package pl.unizeto.android.cryptoapi.pdf;

import com.lowagie.text.Font;
import com.lowagie.text.Image;
import com.lowagie.text.Rectangle;
import com.lowagie.text.exceptions.BadPasswordException;
import com.lowagie.text.exceptions.InvalidPdfException;
import com.lowagie.text.pdf.AcroFields;
import com.lowagie.text.pdf.BaseFont;
import com.lowagie.text.pdf.PdfBoolean;
import com.lowagie.text.pdf.PdfDate;
import com.lowagie.text.pdf.PdfDictionary;
import com.lowagie.text.pdf.PdfName;
import com.lowagie.text.pdf.PdfPKCS7;
import com.lowagie.text.pdf.PdfReader;
import com.lowagie.text.pdf.PdfSignature;
import com.lowagie.text.pdf.PdfSignatureAppearance;
import com.lowagie.text.pdf.PdfStamper;
import com.lowagie.text.pdf.PdfString;
import com.lowagie.text.pdf.RandomAccessFileOrArray;
import iaik.asn1.structures.AlgorithmID;
import iaik.x509.X509Certificate;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.URI;
import java.net.URL;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.SignatureException;
import java.security.cert.CRL;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.UUID;
import org.apache.commons.io.IOUtils;
import org.apache.commons.io.output.ByteArrayOutputStream;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import pl.unizeto.android.cryptoapi.SignProperties;
import pl.unizeto.android.cryptoapi.SignedDataReference;
import pl.unizeto.android.cryptoapi.certificatestoremanager.UniCertificateStoreManagerFactory;
import pl.unizeto.android.cryptoapi.etsi.UniETSI;
import pl.unizeto.android.cryptoapi.exception.PKIErrorCode;
import pl.unizeto.android.cryptoapi.exception.PKIException;
import pl.unizeto.android.cryptoapi.pdf.PDFSignatureInfo;
import pl.unizeto.android.cryptoapi.util.Digest;
import pl.unizeto.android.cryptoapi.util.SignatureType;
import pl.unizeto.android.cryptoapi.util.cert.CertificateInfoUtil;
import pl.unizeto.android.cryptoapi.util.cert.CertificateUsage;

/* loaded from: classes.dex */
public class UniPDF {
    private static final String DEFAULT_HASH_ALGORITHM_NAME = "SHA-1";
    private static final Logger log = LoggerFactory.getLogger(UniPDF.class.getSimpleName());
    private char pdfVersion = 0;
    private SignProperties signProperties;
    private byte[] signaturePolicy;

    private UniPDF() {
        try {
            Class.forName("com.lowagie.text.Document");
        } catch (ClassNotFoundException e) {
            throw new RuntimeException(e);
        }
    }

    private StringBuilder appendLocation(StringBuilder sb, String str) {
        if (StringUtils.isNotBlank(str)) {
            if (sb.length() > 0 && !sb.toString().endsWith(";")) {
                sb.append("; ");
            }
            sb.append(str);
        }
        return sb;
    }

    public static UniPDF getInstance() {
        return new UniPDF();
    }

    private Boolean isPropertySetToTrue(String str) {
        Object obj;
        SignProperties signProperties = getSignProperties();
        if (signProperties == null || (obj = signProperties.get(str)) == null) {
            return null;
        }
        return Boolean.valueOf(StringUtils.trimToEmpty(obj.toString()).equalsIgnoreCase(PdfBoolean.TRUE));
    }

    private void validateInputs(InputStream inputStream, X509Certificate x509Certificate, PrivateKey privateKey, OutputStream outputStream) throws IllegalArgumentException {
        if (inputStream == null) {
            throw new IllegalArgumentException("document input stream is null");
        }
        if (x509Certificate == null) {
            throw new IllegalArgumentException("signing certificate is null");
        }
        if (privateKey == null) {
            throw new IllegalArgumentException("privateKey is null");
        }
        if (outputStream == null) {
            throw new IllegalArgumentException("document output stream is null");
        }
    }

    private void validateSignInputs(InputStream inputStream, X509Certificate x509Certificate, PrivateKey privateKey, OutputStream outputStream) throws IllegalArgumentException, UniPDFException {
        validateInputs(inputStream, x509Certificate, privateKey, outputStream);
        try {
            if (CertificateUsage.isForDigitalSignature(x509Certificate)) {
            } else {
                throw new IllegalArgumentException("Certificate is not for digital signature purpose");
            }
        } catch (CertificateException e) {
            throw new UniPDFException(e);
        } catch (PKIException e2) {
            throw new UniPDFException(e2);
        }
    }

    private void validateSingQualifiedInputs(InputStream inputStream, X509Certificate x509Certificate, PrivateKey privateKey, OutputStream outputStream) throws IllegalArgumentException, UniPDFException {
        validateInputs(inputStream, x509Certificate, privateKey, outputStream);
        try {
            if (CertificateUsage.isQualified(x509Certificate)) {
            } else {
                throw new UniPDFException(PKIErrorCode.CERTIFICATE_IS_NOT_FOR_NON_REPUDIATION, CertificateInfoUtil.getSubjectAndSerialNumberString(x509Certificate));
            }
        } catch (CertificateException e) {
            throw new UniPDFException(e);
        }
    }

    protected void addGrapthicToSignature(PdfSignatureAppearance pdfSignatureAppearance) {
        Image signatureImage = getSignatureImage();
        if (signatureImage == null) {
            return;
        }
        pdfSignatureAppearance.setAcro6Layers(true);
        pdfSignatureAppearance.setSignatureGraphic(signatureImage);
        pdfSignatureAppearance.setRender(2);
    }

    public void addSign(InputStream inputStream, X509Certificate x509Certificate, PrivateKey privateKey, OutputStream outputStream) throws IOException, UniPDFException {
        validateSignInputs(inputStream, x509Certificate, privateKey, outputStream);
        signInternal(inputStream, x509Certificate, privateKey, outputStream, true, false);
    }

    public void addSignQualified(InputStream inputStream, X509Certificate x509Certificate, PrivateKey privateKey, OutputStream outputStream) throws IOException, UniPDFException {
        validateSingQualifiedInputs(inputStream, x509Certificate, privateKey, outputStream);
        signInternal(inputStream, x509Certificate, privateKey, outputStream, true, true);
    }

    protected void addSignatureVisualization(PdfSignatureAppearance pdfSignatureAppearance) {
        pdfSignatureAppearance.setVisibleSignature(getSignatureRectangle(), getSignaturePageNo(), "Signature-" + UUID.randomUUID().toString());
        addGrapthicToSignature(pdfSignatureAppearance);
    }

    protected byte[] digest(PdfSignatureAppearance pdfSignatureAppearance, String str) throws NoSuchAlgorithmException, IOException {
        InputStream inputStream = null;
        try {
            inputStream = pdfSignatureAppearance.getRangeStream();
            return digest(inputStream, str);
        } finally {
            IOUtils.closeQuietly(inputStream);
        }
    }

    protected byte[] digest(RandomAccessFileOrArray randomAccessFileOrArray) throws IOException, NoSuchAlgorithmException {
        if (randomAccessFileOrArray == null) {
            return null;
        }
        byte[] bArr = new byte[4096];
        MessageDigest messageDigest = MessageDigest.getInstance("SHA1");
        while (true) {
            int read = randomAccessFileOrArray.read(bArr, 0, bArr.length);
            if (read == -1) {
                return messageDigest.digest();
            }
            messageDigest.update(bArr, 0, read);
        }
    }

    protected byte[] digest(InputStream inputStream, String str) throws NoSuchAlgorithmException, IOException {
        return Digest.digest(inputStream, str);
    }

    public String getHashAlg() throws IllegalArgumentException {
        String trimToNull = StringUtils.trimToNull((String) getSignProperties().get(PDFSignProperties.SIGNATURE_HASH_ALGORITHM_NAME));
        if (trimToNull == null) {
            log.debug("Using default hash algorithm: SHA-1");
            return DEFAULT_HASH_ALGORITHM_NAME;
        }
        if (AlgorithmID.getAlgorithmID(trimToNull) == null) {
            throw new IllegalArgumentException("Invalid PDF signature algorithm name: " + trimToNull);
        }
        return trimToNull;
    }

    public byte[] getOwnerPassword() {
        Object obj = getSignProperties().get(PDFSignProperties.OWNER_PASSWORD);
        if (obj == null || !(obj instanceof byte[])) {
            return null;
        }
        return (byte[]) obj;
    }

    public SignProperties getSignProperties() {
        if (this.signProperties == null) {
            this.signProperties = new PDFSignProperties();
        }
        return this.signProperties;
    }

    protected Image getSignatureImage() {
        Object obj = getSignProperties().get(PDFSignProperties.SIGNATURE_IMAGE);
        Image image = null;
        if (obj != null) {
            try {
                if (obj instanceof String) {
                    image = Image.getInstance((String) obj);
                } else if (obj instanceof URL) {
                    image = Image.getInstance((URL) obj);
                } else if (obj instanceof byte[]) {
                    image = Image.getInstance((byte[]) obj);
                }
            } catch (Exception e) {
                log.warn("Nie można załadować grafiki do wyświetlenia w polu wizualizacji podpisu", (Throwable) e);
            }
        }
        return image;
    }

    public List<String> getSignatureOnlyNames(PdfReader pdfReader) {
        ArrayList arrayList = new ArrayList();
        AcroFields acroFields = pdfReader.getAcroFields();
        Iterator it = acroFields.getSignatureNames().iterator();
        while (it.hasNext()) {
            String str = (String) it.next();
            if (!PdfNames.DOCUMENT_TIMESTAMP.equals((PdfName) acroFields.getSignatureDictionary(str).get(PdfName.TYPE))) {
                arrayList.add(str);
            }
        }
        return arrayList;
    }

    protected int getSignaturePageNo() {
        Object obj = getSignProperties().get(PDFSignProperties.SIGNATURE_PAGE_NO);
        Integer num = 1;
        if (obj != null) {
            if (obj instanceof String) {
                try {
                    num = Integer.valueOf(Integer.parseInt((String) obj));
                } catch (NumberFormatException e) {
                    log.warn("Niepoprawna wartość parametru pdf.signature.page.no. Oczekiwano wartości liczbowej, a otrzymano inną. Przekazana wartość: " + obj);
                }
            } else if (obj instanceof Number) {
                num = Integer.valueOf(((Number) obj).intValue());
            } else {
                log.warn("Niepoprawna wartość parametru pdf.signature.page.no. Oczekiwano wartości liczbowej, a otrzymano inną. Przekazana wartość: " + obj);
            }
            if (num == null || num.intValue() <= 0) {
                num = 1;
                if (1 != 0) {
                    log.warn("Ustawiam parametr pdf.signature.page.no na wartość domyślną (1).");
                }
            }
        }
        return num.intValue();
    }

    public byte[] getSignaturePolicy() {
        return this.signaturePolicy;
    }

    public String getSignatureProductionPlace() {
        SignProperties signProperties = getSignProperties();
        String str = (String) signProperties.get(SignProperties.SIGNATURE_PRODUCTION_PLACE_CITY);
        String str2 = (String) signProperties.get(SignProperties.SIGNATURE_PRODUCTION_PLACE_POSTAL_CODE);
        String str3 = (String) signProperties.get(SignProperties.SIGNATURE_PRODUCTION_PLACE_STATE_OR_PROVINCE);
        String str4 = (String) signProperties.get(SignProperties.SIGNATURE_PRODUCTION_PLACE_COUNTRY_NAME);
        StringBuilder sb = new StringBuilder();
        appendLocation(sb, str);
        appendLocation(sb, str2);
        appendLocation(sb, str3);
        appendLocation(sb, str4);
        return StringUtils.trimToNull(sb.toString());
    }

    protected Rectangle getSignatureRectangle() throws ClassCastException {
        Rectangle rectangle = null;
        Object obj = getSignProperties().get(PDFSignProperties.SIGNATURE_RECTANGLE);
        if (obj != null && (obj instanceof Rectangle)) {
            rectangle = (Rectangle) obj;
        }
        if (rectangle != null) {
            return rectangle;
        }
        log.debug("Using default signature rectangle dimmenstions");
        return new Rectangle(100.0f, 100.0f, 300.0f, 200.0f);
    }

    public List<PDFSignatureInfo> getSignatures(InputStream inputStream) throws IOException, UniPDFException, IllegalArgumentException {
        ArrayList arrayList = new ArrayList();
        try {
            PdfReader pdfReader = new PdfReader(inputStream);
            AcroFields acroFields = pdfReader.getAcroFields();
            for (String str : getSignatureOnlyNames(pdfReader)) {
                PDFSignatureInfo pDFSignatureInfo = new PDFSignatureInfo();
                pDFSignatureInfo.setId(str);
                pDFSignatureInfo.getSignedDataReferences().add(new SignedDataReference(new URI(""), null, null));
                pDFSignatureInfo.setSignaturePosition(new PDFSignatureInfo.SignaturePosition(acroFields.getFieldPositions(str)));
                arrayList.add(pDFSignatureInfo);
            }
            return arrayList;
        } catch (InvalidPdfException e) {
            throw new IllegalArgumentException("Unsupported PDF file", e);
        } catch (IllegalArgumentException e2) {
            throw e2;
        } catch (Exception e3) {
            log.error("Błąd podczas pobierania informacji o podpisie PDF", (Throwable) e3);
            throw new UniPDFException(e3);
        }
    }

    public String getSignersDeclaration() {
        return (String) getSignProperties().get(SignProperties.SIGNER_DECLARATION);
    }

    public byte[] getUserPassword() {
        Object obj = getSignProperties().get(PDFSignProperties.USER_PASSWORD);
        if (obj == null || !(obj instanceof byte[])) {
            return null;
        }
        return (byte[]) obj;
    }

    protected boolean isSignatureVisible() {
        return isTrue(PDFSignProperties.SIGNATURE_VISIBLE);
    }

    protected boolean isTrue(String str) {
        Boolean isPropertySetToTrue = isPropertySetToTrue(str);
        if (isPropertySetToTrue == null) {
            return false;
        }
        return isPropertySetToTrue.booleanValue();
    }

    public void setSignProperties(SignProperties signProperties) {
        this.signProperties = signProperties;
    }

    public void setSignaturePolicy(byte[] bArr) throws UniPDFException {
        this.signaturePolicy = bArr;
    }

    public void sign(InputStream inputStream, X509Certificate x509Certificate, PrivateKey privateKey, OutputStream outputStream) throws IOException, UniPDFException, IllegalArgumentException {
        validateSignInputs(inputStream, x509Certificate, privateKey, outputStream);
        signInternal(inputStream, x509Certificate, privateKey, outputStream, false, false);
    }

    protected void signInternal(InputStream inputStream, X509Certificate x509Certificate, PrivateKey privateKey, OutputStream outputStream, boolean z, boolean z2) throws UniPDFException {
        PdfName pdfName = PdfSignatureAppearance.WINCER_SIGNED;
        CRL[] crlArr = (CRL[]) null;
        try {
            Certificate[] certificateArr = (Certificate[]) UniCertificateStoreManagerFactory.getInstance().getCertificationPath(x509Certificate).getPath().toArray(new Certificate[0]);
            byte[] ownerPassword = getOwnerPassword();
            byte[] userPassword = getUserPassword();
            PdfReader pdfReader = ownerPassword != null ? new PdfReader(inputStream, ownerPassword) : userPassword != null ? new PdfReader(inputStream, userPassword) : new PdfReader(inputStream);
            pdfReader.setViewerPreferences(256);
            if (!z && pdfReader.getAcroFields().getSignatureNames().size() > 0) {
                throw new IllegalArgumentException("Can't sign signed PDF with sign() method. Please use addSign() method.");
            }
            PdfStamper createSignature = PdfStamper.createSignature(pdfReader, outputStream, this.pdfVersion, null, z);
            if (!pdfReader.isEncrypted() && (userPassword != null || ownerPassword != null)) {
                if (pdfReader.getAcroFields().getSignatureNames().size() > 0) {
                    throw new IllegalArgumentException("Nie można zabezpieczyć hasłem podpisanego dokument PDF");
                }
                createSignature.setEncryption(userPassword, ownerPassword, 2564, true);
            }
            PdfSignatureAppearance signatureAppearance = createSignature.getSignatureAppearance();
            signatureAppearance.setLayer2Font(new Font(BaseFont.createFont("assets/times.ttf", BaseFont.IDENTITY_H, true)));
            signatureAppearance.setCrypto(privateKey, certificateArr, crlArr, pdfName);
            signatureAppearance.setReason(getSignersDeclaration());
            signatureAppearance.setLocation(getSignatureProductionPlace());
            if (isSignatureVisible()) {
                addSignatureVisualization(signatureAppearance);
            }
            PdfSignature pdfSignature = new PdfSignature(pdfName, PdfNames.ETSI_CADES_DETACHED);
            pdfSignature.setReason(signatureAppearance.getReason());
            pdfSignature.setLocation(signatureAppearance.getLocation());
            pdfSignature.setDate(new PdfDate(signatureAppearance.getSignDate()));
            signatureAppearance.setCryptoDictionary(pdfSignature);
            HashMap hashMap = new HashMap();
            hashMap.put(PdfName.CONTENTS, 30002);
            signatureAppearance.preClose(hashMap);
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            UniETSI.getInstance().sign(signatureAppearance.getRangeStream(), x509Certificate, privateKey, SignatureType.EXPLICIT, byteArrayOutputStream);
            byte[] byteArray = byteArrayOutputStream.toByteArray();
            if (15002 < byteArray.length) {
                throw new Exception("Not enough space");
            }
            byte[] bArr = new byte[15000];
            System.arraycopy(byteArray, 0, bArr, 0, byteArray.length);
            PdfDictionary pdfDictionary = new PdfDictionary();
            pdfDictionary.put(PdfName.CONTENTS, new PdfString(bArr).setHexWriting(true));
            signatureAppearance.close(pdfDictionary);
        } catch (BadPasswordException e) {
            throw new UniPDFException(e, PKIErrorCode.UNI_PDF_DOCUMENT_IS_PROTECTED, new String[0]);
        } catch (InvalidPdfException e2) {
            throw new IllegalArgumentException("Unsupported PDF file", e2);
        } catch (Exception e3) {
            throw new UniPDFException(e3);
        }
    }

    public void signQualified(InputStream inputStream, X509Certificate x509Certificate, PrivateKey privateKey, OutputStream outputStream) throws IOException, UniPDFException {
        validateSingQualifiedInputs(inputStream, x509Certificate, privateKey, outputStream);
        signInternal(inputStream, x509Certificate, privateKey, outputStream, false, true);
    }

    public void validate(InputStream inputStream) throws IOException, UniPDFException {
        if (inputStream == null) {
            throw new IllegalArgumentException("Document input stream is null");
        }
        validateSignature(inputStream, null);
    }

    public void validate(InputStream inputStream, String str) throws IOException, UniPDFException {
        if (inputStream == null) {
            throw new IllegalArgumentException("Document input stream is null");
        }
        if (StringUtils.isBlank(str)) {
            throw new IllegalArgumentException("Signature id is null");
        }
        validateSignature(inputStream, str);
    }

    protected java.security.cert.X509Certificate validateSelectedSignatureIntegrityInternal(AcroFields acroFields, String str) throws UniPDFException {
        try {
            log.debug("Signature name: " + str);
            log.debug("Signature covers whole document: " + acroFields.signatureCoversWholeDocument(str));
            log.debug("Document revision: " + acroFields.getRevision(str) + " of " + acroFields.getTotalRevisions());
            PdfPKCS7 verifySignature = acroFields.verifySignature(str);
            if (verifySignature == null) {
                throw new IllegalArgumentException("Signature '" + str + "' not found");
            }
            log.debug("Subject: " + PdfPKCS7.getSubjectFields(verifySignature.getSigningCertificate()));
            if (verifySignature.verify()) {
                return verifySignature.getSigningCertificate();
            }
            throw new UniPDFException(PKIErrorCode.UNI_ETSI_INTEGRITY_VALIDATION_ERROR, str);
        } catch (SignatureException e) {
            throw new UniPDFException(e, PKIErrorCode.UNI_ETSI_INTEGRITY_VALIDATION_ERROR, str);
        }
    }

    protected void validateSignature(InputStream inputStream, String str) throws IllegalArgumentException, IOException, UniPDFException {
        try {
            AcroFields acroFields = new PdfReader(inputStream).getAcroFields();
            ArrayList signatureNames = acroFields.getSignatureNames();
            if (signatureNames.isEmpty()) {
                throw new IllegalArgumentException("PDF document doesn't have any signatures to be validate");
            }
            if (StringUtils.isNotBlank(str)) {
                validateSelectedSignatureIntegrityInternal(acroFields, str);
                return;
            }
            Iterator it = signatureNames.iterator();
            while (it.hasNext()) {
                validateSelectedSignatureIntegrityInternal(acroFields, (String) it.next());
            }
        } catch (InvalidPdfException e) {
            throw new IllegalArgumentException("Unsupported PDF file", e);
        } catch (IllegalArgumentException e2) {
            throw e2;
        } catch (Exception e3) {
            throw new UniPDFException(e3);
        }
    }

    protected void validateVerifyInputs(InputStream inputStream) {
        if (inputStream == null) {
            throw new IllegalArgumentException("document input stream is null");
        }
    }
}
