package com.itextpdf.signatures;

import com.bigqsys.mobileprinter.pdfconverter.Constants22;
import com.itextpdf.bouncycastleconnector.BouncyCastleFactoryCreator;
import com.itextpdf.commons.bouncycastle.IBouncyCastleFactory;
import com.itextpdf.commons.utils.FileUtil;
import com.itextpdf.commons.utils.MessageFormatUtil;
import com.itextpdf.kernel.exceptions.PdfException;
import com.itextpdf.kernel.pdf.PdfDocument;
import com.itextpdf.kernel.pdf.PdfReader;
import com.itextpdf.kernel.pdf.PdfWriter;
import com.itextpdf.kernel.pdf.StampingProperties;
import com.itextpdf.signatures.LtvVerification;
import com.itextpdf.signatures.PdfSigner;
import com.itextpdf.signatures.exceptions.SignExceptionMessageConstant;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.GeneralSecurityException;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;

/* loaded from: classes4.dex */
public class PdfPadesSigner {
    private static final String DEFAULT_DIGEST_ALGORITHM = "SHA-512";
    private static final String TEMP_FILE_NAME = "tempPdfFile";
    private ICrlClient crlClient;
    private final OutputStream outputStream;
    private final PdfReader reader;
    private File tempFile;
    private ByteArrayOutputStream tempOutputStream;
    private String timestampSignatureName;
    private static final IBouncyCastleFactory FACTORY = BouncyCastleFactoryCreator.getFactory();
    private static final Object LOCK_OBJECT = new Object();
    private static long increment = 0;
    private IOcspClient ocspClient = null;
    private IIssuingCertificateRetriever issuingCertificateRetriever = new IssuingCertificateRetriever();
    private int estimatedSize = 0;
    private String temporaryDirectoryPath = null;
    private IExternalDigest externalDigest = new BouncyCastleDigest();
    private StampingProperties stampingProperties = new StampingProperties().useAppendMode();
    private final Set<File> tempFiles = new HashSet();

    public PdfPadesSigner(PdfReader pdfReader, OutputStream outputStream) {
        this.reader = pdfReader;
        this.outputStream = outputStream;
    }

    private String getDigestAlgorithm(PrivateKey privateKey) {
        String privateKeyAlgorithm = SignUtils.getPrivateKeyAlgorithm(privateKey);
        privateKeyAlgorithm.hashCode();
        return !privateKeyAlgorithm.equals("Ed448") ? "SHA-512" : DigestAlgorithms.SHAKE256;
    }

    private File getNextTempFile() {
        File file;
        if (!FileUtil.directoryExists(this.temporaryDirectoryPath)) {
            throw new PdfException(MessageFormatUtil.format(SignExceptionMessageConstant.PATH_IS_NOT_DIRECTORY, this.temporaryDirectoryPath));
        }
        synchronized (LOCK_OBJECT) {
            do {
                increment++;
                file = new File(this.temporaryDirectoryPath + "/" + TEMP_FILE_NAME + increment + Constants22.pdfExtension);
                this.tempFile = file;
            } while (file.exists());
            this.tempFiles.add(this.tempFile);
        }
        return this.tempFile;
    }

    private void performSignDetached(SignerProperties signerProperties, boolean z, IExternalSignature iExternalSignature, Certificate[] certificateArr, ITSAClient iTSAClient) throws GeneralSecurityException, IOException {
        Certificate[] retrieveMissingCertificates = this.issuingCertificateRetriever.retrieveMissingCertificates(certificateArr);
        PdfSigner createPdfSigner = createPdfSigner(signerProperties, z);
        try {
            createPdfSigner.signDetached(this.externalDigest, iExternalSignature, retrieveMissingCertificates, null, null, iTSAClient, this.estimatedSize, PdfSigner.CryptoStandard.CADES);
        } finally {
            createPdfSigner.originalOS.close();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public InputStream createInputStream() throws IOException {
        return this.temporaryDirectoryPath != null ? FileUtil.getInputStreamForFile(this.tempFile) : new ByteArrayInputStream(this.tempOutputStream.toByteArray());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public OutputStream createOutputStream() throws FileNotFoundException {
        if (this.temporaryDirectoryPath != null) {
            return FileUtil.getFileOutputStream(getNextTempFile());
        }
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        this.tempOutputStream = byteArrayOutputStream;
        return byteArrayOutputStream;
    }

    PdfSigner createPdfSigner(SignerProperties signerProperties, boolean z) throws IOException {
        return new PdfSigner(this.reader, z ? this.outputStream : createOutputStream(), this.temporaryDirectoryPath != null ? getNextTempFile().getAbsolutePath() : null, this.stampingProperties, signerProperties);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void createRevocationClients(Certificate certificate, boolean z) {
        if (this.crlClient == null && this.ocspClient == null && z) {
            X509Certificate x509Certificate = (X509Certificate) certificate;
            if (CertificateUtil.getOCSPURL(x509Certificate) == null && CertificateUtil.getCRLURL(x509Certificate) == null) {
                throw new PdfException(SignExceptionMessageConstant.DEFAULT_CLIENTS_CANNOT_BE_CREATED);
            }
        }
        if (this.crlClient == null) {
            this.crlClient = new CrlClientOnline();
        }
        if (this.ocspClient == null) {
            this.ocspClient = new OcspClientBouncyCastle(null);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void deleteTempFiles() {
        Iterator<File> it = this.tempFiles.iterator();
        while (it.hasNext()) {
            it.next().delete();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void performLtvVerification(PdfDocument pdfDocument, List<String> list, LtvVerification.RevocationDataNecessity revocationDataNecessity) throws IOException, GeneralSecurityException {
        LtvVerification issuingCertificateRetriever = new LtvVerification(pdfDocument).setRevocationDataNecessity(revocationDataNecessity).setIssuingCertificateRetriever(this.issuingCertificateRetriever);
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            issuingCertificateRetriever.addVerification(it.next(), this.ocspClient, this.crlClient, LtvVerification.CertificateOption.ALL_CERTIFICATES, LtvVerification.Level.OCSP_OPTIONAL_CRL, LtvVerification.CertificateInclusion.YES);
        }
        issuingCertificateRetriever.merge();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void performTimestamping(PdfDocument pdfDocument, OutputStream outputStream, ITSAClient iTSAClient) throws IOException, GeneralSecurityException {
        new PdfSigner(pdfDocument, outputStream, this.tempOutputStream, this.tempFile).timestamp(iTSAClient, this.timestampSignatureName);
    }

    public void prolongSignatures() throws IOException, GeneralSecurityException {
        prolongSignatures(null);
    }

    public void prolongSignatures(ITSAClient iTSAClient) throws IOException, GeneralSecurityException {
        PdfDocument pdfDocument = new PdfDocument(this.reader, new PdfWriter(iTSAClient == null ? this.outputStream : createOutputStream()), new StampingProperties().useAppendMode());
        try {
            List<String> signatureNames = new SignatureUtil(pdfDocument).getSignatureNames();
            if (signatureNames.isEmpty()) {
                throw new PdfException(SignExceptionMessageConstant.NO_SIGNATURES_TO_PROLONG);
            }
            createRevocationClients(null, false);
            performLtvVerification(pdfDocument, signatureNames, LtvVerification.RevocationDataNecessity.OPTIONAL);
            if (iTSAClient != null) {
                performTimestamping(pdfDocument, this.outputStream, iTSAClient);
            }
            pdfDocument.close();
        } catch (Throwable th) {
            try {
                throw th;
            } catch (Throwable th2) {
                try {
                    pdfDocument.close();
                } catch (Throwable th3) {
                    th.addSuppressed(th3);
                }
                throw th2;
            }
        }
    }

    public PdfPadesSigner setCrlClient(ICrlClient iCrlClient) {
        this.crlClient = iCrlClient;
        return this;
    }

    public PdfPadesSigner setEstimatedSize(int i) {
        this.estimatedSize = i;
        return this;
    }

    public PdfPadesSigner setExternalDigest(IExternalDigest iExternalDigest) {
        this.externalDigest = iExternalDigest;
        return this;
    }

    public PdfPadesSigner setIssuingCertificateRetriever(IIssuingCertificateRetriever iIssuingCertificateRetriever) {
        this.issuingCertificateRetriever = iIssuingCertificateRetriever;
        return this;
    }

    public PdfPadesSigner setOcspClient(IOcspClient iOcspClient) {
        this.ocspClient = iOcspClient;
        return this;
    }

    public PdfPadesSigner setStampingProperties(StampingProperties stampingProperties) {
        this.stampingProperties = stampingProperties;
        return this;
    }

    public PdfPadesSigner setTemporaryDirectoryPath(String str) {
        this.temporaryDirectoryPath = str;
        return this;
    }

    public PdfPadesSigner setTimestampSignatureName(String str) {
        this.timestampSignatureName = str;
        return this;
    }

    public PdfPadesSigner setTrustedCertificates(List<Certificate> list) {
        this.issuingCertificateRetriever.setTrustedCertificates(list);
        return this;
    }

    public void signWithBaselineBProfile(SignerProperties signerProperties, Certificate[] certificateArr, IExternalSignature iExternalSignature) throws GeneralSecurityException, IOException {
        performSignDetached(signerProperties, true, iExternalSignature, certificateArr, null);
    }

    public void signWithBaselineBProfile(SignerProperties signerProperties, Certificate[] certificateArr, PrivateKey privateKey) throws GeneralSecurityException, IOException {
        signWithBaselineBProfile(signerProperties, certificateArr, new PrivateKeySignature(privateKey, getDigestAlgorithm(privateKey), FACTORY.getProviderName()));
    }

    public void signWithBaselineLTAProfile(SignerProperties signerProperties, Certificate[] certificateArr, IExternalSignature iExternalSignature, ITSAClient iTSAClient) throws IOException, GeneralSecurityException {
        createRevocationClients(certificateArr[0], true);
        try {
            performSignDetached(signerProperties, false, iExternalSignature, certificateArr, iTSAClient);
            InputStream createInputStream = createInputStream();
            try {
                PdfDocument pdfDocument = new PdfDocument(new PdfReader(createInputStream), new PdfWriter(createOutputStream()), new StampingProperties().useAppendMode());
                try {
                    performLtvVerification(pdfDocument, Collections.singletonList(signerProperties.getFieldName()), LtvVerification.RevocationDataNecessity.REQUIRED_FOR_SIGNING_CERTIFICATE);
                    performTimestamping(pdfDocument, this.outputStream, iTSAClient);
                    pdfDocument.close();
                    if (createInputStream != null) {
                        createInputStream.close();
                    }
                } finally {
                }
            } finally {
            }
        } finally {
            deleteTempFiles();
        }
    }

    public void signWithBaselineLTAProfile(SignerProperties signerProperties, Certificate[] certificateArr, PrivateKey privateKey, ITSAClient iTSAClient) throws GeneralSecurityException, IOException {
        signWithBaselineLTAProfile(signerProperties, certificateArr, new PrivateKeySignature(privateKey, getDigestAlgorithm(privateKey), FACTORY.getProviderName()), iTSAClient);
    }

    public void signWithBaselineLTProfile(SignerProperties signerProperties, Certificate[] certificateArr, IExternalSignature iExternalSignature, ITSAClient iTSAClient) throws GeneralSecurityException, IOException {
        createRevocationClients(certificateArr[0], true);
        try {
            performSignDetached(signerProperties, false, iExternalSignature, certificateArr, iTSAClient);
            InputStream createInputStream = createInputStream();
            try {
                PdfDocument pdfDocument = new PdfDocument(new PdfReader(createInputStream), new PdfWriter(this.outputStream), new StampingProperties().useAppendMode());
                try {
                    performLtvVerification(pdfDocument, Collections.singletonList(signerProperties.getFieldName()), LtvVerification.RevocationDataNecessity.REQUIRED_FOR_SIGNING_CERTIFICATE);
                    pdfDocument.close();
                    if (createInputStream != null) {
                        createInputStream.close();
                    }
                } finally {
                }
            } finally {
            }
        } finally {
            deleteTempFiles();
        }
    }

    public void signWithBaselineLTProfile(SignerProperties signerProperties, Certificate[] certificateArr, PrivateKey privateKey, ITSAClient iTSAClient) throws GeneralSecurityException, IOException {
        signWithBaselineLTProfile(signerProperties, certificateArr, new PrivateKeySignature(privateKey, getDigestAlgorithm(privateKey), FACTORY.getProviderName()), iTSAClient);
    }

    public void signWithBaselineTProfile(SignerProperties signerProperties, Certificate[] certificateArr, IExternalSignature iExternalSignature, ITSAClient iTSAClient) throws GeneralSecurityException, IOException {
        performSignDetached(signerProperties, true, iExternalSignature, certificateArr, iTSAClient);
    }

    public void signWithBaselineTProfile(SignerProperties signerProperties, Certificate[] certificateArr, PrivateKey privateKey, ITSAClient iTSAClient) throws GeneralSecurityException, IOException {
        signWithBaselineTProfile(signerProperties, certificateArr, new PrivateKeySignature(privateKey, getDigestAlgorithm(privateKey), FACTORY.getProviderName()), iTSAClient);
    }
}
