package sokordia;

import com.itextpdf.kernel.pdf.PdfDocument;
import com.itextpdf.kernel.pdf.PdfReader;
import com.itextpdf.kernel.pdf.PdfWriter;
import com.itextpdf.kernel.pdf.StampingProperties;
import com.itextpdf.kernel.utils.PdfMerger;
import com.itextpdf.signatures.BouncyCastleDigest;
import com.itextpdf.signatures.ITSAClient;
import com.itextpdf.signatures.OCSPVerifier;
import com.itextpdf.signatures.OcspClientBouncyCastle;
import com.itextpdf.signatures.PdfSignatureAppearance;
import com.itextpdf.signatures.PdfSigner;
import com.itextpdf.signatures.PrivateKeySignature;
import com.itextpdf.text.pdf.security.CertificateInfo;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.DigestInputStream;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.Security;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Optional;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.xml.bind.DatatypeConverter;
import javax.xml.soap.AttachmentPart;
import javax.xml.soap.MessageFactory;
import javax.xml.soap.MimeHeaders;
import javax.xml.soap.SOAPConstants;
import javax.xml.soap.SOAPException;
import javax.xml.soap.SOAPMessage;
import org.apache.commons.cli.HelpFormatter;
import org.apache.commons.io.FileUtils;
import org.apache.http.Header;
import org.apache.http.HttpResponse;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.client.methods.HttpUriRequest;
import org.apache.http.entity.StringEntity;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
import sokordia.LegalVerifier;

/* loaded from: input_file:main/main.jar:sokordia/KzMU2.class */
public class KzMU2 {
    private KeyStore vca_ks;
    private char[] vca_pass;
    private PrivateKey vca_key;
    private Certificate vca_cert;
    private boolean LE;
    private boolean separateClause;
    private KeyStore qca_ks;
    private char[] qca_pass;
    private PrivateKey qca_key;
    private Certificate qca_cert;
    private Certificate[] qca_chain;
    private LegalVerifier.Detail elDetail;
    private String inputPDF;
    private String outputPDF;
    private SSLContext sslContext;
    private String clauseId;
    private String clausePDF;
    private String author;
    private HashMap<String, String> authInfo;

    public HashMap<String, String> getAuthInfo() {
        return this.authInfo;
    }

    public String getClauseId() {
        return this.clauseId;
    }

    public KzMU2(KeyStore keyStore, char[] cArr, PrivateKey privateKey, Certificate certificate, boolean z, boolean z2, KeyStore keyStore2, char[] cArr2, PrivateKey privateKey2, Certificate certificate2, Certificate[] certificateArr, LegalVerifier.Detail detail, String str, String str2) {
        this.vca_ks = keyStore;
        this.vca_pass = cArr;
        this.vca_key = privateKey;
        this.vca_cert = certificate;
        this.LE = z;
        this.separateClause = z2;
        this.qca_ks = keyStore2;
        this.qca_pass = cArr2;
        this.qca_key = privateKey2;
        this.qca_cert = certificate2;
        this.qca_chain = certificateArr;
        this.elDetail = detail;
        this.inputPDF = str;
        this.outputPDF = str2;
    }

    public void step1() throws Exception {
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        keyManagerFactory.init(this.vca_ks, this.vca_pass);
        KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
        this.sslContext = SSLContext.getInstance("TLS");
        this.sslContext.init(keyManagers, null, null);
        String format = new SimpleDateFormat("yyyy-MM-dd").format(new Date());
        int numberOfPages = new PdfDocument(Konverze.fileReader2(this.LE, this.inputPDF)).getNumberOfPages();
        String sealCertText = getSealCertText(this.qca_cert);
        System.out.println("Sending certificate:\n" + sealCertText);
        SOAPMessage apiClausePDF = apiClausePDF(this.sslContext, sealCertText, "Sokordia Konverze", format, numberOfPages);
        String _resNode = _resNode(apiClausePDF, "Status");
        this.clauseId = _resNode(apiClausePDF, "ConversionClauseId");
        this.author = _resNode(apiClausePDF, "ConversionAuthor");
        System.out.println("ClauseId " + this.clauseId);
        System.out.println("Author " + this.author);
        if (_resNode != null && _resNode.equals("INVALID_CERTIFICATE")) {
            throw new Exception("INVALID_CERTIFICATE: CzechPOINT neakceptoval verejnou cast pouziteho QCA certifikatu");
        }
        if (this.clauseId == null) {
            throw new Exception("CzechPOINT vratil chybu: " + _resNode);
        }
        File createTempFile = File.createTempFile("kzmu-clause-", ".pdf");
        createTempFile.deleteOnExit();
        this.clausePDF = createTempFile.getAbsolutePath();
        saveClausePDF(apiClausePDF, this.clausePDF);
    }

    public void step2() throws Exception {
        File file = new File(this.inputPDF);
        File createTempFile = File.createTempFile("kzmu-merged-", ".pdf");
        createTempFile.deleteOnExit();
        ArrayList arrayList = new ArrayList();
        arrayList.add(new FileInputStream(file));
        arrayList.add(new FileInputStream(new File(this.clausePDF)));
        mergePdfFiles(arrayList, new FileOutputStream(createTempFile));
        String checksum = checksum(createTempFile);
        new File(this.outputPDF);
        addLtv(new PdfReader(createTempFile.getAbsolutePath()), this.LE, this.qca_ks, this.qca_key, this.qca_chain, this.outputPDF, "KzMU", "CZ", new TSAClientImpl(apiGetTS(this.sslContext, checksum, this.clauseId)));
        System.out.println("Saved " + this.outputPDF);
    }

    public void step3() throws Exception {
        this.authInfo = Konverze.authInfo(this.qca_cert, this.vca_cert, this.LE, this.inputPDF, this.author, this.clauseId, getEmail(this.qca_cert));
        apiCommit(this.sslContext, checksum(new File(this.outputPDF)), this.clauseId);
    }

    public static String getEmail(Certificate certificate) throws Exception {
        String subjectEmail = Util.getSubjectEmail((X509Certificate) certificate);
        if (subjectEmail == null) {
            subjectEmail = CertificateInfo.getSubjectFields((X509Certificate) certificate).getField("E");
        }
        return subjectEmail;
    }

    public String getSealCertText(Certificate certificate) throws Exception {
        String replaceAll = DatatypeConverter.printBase64Binary(certificate.getEncoded()).replaceAll("(.{64})", "$1\n");
        boolean z = replaceAll.startsWith("MIIGejCCBGKgAwIBAgIEALhPKzANBgkqhkiG9w0BAQsFADBmMQswCQYDVQQGEwJD") || replaceAll.startsWith("MIIIPzCCBiegAwIBAgIEAVNAkDANBgkqhkiG9w0BAQsFADBpMQswCQYDVQQGEwJD");
        System.out.println("Sending " + (z ? "fake" : "real") + " certificate");
        return z ? "MIIIiTCCBnGgAwIBAgIEAVaVtDANBgkqhkiG9w0BAQsFADBpMQswCQYDVQQGEwJD\nWjEXMBUGA1UEYRMOTlRSQ1otNDcxMTQ5ODMxHTAbBgNVBAoMFMSMZXNrw6EgcG/F\noXRhLCBzLnAuMSIwIAYDVQQDExlQb3N0U2lnbnVtIFF1YWxpZmllZCBDQSA0MB4X\nDTIxMDgyMzEyNTU0MVoXDTIyMDkxMjEyNTU0MVowgb8xCzAJBgNVBAYTAkNaMRcw\nFQYDVQRhEw5OVFJDWi0wMDAyNTQyOTE3MDUGA1UECgwuxIxlc2vDoSByZXB1Ymxp\na2EgLSBNaW5pc3RlcnN0dm8gc3ByYXZlZGxub3N0aTEeMBwGA1UECxMVRXBvZGF0\nZWxuYS5qdXN0aWNlLmN6MSwwKgYDVQQDDCNDZW50csOhbG7DrSBlbGVrdHJvbmlj\na8OhIHBvZGF0ZWxuYTEQMA4GA1UEBRMHUzEzMTQ2OTCCASIwDQYJKoZIhvcNAQEB\nBQADggEPADCCAQoCggEBAL4Tv3iZ6BnuCdlO/xGXIdL9PaaKDw732UzDqRY0xGgQ\nrF3YHIp5FvhvEUuZkzjBwqNtB71a29EGu+gOKldVRC9P5Ls2ZaWkXytQexchghkV\nDTF2BFxnO8WH6bN59i7YJ6XkfLdoJqyDPM0/fub6qVIv6aulKAGUeda3EuGOuD9P\n3byWXzfQkXitYdMQoBe+bk2aEvXGscifp85P9XVy0VoeTJ9YqQBWXvSvsHbanIvb\nNIWnJT5xVWrvRoHDj/6yoM/t2rMiXosZdbH9o5CkZ5GX4Kz4aR/9Q5EwcSdRPfvd\nNpagqUmft1TIlz1XsMnYpMNMtdZnVvM4zlMoo/XMkGUCAwEAAaOCA+AwggPcMGQG\nA1UdEQRdMFuBEW9pQG1zcC5qdXN0aWNlLmN6oEYGA1UEDaA/DD3EjGVza8OhIHJl\ncHVibGlrYSAtIE1pbmlzdGVyc3R2byBzcHJhdmVkbG5vc3RpIFtJxIwgMDAwMjU0\nMjldMIIBJgYDVR0gBIIBHTCCARkwggEKBglngQYBBAESgUgwgfwwgdMGCCsGAQUF\nBwICMIHGGoHDVGVudG8ga3ZhbGlmaWtvdmFueSBjZXJ0aWZpa2F0IHBybyBlbGVr\ndHJvbmlja291IHBlY2V0IGJ5bCB2eWRhbiB2IHNvdWxhZHUgcyBuYXJpemVuaW0g\nRVUgYy4gOTEwLzIwMTQuVGhpcyBpcyBhIHF1YWxpZmllZCBjZXJ0aWZpY2F0ZSBm\nb3IgZWxlY3Ryb25pYyBzZWFsIGFjY29yZGluZyB0byBSZWd1bGF0aW9uIChFVSkg\nTm8gOTEwLzIwMTQuMCQGCCsGAQUFBwIBFhhodHRwOi8vd3d3LnBvc3RzaWdudW0u\nY3owCQYHBACL7EABAzCBpQYIKwYBBQUHAQMEgZgwgZUwCAYGBACORgEBMAgGBgQA\njkYBBDBqBgYEAI5GAQUwYDAuFihodHRwczovL3d3dy5wb3N0c2lnbnVtLmN6L3Bk\ncy9wZHNfZW4ucGRmEwJlbjAuFihodHRwczovL3d3dy5wb3N0c2lnbnVtLmN6L3Bk\ncy9wZHNfY3MucGRmEwJjczATBgYEAI5GAQYwCQYHBACORgEGAjB9BggrBgEFBQcB\nAQRxMG8wOwYIKwYBBQUHMAKGL2h0dHA6Ly9jcnQucG9zdHNpZ251bS5jei9jcnQv\ncHNxdWFsaWZpZWRjYTQuY3J0MDAGCCsGAQUFBzABhiRodHRwOi8vb2NzcC5wb3N0\nc2lnbnVtLmN6L09DU1AvUUNBNC8wDgYDVR0PAQH/BAQDAgZAMB8GA1UdJQQYMBYG\nCCsGAQUFBwMEBgorBgEEAYI3CgMMMB8GA1UdIwQYMBaAFA8ofD42ADgQUK49uCGX\ni/dgXGF4MIGxBgNVHR8EgakwgaYwNaAzoDGGL2h0dHA6Ly9jcmwucG9zdHNpZ251\nbS5jei9jcmwvcHNxdWFsaWZpZWRjYTQuY3JsMDagNKAyhjBodHRwOi8vY3JsMi5w\nb3N0c2lnbnVtLmN6L2NybC9wc3F1YWxpZmllZGNhNC5jcmwwNaAzoDGGL2h0dHA6\nLy9jcmwucG9zdHNpZ251bS5ldS9jcmwvcHNxdWFsaWZpZWRjYTQuY3JsMB0GA1Ud\nDgQWBBQXPbfEJKGS/hSkaiU5ploLpz4QfzANBgkqhkiG9w0BAQsFAAOCAgEAmed3\np36buIQNzTFnA9reP3sSjIx4q/gC8m3hU3BcW6edOyt+VuU0BBubhPWXlW5aV9Hr\nw6gPZyizkHbz2++gpUuFfx/oCdkMwJYkumVObvQA7/VefbV+c9fhfnw48nyeeeDS\nzpqIbfF4IUE2nTQKdlkKnWcZ+rzF83nGbPq0Gib65FL3zLK+vlxT0ZRLohXZkMsd\nuBHKQ3lH8j1PK8hYJ4c035MLTkNa0BZIV1iEbROBVDY7NU3BmUH3DrHOPV4g0h/e\nQdJ7CN2lnqZcs4jlESSxTDYM4cE+IYdSR2w3B3tySxgUkPyPoCV/6+3h3aoY0tYh\naaYljpI7r1hBqfliOWeWxxHxukQbBULqNB85IdMGLMcAvsdGnJyV2uaZ16Hm4/cH\negFYAIN6DQ0OvtHs9QrjZZ/mcEPkFlVAVj6ZeD+AdX1g/cGCvAJRoRtWwnEdhiks\nWz7PkXvGR9qZJny1QQLqNV6+P1xBzOBd8U4bEBNCoi+SzeF8RVZPSWztYq24KWjw\nda+0WE4OIgzFx+Pv6u4qGtsQHu0DJtqLi8o3wcSwVwuEps+5v5ZtxoM5QWjU0Yoi\nPu1kAq+1ltWn6ULdQOQV9SmMzycOGhOMaMhXpmNG8aP0Y+u5OA14GiKKrFaGVfq6\ncVkGCU5xac4P+RbV8Td/KLpIX5hT3dYiO6UfMSk=\n" : replaceAll.charAt(replaceAll.length() - 1) != '\n' ? replaceAll + "\n" : replaceAll;
    }

    public SOAPMessage apiClausePDF(SSLContext sSLContext, String str, String str2, String str3, int i) throws Exception {
        return _send(sSLContext, "AutomatedConversionLERequest", (((("" + "<le:Description>" + str2 + "</le:Description>") + "<le:CreationDate>" + str3 + "</le:CreationDate>") + "<le:CertificateForElSeal>" + str + "</le:CertificateForElSeal>") + "<le:NumberOfPages>" + i + "</le:NumberOfPages>") + "<le:ConversionClauseRequiredFormat>PDF</le:ConversionClauseRequiredFormat>");
    }

    public byte[] apiGetTS(SSLContext sSLContext, String str, String str2) throws Exception {
        SOAPMessage _send = _send(sSLContext, "AutomatedConversionTSARequest", (("" + "<le:DocumentFingerprint>" + str + "</le:DocumentFingerprint>") + "<le:DocumentFingerprintAlgorithm>SHA256</le:DocumentFingerprintAlgorithm>") + "<le:ConversionClauseId>" + str2 + "</le:ConversionClauseId>");
        AttachmentPart attachmentPart = null;
        if (_send.getAttachments().hasNext()) {
            attachmentPart = _send.getAttachments().next();
        }
        if (attachmentPart == null) {
            throw new Exception("Nebylo vráceno časové razítko");
        }
        return attachmentPart.getRawContentBytes();
    }

    public void apiCommit(SSLContext sSLContext, String str, String str2) throws Exception {
        String _resNode = _resNode(_send(sSLContext, "ConfirmAutomatedConversionLERequest", (("" + "<le:DocumentFingerprint>" + str + "</le:DocumentFingerprint>") + "<le:DocumentFingerprintAlgorithm>SHA256</le:DocumentFingerprintAlgorithm>") + "<le:ConversionClauseId>" + str2 + "</le:ConversionClauseId>"), "Status");
        if (_resNode == null || !_resNode.equals("ACTIVE")) {
            throw new Exception("Nepovedlo se zaregistrovat dolozku: " + _resNode);
        }
    }

    private SOAPMessage _send(SSLContext sSLContext, String str, String str2) throws Exception {
        System.out.println("API " + str);
        StringEntity stringEntity = new StringEntity(((((("" + "<soapenv:Envelope xmlns:soapenv=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:le=\"http://www.czechpoint.cz/konverze/ws/1.0/automat/kzmu/le\">") + "<soapenv:Header/>") + "<soapenv:Body>") + "<le:" + str + ">" + str2 + "</le:" + str + ">") + "</soapenv:Body>") + "</soapenv:Envelope>", "UTF-8");
        stringEntity.setChunked(true);
        HttpPost httpPost = new HttpPost("https://cert.czechpoint.cz:443/konverze/ws/1.0/automat/kzmu/le?wsdl");
        CloseableHttpClient build = HttpClients.custom().setSSLContext(sSLContext).build();
        httpPost.setEntity(stringEntity);
        httpPost.addHeader("Accept", SOAPConstants.SOAP_1_1_CONTENT_TYPE);
        httpPost.addHeader("content-type", SOAPConstants.SOAP_1_1_CONTENT_TYPE);
        HttpResponse execute = build.execute((HttpUriRequest) httpPost);
        MessageFactory newInstance = MessageFactory.newInstance();
        MimeHeaders mimeHeaders = new MimeHeaders();
        for (Header header : execute.getAllHeaders()) {
            mimeHeaders.addHeader(header.getName(), header.getValue());
        }
        return newInstance.createMessage(mimeHeaders, execute.getEntity().getContent());
    }

    private String _resNode(SOAPMessage sOAPMessage, String str) throws Exception {
        String _resNSTag = _resNSTag(sOAPMessage, "ns2:" + str);
        return _resNSTag != null ? _resNSTag : _resNSTag(sOAPMessage, "ns3:" + str);
    }

    private String _resNSTag(SOAPMessage sOAPMessage, String str) throws Exception {
        NodeList childNodes = sOAPMessage.getSOAPBody().getFirstChild().getChildNodes();
        for (int i = 0; i < childNodes.getLength(); i++) {
            Node item = childNodes.item(i);
            if (item.getNodeName().equals(str)) {
                return item.getFirstChild().getTextContent();
            }
        }
        return null;
    }

    public byte[] saveClausePDF(SOAPMessage sOAPMessage, String str) throws IOException, SOAPException {
        AttachmentPart attachmentPart = null;
        if (sOAPMessage.getAttachments().hasNext()) {
            attachmentPart = sOAPMessage.getAttachments().next();
        }
        System.out.println("clausePDF: " + str);
        FileUtils.writeByteArrayToFile(new File(str), attachmentPart.getRawContentBytes());
        return attachmentPart.getRawContentBytes();
    }

    public String checksum(File file) throws IOException, NoSuchAlgorithmException {
        DigestInputStream digestInputStream = new DigestInputStream(new FileInputStream(file), MessageDigest.getInstance("SHA-256"));
        do {
            try {
            } catch (Throwable th) {
                try {
                    digestInputStream.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
                throw th;
            }
        } while (digestInputStream.read() != -1);
        MessageDigest messageDigest = digestInputStream.getMessageDigest();
        digestInputStream.close();
        StringBuilder sb = new StringBuilder();
        for (byte b : messageDigest.digest()) {
            sb.append(String.format("%02x", Byte.valueOf(b)));
        }
        return sb.toString();
    }

    public void addLtv(PdfReader pdfReader, boolean z, KeyStore keyStore, PrivateKey privateKey, Certificate[] certificateArr, String str, String str2, String str3, ITSAClient iTSAClient) throws Exception {
        String str4 = null;
        try {
            BouncyCastleProvider bouncyCastleProvider = new BouncyCastleProvider();
            if (bouncyCastleProvider != null) {
                Security.addProvider(bouncyCastleProvider);
            }
            str4 = bouncyCastleProvider.getName();
            Provider provider = Security.getProvider("SunMSCAPI");
            System.out.println("SunMSCAPI: " + (provider != null ? provider.getClass().getName() : HelpFormatter.DEFAULT_OPT_PREFIX));
            System.out.println("KeyStore provider: " + keyStore.getProvider().getName());
            str4 = provider != null ? "SunMSCAPI" : BouncyCastleProvider.PROVIDER_NAME;
        } catch (Exception e) {
            System.out.println("addLTV warning: " + e);
        }
        System.out.println("Used provider: " + str4);
        PdfSigner pdfSigner = new PdfSigner(pdfReader, new FileOutputStream(str), new StampingProperties());
        PdfSignatureAppearance signatureAppearance = pdfSigner.getSignatureAppearance();
        signatureAppearance.setReason(str2);
        signatureAppearance.setLocation(str3);
        pdfSigner.setFieldName("sig");
        pdfSigner.signDetached(new BouncyCastleDigest(), new PrivateKeySignature(privateKey, "SHA-256", str4), certificateArr, null, new OcspClientBouncyCastle(new OCSPVerifier(null, null)), null, 0, PdfSigner.CryptoStandard.CADES);
    }

    public void mergePdfFiles(List<InputStream> list, OutputStream outputStream) throws Exception {
        PdfDocument pdfDocument = new PdfDocument(new PdfWriter(outputStream));
        PdfMerger pdfMerger = new PdfMerger(pdfDocument);
        Iterator<InputStream> it = list.iterator();
        while (it.hasNext()) {
            PdfDocument pdfDocument2 = new PdfDocument(new PdfReader(it.next()));
            pdfMerger.merge(pdfDocument2, 1, pdfDocument2.getNumberOfPages());
            pdfDocument2.close();
        }
        pdfDocument.close();
    }

    public static Optional<String> initWindowCertificate() throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException {
        KeyStore keyStore = KeyStore.getInstance("Windows-MY");
        keyStore.load(null, null);
        String str = null;
        Enumeration<String> aliases = keyStore.aliases();
        while (aliases.hasMoreElements()) {
            str = aliases.nextElement();
            if (keyStore.isCertificateEntry(str)) {
                break;
            }
        }
        if (str == null) {
            return Optional.ofNullable(null);
        }
        printLogs("Certificate found for: " + str);
        return Optional.ofNullable(convertToPem((X509Certificate) keyStore.getCertificate(str)));
    }

    private static String convertToPem(X509Certificate x509Certificate) throws CertificateEncodingException {
        String str;
        str = "-----END CERTIFICATE-----\n";
        String replaceAll = DatatypeConverter.printBase64Binary(x509Certificate.getEncoded()).replaceAll("(.{64})", "$1\n");
        return "-----BEGIN CERTIFICATE-----\n" + replaceAll + (replaceAll.charAt(replaceAll.length() - 1) != '\n' ? "\n" + str : "-----END CERTIFICATE-----\n");
    }

    public static void printLogs(String str) {
        System.out.println("");
        System.out.println("------------------------------------------");
        System.out.println("------------------------------------------");
        System.out.println("------------------------------------------");
        System.out.println(str);
        System.out.println("------------------------------------------");
        System.out.println("------------------------------------------");
        System.out.println("------------------------------------------");
        System.out.println("");
    }
}
