package org.ofdrw.gm.ses.v1;

import org.bouncycastle.asn1.*;
import org.bouncycastle.asn1.gm.GMObjectIdentifiers;
import org.bouncycastle.jcajce.provider.asymmetric.x509.CertificateFactory;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.junit.jupiter.api.Test;
import org.ofdrw.gm.cert.PKCS12Tools;

import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.security.*;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Calendar;
import java.util.Date;
import java.util.UUID;

/**
 * V1 版本电子印章构造
 * <p>
 * 注意:该方法只用于生成测试数据,电子印章请使用符合国家规范的电子印章服务器生成管理!
 *
 * @author 权观宇
 * @since 2020-04-21 10:16:02
 */
public class SESealTest {

    static {
        Security.addProvider(new BouncyCastleProvider());
    }


    /**
     * 构造测试用电子印章
     * <p>
     * 注意:该方法只用于生成测试数据,电子印章请使用符合国家规范的电子印章服务器生成管理!
     */
    @Test
    void sealBuild() throws Exception {
        Path userP12 = Paths.get("src/test/resources", "USER.p12");
        Path sealerP12 = Paths.get("src/test/resources", "SealBuilder.p12");
        Path picturePath = Paths.get("src/test/resources", "StampImg.png");
        Path out = Paths.get("target/UserV1.esl");


        SES_Header header = new SES_Header(new ASN1Integer(1), new DERIA5String("OFDR&WTest"));

        /*
         * 印章属性信息构造
         */
        // 获取用户证书
        Certificate userCert = PKCS12Tools.ReadUserCert(userP12, "private", "777777");
        ASN1EncodableVector v = new ASN1EncodableVector(1);
        v.add(new DEROctetString(userCert.getEncoded()));

        Calendar then = Calendar.getInstance();
        then.add(Calendar.YEAR, 2);
        SES_ESPropertyInfo property = new SES_ESPropertyInfo()
                .setType(SES_ESPropertyInfo.OrgType)
                .setName(new DERUTF8String("OFDRW测试用印章"))
                .setCertList(new DERSequence(v))
                .setCreateDate(new ASN1UTCTime(new Date()))
                .setValidStart(new ASN1UTCTime(new Date()))
                .setValidEnd(new ASN1UTCTime(then.getTime()));

        /*
         * 印章图片信息 构造
         */
        SES_ESPictrueInfo picture = new SES_ESPictrueInfo()
                .setType("PNG")
                .setData(Files.readAllBytes(picturePath))
                .setWidth(40)
                .setHeight(40);

        /*
         * 印章信息构造
         */
        SES_SealInfo sealInfo = new SES_SealInfo()
                .setHeader(header)
                .setEsID(UUID.randomUUID().toString().replace("-", "").toUpperCase())
                .setProperty(property)
                .setPicture(picture);
        /*
         * 电子签章数据构造
         */
        Certificate sealerCert = PKCS12Tools.ReadUserCert(sealerP12, "private", "777777");
        PrivateKey privateKey = PKCS12Tools.ReadPrvKey(sealerP12, "private", "777777");
        DEROctetString signCert = new DEROctetString(sealerCert.getEncoded());

        // 印章信息、制章人证书、签名算法标识符组成的信息作为签名原文
        v = new ASN1EncodableVector(3);
        v.add(sealInfo);
        v.add(signCert);
        v.add(GMObjectIdentifiers.sm2sign_with_sm3);

        Signature signature = Signature.getInstance("SM3withSm2", "BC");
        signature.initSign(privateKey);
        signature.update(new DERSequence(v).getEncoded("DER"));
        byte[] sign = signature.sign();
        SES_SignInfo signInfo = new SES_SignInfo()
                .setCert(signCert)
                .setSignatureAlgorithm(GMObjectIdentifiers.sm2sign_with_sm3)
                .setSignData(sign);

        SESeal seal = new SESeal(sealInfo, signInfo);

        Files.write(out, seal.getEncoded("DER"));
    }


    @Test
    public void verify() throws IOException, NoSuchAlgorithmException, CertificateException, InvalidKeyException, SignatureException {
        Path path = Paths.get("target", "UserV1.esl");
//        Path path = Paths.get("target", "2_980_1587284330714.es");

        SESeal seal = SESeal.getInstance(Files.readAllBytes(path));
        SES_SignInfo signInfo = seal.getSignInfo();

        ASN1OctetString cert = signInfo.getCert();
        CertificateFactory factory = new CertificateFactory();
        X509Certificate certificate = (X509Certificate) factory.engineGenerateCertificate(cert.getOctetStream());

        ASN1EncodableVector v = new ASN1EncodableVector(3);
        v.add(seal.getEsealInfo());
        v.add(cert);
        v.add(signInfo.getSignatureAlgorithm());

        Signature sg = Signature.getInstance("SM3WithSM2", new BouncyCastleProvider());
        sg.initVerify(certificate);
        sg.update(new DERSequence(v).getEncoded("DER"));
        byte[] sigVal = signInfo.getSignData().getBytes();
        System.out.println(sg.verify(sigVal));
    }
}