package es.gob.afirma.signers.pades;

import com.lowagie.text.DocumentException;
import com.lowagie.text.Image;
import com.lowagie.text.Jpeg;
import com.lowagie.text.Rectangle;
import com.lowagie.text.exceptions.BadPasswordException;
import com.lowagie.text.pdf.AcroFields;
import com.lowagie.text.pdf.PdfDate;
import com.lowagie.text.pdf.PdfDeveloperExtension;
import com.lowagie.text.pdf.PdfDictionary;
import com.lowagie.text.pdf.PdfName;
import com.lowagie.text.pdf.PdfPKCS7;
import com.lowagie.text.pdf.PdfReader;
import com.lowagie.text.pdf.PdfSignature;
import com.lowagie.text.pdf.PdfSignatureAppearance;
import com.lowagie.text.pdf.PdfStamper;
import com.lowagie.text.pdf.PdfString;
import com.lowagie.text.pdf.PdfWriter;
import es.gob.afirma.core.AOCancelledOperationException;
import es.gob.afirma.core.AOException;
import es.gob.afirma.core.AOInvalidFormatException;
import es.gob.afirma.core.misc.AOUtil;
import es.gob.afirma.core.misc.Base64;
import es.gob.afirma.core.misc.Platform;
import es.gob.afirma.core.misc.SHA2AltNamesProvider;
import es.gob.afirma.core.signers.AOSignConstants;
import es.gob.afirma.core.signers.AOSignInfo;
import es.gob.afirma.core.signers.AOSigner;
import es.gob.afirma.core.signers.AOSimpleSignInfo;
import es.gob.afirma.core.signers.AdESPolicy;
import es.gob.afirma.core.signers.CounterSignTarget;
import es.gob.afirma.core.ui.AOUIFactory;
import es.gob.afirma.core.util.tree.AOTreeModel;
import es.gob.afirma.core.util.tree.AOTreeNode;
import es.gob.afirma.signers.cades.GenCAdESEPESSignedData;
import es.gob.afirma.signers.pkcs7.AOAlgorithmID;
import es.gob.afirma.signers.pkcs7.P7ContentSignerParameters;
import es.gob.afirma.signers.tsp.pkcs7.CMSTimestamper;
import es.gob.afirma.ui.utils.Constants;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.lang.reflect.Field;
import java.net.URI;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.GregorianCalendar;
import java.util.HashMap;
import java.util.Properties;
import java.util.logging.Logger;
import org.bouncycastle.cms.CMSAttributeTableGenerator;

/* loaded from: input_file:es/gob/afirma/signers/pades/AOPDFSigner.class */
public final class AOPDFSigner implements AOSigner {
    private static final int CSIZE = 8000;
    private static final String PDF_FILE_SUFFIX = ".pdf";
    private static final String PDF_FILE_HEADER = "%PDF-";
    private static final String ITEXT_VERSION = "2.1.7";
    private static final Logger LOGGER = Logger.getLogger(Constants.OUR_NODE_NAME);
    private static final String PDF_OID = "1.2.826.0.1089.1.5";
    private static final String PDF_DESC = "Documento en formato PDF";
    public static final int LAST_PAGE = -666;

    @Override // es.gob.afirma.core.signers.AOSimpleSigner
    public byte[] sign(byte[] bArr, String str, PrivateKey privateKey, Certificate[] certificateArr, Properties properties) throws AOException, IOException {
        Properties properties2 = properties != null ? properties : new Properties();
        try {
            return signPDF(privateKey, certificateArr, bArr, properties2, str);
        } catch (DocumentException e) {
            throw new AOException("Error en el tratamiento del PDF: " + e, (Exception) e);
        } catch (com.lowagie.text.exceptions.InvalidPdfException e2) {
            throw new InvalidPdfException(e2);
        } catch (PdfIsPasswordProtectedException e3) {
            if (Boolean.TRUE.toString().equalsIgnoreCase(properties2.getProperty("headLess"))) {
                throw new BadPdfPasswordException(e3);
            }
            properties2.put("userPassword", new String(AOUIFactory.getPassword(PDFMessages.getString("AOPDFSigner.0"), null)));
            return sign(bArr, str, privateKey, certificateArr, properties2);
        } catch (NoSuchAlgorithmException e4) {
            throw new AOException("Error el en algoritmo de firma: " + e4, (Exception) e4);
        } catch (CertificateException e5) {
            throw new AOException("Error en el certificado de firma: " + e5, (Exception) e5);
        }
    }

    @Override // es.gob.afirma.core.signers.AOCoSigner
    public byte[] cosign(byte[] bArr, byte[] bArr2, String str, PrivateKey privateKey, Certificate[] certificateArr, Properties properties) throws AOException, IOException {
        return sign(bArr2, str, privateKey, certificateArr, properties);
    }

    @Override // es.gob.afirma.core.signers.AOCoSigner
    public byte[] cosign(byte[] bArr, String str, PrivateKey privateKey, Certificate[] certificateArr, Properties properties) throws AOException, IOException {
        return sign(bArr, str, privateKey, certificateArr, properties);
    }

    @Override // es.gob.afirma.core.signers.AOCounterSigner
    public byte[] countersign(byte[] bArr, String str, CounterSignTarget counterSignTarget, Object[] objArr, PrivateKey privateKey, Certificate[] certificateArr, Properties properties) throws AOException {
        throw new UnsupportedOperationException("No es posible realizar contrafirmas de ficheros PDF");
    }

    @Override // es.gob.afirma.core.signers.AOSigner
    public String getSignedName(String str, String str2) {
        String str3 = str2 != null ? str2 : "";
        return str == null ? "signed.pdf" : str.toLowerCase().endsWith(PDF_FILE_SUFFIX) ? str.substring(0, str.length() - PDF_FILE_SUFFIX.length()) + str3 + PDF_FILE_SUFFIX : str + str3 + PDF_FILE_SUFFIX;
    }

    @Override // es.gob.afirma.core.signers.AOSigner
    public AOTreeModel getSignersStructure(byte[] bArr, boolean z) {
        PdfReader pdfReader;
        isPdfFile(bArr);
        SHA2AltNamesProvider.install();
        AOTreeNode aOTreeNode = new AOTreeNode("Datos");
        try {
            pdfReader = new PdfReader(bArr);
        } catch (BadPasswordException e) {
            try {
                pdfReader = new PdfReader(bArr, new String(AOUIFactory.getPassword(PDFMessages.getString("AOPDFSigner.0"), null)).getBytes());
            } catch (BadPasswordException e2) {
                LOGGER.severe("La contrasena del PDF no es valida, se devolvera un arbol vacio: " + e2);
                return new AOTreeModel(aOTreeNode, aOTreeNode.getChildCount());
            } catch (Exception e3) {
                LOGGER.severe("No se ha podido leer el PDF, se devolvera un arbol vacio: " + e3);
                return new AOTreeModel(aOTreeNode, aOTreeNode.getChildCount());
            }
        } catch (Exception e4) {
            LOGGER.severe("No se ha podido leer el PDF, se devolvera un arbol vacio: " + e4);
            return new AOTreeModel(aOTreeNode, aOTreeNode.getChildCount());
        }
        try {
            AcroFields acroFields = pdfReader.getAcroFields();
            ArrayList signatureNames = acroFields.getSignatureNames();
            for (int i = 0; i < signatureNames.size(); i++) {
                PdfPKCS7 verifySignature = acroFields.verifySignature(signatureNames.get(i).toString());
                if (z) {
                    AOSimpleSignInfo aOSimpleSignInfo = new AOSimpleSignInfo(new X509Certificate[]{verifySignature.getSigningCertificate()}, verifySignature.getSignDate().getTime());
                    try {
                        Field declaredField = Class.forName("com.lowagie.text.pdf.PdfPKCS7").getDeclaredField(CMSAttributeTableGenerator.DIGEST);
                        declaredField.setAccessible(true);
                        Object obj = declaredField.get(verifySignature);
                        if (obj instanceof byte[]) {
                            aOSimpleSignInfo.setPkcs1((byte[]) obj);
                        }
                        aOTreeNode.add(new AOTreeNode(aOSimpleSignInfo));
                    } catch (Exception e5) {
                        LOGGER.severe("No se ha podido obtener informacion de una de las firmas del PDF, se continuara con la siguiente: " + e5);
                    }
                } else {
                    aOTreeNode.add(new AOTreeNode(AOUtil.getCN(verifySignature.getSigningCertificate())));
                }
            }
            return new AOTreeModel(aOTreeNode, aOTreeNode.getChildCount());
        } catch (Exception e6) {
            LOGGER.severe("No se ha podido obtener la informacion de los firmantes del PDF, se devolvera un arbol vacio: " + e6);
            return new AOTreeModel(aOTreeNode, aOTreeNode.getChildCount());
        }
    }

    @Override // es.gob.afirma.core.signers.AOSigner
    public boolean isSign(byte[] bArr) {
        if (bArr != null) {
            return isPdfFile(bArr) && getSignersStructure(bArr, false).getCount().intValue() > 0;
        }
        LOGGER.warning("Se han introducido datos nulos para su comprobacion");
        return false;
    }

    private boolean isPdfFile(byte[] bArr) {
        checkIText();
        byte[] bArr2 = new byte[PDF_FILE_HEADER.length()];
        try {
            new ByteArrayInputStream(bArr).read(bArr2);
        } catch (Exception e) {
            bArr2 = null;
        }
        if (bArr2 != null && !PDF_FILE_HEADER.equals(new String(bArr2))) {
            return false;
        }
        try {
            new PdfReader(bArr);
            return true;
        } catch (BadPasswordException e2) {
            LOGGER.warning("El PDF esta protegido con contrasena, se toma como PDF valido");
            return true;
        } catch (Exception e3) {
            return false;
        }
    }

    @Override // es.gob.afirma.core.signers.AOSigner
    public boolean isValidDataFile(byte[] bArr) {
        if (bArr != null) {
            return isPdfFile(bArr);
        }
        LOGGER.warning("Se han introducido datos nulos para su comprobacion");
        return false;
    }

    private static Rectangle getSignaturePositionOnPage(Properties properties) {
        if (properties.getProperty("signaturePositionOnPageLowerLeftX") == null || properties.getProperty("signaturePositionOnPageLowerLeftY") == null || properties.getProperty("signaturePositionOnPageUpperRightX") == null || properties.getProperty("signaturePositionOnPageUpperRightY") == null) {
            return null;
        }
        try {
            return new Rectangle(Integer.parseInt(properties.getProperty("signaturePositionOnPageLowerLeftX")), Integer.parseInt(properties.getProperty("signaturePositionOnPageLowerLeftY")), Integer.parseInt(properties.getProperty("signaturePositionOnPageUpperRightX")), Integer.parseInt(properties.getProperty("signaturePositionOnPageUpperRightY")));
        } catch (Exception e) {
            LOGGER.severe("Se ha indicado una posicion de firma invalida: " + e);
            return null;
        }
    }

    private byte[] signPDF(PrivateKey privateKey, Certificate[] certificateArr, byte[] bArr, Properties properties, String str) throws IOException, AOException, DocumentException, NoSuchAlgorithmException, CertificateException {
        PdfReader pdfReader;
        boolean z;
        URI uri;
        byte[] bytes;
        checkIText();
        boolean parseBoolean = Boolean.parseBoolean(properties.getProperty("applySystemDate", Boolean.TRUE.toString()));
        String property = properties.getProperty("signReason");
        String property2 = properties.getProperty("signatureField");
        String property3 = properties.getProperty("signatureProductionCity");
        String property4 = properties.getProperty("signerContact");
        int i = -666;
        try {
            i = Integer.parseInt(properties.getProperty("signaturePage"));
        } catch (Exception e) {
        }
        String property5 = properties.getProperty("signatureSubFilter");
        String property6 = properties.getProperty("attach");
        String property7 = properties.getProperty("attachFileName");
        String property8 = properties.getProperty("attachDescription");
        byte[] bArr2 = null;
        if (property6 != null && property7 != null) {
            try {
                bArr2 = Base64.decode(property6);
            } catch (IOException e2) {
                LOGGER.warning("Se ha indicado un adjunto, pero no estaba en formato Base64, se ignorara : " + e2);
            }
        }
        String property9 = properties.getProperty("ownerPassword");
        String property10 = properties.getProperty("userPassword");
        try {
            pdfReader = property9 != null ? new PdfReader(bArr, property9.getBytes()) : property10 != null ? new PdfReader(bArr, property10.getBytes()) : new PdfReader(bArr);
        } catch (BadPasswordException e3) {
            if (Boolean.TRUE.toString().equalsIgnoreCase(properties.getProperty("headLess"))) {
                throw new BadPdfPasswordException(e3);
            }
            property9 = new String(AOUIFactory.getPassword(property9 == null ? PDFMessages.getString("AOPDFSigner.0") : PDFMessages.getString("AOPDFSigner.1"), null));
            try {
                pdfReader = new PdfReader(bArr, property9.getBytes());
            } catch (BadPasswordException e4) {
                throw new BadPdfPasswordException(e4);
            }
        } catch (IOException e5) {
            throw new InvalidPdfException(e5);
        }
        if (pdfReader.getCertificationLevel() != 0 && !Boolean.parseBoolean(properties.getProperty("allowSigningCertifiedPdfs"))) {
            if (Boolean.parseBoolean(properties.getProperty("headLess")) || "false".equalsIgnoreCase(properties.getProperty("allowSigningCertifiedPdfs"))) {
                throw new PdfIsCertifiedException();
            }
            if (AOUIFactory.NO_OPTION == AOUIFactory.showConfirmDialog(null, PDFMessages.getString("AOPDFSigner.8"), PDFMessages.getString("AOPDFSigner.9"), AOUIFactory.YES_NO_OPTION, AOUIFactory.WARNING_MESSAGE)) {
                throw new AOCancelledOperationException("El usuario no ha permitido la firma de un PDF certificado");
            }
        }
        pdfReader.removeUsageRights();
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            PdfStamper createSignature = PdfStamper.createSignature(pdfReader, byteArrayOutputStream, (char) 0, null, pdfReader.getAcroFields().getSignatureNames().size() > 0);
            PdfSignatureAppearance signatureAppearance = createSignature.getSignatureAppearance();
            createSignature.setFullCompression();
            signatureAppearance.setAcro6Layers(true);
            createSignature.getWriter().addDeveloperExtension(new PdfDeveloperExtension(new PdfName("ESIC"), PdfWriter.PDF_VERSION_1_7, 1));
            if (bArr2 != null) {
                createSignature.getWriter().addFileAttachment(property8, bArr2, null, property7);
            }
            signatureAppearance.setRender(0);
            if (property != null) {
                signatureAppearance.setReason(property);
            }
            if (parseBoolean) {
                signatureAppearance.setSignDate(new GregorianCalendar());
            }
            if (pdfReader.isEncrypted() && (property9 != null || property10 != null)) {
                if (Boolean.TRUE.toString().equalsIgnoreCase(properties.getProperty("avoidEncryptingSignedPdfs"))) {
                    LOGGER.info("Aunque el PDF original estaba encriptado no se encriptara el PDF firmado (se establecio el indicativo 'avoidEncryptingSignedPdfs')");
                } else {
                    LOGGER.info("El PDF original estaba encriptado, se intentara encriptar tambien el PDF firmado");
                    if (property9 != null) {
                        try {
                            bytes = property9.getBytes();
                        } catch (DocumentException e6) {
                            LOGGER.warning("No se ha podido cifrar el PDF destino, se escribira sin contrasena: " + e6);
                        }
                    } else {
                        bytes = null;
                    }
                    createSignature.setEncryption(bytes, property10 != null ? property10.getBytes() : null, pdfReader.getPermissions(), pdfReader.getCryptoMode());
                }
            }
            if (i == -666) {
                i = pdfReader.getNumberOfPages();
            }
            Rectangle signaturePositionOnPage = getSignaturePositionOnPage(properties);
            if (signaturePositionOnPage != null && property2 == null) {
                signatureAppearance.setVisibleSignature(signaturePositionOnPage, i, null);
            } else if (property2 != null) {
                signatureAppearance.setVisibleSignature(property2);
            }
            if (property3 != null) {
                signatureAppearance.setLocation(property3);
            }
            if (property4 != null) {
                signatureAppearance.setContact(property4);
            }
            Image rubricImage = getRubricImage(properties.getProperty("signatureRubricImage"));
            if (rubricImage != null) {
                signatureAppearance.setImage(rubricImage);
                signatureAppearance.setLayer2Text("");
                signatureAppearance.setLayer4Text("");
            }
            signatureAppearance.setCrypto(null, certificateArr, null, null);
            PdfSignature pdfSignature = new PdfSignature(PdfName.ADOBE_PPKLITE, (property5 == null || "".equals(property5)) ? PdfName.ADBE_PKCS7_DETACHED : new PdfName(property5));
            if (signatureAppearance.getSignDate() != null) {
                pdfSignature.setDate(new PdfDate(signatureAppearance.getSignDate()));
            }
            pdfSignature.setName(PdfPKCS7.getSubjectFields((X509Certificate) certificateArr[0]).getField("CN"));
            if (signatureAppearance.getReason() != null) {
                pdfSignature.setReason(signatureAppearance.getReason());
            }
            if (signatureAppearance.getLocation() != null) {
                pdfSignature.setLocation(signatureAppearance.getLocation());
            }
            if (signatureAppearance.getContact() != null) {
                pdfSignature.setContact(signatureAppearance.getContact());
            }
            signatureAppearance.setCryptoDictionary(pdfSignature);
            HashMap hashMap = new HashMap();
            hashMap.put(PdfName.CONTENTS, 16002);
            signatureAppearance.preClose(hashMap);
            if (properties.containsKey("signingCertificateV2")) {
                z = Boolean.parseBoolean(properties.getProperty("signingCertificateV2"));
            } else {
                z = !"SHA1".equals(AOSignConstants.getDigestAlgorithmName(str));
            }
            byte[] generateSignedData = GenCAdESEPESSignedData.generateSignedData(new P7ContentSignerParameters(bArr, str), true, new AdESPolicy(properties), z, privateKey, certificateArr, MessageDigest.getInstance(AOSignConstants.getDigestAlgorithmName(str)).digest(AOUtil.getDataFromInputStream(signatureAppearance.getRangeStream())), true, PDF_OID, properties.getProperty("contentDescription") != null ? properties.getProperty("contentDescription") : PDF_DESC);
            String property11 = properties.getProperty("tsaURL");
            if (property11 != null) {
                try {
                    uri = new URI(property11);
                } catch (Exception e7) {
                    LOGGER.warning("Se ha indicado una URL de TSA invalida (" + property11 + "), no se anadira sello de tiempo: " + e7);
                    uri = null;
                }
                if (uri != null) {
                    String property12 = properties.getProperty("tsaPolicy");
                    if (property12 == null) {
                        LOGGER.warning("Se ha indicado una URL de TSA pero no una politica, no se anadira sello de tiempo");
                    } else {
                        String property13 = properties.getProperty("tsaHashAlgorithm");
                        generateSignedData = new CMSTimestamper(!Boolean.FALSE.toString().equalsIgnoreCase(properties.getProperty("tsaRequireCert")), property12, uri, properties.getProperty("tsaUsr"), properties.getProperty("tsaPwd"), (properties.getProperty("tsaExtensionOid") == null || properties.getProperty("tsaExtensionValueBase64") == null) ? null : new CMSTimestamper.TsaRequestExtension[]{new CMSTimestamper.TsaRequestExtension(properties.getProperty("tsaExtensionOid"), Boolean.getBoolean(properties.getProperty("tsaExtensionCritical", "false")), Base64.decode(properties.getProperty("tsaExtensionValueBase64")))}).addTimestamp(generateSignedData, AOAlgorithmID.getOID(AOSignConstants.getDigestAlgorithmName(property13 != null ? property13 : "SHA1")));
                    }
                }
            }
            byte[] bArr3 = new byte[CSIZE];
            if (bArr3.length < generateSignedData.length) {
                throw new AOException("La firma generada tiene un tamano (" + generateSignedData.length + ") mayor que el permitido (" + bArr3.length + ")");
            }
            PdfDictionary pdfDictionary = new PdfDictionary();
            System.arraycopy(generateSignedData, 0, bArr3, 0, generateSignedData.length);
            pdfDictionary.put(PdfName.CONTENTS, new PdfString(bArr3).setHexWriting(true));
            signatureAppearance.close(pdfDictionary);
            return byteArrayOutputStream.toByteArray();
        } catch (BadPasswordException e8) {
            throw new PdfIsPasswordProtectedException(e8);
        }
    }

    public static String getSignedName(String str) {
        return str == null ? "signed.pdf" : str.endsWith(PDF_FILE_SUFFIX) ? str.replace(PDF_FILE_SUFFIX, ".signed.pdf") : str.endsWith(".PDF") ? str.replace(".PDF", ".signed.pdf") : str + ".signed.pdf";
    }

    @Override // es.gob.afirma.core.signers.AOSigner
    public byte[] getData(byte[] bArr) throws AOInvalidFormatException {
        if (isSign(bArr)) {
            return bArr;
        }
        throw new AOInvalidFormatException("El documento introducido no contiene una firma valida");
    }

    @Override // es.gob.afirma.core.signers.AOSigner
    public AOSignInfo getSignInfo(byte[] bArr) throws AOException {
        if (bArr == null) {
            throw new IllegalArgumentException("No se han introducido datos para analizar");
        }
        if (isSign(bArr)) {
            return new AOSignInfo(AOSignConstants.SIGN_FORMAT_PDF);
        }
        throw new AOInvalidFormatException("Los datos introducidos no se corresponden con un objeto de firma");
    }

    private void checkIText() {
        String iTextVersion = Platform.getITextVersion();
        if (!ITEXT_VERSION.equals(iTextVersion)) {
            throw new InvalidITextException(ITEXT_VERSION, iTextVersion);
        }
    }

    private static Image getRubricImage(String str) {
        if (str == null || "".equals(str)) {
            return null;
        }
        try {
            try {
                return new Jpeg(Base64.decode(str));
            } catch (Exception e) {
                LOGGER.severe("Se ha proporcionado una imagen de rubrica que no esta codificada en JPEG: " + e);
                return null;
            }
        } catch (Exception e2) {
            LOGGER.severe("Se ha proporcionado una imagen de rubrica que no esta codificada en Base64: " + e2);
            return null;
        }
    }
}
