package ru.infotech24.apk23main.crypto;

import java.security.Principal;
import java.security.cert.X509Certificate;
import java.time.LocalDateTime;
import java.time.ZoneId;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import org.bouncycastle.asn1.ASN1UTCTime;
import org.bouncycastle.asn1.cms.AttributeTable;
import org.bouncycastle.asn1.cms.CMSAttributes;
import org.bouncycastle.cms.SignerInformation;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Service;
import ru.CryptoPro.CAdES.CAdESSigner;
import ru.CryptoPro.reprov.x509.X500Name;
import ru.CryptoPro.reprov.x509.X509CertImpl;
import ru.infotech24.common.helpers.DateUtils;

@Service
/* loaded from: input_file:BOOT-INF/classes/ru/infotech24/apk23main/crypto/Pkcs7SignatureReader.class */
public class Pkcs7SignatureReader {

    @Value("${application-settings.dev-disabled-signature:false}")
    private Boolean devDisabledSignature;

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r1v26, types: [java.time.LocalDateTime] */
    /* JADX WARN: Type inference failed for: r1v31, types: [java.time.LocalDateTime] */
    public SignatureDetailsDto getSignatureDetails(byte[] bArr, byte[] bArr2) {
        if (this.devDisabledSignature.booleanValue()) {
            return getFakeSignatureDetails();
        }
        CAdESSigner cAdESSignerInfo = Pkcs7SignatureHelper.createSignatureObject(bArr, bArr2).getCAdESSignerInfo(0);
        X509Certificate signerCertificate = cAdESSignerInfo.getSignerCertificate();
        X509CertImpl x509CertImpl = new X509CertImpl(signerCertificate.getEncoded());
        Map<String, String> prettyDnMap = getPrettyDnMap(x509CertImpl.getSubjectDN());
        return SignatureDetailsDto.builder().isValid(true).serial(signerCertificate.getSerialNumber().toString(16)).signingTime(tryGetSigningTime(cAdESSignerInfo.getSignerInfo())).subjectCn(prettyDnMap.getOrDefault("CN", null)).subjectFio(extractFio(prettyDnMap)).subjectInn(prettyDnMap.getOrDefault("INN", "отсутствует")).issuerCn(getPrettyDnMap(x509CertImpl.getIssuerDN()).getOrDefault("CN", null)).notBefore(signerCertificate.getNotBefore().toInstant().atZone(ZoneId.systemDefault()).toLocalDateTime()).notAfter(signerCertificate.getNotAfter().toInstant().atZone(ZoneId.systemDefault()).toLocalDateTime()).build();
    }

    private static Map<String, String> getPrettyDnMap(Principal principal) {
        HashMap hashMap = new HashMap();
        Iterator it = ((X500Name) principal).allAvas().iterator();
        while (it.hasNext()) {
            String[] split = it.next().toString().split("=");
            if (split.length == 1) {
                hashMap.put(split[0], null);
            } else if (split.length == 2) {
                hashMap.put(split[0], prettifyDnValue(split[1]));
            }
        }
        return hashMap;
    }

    private static String prettifyDnValue(String str) {
        if (str == null) {
            return null;
        }
        return str.replaceAll("\\\\,", ",").replaceAll("\\\\\"", "\"");
    }

    /* JADX WARN: Type inference failed for: r0v15, types: [java.time.LocalDateTime] */
    private static LocalDateTime tryGetSigningTime(SignerInformation signerInformation) {
        try {
            AttributeTable signedAttributes = signerInformation.getSignedAttributes();
            if (signedAttributes == null) {
                return null;
            }
            return ((ASN1UTCTime) signedAttributes.get(CMSAttributes.signingTime).getAttrValues().getObjectAt(0)).getDate().toInstant().atZone(ZoneId.systemDefault()).toLocalDateTime();
        } catch (Exception e) {
            return null;
        }
    }

    private static String extractFio(Map<String, String> map) {
        String orDefault = map.getOrDefault("SN", null);
        if (orDefault == null) {
            return null;
        }
        String orDefault2 = map.getOrDefault("G", null);
        return orDefault + (orDefault2 == null ? "" : " " + orDefault2);
    }

    private static SignatureDetailsDto getFakeSignatureDetails() {
        return SignatureDetailsDto.builder().isValid(true).serial("0123456789abcdef0123456789abcdef").signingTime(LocalDateTime.now()).subjectCn("!!! Операции с ЭЦП отключены параметром dev-disabled-signature").subjectFio("!!! Операции с ЭЦП отключены параметром dev-disabled-signature").subjectInn("123456789012").issuerCn("!!! Операции с ЭЦП отключены параметром dev-disabled-signature").notBefore(DateUtils.DefaultDate.atStartOfDay()).notAfter(LocalDateTime.now()).build();
    }
}
