package br.jus.csjt.assinadorjt.pojo;

import br.jus.csjt.assinadorjt.componente.GerenciadorKeystore;
import br.jus.csjt.assinadorjt.componente.Util;
import br.jus.csjt.assinadorjt.exception.AssinadorException;
import br.jus.csjt.assinadorjt.exception.ConfiguracaoLeitoraException;
import br.jus.csjt.assinadorjt.provider.MSCAPIKeyStoreProvider;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.ProviderException;
import java.security.Security;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.text.SimpleDateFormat;
import java.util.Arrays;
import java.util.Date;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.security.auth.login.LoginException;
import org.apache.commons.codec.binary.Base64;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import sun.security.pkcs11.SunPKCS11;

/* loaded from: input_file:br/jus/csjt/assinadorjt/pojo/Certificado.class */
public class Certificado implements AutoCloseable {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) Certificado.class);
    private static final String X509_CERTIFICATE_TYPE = "X.509";
    private static final String CERTIFICATION_CHAIN_ENCODING = "PkiPath";
    private static final String DATE_FORMAT = "dd/MM/yyyy HH:mm:ss";
    private final String cadeiaCertificadoBase64;
    private final PrivateKey chaveSecreta;
    private final X509Certificate x509Certificate;
    private final Certificate[] cadeiaCertificados;
    private final String emitidoPara;
    private final String validoDe;
    private final String validoAte;
    private final String emitidoPor;
    private InformacaoLeitora leitora = null;
    private transient Provider provider;

    public Certificado(String str, X509Certificate x509Certificate, PrivateKey privateKey, Certificate[] certificateArr) throws AssinadorException {
        this.x509Certificate = x509Certificate;
        this.chaveSecreta = privateKey;
        this.cadeiaCertificados = ordernarCadeiaDeCertificados(certificateArr);
        this.cadeiaCertificadoBase64 = encodeX509CertChainToBase64(certificateArr);
        this.emitidoPara = str;
        this.emitidoPor = obtemCN(this.x509Certificate.getIssuerDN());
        SimpleDateFormat simpleDateFormat = new SimpleDateFormat(DATE_FORMAT);
        this.validoDe = simpleDateFormat.format(this.x509Certificate.getNotBefore());
        this.validoAte = simpleDateFormat.format(this.x509Certificate.getNotAfter());
    }

    private String obtemCN(Principal principal) {
        return principal.getName().split("\\,")[0].trim().replace("CN=", "");
    }

    public String getCommonName() {
        return obtemCN(this.x509Certificate.getSubjectDN());
    }

    private String encodeX509CertChainToBase64(Certificate[] certificateArr) throws AssinadorException {
        try {
            return Base64.encodeBase64String(CertificateFactory.getInstance(X509_CERTIFICATE_TYPE).generateCertPath(Arrays.asList(certificateArr)).getEncoded(CERTIFICATION_CHAIN_ENCODING));
        } catch (CertificateException e) {
            throw new AssinadorException("Erro ao converter certchain para Base64", e);
        }
    }

    public X509Certificate[] ordernarCadeiaDeCertificados(Certificate[] certificateArr) {
        X509Certificate[] x509CertificateArr = new X509Certificate[certificateArr.length];
        for (int i = 0; i < certificateArr.length; i++) {
            x509CertificateArr[i] = (X509Certificate) certificateArr[i];
        }
        return (X509Certificate[]) Util.ordenarCertChain(x509CertificateArr).toArray(new X509Certificate[0]);
    }

    public Certificate[] getCadeiaCertificados() {
        return (Certificate[]) Arrays.copyOf(this.cadeiaCertificados, this.cadeiaCertificados.length);
    }

    public void logout() throws ConfiguracaoLeitoraException {
        log.trace("Entrou em logout");
        try {
            if (this.provider != null) {
                log.debug("Descarregar o provider");
                if (this.provider instanceof SunPKCS11) {
                    log.debug("Deslogar o provider PKCS11");
                    this.provider.logout();
                    Security.removeProvider(this.provider.getName());
                }
                this.provider = null;
            }
        } catch (LoginException e) {
            throw new ConfiguracaoLeitoraException("Erro ao fazer logout do token", e);
        }
    }

    /* JADX WARN: Failed to calculate best type for var: r11v0 ??
    java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.calculateFromBounds(FixTypesVisitor.java:156)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.setBestType(FixTypesVisitor.java:133)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.deduceType(FixTypesVisitor.java:238)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.tryDeduceTypes(FixTypesVisitor.java:221)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.visit(FixTypesVisitor.java:91)
     */
    /* JADX WARN: Failed to calculate best type for var: r11v0 ??
    java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.calculateFromBounds(TypeInferenceVisitor.java:145)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.setBestType(TypeInferenceVisitor.java:123)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.lambda$runTypePropagation$2(TypeInferenceVisitor.java:101)
    	at java.base/java.util.ArrayList.forEach(ArrayList.java:1596)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.runTypePropagation(TypeInferenceVisitor.java:101)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.visit(TypeInferenceVisitor.java:75)
     */
    /* JADX WARN: Failed to calculate best type for var: r12v0 ??
    java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.calculateFromBounds(FixTypesVisitor.java:156)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.setBestType(FixTypesVisitor.java:133)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.deduceType(FixTypesVisitor.java:238)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.tryDeduceTypes(FixTypesVisitor.java:221)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.visit(FixTypesVisitor.java:91)
     */
    /* JADX WARN: Failed to calculate best type for var: r12v0 ??
    java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.calculateFromBounds(TypeInferenceVisitor.java:145)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.setBestType(TypeInferenceVisitor.java:123)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.lambda$runTypePropagation$2(TypeInferenceVisitor.java:101)
    	at java.base/java.util.ArrayList.forEach(ArrayList.java:1596)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.runTypePropagation(TypeInferenceVisitor.java:101)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.visit(TypeInferenceVisitor.java:75)
     */
    /* JADX WARN: Multi-variable type inference failed. Error: java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.RegisterArg.getSVar()" because the return value of "jadx.core.dex.nodes.InsnNode.getResult()" is null
    	at jadx.core.dex.visitors.typeinference.AbstractTypeConstraint.collectRelatedVars(AbstractTypeConstraint.java:31)
    	at jadx.core.dex.visitors.typeinference.AbstractTypeConstraint.<init>(AbstractTypeConstraint.java:19)
    	at jadx.core.dex.visitors.typeinference.TypeSearch$1.<init>(TypeSearch.java:376)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.makeMoveConstraint(TypeSearch.java:376)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.makeConstraint(TypeSearch.java:361)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.collectConstraints(TypeSearch.java:341)
    	at java.base/java.util.ArrayList.forEach(ArrayList.java:1596)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.run(TypeSearch.java:60)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.runMultiVariableSearch(FixTypesVisitor.java:116)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.visit(FixTypesVisitor.java:91)
     */
    /* JADX WARN: Not initialized variable reg: 11, insn: 0x0181: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r11 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) A[TRY_LEAVE], block:B:32:0x0181 */
    /* JADX WARN: Not initialized variable reg: 12, insn: 0x0186: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r12 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]), block:B:34:0x0186 */
    /* JADX WARN: Type inference failed for: r11v0, types: [java.io.InputStream] */
    /* JADX WARN: Type inference failed for: r12v0, types: [java.lang.Throwable] */
    public Provider getProvider() throws ConfiguracaoLeitoraException {
        if (this.provider == null) {
            log.debug("Inicializar provider SunPKCS11");
            String str = getLeitora().getGerenciadorLeitora().getNomeProvider() + "-slot-" + getLeitora().getSlot();
            String str2 = "SunPKCS11-" + str;
            log.debug("Procurar provider no sistema");
            this.provider = Security.getProvider(str2);
            if (this.provider == null) {
                String str3 = "\"" + getLeitora().getGerenciadorLeitora().getDriver().replace("\\", "/") + "\"";
                log.debug("Criar provider novo: " + str + ", " + str3 + ", " + getLeitora().getSlot());
                String str4 = "name=" + str + "\nlibrary=" + str3 + "\nslot=" + getLeitora().getSlot() + '\n';
                log.debug("Abrir stream para configurar provider");
                try {
                    try {
                        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(str4.getBytes());
                        Throwable th = null;
                        log.debug("Criar instância");
                        this.provider = new SunPKCS11(str2, byteArrayInputStream);
                        if (this.provider.getService("KeyStore", GerenciadorKeystore.PKCS11_KEYSTORE) == null) {
                            throw new ConfiguracaoLeitoraException("Nenhum serviço disponível. Provavelmente token de segurança não está inserido.");
                        }
                        log.debug("Inserir provider no sistema");
                        Security.addProvider(this.provider);
                        if (byteArrayInputStream != null) {
                            if (0 != 0) {
                                try {
                                    byteArrayInputStream.close();
                                } catch (Throwable th2) {
                                    th.addSuppressed(th2);
                                }
                            } else {
                                byteArrayInputStream.close();
                            }
                        }
                    } finally {
                    }
                } catch (IOException | ProviderException e) {
                    log.error("Erro ao montar o provider", (Throwable) e);
                    throw new ConfiguracaoLeitoraException("Falha ao carregar provider [nome=" + str2 + ", driver=" + getLeitora().getGerenciadorLeitora().getDriver() + ", slot=" + getLeitora().getSlot() + ": " + e.getCause().getMessage(), e);
                }
            }
        }
        return this.provider;
    }

    public boolean validarPin(char[] cArr) throws ConfiguracaoLeitoraException {
        boolean z = false;
        if (getLeitora() != null) {
            z = getLeitora().validarPin(cArr);
        } else if (getProvider().getName().equals(GerenciadorKeystore.MSCAPI_PROVIDER)) {
            try {
                Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
                cipher.init(1, MSCAPIKeyStoreProvider.getMSCAPIKeyStore().getKey(this.emitidoPara, null));
                cipher.doFinal(("UNLOKED_PIN" + new Date().getTime()).getBytes());
                z = true;
            } catch (IOException | InvalidKeyException | KeyStoreException | NoSuchAlgorithmException | NoSuchProviderException | UnrecoverableKeyException | CertificateException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e) {
                log.error("Erro ao validar PIN na MSCAPI: " + e.getMessage());
                z = false;
            }
        }
        return z;
    }

    @Override // java.lang.AutoCloseable
    public void close() throws ConfiguracaoLeitoraException {
        logout();
    }

    public String getCadeiaCertificadoBase64() {
        return this.cadeiaCertificadoBase64;
    }

    public PrivateKey getChaveSecreta() {
        return this.chaveSecreta;
    }

    public X509Certificate getX509Certificate() {
        return this.x509Certificate;
    }

    public String getEmitidoPara() {
        return this.emitidoPara;
    }

    public String getValidoDe() {
        return this.validoDe;
    }

    public String getValidoAte() {
        return this.validoAte;
    }

    public String getEmitidoPor() {
        return this.emitidoPor;
    }

    public InformacaoLeitora getLeitora() {
        return this.leitora;
    }

    public void setLeitora(InformacaoLeitora informacaoLeitora) {
        this.leitora = informacaoLeitora;
    }

    public void setProvider(Provider provider) {
        this.provider = provider;
    }
}
