package sokordia;

import com.itextpdf.text.pdf.AcroFields;
import com.itextpdf.text.pdf.PdfReader;
import com.itextpdf.text.pdf.security.CertificateInfo;
import com.itextpdf.text.pdf.security.CertificateVerification;
import com.itextpdf.text.pdf.security.PdfPKCS7;
import com.itextpdf.text.pdf.security.VerificationException;
import java.io.BufferedInputStream;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.math.BigInteger;
import java.net.URL;
import java.security.KeyStore;
import java.security.Security;
import java.security.cert.CRLException;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509CRL;
import java.security.cert.X509CRLEntry;
import java.security.cert.X509Certificate;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.Stack;
import java.util.TimeZone;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.DERIA5String;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x500.style.BCStyle;
import org.bouncycastle.asn1.x500.style.IETFUtils;
import org.bouncycastle.asn1.x509.CRLDistPoint;
import org.bouncycastle.asn1.x509.DistributionPoint;
import org.bouncycastle.asn1.x509.DistributionPointName;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.asn1.x509.X509Extensions;
import org.bouncycastle.cms.SignerId;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.tsp.TimeStampToken;
import sokordia.konverze.Main;

/* loaded from: input_file:main/main.jar:sokordia/LegalVerifier.class */
public class LegalVerifier {
    private static Map<String, X509CRL> crlMap = new HashMap();
    KeyStore czechKeyStore;
    CertificateFactory certFactory;

    /* loaded from: input_file:main/main.jar:sokordia/LegalVerifier$Detail.class */
    public class Detail {
        Date now;
        Date crlDate;
        X509Certificate cert;
        Stack warnings = new Stack();
        Date stampDate;
        String stampIssuerCN;
        String stampIssuerO;
        BigInteger stampSN;

        public String getWarning() {
            if (this.warnings.isEmpty()) {
                return null;
            }
            Iterator it = this.warnings.iterator();
            StringBuffer stringBuffer = new StringBuffer((String) it.next());
            while (it.hasNext()) {
                stringBuffer.append(" ").append((String) it.next());
            }
            return stringBuffer.toString();
        }

        public void pushWarning(String str) {
            if (str != null) {
                this.warnings.push(str);
            }
        }

        public String getNowDateCz() {
            return new SimpleDateFormat("dd.MM.yyyy").format(this.now);
        }

        public String getNowTimeCz() {
            return new SimpleDateFormat("HH:mm:ss").format(this.now);
        }

        public String getCRLDateCz() {
            return new SimpleDateFormat("dd.MM.yyyy").format(this.crlDate);
        }

        public String getCRLTimeCz() {
            return new SimpleDateFormat("HH:mm:ss").format(this.crlDate);
        }

        public String getSubjectCN() {
            return CertificateInfo.getSubjectFields(this.cert).getField("CN");
        }

        public String getSubjectO() {
            return CertificateInfo.getSubjectFields(this.cert).getField("O");
        }

        public String getIssuerCN() {
            return CertificateInfo.getIssuerFields(this.cert).getField("CN");
        }

        public String getIssuerO() {
            return CertificateInfo.getIssuerFields(this.cert).getField("O");
        }

        public String getSerialNumber() {
            int intValue = this.cert.getSerialNumber().intValue();
            return String.format("%02X %02X %02X", Integer.valueOf((intValue / 65536) % 256), Integer.valueOf((intValue / 256) % 256), Integer.valueOf(intValue % 256));
        }

        public boolean hasStamp() {
            return this.stampDate != null;
        }

        public String getStampDateCZE() {
            return new SimpleDateFormat("dd.MM.yyyy").format(this.stampDate) + " " + new SimpleDateFormat("HH:mm:ss").format(this.stampDate);
        }

        public String getStampSNHex() {
            int intValue = this.stampSN.intValue();
            return String.format("%02X %02X %02X", Integer.valueOf((intValue / 65536) % 256), Integer.valueOf((intValue / 256) % 256), Integer.valueOf(intValue % 256));
        }

        public String getStampIssuerCN() {
            return this.stampIssuerCN;
        }

        public String getStampIssuerO() {
            return this.stampIssuerO;
        }

        public void setStamp(Date date, String str, String str2, BigInteger bigInteger) {
            this.stampDate = date;
            this.stampIssuerCN = str;
            this.stampIssuerO = str2;
            this.stampSN = bigInteger;
        }

        public void setCRLDate(Date date) {
            this.crlDate = date;
        }

        public Date getCRLDate() {
            return this.crlDate;
        }

        public void setCert(X509Certificate x509Certificate) {
            this.cert = x509Certificate;
        }

        public X509Certificate getCert() {
            return this.cert;
        }

        public Detail(Date date) {
            this.now = date;
        }

        public String toString() {
            return "Dokument na vstupu je podepsán a platnost uznávaného elektronického podpisu\n(značky) byla ověřena dne " + getNowDateCz() + " v " + getNowTimeCz() + ". Certifikát elektronického\npodpisu (značky) není v seznamu zneplatněných certifikátů platném k datu\n" + getCRLDateCz() + " " + getCRLTimeCz() + ".\n\nÚdaje o elektronickém podpisu: číslo certifikátu " + getSerialNumber() + ", obchodní firma\n" + getIssuerCN() + ", " + getIssuerO() + "\n";
        }
    }

    public LegalVerifier() throws Exception {
        Security.addProvider(new BouncyCastleProvider());
        this.czechKeyStore = loadCzechKeyStore();
        this.certFactory = CertificateFactory.getInstance("X.509");
    }

    private static void importCerts(KeyStore keyStore, String str) throws Exception {
        BufferedInputStream bufferedInputStream = new BufferedInputStream(Main.class.getResourceAsStream(str));
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        while (bufferedInputStream.available() > 0) {
            keyStore.setCertificateEntry(str, certificateFactory.generateCertificate(bufferedInputStream));
        }
    }

    public static KeyStore loadCzechKeyStore() throws Exception {
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(null, null);
        for (int i = 1000; i < 9999; i++) {
            try {
                importCerts(keyStore, "/czech/" + i + ".pem");
            } catch (Exception e) {
            }
        }
        return keyStore;
    }

    public void testPdf(AcroFields acroFields, String str, String str2) throws Exception {
        System.out.println("Integrity check OK? " + acroFields.verifySignature(str).verify());
    }

    public void eosksi(String str) throws Exception {
        AcroFields acroFields = new PdfReader(str).getAcroFields();
        ArrayList<String> signatureNames = acroFields.getSignatureNames();
        Date date = new Date();
        Detail detail = new Detail(date);
        int size = signatureNames.size();
        String str2 = "";
        String str3 = "";
        String str4 = "";
        for (int i = 0; i < signatureNames.size(); i++) {
            try {
                verifyOne(acroFields, detail, date, signatureNames.get(i));
            } catch (Exception e) {
            }
            X509Certificate cert = detail.getCert();
            if (cert != null) {
                Date notAfter = cert.getNotAfter();
                if (notAfter != null) {
                    SimpleDateFormat simpleDateFormat = new SimpleDateFormat("yyyy-MM-dd");
                    simpleDateFormat.setTimeZone(TimeZone.getTimeZone("CET"));
                    str4 = simpleDateFormat.format(notAfter);
                } else {
                    str4 = "";
                }
                str2 = detail.getSubjectCN();
                str3 = detail.getSubjectO();
            }
        }
        detail.getWarning();
        System.out.println(str + "\t\t" + size + "\t" + str4 + "\t" + str2 + "\t" + str3);
    }

    public void verifyOne(AcroFields acroFields, Detail detail, Date date, String str) throws Exception {
        if (!acroFields.signatureCoversWholeDocument(str)) {
            detail.warnings.push("Certifikát " + str + " nepodepisuje celý dokument.");
        }
        PdfPKCS7 verifySignature = acroFields.verifySignature(str);
        Calendar signDate = verifySignature.getSignDate();
        Certificate[] certificates = verifySignature.getCertificates();
        if (!verifySignature.verify()) {
            detail.warnings.push("Dokument byl modifikován.");
        }
        for (Certificate certificate : certificates) {
            X509Certificate x509Certificate = (X509Certificate) certificate;
            if (!x509Certificate.getNotBefore().before(date)) {
                detail.warnings.push("Platnost certifikátu ještě nenastala");
            }
            if (x509Certificate.getNotAfter().before(date)) {
                detail.warnings.push("Platnost certifikátu vypršela " + x509Certificate.getNotAfter().toLocaleString());
            }
            List<VerificationException> verifyCertificates = CertificateVerification.verifyCertificates(new X509Certificate[]{x509Certificate}, this.czechKeyStore, signDate);
            if (verifyCertificates != null) {
                Iterator<VerificationException> it = verifyCertificates.iterator();
                while (it.hasNext()) {
                    String str2 = it.next().getMessage();
                    if (str2.matches("certificate expired on .*")) {
                        detail.warnings.push("Platnost certifikátu vypršela");
                    } else {
                        detail.warnings.push("Certifikát není podepsán uznávanou certifikační autoritou.\n (" + str2 + ")");
                    }
                }
            }
            detail.setCert(x509Certificate);
        }
    }

    public Detail verify(String str) throws Exception {
        AcroFields acroFields = new PdfReader(str).getAcroFields();
        ArrayList<String> signatureNames = acroFields.getSignatureNames();
        Date date = new Date();
        Detail detail = new Detail(date);
        System.out.println("Pocet podpisu: " + signatureNames.size());
        for (int i = 0; i < signatureNames.size(); i++) {
            String str2 = signatureNames.get(i);
            if (!acroFields.signatureCoversWholeDocument(str2)) {
                detail.warnings.push("Certifikát " + signatureNames.get(i) + " nepodepisuje celý dokument.");
                System.out.println("Certifikat: " + signatureNames.get(i) + " nepodepisuje cely dokument, ignoruji.");
            }
            System.out.println("certifikat: " + str2);
            PdfPKCS7 verifySignature = acroFields.verifySignature(str2);
            try {
                handleTimeStamp(verifySignature, detail);
            } catch (Exception e) {
                System.out.println("handleTimeStamp");
                e.printStackTrace();
            }
            Calendar signDate = verifySignature.getSignDate();
            Certificate[] certificates = verifySignature.getCertificates();
            if (!verifySignature.verify()) {
                detail.warnings.push("Dokument byl modifikován.");
            }
            for (Certificate certificate : certificates) {
                X509Certificate x509Certificate = (X509Certificate) certificate;
                if (!x509Certificate.getNotBefore().before(date)) {
                    throw new Exception("Platnost certifikátu ještě nenastala");
                }
                if (x509Certificate.getNotAfter().before(date)) {
                    detail.pushWarning("Platnost certifikátu vypršela " + x509Certificate.getNotAfter().toLocaleString());
                }
                List<VerificationException> verifyCertificates = CertificateVerification.verifyCertificates(new X509Certificate[]{x509Certificate}, this.czechKeyStore, signDate);
                if (verifyCertificates != null) {
                    Iterator<VerificationException> it = verifyCertificates.iterator();
                    while (it.hasNext()) {
                        String str3 = it.next().getMessage();
                        if (!str3.matches("certificate expired on .*")) {
                            throw new Exception("Certifikát není podepsán uznávanou certifikační autoritou.\n (" + str3 + ")");
                        }
                        detail.pushWarning("Platnost certifikátu vypršela");
                    }
                }
                String crlurl = getCRLURL(x509Certificate);
                System.out.println(crlurl);
                X509Certificate issuerCert = getIssuerCert(x509Certificate, this.czechKeyStore);
                if (crlurl != null) {
                    try {
                        notRevokedBefore(detail, x509Certificate, issuerCert, crlurl, date);
                    } catch (CRLException e2) {
                        detail.pushWarning("Závažná chyba: Certifikát byl dne " + e2.toString() + "\nrevokován -- majitel certifikátu zažádalo zrušení platnosti podpisu, např. z důvodu krádeže el. popisu!");
                    }
                }
                detail.setCert(x509Certificate);
            }
        }
        if (detail.getCert() != null) {
            return detail;
        }
        String warning = detail.getWarning();
        throw new Exception("Dokument není platně podepsán." + (warning != null ? " \n" + warning : ""));
    }

    private void handleTimeStamp(PdfPKCS7 pdfPKCS7, Detail detail) throws Exception {
        TimeStampToken timeStampToken = pdfPKCS7.getTimeStampToken();
        if (timeStampToken == null) {
            System.out.println("Dokument není opatřen časovým razítkem.");
            return;
        }
        SignerId sid = timeStampToken.getSID();
        if (sid == null) {
            System.out.println("No signer ID in timestamp.");
            return;
        }
        X500Name issuer = sid.getIssuer();
        String valueToString = IETFUtils.valueToString(issuer.getRDNs(BCStyle.CN)[0].getFirst().getValue());
        String valueToString2 = IETFUtils.valueToString(issuer.getRDNs(BCStyle.O)[0].getFirst().getValue());
        System.out.println("CN: " + valueToString + ", O: " + valueToString2);
        BigInteger serialNumber = sid.getSerialNumber();
        System.out.println("SerialNumber: " + serialNumber);
        if (!pdfPKCS7.verifyTimestampImprint()) {
            System.out.println("Časové razítko neodpovídá dokumentu.");
            detail.warnings.push("Časové razítko neodpovídá dokumentu.");
        }
        Calendar timeStampDate = pdfPKCS7.getTimeStampDate();
        if (timeStampDate == null) {
            System.out.println("TimeStamp date NOT present in timestamp?");
            return;
        }
        System.out.println("TimeStamp value: " + timeStampDate.getTime());
        System.out.println("TimeStamp CN: " + valueToString + ", O: " + valueToString2 + ", sn: " + serialNumber);
        detail.setStamp(timeStampDate.getTime(), valueToString, valueToString2, serialNumber);
        if (detail.hasStamp()) {
            System.out.println("TimeStamp: " + detail.getStampDateCZE() + ", " + detail.getStampSNHex() + ", " + detail.getStampIssuerCN() + ", " + detail.getStampIssuerO());
        } else {
            System.out.println("NO TIMESTAMP");
        }
    }

    public X509Certificate getIssuerCert(X509Certificate x509Certificate, KeyStore keyStore) throws Exception {
        Enumeration<String> aliases = keyStore.aliases();
        while (aliases.hasMoreElements()) {
            String nextElement = aliases.nextElement();
            if (keyStore.isCertificateEntry(nextElement)) {
                X509Certificate x509Certificate2 = (X509Certificate) keyStore.getCertificate(nextElement);
                try {
                    x509Certificate.verify(x509Certificate2.getPublicKey());
                    return x509Certificate2;
                } catch (Exception e) {
                }
            }
        }
        throw new Exception("Nenalezen certifikát vydavatele.");
    }

    public void notRevokedBefore(Detail detail, X509Certificate x509Certificate, X509Certificate x509Certificate2, String str, Date date) throws Exception {
        X509CRL x509crl;
        Set<? extends X509CRLEntry> revokedCertificates;
        synchronized (crlMap) {
            System.out.println("Downloading CRL from " + str);
            x509crl = crlMap.get(str);
            if (x509crl != null && x509crl.getNextUpdate().before(date)) {
                crlMap.remove(str);
                x509crl = null;
            }
            if (x509crl == null) {
                InputStream inputStream = new URL(str).openConnection().getInputStream();
                x509crl = (X509CRL) this.certFactory.generateCRL(inputStream);
                inputStream.close();
                crlMap.put(str, x509crl);
            }
        }
        checkCrlIntegrity(detail, x509crl, x509Certificate2, date);
        detail.setCRLDate(x509crl.getThisUpdate());
        x509Certificate.getSerialNumber().toString();
        if (!x509crl.isRevoked(x509Certificate) || (revokedCertificates = x509crl.getRevokedCertificates()) == null || revokedCertificates.isEmpty()) {
            return;
        }
        for (X509CRLEntry x509CRLEntry : revokedCertificates) {
            if (x509CRLEntry.getSerialNumber().toString().equals(x509Certificate.getSerialNumber().toString())) {
                System.out.println("HIT " + x509CRLEntry.getRevocationDate());
                throw new CRLException(x509CRLEntry.getRevocationDate().toString());
            }
        }
    }

    private void checkCrlIntegrity(Detail detail, X509CRL x509crl, X509Certificate x509Certificate, Date date) throws Exception {
        if (!x509crl.getIssuerX500Principal().equals(x509Certificate.getSubjectX500Principal())) {
            throw new Exception("Vydavatel CRL seznamu se liší od vydavatele certifikátu");
        }
        x509crl.verify(x509Certificate.getPublicKey());
        if (x509crl.getThisUpdate().after(date)) {
            throw new Exception("Stažený seznam CRL ještě není platný");
        }
        if (date.after(x509crl.getNextUpdate())) {
            detail.pushWarning("Stažený seznam CRL už není platný");
        }
    }

    public String getCRLURLFoo(X509Certificate x509Certificate) throws Exception {
        byte[] extensionValue = x509Certificate.getExtensionValue(X509Extensions.CRLDistributionPoints.getId());
        if (extensionValue == null) {
            return null;
        }
        new ASN1InputStream(new ByteArrayInputStream(extensionValue));
        return null;
    }

    public String getCRLURL(X509Certificate x509Certificate) throws Exception {
        byte[] extensionValue = x509Certificate.getExtensionValue(X509Extensions.CRLDistributionPoints.getId());
        if (null == extensionValue) {
            return null;
        }
        try {
            for (DistributionPoint distributionPoint : CRLDistPoint.getInstance((ASN1Sequence) new ASN1InputStream(((DEROctetString) new ASN1InputStream(new ByteArrayInputStream(extensionValue)).readObject()).getOctets()).readObject()).getDistributionPoints()) {
                DistributionPointName distributionPoint2 = distributionPoint.getDistributionPoint();
                if (0 == distributionPoint2.getType()) {
                    for (GeneralName generalName : ((GeneralNames) distributionPoint2.getName()).getNames()) {
                        if (generalName.getTagNo() == 6) {
                            return ((DERIA5String) generalName.getName()).getString();
                        }
                    }
                }
            }
            return null;
        } catch (IOException e) {
            throw new RuntimeException("IO error: " + e.getMessage(), e);
        }
    }
}
