package eu.europa.esig.dss.pdf.pdfbox;

import eu.europa.esig.dss.DSSASN1Utils;
import eu.europa.esig.dss.DSSDocument;
import eu.europa.esig.dss.DSSException;
import eu.europa.esig.dss.DSSUtils;
import eu.europa.esig.dss.DigestAlgorithm;
import eu.europa.esig.dss.pades.PAdESSignatureParameters;
import eu.europa.esig.dss.pades.SignatureImageParameters;
import eu.europa.esig.dss.pades.signature.visible.ImageAndResolution;
import eu.europa.esig.dss.pades.signature.visible.ImageUtils;
import eu.europa.esig.dss.pdf.DSSDictionaryCallback;
import eu.europa.esig.dss.pdf.PDFSignatureService;
import eu.europa.esig.dss.pdf.PdfDssDict;
import eu.europa.esig.dss.pdf.PdfSignatureOrDocTimestampInfo;
import eu.europa.esig.dss.pdf.PdfSignatureOrDocTimestampInfoComparator;
import eu.europa.esig.dss.pdf.SignatureValidationCallback;
import eu.europa.esig.dss.utils.Utils;
import eu.europa.esig.dss.x509.CertificatePool;
import eu.europa.esig.dss.x509.CertificateToken;
import eu.europa.esig.dss.x509.Token;
import eu.europa.esig.dss.x509.crl.CRLToken;
import eu.europa.esig.dss.x509.ocsp.OCSPToken;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.MessageDigest;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Calendar;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.apache.pdfbox.cos.COSArray;
import org.apache.pdfbox.cos.COSDictionary;
import org.apache.pdfbox.cos.COSName;
import org.apache.pdfbox.cos.COSStream;
import org.apache.pdfbox.pdmodel.PDDocument;
import org.apache.pdfbox.pdmodel.interactive.digitalsignature.PDSignature;
import org.apache.pdfbox.pdmodel.interactive.digitalsignature.SignatureInterface;
import org.apache.pdfbox.pdmodel.interactive.digitalsignature.SignatureOptions;
import org.apache.pdfbox.pdmodel.interactive.digitalsignature.visible.PDVisibleSigProperties;
import org.apache.pdfbox.pdmodel.interactive.digitalsignature.visible.PDVisibleSignDesigner;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:eu/europa/esig/dss/pdf/pdfbox/PdfBoxSignatureService.class */
public class PdfBoxSignatureService implements PDFSignatureService {
    private static final Logger logger = LoggerFactory.getLogger(PdfBoxSignatureService.class);

    @Override // eu.europa.esig.dss.pdf.PDFSignatureService
    public byte[] digest(InputStream inputStream, PAdESSignatureParameters pAdESSignatureParameters, DigestAlgorithm digestAlgorithm) throws DSSException {
        byte[] bArr = DSSUtils.EMPTY_BYTE_ARRAY;
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        PDDocument pDDocument = null;
        try {
            try {
                pDDocument = PDDocument.load(inputStream);
                byte[] signDocumentAndReturnDigest = signDocumentAndReturnDigest(pAdESSignatureParameters, bArr, byteArrayOutputStream, pDDocument, createSignatureDictionary(pAdESSignatureParameters), digestAlgorithm);
                Utils.closeQuietly(pDDocument);
                Utils.closeQuietly(byteArrayOutputStream);
                return signDocumentAndReturnDigest;
            } catch (IOException e) {
                throw new DSSException(e);
            }
        } catch (Throwable th) {
            Utils.closeQuietly(pDDocument);
            Utils.closeQuietly(byteArrayOutputStream);
            throw th;
        }
    }

    @Override // eu.europa.esig.dss.pdf.PDFSignatureService
    public void sign(InputStream inputStream, byte[] bArr, OutputStream outputStream, PAdESSignatureParameters pAdESSignatureParameters, DigestAlgorithm digestAlgorithm) throws DSSException {
        PDDocument pDDocument = null;
        try {
            try {
                pDDocument = PDDocument.load(inputStream);
                signDocumentAndReturnDigest(pAdESSignatureParameters, bArr, outputStream, pDDocument, createSignatureDictionary(pAdESSignatureParameters), digestAlgorithm);
                Utils.closeQuietly(pDDocument);
            } catch (IOException e) {
                throw new DSSException(e);
            }
        } catch (Throwable th) {
            Utils.closeQuietly(pDDocument);
            throw th;
        }
    }

    private byte[] signDocumentAndReturnDigest(PAdESSignatureParameters pAdESSignatureParameters, final byte[] bArr, OutputStream outputStream, PDDocument pDDocument, PDSignature pDSignature, DigestAlgorithm digestAlgorithm) throws DSSException {
        SignatureOptions signatureOptions = new SignatureOptions();
        try {
            try {
                final MessageDigest messageDigest = DSSUtils.getMessageDigest(digestAlgorithm);
                SignatureInterface signatureInterface = new SignatureInterface() { // from class: eu.europa.esig.dss.pdf.pdfbox.PdfBoxSignatureService.1
                    public byte[] sign(InputStream inputStream) throws IOException {
                        byte[] bArr2 = new byte[4096];
                        while (true) {
                            int read = inputStream.read(bArr2);
                            if (read <= 0) {
                                return bArr;
                            }
                            messageDigest.update(bArr2, 0, read);
                        }
                    }
                };
                signatureOptions.setPreferredSignatureSize(pAdESSignatureParameters.getSignatureSize());
                if (pAdESSignatureParameters.getImageParameters() != null) {
                    fillImageParameters(pDDocument, pAdESSignatureParameters.getImageParameters(), signatureOptions);
                }
                pDDocument.addSignature(pDSignature, signatureInterface, signatureOptions);
                saveDocumentIncrementally(pAdESSignatureParameters, outputStream, pDDocument);
                byte[] digest = messageDigest.digest();
                if (logger.isDebugEnabled()) {
                    logger.debug("Digest to be signed: " + Utils.toHex(digest));
                }
                return digest;
            } catch (IOException e) {
                throw new DSSException(e);
            }
        } finally {
            Utils.closeQuietly(signatureOptions.getVisualSignature());
        }
    }

    private void fillImageParameters(PDDocument pDDocument, SignatureImageParameters signatureImageParameters, SignatureOptions signatureOptions) throws IOException {
        ImageAndResolution create = ImageUtils.create(signatureImageParameters);
        InputStream inputStream = create.getInputStream();
        try {
            PDVisibleSignDesigner pDVisibleSignDesigner = new PDVisibleSignDesigner(pDDocument, inputStream, signatureImageParameters.getPage());
            pDVisibleSignDesigner.xAxis(signatureImageParameters.getxAxis()).yAxis(signatureImageParameters.getyAxis());
            pDVisibleSignDesigner.width(create.toXPoint(pDVisibleSignDesigner.getWidth())).height(create.toYPoint(pDVisibleSignDesigner.getHeight()));
            pDVisibleSignDesigner.zoom(signatureImageParameters.getZoom() - 100);
            PDVisibleSigProperties pDVisibleSigProperties = new PDVisibleSigProperties();
            pDVisibleSigProperties.visualSignEnabled(true).setPdVisibleSignature(pDVisibleSignDesigner).buildSignature();
            signatureOptions.setVisualSignature(pDVisibleSigProperties);
            signatureOptions.setPage(signatureImageParameters.getPage() - 1);
            Utils.closeQuietly(inputStream);
        } catch (Throwable th) {
            Utils.closeQuietly(inputStream);
            throw th;
        }
    }

    private PDSignature createSignatureDictionary(PAdESSignatureParameters pAdESSignatureParameters) {
        PDSignature pDSignature = new PDSignature();
        pDSignature.setType(getType());
        String str = " " + Utils.toHex(DSSUtils.digest(DigestAlgorithm.SHA1, Long.toString(pAdESSignatureParameters.bLevel().getSigningDate().getTime()).getBytes()));
        if (pAdESSignatureParameters.getSigningCertificate() == null) {
            pDSignature.setName("Unknown signer" + str);
        } else {
            pDSignature.setName(DSSASN1Utils.getHumanReadableName(pAdESSignatureParameters.getSigningCertificate()) + str);
        }
        pDSignature.setFilter(PDSignature.FILTER_ADOBE_PPKLITE);
        pDSignature.setSubFilter(getSubFilter());
        if (COSName.SIG.equals(getType())) {
            if (Utils.isStringNotEmpty(pAdESSignatureParameters.getContactInfo())) {
                pDSignature.setContactInfo(pAdESSignatureParameters.getContactInfo());
            }
            if (Utils.isStringNotEmpty(pAdESSignatureParameters.getLocation())) {
                pDSignature.setLocation(pAdESSignatureParameters.getLocation());
            }
            if (Utils.isStringNotEmpty(pAdESSignatureParameters.getReason())) {
                pDSignature.setReason(pAdESSignatureParameters.getReason());
            }
        }
        Calendar calendar = Calendar.getInstance();
        calendar.setTime(pAdESSignatureParameters.bLevel().getSigningDate());
        pDSignature.setSignDate(calendar);
        return pDSignature;
    }

    protected COSName getType() {
        return COSName.SIG;
    }

    public void saveDocumentIncrementally(PAdESSignatureParameters pAdESSignatureParameters, OutputStream outputStream, PDDocument pDDocument) throws DSSException {
        try {
            if (pDDocument.getDocumentId() == null) {
                pDDocument.setDocumentId(Long.valueOf(DSSUtils.toLong(DSSUtils.digest(DigestAlgorithm.MD5, pAdESSignatureParameters.bLevel().getSigningDate().toString().getBytes()))));
                pDDocument.setDocumentId(0L);
            }
            pDDocument.saveIncremental(outputStream);
        } catch (IOException e) {
            throw new DSSException(e);
        }
    }

    protected COSName getSubFilter() {
        return PDSignature.SUBFILTER_ETSI_CADES_DETACHED;
    }

    @Override // eu.europa.esig.dss.pdf.PDFSignatureService
    public void validateSignatures(CertificatePool certificatePool, DSSDocument dSSDocument, SignatureValidationCallback signatureValidationCallback) throws DSSException {
        InputStream openStream = dSSDocument.openStream();
        try {
            Iterator<PdfSignatureOrDocTimestampInfo> it = getSignatures(certificatePool, Utils.toByteArray(openStream)).iterator();
            while (it.hasNext()) {
                signatureValidationCallback.validate(it.next());
            }
        } catch (IOException e) {
            logger.error("Cannot validate signatures : " + e.getMessage(), e);
        }
        Utils.closeQuietly(openStream);
    }

    private List<PdfSignatureOrDocTimestampInfo> getSignatures(CertificatePool certificatePool, byte[] bArr) {
        PdfSignatureOrDocTimestampInfo pdfBoxSignatureInfo;
        ArrayList arrayList = new ArrayList();
        PDDocument pDDocument = null;
        try {
            try {
                pDDocument = PDDocument.load(bArr);
                List<PDSignature> signatureDictionaries = pDDocument.getSignatureDictionaries();
                if (Utils.isCollectionNotEmpty(signatureDictionaries)) {
                    logger.debug("{} signature(s) found", Integer.valueOf(signatureDictionaries.size()));
                    PdfDssDict extract = PdfDssDict.extract(new PdfBoxDict(pDDocument.getDocumentCatalog().getCOSObject(), pDDocument));
                    for (PDSignature pDSignature : signatureDictionaries) {
                        String subFilter = pDSignature.getSubFilter();
                        byte[] contents = pDSignature.getContents(bArr);
                        if (Utils.isStringEmpty(subFilter) || Utils.isArrayEmpty(contents)) {
                            logger.warn("Wrong signature with empty subfilter or cms.");
                        } else {
                            byte[] signedContent = pDSignature.getSignedContent(bArr);
                            int[] byteRange = pDSignature.getByteRange();
                            if (PdfBoxDocTimeStampService.SUB_FILTER_ETSI_RFC3161.getName().equals(subFilter)) {
                                boolean z = false;
                                if (extract != null && isDSSDictionaryPresentInPreviousRevision(getOriginalBytes(byteRange, signedContent))) {
                                    z = true;
                                }
                                pdfBoxSignatureInfo = new PdfBoxDocTimestampInfo(certificatePool, pDSignature, extract, contents, signedContent, z);
                            } else {
                                pdfBoxSignatureInfo = new PdfBoxSignatureInfo(certificatePool, pDSignature, extract, contents, signedContent);
                            }
                            if (pdfBoxSignatureInfo != null) {
                                arrayList.add(pdfBoxSignatureInfo);
                            }
                        }
                    }
                    Collections.sort(arrayList, new PdfSignatureOrDocTimestampInfoComparator());
                    linkSignatures(arrayList);
                    for (PdfSignatureOrDocTimestampInfo pdfSignatureOrDocTimestampInfo : arrayList) {
                        logger.debug("Signature " + pdfSignatureOrDocTimestampInfo.uniqueId() + " found with byteRange " + Arrays.toString(pdfSignatureOrDocTimestampInfo.getSignatureByteRange()) + " (" + pdfSignatureOrDocTimestampInfo.getSubFilter() + ")");
                    }
                }
                Utils.closeQuietly(pDDocument);
            } catch (Exception e) {
                logger.warn("Cannot analyze signatures : " + e.getMessage(), e);
                Utils.closeQuietly(pDDocument);
            }
            return arrayList;
        } catch (Throwable th) {
            Utils.closeQuietly(pDDocument);
            throw th;
        }
    }

    private void linkSignatures(List<PdfSignatureOrDocTimestampInfo> list) {
        ArrayList arrayList = new ArrayList();
        for (PdfSignatureOrDocTimestampInfo pdfSignatureOrDocTimestampInfo : list) {
            if (Utils.isCollectionNotEmpty(arrayList)) {
                Iterator it = arrayList.iterator();
                while (it.hasNext()) {
                    ((PdfSignatureOrDocTimestampInfo) it.next()).addOuterSignature(pdfSignatureOrDocTimestampInfo);
                }
            }
            arrayList.add(pdfSignatureOrDocTimestampInfo);
        }
    }

    private boolean isDSSDictionaryPresentInPreviousRevision(byte[] bArr) {
        PDDocument pDDocument = null;
        PdfDssDict pdfDssDict = null;
        try {
            try {
                pDDocument = PDDocument.load(bArr);
                if (Utils.isCollectionNotEmpty(pDDocument.getSignatureDictionaries())) {
                    pdfDssDict = PdfDssDict.extract(new PdfBoxDict(pDDocument.getDocumentCatalog().getCOSObject(), pDDocument));
                }
                Utils.closeQuietly(pDDocument);
            } catch (Exception e) {
                logger.warn("Cannot check in previous revisions if DSS dictionary already exist : " + e.getMessage(), e);
                Utils.closeQuietly(pDDocument);
            }
            return pdfDssDict != null;
        } catch (Throwable th) {
            Utils.closeQuietly(pDDocument);
            throw th;
        }
    }

    private byte[] getOriginalBytes(int[] iArr, byte[] bArr) {
        int i = iArr[1];
        byte[] bArr2 = new byte[i];
        System.arraycopy(bArr, 0, bArr2, 0, i);
        return bArr2;
    }

    @Override // eu.europa.esig.dss.pdf.PDFSignatureService
    public void addDssDictionary(InputStream inputStream, OutputStream outputStream, List<DSSDictionaryCallback> list) {
        PDDocument pDDocument = null;
        try {
            try {
                pDDocument = PDDocument.load(inputStream);
                if (Utils.isCollectionNotEmpty(list)) {
                    COSDictionary cOSObject = pDDocument.getDocumentCatalog().getCOSObject();
                    cOSObject.setItem("DSS", buildDSSDictionary(list));
                    cOSObject.setNeedToBeUpdated(true);
                }
                if (pDDocument.getDocumentId() == null) {
                    pDDocument.setDocumentId(0L);
                }
                pDDocument.saveIncremental(outputStream);
                Utils.closeQuietly(pDDocument);
            } catch (Exception e) {
                throw new DSSException(e);
            }
        } catch (Throwable th) {
            Utils.closeQuietly(pDDocument);
            throw th;
        }
    }

    private COSDictionary buildDSSDictionary(List<DSSDictionaryCallback> list) throws Exception {
        COSDictionary cOSDictionary = new COSDictionary();
        HashMap hashMap = new HashMap();
        HashSet hashSet = new HashSet();
        HashSet hashSet2 = new HashSet();
        HashSet hashSet3 = new HashSet();
        COSDictionary cOSDictionary2 = new COSDictionary();
        for (DSSDictionaryCallback dSSDictionaryCallback : list) {
            COSDictionary cOSDictionary3 = new COSDictionary();
            cOSDictionary3.setDirect(true);
            if (Utils.isCollectionNotEmpty(dSSDictionaryCallback.getCertificates())) {
                COSArray cOSArray = new COSArray();
                for (CertificateToken certificateToken : dSSDictionaryCallback.getCertificates()) {
                    cOSArray.add(getStream(hashMap, certificateToken));
                    hashSet3.add(certificateToken);
                }
                cOSDictionary3.setItem("Cert", cOSArray);
            }
            if (Utils.isCollectionNotEmpty(dSSDictionaryCallback.getOcsps())) {
                COSArray cOSArray2 = new COSArray();
                for (OCSPToken oCSPToken : dSSDictionaryCallback.getOcsps()) {
                    cOSArray2.add(getStream(hashMap, oCSPToken));
                    hashSet2.add(oCSPToken);
                }
                cOSDictionary3.setItem("OCSP", cOSArray2);
            }
            if (Utils.isCollectionNotEmpty(dSSDictionaryCallback.getCrls())) {
                COSArray cOSArray3 = new COSArray();
                for (CRLToken cRLToken : dSSDictionaryCallback.getCrls()) {
                    cOSArray3.add(getStream(hashMap, cRLToken));
                    hashSet.add(cRLToken);
                }
                cOSDictionary3.setItem("CRL", cOSArray3);
            }
            cOSDictionary2.setItem(Utils.toHex(DSSUtils.digest(DigestAlgorithm.SHA1, dSSDictionaryCallback.getSignature().getPdfSignatureInfo().getContent())).toUpperCase(), cOSDictionary3);
        }
        cOSDictionary.setItem("VRI", cOSDictionary2);
        if (Utils.isCollectionNotEmpty(hashSet3)) {
            COSArray cOSArray4 = new COSArray();
            Iterator it = hashSet3.iterator();
            while (it.hasNext()) {
                cOSArray4.add(getStream(hashMap, (CertificateToken) it.next()));
            }
            cOSDictionary.setItem("Certs", cOSArray4);
        }
        if (Utils.isCollectionNotEmpty(hashSet2)) {
            COSArray cOSArray5 = new COSArray();
            Iterator it2 = hashSet2.iterator();
            while (it2.hasNext()) {
                cOSArray5.add(getStream(hashMap, (OCSPToken) it2.next()));
            }
            cOSDictionary.setItem("OCSPs", cOSArray5);
        }
        if (Utils.isCollectionNotEmpty(hashSet)) {
            COSArray cOSArray6 = new COSArray();
            Iterator it3 = hashSet.iterator();
            while (it3.hasNext()) {
                cOSArray6.add(getStream(hashMap, (CRLToken) it3.next()));
            }
            cOSDictionary.setItem("CRLs", cOSArray6);
        }
        return cOSDictionary;
    }

    private COSStream getStream(Map<String, COSStream> map, Token token) throws IOException {
        COSStream cOSStream = map.get(token.getDSSIdAsString());
        if (cOSStream == null) {
            cOSStream = new COSStream();
            OutputStream createOutputStream = cOSStream.createOutputStream();
            createOutputStream.write(token.getEncoded());
            createOutputStream.flush();
            createOutputStream.close();
            map.put(token.getDSSIdAsString(), cOSStream);
        }
        return cOSStream;
    }
}
