package program.fattelettr;

import java.awt.Component;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.ProviderException;
import java.security.Security;
import java.security.UnrecoverableEntryException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.sql.Connection;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.regex.Pattern;
import javax.naming.InvalidNameException;
import javax.naming.ldap.LdapName;
import javax.naming.ldap.Rdn;
import javax.security.auth.login.FailedLoginException;
import javax.security.auth.login.LoginException;
import javax.swing.Icon;
import javax.swing.JOptionPane;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.DERSet;
import org.bouncycastle.asn1.cms.Attribute;
import org.bouncycastle.asn1.cms.AttributeTable;
import org.bouncycastle.asn1.cms.ContentInfo;
import org.bouncycastle.asn1.ess.ESSCertIDv2;
import org.bouncycastle.asn1.ess.SigningCertificateV2;
import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaCertStore;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.cms.CMSProcessableByteArray;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.cms.CMSSignedDataGenerator;
import org.bouncycastle.cms.DefaultSignedAttributeTableGenerator;
import org.bouncycastle.cms.SignerInfoGeneratorBuilder;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.bc.BcDigestCalculatorProvider;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import program.archiviazione.morena.ScanSession;
import program.globs.Gest_Lancio;
import program.globs.Globs;
import program.globs.MyHashMap;
import sun.security.pkcs11.SunPKCS11;
import sun.security.pkcs11.wrapper.PKCS11Exception;

/* loaded from: input_file:program/fattelettr/Firma.class */
public class Firma {
    private Component context;
    private Connection conn;
    private Gest_Lancio gl;
    private SunPKCS11 pkcs11Provider = null;
    private KeyStore ks = null;
    private String alias = null;
    public static final String BCLIB_1 = "bcpkix-jdk15on-152.jar";
    public static final String BCLIB_2 = "bcprov-jdk15on-152.jar";
    public static final String WHITESPACE_REGEX = "\\s";
    public static final Pattern BASE64_PATTERN = Pattern.compile("^([A-Za-z0-9+/]{4})*([A-Za-z0-9+/]{4}|[A-Za-z0-9+/]{3}=|[A-Za-z0-9+/]{2}==)?$");

    public Firma(Component component, Connection connection, Gest_Lancio gest_Lancio) {
        this.context = null;
        this.conn = null;
        this.gl = null;
        this.context = component;
        this.conn = connection;
        this.gl = gest_Lancio;
    }

    public boolean init(String str) {
        if (this.conn == null) {
            return false;
        }
        try {
            String str2 = String.valueOf(Globs.PATH_CONFIG) + "pkcs11.cfg";
            File file = new File(str2);
            if (file == null || !file.exists()) {
                Globs.DownloadFile(this.context, String.valueOf(Globs.SERVERAGG) + "config/pkcs11.cfg", Globs.PATH_CONFIG, "pkcs11.cfg", true, true, false);
            }
            this.pkcs11Provider = new SunPKCS11(str2);
            Security.addProvider(this.pkcs11Provider);
            char[] showDialog = Globs.checkNullEmpty(str) ? Popup_Pin.showDialog(this.conn, "Firma") : str.toCharArray();
            if (showDialog == null) {
                Globs.gest_errore(this.context, "PIN non valido!", true, true);
                close();
                return false;
            }
            this.ks = KeyStore.getInstance("PKCS11", (Provider) this.pkcs11Provider);
            this.ks.load(null, showDialog);
            ArrayList arrayList = new ArrayList();
            Enumeration<String> aliases = this.ks.aliases();
            while (aliases.hasMoreElements()) {
                MyHashMap myHashMap = new MyHashMap();
                myHashMap.put("alias", aliases.nextElement());
                X509Certificate x509Certificate = (X509Certificate) this.ks.getCertificate(myHashMap.getString("alias"));
                if (!x509Certificate.getKeyUsage()[0]) {
                    Iterator it = new LdapName(x509Certificate.getSubjectDN().getName()).getRdns().iterator();
                    while (true) {
                        if (!it.hasNext()) {
                            break;
                        }
                        Rdn rdn = (Rdn) it.next();
                        if (rdn.getType().equalsIgnoreCase("CN")) {
                            myHashMap.put("CN", (String) rdn.getValue());
                            break;
                        }
                    }
                    arrayList.add(myHashMap);
                }
            }
            Object[] objArr = new Object[arrayList.size()];
            for (int i = 0; i < arrayList.size(); i++) {
                objArr[i] = ((MyHashMap) arrayList.get(i)).getString("CN");
            }
            if (arrayList.size() > 1) {
                String str3 = (String) JOptionPane.showInputDialog(this.context, "Seleziona un certificato:\n", "Lista certificati", -1, (Icon) null, objArr, objArr[0]);
                if (str3 == null) {
                    Globs.gest_errore(this.context, "Operazione annullata!", true, true);
                    close();
                    return false;
                }
                for (int i2 = 0; i2 < arrayList.size(); i2++) {
                    if (str3.equalsIgnoreCase(((MyHashMap) arrayList.get(i2)).getString("CN"))) {
                        this.alias = ((MyHashMap) arrayList.get(i2)).getString("alias");
                    }
                }
            } else {
                this.alias = ((MyHashMap) arrayList.get(0)).getString("alias");
            }
            if (this.alias != null) {
                return true;
            }
            Globs.gest_errore(this.context, "Operazione annullata!", true, true);
            close();
            return false;
        } catch (ProviderException e) {
            if (e.getCause() == null || !(e.getCause() instanceof ProviderException)) {
                Globs.gest_errore(this.context, e, true, true);
            } else {
                Globs.gest_errore(this.context, "Lettore di SmartCard non rilevato!", true, true);
            }
            close();
            return false;
        } catch (InvalidNameException e2) {
            Globs.gest_errore(this.context, e2, true, true);
            close();
            return false;
        } catch (IOException e3) {
            if (e3.getCause() != null && (e3.getCause() instanceof FailedLoginException)) {
                Globs.gest_errore(this.context, "Pin errato! Attenzione, dopo il terzo tentativo di inserirmento errato il pin sarà bloccato!", true, true);
            } else if (e3.getCause() == null || !(e3.getCause() instanceof LoginException)) {
                Globs.gest_errore(this.context, e3, true, true);
            } else if (e3.getCause().getCause() != null && (e3.getCause().getCause() instanceof PKCS11Exception)) {
                Globs.gest_errore(this.context, "Pin bloccato dopo il terzo tentativo di inserirmento, per sbloccarlo si prega di seguire le istruzioni del software della SmartCard!", true, true);
            }
            close();
            return false;
        } catch (KeyStoreException e4) {
            Globs.gest_errore(this.context, e4, true, true);
            close();
            return false;
        } catch (NoSuchAlgorithmException e5) {
            Globs.gest_errore(this.context, e5, true, true);
            close();
            return false;
        } catch (CertificateException e6) {
            Globs.gest_errore(this.context, e6, true, true);
            close();
            return false;
        } catch (Exception e7) {
            Globs.gest_errore(this.context, e7, true, true);
            close();
            return false;
        }
    }

    public byte[] firma(byte[] bArr) {
        PrivateKey privateKey;
        ArrayList arrayList;
        X509Certificate x509Certificate;
        String sigAlgName;
        byte[] bArr2;
        byte[] bArr3 = null;
        if (this.ks == null || this.alias == null) {
            return null;
        }
        try {
            Security.addProvider(new BouncyCastleProvider());
            KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) this.ks.getEntry(this.alias, null);
            privateKey = privateKeyEntry.getPrivateKey();
            Certificate[] certificateChain = privateKeyEntry.getCertificateChain();
            arrayList = new ArrayList();
            for (Certificate certificate : certificateChain) {
                arrayList.add((X509Certificate) certificate);
            }
            x509Certificate = (X509Certificate) arrayList.get(0);
            x509Certificate.checkValidity();
            sigAlgName = x509Certificate.getSigAlgName();
            bArr2 = null;
            if (sigAlgName.startsWith("SHA1")) {
                bArr2 = MessageDigest.getInstance("SHA-1").digest(x509Certificate.getEncoded());
            } else if (sigAlgName.startsWith("SHA256")) {
                bArr2 = MessageDigest.getInstance("SHA-256").digest(x509Certificate.getEncoded());
            }
        } catch (IOException e) {
            Globs.gest_errore(this.context, e, true, true);
        } catch (KeyStoreException e2) {
            Globs.gest_errore(this.context, e2, true, true);
        } catch (NoSuchAlgorithmException e3) {
            Globs.gest_errore(this.context, e3, true, true);
        } catch (UnrecoverableKeyException e4) {
            Globs.gest_errore(this.context, e4, true, true);
        } catch (Exception e5) {
            Globs.gest_errore(this.context, e5, true, true);
        } catch (CMSException e6) {
            Globs.gest_errore(this.context, e6, true, true);
        } catch (UnrecoverableEntryException e7) {
            Globs.gest_errore(this.context, e7, true, true);
        } catch (CertificateException e8) {
            Globs.gest_errore(this.context, e8, true, true);
        } catch (OperatorCreationException e9) {
            Globs.gest_errore(this.context, e9, true, true);
        }
        if (bArr2 == null) {
            Globs.gest_errore(this.context, "Algoritmo del certificato non valido!", true, true);
            return null;
        }
        Attribute attribute = new Attribute(PKCSObjectIdentifiers.id_aa_signingCertificateV2, new DERSet(new SigningCertificateV2(new ESSCertIDv2[]{new ESSCertIDv2(new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha256), bArr2)})));
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        aSN1EncodableVector.add(attribute);
        DefaultSignedAttributeTableGenerator defaultSignedAttributeTableGenerator = new DefaultSignedAttributeTableGenerator(new AttributeTable(aSN1EncodableVector));
        SignerInfoGeneratorBuilder signerInfoGeneratorBuilder = new SignerInfoGeneratorBuilder(new BcDigestCalculatorProvider());
        signerInfoGeneratorBuilder.setSignedAttributeGenerator(defaultSignedAttributeTableGenerator);
        CMSSignedDataGenerator cMSSignedDataGenerator = new CMSSignedDataGenerator();
        cMSSignedDataGenerator.addSignerInfoGenerator(signerInfoGeneratorBuilder.build(new JcaContentSignerBuilder(sigAlgName).build(privateKey), new X509CertificateHolder(x509Certificate.getEncoded())));
        cMSSignedDataGenerator.addCertificates(new JcaCertStore(arrayList));
        bArr3 = cMSSignedDataGenerator.generate(new CMSProcessableByteArray(bArr), true).getEncoded();
        return bArr3;
    }

    public byte[] getUnsignedFile(byte[] bArr) {
        ASN1InputStream aSN1InputStream = null;
        try {
            try {
                aSN1InputStream = new ASN1InputStream(new ByteArrayInputStream(bArr));
                ASN1Primitive aSN1Primitive = null;
                try {
                    aSN1Primitive = aSN1InputStream.readObject();
                } catch (IOException e) {
                    Globs.gest_errore(this.context, e, true, false);
                }
                CMSSignedData cMSSignedData = null;
                try {
                    cMSSignedData = new CMSSignedData(ContentInfo.getInstance(aSN1Primitive));
                } catch (IllegalArgumentException e2) {
                    Globs.gest_errore(this.context, e2, true, false);
                }
                byte[] bArr2 = (byte[]) cMSSignedData.getSignedContent().getContent();
                try {
                    aSN1InputStream.close();
                } catch (IOException e3) {
                    Globs.gest_errore(this.context, e3, true, false);
                }
                return bArr2;
            } catch (Exception e4) {
                Globs.gest_errore(this.context, e4, true, false);
                try {
                    aSN1InputStream.close();
                    return null;
                } catch (IOException e5) {
                    Globs.gest_errore(this.context, e5, true, false);
                    return null;
                }
            }
        } catch (Throwable th) {
            try {
                aSN1InputStream.close();
            } catch (IOException e6) {
                Globs.gest_errore(this.context, e6, true, false);
            }
            throw th;
        }
    }

    public static boolean isValidBase64(String str) {
        return BASE64_PATTERN.matcher(str.replaceAll(WHITESPACE_REGEX, ScanSession.EOP)).matches();
    }

    public void close() {
        if (this.pkcs11Provider != null) {
            try {
                this.pkcs11Provider.logout();
            } catch (ProviderException e) {
                Globs.gest_errore(this.context, e, true, true);
            } catch (LoginException e2) {
                Globs.gest_errore(this.context, e2, true, true);
            }
            Security.removeProvider(this.pkcs11Provider.getName());
        }
        this.pkcs11Provider = null;
        this.ks = null;
    }
}
