package br.com.fiorilli.webpki.model;

import br.com.fiorilli.webpki.PKCSKeyStore;
import br.com.fiorilli.webpki.commands.Command;
import br.com.fiorilli.webpki.model.Certificate;
import br.com.fiorilli.webpki.model.CertificateRequest;
import br.com.fiorilli.webpki.model.CommandMessage;
import br.com.fiorilli.webpki.model.PDFResult;
import br.com.fiorilli.webpki.model.Result;
import br.com.fiorilli.webpki.util.CertUtils;
import br.com.fiorilli.webpki.util.LogUtils;
import br.com.fiorilli.webpki.util.OSUtils;
import br.com.fiorilli.webpki.util.ValidationUtil;
import br.com.fiorilli.webpki.util.WinApiUtil;
import br.com.fiorilli.webpki.util.pdf.PDFSignatureInfo;
import br.com.fiorilli.webpki.util.xml.X509KeySelector;
import ch.qos.logback.classic.Logger;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.math.BigInteger;
import java.nio.file.DirectoryStream;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.nio.file.StandardOpenOption;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.Signature;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.time.Duration;
import java.time.Instant;
import java.time.temporal.TemporalAmount;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Base64;
import java.util.Calendar;
import java.util.Collections;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import javax.naming.ldap.LdapName;
import javax.xml.crypto.XMLStructure;
import javax.xml.crypto.dsig.CanonicalizationMethod;
import javax.xml.crypto.dsig.DigestMethod;
import javax.xml.crypto.dsig.Transform;
import javax.xml.crypto.dsig.XMLSignature;
import javax.xml.crypto.dsig.XMLSignatureFactory;
import javax.xml.crypto.dsig.dom.DOMSignContext;
import javax.xml.crypto.dsig.dom.DOMValidateContext;
import javax.xml.crypto.dsig.keyinfo.KeyInfo;
import javax.xml.crypto.dsig.keyinfo.KeyInfoFactory;
import javax.xml.crypto.dsig.keyinfo.X509Data;
import javax.xml.crypto.dsig.spec.C14NMethodParameterSpec;
import javax.xml.crypto.dsig.spec.DigestMethodParameterSpec;
import javax.xml.crypto.dsig.spec.SignatureMethodParameterSpec;
import javax.xml.crypto.dsig.spec.TransformParameterSpec;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.transform.TransformerException;
import javax.xml.transform.TransformerFactory;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
import org.apache.pdfbox.io.IOUtils;
import org.apache.pdfbox.pdmodel.PDDocument;
import org.apache.pdfbox.pdmodel.interactive.digitalsignature.ExternalSigningSupport;
import org.apache.pdfbox.pdmodel.interactive.digitalsignature.PDSignature;
import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x500.X500NameBuilder;
import org.bouncycastle.asn1.x500.style.BCStyle;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.AuthorityKeyIdentifier;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.ExtendedKeyUsage;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.KeyPurposeId;
import org.bouncycastle.asn1.x509.KeyUsage;
import org.bouncycastle.asn1.x509.SubjectKeyIdentifier;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.X509ExtensionUtils;
import org.bouncycastle.cert.X509v3CertificateBuilder;
import org.bouncycastle.cert.jcajce.JcaX500NameUtil;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.bc.BcDigestCalculatorProvider;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.demoiselle.signer.policy.impl.pades.pkcs7.impl.PAdESSigner;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.NodeList;

/* loaded from: input_file:br/com/fiorilli/webpki/model/CommandType.class */
public enum CommandType {
    CHOOSE_CERTIFICATE("chooseCertificate", new Command() { // from class: br.com.fiorilli.webpki.commands.ChooseCertificateCommand
        @Override // br.com.fiorilli.webpki.commands.Command
        public Result execute(CommandMessage commandMessage) {
            Result result = new Result(commandMessage.getRequestId());
            try {
                if (OSUtils.isWindows()) {
                    Certificate chooseCertificate = WinApiUtil.chooseCertificate();
                    if (chooseCertificate != null) {
                        result.setCertificate(chooseCertificate);
                        result.setSuccess(true);
                    } else {
                        result.setCancel(true);
                    }
                }
            } catch (Exception e) {
                result.setException(e);
            }
            return result;
        }
    }),
    GENERATE_KEY_PAIR("generateKeyPair", new Command() { // from class: br.com.fiorilli.webpki.commands.GenerateKeyPairCommand
        @Override // br.com.fiorilli.webpki.commands.Command
        public Result execute(CommandMessage commandMessage) {
            Result result = new Result(commandMessage.getRequestId());
            try {
                CertificateRequest certificate = commandMessage.getRequest().getCertificate();
                char[] charArray = certificate.getKeyPair().getPassword().toCharArray();
                Integer expires = certificate.getKeyPair().getExpires();
                Instant now = Instant.now();
                Date from = Date.from(now);
                Date from2 = Date.from(now.plus((TemporalAmount) Duration.ofDays(expires.intValue())));
                String algorithm = commandMessage.getRequest().getCertificate().getKeyPair().getAlgorithm();
                KeyStore buildRootAndCA = isRoot(certificate) ? buildRootAndCA(certificate.getKeyPair().getSize().intValue(), algorithm, certificate.getKeyPair().getRdn(), certificate.getKeyPair().getPassword(), from, from2) : buildOwner(extractX500Name(certificate), certificate.getKeyPair().getSize().intValue(), algorithm, certificate.getKeyPair().getRdn(), certificate.getKeyPair().getPassword(), from, from2);
                ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                buildRootAndCA.store(byteArrayOutputStream, charArray);
                result.setCertificateEncoded(Base64.getEncoder().encodeToString(byteArrayOutputStream.toByteArray()));
                result.setSuccess(true);
            } catch (Exception e) {
                result.setException(e);
            }
            return result;
        }

        private KeyStore buildRootAndCA(int i, String str, String str2, String str3, Date date, Date date2) throws Exception {
            KeyPair generateKeyPair = generateKeyPair(Integer.valueOf(i));
            KeyPair generateKeyPair2 = generateKeyPair(Integer.valueOf(i));
            X500Name generateX500Name = generateX500Name(str2, "ROOT");
            X500Name generateX500Name2 = generateX500Name(str2, "CA");
            X509Certificate certificate = new JcaX509CertificateConverter().getCertificate(signCertificate(str, generateCertificate(generateKeyPair.getPublic(), generateKeyPair.getPublic(), generateX500Name, BigInteger.valueOf(Instant.now().toEpochMilli()), date, date2, generateX500Name, true), generateKeyPair.getPrivate()));
            X509Certificate certificate2 = new JcaX509CertificateConverter().getCertificate(signCertificate(str, generateCertificate(generateKeyPair2.getPublic(), certificate.getPublicKey(), generateX500Name2, BigInteger.valueOf(Instant.now().toEpochMilli()), date, date2, generateX500Name, true), generateKeyPair2.getPrivate()));
            KeyStore createdKeyStore = createdKeyStore();
            setKeyEntry(createdKeyStore, generateKeyPair.getPrivate(), new X509Certificate[]{certificate}, str3.toCharArray());
            setKeyEntry(createdKeyStore, generateKeyPair2.getPrivate(), new X509Certificate[]{certificate2, certificate}, str3.toCharArray());
            return createdKeyStore;
        }

        private KeyStore buildOwner(List<X509Certificate> list, int i, String str, String str2, String str3, Date date, Date date2) throws Exception {
            if (list.size() != 2) {
                throw new IllegalArgumentException("Certificado deve conter uma entrada do ROOT e uma CA");
            }
            KeyPair generateKeyPair = generateKeyPair(Integer.valueOf(i));
            X500Name generateX500Name = generateX500Name(str2);
            X509Certificate x509Certificate = list.get(0);
            X509Certificate x509Certificate2 = list.get(1);
            X509Certificate[] x509CertificateArr = {new JcaX509CertificateConverter().getCertificate(signCertificate(str, generateCertificate(generateKeyPair.getPublic(), x509Certificate2.getPublicKey(), generateX500Name, BigInteger.valueOf(Instant.now().toEpochMilli()), date, date2, JcaX500NameUtil.getSubject(x509Certificate2), false), generateKeyPair.getPrivate())), x509Certificate2, x509Certificate};
            KeyStore createdKeyStore = createdKeyStore();
            setKeyEntry(createdKeyStore, generateKeyPair.getPrivate(), x509CertificateArr, str3.toCharArray());
            return createdKeyStore;
        }

        private X509v3CertificateBuilder generateCertificate(PublicKey publicKey, PublicKey publicKey2, X500Name x500Name, BigInteger bigInteger, Date date, Date date2, X500Name x500Name2, boolean z) throws Exception {
            X509v3CertificateBuilder addExtension = new JcaX509v3CertificateBuilder(x500Name2, bigInteger, date, date2, x500Name, publicKey).addExtension(Extension.subjectKeyIdentifier, false, createSubjectKeyId(publicKey.getEncoded())).addExtension(Extension.authorityKeyIdentifier, false, createAuthorityKeyId(publicKey2.getEncoded()));
            if (z) {
                addExtension.addExtension(Extension.keyUsage, true, new KeyUsage(6).getEncoded()).addExtension(Extension.basicConstraints, true, new BasicConstraints(true));
            } else {
                addExtension.addExtension(Extension.keyUsage, true, new KeyUsage(224).getEncoded()).addExtension(Extension.extendedKeyUsage, false, new ExtendedKeyUsage(new KeyPurposeId[]{KeyPurposeId.id_kp_clientAuth, KeyPurposeId.id_kp_emailProtection}).getEncoded());
            }
            return addExtension;
        }

        private X509CertificateHolder signCertificate(String str, X509v3CertificateBuilder x509v3CertificateBuilder, PrivateKey privateKey) throws Exception {
            return x509v3CertificateBuilder.build(new JcaContentSignerBuilder(str).build(privateKey));
        }

        private KeyStore createdKeyStore() throws Exception {
            KeyStore keyStore = KeyStore.getInstance("PKCS12", "BC");
            keyStore.load(null, null);
            return keyStore;
        }

        private void setKeyEntry(KeyStore keyStore, PrivateKey privateKey, X509Certificate[] x509CertificateArr, char[] cArr) throws Exception {
            keyStore.setKeyEntry(CertUtils.getRdn(x509CertificateArr[0].getSubjectDN().getName(), "CN"), privateKey, cArr, x509CertificateArr);
        }

        private KeyPair generateKeyPair(Integer num) throws Exception {
            SecureRandom secureRandom = new SecureRandom();
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "BC");
            keyPairGenerator.initialize(num.intValue(), secureRandom);
            return keyPairGenerator.generateKeyPair();
        }

        private X500Name generateX500Name(String str) throws Exception {
            return generateX500Name(str, null);
        }

        private X500Name generateX500Name(String str, String str2) throws Exception {
            HashMap hashMap = new HashMap();
            new LdapName(str).getRdns().forEach(rdn -> {
                hashMap.put(rdn.getType(), rdn.getValue().toString());
            });
            X500NameBuilder x500NameBuilder = new X500NameBuilder();
            if (hashMap.containsKey("C")) {
                x500NameBuilder.addRDN(BCStyle.C, (String) hashMap.get("C"));
            }
            if (hashMap.containsKey("ST")) {
                x500NameBuilder.addRDN(BCStyle.ST, (String) hashMap.get("ST"));
            }
            if (hashMap.containsKey("L")) {
                x500NameBuilder.addRDN(BCStyle.L, (String) hashMap.get("L"));
            }
            if (hashMap.containsKey("O")) {
                x500NameBuilder.addRDN(BCStyle.O, (String) hashMap.get("O"));
            }
            if (hashMap.containsKey("OU")) {
                x500NameBuilder.addRDN(BCStyle.OU, (String) hashMap.get("OU"));
            }
            if (hashMap.containsKey("CN")) {
                String str3 = (String) hashMap.get("CN");
                if (str2 != null) {
                    str3 = str3.concat(" - ").concat(str2);
                }
                x500NameBuilder.addRDN(BCStyle.CN, str3);
            }
            if (hashMap.containsKey("E")) {
                x500NameBuilder.addRDN(BCStyle.E, (String) hashMap.get("E"));
            }
            return x500NameBuilder.build();
        }

        private List<X509Certificate> extractX500Name(CertificateRequest certificateRequest) throws Exception {
            char[] charArray = certificateRequest.getPassword().toCharArray();
            KeyStore keyStore = KeyStore.getInstance("PKCS12");
            if (certificateRequest.getContent() != null) {
                keyStore.load(new ByteArrayInputStream(Base64.getDecoder().decode(certificateRequest.getContent())), charArray);
            } else {
                keyStore.load(new FileInputStream(certificateRequest.getPath()), charArray);
            }
            ArrayList arrayList = new ArrayList();
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                if (keyStore.isKeyEntry(nextElement)) {
                    arrayList.add((X509Certificate) keyStore.getCertificate(nextElement));
                }
            }
            return arrayList;
        }

        private SubjectKeyIdentifier createSubjectKeyId(byte[] bArr) throws Exception {
            return calculateKeyId().createSubjectKeyIdentifier(SubjectPublicKeyInfo.getInstance(bArr));
        }

        private AuthorityKeyIdentifier createAuthorityKeyId(byte[] bArr) throws Exception {
            return calculateKeyId().createAuthorityKeyIdentifier(SubjectPublicKeyInfo.getInstance(bArr));
        }

        private X509ExtensionUtils calculateKeyId() throws Exception {
            return new X509ExtensionUtils(new BcDigestCalculatorProvider().get(new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1)));
        }

        private boolean isRoot(CertificateRequest certificateRequest) {
            return certificateRequest.getContent() == null && certificateRequest.getPath() == null;
        }

        static {
            Security.addProvider(new BouncyCastleProvider());
        }
    }),
    IMPORT_CERTIFICATE("importCertificate", null),
    INITIALIZE("initialize", new Command() { // from class: br.com.fiorilli.webpki.commands.InitializeCommand
        @Override // br.com.fiorilli.webpki.commands.Command
        public Result execute(CommandMessage commandMessage) {
            Result result = new Result(commandMessage.getRequestId(), true);
            result.setOs(OSUtils.OS);
            result.setOsArch(OSUtils.ARCH);
            result.setOsVersion(OSUtils.VERSION);
            result.setVersion(getClass().getPackage().getImplementationVersion());
            return result;
        }
    }),
    LIST_CERTIFICATES("listCertificates", new Command() { // from class: br.com.fiorilli.webpki.commands.ListCertificatesCommand
        @Override // br.com.fiorilli.webpki.commands.Command
        public Result execute(CommandMessage commandMessage) {
            Result result = new Result(commandMessage.getRequestId());
            try {
                ArrayList arrayList = new ArrayList(new PKCSKeyStore(commandMessage).loadCertificates());
                result.setSuccess(true);
                result.setCertificates(arrayList);
            } catch (Exception e) {
                result.setException(e);
            }
            return result;
        }
    }),
    OPEN_PDF_SIGNATURE("openPDFSignature", new Command() { // from class: br.com.fiorilli.webpki.commands.OpenPDFSignatureCommand
        @Override // br.com.fiorilli.webpki.commands.Command
        public Result execute(CommandMessage commandMessage) {
            Logger logger = LogUtils.getInstance(commandMessage.isDebug()).getLogger();
            Result result = new Result(commandMessage.getRequestId());
            try {
                ValidationUtil.assertContent(commandMessage.getRequest());
                if (commandMessage.getRequest().isPath()) {
                    File file = new File(commandMessage.getRequest().getContentPath());
                    if (file.isDirectory()) {
                        ArrayList arrayList = new ArrayList();
                        DirectoryStream<Path> newDirectoryStream = Files.newDirectoryStream(Paths.get(file.toURI()), (DirectoryStream.Filter<? super Path>) path -> {
                            return path.toFile().getName().endsWith(".pdf");
                        });
                        try {
                            for (Path path2 : newDirectoryStream) {
                                try {
                                    arrayList.addAll(new PDFSignatureInfo().extractCertificates(path2.toFile()));
                                } catch (Exception e) {
                                    logger.error("Error extracting signature from pdf {}", path2.toString(), e);
                                }
                            }
                            if (newDirectoryStream != null) {
                                newDirectoryStream.close();
                            }
                            result.setPdf(arrayList);
                        } finally {
                        }
                    } else {
                        result.setPdf(new PDFSignatureInfo().extractCertificates(file));
                    }
                } else {
                    result.setPdf(new PDFSignatureInfo().extractCertificates(Base64.getDecoder().decode(commandMessage.getRequest().getContent())));
                }
                result.setSuccess(true);
            } catch (Exception e2) {
                result.setException(e2);
            }
            return result;
        }
    }),
    OPEN_XML_SIGNATURE("openXMLSignature", new Command() { // from class: br.com.fiorilli.webpki.commands.OpenXMLSignatureCommand
        @Override // br.com.fiorilli.webpki.commands.Command
        public Result execute(CommandMessage commandMessage) {
            Result result = new Result(commandMessage.getRequestId());
            try {
                ValidationUtil.assertContent(commandMessage.getRequest());
                byte[] openXMLSignature = openXMLSignature(Base64.getDecoder().decode(commandMessage.getRequest().getContent()));
                result.setCertificate(new Certificate(openXMLSignature));
                result.setCertificateEncoded(Base64.getEncoder().encodeToString(openXMLSignature));
                result.setSuccess(true);
            } catch (Exception e) {
                result.setException(e);
            }
            return result;
        }

        private byte[] openXMLSignature(byte[] bArr) throws Exception {
            NodeList elementsByTagNameNS = documentFactory(bArr).getElementsByTagNameNS("http://www.w3.org/2000/09/xmldsig#", "Signature");
            if (elementsByTagNameNS.getLength() == 0) {
                throw new IllegalArgumentException("Signature not found");
            }
            return getCertificate(XMLSignatureFactory.getInstance("DOM").unmarshalXMLSignature(new DOMValidateContext(new X509KeySelector(), elementsByTagNameNS.item(0)))).getEncoded();
        }

        private X509Certificate getCertificate(XMLSignature xMLSignature) {
            X509Certificate x509Certificate = null;
            List content = xMLSignature.getKeyInfo().getContent();
            for (int i = 0; i < content.size(); i++) {
                X509Data x509Data = (XMLStructure) content.get(i);
                if (x509Data instanceof X509Data) {
                    for (Object obj : x509Data.getContent()) {
                        if (obj instanceof X509Certificate) {
                            x509Certificate = (X509Certificate) obj;
                        }
                    }
                }
            }
            return x509Certificate;
        }

        private Document documentFactory(byte[] bArr) throws Exception {
            DocumentBuilderFactory newInstance = DocumentBuilderFactory.newInstance();
            newInstance.setNamespaceAware(true);
            return newInstance.newDocumentBuilder().parse(new ByteArrayInputStream(bArr));
        }
    }),
    READ_CERTIFICATE("readCertificate", new Command() { // from class: br.com.fiorilli.webpki.commands.ReadCertificateCommand
        @Override // br.com.fiorilli.webpki.commands.Command
        public Result execute(CommandMessage commandMessage) {
            Result result = new Result(commandMessage.getRequestId());
            try {
                ValidationUtil.assertThumbprint(commandMessage.getRequest());
                byte[] loadCertificateFromThumbprint = new PKCSKeyStore(commandMessage).loadCertificateFromThumbprint(commandMessage.getRequest().getThumbprint());
                if (loadCertificateFromThumbprint != null) {
                    result.setCertificateEncoded(Base64.getEncoder().encodeToString(loadCertificateFromThumbprint));
                }
                result.setSuccess(true);
            } catch (Exception e) {
                result.setException(e);
            }
            return result;
        }
    }),
    REMOVE_CERTIFICATE("removeCertificate", null),
    SIGN_DATA("signData", new Command() { // from class: br.com.fiorilli.webpki.commands.SignDataCommand
        @Override // br.com.fiorilli.webpki.commands.Command
        public Result execute(CommandMessage commandMessage) {
            PKCSKeyStore pKCSKeyStore;
            Certificate certificate;
            String str;
            Result result = new Result(commandMessage.getRequestId());
            try {
                ValidationUtil.assertContent(commandMessage.getRequest());
                ValidationUtil.assertCertificate(commandMessage.getRequest());
                pKCSKeyStore = new PKCSKeyStore(commandMessage);
                certificate = null;
                str = null;
                if (pKCSKeyStore.isFileKeyStore()) {
                    certificate = pKCSKeyStore.loadCertificate();
                    str = commandMessage.getRequest().getCertificate().getPassword();
                } else if (commandMessage.getRequest().hasThumbprint()) {
                    X509Certificate fromEncoded = CertUtils.getFromEncoded(pKCSKeyStore.loadCertificateFromThumbprint(commandMessage.getRequest().getThumbprint()));
                    certificate = new Certificate(pKCSKeyStore.getKeyStore().getCertificateAlias(fromEncoded), fromEncoded);
                } else if (OSUtils.isWindows()) {
                    certificate = WinApiUtil.chooseCertificate();
                }
            } catch (Exception e) {
                result.setException(e);
            }
            if (certificate == null) {
                result.setCancel(true);
                throw new IllegalStateException("Operação cancelada pelo usuário.");
            }
            byte[] decode = Base64.getDecoder().decode(commandMessage.getRequest().getContent());
            result.setSignature(Base64.getEncoder().encodeToString(str != null ? signData(pKCSKeyStore.getKeyStore(), str.toCharArray(), certificate.getAlias(), decode) : signData(pKCSKeyStore.getKeyStore(), certificate.getAlias(), decode)));
            result.setCertificate(certificate);
            result.setSuccess(true);
            return result;
        }

        private byte[] signData(KeyStore keyStore, String str, byte[] bArr) throws Exception {
            return signData(keyStore, null, str, bArr);
        }

        private byte[] signData(KeyStore keyStore, char[] cArr, String str, byte[] bArr) throws Exception {
            KeyStore.PasswordProtection passwordProtection = null;
            if (keyStore.isKeyEntry(str)) {
                passwordProtection = new KeyStore.PasswordProtection(cArr);
            }
            keyStore.isCertificateEntry(str);
            KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) keyStore.getEntry(str, passwordProtection);
            Signature signature = Signature.getInstance("SHA1withRSA");
            signature.initSign(privateKeyEntry.getPrivateKey());
            signature.update(bArr);
            if (passwordProtection != null) {
                passwordProtection.destroy();
            }
            return signature.sign();
        }
    }),
    SIGN_PDF("signPDF", new Command() { // from class: br.com.fiorilli.webpki.commands.SignPDFCommand
        @Override // br.com.fiorilli.webpki.commands.Command
        public Result execute(CommandMessage commandMessage) {
            PKCSKeyStore pKCSKeyStore;
            Certificate certificate;
            String str;
            Logger logger = LogUtils.getInstance(commandMessage.isDebug()).getLogger();
            Result result = new Result(commandMessage.getRequestId());
            try {
                ValidationUtil.assertContent(commandMessage.getRequest());
                ValidationUtil.assertPDF(commandMessage.getRequest());
                ValidationUtil.assertCertificate(commandMessage.getRequest());
                pKCSKeyStore = new PKCSKeyStore(commandMessage);
                certificate = null;
                str = null;
                if (pKCSKeyStore.isFileKeyStore()) {
                    certificate = pKCSKeyStore.loadCertificate();
                    str = commandMessage.getRequest().getCertificate().getPassword();
                } else if (commandMessage.getRequest().hasThumbprint()) {
                    X509Certificate fromEncoded = CertUtils.getFromEncoded(pKCSKeyStore.loadCertificateFromThumbprint(commandMessage.getRequest().getThumbprint()));
                    certificate = new Certificate(pKCSKeyStore.getKeyStore().getCertificateAlias(fromEncoded), fromEncoded);
                } else if (OSUtils.isWindows()) {
                    certificate = WinApiUtil.chooseCertificate();
                }
            } catch (Exception e) {
                result.setException(e);
            }
            if (certificate == null) {
                result.setCancel(true);
                throw new IllegalStateException("Operação cancelada pelo usuário ou certificado não localizado.");
            }
            if (commandMessage.getRequest().getContent() != null) {
                result.setSignature(Base64.getEncoder().encodeToString(signPDF(pKCSKeyStore.getKeyStore(), certificate.getAlias(), str != null ? str.toCharArray() : null, Base64.getDecoder().decode(commandMessage.getRequest().getContent()), certificate.getOwner(), null, null, null)));
                result.setSuccess(true);
            } else {
                ArrayList arrayList = new ArrayList();
                File file = new File(commandMessage.getRequest().getContentPath());
                if (file.isDirectory()) {
                    DirectoryStream<Path> newDirectoryStream = Files.newDirectoryStream(Paths.get(file.toURI()), (DirectoryStream.Filter<? super Path>) path -> {
                        return path.toFile().getName().endsWith(".pdf");
                    });
                    try {
                        for (Path path2 : newDirectoryStream) {
                            try {
                                arrayList.add(signPDFAndSave(pKCSKeyStore.getKeyStore(), path2, certificate, str));
                            } catch (Exception e2) {
                                logger.error("Failed to sign pdf {}", path2.toString(), e2);
                            }
                        }
                        if (newDirectoryStream != null) {
                            newDirectoryStream.close();
                        }
                    } finally {
                    }
                } else {
                    arrayList.add(signPDFAndSave(pKCSKeyStore.getKeyStore(), file.toPath(), certificate, str));
                }
                result.setPdf(arrayList);
                result.setSuccess(!arrayList.isEmpty());
            }
            result.setCertificate(certificate);
            return result;
        }

        private PDFResult signPDFAndSave(KeyStore keyStore, Path path, Certificate certificate, String str) throws Exception {
            Files.write(path, signPDF(keyStore, certificate.getAlias(), str != null ? str.toCharArray() : null, Files.readAllBytes(path), certificate.getOwner(), null, null, null), StandardOpenOption.TRUNCATE_EXISTING);
            PDFResult pDFResult = new PDFResult();
            pDFResult.setPath(path.toString());
            return pDFResult;
        }

        private byte[] signPDF(KeyStore keyStore, String str, char[] cArr, byte[] bArr, String str2, String str3, String str4, byte[] bArr2) throws Exception {
            KeyStore.PasswordProtection passwordProtection = null;
            if (keyStore.isKeyEntry(str)) {
                passwordProtection = new KeyStore.PasswordProtection(cArr);
            }
            PrivateKey privateKey = ((KeyStore.PrivateKeyEntry) keyStore.getEntry(str, passwordProtection)).getPrivateKey();
            java.security.cert.Certificate[] certificateChain = keyStore.getCertificateChain(str);
            PDSignature createPDFSignature = createPDFSignature(str2, str3, str4, bArr2);
            PDDocument load = PDDocument.load(bArr);
            load.addSignature(createPDFSignature);
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            ExternalSigningSupport saveIncrementalForExternalSigning = load.saveIncrementalForExternalSigning(byteArrayOutputStream);
            saveIncrementalForExternalSigning.setSignature(signPDF(certificateChain, privateKey, saveIncrementalForExternalSigning.getContent()));
            if (passwordProtection != null) {
                passwordProtection.destroy();
            }
            return byteArrayOutputStream.toByteArray();
        }

        private byte[] signPDF(java.security.cert.Certificate[] certificateArr, PrivateKey privateKey, InputStream inputStream) throws IOException {
            PAdESSigner pAdESSigner = new PAdESSigner();
            pAdESSigner.setCertificates(certificateArr);
            pAdESSigner.setPrivateKey(privateKey);
            return pAdESSigner.doDetachedSign(IOUtils.toByteArray(inputStream));
        }

        private PDSignature createPDFSignature(String str, String str2, String str3, byte[] bArr) {
            PDSignature pDSignature = new PDSignature();
            pDSignature.setFilter(PDSignature.FILTER_ADOBE_PPKLITE);
            pDSignature.setSubFilter(PDSignature.SUBFILTER_ADBE_PKCS7_DETACHED);
            pDSignature.setName(str);
            pDSignature.setLocation(str2);
            pDSignature.setReason(str3);
            pDSignature.setSignDate(Calendar.getInstance());
            if (bArr != null) {
                pDSignature.setContents(bArr);
            }
            return pDSignature;
        }
    }),
    SIGN_XML_ELEMENT("signXMLElement", new Command() { // from class: br.com.fiorilli.webpki.commands.SignXMLElementCommand
        @Override // br.com.fiorilli.webpki.commands.Command
        public Result execute(CommandMessage commandMessage) {
            PKCSKeyStore pKCSKeyStore;
            Certificate certificate;
            String str;
            Result result = new Result(commandMessage.getRequestId());
            try {
                ValidationUtil.assertContent(commandMessage.getRequest());
                ValidationUtil.assertXML(commandMessage.getRequest());
                pKCSKeyStore = new PKCSKeyStore(commandMessage);
                certificate = null;
                str = null;
                if (pKCSKeyStore.isFileKeyStore()) {
                    certificate = pKCSKeyStore.loadCertificate();
                    str = commandMessage.getRequest().getCertificate().getPassword();
                } else if (commandMessage.getRequest().hasThumbprint()) {
                    X509Certificate fromEncoded = CertUtils.getFromEncoded(pKCSKeyStore.loadCertificateFromThumbprint(commandMessage.getRequest().getThumbprint()));
                    certificate = new Certificate(pKCSKeyStore.getKeyStore().getCertificateAlias(fromEncoded), fromEncoded);
                } else if (OSUtils.isWindows()) {
                    certificate = WinApiUtil.chooseCertificate();
                }
            } catch (Exception e) {
                result.setException(e);
            }
            if (certificate == null) {
                result.setCancel(true);
                throw new IllegalStateException("Operação cancelada pelo usuário ou certificado não localizado.");
            }
            if (commandMessage.getRequest().getContent() != null) {
                byte[] decode = Base64.getDecoder().decode(commandMessage.getRequest().getContent());
                result.setSignature(Base64.getEncoder().encodeToString(str != null ? signXML(pKCSKeyStore.getKeyStore(), str.toCharArray(), certificate.getAlias(), decode, commandMessage.getRequest().getXml().getElements(), commandMessage.getRequest().getXml().getCanonicalization()) : signXML(pKCSKeyStore.getKeyStore(), certificate.getAlias(), decode, commandMessage.getRequest().getXml().getElements(), commandMessage.getRequest().getXml().getCanonicalization())));
            } else {
                File file = new File(commandMessage.getRequest().getContentPath());
                if (file.isDirectory()) {
                    DirectoryStream<Path> newDirectoryStream = Files.newDirectoryStream(Paths.get(file.toURI()), (DirectoryStream.Filter<? super Path>) path -> {
                        return path.toFile().getName().endsWith(".xml");
                    });
                    try {
                        Iterator<Path> it = newDirectoryStream.iterator();
                        while (it.hasNext()) {
                            signXMLAndSave(pKCSKeyStore.getKeyStore(), str, it.next().toFile(), certificate, commandMessage.getRequest().getXml().getElements(), commandMessage.getRequest().getXml().getCanonicalization());
                        }
                        if (newDirectoryStream != null) {
                            newDirectoryStream.close();
                        }
                    } finally {
                    }
                } else {
                    signXMLAndSave(pKCSKeyStore.getKeyStore(), str, file, certificate, commandMessage.getRequest().getXml().getElements(), commandMessage.getRequest().getXml().getCanonicalization());
                }
            }
            result.setSuccess(true);
            result.setCertificate(certificate);
            return result;
        }

        private void signXMLAndSave(KeyStore keyStore, String str, File file, Certificate certificate, List<String> list, String str2) throws Exception {
            Files.write(file.toPath(), signXML(keyStore, str.toCharArray(), certificate.getAlias(), Files.readAllBytes(file.toPath()), list, str2), new OpenOption[0]);
        }

        private byte[] signXML(KeyStore keyStore, String str, byte[] bArr, List<String> list, String str2) throws Exception {
            return signXML(keyStore, null, str, bArr, list, str2);
        }

        private byte[] signXML(KeyStore keyStore, char[] cArr, String str, byte[] bArr, List<String> list, String str2) throws Exception {
            Document documentFactory = documentFactory(bArr);
            XMLSignatureFactory xMLSignatureFactory = XMLSignatureFactory.getInstance("DOM");
            CanonicalizationMethod newCanonicalizationMethod = xMLSignatureFactory.newCanonicalizationMethod(str2 != null ? str2 : "http://www.w3.org/TR/2001/REC-xml-c14n-20010315", (C14NMethodParameterSpec) null);
            ArrayList<Transform> geTransforms = geTransforms(xMLSignatureFactory, newCanonicalizationMethod);
            KeyStore.PasswordProtection passwordProtection = keyStore.isKeyEntry(str) ? new KeyStore.PasswordProtection(cArr) : null;
            X509Certificate x509Certificate = (X509Certificate) keyStore.getCertificate(str);
            PrivateKey privateKey = ((KeyStore.PrivateKeyEntry) keyStore.getEntry(str, passwordProtection)).getPrivateKey();
            KeyInfoFactory keyInfoFactory = xMLSignatureFactory.getKeyInfoFactory();
            keyInfoFactory.newKeyValue(x509Certificate.getPublicKey());
            KeyInfo newKeyInfo = keyInfoFactory.newKeyInfo(Arrays.asList(keyInfoFactory.newX509Data(Collections.singletonList(x509Certificate))));
            if (list != null && !list.isEmpty()) {
                Iterator<String> it = list.iterator();
                while (it.hasNext()) {
                    NodeList xMLNodes = getXMLNodes(documentFactory, it.next());
                    for (int i = 0; i < xMLNodes.getLength(); i++) {
                        DigestMethod newDigestMethod = xMLSignatureFactory.newDigestMethod("http://www.w3.org/2000/09/xmldsig#sha1", (DigestMethodParameterSpec) null);
                        Element element = (Element) xMLNodes.item(i);
                        if (element.hasAttribute("Id")) {
                        }
                        XMLSignature newXMLSignature = xMLSignatureFactory.newXMLSignature(xMLSignatureFactory.newSignedInfo(newCanonicalizationMethod, xMLSignatureFactory.newSignatureMethod("http://www.w3.org/2000/09/xmldsig#rsa-sha1", (SignatureMethodParameterSpec) null), Collections.singletonList(xMLSignatureFactory.newReference("", newDigestMethod, geTransforms, (String) null, (String) null))), newKeyInfo);
                        DOMSignContext dOMSignContext = new DOMSignContext(privateKey, element);
                        dOMSignContext.setBaseURI("ok");
                        newXMLSignature.sign(dOMSignContext);
                    }
                }
            }
            if (passwordProtection != null) {
                passwordProtection.destroy();
            }
            return outputXML(documentFactory);
        }

        private Document documentFactory(byte[] bArr) throws Exception {
            DocumentBuilderFactory newInstance = DocumentBuilderFactory.newInstance();
            newInstance.setNamespaceAware(true);
            return newInstance.newDocumentBuilder().parse(new ByteArrayInputStream(bArr));
        }

        private ArrayList<Transform> geTransforms(XMLSignatureFactory xMLSignatureFactory, CanonicalizationMethod canonicalizationMethod) throws Exception {
            ArrayList<Transform> arrayList = new ArrayList<>();
            arrayList.add(xMLSignatureFactory.newTransform("http://www.w3.org/2000/09/xmldsig#enveloped-signature", (TransformParameterSpec) null));
            arrayList.add(canonicalizationMethod);
            return arrayList;
        }

        private NodeList getXMLNodes(Document document, String str) {
            NodeList elementsByTagName = document.getElementsByTagName(str);
            if (elementsByTagName.getLength() == 0) {
                throw new IllegalArgumentException("Element name " + str + " not found");
            }
            return elementsByTagName;
        }

        private byte[] outputXML(Document document) throws TransformerException {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            TransformerFactory.newInstance().newTransformer().transform(new DOMSource(document), new StreamResult(byteArrayOutputStream));
            return byteArrayOutputStream.toByteArray();
        }
    }),
    VALIDATE_SIGNATURE("validateSignature", new Command() { // from class: br.com.fiorilli.webpki.commands.ValidateSignatureCommand
        @Override // br.com.fiorilli.webpki.commands.Command
        public Result execute(CommandMessage commandMessage) {
            Result result = new Result(commandMessage.getRequestId());
            try {
                ValidationUtil.assertContent(commandMessage.getRequest());
                ValidationUtil.assertSignature(commandMessage.getRequest());
                X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(Base64.getDecoder().decode(commandMessage.getRequest().getCertificate().getContent())));
                x509Certificate.checkValidity();
                Signature signature = Signature.getInstance("SHA1withRSA");
                signature.initVerify(x509Certificate);
                signature.update(Base64.getDecoder().decode(commandMessage.getRequest().getContent()));
                result.setSuccess(signature.verify(Base64.getDecoder().decode(commandMessage.getRequest().getSignature())));
            } catch (Exception e) {
                result.setException(e);
            }
            return result;
        }
    });

    private final String commandString;
    private final Command command;

    CommandType(String str, Command command) {
        this.commandString = str;
        this.command = command;
    }

    public String getCommandString() {
        return this.commandString;
    }

    public Command getCommand() {
        return this.command;
    }

    public static CommandType parse(String str) {
        for (CommandType commandType : values()) {
            if (commandType.commandString.equals(str)) {
                return commandType;
            }
        }
        throw new IllegalArgumentException("Command string [" + str + "] is not a valid command");
    }
}
