package es.gob.afirma.signers.pades;

import com.lowagie.text.DocumentException;
import com.lowagie.text.pdf.C0031av;
import com.lowagie.text.pdf.aZ;
import com.lowagie.text.pdf.bM;
import com.lowagie.text.pdf.bW;
import es.gob.afirma.core.AOException;
import es.gob.afirma.core.misc.AOUtil;
import es.gob.afirma.core.misc.Base64;
import es.gob.afirma.core.signers.AOSignConstants;
import es.gob.afirma.core.signers.AdESPolicy;
import es.gob.afirma.signers.cades.CAdESTriPhaseSigner;
import es.gob.afirma.signers.pkcs7.AOAlgorithmID;
import es.gob.afirma.signers.tsp.pkcs7.CMSTimestamper;
import es.gob.afirma.signers.tsp.pkcs7.TsaRequestExtension;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.net.URI;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.X509Certificate;
import java.util.GregorianCalendar;
import java.util.Properties;
import java.util.logging.Logger;

/* loaded from: input_file:es/gob/afirma/signers/pades/PAdESTriPhaseSigner.class */
public final class PAdESTriPhaseSigner {
    public static final int LAST_PAGE = -666;
    public static final String ITEXT_VERSION = "2.1.7";
    private static final Logger a = Logger.getLogger("es.gob.afirma");

    private PAdESTriPhaseSigner() {
    }

    public static PdfSignResult preSign(String str, byte[] bArr, X509Certificate[] x509CertificateArr, GregorianCalendar gregorianCalendar, Properties properties) {
        boolean z;
        Properties properties2 = properties != null ? properties : new Properties();
        PdfTriPhaseSession sessionData = PdfSessionManager.getSessionData(bArr, x509CertificateArr, gregorianCalendar, properties2);
        if (properties2.containsKey("signingCertificateV2")) {
            z = Boolean.parseBoolean(properties2.getProperty("signingCertificateV2"));
        } else {
            z = !"SHA1".equals(AOSignConstants.getDigestAlgorithmName(str));
        }
        byte[] dataFromInputStream = AOUtil.getDataFromInputStream(sessionData.getSAP().p());
        try {
            MessageDigest messageDigest = MessageDigest.getInstance(AOSignConstants.getDigestAlgorithmName(str));
            messageDigest.update(dataFromInputStream);
            return new PdfSignResult(sessionData.getFileID(), CAdESTriPhaseSigner.preSign(AOSignConstants.getDigestAlgorithmName(str), null, x509CertificateArr, new AdESPolicy(properties2), z, messageDigest.digest(), gregorianCalendar.getTime(), true, "1.2.826.0.1089.1.5", "Documento en formato PDF"), gregorianCalendar, properties2);
        } catch (NoSuchAlgorithmException e) {
            throw new AOException("El algoritmo de huella digital no es valido", (Exception) e);
        }
    }

    public static byte[] postSign(String str, byte[] bArr, X509Certificate[] x509CertificateArr, byte[] bArr2, PdfSignResult pdfSignResult, SignEnhancer signEnhancer, Properties properties) {
        return a(bArr, x509CertificateArr, a(str, x509CertificateArr, pdfSignResult.a(), bArr2, pdfSignResult.getSign(), pdfSignResult.getFileID(), pdfSignResult.b(), signEnhancer, properties));
    }

    private static PdfSignResult a(String str, X509Certificate[] x509CertificateArr, Properties properties, byte[] bArr, byte[] bArr2, String str2, GregorianCalendar gregorianCalendar, SignEnhancer signEnhancer, Properties properties2) {
        URI uri;
        byte[] postSign = CAdESTriPhaseSigner.postSign(AOSignConstants.getDigestAlgorithmName(str), null, x509CertificateArr, bArr, bArr2);
        if (signEnhancer != null) {
            postSign = signEnhancer.enhance(postSign, properties2);
        }
        Properties properties3 = properties != null ? properties : new Properties();
        String property = properties3.getProperty("tsaURL");
        if (property != null) {
            try {
                uri = new URI(property);
            } catch (Exception e) {
                a.warning("Se ha indicado una URL de TSA invalida (" + property + "), no se anadira sello de tiempo: " + e);
                uri = null;
            }
            if (uri != null) {
                String property2 = properties3.getProperty("tsaPolicy");
                if (property2 == null) {
                    a.warning("Se ha indicado una URL de TSA pero no una politica, no se anadira sello de tiempo");
                } else {
                    String property3 = properties3.getProperty("tsaHashAlgorithm");
                    postSign = new CMSTimestamper(!Boolean.FALSE.toString().equalsIgnoreCase(properties3.getProperty("tsaRequireCert")), property2, uri, properties3.getProperty("tsaUsr"), properties3.getProperty("tsaPwd"), (properties3.getProperty("tsaExtensionOid") == null || properties3.getProperty("tsaExtensionValueBase64") == null) ? null : new TsaRequestExtension[]{new TsaRequestExtension(properties3.getProperty("tsaExtensionOid"), Boolean.getBoolean(properties3.getProperty("tsaExtensionCritical", "false")), Base64.decode(properties3.getProperty("tsaExtensionValueBase64")))}).addTimestamp(postSign, AOAlgorithmID.getOID(AOSignConstants.getDigestAlgorithmName(property3 != null ? property3 : "SHA1")));
                }
            }
        }
        return new PdfSignResult(str2, postSign, gregorianCalendar, properties);
    }

    private static byte[] a(byte[] bArr, X509Certificate[] x509CertificateArr, PdfSignResult pdfSignResult) {
        byte[] bArr2 = new byte[27000];
        if (pdfSignResult.getSign().length > 27000) {
            throw new AOException("El tamano de la firma (" + pdfSignResult.getSign().length + ") supera el maximo permitido para un PDF (27000)");
        }
        C0031av c0031av = new C0031av();
        System.arraycopy(pdfSignResult.getSign(), 0, bArr2, 0, pdfSignResult.getSign().length);
        c0031av.a(aZ.at, new bW(bArr2).a(true));
        try {
            PdfTriPhaseSession sessionData = PdfSessionManager.getSessionData(bArr, x509CertificateArr, pdfSignResult.b(), pdfSignResult.a());
            bM sap = sessionData.getSAP();
            ByteArrayOutputStream baos = sessionData.getBAOS();
            String fileID = sessionData.getFileID();
            try {
                sap.a(c0031av);
                byte[] bytes = new String(baos.toByteArray(), "ISO-8859-1").replace(fileID, pdfSignResult.getFileID()).getBytes("ISO-8859-1");
                baos.close();
                return bytes;
            } catch (Exception e) {
                baos.close();
                throw new AOException("Error al cerrar el PDF para finalizar el proceso de firma", e);
            }
        } catch (DocumentException e2) {
            throw new IOException(e2);
        }
    }
}
