package pt.digitalis.dif.presentation.entities.system.digitalsignature.institutional.types.digitalsign;

import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.DataOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.io.StringWriter;
import java.net.HttpURLConnection;
import java.net.URL;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.util.Base64;
import java.util.Calendar;
import java.util.Collection;
import java.util.Iterator;
import java.util.Map;
import javax.net.ssl.HttpsURLConnection;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.xml.security.keys.content.x509.XMLX509Certificate;
import org.jboss.aerogear.security.otp.Totp;
import pt.digitalis.dif.presentation.entities.system.digitalsignature.AbstractDigitalCertificateSignatureBuilder;
import pt.digitalis.dif.presentation.entities.system.digitalsignature.institutional.DigitalSignatureConfigurations;
import pt.digitalis.dif.utils.logging.DIFLogger;
import pt.digitalis.dif.utils.system.JSONUtils;

/* loaded from: input_file:WEB-INF/lib/dif-document-sign-2.8.8-112.jar:pt/digitalis/dif/presentation/entities/system/digitalsignature/institutional/types/digitalsign/DigitalSignESealSignatureBuilder.class */
public class DigitalSignESealSignatureBuilder extends AbstractDigitalCertificateSignatureBuilder {
    public static final String ERROR_DESCRIPTION = "error_description";
    public static final String JSON_RESULT_FROM_API = "jsonResultFromAPI";
    private static final String ERROR = "error";
    private static final String TOPTP_ID = "totpID";
    private static final String CERTIFICATE_ALIAS = "certAlias";
    private static final String CERTIFICATE_BASE64 = "cert_64";
    private static final String CERTIFICATE_FRIENDLY_NAME = "certFriendlyName";
    private static final String DOC_TO_SIGN_JSON_CALL_TEMPLATE = "{\"certAlias\": \"#CERT_ALIAS#\", \"docsToSign\": [{\"docAlias\": \"#DOC_ALIAS#\",\"hashAlg\": \"#HASH_ALG#\",\"hashToSign_64\": \"#HASH_TO_SIGN_64#\"}],\"sigReqDescr\": \"#SIG_REQ_DESCR#\", \"totpID\": \"#TOPTP_ID#\", \"totpValue\": \"#TOTP_VALUE#\"}";
    private static final String SIGN_REQ_DESCRIPTION = "#REPLACE# Sign Request Process";
    private static final String CERT_FRIENDLY_NAME = "certFriendlyName";
    private static final String DIGITAL_SIGN_ESEAL_SIGNATURE_FIELD = "DigitalSignESEALSignatureField";
    private static final String HASH_ALGORITHM_REPRESENTATION = "2.16.840.1.101.3.4.2.1";
    private static final String HASH_SIGNATURE = "hashSig";

    public static void main(String[] strArr) throws Exception {
        new DigitalSignESealSignatureBuilder().invokeWithAccessToken("https://qscd-dev.digitalsign.pt/totp/getCertificateByTOTPID", null, null);
    }

    private static Map<String, Object> invoke(String str, StringBuffer stringBuffer) throws Exception {
        HttpURLConnection httpURLConnection = str.toLowerCase().startsWith("https") ? (HttpsURLConnection) new URL(str).openConnection() : (HttpURLConnection) new URL(str).openConnection();
        httpURLConnection.setDoInput(true);
        httpURLConnection.setDoOutput(true);
        String stringBuffer2 = stringBuffer.toString();
        httpURLConnection.setRequestProperty("Accept-Charset", "UTF-8");
        httpURLConnection.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
        httpURLConnection.setRequestProperty("charset", "UTF-8");
        httpURLConnection.setRequestProperty("Content-Length", Integer.toString(stringBuffer2.length()));
        DataOutputStream dataOutputStream = new DataOutputStream(httpURLConnection.getOutputStream());
        dataOutputStream.writeBytes(stringBuffer2);
        dataOutputStream.flush();
        dataOutputStream.close();
        int responseCode = httpURLConnection.getResponseCode();
        Boolean.valueOf(responseCode >= 200 && responseCode <= 202);
        InputStream errorStream = responseCode >= 400 ? httpURLConnection.getErrorStream() : httpURLConnection.getInputStream();
        StringWriter stringWriter = new StringWriter();
        IOUtils.copy(errorStream, stringWriter, "UTF-8");
        Map<String, Object> jsonToMap = JSONUtils.jsonToMap(stringWriter.toString());
        if (!jsonToMap.containsKey("result")) {
            BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(errorStream));
            String str2 = new String();
            new StringBuffer(2048);
            while (true) {
                String readLine = bufferedReader.readLine();
                if (readLine == null) {
                    break;
                }
                str2 = str2 + readLine;
            }
            if (StringUtils.isNotBlank(str2)) {
                throw new Exception(str2);
            }
        }
        return jsonToMap;
    }

    private static void renewAccessToken() throws Exception {
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append("client_id=polviseu");
        stringBuffer.append("&client_secret=3dkhiguis6mcd37lk2gnt1zr2b");
        stringBuffer.append("&grant_type=authorization_code");
        stringBuffer.append("&code=am4TBC");
        stringBuffer.append("&redirect_uri=http://localhost/polviseu?productionMode=true");
        invoke("https://qscd-dev.digitalsign.pt/authenticate", stringBuffer);
    }

    private Map<String, Object> callSigCompleteTOTP(DigitalSignatureConfigurations digitalSignatureConfigurations, String str, String str2, String str3, String str4) throws Exception {
        String replace = DOC_TO_SIGN_JSON_CALL_TEMPLATE.replace("#CERT_ALIAS#", str).replace("#DOC_ALIAS#", str2).replace("#HASH_ALG#", HASH_ALGORITHM_REPRESENTATION).replace("#HASH_TO_SIGN_64#", str3).replace("#SIG_REQ_DESCR#", SIGN_REQ_DESCRIPTION.replace("#REPLACE#", str4)).replace("#TOPTP_ID#", digitalSignatureConfigurations.getDigitalSignEsealAuthorizerId());
        String now = new Totp(digitalSignatureConfigurations.getDigitalSignEsealAuthorizerSecret()).now();
        Calendar calendar = Calendar.getInstance();
        DIFLogger.getLogger().info(DigitalSignESealSignatureBuilder.class.getSimpleName() + "TOTP generated at " + calendar.get(11) + ":" + calendar.get(12) + ":" + calendar.get(13) + " with value totp:" + now);
        String replace2 = replace.replace("#TOTP_VALUE#", now);
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append(replace2);
        String digitalSignESealProductionSigCompleteTOTPUri = digitalSignatureConfigurations.getDigitalSignESealProductionMode().booleanValue() ? digitalSignatureConfigurations.getDigitalSignESealProductionSigCompleteTOTPUri() : digitalSignatureConfigurations.getDigitalSignESealHomologationSigCompleteTOTPUri();
        Map<String, Object> invokeWithAccessToken = invokeWithAccessToken(digitalSignESealProductionSigCompleteTOTPUri, stringBuffer, digitalSignatureConfigurations.getDigitalSignESealAccessToken());
        if (invokeWithAccessToken.containsKey("error")) {
            throw new Exception("Error Signing the document: errorCode: " + invokeWithAccessToken.get("error") + " | errorDescription: " + invokeWithAccessToken.get(ERROR_DESCRIPTION).toString());
        }
        if (invokeWithAccessToken.containsKey(HASH_SIGNATURE)) {
            return invokeWithAccessToken;
        }
        throw new Exception("Não foi devolvida a hash assinada. Call to service: " + digitalSignESealProductionSigCompleteTOTPUri + " | Json:" + replace2 + " | Result: " + invokeWithAccessToken.get(JSON_RESULT_FROM_API));
    }

    @Override // pt.digitalis.dif.presentation.entities.system.digitalsignature.AbstractSignatureBuilder
    protected byte[] createHash(InputStream inputStream) throws NoSuchAlgorithmException, IOException {
        return MessageDigest.getInstance("SHA-256").digest(IOUtils.toByteArray(inputStream));
    }

    private Map<String, Object> getCertificate(DigitalSignatureConfigurations digitalSignatureConfigurations) throws Exception {
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append("{\"totpID\": \"" + digitalSignatureConfigurations.getDigitalSignEsealAuthorizerId() + "\"}");
        Map<String, Object> invokeWithAccessToken = invokeWithAccessToken(digitalSignatureConfigurations.getDigitalSignESealProductionMode().booleanValue() ? digitalSignatureConfigurations.getDigitalSignESealProductionCertificateUri() : digitalSignatureConfigurations.getDigitalSignESealHomologationCertificateUri(), stringBuffer, digitalSignatureConfigurations.getDigitalSignESealAccessToken());
        if (invokeWithAccessToken.containsKey("error")) {
            throw new Exception("Error getting the certificate data: errorCode: " + invokeWithAccessToken.get("error") + " | errorDescription: " + invokeWithAccessToken.get(ERROR_DESCRIPTION).toString());
        }
        return invokeWithAccessToken;
    }

    private Map<String, Object> invokeWithAccessToken(String str, StringBuffer stringBuffer, String str2) throws Exception {
        HttpURLConnection httpURLConnection = str.toLowerCase().startsWith("https") ? (HttpsURLConnection) new URL(str).openConnection() : (HttpURLConnection) new URL(str).openConnection();
        httpURLConnection.setDoInput(true);
        httpURLConnection.setDoOutput(true);
        httpURLConnection.setRequestMethod("POST");
        httpURLConnection.setRequestProperty("Authorization", "Bearer " + str2);
        httpURLConnection.setRequestProperty("Content-Type", "application/json; utf-8");
        httpURLConnection.setRequestProperty("Accept", "application/json");
        Calendar calendar = Calendar.getInstance();
        DIFLogger.getLogger().info(DigitalSignESealSignatureBuilder.class.getSimpleName() + " Call " + str + " at " + calendar.get(11) + ":" + calendar.get(12) + ":" + calendar.get(13) + " with data:" + stringBuffer.toString());
        OutputStream outputStream = httpURLConnection.getOutputStream();
        byte[] bytes = stringBuffer.toString().getBytes("utf-8");
        outputStream.write(bytes, 0, bytes.length);
        Calendar calendar2 = Calendar.getInstance();
        DIFLogger.getLogger().info(DigitalSignESealSignatureBuilder.class.getSimpleName() + " Call " + str + " response at " + calendar2.get(11) + ":" + calendar2.get(12) + ":" + calendar2.get(13));
        int responseCode = httpURLConnection.getResponseCode();
        Boolean.valueOf(responseCode >= 200 && responseCode <= 202);
        InputStream errorStream = responseCode >= 400 ? httpURLConnection.getErrorStream() : httpURLConnection.getInputStream();
        StringWriter stringWriter = new StringWriter();
        IOUtils.copy(errorStream, stringWriter, "UTF-8");
        String stringWriter2 = stringWriter.toString();
        if (stringWriter2 != null && stringWriter2.startsWith("[") && stringWriter2.endsWith("]")) {
            stringWriter2 = stringWriter2.substring(1, stringWriter2.length() - 1);
        }
        Map<String, Object> jsonToMap = JSONUtils.jsonToMap(stringWriter2);
        jsonToMap.put(JSON_RESULT_FROM_API, stringWriter2);
        return jsonToMap;
    }

    @Override // pt.digitalis.dif.presentation.entities.system.digitalsignature.AbstractDigitalCertificateSignatureBuilder
    public ByteArrayOutputStream signPDFInternal(byte[] bArr, DigitalSignatureConfigurations digitalSignatureConfigurations, String str, Boolean bool) throws Exception {
        Map<String, Object> certificate = getCertificate(digitalSignatureConfigurations);
        resetDeadQueueForConfiguration(digitalSignatureConfigurations.getId());
        if (!certificate.containsKey(CERTIFICATE_BASE64) || certificate.get(CERTIFICATE_BASE64) == null) {
            throw new Exception("The certificate is not configured in digitalsign.pt.");
        }
        try {
            Collection<? extends Certificate> generateCertificates = CertificateFactory.getInstance(XMLX509Certificate.JCA_CERT_ID).generateCertificates(new ByteArrayInputStream(Base64.getDecoder().decode(certificate.get(CERTIFICATE_BASE64).toString())));
            Certificate[] certificateArr = new Certificate[generateCertificates.size()];
            Iterator<? extends Certificate> it2 = generateCertificates.iterator();
            int i = 0;
            while (it2.hasNext()) {
                int i2 = i;
                i++;
                certificateArr[i2] = it2.next();
            }
            super.setContact(digitalSignatureConfigurations.getSignatureAppearanceContact());
            super.setLocation(digitalSignatureConfigurations.getSignatureAppearanceLocation());
            super.setReason(digitalSignatureConfigurations.getSignatureAppearanceReason());
            initializePositionAndVisibility(digitalSignatureConfigurations);
            return finalizeSignature(Base64.getDecoder().decode(callSigCompleteTOTP(digitalSignatureConfigurations, certificate.get(CERTIFICATE_ALIAS).toString(), str, new String(Base64.getEncoder().encode(createHashSignature(null, certificateArr, bArr, DIGITAL_SIGN_ESEAL_SIGNATURE_FIELD, 256, null))), certificate.get("certFriendlyName").toString()).get(HASH_SIGNATURE).toString()));
        } catch (CertificateException e) {
            throw e;
        }
    }

    @Override // pt.digitalis.dif.presentation.entities.system.digitalsignature.AbstractDigitalCertificateSignatureBuilder
    public ByteArrayOutputStream signXMLInternal(byte[] bArr, DigitalSignatureConfigurations digitalSignatureConfigurations, String str, Boolean bool, String str2) throws Exception {
        resetDeadQueueForConfiguration(digitalSignatureConfigurations.getId());
        return null;
    }

    public Map<String, Object> updateAuthorization(String str, String str2, String str3, String str4, String str5) throws Exception {
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append("client_id=" + str3);
        stringBuffer.append("&client_secret=" + str4);
        stringBuffer.append("&grant_type=authorization_code");
        stringBuffer.append("&code=" + str);
        stringBuffer.append("&redirect_uri=" + str5);
        return invoke(str2, stringBuffer);
    }
}
