package ru.curs.showcase.security.esia;

import java.io.FileInputStream;
import java.io.InputStreamReader;
import java.net.URL;
import java.net.URLEncoder;
import java.security.PrivateKey;
import java.security.Security;
import java.security.interfaces.RSAPrivateCrtKey;
import java.time.ZoneOffset;
import java.time.ZonedDateTime;
import java.time.format.DateTimeFormatter;
import java.util.Base64;
import java.util.HashMap;
import java.util.Map;
import java.util.UUID;
import javax.net.ssl.HttpsURLConnection;
import org.activiti.explorer.Constants;
import org.apache.batik.util.XMLConstants;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cms.CMSProcessableByteArray;
import org.bouncycastle.cms.CMSSignedDataGenerator;
import org.bouncycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.PEMEncryptedKeyPair;
import org.bouncycastle.openssl.PEMException;
import org.bouncycastle.openssl.PEMKeyPair;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
import org.bouncycastle.openssl.jcajce.JceOpenSSLPKCS8DecryptorProviderBuilder;
import org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;
import org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfo;
import org.json.JSONArray;
import org.json.JSONObject;
import org.springframework.beans.factory.BeanFactory;
import ru.curs.showcase.util.TextUtils;

/* loaded from: input_file:WEB-INF/classes/ru/curs/showcase/security/esia/ESIAManager.class */
public final class ESIAManager {
    private static final String BC = "BC";
    private static final String UTF8 = "UTF-8";
    private static final String PARAM_SCOPE = "scope";
    private static final String PARAM_TIMESTAMP = "timestamp";
    private static final String PARAM_CLIENT_ID = "client_id";
    private static final String PARAM_STATE = "state";
    private static final String PARAM_CLIENT_SECRET = "client_secret";
    private static final String PARAM_REDIRECT_URI = "redirect_uri";
    private static final String PARAM_RESPONSE_TYPE = "response_type";
    private static final String PARAM_ACCESS_TYPE = "access_type";
    private static final String PARAM_CODE = "code";
    private static final String PARAM_GRANT_TYPE = "grant_type";
    private static final String PARAM_TOKEN_TYPE = "token_type";
    private static final String VALUE_RESPONSE_TYPE = "code";
    private static final String VALUE_GRANT_TYPE = "authorization_code";
    private static final String VALUE_TOKEN_TYPE = "Bearer";
    private static final String VALUE_ACCESS_TYPE = "online";
    private static final String URL_AUTHORIZATION = "/aas/oauth2/ac";
    private static final String URL_LOGOUT = "/idp/ext/Logout";
    private static final String URL_TOKEN_EXCHANGE = "/aas/oauth2/te";
    private static final String URL_USER_INFO = "/rs/prns/%s";
    private static final String URL_USER_CONTACTS = "/rs/prns/%s/ctts?embed=(elements)";
    private static CMSSignedDataGenerator generator = null;

    private ESIAManager() {
    }

    public static void init() {
        if (EsiaSettings.isEsiaEnable()) {
            try {
                if (Security.getProvider("BC") != null) {
                    Security.removeProvider("BC");
                }
                Security.addProvider(new BouncyCastleProvider());
                JcaPEMKeyConverter provider = new JcaPEMKeyConverter().setProvider("BC");
                JcaX509CertificateConverter provider2 = new JcaX509CertificateConverter().setProvider("BC");
                PEMParser pEMParser = null;
                FileInputStream fileInputStream = null;
                try {
                    FileInputStream fileInputStream2 = new FileInputStream(EsiaSettings.CERT_FILE_NAME);
                    PEMParser pEMParser2 = new PEMParser(new InputStreamReader(fileInputStream2));
                    Object readObject = pEMParser2.readObject();
                    pEMParser2.close();
                    fileInputStream2.close();
                    X509CertificateHolder x509CertificateHolder = (X509CertificateHolder) parsePemObject(readObject, null, provider, provider2);
                    fileInputStream = new FileInputStream(EsiaSettings.KEY_FILE_NAME);
                    pEMParser = new PEMParser(new InputStreamReader(fileInputStream));
                    Object readObject2 = pEMParser.readObject();
                    pEMParser.close();
                    fileInputStream.close();
                    PrivateKey privateKey = (PrivateKey) parsePemObject(readObject2, EsiaSettings.KEY_PASS, provider, provider2);
                    generator = new CMSSignedDataGenerator();
                    generator.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().setProvider("BC").build()).build(new JcaContentSignerBuilder("SHA256withRSA").setProvider("BC").build(privateKey), x509CertificateHolder));
                    generator.addCertificate(x509CertificateHolder);
                    if (fileInputStream != null) {
                        fileInputStream.close();
                    }
                    if (pEMParser != null) {
                        pEMParser.close();
                    }
                } catch (Throwable th) {
                    if (fileInputStream != null) {
                        fileInputStream.close();
                    }
                    if (pEMParser != null) {
                        pEMParser.close();
                    }
                    throw th;
                }
            } catch (Exception e) {
                EsiaSettings.setEsiaEnable(false);
                throw new ESIAException(e);
            }
        }
    }

    private static Object parsePemObject(Object obj, String str, JcaPEMKeyConverter jcaPEMKeyConverter, JcaX509CertificateConverter jcaX509CertificateConverter) {
        Object obj2 = obj;
        try {
            if (obj2 instanceof PEMEncryptedKeyPair) {
                obj2 = ((PEMEncryptedKeyPair) obj2).decryptKeyPair(new JcePEMDecryptorProviderBuilder().build(str.toCharArray()));
            } else if (obj2 instanceof PKCS8EncryptedPrivateKeyInfo) {
                obj2 = jcaPEMKeyConverter.getPrivateKey(((PKCS8EncryptedPrivateKeyInfo) obj2).decryptPrivateKeyInfo(new JceOpenSSLPKCS8DecryptorProviderBuilder().build(str.toCharArray())));
            }
            if (obj2 instanceof PEMKeyPair) {
                try {
                    return jcaPEMKeyConverter.getKeyPair((PEMKeyPair) obj2);
                } catch (PEMException e) {
                    throw new ESIAException("Failed to construct public/private key pair", e);
                }
            }
            if (!(obj2 instanceof RSAPrivateCrtKey) && (obj2 instanceof X509CertificateHolder)) {
                return obj2;
            }
            return obj2;
        } catch (Throwable th) {
            throw new ESIAException("Failed to decode private key", th);
        }
    }

    private static void putClientSecret(HashMap<String, String> hashMap) {
        try {
            CMSProcessableByteArray cMSProcessableByteArray = new CMSProcessableByteArray((hashMap.get("scope") + hashMap.get("timestamp") + hashMap.get(PARAM_CLIENT_ID) + hashMap.get(PARAM_STATE)).getBytes());
            synchronized (generator) {
                hashMap.put(PARAM_CLIENT_SECRET, new String(Base64.getUrlEncoder().encode(generator.generate(cMSProcessableByteArray, false).getEncoded()), "UTF-8"));
            }
        } catch (Exception e) {
            throw new ESIAException(e);
        }
    }

    private static String getTimeStamp() {
        return ZonedDateTime.now(ZoneOffset.UTC).format(DateTimeFormatter.ofPattern("yyyy.MM.dd HH:mm:ss Z"));
    }

    public static boolean isAllowAuthenticateOnlyTrustedUser() {
        return EsiaSettings.ALLOW_AUTHENTICATE_ONLY_TRUSTED_USER;
    }

    public static String getLogoutURL() {
        String str = EsiaSettings.URL_BASE + URL_LOGOUT + "?" + PARAM_CLIENT_ID + XMLConstants.XML_EQUAL_SIGN + EsiaSettings.VALUE_CLIENT_ID;
        if (EsiaSettings.VALUE_LOGOUT_REDIRECT_URI != null) {
            str = str + "&redirect_url=" + EsiaSettings.VALUE_LOGOUT_REDIRECT_URI;
        }
        return str;
    }

    public static String getAuthorizationURL() {
        try {
            HashMap hashMap = new HashMap();
            hashMap.put(PARAM_CLIENT_ID, EsiaSettings.VALUE_CLIENT_ID);
            hashMap.put(PARAM_REDIRECT_URI, EsiaSettings.VALUE_REDIRECT_URI);
            hashMap.put("scope", EsiaSettings.VALUE_SCOPE.replaceAll(";", " "));
            hashMap.put(PARAM_RESPONSE_TYPE, "code");
            hashMap.put(PARAM_STATE, UUID.randomUUID().toString());
            hashMap.put("timestamp", getTimeStamp());
            hashMap.put(PARAM_ACCESS_TYPE, VALUE_ACCESS_TYPE);
            putClientSecret(hashMap);
            String str = EsiaSettings.URL_BASE + URL_AUTHORIZATION + "?";
            String str2 = "";
            for (String str3 : hashMap.keySet()) {
                if (!str2.isEmpty()) {
                    str2 = str2 + BeanFactory.FACTORY_BEAN_PREFIX;
                }
                str2 = str2 + str3 + XMLConstants.XML_EQUAL_SIGN + URLEncoder.encode((String) hashMap.get(str3), "UTF-8");
            }
            return str + str2;
        } catch (Exception e) {
            throw new ESIAException(e);
        }
    }

    public static ESIAUserInfo getUserInfo(String str) {
        ESIAUserInfo eSIAUserInfo = new ESIAUserInfo();
        HttpsURLConnection httpsURLConnection = null;
        try {
            try {
                HashMap hashMap = new HashMap();
                hashMap.put(PARAM_CLIENT_ID, EsiaSettings.VALUE_CLIENT_ID);
                hashMap.put("code", str);
                hashMap.put(PARAM_GRANT_TYPE, VALUE_GRANT_TYPE);
                hashMap.put(PARAM_REDIRECT_URI, EsiaSettings.VALUE_REDIRECT_URI);
                hashMap.put("timestamp", getTimeStamp());
                hashMap.put(PARAM_TOKEN_TYPE, VALUE_TOKEN_TYPE);
                hashMap.put("scope", EsiaSettings.VALUE_SCOPE.replaceAll(";", " "));
                hashMap.put(PARAM_STATE, UUID.randomUUID().toString());
                putClientSecret(hashMap);
                StringBuilder sb = new StringBuilder();
                for (Map.Entry entry : hashMap.entrySet()) {
                    if (sb.length() != 0) {
                        sb.append(BeanFactory.FACTORY_BEAN_PREFIX);
                    }
                    sb.append(URLEncoder.encode((String) entry.getKey(), "UTF-8"));
                    sb.append(XMLConstants.XML_EQUAL_SIGN);
                    sb.append(URLEncoder.encode(String.valueOf(entry.getValue()), "UTF-8"));
                }
                byte[] bytes = sb.toString().getBytes("UTF-8");
                HttpsURLConnection httpsURLConnection2 = (HttpsURLConnection) new URL(EsiaSettings.URL_BASE + URL_TOKEN_EXCHANGE).openConnection();
                httpsURLConnection2.setRequestMethod("POST");
                httpsURLConnection2.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
                httpsURLConnection2.setRequestProperty("Content-Length", String.valueOf(bytes.length));
                httpsURLConnection2.setDoInput(true);
                httpsURLConnection2.setDoOutput(true);
                httpsURLConnection2.getOutputStream().write(bytes);
                httpsURLConnection2.connect();
                if (httpsURLConnection2.getResponseCode() != 200) {
                    throw new ESIAException("Ошибка при получении маркера доступа, responseCode = " + httpsURLConnection2.getResponseCode());
                }
                JSONObject jSONObject = new JSONObject(TextUtils.streamToString(httpsURLConnection2.getInputStream()));
                String string = jSONObject.getString("id_token");
                String string2 = jSONObject.getString("access_token");
                long j = new JSONObject(new String(Base64.getUrlDecoder().decode(string.split("\\.")[1]), "UTF-8")).getJSONObject("urn:esia:sbj").getLong("urn:esia:sbj:oid");
                httpsURLConnection2.disconnect();
                HttpsURLConnection httpsURLConnection3 = (HttpsURLConnection) new URL(EsiaSettings.URL_BASE + String.format(URL_USER_INFO, Long.valueOf(j))).openConnection();
                httpsURLConnection3.setRequestMethod("GET");
                httpsURLConnection3.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
                httpsURLConnection3.setRequestProperty("Authorization", String.format("Bearer %s", string2));
                httpsURLConnection3.setRequestProperty("Accept", "application/json");
                httpsURLConnection3.setDoInput(true);
                httpsURLConnection3.setDoOutput(true);
                httpsURLConnection3.connect();
                if (httpsURLConnection3.getResponseCode() != 200) {
                    throw new ESIAException("Ошибка при получении данных о пользователе, responseCode = " + httpsURLConnection3.getResponseCode());
                }
                JSONObject jSONObject2 = new JSONObject(TextUtils.streamToString(httpsURLConnection3.getInputStream()));
                eSIAUserInfo.setOid(j);
                if (jSONObject2.has("snils")) {
                    eSIAUserInfo.setSnils(jSONObject2.getString("snils"));
                }
                if (jSONObject2.has("trusted")) {
                    eSIAUserInfo.setTrusted(jSONObject2.getBoolean("trusted"));
                }
                if (jSONObject2.has("firstName")) {
                    eSIAUserInfo.setFirstName(jSONObject2.getString("firstName"));
                }
                if (jSONObject2.has("lastName")) {
                    eSIAUserInfo.setLastName(jSONObject2.getString("lastName"));
                }
                if (jSONObject2.has("middleName")) {
                    eSIAUserInfo.setMiddleName(jSONObject2.getString("middleName"));
                }
                if (jSONObject2.has("gender")) {
                    eSIAUserInfo.setGender(jSONObject2.getString("gender"));
                }
                if (jSONObject2.has(Constants.USER_INFO_BIRTH_DATE)) {
                    eSIAUserInfo.setBirthDate(jSONObject2.getString(Constants.USER_INFO_BIRTH_DATE));
                }
                if (jSONObject2.has("birthPlace")) {
                    eSIAUserInfo.setBirthPlace(jSONObject2.getString("birthPlace"));
                }
                httpsURLConnection3.disconnect();
                HttpsURLConnection httpsURLConnection4 = (HttpsURLConnection) new URL(EsiaSettings.URL_BASE + String.format(URL_USER_CONTACTS, Long.valueOf(j))).openConnection();
                httpsURLConnection4.setRequestMethod("GET");
                httpsURLConnection4.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
                httpsURLConnection4.setRequestProperty("Authorization", String.format("Bearer %s", string2));
                httpsURLConnection4.setRequestProperty("Accept", "application/json");
                httpsURLConnection4.setDoInput(true);
                httpsURLConnection4.setDoOutput(true);
                httpsURLConnection4.connect();
                if (httpsURLConnection4.getResponseCode() != 200) {
                    throw new ESIAException("Ошибка при получении данных о пользователе, responseCode = " + httpsURLConnection4.getResponseCode());
                }
                JSONObject jSONObject3 = new JSONObject(TextUtils.streamToString(httpsURLConnection4.getInputStream()));
                int i = jSONObject3.has("size") ? jSONObject3.getInt("size") : 0;
                if (i > 0) {
                    String str2 = null;
                    JSONArray jSONArray = jSONObject3.getJSONArray("elements");
                    for (int i2 = 0; i2 < i; i2++) {
                        String string3 = jSONArray.getJSONObject(i2).getString("type");
                        String string4 = jSONArray.getJSONObject(i2).getString("value");
                        if ("EML".equalsIgnoreCase(string3)) {
                            eSIAUserInfo.setEmail(string4);
                        }
                        if ("MBT".equalsIgnoreCase(string3)) {
                            eSIAUserInfo.setPhone(string4);
                        }
                        if ("PHN".equalsIgnoreCase(string3)) {
                            str2 = string4;
                        }
                    }
                    if (eSIAUserInfo.getPhone() == null) {
                        eSIAUserInfo.setPhone(str2);
                    }
                }
                if (httpsURLConnection4 != null) {
                    httpsURLConnection4.disconnect();
                }
                return eSIAUserInfo;
            } catch (Exception e) {
                throw new ESIAException(e);
            }
        } catch (Throwable th) {
            if (0 != 0) {
                httpsURLConnection.disconnect();
            }
            throw th;
        }
    }
}
