package com.itextpdf.signatures;

import com.itextpdf.bouncycastleconnector.BouncyCastleFactoryCreator;
import com.itextpdf.kernel.exceptions.PdfException;
import com.itextpdf.kernel.pdf.PdfDictionary;
import com.itextpdf.kernel.pdf.PdfName;
import com.itextpdf.signatures.PdfSigner;
import java.io.IOException;
import java.io.InputStream;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;

/* loaded from: classes2.dex */
public class PKCS7ExternalSignatureContainer implements IExternalSignatureContainer {
    private final Certificate[] chain;
    private ICrlClient crlClient;
    private final String hashAlgorithm;
    private IOcspClient ocspClient;
    private final PrivateKey privateKey;
    private PdfSigner.CryptoStandard sigType = PdfSigner.CryptoStandard.CMS;
    private SignaturePolicyInfo signaturePolicy;
    private ITSAClient tsaClient;

    public PKCS7ExternalSignatureContainer(PrivateKey privateKey, Certificate[] certificateArr, String str) {
        this.hashAlgorithm = str;
        this.chain = certificateArr;
        this.privateKey = privateKey;
    }

    @Override // com.itextpdf.signatures.IExternalSignatureContainer
    public void modifySigningDictionary(PdfDictionary pdfDictionary) {
        pdfDictionary.put(PdfName.Filter, PdfName.Adobe_PPKLite);
        pdfDictionary.put(PdfName.SubFilter, this.sigType == PdfSigner.CryptoStandard.CADES ? PdfName.ETSI_CAdES_DETACHED : PdfName.Adbe_pkcs7_detached);
    }

    public void setCrlClient(ICrlClient iCrlClient) {
        this.crlClient = iCrlClient;
    }

    public void setOcspClient(IOcspClient iOcspClient) {
        this.ocspClient = iOcspClient;
    }

    public void setSignaturePolicy(SignaturePolicyInfo signaturePolicyInfo) {
        this.signaturePolicy = signaturePolicyInfo;
    }

    public void setSignatureType(PdfSigner.CryptoStandard cryptoStandard) {
        this.sigType = cryptoStandard;
    }

    public void setTsaClient(ITSAClient iTSAClient) {
        this.tsaClient = iTSAClient;
    }

    @Override // com.itextpdf.signatures.IExternalSignatureContainer
    public byte[] sign(InputStream inputStream) {
        PdfPKCS7 pdfPKCS7 = new PdfPKCS7(null, this.chain, this.hashAlgorithm, null, new BouncyCastleDigest(), false);
        SignaturePolicyInfo signaturePolicyInfo = this.signaturePolicy;
        if (signaturePolicyInfo != null) {
            pdfPKCS7.setSignaturePolicy(signaturePolicyInfo);
        }
        try {
            byte[] digest = DigestAlgorithms.digest(inputStream, SignUtils.getMessageDigest(this.hashAlgorithm));
            int i = 0;
            int i9 = 0;
            Collection<byte[]> collection = null;
            while (true) {
                ICrlClient iCrlClient = this.crlClient;
                if (iCrlClient == null || collection != null) {
                    break;
                }
                Certificate[] certificateArr = this.chain;
                if (i9 >= certificateArr.length) {
                    break;
                }
                collection = iCrlClient.getEncoded((X509Certificate) certificateArr[i9], null);
                i9++;
            }
            ArrayList arrayList = new ArrayList();
            if (this.chain.length > 1 && this.ocspClient != null) {
                while (true) {
                    Certificate[] certificateArr2 = this.chain;
                    if (i >= certificateArr2.length - 1) {
                        break;
                    }
                    IOcspClient iOcspClient = this.ocspClient;
                    X509Certificate x509Certificate = (X509Certificate) certificateArr2[i];
                    i++;
                    byte[] encoded = iOcspClient.getEncoded(x509Certificate, (X509Certificate) certificateArr2[i], null);
                    if (encoded != null) {
                        arrayList.add(encoded);
                    }
                }
            }
            byte[] authenticatedAttributeBytes = pdfPKCS7.getAuthenticatedAttributeBytes(digest, this.sigType, arrayList, collection);
            PrivateKeySignature privateKeySignature = new PrivateKeySignature(this.privateKey, this.hashAlgorithm, BouncyCastleFactoryCreator.getFactory().getProviderName());
            pdfPKCS7.setExternalSignatureValue(privateKeySignature.sign(authenticatedAttributeBytes), null, privateKeySignature.getSignatureAlgorithmName(), privateKeySignature.getSignatureMechanismParameters());
            return pdfPKCS7.getEncodedPKCS7(digest, this.sigType, this.tsaClient, arrayList, collection);
        } catch (IOException e7) {
            throw new PdfException(e7);
        }
    }
}
