package CeviToolKit;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.Security;
import java.security.Signature;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Enumeration;

/* loaded from: input_file:CeviToolKit/pkcs12SignAndVerify.class */
public class pkcs12SignAndVerify {
    private static final String PKCS11_KEYSTORE_TYPE = "PKCS11";
    private static final String X509_CERTIFICATE_TYPE = "X.509";
    private static final String CERTIFICATION_CHAIN_ENCODING = "PkiPath";
    private static final String DIGITAL_SIGNATURE_ALGORITHM_NAME = "SHA1withRSA";
    private static final String SUN_PKCS11_PROVIDER_CLASS = "sun.security.pkcs11.SunPKCS11";
    private String pkcs11LibraryFileName = "beidpkcs11.dll";
    private KeyStore userKeyStore = null;
    private Provider pkcs11Provider = null;
    private Class sunPkcs11Class = null;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:CeviToolKit/pkcs12SignAndVerify$CertificationChainAndSignatureBase64.class */
    public static class CertificationChainAndSignatureBase64 {
        public String mCertificationChain = null;
        public String mSignature = null;

        CertificationChainAndSignatureBase64() {
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:CeviToolKit/pkcs12SignAndVerify$DocumentSignException.class */
    public static class DocumentSignException extends Exception {
        public DocumentSignException(String str) {
            super(str);
        }

        public DocumentSignException(String str, Throwable th) {
            super(str, th);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:CeviToolKit/pkcs12SignAndVerify$PrivateKeyAndCertChain.class */
    public static class PrivateKeyAndCertChain {
        public PrivateKey mPrivateKey;
        public Certificate[] mCertificationChain;

        PrivateKeyAndCertChain() {
        }
    }

    private CertificationChainAndSignatureBase64 signDocument(byte[] bArr, String str, String str2, int i) throws DocumentSignException {
        if (str.length() == 0) {
            throw new DocumentSignException("It is mandatory to choose a PCKS#11 native implementation library for smart card (.dll or .so file)!");
        }
        try {
            this.userKeyStore = loadKeyStoreFromSmartCard(str, str2, i);
            try {
                PrivateKeyAndCertChain privateKeyAndCertChain = getPrivateKeyAndCertChain(this.userKeyStore);
                PrivateKey privateKey = privateKeyAndCertChain.mPrivateKey;
                if (privateKey == null) {
                    throw new DocumentSignException("Cannot find the private key on the smart card.");
                }
                Certificate[] certificateArr = privateKeyAndCertChain.mCertificationChain;
                if (certificateArr == null) {
                    throw new DocumentSignException("Cannot find the certificate on the smart card.");
                }
                CertificationChainAndSignatureBase64 certificationChainAndSignatureBase64 = new CertificationChainAndSignatureBase64();
                try {
                    certificationChainAndSignatureBase64.mCertificationChain = encodeX509CertChainToBase64(certificateArr);
                    try {
                        certificationChainAndSignatureBase64.mSignature = Base64Utils.base64Encode(doActualSigning(bArr, privateKey));
                        return certificationChainAndSignatureBase64;
                    } catch (GeneralSecurityException e) {
                        throw new DocumentSignException("File signing failed.\n Problem details: " + e.getMessage(), e);
                    }
                } catch (CertificateException e2) {
                    throw new DocumentSignException("Invalid certificate on the smart card." + e2.getStackTrace());
                }
            } catch (GeneralSecurityException e3) {
                throw new DocumentSignException("Cannot extract the private key and certificate from the smart card. Reason: " + e3.getMessage(), e3);
            }
        } catch (Exception e4) {
            throw new DocumentSignException("Cannot read the keystore from the smart card.\nPossible reasons:\n - The smart card reader in not connected.\n - The smart card is not inserted.\n - The PKCS#11 implementation library is invalid.\n - The PIN for the smart card is incorrect.\nProblem details: " + e4.getMessage(), e4);
        }
    }

    private KeyStore loadKeyStoreFromSmartCard(String str, String str2, int i) throws GeneralSecurityException, IOException {
        Security.removeProvider("SunPKCS11-SmartCard" + i);
        this.pkcs11Provider = Security.getProvider("SunPKCS11-SmartCard" + i);
        if (this.pkcs11Provider == null) {
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(("name = SmartCard" + i + "\nlibrary = " + str + "\nslot = " + i).getBytes());
            try {
                this.sunPkcs11Class = Class.forName(SUN_PKCS11_PROVIDER_CLASS);
                this.pkcs11Provider = (Provider) this.sunPkcs11Class.getConstructor(InputStream.class).newInstance(byteArrayInputStream);
                Security.addProvider(this.pkcs11Provider);
            } catch (Exception e) {
                throw new KeyStoreException("Can initialize Sun PKCS#11 security provider. Reason: " + e.getCause().getMessage());
            }
        }
        KeyStore keyStore = KeyStore.getInstance(PKCS11_KEYSTORE_TYPE, this.pkcs11Provider);
        try {
            keyStore.load(null, null);
        } catch (Exception e2) {
            System.out.println("Fout bij laden keystore : " + e2.getStackTrace());
            e2.printStackTrace();
            keyStore = KeyStore.getInstance(PKCS11_KEYSTORE_TYPE, this.pkcs11Provider);
            keyStore.load(null, null);
        }
        return keyStore;
    }

    private PrivateKeyAndCertChain getPrivateKeyAndCertChain(KeyStore keyStore) throws GeneralSecurityException {
        PrivateKeyAndCertChain privateKeyAndCertChain = new PrivateKeyAndCertChain();
        Enumeration<String> aliases = keyStore.aliases();
        while (aliases.hasMoreElements()) {
            String nextElement = aliases.nextElement();
            if (nextElement.equals("Authentication")) {
                Certificate[] certificateChain = keyStore.getCertificateChain(nextElement);
                privateKeyAndCertChain.mPrivateKey = (PrivateKey) keyStore.getKey(nextElement, null);
                privateKeyAndCertChain.mCertificationChain = certificateChain;
                System.out.println("Selected certificate : " + ((X509Certificate) certificateChain[0]).getSubjectDN());
                return privateKeyAndCertChain;
            }
        }
        return privateKeyAndCertChain;
    }

    private String encodeX509CertChainToBase64(Certificate[] certificateArr) throws CertificateException {
        return Base64Utils.base64Encode(CertificateFactory.getInstance(X509_CERTIFICATE_TYPE).generateCertPath(Arrays.asList(certificateArr)).getEncoded(CERTIFICATION_CHAIN_ENCODING));
    }

    private Certificate getCertFromX509CertChainFromBase64(String str) throws CertificateException {
        return CertificateFactory.getInstance(X509_CERTIFICATE_TYPE).generateCertPath(new ByteArrayInputStream(Base64Utils.base64Decode(str))).getCertificates().get(0);
    }

    private byte[] doActualSigning(byte[] bArr, PrivateKey privateKey) throws GeneralSecurityException {
        Signature signature = Signature.getInstance(DIGITAL_SIGNATURE_ALGORITHM_NAME);
        signature.initSign(privateKey);
        signature.update(bArr);
        return signature.sign();
    }

    private boolean doActualVerifying(CertificationChainAndSignatureBase64 certificationChainAndSignatureBase64, byte[] bArr) throws GeneralSecurityException {
        Signature signature = Signature.getInstance(DIGITAL_SIGNATURE_ALGORITHM_NAME);
        signature.initVerify(getCertFromX509CertChainFromBase64(certificationChainAndSignatureBase64.mCertificationChain).getPublicKey());
        byte[] base64Decode = Base64Utils.base64Decode(certificationChainAndSignatureBase64.mSignature);
        signature.update(bArr);
        return signature.verify(base64Decode);
    }

    private CertificationChainAndSignatureBase64 doSign(byte[] bArr, String str, String str2, String str3, int i) throws DocumentSignException {
        if (str.length() == 0) {
            throw new DocumentSignException("It is mandatory to choose a PCKS#11 native implementation library for smart card (.dll or .so file)!");
        }
        this.userKeyStore = null;
        try {
            this.userKeyStore = loadKeyStoreFromSmartCard(str, str2, i);
            try {
                PrivateKeyAndCertChain privateKeyAndCertChain = getPrivateKeyAndCertChain(this.userKeyStore);
                String str4 = "";
                Boolean bool = false;
                if (str3.equals("skip")) {
                    bool = true;
                    System.out.println("OcspChecking on authenticate is skipped");
                } else {
                    try {
                        str4 = new OcspCheck().doOcspCheck(new ByteArrayInputStream(privateKeyAndCertChain.mCertificationChain[1].getEncoded()), new ByteArrayInputStream(privateKeyAndCertChain.mCertificationChain[0].getEncoded()), "http://ocsp.eid.belgium.be", false);
                    } catch (CertificateEncodingException e) {
                        str4 = e.getMessage();
                    }
                    if (str3.equals("ignoreresult")) {
                        bool = true;
                        if (!str4.contains("good")) {
                            System.out.println("ocsp checking failed, but parameters indicate to ignore this result.");
                        }
                    } else if (str4.contains("good")) {
                        bool = true;
                    }
                }
                if (!bool.booleanValue()) {
                    throw new DocumentSignException("Ocspcheck on certificate failed : " + str4);
                }
                PrivateKey privateKey = privateKeyAndCertChain.mPrivateKey;
                if (privateKey == null) {
                    throw new DocumentSignException("Cannot find the private key on the smart card.");
                }
                Certificate[] certificateArr = privateKeyAndCertChain.mCertificationChain;
                if (certificateArr == null) {
                    throw new DocumentSignException("Cannot find the certificate on the smart card.");
                }
                CertificationChainAndSignatureBase64 certificationChainAndSignatureBase64 = new CertificationChainAndSignatureBase64();
                try {
                    certificationChainAndSignatureBase64.mCertificationChain = encodeX509CertChainToBase64(certificateArr);
                    try {
                        certificationChainAndSignatureBase64.mSignature = Base64Utils.base64Encode(doActualSigning(bArr, privateKey));
                        return certificationChainAndSignatureBase64;
                    } catch (GeneralSecurityException e2) {
                        throw new DocumentSignException("File signing failed.\n Problem details: " + e2.getMessage(), e2);
                    }
                } catch (CertificateException e3) {
                    throw new DocumentSignException("Invalid certificate on the smart card.");
                }
            } catch (GeneralSecurityException e4) {
                throw new DocumentSignException("Cannot extract the private key and certificate from the smart card. Reason: " + e4.getMessage(), e4);
            }
        } catch (Exception e5) {
            throw new DocumentSignException("Cannot read the keystore from the smart card.\nPossible reasons:\n - The smart card reader in not connected.\n - The smart card is not inserted.\n - The PKCS#11 implementation library is invalid.\n - The PIN for the smart card is incorrect.\nProblem details: " + e5.getMessage(), e5);
        }
    }

    public boolean signAndVerifyString(String str, String str2, int i) throws DocumentSignException {
        boolean z = false;
        this.pkcs11LibraryFileName = System.getenv("windir") + "\\System32\\" + this.pkcs11LibraryFileName;
        byte[] bytes = str.getBytes();
        try {
            try {
                z = doActualVerifying(doSign(bytes, this.pkcs11LibraryFileName, "", str2, i), bytes);
            } catch (GeneralSecurityException e) {
                e.printStackTrace();
            }
            return z;
        } catch (DocumentSignException e2) {
            System.out.println(e2.getMessage());
            throw new DocumentSignException(e2.getMessage());
        }
    }
}
