package verification;

import com.lowagie.text.pdf.AcroFields;
import com.lowagie.text.pdf.PdfObject;
import com.lowagie.text.pdf.PdfPKCS7;
import com.lowagie.text.pdf.PdfReader;
import com.lowagie.text.pdf.codec.Base64;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.InputStream;
import java.net.HttpURLConnection;
import java.net.URL;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.Collection;
import java.util.Enumeration;
import java.util.GregorianCalendar;
import java.util.Iterator;
import java.util.Properties;
import java.util.Set;

/* loaded from: input_file:verification/TBSSignaturePDFVerify.class */
public class TBSSignaturePDFVerify {
    public void syntaxe() {
        System.out.println("Syntaxe : java -jar fichier.jar -in fichierPDF [options]");
        System.out.println("-in fichierPDF: fichier PDF à vérifier ");
        System.out.println("Options :");
        System.out.println("-proxyHost proxy : alias ou adresse ip du proxy");
        System.out.println("-proxyPort numero : numéro de port du proxy");
        System.out.println("-proxyLogin login: login de connexion au proxy");
        System.out.println("-proxyPasswd motdepasse : mot de passe de connexion au proxy");
        System.out.println("-ks keystore.p12 : le keystore de vérification (contenant des certificats racines de confiance)");
        System.out.println("-pwd motdepasse : mot de passe du keystore");
        System.out.println("-crl fichier_crl : pour spécifier le nom d'un autre fichier crl");
        System.out.println("-out fichierderevision : crée un fichier revision_numero.pdf, avec un numero correspondant au numéro de la révision de la signature.");
    }

    public void download(String str, String str2, String str3, String str4, Properties properties, String str5) {
        System.out.println("\t\tTéléchargement à partir du site " + str);
        System.setProperty("http.proxyHost", str3);
        System.setProperty("http.proxyPort", str4);
        try {
            URL url = new URL(str);
            HttpURLConnection httpURLConnection = (HttpURLConnection) url.openConnection();
            httpURLConnection.setRequestProperty("Proxy-Authorization", "Basic " + str5);
            httpURLConnection.connect();
            System.out.println("\t\tConnecté");
            byte[] bArr = new byte[8192];
            FileOutputStream fileOutputStream = new FileOutputStream(str2);
            InputStream openStream = url.openStream();
            while (true) {
                int read = openStream.read(bArr);
                if (read <= 0) {
                    break;
                } else {
                    fileOutputStream.write(bArr, 0, read);
                }
            }
            fileOutputStream.close();
            openStream.close();
            boolean exists = new File(str2).exists();
            long length = new File(str2).length();
            if (!exists) {
                System.out.println("\t\tTéléchargement ... [FAIL]\n\t\tErreur Téléchargement.");
            } else if (length != 0) {
                System.out.println("\t\tTéléchargement ... [OK]\n\t\tLe téléchargement s'est bien déroulé.\n\t\tFichier de destination : " + str2);
            }
        } catch (Exception e) {
            System.out.println("\t\tTéléchargement ... [FAIL]\n\t\tEchec du téléchargement à partir du site : " + str);
        }
    }

    public String[] crlnet(String str) {
        int i = 0;
        String[] split = str.split("http://");
        String str2 = null;
        String str3 = null;
        String str4 = null;
        String str5 = null;
        for (int i2 = 0; i2 < split.length; i2++) {
            if (split[i2].contains("crl")) {
                i++;
                if (i == 1) {
                    str2 = split[i2];
                }
                if (i == 2) {
                    str3 = split[i2];
                }
            }
        }
        String[] strArr = (String[]) null;
        if (str2 != null) {
            strArr = str2.split(".crl");
        }
        if (strArr != null) {
            for (int i3 = 0; i3 < strArr.length; i3++) {
                if (strArr[i3].contains("crl")) {
                    str4 = "http://" + strArr[i3] + ".crl";
                }
            }
        }
        if (i > 1) {
            String[] split2 = str3.split(".crl");
            for (int i4 = 0; i4 < split2.length; i4++) {
                if (split2[i4].contains("crl")) {
                    str5 = "http://" + split2[i4] + ".crl";
                }
            }
        }
        return new String[]{str4, str5};
    }

    public String verifyCertificate(X509Certificate x509Certificate, Collection<X509CRL> collection, Calendar calendar) {
        if (calendar == null) {
            calendar = new GregorianCalendar();
        }
        if (x509Certificate.hasUnsupportedCriticalExtension()) {
            return "Has unsupported critical extension";
        }
        try {
            x509Certificate.checkValidity(calendar.getTime());
            if (collection == null) {
                return null;
            }
            Iterator<X509CRL> it = collection.iterator();
            while (it.hasNext()) {
                if (it.next().isRevoked(x509Certificate)) {
                    return "Certificate revoked";
                }
            }
            return null;
        } catch (CertificateExpiredException e) {
            return "Certificat expiré depuis le " + x509Certificate.getNotAfter();
        } catch (CertificateNotYetValidException e2) {
            return "Certificat valide à partir du " + x509Certificate.getNotBefore();
        }
    }

    public Object[] verifyCertificates(Certificate[] certificateArr, KeyStore keyStore, Collection<X509CRL> collection, Calendar calendar) {
        boolean z = false;
        boolean z2 = false;
        if (calendar == null) {
            calendar = new GregorianCalendar();
        }
        for (Certificate certificate : certificateArr) {
            X509Certificate x509Certificate = (X509Certificate) certificate;
            String verifyCertificate = verifyCertificate(x509Certificate, collection, calendar);
            if (verifyCertificate != null) {
                return new Object[]{x509Certificate, verifyCertificate};
            }
            try {
                Enumeration<String> aliases = keyStore.aliases();
                while (aliases.hasMoreElements()) {
                    try {
                        String nextElement = aliases.nextElement();
                        if (keyStore.isCertificateEntry(nextElement)) {
                            X509Certificate x509Certificate2 = (X509Certificate) keyStore.getCertificate(nextElement);
                            if (verifyCertificate(x509Certificate2, collection, calendar) == null) {
                                try {
                                    x509Certificate.verify(x509Certificate2.getPublicKey());
                                    z = true;
                                    z2 = true;
                                    break;
                                } catch (Exception e) {
                                }
                            }
                        }
                    } catch (Exception e2) {
                    }
                }
                if (z) {
                    z = false;
                }
            } catch (Exception e3) {
            }
        }
        if (z2) {
            return null;
        }
        return new Object[]{PdfObject.NOTHING, "La chaine ne contient aucun certificat de confiance !"};
    }

    public static void main(String[] strArr) {
        Object[] verifyCertificates;
        TBSSignaturePDFVerify tBSSignaturePDFVerify = new TBSSignaturePDFVerify();
        String str = PdfObject.NOTHING;
        String str2 = "TBSX509CApersona.crl";
        Properties properties = System.getProperties();
        String str3 = null;
        String str4 = "changeit";
        String str5 = PdfObject.NOTHING;
        String str6 = ".";
        String str7 = PdfObject.NOTHING;
        String str8 = PdfObject.NOTHING;
        String str9 = null;
        String str10 = null;
        String str11 = null;
        boolean z = false;
        boolean z2 = false;
        boolean z3 = false;
        boolean z4 = false;
        boolean z5 = false;
        boolean z6 = false;
        boolean z7 = false;
        boolean z8 = false;
        if (strArr.length == 0) {
            System.out.println("Veuillez fournir un fichier pdf comme argument.");
            tBSSignaturePDFVerify.syntaxe();
            return;
        }
        for (int i = 0; i < strArr.length; i++) {
            if (strArr[i].equalsIgnoreCase("-in")) {
                str = strArr[i + 1];
                z = true;
            } else if (strArr[i].equalsIgnoreCase("-ks")) {
                str3 = strArr[i + 1];
                z2 = true;
            } else if (strArr[i].equalsIgnoreCase("-pwd")) {
                str4 = strArr[i + 1];
                z3 = true;
            } else if (strArr[i].equalsIgnoreCase("-proxyHost")) {
                str7 = strArr[i + 1];
                z7 = true;
            } else if (strArr[i].equalsIgnoreCase("-proxyPort")) {
                str8 = strArr[i + 1];
                z8 = true;
            } else if (strArr[i].equalsIgnoreCase("-crl")) {
                str2 = strArr[i + 1];
                z4 = true;
            } else if (strArr[i].equalsIgnoreCase("-outpath")) {
                str6 = strArr[i + 1];
                z6 = true;
            } else if (strArr[i].equalsIgnoreCase("-out")) {
                str5 = strArr[i + 1];
                z5 = true;
            } else if (strArr[i].equalsIgnoreCase("-proxyLogin")) {
                str10 = strArr[i + 1];
            } else if (strArr[i].equalsIgnoreCase("-proxyPasswd")) {
                str11 = strArr[i + 1];
            } else if (strArr[i].equalsIgnoreCase("?") || strArr[i].equalsIgnoreCase("--help")) {
                tBSSignaturePDFVerify.syntaxe();
                System.exit(10);
            }
        }
        File file = new File(str);
        try {
            System.out.println("Bienvenue dans le programme de vérification");
            System.out.println("de signatures de documents PDF\n");
            if (!z) {
                System.out.println("Veuillez saisir un nom de fichier PDF source, avec le mot-clé -in");
                System.exit(1);
            }
            if (z2) {
                System.out.println("- Le Keystore " + str3 + " sera utilisé.");
                if (!z3) {
                    System.out.println("Veuillez saisir un mot de passe pour le Keystore " + str3 + ", précédé du mot-clé -pwd.");
                    System.exit(2);
                }
            } else {
                System.out.println("- Le Keystore par défaut sera utilisé.");
            }
            if (!z4) {
                System.out.println("- Le fichier CRL va être téléchargé.");
                if (!z7) {
                    System.out.println("- Vous vous connectez à internet de manière transparente (Pas de proxy ou proxy-transparent).");
                } else if (!z8) {
                    System.out.println("Vous n'avez pas saisi le port pour le proxy.");
                }
            }
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            if (str3 == null || str3.isEmpty()) {
                keyStore.load(tBSSignaturePDFVerify.getClass().getClassLoader().getResourceAsStream("verification/cacerts"), str4.toCharArray());
            } else {
                keyStore.load(new FileInputStream(str3), str4.toCharArray());
            }
            AcroFields acroFields = new PdfReader(str).getAcroFields();
            ArrayList signatureNames = acroFields.getSignatureNames();
            for (int i2 = 0; i2 < signatureNames.size(); i2++) {
                String str12 = (String) signatureNames.get(i2);
                System.out.println("\n-------------------------------------");
                System.out.println("* Nom de la signature : " + str12);
                System.out.println("-------------------------------------");
                System.out.println("\tEtape 1 :");
                System.out.println("\t\tLa signature sélectionnée couvre l'ensemble du document ? : " + acroFields.signatureCoversWholeDocument(str12));
                System.out.println("\t\tRévision du document : " + acroFields.getRevision(str12) + " sur " + acroFields.getTotalRevisions());
                if (!z6) {
                    str6 = file.getParent();
                    if (str6 == null) {
                        str6 = ".";
                    }
                }
                if (!z5) {
                    str5 = "revision_" + acroFields.getRevision(str12) + ".pdf";
                }
                FileOutputStream fileOutputStream = new FileOutputStream(String.valueOf(str6) + File.separator + str5);
                byte[] bArr = new byte[8192];
                InputStream extractRevision = acroFields.extractRevision(str12);
                while (true) {
                    int read = extractRevision.read(bArr);
                    if (read <= 0) {
                        break;
                    } else {
                        fileOutputStream.write(bArr, 0, read);
                    }
                }
                fileOutputStream.close();
                extractRevision.close();
                PdfPKCS7 verifySignature = acroFields.verifySignature(str12);
                X509Certificate signingCertificate = verifySignature.getSigningCertificate();
                Calendar signDate = verifySignature.getSignDate();
                Certificate[] certificates = verifySignature.getCertificates();
                System.out.println("\t\tSujet: " + PdfPKCS7.getSubjectFields(signingCertificate));
                System.out.println("\t\tEmetteur: " + PdfPKCS7.getIssuerFields(signingCertificate));
                Set<String> nonCriticalExtensionOIDs = signingCertificate.getNonCriticalExtensionOIDs();
                String str13 = PdfObject.NOTHING;
                if (nonCriticalExtensionOIDs != null && nonCriticalExtensionOIDs.contains("2.5.29.31")) {
                    str13 = new String(signingCertificate.getExtensionValue("2.5.29.31"));
                }
                System.out.print("\t\tCrl(s) trouvée(s) : ");
                String[] crlnet = tBSSignaturePDFVerify.crlnet(str13);
                if (crlnet[0] == null && crlnet[1] == null) {
                    System.out.print("aucune");
                } else {
                    for (String str14 : crlnet) {
                        System.out.print("\n\t\t\t * " + str14);
                    }
                }
                System.out.println();
                System.out.println("\n-------------------------------------");
                System.out.println("\tEtape 2 :");
                System.out.println("\t\tLe document a-t'il été modifié ? " + (!verifySignature.verify()));
                System.out.println("\n-------------------------------------");
                System.out.println("\tEtape 3 :");
                if (crlnet[0] == null && crlnet[1] == null) {
                    verifyCertificates = tBSSignaturePDFVerify.verifyCertificates(certificates, keyStore, null, signDate);
                    System.out.println("\t\tAucune vérification de la révocation du certificat dans une CRL !");
                } else {
                    String str15 = crlnet[0];
                    String str16 = String.valueOf(str6) + File.separator + str2;
                    if (z7) {
                        System.out.println("\t\tProxy : " + str7);
                    }
                    if (str10 != null && !str10.isEmpty()) {
                        str9 = new String(Base64.encodeBytes(new String(String.valueOf(str10) + ":" + str11).getBytes()));
                    }
                    tBSSignaturePDFVerify.download(str15, str16, str7, str8, properties, str9);
                    ArrayList arrayList = new ArrayList();
                    if (new File(str16).exists()) {
                        FileInputStream fileInputStream = new FileInputStream(str16);
                        X509CRL x509crl = (X509CRL) CertificateFactory.getInstance("X.509").generateCRL(fileInputStream);
                        fileInputStream.close();
                        arrayList.add(x509crl);
                    } else {
                        System.out.println("\t\tErreur vérification : Fichier CRL (Certificate Revocation List) absent.");
                        System.exit(7);
                    }
                    verifyCertificates = tBSSignaturePDFVerify.verifyCertificates(certificates, keyStore, arrayList, signDate);
                    if (verifyCertificates == null) {
                        if (arrayList.size() > 0) {
                            System.out.println("\t\tL'examen de la CRL (Certificate Revocation List) n'a révélé aucun problème.");
                        }
                        System.out.println("\t\tLe certificat a bien été confronté au KeyStore.");
                    } else if (new File(str16).length() == 0) {
                        new File(str16).deleteOnExit();
                    }
                }
                System.out.println("\n-------------------------------------");
                System.out.println("\tEtape 4 :");
                System.out.print("\t\tLe fichier contient il un jeton d'horodatage ? ");
                if (verifySignature.getTimeStampDate() != null) {
                    SimpleDateFormat simpleDateFormat = new SimpleDateFormat("dd MMMM yyyy à H:m:s ");
                    System.out.println("oui");
                    System.out.println("\t\tFichier horodaté le " + simpleDateFormat.format(verifySignature.getTimeStampDate().getTime()));
                    System.out.print("\t\tEst ce que le jeton d'horodatage correspond bien au fichier ? ");
                    if (verifySignature.verifyTimestampImprint()) {
                        System.out.println("oui");
                    } else {
                        System.out.println("non");
                    }
                } else {
                    System.out.println("non");
                }
                System.out.println("\n-------------------------------------");
                if (verifyCertificates == null) {
                    System.out.println("\tLa vérification s'est déroulée avec succés !");
                } else {
                    System.out.println("\tErreur certificat: " + verifyCertificates[1]);
                }
            }
        } catch (Exception e) {
            e.printStackTrace();
        }
    }
}
