package es.gob.afirma.signers.pades;

import com.lowagie.text.DocumentException;
import com.lowagie.text.Jpeg;
import com.lowagie.text.Rectangle;
import com.lowagie.text.exceptions.BadPasswordException;
import com.lowagie.text.exceptions.InvalidPdfException;
import com.lowagie.text.pdf.AcroFields;
import com.lowagie.text.pdf.PdfArray;
import com.lowagie.text.pdf.PdfDate;
import com.lowagie.text.pdf.PdfDictionary;
import com.lowagie.text.pdf.PdfName;
import com.lowagie.text.pdf.PdfPKCS7;
import com.lowagie.text.pdf.PdfReader;
import com.lowagie.text.pdf.PdfSignature;
import com.lowagie.text.pdf.PdfSignatureAppearance;
import com.lowagie.text.pdf.PdfStamper;
import com.lowagie.text.pdf.PdfString;
import es.gob.afirma.core.AOException;
import es.gob.afirma.core.AOFormatFileException;
import es.gob.afirma.core.AOInvalidFormatException;
import es.gob.afirma.core.misc.AOUtil;
import es.gob.afirma.core.misc.Platform;
import es.gob.afirma.core.misc.SHA2AltNamesProvider;
import es.gob.afirma.core.signers.AOSignConstants;
import es.gob.afirma.core.signers.AOSignInfo;
import es.gob.afirma.core.signers.AOSigner;
import es.gob.afirma.core.signers.AOSimpleSignInfo;
import es.gob.afirma.core.signers.AdESPolicy;
import es.gob.afirma.core.signers.CounterSignTarget;
import es.gob.afirma.core.ui.AOUIFactory;
import es.gob.afirma.core.util.tree.AOTreeModel;
import es.gob.afirma.core.util.tree.AOTreeNode;
import es.gob.afirma.signers.cades.GenCAdESEPESSignedData;
import es.gob.afirma.signers.pkcs7.AOAlgorithmID;
import es.gob.afirma.signers.pkcs7.P7ContentSignerParameters;
import es.gob.afirma.signers.tsp.pkcs7.CMSTimestamper;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.lang.reflect.Field;
import java.net.URL;
import java.security.KeyStore;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.GregorianCalendar;
import java.util.HashMap;
import java.util.Properties;
import java.util.logging.Logger;
import org.bouncycastle.cms.CMSAttributeTableGenerator;

/* loaded from: input_file:es/gob/afirma/signers/pades/AOPDFSigner.class */
public final class AOPDFSigner implements AOSigner {
    private static final int CSIZE = 8000;
    private static final String PADES_BES_SUBFILTER = "ETSI.CAdES.detached";
    private static final String PDF_FILE_SUFFIX = ".pdf";
    private static final String PDF_FILE_HEADER = "%PDF-";
    private static final String ITEXT_VERSION = "2.1.7";
    private static final Logger LOGGER = Logger.getLogger("es.gob.afirma");
    public static final int LAST_PAGE = -666;
    private byte[] rubric = null;

    @Override // es.gob.afirma.core.signers.AOSigner
    public byte[] sign(byte[] bArr, String str, KeyStore.PrivateKeyEntry privateKeyEntry, Properties properties) throws AOException {
        try {
            return signPDF(privateKeyEntry, bArr, properties != null ? properties : new Properties(), str);
        } catch (DocumentException e) {
            throw new AOException("Error en el tratamiento del PDF: " + e, (Exception) e);
        } catch (InvalidPdfException e2) {
            throw new AOFormatFileException("El documento no era un PDF valido", e2);
        } catch (IOException e3) {
            throw new AOException("Error firmando el PDF: " + e3, (Exception) e3);
        } catch (NoSuchAlgorithmException e4) {
            throw new AOException("Error el en algoritmo de firma: " + e4, (Exception) e4);
        } catch (CertificateException e5) {
            throw new AOException("Error en el certificado de firma: " + e5, (Exception) e5);
        }
    }

    @Override // es.gob.afirma.core.signers.AOCoSigner
    public byte[] cosign(byte[] bArr, byte[] bArr2, String str, KeyStore.PrivateKeyEntry privateKeyEntry, Properties properties) throws AOException {
        return sign(bArr2, str, privateKeyEntry, properties);
    }

    @Override // es.gob.afirma.core.signers.AOCoSigner
    public byte[] cosign(byte[] bArr, String str, KeyStore.PrivateKeyEntry privateKeyEntry, Properties properties) throws AOException {
        return sign(bArr, str, privateKeyEntry, properties);
    }

    @Override // es.gob.afirma.core.signers.AOCounterSigner
    public byte[] countersign(byte[] bArr, String str, CounterSignTarget counterSignTarget, Object[] objArr, KeyStore.PrivateKeyEntry privateKeyEntry, Properties properties) throws AOException {
        throw new UnsupportedOperationException("No es posible realizar contrafirmas de ficheros PDF");
    }

    @Override // es.gob.afirma.core.signers.AOSigner
    public String getSignedName(String str, String str2) {
        String str3 = str2 != null ? str2 : "";
        return str == null ? "signed.pdf" : str.toLowerCase().endsWith(PDF_FILE_SUFFIX) ? String.valueOf(str.substring(0, str.length() - PDF_FILE_SUFFIX.length())) + str3 + PDF_FILE_SUFFIX : String.valueOf(str) + str3 + PDF_FILE_SUFFIX;
    }

    @Override // es.gob.afirma.core.signers.AOSigner
    public AOTreeModel getSignersStructure(byte[] bArr, boolean z) {
        PdfReader pdfReader;
        isPdfFile(bArr);
        SHA2AltNamesProvider.install();
        AOTreeNode aOTreeNode = new AOTreeNode("Datos");
        try {
            pdfReader = new PdfReader(bArr);
        } catch (BadPasswordException unused) {
            try {
                pdfReader = new PdfReader(bArr, new String(AOUIFactory.getPassword(PDFMessages.getString("AOPDFSigner.0"), null)).getBytes());
            } catch (BadPasswordException e) {
                LOGGER.severe("La contrasena del PDF no es valida, se devolvera un arbol vacio: " + e);
                return new AOTreeModel(aOTreeNode, aOTreeNode.getChildCount());
            } catch (Exception e2) {
                LOGGER.severe("No se ha podido leer el PDF, se devolvera un arbol vacio: " + e2);
                return new AOTreeModel(aOTreeNode, aOTreeNode.getChildCount());
            }
        } catch (Exception e3) {
            LOGGER.severe("No se ha podido leer el PDF, se devolvera un arbol vacio: " + e3);
            return new AOTreeModel(aOTreeNode, aOTreeNode.getChildCount());
        }
        try {
            AcroFields acroFields = pdfReader.getAcroFields();
            ArrayList signatureNames = acroFields.getSignatureNames();
            for (int i = 0; i < signatureNames.size(); i++) {
                PdfPKCS7 verifySignature = acroFields.verifySignature(signatureNames.get(i).toString());
                if (z) {
                    AOSimpleSignInfo aOSimpleSignInfo = new AOSimpleSignInfo(new X509Certificate[]{verifySignature.getSigningCertificate()}, verifySignature.getSignDate().getTime());
                    try {
                        Field declaredField = AOUtil.classForName("com.lowagie.text.pdf.PdfPKCS7").getDeclaredField(CMSAttributeTableGenerator.DIGEST);
                        declaredField.setAccessible(true);
                        Object obj = declaredField.get(verifySignature);
                        if (obj instanceof byte[]) {
                            aOSimpleSignInfo.setPkcs1((byte[]) obj);
                        }
                        aOTreeNode.add(new AOTreeNode(aOSimpleSignInfo));
                    } catch (Exception e4) {
                        LOGGER.severe("No se ha podido obtener informacion de una de las firmas del PDF, se continuara con la siguiente: " + e4);
                    }
                } else {
                    aOTreeNode.add(new AOTreeNode(AOUtil.getCN(verifySignature.getSigningCertificate())));
                }
            }
            return new AOTreeModel(aOTreeNode, aOTreeNode.getChildCount());
        } catch (Exception e5) {
            LOGGER.severe("No se ha podido obtener la informacion de los firmantes del PDF, se devolvera un arbol vacio: " + e5);
            return new AOTreeModel(aOTreeNode, aOTreeNode.getChildCount());
        }
    }

    @Override // es.gob.afirma.core.signers.AOSigner
    public boolean isSign(byte[] bArr) {
        if (bArr != null) {
            return isPdfFile(bArr) && getSignersStructure(bArr, false).getCount().intValue() > 0;
        }
        LOGGER.warning("Se han introducido datos nulos para su comprobacion");
        return false;
    }

    private boolean isPdfFile(byte[] bArr) {
        checkIText();
        byte[] bArr2 = new byte[PDF_FILE_HEADER.length()];
        try {
            new ByteArrayInputStream(bArr).read(bArr2);
        } catch (Exception unused) {
            bArr2 = (byte[]) null;
        }
        if (bArr2 != null && !PDF_FILE_HEADER.equals(new String(bArr2))) {
            return false;
        }
        try {
            new PdfReader(bArr);
            return true;
        } catch (BadPasswordException unused2) {
            LOGGER.warning("El PDF esta protegido con contrasena, se toma como PDF valido");
            return true;
        } catch (Exception unused3) {
            return false;
        }
    }

    @Override // es.gob.afirma.core.signers.AOSigner
    public boolean isValidDataFile(byte[] bArr) {
        if (bArr != null) {
            return isPdfFile(bArr);
        }
        LOGGER.warning("Se han introducido datos nulos para su comprobacion");
        return false;
    }

    private static Rectangle getSignaturePositionOnPage(Properties properties) {
        try {
            return new Rectangle(Integer.parseInt(properties.getProperty("signaturePositionOnPageLowerLeftX")), Integer.parseInt(properties.getProperty("signaturePositionOnPageLowerLeftY")), Integer.parseInt(properties.getProperty("signaturePositionOnPageUpperRightX")), Integer.parseInt(properties.getProperty("signaturePositionOnPageUpperRightY")));
        } catch (Exception unused) {
            return null;
        }
    }

    private byte[] signPDF(KeyStore.PrivateKeyEntry privateKeyEntry, byte[] bArr, Properties properties, String str) throws IOException, AOException, DocumentException, NoSuchAlgorithmException, CertificateException {
        PdfReader pdfReader;
        URL url;
        PdfDictionary asDict;
        PdfDictionary asDict2;
        PdfDictionary asDict3;
        PdfDictionary asDict4;
        checkIText();
        boolean parseBoolean = Boolean.parseBoolean(properties.getProperty("applySystemDate", Boolean.TRUE.toString()));
        String property = properties.getProperty("signReason");
        String property2 = properties.getProperty("signField");
        String property3 = properties.getProperty("signatureProductionCity");
        String property4 = properties.getProperty("signerContact");
        int i = 1;
        try {
            i = Integer.parseInt(properties.getProperty("signaturePage"));
        } catch (Exception unused) {
        }
        String property5 = properties.getProperty("ownerPassword");
        try {
            pdfReader = property5 == null ? new PdfReader(bArr) : new PdfReader(bArr, property5.getBytes());
        } catch (BadPasswordException e) {
            if (Boolean.TRUE.toString().equalsIgnoreCase(properties.getProperty("headLess"))) {
                throw new AOException("La contrasena proporcionada no es valida para el PDF actual", (Exception) e);
            }
            property5 = new String(AOUIFactory.getPassword(PDFMessages.getString("AOPDFSigner.0"), null));
            try {
                pdfReader = new PdfReader(bArr, property5.getBytes());
            } catch (BadPasswordException e2) {
                throw new AOException("La contrasena proporcionada no es valida para el PDF actual", (Exception) e2);
            }
        } catch (IOException e3) {
            throw new AOFormatFileException("Los datos introducidos no se corresponden con un documento PDF", e3);
        }
        if (pdfReader.getCertificationLevel() != 0 && !Boolean.TRUE.toString().equalsIgnoreCase(properties.getProperty("allowSigningCertifiedPdfs"))) {
            if (properties.getProperty("allowSigningCertifiedPdfs") != null) {
                throw new UnsupportedOperationException("No se permite la firma de PDF certificados (el paramtro allowSigningCertifiedPdfs estaba establecido a false)");
            }
            if (Boolean.TRUE.toString().equalsIgnoreCase(properties.getProperty("headLess"))) {
                throw new UnsupportedOperationException("No se permite la firma de PDF certificados (el parametro allowSigningCertifiedPdfs no estaba establecido y no se permiten dialogos graficos)");
            }
            if (AOUIFactory.NO_OPTION == AOUIFactory.showConfirmDialog(null, PDFMessages.getString("AOPDFSigner.8"), PDFMessages.getString("AOPDFSigner.9"), AOUIFactory.YES_NO_OPTION, AOUIFactory.WARNING_MESSAGE)) {
                throw new UnsupportedOperationException("No se ha permitido la firma de un PDF certificado");
            }
        }
        for (int i2 = 1; i2 <= pdfReader.getNumberOfPages(); i2++) {
            PdfArray asArray = pdfReader.getPageN(i2).getAsArray(PdfName.ANNOTS);
            if (asArray != null) {
                for (int i3 = 0; i3 < asArray.size(); i3++) {
                    PdfDictionary asDict5 = asArray.getAsDict(i3);
                    if (asDict5 != null && PdfName.FILEATTACHMENT.equals(asDict5.getAsName(PdfName.SUBTYPE)) && (asDict3 = asDict5.getAsDict(PdfName.FS)) != null && (asDict4 = asDict3.getAsDict(PdfName.EF)) != null) {
                        for (Object obj : asDict4.getKeys()) {
                            if (obj instanceof PdfName) {
                                LOGGER.warning("Se ha encontrado un adjunto (" + asDict3.getAsString((PdfName) obj) + ") en el PDF, pero no se firmara de forma independiente");
                            }
                        }
                    }
                }
            }
        }
        PdfDictionary catalog = pdfReader.getCatalog();
        if (catalog != null && (asDict = catalog.getAsDict(PdfName.NAMES)) != null && (asDict2 = asDict.getAsDict(PdfName.EMBEDDEDFILES)) != null) {
            PdfArray asArray2 = asDict2.getAsArray(PdfName.NAMES);
            int i4 = 0;
            while (i4 < asArray2.size()) {
                int i5 = i4;
                int i6 = i4 + 1;
                asArray2.getAsString(i5);
                i4 = i6 + 1;
                PdfDictionary asDict6 = asArray2.getAsDict(i6);
                for (Object obj2 : asDict6.getAsDict(PdfName.EF).getKeys()) {
                    if (obj2 instanceof PdfName) {
                        LOGGER.warning("Se ha encontrado un fichero empotrado (" + asDict6.getAsString((PdfName) obj2) + ") en el PDF, pero no se firmara de forma independiente");
                    }
                }
            }
        }
        pdfReader.removeUsageRights();
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        PdfStamper createSignature = PdfStamper.createSignature(pdfReader, byteArrayOutputStream, (char) 0, null, pdfReader.getAcroFields().getSignatureNames().size() > 0);
        PdfSignatureAppearance signatureAppearance = createSignature.getSignatureAppearance();
        createSignature.setFullCompression();
        signatureAppearance.setAcro6Layers(true);
        signatureAppearance.setLayer2Text("");
        signatureAppearance.setLayer4Text("");
        signatureAppearance.setRender(0);
        if (property != null) {
            signatureAppearance.setReason(property);
        }
        if (parseBoolean) {
            signatureAppearance.setSignDate(new GregorianCalendar());
        }
        if (pdfReader.isEncrypted() && property5 != null) {
            if (Boolean.TRUE.toString().equalsIgnoreCase(properties.getProperty("avoidEncryptingSignedPdfs"))) {
                LOGGER.info("Aunque el PDF original estaba encriptado no se encriptara el PDF firmado (se establecio el indicativo 'avoidEncryptingSignedPdfs')");
            } else {
                LOGGER.info("El PDF original estaba encriptado, se intentara encriptar tambien el PDF firmado");
                try {
                    createSignature.setEncryption(property5.getBytes(), property5.getBytes(), pdfReader.getPermissions(), pdfReader.getCryptoMode());
                } catch (DocumentException e4) {
                    LOGGER.warning("No se ha podido cifrar el PDF destino, se escribira sin contrasena: " + e4);
                }
            }
        }
        if (i == -666) {
            i = pdfReader.getNumberOfPages();
        }
        Rectangle signaturePositionOnPage = getSignaturePositionOnPage(properties);
        if (signaturePositionOnPage != null && property2 == null) {
            signatureAppearance.setVisibleSignature(signaturePositionOnPage, i, null);
        } else if (property2 != null) {
            signatureAppearance.setVisibleSignature(property2);
        }
        if (property3 != null) {
            signatureAppearance.setLocation(property3);
        }
        if (property4 != null) {
            signatureAppearance.setContact(property4);
        }
        if (this.rubric != null) {
            try {
                signatureAppearance.setImage(new Jpeg(this.rubric));
            } catch (Exception e5) {
                LOGGER.severe("No se pudo establecer la imagen de firma para el documento PDF, no se usara imagen: " + e5);
            }
        }
        X509Certificate[] x509CertificateArr = (X509Certificate[]) privateKeyEntry.getCertificateChain();
        signatureAppearance.setCrypto(null, x509CertificateArr, null, null);
        PdfSignature pdfSignature = new PdfSignature(PdfName.ADOBE_PPKLITE, new PdfName(PADES_BES_SUBFILTER));
        if (signatureAppearance.getSignDate() != null) {
            pdfSignature.setDate(new PdfDate(signatureAppearance.getSignDate()));
        }
        pdfSignature.setName(PdfPKCS7.getSubjectFields(x509CertificateArr[0]).getField("CN"));
        if (signatureAppearance.getReason() != null) {
            pdfSignature.setReason(signatureAppearance.getReason());
        }
        if (signatureAppearance.getLocation() != null) {
            pdfSignature.setLocation(signatureAppearance.getLocation());
        }
        if (signatureAppearance.getContact() != null) {
            pdfSignature.setContact(signatureAppearance.getContact());
        }
        signatureAppearance.setCryptoDictionary(pdfSignature);
        HashMap hashMap = new HashMap();
        hashMap.put(PdfName.CONTENTS, 16002);
        signatureAppearance.preClose(hashMap);
        byte[] generateSignedData = GenCAdESEPESSignedData.generateSignedData(new P7ContentSignerParameters(bArr, str, x509CertificateArr), true, new AdESPolicy(properties), properties.containsKey("signingCertificateV2") ? Boolean.parseBoolean(properties.getProperty("signingCertificateV2")) : !"SHA1".equals(AOSignConstants.getDigestAlgorithmName(str)), privateKeyEntry, MessageDigest.getInstance(AOSignConstants.getDigestAlgorithmName(str)).digest(AOUtil.getDataFromInputStream(signatureAppearance.getRangeStream())), true, properties.getProperty("contentTypeOid"), properties.getProperty("contentDescription"));
        String property6 = properties.getProperty("tsaURL");
        if (property6 != null) {
            try {
                url = new URL(property6);
            } catch (Exception e6) {
                LOGGER.warning("Se ha indicado una URL de TSA invalida (" + property6 + "), no se anadira sello de tiempo: " + e6);
                url = null;
            }
            if (url != null) {
                String property7 = properties.getProperty("tsaPolicy");
                if (property7 == null) {
                    LOGGER.warning("Se ha indicado una URL de TSA pero no una politica, no se anadira sello de tiempo");
                } else {
                    String property8 = properties.getProperty("tsaHashAlgorithm");
                    generateSignedData = new CMSTimestamper(!Boolean.FALSE.toString().equalsIgnoreCase(properties.getProperty("tsaRequireCert")), property7, url, properties.getProperty("tsaUsr"), properties.getProperty("tsaPwd")).addTimestamp(generateSignedData, AOAlgorithmID.getOID(AOSignConstants.getDigestAlgorithmName(property8 != null ? property8 : "SHA1")));
                }
            }
        }
        byte[] bArr2 = new byte[CSIZE];
        if (bArr2.length < generateSignedData.length) {
            throw new AOException("La firma generada tiene un tamano (" + generateSignedData.length + ") mayor que el permitido (" + bArr2.length + ")");
        }
        PdfDictionary pdfDictionary = new PdfDictionary();
        System.arraycopy(generateSignedData, 0, bArr2, 0, generateSignedData.length);
        pdfDictionary.put(PdfName.CONTENTS, new PdfString(bArr2).setHexWriting(true));
        signatureAppearance.close(pdfDictionary);
        return byteArrayOutputStream.toByteArray();
    }

    public void setRubric(byte[] bArr) {
        this.rubric = bArr != null ? (byte[]) bArr.clone() : null;
    }

    public static String getSignedName(String str) {
        return str == null ? "signed.pdf" : str.endsWith(PDF_FILE_SUFFIX) ? str.replace(PDF_FILE_SUFFIX, ".signed.pdf") : str.endsWith(".PDF") ? str.replace(".PDF", ".signed.pdf") : String.valueOf(str) + ".signed.pdf";
    }

    @Override // es.gob.afirma.core.signers.AOSigner
    public byte[] getData(byte[] bArr) throws AOInvalidFormatException {
        if (isSign(bArr)) {
            return bArr;
        }
        throw new AOInvalidFormatException("El documento introducido no contiene una firma valida");
    }

    @Override // es.gob.afirma.core.signers.AOSigner
    public AOSignInfo getSignInfo(byte[] bArr) throws AOException {
        if (bArr == null) {
            throw new IllegalArgumentException("No se han introducido datos para analizar");
        }
        if (isSign(bArr)) {
            return new AOSignInfo(AOSignConstants.SIGN_FORMAT_PDF);
        }
        throw new AOInvalidFormatException("Los datos introducidos no se corresponden con un objeto de firma");
    }

    private void checkIText() {
        String iTextVersion = Platform.getITextVersion();
        if (!ITEXT_VERSION.equals(iTextVersion)) {
            throw new InvalidITextException(ITEXT_VERSION, iTextVersion);
        }
    }
}
