLiteral()));
    }

    public String getEncryptionAlgOID() {
        return ExternalSignerInfoGenerator.getOIDFromEncryptionAlgName(getProperty(PropertyConstants.EncryptionAlgName.getLiteral()));
    }

    public SignType getEnvelopeSignType() {
        return SignType.valueOf(getProperty(PropertyConstants.EnvelopeSignType.getLiteral()));
    }

    public SignProvider getSignProvider() {
        return this.signProvider;
    }

    public SignHandler getSignHandler() {
        return this.signHandler;
    }

    protected List<X509Certificate> buildAndValidateChain(X509Certificate x509Certificate) throws Exception {
        this.logger.info("loading ca trusted certificates from " + getProperty(PropertyConstants.FileKeyStoreTrustedRootCerts.getLiteral()));
        Set<X509Certificate> loadKeyStore = X509Util.loadKeyStore(getProperty(PropertyConstants.FileKeyStoreTrustedRootCerts.getLiteral()), getProperty(PropertyConstants.PassKeyStoreTrustedRootCerts.getLiteral()));
        this.logger.info(String.format("loaded %d ca trusted certificates", Integer.valueOf(loadKeyStore.size())));
        return X509Util.buildAndValidateChain(x509Certificate, loadKeyStore, getProperty(PropertyConstants.SecurityProvider.getLiteral()));
    }

    protected void validateTimeStampToken(TimeStampToken timeStampToken) throws Exception {
        this.logger.info("loading ca trusted certificates from " + getProperty(PropertyConstants.FileKeyStoreTrustedRootCerts.getLiteral()));
        Set<X509Certificate> loadKeyStore = X509Util.loadKeyStore(getProperty(PropertyConstants.FileKeyStoreTrustedRootCerts.getLiteral()), getProperty(PropertyConstants.PassKeyStoreTrustedRootCerts.getLiteral()));
        this.logger.info(String.format("loaded %d ca trusted certificates", Integer.valueOf(loadKeyStore.size())));
        TimeStampTokenUtil.validateTimeStampToken(timeStampToken, loadKeyStore, getProperty(PropertyConstants.SecurityProvider.getLiteral()));
    }

    @Override // org.adullact.parapheur.applets.splittedsign.sign.Sign
    public X509Certificate init() throws Exception {
        if (this.initialized) {
            throw new Exception("already initialized");
        }
        switch (getEnvelopeSignType()) {
            case PDF:
            case PAdES_BES:
            case PAdES_T:
            case PAdES_A:
            case PAdES_C:
            case PAdES_EPES:
            case PAdES_X_1:
            case PAdES_X_2:
            case PAdES_X_L:
                this.signProvider.init("NONE", getProperty(PropertyConstants.EncryptionAlgName.getLiteral()), getSignHandler(), getProperty(PropertyConstants.SecurityProvider.getLiteral()));
                break;
            default:
                this.signProvider.init(getProperty(PropertyConstants.DigestAlgName.getLiteral()), getProperty(PropertyConstants.EncryptionAlgName.getLiteral()), getSignHandler(), getProperty(PropertyConstants.SecurityProvider.getLiteral()));
                break;
        }
        X509Certificate x509Certificate = this.signProvider.getX509Certificate();
        x509Certificate.checkValidity();
        this.certificateChain = buildAndValidateChain(x509Certificate);
        if (Boolean.valueOf(getProperty(PropertyConstants.VerifyCRL.getLiteral())).booleanValue()) {
            CRLVerifier.verifyCertificateCRLs(x509Certificate);
        }
        this.initialized = true;
        return x509Certificate;
    }

    @Override // org.adullact.parapheur.applets.splittedsign.sign.Sign
    public void destroy() throws Exception {
        this.signProvider.destroy();
        this.initialized = false;
    }

    public boolean isInitialized() {
        return this.initialized;
    }

    public List<X509Certificate> getCertificateChain() {
        return this.certificateChain;
    }
}
