package kz.uchet.signUtil;

import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.DataOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.net.HttpURLConnection;
import java.net.URL;
import java.nio.charset.StandardCharsets;
import java.nio.file.FileSystems;
import java.nio.file.Files;
import java.nio.file.InvalidPathException;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.security.AccessController;
import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivilegedExceptionAction;
import java.security.Security;
import java.security.cert.CertPathBuilderException;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertStore;
import java.security.cert.CertStoreException;
import java.security.cert.Certificate;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.text.DateFormat;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Base64;
import java.util.Collection;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.ResourceBundle;
import java.util.TimeZone;
import java.util.concurrent.CountDownLatch;
import java.util.function.Function;
import javafx.application.Platform;
import javax.security.auth.x500.X500Principal;
import javax.swing.UIManager;
import javax.xml.parsers.DocumentBuilderFactory;
import kz.gov.pki.kalkan.asn1.x509.X509Name;
import kz.gov.pki.kalkan.exception.KalkanException;
import kz.gov.pki.kalkan.exception.OCSPCode;
import kz.gov.pki.kalkan.jce.exception.ExtCertPathValidatorException;
import kz.gov.pki.kalkan.jce.provider.KalkanProvider;
import kz.gov.pki.kalkan.jce.provider.cms.CMSException;
import kz.gov.pki.kalkan.jce.provider.cms.CMSSignedData;
import kz.gov.pki.kalkan.jce.provider.cms.SignerInformation;
import kz.gov.pki.kalkan.pkix.checker.KNCAOCSPChecker;
import kz.gov.pki.kalkan.tsp.TSPException;
import kz.gov.pki.kalkan.tsp.TimeStampToken;
import kz.gov.pki.kalkan.xmldsig.KncaXS;
import kz.gov.pki.provider.exception.ProviderUtilException;
import kz.gov.pki.provider.exception.ProviderUtilExceptionCode;
import kz.gov.pki.provider.utils.CMSUtil;
import kz.gov.pki.provider.utils.KeyStoreUtil;
import kz.gov.pki.provider.utils.PKIXUtil;
import kz.gov.pki.provider.utils.TSPUtil;
import kz.gov.pki.provider.utils.X509Util;
import kz.gov.pki.provider.utils.XMLUtil;
import kz.gov.pki.provider.utils.model.SigningEntity;
import kz.gov.pki.provider.utils.model.TSAProfile;
import kz.gov.pki.provider.utils.verifier.VerifierFlags;
import kz.gov.pki.reference.KNCACertificateType;
import kz.gov.pki.reference.KNCAServiceRequestMethod;
import kz.gov.pki.reference.KalkanHashAlgorithm;
import kz.gov.pki.reference.KeyStoreEntry;
import kz.gov.pki.reference.TSAPolicy;
import kz.uchet.signUtil.gui.dialog.SignerDialog;
import kz.uchet.signUtil.gui.fx.JavaFXThread;
import kz.uchet.signUtil.types.ClientException;
import kz.uchet.signUtil.types.FileExtension;
import kz.uchet.signUtil.types.FileInfo;
import kz.uchet.signUtil.types.ResponseForJS;
import kz.uchet.signUtil.types.ResponseMessage;
import kz.uchet.signUtil.types.SignerInfo;
import kz.uchet.signUtil.types.StorageInfo;
import kz.uchet.signUtil.types.VerificationResult;
import org.json.JSONObject;

/* loaded from: input_file:kz/uchet/signUtil/CommonUtils.class */
public class CommonUtils {
    private Function keyInfoService;
    private Function keyInfoSetterService;
    private Locale locale_ru;
    private Locale locale_kk;
    private Locale locale;
    private Collection<X509Certificate> caCertList;
    private Map<X500Principal, X509Certificate> caCertsMap;
    VerifierFlags sigVerifierFlags;
    DateFormat df;
    private JavaFXThread javaFXThread;

    public void setKeyInfoServices(Function function) {
        this.keyInfoService = function;
    }

    public void setKeyInfoSetterService(Function function) {
        this.keyInfoSetterService = function;
    }

    public String test(String str) {
        return "true" + str;
    }

    public String getVersion(String str) {
        ResponseForJS responseForJS = new ResponseForJS("200");
        responseForJS.setMessage("1.4");
        return getJson(responseForJS);
    }

    public CommonUtils() {
        this.locale_ru = new Locale("ru");
        this.locale_kk = new Locale("kk");
        this.locale = this.locale_ru;
        this.sigVerifierFlags = new VerifierFlags("SIGNATURE");
        this.df = new SimpleDateFormat("dd/MM/yyyy HH:mm:ss");
        String lowerCase = System.getProperty("os.name").toLowerCase();
        this.df.setTimeZone(TimeZone.getTimeZone("Asia/Almaty"));
        BundleLog.LOG.info("osname " + lowerCase);
        this.javaFXThread = new JavaFXThread(this.locale);
        this.locale_ru = new Locale("ru");
        this.locale_kk = new Locale("kk");
        this.sigVerifierFlags = new VerifierFlags("SIGNATURE");
        this.df = new SimpleDateFormat("dd/MM/yyyy HH:mm:ss");
        this.locale = this.locale_ru;
        this.javaFXThread = new JavaFXThread(this.locale);
        try {
            if (lowerCase.contains("mac os")) {
                UIManager.setLookAndFeel(UIManager.getCrossPlatformLookAndFeelClassName());
            } else {
                UIManager.setLookAndFeel(UIManager.getSystemLookAndFeelClassName());
            }
            BundleLog.LOG.info("osname " + lowerCase);
        } catch (Exception e) {
            BundleLog.LOG.error(e.getMessage(), e);
        }
    }

    public String signXml(String str, String str2, String str3, String str4, String str5) {
        ResponseMessage responseMessage = new ResponseMessage("500");
        try {
            StorageInfo storageInfo = new StorageInfo(str, this.keyInfoService, this.keyInfoSetterService);
            KNCACertificateType kNCACertificateType = null;
            try {
                kNCACertificateType = KNCACertificateType.valueOf(str2);
            } catch (Exception e) {
            }
            HashMap hashMap = new HashMap();
            hashMap.put("title", "label.signerDialog.xmlTitle");
            SignerDialog signerDialog = new SignerDialog(storageInfo, kNCACertificateType, hashMap);
            signerDialog.setVisible(true);
            if (signerDialog.getDoSign()) {
                responseMessage.setResponseObject(XMLUtil.createXmlSignature(KeyStoreUtil.getSigningEntity(KeyStoreUtil.getKeyStore(storageInfo.getStorage(), storageInfo.getContainer(), storageInfo.getPassword(), BundleProvider.KALKAN.getProvider()), storageInfo.getAlias(), storageInfo.getPassword()), str3, str4, str5, BundleProvider.KALKAN.getProvider()));
                responseMessage.setCode("200");
                if (storageInfo.isNewkey()) {
                    saveKey(signerDialog.getSelectedItem(), storageInfo);
                }
            } else {
                responseMessage.setMessage("action.canceled");
            }
        } catch (Exception e2) {
            BundleLog.LOG.log(1, e2.getMessage(), e2);
            responseMessage.setMessage(e2.getMessage());
        }
        return getJson(responseMessage);
    }

    public String getFilePath(String str, String str2) throws Exception {
        FileExtension valueOf = FileExtension.valueOf(str);
        File[] fileArr = new File[1];
        CountDownLatch countDownLatch = new CountDownLatch(1);
        Platform.runLater(() -> {
            fileArr[0] = this.javaFXThread.getFile(str2, valueOf);
            countDownLatch.countDown();
        });
        countDownLatch.await();
        File file = fileArr[0];
        ResponseForJS responseForJS = new ResponseForJS("200");
        try {
            if (file != null) {
                FileInfo fileInfo = new FileInfo(file.getPath(), Files.size(file.toPath()));
                fileInfo.setFilename(file.getName());
                fileInfo.setFiledir(file.getParent());
                responseForJS.setResponseObject(fileInfo);
            } else {
                responseForJS.setResponseObject(new FileInfo());
            }
        } catch (IOException e) {
            BundleLog.LOG.error(e.getMessage(), e);
            responseForJS.setCode("500");
            responseForJS.setMessage(getMessage("internalError"));
        }
        return getJson(responseForJS);
    }

    private void fillFromCert(SignerInfo signerInfo, X509Certificate x509Certificate) {
        HashMap rDNMapWithArrayValues = X509Util.getRDNMapWithArrayValues(new X509Name(x509Certificate.getSubjectDN().getName()));
        String[] strArr = (String[]) rDNMapWithArrayValues.get(X509Name.SERIALNUMBER.getId());
        if (strArr != null && strArr.length > 0) {
            signerInfo.setIin(strArr[0].substring(3));
        }
        String[] strArr2 = (String[]) rDNMapWithArrayValues.get(X509Name.CN.getId());
        if (strArr2 != null && strArr2.length > 0) {
            signerInfo.setName(strArr2[0].trim());
        }
        String[] strArr3 = (String[]) rDNMapWithArrayValues.get(X509Name.GIVENNAME.getId());
        if (strArr3 != null && strArr3.length > 0) {
            if (signerInfo.getName() != null) {
                signerInfo.setName(signerInfo.getName() + " " + strArr3[0]);
            } else {
                signerInfo.setName(strArr3[0]);
            }
        }
        try {
            signerInfo.setPersonCertificate(X509Util.containsExtKeyUsage(x509Certificate, "1.2.398.3.3.4.1.1"));
        } catch (CertificateParsingException e) {
            BundleLog.LOG.error(e.getMessage(), e);
        }
        if (!signerInfo.isPersonCertificate()) {
            String[] strArr4 = (String[]) rDNMapWithArrayValues.get(X509Name.OU.getId());
            if (strArr4 != null) {
                for (String str : strArr4) {
                    if ((str.contains("BIN") || str.contains("bin")) && str.length() == 15) {
                        signerInfo.setBin(str.substring(3));
                    }
                }
            }
            String[] strArr5 = (String[]) rDNMapWithArrayValues.get(X509Name.O.getId());
            if (strArr5 != null && strArr5.length > 0) {
                signerInfo.setOrganizationName(strArr5[0]);
            }
        }
        signerInfo.setSerialNumber(x509Certificate.getSerialNumber().toString(16));
        signerInfo.setCertificateValidityPeriod(this.df.format(x509Certificate.getNotBefore()) + " - " + this.df.format(x509Certificate.getNotAfter()));
    }

    private List<SignerInfo> verifyCMSResult(byte[] bArr) throws ClientException {
        ArrayList arrayList = new ArrayList();
        try {
            CMSSignedData parseAsCMS = CMSUtil.parseAsCMS(bArr);
            try {
                CertStore certificatesAndCRLs = parseAsCMS.getCertificatesAndCRLs("Collection", BundleProvider.KALKAN.getProvider().getName());
                for (SignerInformation signerInformation : parseAsCMS.getSignerInfos().getSigners()) {
                    SignerInfo signerInfo = new SignerInfo();
                    try {
                        Iterator<? extends Certificate> it = certificatesAndCRLs.getCertificates(signerInformation.getSID()).iterator();
                        if (it.hasNext()) {
                            X509Certificate x509Certificate = (X509Certificate) it.next();
                            fillFromCert(signerInfo, x509Certificate);
                            Date date = null;
                            try {
                                TimeStampToken timestampToken = CMSUtil.getTimestampToken(signerInformation, BundleProvider.KALKAN.getProvider());
                                if (timestampToken != null) {
                                    try {
                                        date = timestampToken.getTimeStampInfo().getGenTime();
                                        signerInfo.setTspDate(this.df.format(date));
                                        TSPUtil.validateTimeStampToken(timestampToken, signerInformation.getSignature(), BundleProvider.KALKAN.getProvider());
                                        signerInfo.setTspVerificationResult(new VerificationResult(true));
                                    } catch (IOException | NoSuchAlgorithmException | NoSuchProviderException | CertStoreException | CMSException e) {
                                        BundleLog.LOG.error(e.getMessage(), e);
                                        throw new ClientException(getMessage("cms.process.exception"));
                                    } catch (CertificateExpiredException | CertificateNotYetValidException | ProviderUtilException | TSPException e2) {
                                        BundleLog.LOG.error(e2.getMessage(), e2);
                                        signerInfo.setTspVerificationResult(new VerificationResult(false, getMessage("tsp.verification.error")));
                                    }
                                } else {
                                    signerInfo.setTspVerificationResult(new VerificationResult(false, getMessage("tsp.notFound")));
                                }
                                VerificationResult verifyCert = verifyCert(x509Certificate, false, date);
                                Date date2 = date == null ? new Date() : date;
                                if (verifyCert.isValid()) {
                                    try {
                                        new KNCAOCSPChecker(getCaCertsMap()).check(x509Certificate);
                                    } catch (CertPathValidatorException e3) {
                                        if (e3.getCause() instanceof KalkanException) {
                                            KalkanException cause = e3.getCause();
                                            if (cause.getErrorCode().equals(OCSPCode.STATUS_REVOKED) && ((Date) cause.get("time")).before(date2)) {
                                                verifyCert = new VerificationResult(false, getMessage("ocsp.revoked"));
                                            }
                                            if (cause.getErrorCode().equals(OCSPCode.STATUS_UNKNOWN)) {
                                                verifyCert = new VerificationResult(false, getMessage("error.certificate.ocsp.unknown"));
                                            }
                                            if (cause.getErrorCode().equals(OCSPCode.NONCES_NOT_EQUAL)) {
                                                verifyCert = new VerificationResult(false, getMessage("error.certificate.ocsp.nonces"));
                                            }
                                            if (cause.getErrorCode().equals(OCSPCode.OCSP_RESP_NOT_VERIFIED)) {
                                                verifyCert = new VerificationResult(false, getMessage("error.certificate.ocsp.not_verified"));
                                            }
                                        }
                                    }
                                }
                                signerInfo.setCertificateVerificationResult(verifyCert);
                                try {
                                    signerInfo.setSignatureVerificationResult(new VerificationResult(signerInformation.verify(x509Certificate, BundleProvider.KALKAN.getProvider().getName())));
                                } catch (NoSuchAlgorithmException | NoSuchProviderException | CMSException e4) {
                                    BundleLog.LOG.error(e4.getMessage(), e4);
                                    throw new ClientException(getMessage("cms.process.exception"));
                                } catch (CertificateExpiredException | CertificateNotYetValidException e5) {
                                    BundleLog.LOG.error(e5.getMessage(), e5);
                                    signerInfo.setSignatureVerificationResult(new VerificationResult(false, getMessage("sign.validity.cert.invalid")));
                                }
                            } catch (Exception e6) {
                                BundleLog.LOG.error(e6.getMessage(), e6);
                                throw new ClientException(getMessage("cms.process.exception"));
                            }
                        } else {
                            signerInfo.setCertificateVerificationResult(new VerificationResult(false, getMessage("cms.cert.404")));
                        }
                        signerInfo.setValidSignature(signerInfo.getSignatureVerificationResult().isValid() && signerInfo.getCertificateVerificationResult().isValid() && signerInfo.getTspVerificationResult().isValid());
                        arrayList.add(signerInfo);
                    } catch (CertStoreException e7) {
                        BundleLog.LOG.error(e7.getMessage(), e7);
                        throw new ClientException(getMessage("cms.process.exception"));
                    }
                }
                return arrayList;
            } catch (NoSuchProviderException | CMSException | NoSuchAlgorithmException e8) {
                BundleLog.LOG.error(e8.getMessage(), e8);
                throw new ClientException(getMessage("cms.process.exception"));
            }
        } catch (CMSException e9) {
            BundleLog.LOG.error(e9.getMessage(), e9);
            throw new ClientException(getMessage("cms.exception"));
        }
    }

    public String checkCMS(String str) {
        ResponseForJS responseForJS = new ResponseForJS("500");
        try {
            List<SignerInfo> verifyCMSResult = verifyCMSResult(getFileFromPath(str).getBytes());
            responseForJS.setCode("200");
            responseForJS.setResponseObjects(verifyCMSResult.toArray());
        } catch (ClientException e) {
            responseForJS.setMessage(e.getMessage());
        } catch (Exception e2) {
            BundleLog.LOG.error(e2.getMessage(), e2);
            responseForJS.setMessage(getMessage("internalError"));
        }
        return getJson(responseForJS);
    }

    public String signXmlApi(final String str, String str2, String str3) {
        ResponseForJS responseForJS = new ResponseForJS("500");
        try {
            String str4 = "<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"no\"?>" + str3 + "";
            KalkanProvider kalkanProvider = new KalkanProvider();
            Security.addProvider(kalkanProvider);
            KncaXS.loadXMLSecurity();
            DocumentBuilderFactory newInstance = DocumentBuilderFactory.newInstance();
            newInstance.setNamespaceAware(true);
            newInstance.newDocumentBuilder().parse(new ByteArrayInputStream(str4.getBytes("UTF-8")));
            KeyStore keyStore = KeyStore.getInstance("PKCS12", kalkanProvider.getName());
            keyStore.load((InputStream) AccessController.doPrivileged(new PrivilegedExceptionAction<FileInputStream>() { // from class: kz.uchet.signUtil.CommonUtils.1
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedExceptionAction
                public FileInputStream run() throws Exception {
                    return new FileInputStream(str);
                }
            }), str2.toCharArray());
            keyStore.aliases();
            StorageInfo storageInfoApiWithPathAndPass = getStorageInfoApiWithPathAndPass("PKCS12", str, str2);
            KeyStore keyStore2 = KeyStoreUtil.getKeyStore(storageInfoApiWithPathAndPass.getStorage(), storageInfoApiWithPathAndPass.getContainer(), storageInfoApiWithPathAndPass.getPassword(), BundleProvider.KALKAN.getProvider());
            Map keyStoreEntries = KeyStoreUtil.getKeyStoreEntries(storageInfoApiWithPathAndPass.getStorage(), storageInfoApiWithPathAndPass.getContainer(), KNCACertificateType.SIGNATURE, storageInfoApiWithPathAndPass.getPassword(), BundleProvider.KALKAN.getProvider());
            r25 = null;
            if (keyStoreEntries.size() > 1) {
                r25 = showKeyChooser(keyStoreEntries.entrySet());
            } else {
                for (String str5 : keyStoreEntries.keySet()) {
                }
            }
            String createXmlSignature = XMLUtil.createXmlSignature(KeyStoreUtil.getSigningEntity(keyStore2, str5, storageInfoApiWithPathAndPass.getPassword()), str4, "", "", BundleProvider.KALKAN.getProvider());
            responseForJS.setCode("200");
            responseForJS.setMessage(createXmlSignature);
        } catch (Exception e) {
            e.printStackTrace();
            responseForJS.setMessage(e.getMessage());
        }
        return getJson(responseForJS);
    }

    public String signFile(String str, String str2, String str3, String str4) {
        return (str == null || str.isEmpty()) ? "no no no !!!" : signFilePath(str, str3, str4);
    }

    public String signFileFromDiskAndSaveToDiskApi(String str, String str2, String str3, String str4, String str5, String str6) {
        ResponseForJS responseForJS = new ResponseForJS("500");
        String str7 = "";
        boolean z = false;
        try {
            str7 = sendGET(str);
        } catch (Exception e) {
            System.out.println("tokenResponse error: " + e.getMessage());
        }
        if (str7.compareTo("ok") == 0) {
            z = true;
        } else {
            responseForJS.setMessage(str7);
        }
        if (z) {
            if (str6 != null) {
                try {
                    if (!str6.trim().isEmpty()) {
                        responseForJS.setResponseObject(signFileFromDiskAndSaveToDisk(getFileFromPath(str2, str3), str6, str4, str5));
                        responseForJS.setCode("200");
                        responseForJS.setMessage(getMessage("cms.signed"));
                    }
                } catch (ClientException e2) {
                    responseForJS.setMessage(e2.getMessage());
                } catch (Exception e3) {
                    BundleLog.LOG.error(e3.getMessage(), e3);
                    responseForJS.setMessage(getMessage("internalError"));
                }
            }
            throw new ClientException(getMessage("404"));
        }
        return getJson(responseForJS);
    }

    private String signFileFromDiskAndSaveToDisk(FileInfo fileInfo, String str, String str2, String str3) throws Exception {
        if (str == null || str.isEmpty()) {
            throw new ClientException(getMessage("invalid.param"));
        }
        StorageInfo storageInfoApiWithPathAndPass = getStorageInfoApiWithPathAndPass(str, str2, str3);
        Map keyStoreEntries = KeyStoreUtil.getKeyStoreEntries(storageInfoApiWithPathAndPass.getStorage(), storageInfoApiWithPathAndPass.getContainer(), KNCACertificateType.SIGNATURE, storageInfoApiWithPathAndPass.getPassword(), BundleProvider.KALKAN.getProvider());
        if (keyStoreEntries.size() <= 0) {
            throw new ClientException(getMessage("keyNotFound"));
        }
        r13 = null;
        if (keyStoreEntries.size() > 1) {
            r13 = showKeyChooser(keyStoreEntries.entrySet());
        } else {
            for (String str4 : keyStoreEntries.keySet()) {
            }
        }
        if (str4 == null) {
            throw new ClientException(getMessage("action.canceled"));
        }
        checkCert(((KeyStoreEntry) keyStoreEntries.get(str4)).getX509Certificate());
        return saveFile(createCAdES(storageInfoApiWithPathAndPass.getKeyStore(), str4, storageInfoApiWithPathAndPass.getPassword(), fileInfo.getBytes()), fileInfo.getFilename(), fileInfo.getFiledir());
    }

    private String sendGET(String str) throws IOException {
        String str2;
        String str3;
        String str4;
        if (str.contains("test")) {
            str2 = "http://localhost:8080/checkSignToken";
            str3 = str.substring(5);
        } else {
            str2 = "http://ncalayer.uchet.kz:8080/checkSignToken";
            str3 = str;
        }
        HttpURLConnection httpURLConnection = (HttpURLConnection) new URL(str2).openConnection();
        httpURLConnection.setRequestMethod("POST");
        httpURLConnection.setRequestProperty("User-Agent", "Mozilla/5.0");
        httpURLConnection.setRequestProperty("Accept-Language", "en-US,en;q=0.5");
        httpURLConnection.setRequestProperty("Content-Type", "application/json");
        String str5 = "{\"sign_token\":\"" + str3 + "\"}";
        try {
            httpURLConnection.setDoOutput(true);
            DataOutputStream dataOutputStream = new DataOutputStream(httpURLConnection.getOutputStream());
            dataOutputStream.writeBytes(str5);
            dataOutputStream.flush();
            dataOutputStream.close();
            httpURLConnection.getResponseCode();
            BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(httpURLConnection.getInputStream()));
            StringBuffer stringBuffer = new StringBuffer();
            while (true) {
                String readLine = bufferedReader.readLine();
                if (readLine == null) {
                    break;
                }
                stringBuffer.append(readLine);
            }
            bufferedReader.close();
            JSONObject jSONObject = new JSONObject(stringBuffer.toString());
            String string = jSONObject.getString("error");
            String string2 = jSONObject.getString("result");
            str4 = string.isEmpty() ? string2 : "";
            if (string2.isEmpty()) {
                str4 = string;
            }
        } catch (Exception e) {
            str4 = "Сервер лицензирования не доступен";
        }
        return str4;
    }

    private StorageInfo getStorageInfoApiWithPathAndPass(String str, String str2, String str3) throws ClientException {
        StorageInfo storageInfo = new StorageInfo(str);
        if (storageInfo.getStorage().isToken() && storageInfo.getContainers().size() == 0) {
            throw new ClientException("Носитель не обнаружен");
        }
        storageInfo.setContainer(str2);
        storageInfo.setPassword(str3.toCharArray());
        try {
            storageInfo.setKeyStore(getKeyStore(storageInfo));
        } catch (Exception e) {
            e.printStackTrace();
        }
        if (storageInfo.getKeyStore() == null) {
            throw new ClientException("Не удалось открыть хранилище");
        }
        return storageInfo;
    }

    public String signFileAndReturnBase64Api(String str, String str2, String str3, String str4, String str5) {
        ResponseForJS responseForJS = new ResponseForJS("500");
        String str6 = "";
        boolean z = false;
        try {
            str6 = sendGET(str);
        } catch (Exception e) {
        }
        if (str6.compareTo("ok") == 0) {
            z = true;
        } else {
            responseForJS.setMessage(str6);
        }
        if (z) {
            if (str5 != null) {
                try {
                    if (!str5.trim().isEmpty()) {
                        responseForJS.setResponseObject(signFileFromBase64AndReturn(getFileFromBase64(str2), str5, str3, str4));
                        responseForJS.setCode("200");
                        responseForJS.setMessage(getMessage("cms.signed"));
                    }
                } catch (ClientException e2) {
                    responseForJS.setMessage(e2.getMessage());
                } catch (Exception e3) {
                    BundleLog.LOG.error(e3.getMessage(), e3);
                    responseForJS.setMessage(getMessage("internalError"));
                }
            }
            throw new ClientException(getMessage("404"));
        }
        return getJson(responseForJS);
    }

    private String signFileFromBase64AndReturn(FileInfo fileInfo, String str, String str2, String str3) throws Exception {
        if (str == null || str.isEmpty()) {
            throw new ClientException(getMessage("invalid.param"));
        }
        StorageInfo storageInfoApiWithPathAndPass = getStorageInfoApiWithPathAndPass(str, str2, str3);
        Map keyStoreEntries = KeyStoreUtil.getKeyStoreEntries(storageInfoApiWithPathAndPass.getStorage(), storageInfoApiWithPathAndPass.getContainer(), KNCACertificateType.SIGNATURE, storageInfoApiWithPathAndPass.getPassword(), BundleProvider.KALKAN.getProvider());
        if (keyStoreEntries.size() <= 0) {
            throw new ClientException(getMessage("keyNotFound"));
        }
        r13 = null;
        if (keyStoreEntries.size() > 1) {
            r13 = showKeyChooser(keyStoreEntries.entrySet());
        } else {
            for (String str4 : keyStoreEntries.keySet()) {
            }
        }
        if (str4 == null) {
            throw new ClientException(getMessage("action.canceled"));
        }
        checkCert(((KeyStoreEntry) keyStoreEntries.get(str4)).getX509Certificate());
        return new String(Base64.getEncoder().encode(createCAdES(storageInfoApiWithPathAndPass.getKeyStore(), str4, storageInfoApiWithPathAndPass.getPassword(), fileInfo.getBytes()).getEncoded()));
    }

    private FileInfo getFileFromBase64(String str) {
        FileInfo fileInfo = new FileInfo();
        try {
            Base64.getEncoder().encode(str.getBytes());
            fileInfo.setBytes(Base64.getDecoder().decode(str.getBytes(StandardCharsets.UTF_8)));
        } catch (Exception e) {
            e.printStackTrace();
        }
        return fileInfo;
    }

    private String signApi(FileInfo fileInfo, String str) throws Exception {
        if (str == null || str.isEmpty()) {
            throw new ClientException(getMessage("invalid.param"));
        }
        StorageInfo storageInfoApi = getStorageInfoApi(str);
        Map keyStoreEntries = KeyStoreUtil.getKeyStoreEntries(storageInfoApi.getStorage(), storageInfoApi.getContainer(), KNCACertificateType.SIGNATURE, storageInfoApi.getPassword(), BundleProvider.KALKAN.getProvider());
        if (keyStoreEntries.size() <= 0) {
            throw new ClientException(getMessage("keyNotFound"));
        }
        r11 = null;
        if (keyStoreEntries.size() > 1) {
            r11 = showKeyChooser(keyStoreEntries.entrySet());
        } else {
            for (String str2 : keyStoreEntries.keySet()) {
            }
        }
        if (str2 == null) {
            throw new ClientException(getMessage("action.canceled"));
        }
        checkCert(((KeyStoreEntry) keyStoreEntries.get(str2)).getX509Certificate());
        return saveFile(createCAdES(storageInfoApi.getKeyStore(), str2, storageInfoApi.getPassword(), fileInfo.getBytes()), fileInfo.getFilename(), fileInfo.getFiledir());
    }

    private StorageInfo getStorageInfoApi(String str) throws ClientException {
        StorageInfo storageInfo = new StorageInfo(str);
        if (storageInfo.getStorage().isToken() && storageInfo.getContainers().size() == 0) {
            throw new ClientException("Носитель не обнаружен");
        }
        storageInfo.setContainer("/Users/leonid/Documents/Ключи егов/Мои 2020/RSA256_58e56100313971b5b938a443b8be3f78879d60fd.p12");
        storageInfo.setPassword("F1rstB1t".toCharArray());
        try {
            storageInfo.setKeyStore(getKeyStore(storageInfo));
        } catch (Exception e) {
            e.printStackTrace();
        }
        if (storageInfo.getKeyStore() == null) {
            throw new ClientException("Не удалось открыть хранилище");
        }
        return storageInfo;
    }

    private KeyStore getKeyStore(StorageInfo storageInfo) throws Exception {
        try {
            return KeyStoreUtil.getKeyStore(storageInfo.getStorage(), storageInfo.getContainer(), storageInfo.getPassword(), BundleProvider.KALKAN.getProvider());
        } catch (ProviderUtilException e) {
            BundleLog.LOG.log(1, e.getMessage(), e);
            if (!e.getCode().equals(ProviderUtilExceptionCode.WRONG_KEYSTORE_PASSWORD)) {
                if (e.getCode().equals(ProviderUtilExceptionCode.BLOCKED_KEYSTORE_PASSWORD)) {
                    throw new ClientException(getMessage("pwd.blocked"));
                }
                throw new ClientException(e.getMessage());
            }
            String message = getMessage("pwd.wrongPin");
            if (e.getTryCount() > -1) {
                message = message + " " + getMessage("pwd.retryCount") + " " + String.valueOf(e.getTryCount());
            }
            throw new ClientException(message);
        }
    }

    public String signFilePath(String str, String str2, String str3) {
        ResponseForJS responseForJS = new ResponseForJS("500");
        if (str3 != null) {
            try {
            } catch (ClientException e) {
                responseForJS.setMessage(e.getMessage());
            } catch (Exception e2) {
                BundleLog.LOG.error(e2.getMessage(), e2);
                responseForJS.setMessage(getMessage("internalError"));
            }
            if (!str3.trim().isEmpty()) {
                responseForJS.setResponseObject(sign(getFileFromPath(str, str2), str3));
                responseForJS.setCode("200");
                responseForJS.setMessage(getMessage("cms.signed"));
                return getJson(responseForJS);
            }
        }
        throw new ClientException(getMessage("404"));
    }

    private String sign(FileInfo fileInfo, String str) throws Exception {
        if (str == null || str.isEmpty()) {
            throw new ClientException(getMessage("invalid.param"));
        }
        StorageInfo storageInfo = getStorageInfo(str);
        Map keyStoreEntries = KeyStoreUtil.getKeyStoreEntries(storageInfo.getStorage(), storageInfo.getContainer(), KNCACertificateType.SIGNATURE, storageInfo.getPassword(), BundleProvider.KALKAN.getProvider());
        if (keyStoreEntries.size() <= 0) {
            throw new ClientException(getMessage("keyNotFound"));
        }
        r11 = null;
        if (keyStoreEntries.size() > 1) {
            r11 = showKeyChooser(keyStoreEntries.entrySet());
        } else {
            for (String str2 : keyStoreEntries.keySet()) {
            }
        }
        if (str2 == null) {
            throw new ClientException(getMessage("action.canceled"));
        }
        checkCert(((KeyStoreEntry) keyStoreEntries.get(str2)).getX509Certificate());
        return saveFile(createCAdES(storageInfo.getKeyStore(), str2, storageInfo.getPassword(), fileInfo.getBytes()), fileInfo.getFilename(), fileInfo.getFiledir());
    }

    private CMSSignedData createCAdES(KeyStore keyStore, String str, char[] cArr, byte[] bArr) throws Exception {
        try {
            SigningEntity signingEntity = KeyStoreUtil.getSigningEntity(keyStore, str, cArr);
            CMSSignedData createCAdES = CMSUtil.createCAdES(signingEntity, bArr, true, BundleProvider.KALKAN.getProvider());
            TSAProfile tSAProfile = new TSAProfile();
            tSAProfile.setHashAlgorithm(KalkanHashAlgorithm.HASH_SHA256);
            tSAProfile.setRequestMethod(KNCAServiceRequestMethod.GET);
            tSAProfile.setTsaPolicy(TSAPolicy.TSA_RSA);
            return CMSUtil.applyCAdEST(createCAdES, signingEntity, tSAProfile, BundleProvider.KALKAN.getProvider());
        } catch (ProviderUtilException e) {
            BundleLog.LOG.error(e.getMessage(), e);
            throw new ClientException("Ошибка. Код: " + e.getCode().name());
        }
    }

    private String saveFile(CMSSignedData cMSSignedData, String str, String str2) throws ClientException {
        Path path;
        try {
            try {
                path = Paths.get(str2 + FileSystems.getDefault().getSeparator() + str + (str.endsWith(".cms") ? "" : ".cms"), new String[0]);
            } catch (InvalidPathException e) {
                BundleLog.LOG.error(e.getMessage(), e);
                path = Paths.get(str2 + FileSystems.getDefault().getSeparator() + "signedCMS.cms", new String[0]);
            }
            Files.write(path, cMSSignedData.getEncoded(), new OpenOption[0]);
            return path.toAbsolutePath().toString();
        } catch (Exception e2) {
            BundleLog.LOG.error(e2.getMessage(), e2);
            throw new ClientException(getMessage("file.ioException"));
        }
    }

    private void checkCert(X509Certificate x509Certificate) throws ClientException {
        VerificationResult verifyCert = verifyCert(x509Certificate, false, null);
        if (verifyCert.isValid()) {
            try {
                new KNCAOCSPChecker(getCaCertsMap()).check(x509Certificate);
            } catch (CertPathValidatorException e) {
                if (e.getCause() instanceof KalkanException) {
                    KalkanException cause = e.getCause();
                    if (cause.getErrorCode().equals(OCSPCode.STATUS_REVOKED)) {
                        verifyCert = new VerificationResult(false, getMessage("ocsp.revoked"));
                    }
                    if (cause.getErrorCode().equals(OCSPCode.STATUS_UNKNOWN)) {
                        verifyCert = new VerificationResult(false, getMessage("error.certificate.ocsp.unknown"));
                    }
                    if (cause.getErrorCode().equals(OCSPCode.NONCES_NOT_EQUAL)) {
                        verifyCert = new VerificationResult(false, getMessage("error.certificate.ocsp.nonces"));
                    }
                    if (cause.getErrorCode().equals(OCSPCode.OCSP_RESP_NOT_VERIFIED)) {
                        verifyCert = new VerificationResult(false, getMessage("error.certificate.ocsp.not_verified"));
                    }
                }
            }
        }
        if (!verifyCert.isValid()) {
            throw new ClientException(verifyCert.getMessage());
        }
    }

    private Map<X500Principal, X509Certificate> getCaCertsMap() {
        this.caCertsMap = new HashMap();
        for (X509Certificate x509Certificate : getCaCertList()) {
            this.caCertsMap.put(x509Certificate.getSubjectX500Principal(), x509Certificate);
        }
        return this.caCertsMap;
    }

    private VerificationResult verifyCert(X509Certificate x509Certificate, boolean z, Date date) throws ClientException {
        try {
            if (!X509Util.getKNCACertificateType(x509Certificate).contains(KNCACertificateType.SIGNATURE)) {
                return new VerificationResult(false, getMessage("error.certificate.type"));
            }
            try {
                PKIXUtil pKIXUtil = new PKIXUtil(x509Certificate, getCaCertList());
                if (z) {
                    pKIXUtil = pKIXUtil.withOCSP();
                }
                if (date != null) {
                    pKIXUtil.withDate(date);
                }
                pKIXUtil.validate();
                return (X509Util.containsExtKeyUsage(x509Certificate, "1.2.398.5.19.1.2.2.1.2") || X509Util.containsExtKeyUsage(x509Certificate, "1.2.398.5.19.1.2.2.1")) ? new VerificationResult(false, getMessage("cert.verification.error")) : new VerificationResult(true);
            } catch (ProviderUtilException e) {
                BundleLog.LOG.error(e.getMessage(), e);
                if (e.getCause() != null && (e.getCause() instanceof CertPathBuilderException)) {
                    CertPathBuilderException certPathBuilderException = (CertPathBuilderException) e.getCause();
                    if (certPathBuilderException.getCause() != null && (certPathBuilderException.getCause() instanceof ExtCertPathValidatorException)) {
                        ExtCertPathValidatorException cause = certPathBuilderException.getCause();
                        if (cause.getCause() != null && (cause.getCause() instanceof CertificateExpiredException)) {
                            return new VerificationResult(false, getMessage("cert.expired"));
                        }
                        if (cause.getCause() != null && (cause.getCause() instanceof CertificateNotYetValidException)) {
                            return new VerificationResult(false, getMessage("cert.not_yet_valid"));
                        }
                        if (cause.getCause() != null && (cause.getCause() instanceof CertPathValidatorException)) {
                            CertPathValidatorException certPathValidatorException = (CertPathValidatorException) cause.getCause();
                            if (certPathValidatorException.getCause() != null && (certPathValidatorException.getCause() instanceof KalkanException)) {
                                KalkanException cause2 = certPathValidatorException.getCause();
                                if (cause2.getErrorCode().equals(OCSPCode.STATUS_REVOKED)) {
                                    return new VerificationResult(false, getMessage("ocsp.revoked"));
                                }
                                if (cause2.getErrorCode().equals(OCSPCode.STATUS_UNKNOWN)) {
                                    return new VerificationResult(false, getMessage("error.certificate.ocsp.unknown"));
                                }
                                if (cause2.getErrorCode().equals(OCSPCode.NONCES_NOT_EQUAL)) {
                                    return new VerificationResult(false, getMessage("error.certificate.ocsp.nonces"));
                                }
                                if (cause2.getErrorCode().equals(OCSPCode.OCSP_RESP_NOT_VERIFIED)) {
                                    return new VerificationResult(false, getMessage("error.certificate.ocsp.not_verified"));
                                }
                                if (cause2.getErrorCode().equals(OCSPCode.THIS_UPDATE_NOT_SATISFIED) || cause2.getErrorCode().equals(OCSPCode.NEXT_UPDATE_NOT_SATISFIED) || cause2.getErrorCode().equals(OCSPCode.ALLOWED_PERIOD_NOT_SATISFIED)) {
                                    return new VerificationResult(false, getMessage("ocsp.exception"));
                                }
                            }
                        }
                        if (cause.getCause() != null && (cause.getCause() instanceof InvalidKeyException)) {
                            return new VerificationResult(false, getMessage("error.certificate.ca"));
                        }
                    }
                }
                return e.getCode().equals(ProviderUtilExceptionCode.ISSUER_CERT_NOT_FOUND) ? new VerificationResult(false, getMessage("error.certificate.ca")) : new VerificationResult(false, e.getCode().toString());
            }
        } catch (Exception e2) {
            BundleLog.LOG.error(e2.getMessage(), e2);
            throw new ClientException(getMessage("cert.process.exception"));
        }
    }

    private static X509Certificate generateCert(InputStream inputStream) throws Exception {
        return (X509Certificate) CertificateFactory.getInstance("X.509", "KALKAN").generateCertificate(inputStream);
    }

    private Collection<X509Certificate> getCaCertList() {
        this.caCertList = new ArrayList();
        try {
            X509Certificate generateCert = generateCert(new URL("https://pki.gov.kz/cert/nca_gost.crt").openStream());
            if (generateCert != null) {
                try {
                    this.caCertList.add(generateCert);
                } catch (Exception e) {
                    System.out.println("error addind new cert " + e.getMessage());
                }
            } else {
                System.out.println("cert is null");
            }
        } catch (Exception e2) {
            System.out.println("errr " + e2.getMessage());
        }
        try {
            X509Certificate generateCert2 = generateCert(new URL("https://pki.gov.kz/cert/nca_rsa.crt").openStream());
            if (generateCert2 != null) {
                try {
                    this.caCertList.add(generateCert2);
                } catch (Exception e3) {
                    System.out.println("error addind new cert " + e3.getMessage());
                }
            } else {
                System.out.println("cert is null");
            }
        } catch (Exception e4) {
            System.out.println("errr " + e4.getMessage());
        }
        return this.caCertList;
    }

    public String showKeyChooser(Collection<Map.Entry<String, KeyStoreEntry>> collection) {
        new String[1][0] = null;
        return "";
    }

    private StorageInfo getStorageInfo(String str) throws ClientException {
        StorageInfo storageInfo = new StorageInfo(str);
        if (storageInfo.getStorage().isToken() && storageInfo.getContainers().size() == 0) {
            throw new ClientException("Носитель не обнаружен");
        }
        CountDownLatch countDownLatch = new CountDownLatch(1);
        Platform.runLater(() -> {
            this.javaFXThread.fillStorageInfo(storageInfo);
            countDownLatch.countDown();
        });
        try {
            countDownLatch.await();
        } catch (InterruptedException e) {
        }
        if (storageInfo.getKeyStore() == null) {
            throw new ClientException("Не удалось открыть хранилище");
        }
        return storageInfo;
    }

    public String getMessage(String str) {
        return ResourceBundle.getBundle("i18n.dictionary", this.locale).getString(str);
    }

    private FileInfo getFileFromPath(String str, String str2) throws ClientException {
        if (str2 == null || str2.trim().isEmpty()) {
            throw new ClientException(getMessage("404"));
        }
        FileInfo fileFromPath = getFileFromPath(str);
        fileFromPath.setFiledir(str2);
        return fileFromPath;
    }

    private FileInfo getFileFromPath(String str) throws ClientException {
        if (str == null || str.trim().isEmpty()) {
            throw new ClientException(getMessage("404"));
        }
        FileInfo fileInfo = new FileInfo();
        try {
            Path path = Paths.get(str, new String[0]);
            fileInfo.setBytes(getBytes(path));
            fileInfo.setFilename(path.getFileName().toString());
            if (fileInfo.getBytes() == null) {
                throw new ClientException(getMessage("file.ioException"));
            }
            return fileInfo;
        } catch (IOException e) {
            BundleLog.LOG.error(e.getMessage(), e);
            throw new ClientException(getMessage("file.ioException"));
        }
    }

    private byte[] getBytes(Path path) throws IOException {
        InputStream newInputStream = Files.newInputStream(path, new OpenOption[0]);
        Throwable th = null;
        try {
            try {
                byte[] readAllBytes = Files.readAllBytes(path);
                if (newInputStream != null) {
                    if (0 != 0) {
                        try {
                            newInputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        newInputStream.close();
                    }
                }
                return readAllBytes;
            } finally {
            }
        } catch (Throwable th3) {
            if (newInputStream != null) {
                if (th != null) {
                    try {
                        newInputStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    newInputStream.close();
                }
            }
            throw th3;
        }
    }

    private void saveKey(KeyStoreEntry keyStoreEntry, StorageInfo storageInfo) {
    }

    private String getJson(Object obj) {
        return ((JSONObject) JSONObject.wrap(obj)).toString();
    }
}
