package eu.europa.ec.markt.dss.validation.pades;

import com.lowagie.text.pdf.PRStream;
import com.lowagie.text.pdf.PdfArray;
import com.lowagie.text.pdf.PdfDictionary;
import com.lowagie.text.pdf.PdfName;
import com.lowagie.text.pdf.PdfReader;
import eu.europa.ec.markt.dss.exception.NotETSICompliantException;
import eu.europa.ec.markt.dss.signature.DSSDocument;
import eu.europa.ec.markt.dss.signature.pdf.PDFSignatureService;
import eu.europa.ec.markt.dss.signature.pdf.PdfDict;
import eu.europa.ec.markt.dss.signature.pdf.PdfObjFactory;
import eu.europa.ec.markt.dss.signature.pdf.PdfSignatureInfo;
import eu.europa.ec.markt.dss.signature.pdf.SignatureValidationCallback;
import eu.europa.ec.markt.dss.validation.AdvancedSignature;
import eu.europa.ec.markt.dss.validation.SignedDocumentValidator;
import eu.europa.ec.markt.dss.validation.ValidationContext;
import eu.europa.ec.markt.dss.validation.report.Result;
import eu.europa.ec.markt.dss.validation.report.SignatureLevelA;
import eu.europa.ec.markt.dss.validation.report.SignatureLevelBES;
import eu.europa.ec.markt.dss.validation.report.SignatureLevelC;
import eu.europa.ec.markt.dss.validation.report.SignatureLevelLTV;
import eu.europa.ec.markt.dss.validation.report.SignatureLevelX;
import eu.europa.ec.markt.dss.validation.report.SignatureLevelXL;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.MessageDigest;
import java.security.SignatureException;
import java.security.cert.CRLException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Date;
import java.util.List;
import java.util.logging.Logger;
import org.apache.commons.codec.binary.Hex;
import org.bouncycastle.ocsp.BasicOCSPResp;
import org.bouncycastle.ocsp.OCSPException;
import org.bouncycastle.ocsp.OCSPResp;

/* loaded from: input_file:applet/signature-client.jar:eu/europa/ec/markt/dss/validation/pades/PDFDocumentValidator.class */
public class PDFDocumentValidator extends SignedDocumentValidator {
    private static final Logger LOG = Logger.getLogger(PDFDocumentValidator.class.getName());
    PDFSignatureService pdfSignatureService;

    public PDFDocumentValidator(DSSDocument dSSDocument) {
        this.document = dSSDocument;
        this.pdfSignatureService = PdfObjFactory.getInstance().newPAdESSignatureService();
    }

    @Override // eu.europa.ec.markt.dss.validation.SignedDocumentValidator
    public List<AdvancedSignature> getSignatures() {
        final ArrayList arrayList = new ArrayList();
        try {
            PdfObjFactory.getInstance().newPAdESSignatureService().validateSignatures(this.document.openStream(), new SignatureValidationCallback() { // from class: eu.europa.ec.markt.dss.validation.pades.PDFDocumentValidator.1
                @Override // eu.europa.ec.markt.dss.signature.pdf.SignatureValidationCallback
                public void validate(PdfDict pdfDict, PdfDict pdfDict2, X509Certificate x509Certificate, Date date, Certificate[] certificateArr, PdfDict pdfDict3, PdfSignatureInfo pdfSignatureInfo) {
                    if (x509Certificate == null) {
                        throw new NotETSICompliantException(NotETSICompliantException.MSG.NO_SIGNING_CERTIFICATE);
                    }
                    if (date == null) {
                    }
                    if (pdfDict3 != null) {
                        try {
                            if (!pdfDict3.hasANameWithValue("Type", "DocTimeStamp")) {
                                arrayList.add(new PAdESSignature(pdfDict, pdfDict2, pdfDict3, pdfSignatureInfo));
                            }
                        } catch (Exception e) {
                            throw new RuntimeException(e);
                        }
                    }
                }
            });
            return arrayList;
        } catch (IOException e) {
            throw new RuntimeException(e);
        } catch (SignatureException e2) {
            throw new RuntimeException(e2);
        }
    }

    @Override // eu.europa.ec.markt.dss.validation.SignedDocumentValidator
    protected SignatureLevelBES verifyLevelBES(AdvancedSignature advancedSignature, Date date, ValidationContext validationContext) {
        SignatureLevelBES verifyLevelBES = super.verifyLevelBES(advancedSignature, date, validationContext);
        PAdESSignature pAdESSignature = (PAdESSignature) advancedSignature;
        if (!pAdESSignature.getSignatureDictionary().hasANameWithValue("SubFilter", "ETSI.CAdES.detached") && !pAdESSignature.getSignatureDictionary().hasANameWithValue("SubFilter", "ETSI.RFC3161")) {
            LOG.warning("Invalid or missing SubFilter value in the signature dictionary; should be either ETSI.CAdES.detached or ETSI.RFC3161");
        }
        return verifyLevelBES;
    }

    @Override // eu.europa.ec.markt.dss.validation.SignedDocumentValidator
    protected SignatureLevelC verifyLevelC(AdvancedSignature advancedSignature, Date date, ValidationContext validationContext, boolean z) {
        return null;
    }

    @Override // eu.europa.ec.markt.dss.validation.SignedDocumentValidator
    protected SignatureLevelX verifyLevelX(AdvancedSignature advancedSignature, Date date, ValidationContext validationContext) {
        return null;
    }

    @Override // eu.europa.ec.markt.dss.validation.SignedDocumentValidator
    protected SignatureLevelXL verifyLevelXL(AdvancedSignature advancedSignature, Date date, ValidationContext validationContext, X509Certificate x509Certificate) {
        return null;
    }

    @Override // eu.europa.ec.markt.dss.validation.SignedDocumentValidator
    protected SignatureLevelA verifyLevelA(AdvancedSignature advancedSignature, Date date, ValidationContext validationContext) {
        return null;
    }

    private boolean checkVriDict(PdfDictionary pdfDictionary, boolean z, PAdESSignature pAdESSignature, ValidationContext validationContext, String str) throws CertificateException, IOException, CRLException, OCSPException {
        boolean z2 = z;
        if (pdfDictionary == null) {
            LOG.info("Couldn't find the signature VRI identified by " + str + " in the DSS");
            z2 = false;
        } else {
            LOG.info("Found the signature VRI identified by " + str + " in the DSS");
            PdfArray asArray = pdfDictionary.getAsArray(new PdfName("Cert"));
            if (asArray != null) {
                CertificateFactory certificateFactory = CertificateFactory.getInstance("X509");
                ArrayList arrayList = new ArrayList();
                for (int i = 0; i < asArray.size(); i++) {
                    arrayList.add((X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(PdfReader.getStreamBytes((PRStream) asArray.getAsStream(i)))));
                }
                z2 &= isEveryCertificateValuePresent(validationContext, arrayList, pAdESSignature.getSigningCertificate());
            }
            PdfArray asArray2 = pdfDictionary.getAsArray(new PdfName("CRL"));
            if (asArray2 != null) {
                CertificateFactory certificateFactory2 = CertificateFactory.getInstance("X509");
                ArrayList arrayList2 = new ArrayList();
                for (int i2 = 0; i2 < asArray2.size(); i2++) {
                    arrayList2.add((X509CRL) certificateFactory2.generateCRL(new ByteArrayInputStream(PdfReader.getStreamBytes((PRStream) asArray2.getAsStream(i2)))));
                }
                z2 &= everyCRLValueOrRefAreThere(validationContext, arrayList2);
            }
            PdfArray asArray3 = pdfDictionary.getAsArray(new PdfName("OCSP"));
            if (asArray3 != null) {
                ArrayList arrayList3 = new ArrayList();
                for (int i3 = 0; i3 < asArray3.size(); i3++) {
                    arrayList3.add((BasicOCSPResp) new OCSPResp(PdfReader.getStreamBytes((PRStream) asArray3.getAsStream(i3))).getResponseObject());
                }
                z2 &= everyOCSPValueOrRefAreThere(validationContext, arrayList3);
            }
        }
        return z2;
    }

    @Override // eu.europa.ec.markt.dss.validation.SignedDocumentValidator
    protected SignatureLevelLTV verifyLevelLTV(AdvancedSignature advancedSignature, Date date, ValidationContext validationContext) {
        Result result;
        try {
            PAdESSignature pAdESSignature = (PAdESSignature) advancedSignature;
            PdfDict outerCatalog = pAdESSignature.getOuterCatalog();
            if (outerCatalog == null) {
                outerCatalog = pAdESSignature.getPdfCatalog();
            }
            PdfDict asDict = outerCatalog.getAsDict("DSS");
            if (asDict == null) {
                LOG.info("No DSS dictionary!");
                return new SignatureLevelLTV(new Result(Result.ResultStatus.INVALID, "no.dss.dictionary"), null, null);
            }
            LOG.info("DSS dictionary found");
            boolean isEveryCertificateValuePresent = isEveryCertificateValuePresent(validationContext, pAdESSignature.getExtendedCertificateSource().getCertificates(), pAdESSignature.getSigningCertificate());
            boolean everyCRLValueOrRefAreThere = true & everyCRLValueOrRefAreThere(validationContext, pAdESSignature.getCRLs()) & everyOCSPValueOrRefAreThere(validationContext, pAdESSignature.getOCSPs());
            PdfDict signatureDictionary = pAdESSignature.getSignatureDictionary();
            if (signatureDictionary.hasANameWithValue("Type", "Sig")) {
                if (asDict.getAsDict("VRI") == null) {
                    LOG.info("No VRI dictionary, this is optional but required by Adobe Acrobat");
                    return new SignatureLevelLTV(new Result(Result.ResultStatus.INVALID, "no.vri.dictionary"), null, null);
                }
                Hex.encodeHexString(MessageDigest.getInstance("SHA1").digest(signatureDictionary.get("Contents"))).toUpperCase();
            } else {
                if (!signatureDictionary.hasANameWithValue("Type", "DocTimeStamp")) {
                    throw new RuntimeException("Unknown signature dictionary type");
                }
                System.out.println("Has DocTimeStamp...");
            }
            if (isEveryCertificateValuePresent && everyCRLValueOrRefAreThere) {
                result = new Result(Result.ResultStatus.VALID, (String) null);
            } else {
                result = new Result();
                if (!isEveryCertificateValuePresent) {
                    result.setStatus(Result.ResultStatus.INVALID, "dss.certs.verification.result.error");
                } else if (!everyCRLValueOrRefAreThere) {
                    result.setStatus(Result.ResultStatus.INVALID, "dss.revocation.verification.result.error");
                } else if (1 == 0) {
                    result.setStatus(Result.ResultStatus.INVALID, "vri.verification.result.error");
                }
            }
            return new SignatureLevelLTV(result, new Result(isEveryCertificateValuePresent ? Result.ResultStatus.VALID : Result.ResultStatus.INVALID, (String) null), new Result(everyCRLValueOrRefAreThere ? Result.ResultStatus.VALID : Result.ResultStatus.INVALID, (String) null));
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }
}
