package org.apache.pdfbox.examples.signature;

import java.io.IOException;
import java.io.InputStream;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Enumeration;
import java.util.Iterator;
import org.apache.pdfbox.cos.COSArray;
import org.apache.pdfbox.cos.COSDictionary;
import org.apache.pdfbox.cos.COSName;
import org.apache.pdfbox.pdmodel.PDDocument;
import org.apache.pdfbox.pdmodel.interactive.digitalsignature.PDSignature;
import org.apache.pdfbox.pdmodel.interactive.digitalsignature.SignatureInterface;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.DERSet;
import org.bouncycastle.asn1.cms.Attribute;
import org.bouncycastle.asn1.cms.AttributeTable;
import org.bouncycastle.asn1.cms.Attributes;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaCertStore;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.cms.CMSSignedDataGenerator;
import org.bouncycastle.cms.SignerInformation;
import org.bouncycastle.cms.SignerInformationStore;
import org.bouncycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;
import org.bouncycastle.tsp.TSPException;

/* loaded from: input_file:org/apache/pdfbox/examples/signature/CreateSignatureBase.class */
public abstract class CreateSignatureBase implements SignatureInterface {
    private PrivateKey privateKey;
    private Certificate certificate;
    private Certificate[] certificateChain;
    private TSAClient tsaClient;
    private boolean externalSigning;

    public CreateSignatureBase(KeyStore keyStore, char[] cArr) throws KeyStoreException, UnrecoverableKeyException, NoSuchAlgorithmException, IOException, CertificateException {
        Enumeration<String> aliases = keyStore.aliases();
        Certificate certificate = null;
        while (true) {
            if (!aliases.hasMoreElements()) {
                break;
            }
            String nextElement = aliases.nextElement();
            setPrivateKey((PrivateKey) keyStore.getKey(nextElement, cArr));
            Certificate[] certificateChain = keyStore.getCertificateChain(nextElement);
            if (certificateChain != null) {
                setCertificateChain(certificateChain);
                certificate = keyStore.getCertificate(nextElement);
                setCertificate(certificate);
                if (certificate instanceof X509Certificate) {
                    ((X509Certificate) certificate).checkValidity();
                }
            }
        }
        if (certificate == null) {
            throw new IOException("Could not find certificate");
        }
    }

    public final void setPrivateKey(PrivateKey privateKey) {
        this.privateKey = privateKey;
    }

    public final void setCertificate(Certificate certificate) {
        this.certificate = certificate;
    }

    public final void setCertificateChain(Certificate[] certificateArr) {
        this.certificateChain = certificateArr;
    }

    public void setTsaClient(TSAClient tSAClient) {
        this.tsaClient = tSAClient;
    }

    public TSAClient getTsaClient() {
        return this.tsaClient;
    }

    private CMSSignedData signTimeStamps(CMSSignedData cMSSignedData) throws IOException, TSPException {
        SignerInformationStore signerInfos = cMSSignedData.getSignerInfos();
        ArrayList arrayList = new ArrayList();
        Iterator it = signerInfos.getSigners().iterator();
        while (it.hasNext()) {
            arrayList.add(signTimeStamp((SignerInformation) it.next()));
        }
        return CMSSignedData.replaceSigners(cMSSignedData, new SignerInformationStore(arrayList));
    }

    private SignerInformation signTimeStamp(SignerInformation signerInformation) throws IOException, TSPException {
        AttributeTable unsignedAttributes = signerInformation.getUnsignedAttributes();
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        if (unsignedAttributes != null) {
            aSN1EncodableVector = unsignedAttributes.toASN1EncodableVector();
        }
        aSN1EncodableVector.add(new Attribute(PKCSObjectIdentifiers.id_aa_signatureTimeStampToken, new DERSet(ASN1Primitive.fromByteArray(getTsaClient().getTimeStampToken(signerInformation.getSignature())))));
        SignerInformation replaceUnsignedAttributes = SignerInformation.replaceUnsignedAttributes(signerInformation, new AttributeTable(new Attributes(aSN1EncodableVector)));
        return replaceUnsignedAttributes == null ? signerInformation : replaceUnsignedAttributes;
    }

    public byte[] sign(InputStream inputStream) throws IOException {
        try {
            ArrayList arrayList = new ArrayList();
            arrayList.addAll(Arrays.asList(this.certificateChain));
            arrayList.add(this.certificate);
            JcaCertStore jcaCertStore = new JcaCertStore(arrayList);
            CMSSignedDataGenerator cMSSignedDataGenerator = new CMSSignedDataGenerator();
            org.bouncycastle.asn1.x509.Certificate certificate = org.bouncycastle.asn1.x509.Certificate.getInstance(ASN1Primitive.fromByteArray(this.certificate.getEncoded()));
            cMSSignedDataGenerator.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().build()).build(new JcaContentSignerBuilder("SHA256WithRSA").build(this.privateKey), new X509CertificateHolder(certificate)));
            cMSSignedDataGenerator.addCertificates(jcaCertStore);
            CMSSignedData generate = cMSSignedDataGenerator.generate(new CMSProcessableInputStream(inputStream), false);
            if (this.tsaClient != null) {
                generate = signTimeStamps(generate);
            }
            return generate.getEncoded();
        } catch (TSPException e) {
            throw new IOException((Throwable) e);
        } catch (OperatorCreationException e2) {
            throw new IOException((Throwable) e2);
        } catch (CMSException e3) {
            throw new IOException((Throwable) e3);
        } catch (GeneralSecurityException e4) {
            throw new IOException(e4);
        }
    }

    public void setExternalSigning(boolean z) {
        this.externalSigning = z;
    }

    public boolean isExternalSigning() {
        return this.externalSigning;
    }

    public int getMDPPermission(PDDocument pDDocument) {
        COSDictionary dictionaryObject = pDDocument.getDocumentCatalog().getCOSObject().getDictionaryObject(COSName.PERMS);
        if (!(dictionaryObject instanceof COSDictionary)) {
            return 0;
        }
        COSDictionary dictionaryObject2 = dictionaryObject.getDictionaryObject(COSName.DOCMDP);
        if (!(dictionaryObject2 instanceof COSDictionary)) {
            return 0;
        }
        COSArray dictionaryObject3 = dictionaryObject2.getDictionaryObject("Reference");
        if (!(dictionaryObject3 instanceof COSArray)) {
            return 0;
        }
        COSArray cOSArray = dictionaryObject3;
        for (int i = 0; i < cOSArray.size(); i++) {
            COSDictionary object = cOSArray.getObject(i);
            if (object instanceof COSDictionary) {
                COSDictionary cOSDictionary = object;
                if (COSName.DOCMDP.equals(cOSDictionary.getDictionaryObject("TransformMethod"))) {
                    COSDictionary dictionaryObject4 = cOSDictionary.getDictionaryObject("TransformParams");
                    if (dictionaryObject4 instanceof COSDictionary) {
                        int i2 = dictionaryObject4.getInt(COSName.P, 2);
                        if (i2 < 1 || i2 > 3) {
                            i2 = 2;
                        }
                        return i2;
                    }
                } else {
                    continue;
                }
            }
        }
        return 0;
    }

    public void setMDPPermission(PDDocument pDDocument, PDSignature pDSignature, int i) {
        COSDictionary cOSObject = pDSignature.getCOSObject();
        COSDictionary cOSDictionary = new COSDictionary();
        cOSDictionary.setItem(COSName.TYPE, COSName.getPDFName("TransformParams"));
        cOSDictionary.setInt(COSName.P, i);
        cOSDictionary.setName(COSName.V, "1.2");
        cOSDictionary.setNeedToBeUpdated(true);
        COSDictionary cOSDictionary2 = new COSDictionary();
        cOSDictionary2.setItem(COSName.TYPE, COSName.getPDFName("SigRef"));
        cOSDictionary2.setItem("TransformMethod", COSName.getPDFName("DocMDP"));
        cOSDictionary2.setItem("DigestMethod", COSName.getPDFName("SHA1"));
        cOSDictionary2.setItem("TransformParams", cOSDictionary);
        cOSDictionary2.setNeedToBeUpdated(true);
        COSArray cOSArray = new COSArray();
        cOSArray.add(cOSDictionary2);
        cOSObject.setItem("Reference", cOSArray);
        cOSArray.setNeedToBeUpdated(true);
        COSDictionary cOSObject2 = pDDocument.getDocumentCatalog().getCOSObject();
        COSDictionary cOSDictionary3 = new COSDictionary();
        cOSObject2.setItem(COSName.PERMS, cOSDictionary3);
        cOSDictionary3.setItem(COSName.DOCMDP, pDSignature);
        cOSObject2.setNeedToBeUpdated(true);
        cOSDictionary3.setNeedToBeUpdated(true);
    }
}
