package ru.infotech24.apk23main.crypto;

import com.google.common.collect.Collections2;
import com.google.common.collect.Lists;
import java.beans.ConstructorProperties;
import java.util.ArrayList;
import java.util.Objects;
import java.util.Set;
import java.util.stream.Collectors;
import net.sf.jasperreports.engine.util.JRColorUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Service;
import ru.CryptoPro.CAdES.CAdESSignature;
import ru.infotech24.common.exceptions.BusinessLogicException;
import ru.infotech24.common.helpers.ExceptionHelper;
import ru.infotech24.common.helpers.ObjectUtils;
import ru.infotech24.common.helpers.StringUtils;

@Service
/* loaded from: input_file:BOOT-INF/classes/ru/infotech24/apk23main/crypto/Pkcs7SignatureVerifier.class */
public class Pkcs7SignatureVerifier {
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) Pkcs7SignatureVerifier.class);
    private final Pkcs7SignatureReader signatureReader;

    /* loaded from: input_file:BOOT-INF/classes/ru/infotech24/apk23main/crypto/Pkcs7SignatureVerifier$ComparableData.class */
    public static class ComparableData {
        private final String userLastName;
        private final String userFirstName;
        private final String userMiddleName;
        private final Long userInn;

        /* loaded from: input_file:BOOT-INF/classes/ru/infotech24/apk23main/crypto/Pkcs7SignatureVerifier$ComparableData$ComparableDataBuilder.class */
        public static class ComparableDataBuilder {
            private String userLastName;
            private String userFirstName;
            private String userMiddleName;
            private Long userInn;

            ComparableDataBuilder() {
            }

            public ComparableDataBuilder userLastName(String str) {
                this.userLastName = str;
                return this;
            }

            public ComparableDataBuilder userFirstName(String str) {
                this.userFirstName = str;
                return this;
            }

            public ComparableDataBuilder userMiddleName(String str) {
                this.userMiddleName = str;
                return this;
            }

            public ComparableDataBuilder userInn(Long l) {
                this.userInn = l;
                return this;
            }

            public ComparableData build() {
                return new ComparableData(this.userLastName, this.userFirstName, this.userMiddleName, this.userInn);
            }

            public String toString() {
                return "Pkcs7SignatureVerifier.ComparableData.ComparableDataBuilder(userLastName=" + this.userLastName + ", userFirstName=" + this.userFirstName + ", userMiddleName=" + this.userMiddleName + ", userInn=" + this.userInn + JRColorUtil.RGBA_SUFFIX;
            }
        }

        @ConstructorProperties({"userLastName", "userFirstName", "userMiddleName", "userInn"})
        ComparableData(String str, String str2, String str3, Long l) {
            this.userLastName = str;
            this.userFirstName = str2;
            this.userMiddleName = str3;
            this.userInn = l;
        }

        public static ComparableDataBuilder builder() {
            return new ComparableDataBuilder();
        }

        public String getUserLastName() {
            return this.userLastName;
        }

        public String getUserFirstName() {
            return this.userFirstName;
        }

        public String getUserMiddleName() {
            return this.userMiddleName;
        }

        public Long getUserInn() {
            return this.userInn;
        }
    }

    public Pkcs7SignatureVerifier(Pkcs7SignatureReader pkcs7SignatureReader) {
        this.signatureReader = pkcs7SignatureReader;
    }

    public void verify(byte[] bArr, byte[] bArr2, ComparableData comparableData) {
        try {
            CAdESSignature createSignatureObject = Pkcs7SignatureHelper.createSignatureObject(bArr, bArr2);
            System.setProperty("com.sun.security.enableCRLDP", "true");
            System.setProperty("com.ibm.security.enableCRLDP", "true");
            createSignatureObject.verify((Set) null);
            if (comparableData != null) {
                SignatureDetailsDto signatureDetails = this.signatureReader.getSignatureDetails(bArr, bArr2);
                if (!isInnOk(comparableData, signatureDetails)) {
                    throw new BusinessLogicException("ИНН владельца сертификата ЭП не совпадает с ИНН текущего пользователя");
                }
                if (!isNameOk(comparableData, signatureDetails)) {
                    throw new BusinessLogicException("ФИО владельца сертификата ЭП не совпадает с ФИО текущего пользователя");
                }
            }
        } catch (Exception e) {
            logger.warn("Не удалось проверить ЭЦП:\n" + e);
            if (!ExceptionHelper.isBusinessException(e)) {
                throw new Exception(translateErrorCodeForClient(Pkcs7SignatureHelper.tryGetErrorCodeFromCAdESException(e)), e);
            }
            throw e;
        }
    }

    private static String translateErrorCodeForClient(Integer num) {
        return Objects.equals(num, 8) ? "Подпись недействительна" : Objects.equals(num, 32) ? "Неизвестный корневой УЦ, выдавший сертификат" : "Неизвестная ошибка";
    }

    private static boolean isNameOk(ComparableData comparableData, SignatureDetailsDto signatureDetailsDto) {
        Set<String> calculateUserLowerFioCombinations = calculateUserLowerFioCombinations(comparableData);
        String lowerCase = ((String) ObjectUtils.isNull(StringUtils.prettify(signatureDetailsDto.getSubjectCn()), "")).toLowerCase();
        String lowerCase2 = ((String) ObjectUtils.isNull(StringUtils.prettify(signatureDetailsDto.getSubjectFio()), "")).toLowerCase();
        return calculateUserLowerFioCombinations.stream().anyMatch(str -> {
            return str.equals(lowerCase) || str.equals(lowerCase2);
        });
    }

    public static Set<String> calculateUserLowerFioCombinations(ComparableData comparableData) {
        String prettify = StringUtils.prettify(comparableData.userLastName);
        String prettify2 = StringUtils.prettify(comparableData.userFirstName);
        String prettify3 = StringUtils.prettify(comparableData.userMiddleName);
        if (prettify == null || prettify2 == null) {
            throw new BusinessLogicException("Сравнение данных пользователя с информацией из сертификата не может быть выполнено, т.к. не передано ФИО для сравнения");
        }
        ArrayList newArrayList = Lists.newArrayList(prettify.toLowerCase(), prettify2.toLowerCase());
        if (prettify3 != null) {
            newArrayList.add(prettify3.toLowerCase());
        }
        return (Set) Collections2.permutations(newArrayList).stream().map(list -> {
            return String.join(" ", list);
        }).collect(Collectors.toSet());
    }

    private static boolean isInnOk(ComparableData comparableData, SignatureDetailsDto signatureDetailsDto) {
        if (comparableData.userInn == null) {
            return true;
        }
        String prettify = StringUtils.prettify(signatureDetailsDto.getSubjectInn());
        String replace = prettify != null ? prettify.replace(" ", "").replace("-", "") : null;
        if (replace == null || replace.equalsIgnoreCase("отсутствует")) {
            return true;
        }
        try {
            return comparableData.userInn.equals(Long.valueOf(Long.parseLong(replace)));
        } catch (NumberFormatException e) {
            logger.info(String.format("Из ЭП выделен неверный (в неверном формате) ИНН: %s", replace));
            return true;
        }
    }
}
