package com.itextpdf.signatures;

import com.itextpdf.bouncycastleconnector.BouncyCastleFactoryCreator;
import com.itextpdf.commons.bouncycastle.IBouncyCastleFactory;
import com.itextpdf.commons.bouncycastle.asn1.IASN1Encodable;
import com.itextpdf.commons.bouncycastle.asn1.IASN1InputStream;
import com.itextpdf.commons.utils.MessageFormatUtil;
import com.itextpdf.kernel.exceptions.PdfException;
import com.itextpdf.kernel.pdf.PdfDocument;
import com.itextpdf.kernel.pdf.PdfName;
import com.itextpdf.kernel.pdf.PdfReader;
import com.itextpdf.kernel.pdf.PdfWriter;
import com.itextpdf.kernel.pdf.StampingProperties;
import com.itextpdf.signatures.LtvVerification;
import com.itextpdf.signatures.cms.AlgorithmIdentifier;
import com.itextpdf.signatures.cms.CMSContainer;
import com.itextpdf.signatures.cms.CmsAttribute;
import com.itextpdf.signatures.cms.SignerInfo;
import com.itextpdf.signatures.exceptions.SignExceptionMessageConstant;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;

/* loaded from: classes3.dex */
public class PadesTwoPhaseSigningHelper {
    private static final IBouncyCastleFactory FACTORY = BouncyCastleFactoryCreator.getFactory();
    private ICrlClient crlClient;
    private IOcspClient ocspClient;
    private String temporaryDirectoryPath;
    private String timestampSignatureName;
    private ITSAClient tsaClient;
    private StampingProperties stampingProperties = new StampingProperties().useAppendMode();
    private StampingProperties stampingPropertiesWithMetaInfo = (StampingProperties) new StampingProperties().useAppendMode().setEventCountingMetaInfo(new SignMetaInfo());
    private IIssuingCertificateRetriever issuingCertificateRetriever = new IssuingCertificateRetriever();
    private int estimatedSize = -1;

    private PdfPadesSigner createPadesSigner(PdfReader pdfReader, OutputStream outputStream) {
        PdfPadesSigner pdfPadesSigner = new PdfPadesSigner(pdfReader, outputStream);
        pdfPadesSigner.setOcspClient(this.ocspClient);
        pdfPadesSigner.setCrlClient(this.crlClient);
        pdfPadesSigner.setStampingProperties(this.stampingProperties);
        pdfPadesSigner.setTemporaryDirectoryPath(this.temporaryDirectoryPath);
        pdfPadesSigner.setTimestampSignatureName(this.timestampSignatureName);
        pdfPadesSigner.setIssuingCertificateRetriever(this.issuingCertificateRetriever);
        pdfPadesSigner.setEstimatedSize(this.estimatedSize);
        return pdfPadesSigner;
    }

    private byte[] setSignatureAlgorithmAndSignature(IExternalSignature iExternalSignature, CMSContainer cMSContainer) throws IOException, GeneralSecurityException {
        String digestAlgorithmName = iExternalSignature.getDigestAlgorithmName();
        String algorithmOid = cMSContainer.getDigestAlgorithm().getAlgorithmOid();
        String signatureAlgorithmName = iExternalSignature.getSignatureAlgorithmName();
        if (!DigestAlgorithms.getAllowedDigest(digestAlgorithmName).equals(algorithmOid)) {
            throw new PdfException(MessageFormatUtil.format(SignExceptionMessageConstant.DIGEST_ALGORITHMS_ARE_NOT_SAME, DigestAlgorithms.getDigest(algorithmOid), digestAlgorithmName));
        }
        ISignatureMechanismParams signatureMechanismParameters = iExternalSignature.getSignatureMechanismParameters();
        if (signatureMechanismParameters == null) {
            cMSContainer.getSignerInfo().setSignatureAlgorithm(new AlgorithmIdentifier(SignatureMechanisms.getSignatureMechanismOid(signatureAlgorithmName, digestAlgorithmName)));
        } else {
            cMSContainer.getSignerInfo().setSignatureAlgorithm(new AlgorithmIdentifier(SignatureMechanisms.getSignatureMechanismOid(signatureAlgorithmName, digestAlgorithmName), signatureMechanismParameters.toEncodable().toASN1Primitive()));
        }
        byte[] sign = iExternalSignature.sign(cMSContainer.getSerializedSignedAttributes());
        cMSContainer.getSignerInfo().setSignature(sign);
        return sign;
    }

    public CMSContainer createCMSContainerWithoutSignature(Certificate[] certificateArr, String str, PdfReader pdfReader, OutputStream outputStream, SignerProperties signerProperties) throws IOException, GeneralSecurityException {
        X509Certificate[] x509CertificateArr = (X509Certificate[]) Arrays.asList(this.issuingCertificateRetriever.retrieveMissingCertificates(certificateArr)).toArray(new X509Certificate[0]);
        PdfTwoPhaseSigner pdfTwoPhaseSigner = new PdfTwoPhaseSigner(pdfReader, outputStream);
        pdfTwoPhaseSigner.setStampingProperties(this.stampingProperties);
        CMSContainer cMSContainer = new CMSContainer();
        SignerInfo signerInfo = new SignerInfo();
        String allowedDigest = DigestAlgorithms.getAllowedDigest(str);
        signerInfo.setSigningCertificateAndAddToSignedAttributes(x509CertificateArr[0], allowedDigest);
        signerInfo.setDigestAlgorithm(new AlgorithmIdentifier(allowedDigest));
        cMSContainer.addCertificates(x509CertificateArr);
        cMSContainer.setSignerInfo(signerInfo);
        int digestLength = ((MessageDigest.getInstance(DigestAlgorithms.getDigest(allowedDigest)).getDigestLength() + ((int) cMSContainer.getSizeEstimation())) * 2) + 2;
        ITSAClient iTSAClient = this.tsaClient;
        if (iTSAClient != null) {
            digestLength += iTSAClient.getTokenSizeEstimate();
        }
        int i = this.estimatedSize;
        signerInfo.setMessageDigest(pdfTwoPhaseSigner.prepareDocumentForSignature(signerProperties, str, PdfName.Adobe_PPKLite, PdfName.ETSI_CAdES_DETACHED, i < 0 ? digestLength : i, true));
        return cMSContainer;
    }

    public PadesTwoPhaseSigningHelper setCrlClient(ICrlClient iCrlClient) {
        this.crlClient = iCrlClient;
        return this;
    }

    public PadesTwoPhaseSigningHelper setEstimatedSize(int i) {
        this.estimatedSize = i;
        return this;
    }

    public PadesTwoPhaseSigningHelper setIssuingCertificateRetriever(IIssuingCertificateRetriever iIssuingCertificateRetriever) {
        this.issuingCertificateRetriever = iIssuingCertificateRetriever;
        return this;
    }

    public PadesTwoPhaseSigningHelper setOcspClient(IOcspClient iOcspClient) {
        this.ocspClient = iOcspClient;
        return this;
    }

    public PadesTwoPhaseSigningHelper setStampingProperties(StampingProperties stampingProperties) {
        this.stampingProperties = stampingProperties;
        if (stampingProperties.isEventCountingMetaInfoSet()) {
            this.stampingPropertiesWithMetaInfo = stampingProperties;
        }
        return this;
    }

    public PadesTwoPhaseSigningHelper setTSAClient(ITSAClient iTSAClient) {
        this.tsaClient = iTSAClient;
        return this;
    }

    public PadesTwoPhaseSigningHelper setTemporaryDirectoryPath(String str) {
        this.temporaryDirectoryPath = str;
        return this;
    }

    public PadesTwoPhaseSigningHelper setTimestampSignatureName(String str) {
        this.timestampSignatureName = str;
        return this;
    }

    public PadesTwoPhaseSigningHelper setTrustedCertificates(List<Certificate> list) {
        this.issuingCertificateRetriever.setTrustedCertificates(list);
        return this;
    }

    public void signCMSContainerWithBaselineBProfile(IExternalSignature iExternalSignature, PdfReader pdfReader, OutputStream outputStream, String str, CMSContainer cMSContainer) throws Exception {
        setSignatureAlgorithmAndSignature(iExternalSignature, cMSContainer);
        try {
            PdfDocument pdfDocument = new PdfDocument(pdfReader, this.stampingProperties);
            try {
                PdfTwoPhaseSigner.addSignatureToPreparedDocument(pdfDocument, str, outputStream, cMSContainer);
                pdfDocument.close();
            } finally {
            }
        } finally {
            outputStream.close();
        }
    }

    public void signCMSContainerWithBaselineLTAProfile(IExternalSignature iExternalSignature, PdfReader pdfReader, OutputStream outputStream, String str, CMSContainer cMSContainer) throws Exception {
        PdfPadesSigner createPadesSigner = createPadesSigner(pdfReader, outputStream);
        createPadesSigner.createRevocationClients(cMSContainer.getSignerInfo().getSigningCertificate(), true);
        try {
            OutputStream createOutputStream = createPadesSigner.createOutputStream();
            try {
                signCMSContainerWithBaselineTProfile(iExternalSignature, pdfReader, createOutputStream, str, cMSContainer);
                InputStream createInputStream = createPadesSigner.createInputStream();
                try {
                    PdfDocument pdfDocument = new PdfDocument(new PdfReader(createInputStream), new PdfWriter(createPadesSigner.createOutputStream()), this.stampingPropertiesWithMetaInfo);
                    try {
                        createPadesSigner.performLtvVerification(pdfDocument, Collections.singletonList(str), LtvVerification.RevocationDataNecessity.REQUIRED_FOR_SIGNING_CERTIFICATE);
                        createPadesSigner.performTimestamping(pdfDocument, outputStream, this.tsaClient);
                        pdfDocument.close();
                        if (createInputStream != null) {
                            createInputStream.close();
                        }
                        if (createOutputStream != null) {
                            createOutputStream.close();
                        }
                    } finally {
                    }
                } finally {
                }
            } finally {
            }
        } finally {
            createPadesSigner.deleteTempFiles();
        }
    }

    public void signCMSContainerWithBaselineLTProfile(IExternalSignature iExternalSignature, PdfReader pdfReader, OutputStream outputStream, String str, CMSContainer cMSContainer) throws Exception {
        PdfPadesSigner createPadesSigner = createPadesSigner(pdfReader, outputStream);
        createPadesSigner.createRevocationClients(cMSContainer.getSignerInfo().getSigningCertificate(), true);
        try {
            OutputStream createOutputStream = createPadesSigner.createOutputStream();
            try {
                signCMSContainerWithBaselineTProfile(iExternalSignature, pdfReader, createOutputStream, str, cMSContainer);
                InputStream createInputStream = createPadesSigner.createInputStream();
                try {
                    PdfDocument pdfDocument = new PdfDocument(new PdfReader(createInputStream), new PdfWriter(outputStream), this.stampingPropertiesWithMetaInfo);
                    try {
                        createPadesSigner.performLtvVerification(pdfDocument, Collections.singletonList(str), LtvVerification.RevocationDataNecessity.REQUIRED_FOR_SIGNING_CERTIFICATE);
                        pdfDocument.close();
                        if (createInputStream != null) {
                            createInputStream.close();
                        }
                        if (createOutputStream != null) {
                            createOutputStream.close();
                        }
                    } finally {
                    }
                } finally {
                }
            } finally {
            }
        } finally {
            createPadesSigner.deleteTempFiles();
        }
    }

    public void signCMSContainerWithBaselineTProfile(IExternalSignature iExternalSignature, PdfReader pdfReader, OutputStream outputStream, String str, CMSContainer cMSContainer) throws Exception {
        byte[] signatureAlgorithmAndSignature = setSignatureAlgorithmAndSignature(iExternalSignature, cMSContainer);
        ITSAClient iTSAClient = this.tsaClient;
        if (iTSAClient == null) {
            throw new PdfException(SignExceptionMessageConstant.TSA_CLIENT_IS_MISSING);
        }
        byte[] timeStampToken = this.tsaClient.getTimeStampToken(iTSAClient.getMessageDigest().digest(signatureAlgorithmAndSignature));
        IBouncyCastleFactory iBouncyCastleFactory = FACTORY;
        IASN1InputStream createASN1InputStream = iBouncyCastleFactory.createASN1InputStream(new ByteArrayInputStream(timeStampToken));
        try {
            cMSContainer.getSignerInfo().addUnSignedAttribute(new CmsAttribute(SecurityIDs.ID_AA_TIME_STAMP_TOKEN, iBouncyCastleFactory.createDERSet(iBouncyCastleFactory.createASN1Sequence((IASN1Encodable) createASN1InputStream.readObject()))));
            if (createASN1InputStream != null) {
                createASN1InputStream.close();
            }
            try {
                PdfDocument pdfDocument = new PdfDocument(pdfReader, this.stampingProperties);
                try {
                    PdfTwoPhaseSigner.addSignatureToPreparedDocument(pdfDocument, str, outputStream, cMSContainer);
                    pdfDocument.close();
                } finally {
                }
            } finally {
                outputStream.close();
            }
        } catch (Throwable th) {
            try {
                throw th;
            } catch (Throwable th2) {
                if (createASN1InputStream != null) {
                    try {
                        createASN1InputStream.close();
                    } catch (Throwable th3) {
                        th.addSuppressed(th3);
                    }
                }
                throw th2;
            }
        }
    }
}
