package br.net.woodstock.rockframework.security.sign.impl;

import br.net.woodstock.rockframework.office.pdf.PDFException;
import br.net.woodstock.rockframework.security.Alias;
import br.net.woodstock.rockframework.security.digest.DigestType;
import br.net.woodstock.rockframework.security.digest.impl.BasicDigester;
import br.net.woodstock.rockframework.security.sign.DocumentSigner;
import br.net.woodstock.rockframework.security.sign.PKCS7SignatureRequest;
import br.net.woodstock.rockframework.security.sign.Signatory;
import br.net.woodstock.rockframework.security.sign.Signature;
import br.net.woodstock.rockframework.security.sign.SignatureType;
import br.net.woodstock.rockframework.security.sign.SignerException;
import br.net.woodstock.rockframework.security.store.CertificateEntry;
import br.net.woodstock.rockframework.security.store.KeyStoreType;
import br.net.woodstock.rockframework.security.store.PrivateKeyEntry;
import br.net.woodstock.rockframework.security.store.Store;
import br.net.woodstock.rockframework.security.store.StoreEntryType;
import br.net.woodstock.rockframework.security.store.impl.JCAStore;
import br.net.woodstock.rockframework.security.timestamp.TimeStamp;
import br.net.woodstock.rockframework.security.timestamp.impl.BouncyCastleTimeStampHelper;
import br.net.woodstock.rockframework.util.Assert;
import br.net.woodstock.rockframework.utils.CollectionUtils;
import br.net.woodstock.rockframework.utils.ConditionUtils;
import br.net.woodstock.rockframework.utils.IOUtils;
import com.itextpdf.text.pdf.AcroFields;
import com.itextpdf.text.pdf.OcspClientBouncyCastle;
import com.itextpdf.text.pdf.PdfDate;
import com.itextpdf.text.pdf.PdfDictionary;
import com.itextpdf.text.pdf.PdfName;
import com.itextpdf.text.pdf.PdfPKCS7;
import com.itextpdf.text.pdf.PdfReader;
import com.itextpdf.text.pdf.PdfSignature;
import com.itextpdf.text.pdf.PdfSignatureAppearance;
import com.itextpdf.text.pdf.PdfStamper;
import com.itextpdf.text.pdf.PdfString;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.security.PrivateKey;
import java.security.cert.CRL;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Vector;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x500.style.BCStyle;
import org.bouncycastle.asn1.x500.style.IETFUtils;
import org.bouncycastle.jce.X509Principal;
import org.bouncycastle.tsp.TimeStampToken;

/* loaded from: input_file:br/net/woodstock/rockframework/security/sign/impl/PDFSigner.class */
public class PDFSigner implements DocumentSigner {
    private static final char PDF_SIGNATURE_VERSION = 0;
    private PKCS7SignatureRequest request;

    public PDFSigner(PKCS7SignatureRequest pKCS7SignatureRequest) {
        Assert.notNull(pKCS7SignatureRequest, "request");
        this.request = pKCS7SignatureRequest;
    }

    @Override // br.net.woodstock.rockframework.security.sign.Signer
    public byte[] sign(byte[] bArr) {
        Assert.notNull(bArr, "data");
        try {
            byte[] bArr2 = bArr;
            Alias[] aliases = this.request.getAliases();
            int length = aliases.length;
            for (int i = PDF_SIGNATURE_VERSION; i < length; i++) {
                bArr2 = singleSign(bArr, aliases[i]);
            }
            return bArr2;
        } catch (Exception e) {
            throw new SignerException(e);
        }
    }

    private byte[] singleSign(byte[] bArr, Alias alias) {
        Assert.notEmpty(bArr, "data");
        try {
            Store store = this.request.getStore();
            CertificateEntry certificateEntry = (CertificateEntry) store.get(alias, StoreEntryType.CERTIFICATE);
            PrivateKeyEntry privateKeyEntry = (PrivateKeyEntry) store.get(alias, StoreEntryType.PRIVATE_KEY);
            if (certificateEntry == null) {
                throw new SignerException("Certificate '" + alias.getName() + " not found in store");
            }
            if (privateKeyEntry == null) {
                throw new SignerException("Private key '" + alias.getName() + " not found in store");
            }
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            X509Certificate x509Certificate = (X509Certificate) certificateEntry.getValue();
            PrivateKey value = privateKeyEntry.getValue();
            Certificate[] chain = privateKeyEntry.getChain();
            DigestType digestTypeFromSignature = getDigestTypeFromSignature(x509Certificate.getSigAlgName());
            Calendar calendar = Calendar.getInstance();
            PdfSignatureAppearance signatureAppearance = PdfStamper.createSignature(new PdfReader(bArr), byteArrayOutputStream, (char) 0, (File) null, true).getSignatureAppearance();
            signatureAppearance.setCrypto(value, chain, (CRL[]) null, PdfSignatureAppearance.SELF_SIGNED);
            signatureAppearance.setContact(this.request.getContactInfo());
            signatureAppearance.setLocation(this.request.getLocation());
            signatureAppearance.setReason(this.request.getReason());
            signatureAppearance.setSignDate(calendar);
            PdfSignature pdfSignature = new PdfSignature(PdfName.ADOBE_PPKLITE, PdfName.ADBE_PKCS7_DETACHED);
            pdfSignature.setReason(signatureAppearance.getReason());
            pdfSignature.setLocation(signatureAppearance.getLocation());
            pdfSignature.setContact(signatureAppearance.getContact());
            pdfSignature.setDate(new PdfDate(signatureAppearance.getSignDate()));
            if (ConditionUtils.isNotEmpty(this.request.getName())) {
                pdfSignature.setName(this.request.getName());
            } else {
                pdfSignature.setName(getValue(x509Certificate.getSubjectX500Principal()));
            }
            signatureAppearance.setCryptoDictionary(pdfSignature);
            HashMap hashMap = new HashMap();
            hashMap.put(PdfName.CONTENTS, new Integer(9474));
            signatureAppearance.preClose(hashMap);
            byte[] digest = new BasicDigester(digestTypeFromSignature).digest(IOUtils.toByteArray(signatureAppearance.getRangeStream()));
            DelegateITextTSAClient delegateITextTSAClient = PDF_SIGNATURE_VERSION;
            if (this.request.getTimeStampClient() != null) {
                delegateITextTSAClient = new DelegateITextTSAClient(this.request.getTimeStampClient());
            }
            byte[] bArr2 = PDF_SIGNATURE_VERSION;
            if (ConditionUtils.isNotEmpty(chain)) {
                String ocspurl = PdfPKCS7.getOCSPURL(x509Certificate);
                X509Certificate x509Certificate2 = PDF_SIGNATURE_VERSION;
                int length = chain.length;
                int i = PDF_SIGNATURE_VERSION;
                while (true) {
                    if (i >= length) {
                        break;
                    }
                    Certificate certificate = chain[i];
                    if (!x509Certificate.equals(certificate)) {
                        x509Certificate2 = (X509Certificate) certificate;
                        break;
                    }
                    i++;
                }
                if (x509Certificate2 != null && ocspurl != null && ocspurl.trim().length() > 0) {
                    bArr2 = new OcspClientBouncyCastle(x509Certificate, x509Certificate2, ocspurl).getEncoded();
                }
            }
            PdfPKCS7 pdfPKCS7 = new PdfPKCS7(value, chain, (CRL[]) null, digestTypeFromSignature.getAlgorithm(), (String) null, false);
            byte[] authenticatedAttributeBytes = pdfPKCS7.getAuthenticatedAttributeBytes(digest, calendar, bArr2);
            pdfPKCS7.update(authenticatedAttributeBytes, PDF_SIGNATURE_VERSION, authenticatedAttributeBytes.length);
            pdfPKCS7.setLocation(this.request.getLocation());
            pdfPKCS7.setReason(this.request.getReason());
            if (delegateITextTSAClient == null) {
                pdfPKCS7.setSignDate(calendar);
            }
            byte[] encodedPKCS7 = pdfPKCS7.getEncodedPKCS7(digest, calendar, delegateITextTSAClient, bArr2);
            byte[] bArr3 = new byte[(9474 - 2) / 2];
            System.arraycopy(encodedPKCS7, PDF_SIGNATURE_VERSION, bArr3, PDF_SIGNATURE_VERSION, encodedPKCS7.length);
            PdfDictionary pdfDictionary = new PdfDictionary();
            PdfString pdfString = new PdfString(bArr3);
            pdfString.setHexWriting(true);
            pdfDictionary.put(PdfName.CONTENTS, pdfString);
            signatureAppearance.close(pdfDictionary);
            return byteArrayOutputStream.toByteArray();
        } catch (Exception e) {
            throw new SignerException(e);
        }
    }

    @Override // br.net.woodstock.rockframework.security.sign.Signer
    public boolean verify(byte[] bArr, byte[] bArr2) {
        try {
            Signature[] signatures = getSignatures(bArr2);
            if (!ConditionUtils.isNotEmpty(signatures)) {
                return true;
            }
            int length = signatures.length;
            for (int i = PDF_SIGNATURE_VERSION; i < length; i++) {
                if (!signatures[i].getValid().booleanValue()) {
                    return false;
                }
            }
            return true;
        } catch (Exception e) {
            throw new SignerException(e);
        }
    }

    @Override // br.net.woodstock.rockframework.security.sign.DocumentSigner
    public Signature[] getSignatures(byte[] bArr) {
        ArrayList<String> signatureNames;
        try {
            AcroFields acroFields = new PdfReader(bArr).getAcroFields();
            ArrayList arrayList = new ArrayList();
            if (acroFields != null && (signatureNames = acroFields.getSignatureNames()) != null && !signatureNames.isEmpty()) {
                for (String str : signatureNames) {
                    PdfPKCS7 verifySignature = acroFields.verifySignature(str);
                    byte[] bytes = acroFields.getSignatureDictionary(str).getAsString(PdfName.CONTENTS).getBytes();
                    X509Certificate signingCertificate = verifySignature.getSigningCertificate();
                    Certificate[] signCertificateChain = verifySignature.getSignCertificateChain();
                    TimeStamp timeStamp = PDF_SIGNATURE_VERSION;
                    String location = verifySignature.getLocation();
                    String reason = verifySignature.getReason();
                    Date time = verifySignature.getSignDate().getTime();
                    Boolean bool = Boolean.TRUE;
                    Signatory signatory = toSignatory(signingCertificate);
                    JCAStore jCAStore = new JCAStore(KeyStoreType.JKS);
                    jCAStore.add(new CertificateEntry(new Alias(signingCertificate.getSerialNumber().toString()), signingCertificate));
                    if (ConditionUtils.isNotEmpty(PdfPKCS7.verifyCertificates(signCertificateChain, jCAStore.toKeyStore(), verifySignature.getCRLs(), verifySignature.getSignDate()))) {
                        bool = Boolean.FALSE;
                    }
                    TimeStampToken timeStampToken = verifySignature.getTimeStampToken();
                    if (timeStampToken != null) {
                        timeStamp = BouncyCastleTimeStampHelper.toTimeStamp(timeStampToken);
                        timeStampToken.getTimeStampInfo();
                        if (bool.booleanValue()) {
                            bool = Boolean.valueOf(verifySignature.verifyTimestampImprint());
                        }
                    }
                    Signature signature = new Signature();
                    signature.setDate(time);
                    signature.setEncoded(bytes);
                    signature.setLocation(location);
                    signature.setReason(reason);
                    signature.setSignatories(new ArrayList());
                    signature.getSignatories().add(signatory);
                    signature.setTimeStamp(timeStamp);
                    signature.setValid(bool);
                    arrayList.add(signature);
                }
            }
            return (Signature[]) CollectionUtils.toArray(arrayList, Signature.class);
        } catch (Exception e) {
            throw new PDFException(e);
        }
    }

    protected Signatory toSignatory(X509Certificate x509Certificate) {
        X509Principal x509Principal = (X509Principal) x509Certificate.getSubjectDN();
        X509Principal x509Principal2 = (X509Principal) x509Certificate.getIssuerDN();
        String value = getValue(x509Principal);
        String value2 = getValue(x509Principal2);
        Signatory signatory = new Signatory();
        signatory.setCertificate(x509Certificate);
        signatory.setIssuer(value2);
        signatory.setSubject(value);
        return signatory;
    }

    protected SignatureType getSignatureType(String str) {
        SignatureType signType = SignatureType.getSignType(str);
        if (signType == null) {
            signType = SignatureType.SHA1_RSA;
        }
        return signType;
    }

    protected DigestType getDigestTypeFromSignature(String str) {
        return getSignatureType(str).getDigestType();
    }

    protected String getValue(X509Principal x509Principal) {
        return IETFUtils.valueToString(new X500Name(x509Principal.getName()).getRDNs(BCStyle.CN)[PDF_SIGNATURE_VERSION].getFirst().getValue());
    }

    protected String getValue(X500Principal x500Principal) {
        return IETFUtils.valueToString(new X500Name(x500Principal.getName()).getRDNs(BCStyle.CN)[PDF_SIGNATURE_VERSION].getFirst().getValue());
    }

    protected String toString(Vector vector) {
        StringBuilder sb = new StringBuilder();
        if (ConditionUtils.isNotEmpty(vector)) {
            Iterator it = vector.iterator();
            while (it.hasNext()) {
                sb.append(it.next().toString());
            }
        }
        return sb.toString();
    }
}
