package eu.europa.ec.markt.dss.signature.pades;

import eu.europa.ec.markt.dss.DigestAlgorithm;
import eu.europa.ec.markt.dss.exception.DSSException;
import eu.europa.ec.markt.dss.exception.NotETSICompliantException;
import eu.europa.ec.markt.dss.signature.DSSDocument;
import eu.europa.ec.markt.dss.signature.InMemoryDocument;
import eu.europa.ec.markt.dss.signature.SignatureExtension;
import eu.europa.ec.markt.dss.signature.SignatureParameters;
import eu.europa.ec.markt.dss.signature.pdf.PDFSignatureService;
import eu.europa.ec.markt.dss.signature.pdf.PdfArray;
import eu.europa.ec.markt.dss.signature.pdf.PdfDict;
import eu.europa.ec.markt.dss.signature.pdf.PdfObjFactory;
import eu.europa.ec.markt.dss.signature.pdf.PdfReader;
import eu.europa.ec.markt.dss.signature.pdf.PdfSignatureInfo;
import eu.europa.ec.markt.dss.signature.pdf.PdfStream;
import eu.europa.ec.markt.dss.signature.pdf.PdfWriter;
import eu.europa.ec.markt.dss.signature.pdf.SignatureValidationCallback;
import eu.europa.ec.markt.dss.validation.CertificateVerifier;
import eu.europa.ec.markt.dss.validation.ValidationContext;
import eu.europa.ec.markt.dss.validation.cades.CAdESSignature;
import eu.europa.ec.markt.dss.validation.certificate.CertificateAndContext;
import eu.europa.ec.markt.dss.validation.ocsp.OCSPUtils;
import eu.europa.ec.markt.dss.validation.tsp.TSPSource;
import eu.europa.ec.markt.dss.validation.x509.TimestampToken;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SignatureException;
import java.security.cert.CRLException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.Calendar;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.TimeZone;
import org.apache.commons.codec.binary.Hex;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.ocsp.BasicOCSPResp;

/* loaded from: input_file:applet/signature-client.jar:eu/europa/ec/markt/dss/signature/pades/PAdESProfileLTV.class */
public class PAdESProfileLTV implements SignatureExtension {
    private CertificateVerifier certificateVerifier;
    private TSPSource tspSource;
    private PDFSignatureService pdfSignatureService = PdfObjFactory.getInstance().newPAdESSignatureService();
    private Map<X509Certificate, PdfStream> certsRefs = new HashMap();
    private Map<X509CRL, PdfStream> crlRefs = new HashMap();
    private Map<BasicOCSPResp, PdfStream> ocspRefs = new HashMap();

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:applet/signature-client.jar:eu/europa/ec/markt/dss/signature/pades/PAdESProfileLTV$LTVSignatureValidationCallback.class */
    public class LTVSignatureValidationCallback implements SignatureValidationCallback {
        private PdfWriter stamper;
        private PdfArray certsArray = PdfObjFactory.getInstance().newArray();
        private PdfArray ocspsArray = PdfObjFactory.getInstance().newArray();
        private PdfArray crlsArray = PdfObjFactory.getInstance().newArray();
        private ValidationContext validationContext;
        private byte[] signatureBlock;

        public LTVSignatureValidationCallback(PdfWriter pdfWriter) {
            this.stamper = pdfWriter;
        }

        @Override // eu.europa.ec.markt.dss.signature.pdf.SignatureValidationCallback
        public void validate(PdfDict pdfDict, PdfDict pdfDict2, X509Certificate x509Certificate, Date date, Certificate[] certificateArr, PdfDict pdfDict3, PdfSignatureInfo pdfSignatureInfo) {
            if (x509Certificate == null) {
                throw new NotETSICompliantException(NotETSICompliantException.MSG.NO_SIGNING_CERTIFICATE);
            }
            if (date == null) {
                throw new NotETSICompliantException(NotETSICompliantException.MSG.NO_SIGNING_TIME);
            }
            try {
                this.signatureBlock = pdfDict3.get("Contents");
                CAdESSignature cAdESSignature = new CAdESSignature(this.signatureBlock);
                ValidationContext validateCertificate = PAdESProfileLTV.this.certificateVerifier.validateCertificate(x509Certificate, date, cAdESSignature.getCertificateSource(), null, null);
                if (cAdESSignature.getSignatureTimestamps() != null) {
                    Iterator<TimestampToken> it2 = cAdESSignature.getSignatureTimestamps().iterator();
                    while (it2.hasNext()) {
                        validateCertificate.validateTimestamp(it2.next(), cAdESSignature.getCertificateSource(), null, null);
                    }
                }
                for (BasicOCSPResp basicOCSPResp : validateCertificate.getNeededOCSPResp()) {
                    try {
                        PdfStream newStream = PdfObjFactory.getInstance().newStream(OCSPUtils.fromBasicToResp(basicOCSPResp).getEncoded());
                        this.stamper.addToArray(this.ocspsArray, newStream);
                        PAdESProfileLTV.this.ocspRefs.put(basicOCSPResp, newStream);
                    } catch (IOException e) {
                        throw new RuntimeException(e);
                    }
                }
                for (X509CRL x509crl : validateCertificate.getNeededCRL()) {
                    try {
                        PdfStream newStream2 = PdfObjFactory.getInstance().newStream(x509crl.getEncoded());
                        this.stamper.addToArray(this.crlsArray, newStream2);
                        PAdESProfileLTV.this.crlRefs.put(x509crl, newStream2);
                    } catch (IOException e2) {
                        throw new RuntimeException(e2);
                    } catch (CRLException e3) {
                        throw new RuntimeException(e3);
                    }
                }
                for (CertificateAndContext certificateAndContext : validateCertificate.getNeededCertificates()) {
                    try {
                        PdfStream newStream3 = PdfObjFactory.getInstance().newStream(certificateAndContext.getCertificate().getEncoded());
                        this.stamper.addToArray(this.certsArray, newStream3);
                        PAdESProfileLTV.this.certsRefs.put(certificateAndContext.getCertificate(), newStream3);
                    } catch (IOException e4) {
                        throw new RuntimeException(e4);
                    } catch (CertificateEncodingException e5) {
                        throw new RuntimeException(e5);
                    }
                }
            } catch (IOException e6) {
                throw new RuntimeException(e6);
            } catch (CMSException e7) {
                throw new RuntimeException(e7);
            }
        }

        public PdfArray getCertsArray() {
            return this.certsArray;
        }

        public PdfArray getCrlsArray() {
            return this.crlsArray;
        }

        public PdfArray getOcspsArray() {
            return this.ocspsArray;
        }

        public byte[] getSignatureBlock() {
            return this.signatureBlock;
        }

        public ValidationContext getValidationContext() {
            return this.validationContext;
        }
    }

    public void setTspSource(TSPSource tSPSource) {
        this.tspSource = tSPSource;
    }

    public void setCertificateVerifier(CertificateVerifier certificateVerifier) {
        this.certificateVerifier = certificateVerifier;
    }

    private void buildVRIDict(PdfWriter pdfWriter, BasicOCSPResp basicOCSPResp, PdfDict pdfDict) throws IOException, NoSuchAlgorithmException {
        PdfDict newDict = PdfObjFactory.getInstance().newDict();
        pdfWriter.addToDict(newDict, "TU", Calendar.getInstance(TimeZone.getTimeZone("GMT")));
        pdfWriter.addToDict(newDict, Hex.encodeHexString(MessageDigest.getInstance(DigestAlgorithm.SHA1.getName()).digest(basicOCSPResp.getSignature())).toUpperCase(), pdfDict);
    }

    private void buildVRIDict(PdfWriter pdfWriter, X509CRL x509crl, PdfDict pdfDict) throws IOException, NoSuchAlgorithmException {
        PdfDict newDict = PdfObjFactory.getInstance().newDict();
        pdfWriter.addToDict(newDict, "TU", Calendar.getInstance(TimeZone.getTimeZone("GMT")));
        pdfWriter.addToDict(pdfDict, Hex.encodeHexString(MessageDigest.getInstance(DigestAlgorithm.SHA1.getName()).digest(x509crl.getSignature())).toUpperCase(), newDict);
    }

    private void integrateCRL(LTVSignatureValidationCallback lTVSignatureValidationCallback, PdfWriter pdfWriter, PdfDict pdfDict, PdfDict pdfDict2, PdfDict pdfDict3) throws IOException {
        PdfArray crlsArray = lTVSignatureValidationCallback.getCrlsArray();
        if (crlsArray.size() > 0) {
            pdfWriter.addToDict(pdfDict, "CRLs", crlsArray);
            pdfWriter.addToDict(pdfDict2, "CRL", crlsArray);
            Iterator<X509CRL> it2 = this.crlRefs.keySet().iterator();
            while (it2.hasNext()) {
                try {
                    buildVRIDict(pdfWriter, it2.next(), pdfDict3);
                } catch (NoSuchAlgorithmException e) {
                    throw new RuntimeException();
                }
            }
        }
    }

    private void integrateOCSP(LTVSignatureValidationCallback lTVSignatureValidationCallback, PdfWriter pdfWriter, PdfDict pdfDict, PdfDict pdfDict2, PdfDict pdfDict3) throws IOException {
        PdfArray ocspsArray = lTVSignatureValidationCallback.getOcspsArray();
        if (ocspsArray.size() > 0) {
            pdfWriter.addToDict(pdfDict, "OCSPs", ocspsArray);
            pdfWriter.addToDict(pdfDict2, "OCSP", ocspsArray);
            Iterator<BasicOCSPResp> it2 = this.ocspRefs.keySet().iterator();
            while (it2.hasNext()) {
                try {
                    buildVRIDict(pdfWriter, it2.next(), pdfDict3);
                } catch (NoSuchAlgorithmException e) {
                    throw new RuntimeException();
                }
            }
        }
    }

    public DSSDocument extendSignatures(DSSDocument dSSDocument, DSSDocument dSSDocument2, SignatureParameters signatureParameters) throws IOException {
        try {
            PdfObjFactory pdfObjFactory = PdfObjFactory.getInstance();
            PdfReader newReader = pdfObjFactory.newReader(dSSDocument.openStream());
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            PdfWriter newWriter = pdfObjFactory.newWriter(newReader, byteArrayOutputStream);
            LTVSignatureValidationCallback lTVSignatureValidationCallback = new LTVSignatureValidationCallback(newWriter);
            this.pdfSignatureService.validateSignatures(dSSDocument.openStream(), lTVSignatureValidationCallback);
            PdfDict newDict = pdfObjFactory.newDict("DSS");
            PdfDict newDict2 = pdfObjFactory.newDict("VRI");
            PdfDict newDict3 = pdfObjFactory.newDict();
            integrateCRL(lTVSignatureValidationCallback, newWriter, newDict, newDict3, newDict3);
            integrateOCSP(lTVSignatureValidationCallback, newWriter, newDict, newDict3, newDict3);
            newWriter.addToDict(newDict2, Hex.encodeHexString(MessageDigest.getInstance(DigestAlgorithm.SHA1.getName()).digest(lTVSignatureValidationCallback.getSignatureBlock())).toUpperCase(), newDict3);
            newWriter.addToDict(newDict, "VRI", newDict2);
            newWriter.addToDict(newDict, "Certs", lTVSignatureValidationCallback.getCertsArray());
            newWriter.addToDict(newReader.getCatalog(), "DSS", newDict);
            newWriter.close();
            byteArrayOutputStream.close();
            InMemoryDocument inMemoryDocument = new InMemoryDocument(byteArrayOutputStream.toByteArray());
            ByteArrayOutputStream byteArrayOutputStream2 = new ByteArrayOutputStream();
            PDFSignatureService newTimestampSignatureService = pdfObjFactory.newTimestampSignatureService();
            newTimestampSignatureService.sign(inMemoryDocument.openStream(), this.tspSource.getTimeStampResponse(signatureParameters.getDigestAlgorithm(), newTimestampSignatureService.digest(inMemoryDocument.openStream(), signatureParameters)).getTimeStampToken().getEncoded(), byteArrayOutputStream2, signatureParameters);
            return new InMemoryDocument(byteArrayOutputStream2.toByteArray());
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException(e);
        } catch (SignatureException e2) {
            throw new RuntimeException(e2);
        }
    }

    @Override // eu.europa.ec.markt.dss.signature.SignatureExtension
    public DSSDocument extendSignatures(DSSDocument dSSDocument, SignatureParameters signatureParameters) throws DSSException {
        try {
            return extendSignatures(dSSDocument, null, signatureParameters);
        } catch (IOException e) {
            throw new DSSException(e);
        }
    }

    @Override // eu.europa.ec.markt.dss.signature.SignatureExtension
    @Deprecated
    public DSSDocument extendSignature(Object obj, DSSDocument dSSDocument, SignatureParameters signatureParameters) throws IOException {
        return null;
    }
}
