package at.gv.egiz.pdfas.sigs.pades;

import at.gv.egiz.pdfas.common.exceptions.PDFASError;
import at.gv.egiz.pdfas.common.exceptions.PdfAsException;
import at.gv.egiz.pdfas.common.exceptions.PdfAsSignatureException;
import at.gv.egiz.pdfas.lib.api.PdfAsFactory;
import at.gv.egiz.pdfas.lib.api.sign.IPlainSigner;
import at.gv.egiz.pdfas.lib.api.sign.SignParameter;
import at.gv.egiz.pdfas.lib.impl.status.RequestedSignature;
import at.gv.egiz.pdfas.lib.util.CertificateUtils;
import at.gv.egiz.pdfas.lib.util.SignatureUtils;
import iaik.asn1.ASN1Object;
import iaik.asn1.CodingException;
import iaik.asn1.ObjectID;
import iaik.asn1.SEQUENCE;
import iaik.asn1.UTF8String;
import iaik.asn1.structures.AlgorithmID;
import iaik.asn1.structures.Attribute;
import iaik.asn1.structures.ChoiceOfTime;
import iaik.cms.CMSException;
import iaik.cms.ContentInfo;
import iaik.cms.IssuerAndSerialNumber;
import iaik.cms.SignedData;
import iaik.cms.SignerInfo;
import iaik.smime.ess.ESSCertID;
import iaik.smime.ess.ESSCertIDv2;
import iaik.x509.X509Certificate;
import java.io.FileInputStream;
import java.io.IOException;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.util.ArrayList;
import java.util.Date;
import java.util.List;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:at/gv/egiz/pdfas/sigs/pades/PAdESSignerKeystore.class */
public class PAdESSignerKeystore implements IPlainSigner, PAdESConstants {
    private static final Logger logger = LoggerFactory.getLogger(PAdESSignerKeystore.class);
    private static final String fallBackProvider = "SunJSSE";
    public static final String SIGNATURE_DEVICE = "JKS";
    PrivateKey privKey;
    X509Certificate cert;

    private void readKeyStore(KeyStore keyStore, String str, String str2) throws Throwable {
        if (str2 == null) {
            throw new PdfAsException("error.pdf.sig.16");
        }
        KeyStore.PasswordProtection passwordProtection = new KeyStore.PasswordProtection(str2.toCharArray());
        logger.info("Opening Alias: [" + str + "]");
        KeyStore.Entry entry = keyStore.getEntry(str, passwordProtection);
        if (!(entry instanceof KeyStore.PrivateKeyEntry)) {
            throw new PdfAsException("error.pdf.sig.18");
        }
        KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) entry;
        this.privKey = privateKeyEntry.getPrivateKey();
        if (this.privKey == null) {
            throw new PdfAsException("error.pdf.sig.13");
        }
        Certificate certificate = privateKeyEntry.getCertificate();
        if (certificate == null && privateKeyEntry.getCertificateChain() != null && privateKeyEntry.getCertificateChain().length > 0) {
            certificate = privateKeyEntry.getCertificateChain()[0];
        }
        if (certificate == null) {
            throw new PdfAsException("error.pdf.sig.17");
        }
        this.cert = new X509Certificate(certificate.getEncoded());
    }

    private KeyStore buildKeyStoreFromFile(String str, String str2, String str3, String str4) throws Throwable {
        logger.trace("Opening Keystore: " + str + " with [" + (str4 == null ? "IAIK" : str4) + "]");
        KeyStore keyStore = str4 == null ? KeyStore.getInstance(str3) : KeyStore.getInstance(str3, str4);
        if (keyStore == null) {
            throw new PdfAsException("error.pdf.sig.14");
        }
        if (str2 == null) {
            throw new PdfAsException("error.pdf.sig.15");
        }
        FileInputStream fileInputStream = null;
        try {
            fileInputStream = new FileInputStream(str);
            keyStore.load(fileInputStream, str2.toCharArray());
            if (fileInputStream != null) {
                fileInputStream.close();
            }
            return keyStore;
        } catch (Throwable th) {
            if (fileInputStream != null) {
                fileInputStream.close();
            }
            throw th;
        }
    }

    private void loadKeystore(String str, String str2, String str3, String str4, String str5, String str6) throws Throwable {
        readKeyStore(buildKeyStoreFromFile(str, str3, str5, str6), str2, str4);
    }

    public PAdESSignerKeystore(KeyStore keyStore, String str, String str2) throws PDFASError {
        try {
            readKeyStore(keyStore, str, str2);
        } catch (Throwable th) {
            throw new PDFASError(11002L, th);
        }
    }

    public PAdESSignerKeystore(String str, String str2, String str3, String str4, String str5) throws PDFASError {
        PDFASError pDFASError;
        try {
            loadKeystore(str, str2, str3, str4, str5, null);
        } finally {
            try {
            } catch (Throwable th) {
            }
        }
    }

    public PAdESSignerKeystore(PrivateKey privateKey, Certificate certificate) throws PDFASError {
        if (certificate == null) {
            logger.error("PAdESSignerKeystore provided certificate is NULL");
            throw new NullPointerException();
        }
        if (privateKey == null) {
            logger.error("PAdESSignerKeystore provided private Key is NULL");
            throw new NullPointerException();
        }
        if (certificate instanceof X509Certificate) {
            this.cert = (X509Certificate) certificate;
        } else {
            try {
                this.cert = new X509Certificate(certificate.getEncoded());
            } catch (CertificateEncodingException e) {
                throw new PDFASError(13002L, e);
            } catch (CertificateException e2) {
                throw new PDFASError(13002L, e2);
            }
        }
        this.privKey = privateKey;
    }

    public X509Certificate getCertificate(SignParameter signParameter) {
        return this.cert;
    }

    private void setMimeTypeAttrib(List<Attribute> list, String str) {
        list.add(new Attribute(new ObjectID("0.4.0.1733.2.1", "mime-type"), new ASN1Object[]{new UTF8String(str)}));
    }

    private void setContentTypeAttrib(List<Attribute> list) {
        list.add(new Attribute(ObjectID.contentType, new ASN1Object[]{ObjectID.cms_data}));
    }

    private void setSigningCertificateAttrib(List<Attribute> list, X509Certificate x509Certificate) throws CertificateException, NoSuchAlgorithmException, CodingException {
        ObjectID objectID;
        SEQUENCE sequence = new SEQUENCE();
        AlgorithmID[] algorithmIDs = CertificateUtils.getAlgorithmIDs(x509Certificate);
        if (algorithmIDs[1].equals(AlgorithmID.sha1)) {
            objectID = ObjectID.signingCertificate;
            sequence.addComponent(new ESSCertID(x509Certificate, true).toASN1Object());
        } else {
            objectID = ObjectID.signingCertificateV2;
            sequence.addComponent(new ESSCertIDv2(algorithmIDs[1], x509Certificate, true).toASN1Object());
        }
        ASN1Object sequence2 = new SEQUENCE();
        sequence2.addComponent(sequence);
        list.add(new Attribute(objectID, new ASN1Object[]{sequence2}));
    }

    private void setSigningTimeAttrib(List<Attribute> list, Date date) {
        list.add(new Attribute(ObjectID.signingTime, new ASN1Object[]{new ChoiceOfTime(date).toASN1Object()}));
    }

    private void setAttributes(String str, X509Certificate x509Certificate, Date date, SignerInfo signerInfo) throws CertificateException, NoSuchAlgorithmException, CodingException {
        ArrayList arrayList = new ArrayList();
        setMimeTypeAttrib(arrayList, str);
        setContentTypeAttrib(arrayList);
        setSigningCertificateAttrib(arrayList, x509Certificate);
        setSigningTimeAttrib(arrayList, date);
        signerInfo.setSignedAttributes((Attribute[]) arrayList.toArray(new Attribute[arrayList.size()]));
    }

    private void setAttributes(X509Certificate x509Certificate, SignerInfo signerInfo) throws CertificateException, NoSuchAlgorithmException, CodingException {
        ArrayList arrayList = new ArrayList();
        setContentTypeAttrib(arrayList);
        setSigningCertificateAttrib(arrayList, x509Certificate);
        signerInfo.setSignedAttributes((Attribute[]) arrayList.toArray(new Attribute[arrayList.size()]));
    }

    public byte[] sign(byte[] bArr, int[] iArr, SignParameter signParameter, RequestedSignature requestedSignature) throws PdfAsException {
        try {
            logger.info("Creating PAdES signature.");
            requestedSignature.getStatus().getMetaInformations().put("SigDevice", SIGNATURE_DEVICE);
            requestedSignature.getStatus().getMetaInformations().put("SigDeviceVersion", PdfAsFactory.getVersion());
            IssuerAndSerialNumber issuerAndSerialNumber = new IssuerAndSerialNumber(this.cert);
            AlgorithmID[] algorithmIDs = CertificateUtils.getAlgorithmIDs(this.cert);
            SignerInfo signerInfo = new SignerInfo(issuerAndSerialNumber, algorithmIDs[1], algorithmIDs[0], this.privKey);
            SignedData signedData = new SignedData(bArr, 2);
            signedData.addCertificates(new Certificate[]{this.cert});
            if (!signParameter.getConfiguration().hasValue("sig_obj.PAdESCompatibility")) {
                setAttributes("application/pdf", this.cert, new Date(), signerInfo);
            } else if ("true".equalsIgnoreCase(signParameter.getConfiguration().getValue("sig_obj.PAdESCompatibility"))) {
                setAttributes(this.cert, signerInfo);
            } else {
                setAttributes("application/pdf", this.cert, new Date(), signerInfo);
            }
            signedData.addSignerInfo(signerInfo);
            do {
            } while (signedData.getInputStream().read(new byte[1024]) > 0);
            byte[] encoded = new ContentInfo(signedData).getEncoded();
            SignatureUtils.verifySignature(encoded, bArr);
            return encoded;
        } catch (CMSException e) {
            throw new PdfAsSignatureException("error.pdf.sig.01", e);
        } catch (IOException e2) {
            throw new PdfAsSignatureException("error.pdf.sig.01", e2);
        } catch (PDFASError e3) {
            throw new PdfAsSignatureException("error.pdf.sig.01", e3);
        } catch (CodingException e4) {
            throw new PdfAsSignatureException("error.pdf.sig.01", e4);
        } catch (NoSuchAlgorithmException e5) {
            throw new PdfAsSignatureException("error.pdf.sig.01", e5);
        } catch (CertificateException e6) {
            throw new PdfAsSignatureException("error.pdf.sig.01", e6);
        }
    }

    public String getPDFSubFilter() {
        return PAdESConstants.SUBFILTER_ETSI_CADES_DETACHED;
    }

    public String getPDFFilter() {
        return PAdESConstants.FILTER_ADOBE_PPKLITE;
    }
}
