package eu.europa.ec.markt.dss.validation102853.pades;

import eu.europa.ec.markt.dss.DigestAlgorithm;
import eu.europa.ec.markt.dss.EncryptionAlgorithm;
import eu.europa.ec.markt.dss.exception.DSSException;
import eu.europa.ec.markt.dss.signature.DSSDocument;
import eu.europa.ec.markt.dss.signature.SignatureFormat;
import eu.europa.ec.markt.dss.signature.pdf.PDFSignatureService;
import eu.europa.ec.markt.dss.signature.pdf.PdfArray;
import eu.europa.ec.markt.dss.signature.pdf.PdfDict;
import eu.europa.ec.markt.dss.signature.pdf.PdfObjFactory;
import eu.europa.ec.markt.dss.signature.pdf.PdfSignatureInfo;
import eu.europa.ec.markt.dss.signature.pdf.SignatureValidationCallback;
import eu.europa.ec.markt.dss.validation.CRLRef;
import eu.europa.ec.markt.dss.validation.CertificateRef;
import eu.europa.ec.markt.dss.validation.OCSPRef;
import eu.europa.ec.markt.dss.validation.PolicyValue;
import eu.europa.ec.markt.dss.validation.SignatureForm;
import eu.europa.ec.markt.dss.validation.crl.ListCRLSource;
import eu.europa.ec.markt.dss.validation.ocsp.ListOCSPSource;
import eu.europa.ec.markt.dss.validation102853.AdvancedSignature;
import eu.europa.ec.markt.dss.validation102853.CertificatePool;
import eu.europa.ec.markt.dss.validation102853.CertificateToken;
import eu.europa.ec.markt.dss.validation102853.TimestampReference;
import eu.europa.ec.markt.dss.validation102853.TimestampToken;
import eu.europa.ec.markt.dss.validation102853.bean.SignatureCryptographicVerification;
import eu.europa.ec.markt.dss.validation102853.bean.SignatureProductionPlace;
import eu.europa.ec.markt.dss.validation102853.bean.SigningCertificate;
import eu.europa.ec.markt.dss.validation102853.cades.CAdESSignature;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.MessageDigest;
import java.security.SignatureException;
import java.security.cert.CRLException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Date;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import java.util.concurrent.atomic.AtomicBoolean;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.apache.commons.codec.binary.Hex;
import org.apache.commons.lang.StringUtils;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.ocsp.BasicOCSPResp;
import org.bouncycastle.ocsp.OCSPException;
import org.bouncycastle.ocsp.OCSPResp;
import org.linagora.linshare.core.utils.LdapHashUtils;

/* loaded from: input_file:applet/signature-client.jar:eu/europa/ec/markt/dss/validation102853/pades/PAdESSignature.class */
public class PAdESSignature implements AdvancedSignature {
    private static final Logger LOG = Logger.getLogger(PAdESSignature.class.getName());
    private final DSSDocument document;
    private final PdfDict pdfCatalog;
    private final PdfDict outerCatalog;
    private final PdfDict signatureDictionary;
    private final CAdESSignature cadesSignature;
    private final PdfSignatureInfo pk;
    private PAdESCertificateSource padesCertSources;
    private CertificatePool certPool;
    private Set<DigestAlgorithm> usedCertificatesDigestAlgorithms = new HashSet();

    public PAdESSignature(DSSDocument dSSDocument, PdfDict pdfDict, PdfDict pdfDict2, PdfDict pdfDict3, PdfSignatureInfo pdfSignatureInfo, CertificatePool certificatePool) throws CMSException, IOException {
        this.document = dSSDocument;
        this.pdfCatalog = pdfDict;
        this.outerCatalog = pdfDict2;
        this.signatureDictionary = pdfDict3;
        this.cadesSignature = new CAdESSignature(pdfDict3.get("Contents"), certificatePool);
        this.certPool = certificatePool;
        this.pk = pdfSignatureInfo;
    }

    @Override // eu.europa.ec.markt.dss.validation102853.AdvancedSignature
    public SignatureForm getSignatureFormat() {
        return SignatureForm.PAdES;
    }

    @Override // eu.europa.ec.markt.dss.validation102853.AdvancedSignature
    public EncryptionAlgorithm getEncryptionAlgo() {
        return this.cadesSignature.getEncryptionAlgo();
    }

    @Override // eu.europa.ec.markt.dss.validation102853.AdvancedSignature
    public DigestAlgorithm getDigestAlgo() {
        return this.cadesSignature.getDigestAlgo();
    }

    @Override // eu.europa.ec.markt.dss.validation102853.AdvancedSignature
    public PAdESCertificateSource getCertificateSource() {
        if (this.padesCertSources == null) {
            this.padesCertSources = new PAdESCertificateSource(this.outerCatalog != null ? this.outerCatalog : this.pdfCatalog, this.cadesSignature.getCertificateSource(), this.certPool);
        }
        return this.padesCertSources;
    }

    private PdfDict getDSSDictionary() {
        return (this.outerCatalog != null ? this.outerCatalog : this.pdfCatalog).getAsDict("DSS");
    }

    @Override // eu.europa.ec.markt.dss.validation102853.AdvancedSignature
    public ListCRLSource getCRLSource() {
        PdfArray asArray;
        PdfDict dSSDictionary = getDSSDictionary();
        try {
            ArrayList arrayList = new ArrayList();
            if (dSSDictionary != null && (asArray = dSSDictionary.getAsArray("CRLs")) != null) {
                CertificateFactory certificateFactory = CertificateFactory.getInstance("X509");
                for (int i = 0; i < asArray.size(); i++) {
                    X509CRL x509crl = (X509CRL) certificateFactory.generateCRL(new ByteArrayInputStream(asArray.getBytes(i)));
                    if (!arrayList.contains(x509crl)) {
                        arrayList.add(x509crl);
                    }
                }
            }
            if (arrayList.size() > 0) {
                return new ListCRLSource(arrayList);
            }
            return null;
        } catch (IOException e) {
            throw new DSSException(e);
        } catch (CRLException e2) {
            throw new DSSException(e2);
        } catch (CertificateException e3) {
            throw new DSSException(e3);
        }
    }

    @Override // eu.europa.ec.markt.dss.validation102853.AdvancedSignature
    public ListOCSPSource getOCSPSource() {
        PdfArray asArray;
        PdfDict dSSDictionary = getDSSDictionary();
        try {
            ArrayList arrayList = new ArrayList();
            if (dSSDictionary != null && (asArray = dSSDictionary.getAsArray("OCSPs")) != null) {
                for (int i = 0; i < asArray.size(); i++) {
                    arrayList.add((BasicOCSPResp) new OCSPResp(asArray.getBytes(i)).getResponseObject());
                }
            }
            if (arrayList.size() > 0) {
                return new ListOCSPSource(arrayList);
            }
            return null;
        } catch (IOException e) {
            throw new DSSException(e);
        } catch (OCSPException e2) {
            throw new DSSException(e2);
        }
    }

    @Override // eu.europa.ec.markt.dss.validation102853.AdvancedSignature
    public SigningCertificate getSigningCertificate() {
        return this.cadesSignature.getSigningCertificate();
    }

    @Override // eu.europa.ec.markt.dss.validation102853.AdvancedSignature
    public Date getSigningTime() {
        Date date = null;
        if (this.pk.getSigningDate() != null) {
            date = this.pk.getSigningDate();
        }
        return date == null ? this.cadesSignature.getSigningTime() : date;
    }

    @Override // eu.europa.ec.markt.dss.validation102853.AdvancedSignature
    public PolicyValue getPolicyId() {
        return this.cadesSignature.getPolicyId();
    }

    @Override // eu.europa.ec.markt.dss.validation102853.AdvancedSignature
    public SignatureProductionPlace getSignatureProductionPlace() {
        String location = this.pk.getLocation();
        if (location == null || location.trim().length() == 0) {
            return this.cadesSignature.getSignatureProductionPlace();
        }
        SignatureProductionPlace signatureProductionPlace = new SignatureProductionPlace();
        signatureProductionPlace.setCountryName(location);
        return signatureProductionPlace;
    }

    @Override // eu.europa.ec.markt.dss.validation102853.AdvancedSignature
    public String getContentType() {
        return "application/pdf";
    }

    @Override // eu.europa.ec.markt.dss.validation102853.AdvancedSignature
    public String[] getClaimedSignerRoles() {
        return this.cadesSignature.getClaimedSignerRoles();
    }

    @Override // eu.europa.ec.markt.dss.validation102853.AdvancedSignature
    public List<TimestampToken> getContentTimestamps() {
        return this.cadesSignature.getContentTimestamps();
    }

    @Override // eu.europa.ec.markt.dss.validation102853.AdvancedSignature
    public List<TimestampToken> getSignatureTimestamps() {
        return this.cadesSignature.getSignatureTimestamps();
    }

    @Override // eu.europa.ec.markt.dss.validation102853.AdvancedSignature
    public List<TimestampToken> getTimestampsX1() {
        return Collections.emptyList();
    }

    @Override // eu.europa.ec.markt.dss.validation102853.AdvancedSignature
    public List<TimestampToken> getTimestampsX2() {
        return Collections.emptyList();
    }

    @Override // eu.europa.ec.markt.dss.validation102853.AdvancedSignature
    public List<TimestampToken> getArchiveTimestamps() {
        return Collections.emptyList();
    }

    @Override // eu.europa.ec.markt.dss.validation102853.AdvancedSignature
    public List<CertificateToken> getCertificates() {
        return getCertificateSource().getCertificates();
    }

    @Override // eu.europa.ec.markt.dss.validation102853.AdvancedSignature
    public SignatureCryptographicVerification checkIntegrity(DSSDocument dSSDocument) {
        SignatureCryptographicVerification signatureCryptographicVerification = new SignatureCryptographicVerification();
        try {
            if (this.signatureDictionary.hasANameWithValue("SubFilter", "ETSI.RFC3161")) {
                signatureCryptographicVerification.setSignatureIntegrity(this.pk.verify());
            } else {
                signatureCryptographicVerification.setSignatureIntegrity(this.pk.verify());
            }
            signatureCryptographicVerification.setReferenceDataFound(signatureCryptographicVerification.isSignatureIntact());
            signatureCryptographicVerification.setReferenceDataIntact(signatureCryptographicVerification.isSignatureIntact());
        } catch (Exception e) {
            LOG.log(Level.WARNING, "Could not check integrity", (Throwable) e);
            signatureCryptographicVerification.setErrorMessage(e.getMessage());
        }
        return signatureCryptographicVerification;
    }

    @Override // eu.europa.ec.markt.dss.validation102853.AdvancedSignature
    public List<AdvancedSignature> getCounterSignatures() {
        return Collections.emptyList();
    }

    @Override // eu.europa.ec.markt.dss.validation102853.AdvancedSignature
    public List<CertificateRef> getCertificateRefs() {
        return Collections.emptyList();
    }

    @Override // eu.europa.ec.markt.dss.validation102853.AdvancedSignature
    public List<CRLRef> getCRLRefs() {
        return Collections.emptyList();
    }

    @Override // eu.europa.ec.markt.dss.validation102853.AdvancedSignature
    public List<OCSPRef> getOCSPRefs() {
        return Collections.emptyList();
    }

    @Override // eu.europa.ec.markt.dss.validation102853.AdvancedSignature
    public List<X509CRL> getCRLs() {
        ListCRLSource cRLSource = getCRLSource();
        if (cRLSource == null) {
            return null;
        }
        return cRLSource.getContainedCRLs();
    }

    @Override // eu.europa.ec.markt.dss.validation102853.AdvancedSignature
    public List<BasicOCSPResp> getOCSPs() {
        ListOCSPSource oCSPSource = getOCSPSource();
        if (oCSPSource == null) {
            return null;
        }
        return oCSPSource.getContainedOCSPResponses();
    }

    @Override // eu.europa.ec.markt.dss.validation102853.AdvancedSignature
    public byte[] getSignatureTimestampData() {
        return this.cadesSignature.getSignatureTimestampData();
    }

    @Override // eu.europa.ec.markt.dss.validation102853.AdvancedSignature
    public byte[] getTimestampX1Data() {
        return null;
    }

    @Override // eu.europa.ec.markt.dss.validation102853.AdvancedSignature
    public byte[] getTimestampX2Data() {
        return null;
    }

    public PdfDict getPdfCatalog() {
        return this.pdfCatalog;
    }

    public CAdESSignature getCAdESSignature() {
        return this.cadesSignature;
    }

    public PdfDict getOuterCatalog() {
        return this.outerCatalog;
    }

    public PdfDict getSignatureDictionary() {
        return this.signatureDictionary;
    }

    @Override // eu.europa.ec.markt.dss.validation102853.AdvancedSignature
    public byte[] getArchiveTimestampData(TimestampToken timestampToken) {
        return null;
    }

    @Override // eu.europa.ec.markt.dss.validation102853.AdvancedSignature
    public String getId() {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance(LdapHashUtils.MD5);
            if (getSigningTime() != null) {
                messageDigest.update(Long.toString(getSigningTime().getTime()).getBytes());
            }
            messageDigest.update(getSigningCertificate().getCertToken().getCertificate().getEncoded());
            return Hex.encodeHexString(messageDigest.digest());
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    @Override // eu.europa.ec.markt.dss.validation102853.AdvancedSignature
    public List<TimestampReference> getTimestampedReferences() {
        return Collections.emptyList();
    }

    @Override // eu.europa.ec.markt.dss.validation102853.AdvancedSignature
    public Set<DigestAlgorithm> getUsedCertificatesDigestAlgorithms() {
        return this.usedCertificatesDigestAlgorithms;
    }

    @Override // eu.europa.ec.markt.dss.validation102853.AdvancedSignature
    public boolean isLevelReached(SignatureFormat signatureFormat) {
        return false;
    }

    private boolean hasDSSDictionary() {
        PDFSignatureService newTimestampSignatureService = PdfObjFactory.getInstance().newTimestampSignatureService();
        try {
            final AtomicBoolean atomicBoolean = new AtomicBoolean(false);
            newTimestampSignatureService.validateSignatures(this.document.openStream(), new SignatureValidationCallback() { // from class: eu.europa.ec.markt.dss.validation102853.pades.PAdESSignature.1
                @Override // eu.europa.ec.markt.dss.signature.pdf.SignatureValidationCallback
                public void validate(PdfDict pdfDict, PdfDict pdfDict2, X509Certificate x509Certificate, Date date, Certificate[] certificateArr, PdfDict pdfDict3, PdfSignatureInfo pdfSignatureInfo) {
                    if ((pdfDict2 != null ? pdfDict2 : PAdESSignature.this.pdfCatalog) != null) {
                        atomicBoolean.set((PAdESSignature.this.getCertificateSource() == null || PAdESSignature.this.getCertificateSource().getCertificates() == null || PAdESSignature.this.getCertificateSource().getCertificates().isEmpty()) ? false : true);
                    }
                }
            });
            return atomicBoolean.get();
        } catch (IOException e) {
            throw new DSSException(e);
        } catch (SignatureException e2) {
            throw new DSSException(e2);
        }
    }

    private boolean hasDocumentTimestamp() {
        PDFSignatureService newTimestampSignatureService = PdfObjFactory.getInstance().newTimestampSignatureService();
        try {
            final AtomicBoolean atomicBoolean = new AtomicBoolean(false);
            newTimestampSignatureService.validateSignatures(this.document.openStream(), new SignatureValidationCallback() { // from class: eu.europa.ec.markt.dss.validation102853.pades.PAdESSignature.2
                @Override // eu.europa.ec.markt.dss.signature.pdf.SignatureValidationCallback
                public void validate(PdfDict pdfDict, PdfDict pdfDict2, X509Certificate x509Certificate, Date date, Certificate[] certificateArr, PdfDict pdfDict3, PdfSignatureInfo pdfSignatureInfo) {
                    try {
                        byte[] bArr = pdfDict3.get("SubFilter");
                        if (bArr != null && StringUtils.equals("/ETSI.RFC3161", new String(bArr))) {
                            atomicBoolean.set(true);
                        }
                    } catch (IOException e) {
                        throw new DSSException(e);
                    }
                }
            });
            return atomicBoolean.get();
        } catch (IOException e) {
            throw new DSSException(e);
        } catch (SignatureException e2) {
            throw new DSSException(e2);
        }
    }
}
