package com.itextpdf.signatures;

import com.itextpdf.bouncycastleconnector.BouncyCastleFactoryCreator;
import com.itextpdf.commons.bouncycastle.IBouncyCastleFactory;
import com.itextpdf.commons.utils.FileUtil;
import com.itextpdf.commons.utils.MessageFormatUtil;
import com.itextpdf.kernel.exceptions.PdfException;
import com.itextpdf.kernel.pdf.PdfDocument;
import com.itextpdf.kernel.pdf.PdfReader;
import com.itextpdf.kernel.pdf.PdfWriter;
import com.itextpdf.kernel.pdf.StampingProperties;
import com.itextpdf.signatures.LtvVerification;
import com.itextpdf.signatures.PdfSigner;
import com.itextpdf.signatures.exceptions.SignExceptionMessageConstant;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;

/* loaded from: classes2.dex */
public class PdfPadesSigner {
    private static final String DEFAULT_DIGEST_ALGORITHM = "SHA-512";
    private static final String TEMP_FILE_NAME = "tempPdfFile";
    private ICrlClient crlClient;
    private final OutputStream outputStream;
    private final PdfReader reader;
    private File tempFile;
    private ByteArrayOutputStream tempOutputStream;
    private String timestampSignatureName;
    private static final IBouncyCastleFactory FACTORY = BouncyCastleFactoryCreator.getFactory();
    private static final Object LOCK_OBJECT = new Object();
    private static long increment = 0;
    private IOcspClient ocspClient = null;
    private int estimatedSize = 0;
    private String temporaryDirectoryPath = null;
    private IExternalDigest externalDigest = new BouncyCastleDigest();
    private StampingProperties stampingProperties = new StampingProperties().useAppendMode();
    private final Set<File> tempFiles = new HashSet();

    public PdfPadesSigner(PdfReader pdfReader, OutputStream outputStream) {
        this.reader = pdfReader;
        this.outputStream = outputStream;
    }

    private InputStream createInputStream() {
        return this.temporaryDirectoryPath != null ? FileUtil.getInputStreamForFile(this.tempFile) : new ByteArrayInputStream(this.tempOutputStream.toByteArray());
    }

    private OutputStream createOutputStream() {
        if (this.temporaryDirectoryPath != null) {
            return FileUtil.getFileOutputStream(getNextTempFile());
        }
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        this.tempOutputStream = byteArrayOutputStream;
        return byteArrayOutputStream;
    }

    private PdfSigner createPdfSigner(SignerProperties signerProperties, boolean z5) {
        PdfSigner pdfSigner = new PdfSigner(this.reader, z5 ? this.outputStream : createOutputStream(), this.temporaryDirectoryPath != null ? getNextTempFile().getAbsolutePath() : null, this.stampingProperties);
        pdfSigner.setFieldLockDict(signerProperties.getFieldLockDict());
        pdfSigner.setFieldName(signerProperties.getFieldName());
        signerProperties.setFieldName(pdfSigner.getFieldName());
        pdfSigner.setCertificationLevel(signerProperties.getCertificationLevel());
        pdfSigner.setPageRect(signerProperties.getPageRect());
        pdfSigner.setPageNumber(signerProperties.getPageNumber());
        pdfSigner.setSignDate(signerProperties.getSignDate());
        pdfSigner.setSignatureCreator(signerProperties.getSignatureCreator());
        pdfSigner.setContact(signerProperties.getContact());
        pdfSigner.setSignatureAppearance(signerProperties.getSignatureAppearance());
        return pdfSigner;
    }

    private void createRevocationClients(Certificate[] certificateArr, boolean z5) {
        if (this.crlClient == null && this.ocspClient == null && z5) {
            X509Certificate x509Certificate = (X509Certificate) certificateArr[0];
            if (CertificateUtil.getOCSPURL(x509Certificate) == null && CertificateUtil.getCRLURL(x509Certificate) == null) {
                throw new PdfException(SignExceptionMessageConstant.DEFAULT_CLIENTS_CANNOT_BE_CREATED);
            }
        }
        if (this.crlClient == null) {
            this.crlClient = new CrlClientOnline(certificateArr);
        }
        if (this.ocspClient == null) {
            this.ocspClient = new OcspClientBouncyCastle(null);
        }
    }

    private void deleteTempFiles() {
        Iterator<File> it = this.tempFiles.iterator();
        while (it.hasNext()) {
            it.next().delete();
        }
    }

    private File getNextTempFile() {
        File file;
        if (!FileUtil.directoryExists(this.temporaryDirectoryPath)) {
            throw new PdfException(MessageFormatUtil.format(SignExceptionMessageConstant.PATH_IS_NOT_DIRECTORY, this.temporaryDirectoryPath));
        }
        synchronized (LOCK_OBJECT) {
            do {
                increment++;
                file = new File(this.temporaryDirectoryPath + "/" + TEMP_FILE_NAME + increment + ".pdf");
                this.tempFile = file;
            } while (file.exists());
            this.tempFiles.add(this.tempFile);
        }
        return this.tempFile;
    }

    private void performLtvVerification(PdfDocument pdfDocument, List<String> list) {
        LtvVerification ltvVerification = new LtvVerification(pdfDocument);
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            ltvVerification.addVerification(it.next(), this.ocspClient, this.crlClient, LtvVerification.CertificateOption.WHOLE_CHAIN, LtvVerification.Level.OCSP_OPTIONAL_CRL, LtvVerification.CertificateInclusion.YES);
        }
        ltvVerification.merge();
    }

    private void performSignDetached(SignerProperties signerProperties, boolean z5, IExternalSignature iExternalSignature, Certificate[] certificateArr, ITSAClient iTSAClient) {
        PdfSigner createPdfSigner = createPdfSigner(signerProperties, z5);
        try {
            createPdfSigner.signDetached(this.externalDigest, iExternalSignature, certificateArr, null, null, iTSAClient, this.estimatedSize, PdfSigner.CryptoStandard.CADES);
        } finally {
            createPdfSigner.originalOS.close();
        }
    }

    private void performTimestamping(PdfDocument pdfDocument, OutputStream outputStream, ITSAClient iTSAClient) {
        new PdfSigner(pdfDocument, outputStream, this.tempOutputStream, this.tempFile).timestamp(iTSAClient, this.timestampSignatureName);
    }

    public void prolongSignatures() {
        prolongSignatures(null);
    }

    public void prolongSignatures(ITSAClient iTSAClient) {
        PdfDocument pdfDocument = new PdfDocument(this.reader, new PdfWriter(iTSAClient == null ? this.outputStream : createOutputStream()), new StampingProperties().useAppendMode());
        try {
            List<String> signatureNames = new SignatureUtil(pdfDocument).getSignatureNames();
            if (signatureNames.isEmpty()) {
                throw new PdfException(SignExceptionMessageConstant.NO_SIGNATURES_TO_PROLONG);
            }
            createRevocationClients(new Certificate[0], false);
            performLtvVerification(pdfDocument, signatureNames);
            if (iTSAClient != null) {
                performTimestamping(pdfDocument, this.outputStream, iTSAClient);
            }
            pdfDocument.close();
        } catch (Throwable th) {
            try {
                throw th;
            } catch (Throwable th2) {
                try {
                    pdfDocument.close();
                } catch (Throwable th3) {
                    th.addSuppressed(th3);
                }
                throw th2;
            }
        }
    }

    public PdfPadesSigner setCrlClient(ICrlClient iCrlClient) {
        this.crlClient = iCrlClient;
        return this;
    }

    public PdfPadesSigner setEstimatedSize(int i) {
        this.estimatedSize = i;
        return this;
    }

    public PdfPadesSigner setExternalDigest(IExternalDigest iExternalDigest) {
        this.externalDigest = iExternalDigest;
        return this;
    }

    public PdfPadesSigner setOcspClient(IOcspClient iOcspClient) {
        this.ocspClient = iOcspClient;
        return this;
    }

    public PdfPadesSigner setStampingProperties(StampingProperties stampingProperties) {
        this.stampingProperties = stampingProperties;
        return this;
    }

    public PdfPadesSigner setTemporaryDirectoryPath(String str) {
        this.temporaryDirectoryPath = str;
        return this;
    }

    public PdfPadesSigner setTimestampSignatureName(String str) {
        this.timestampSignatureName = str;
        return this;
    }

    public void signWithBaselineBProfile(SignerProperties signerProperties, Certificate[] certificateArr, IExternalSignature iExternalSignature) {
        performSignDetached(signerProperties, true, iExternalSignature, certificateArr, null);
    }

    public void signWithBaselineBProfile(SignerProperties signerProperties, Certificate[] certificateArr, PrivateKey privateKey) {
        signWithBaselineBProfile(signerProperties, certificateArr, new PrivateKeySignature(privateKey, "SHA-512", FACTORY.getProviderName()));
    }

    public void signWithBaselineLTAProfile(SignerProperties signerProperties, Certificate[] certificateArr, IExternalSignature iExternalSignature, ITSAClient iTSAClient) {
        createRevocationClients(certificateArr, true);
        try {
            performSignDetached(signerProperties, false, iExternalSignature, certificateArr, iTSAClient);
            InputStream createInputStream = createInputStream();
            try {
                PdfDocument pdfDocument = new PdfDocument(new PdfReader(createInputStream), new PdfWriter(createOutputStream()), new StampingProperties().useAppendMode());
                try {
                    performLtvVerification(pdfDocument, Collections.singletonList(signerProperties.getFieldName()));
                    performTimestamping(pdfDocument, this.outputStream, iTSAClient);
                    pdfDocument.close();
                    if (createInputStream != null) {
                        createInputStream.close();
                    }
                    deleteTempFiles();
                } finally {
                }
            } finally {
            }
        } catch (Throwable th) {
            deleteTempFiles();
            throw th;
        }
    }

    public void signWithBaselineLTAProfile(SignerProperties signerProperties, Certificate[] certificateArr, PrivateKey privateKey, ITSAClient iTSAClient) {
        signWithBaselineLTAProfile(signerProperties, certificateArr, new PrivateKeySignature(privateKey, "SHA-512", FACTORY.getProviderName()), iTSAClient);
    }

    public void signWithBaselineLTProfile(SignerProperties signerProperties, Certificate[] certificateArr, IExternalSignature iExternalSignature, ITSAClient iTSAClient) {
        createRevocationClients(certificateArr, true);
        try {
            performSignDetached(signerProperties, false, iExternalSignature, certificateArr, iTSAClient);
            InputStream createInputStream = createInputStream();
            try {
                PdfDocument pdfDocument = new PdfDocument(new PdfReader(createInputStream), new PdfWriter(this.outputStream), new StampingProperties().useAppendMode());
                try {
                    performLtvVerification(pdfDocument, Collections.singletonList(signerProperties.getFieldName()));
                    pdfDocument.close();
                    if (createInputStream != null) {
                        createInputStream.close();
                    }
                    deleteTempFiles();
                } finally {
                }
            } finally {
            }
        } catch (Throwable th) {
            deleteTempFiles();
            throw th;
        }
    }

    public void signWithBaselineLTProfile(SignerProperties signerProperties, Certificate[] certificateArr, PrivateKey privateKey, ITSAClient iTSAClient) {
        signWithBaselineLTProfile(signerProperties, certificateArr, new PrivateKeySignature(privateKey, "SHA-512", FACTORY.getProviderName()), iTSAClient);
    }

    public void signWithBaselineTProfile(SignerProperties signerProperties, Certificate[] certificateArr, IExternalSignature iExternalSignature, ITSAClient iTSAClient) {
        performSignDetached(signerProperties, true, iExternalSignature, certificateArr, iTSAClient);
    }

    public void signWithBaselineTProfile(SignerProperties signerProperties, Certificate[] certificateArr, PrivateKey privateKey, ITSAClient iTSAClient) {
        signWithBaselineTProfile(signerProperties, certificateArr, new PrivateKeySignature(privateKey, "SHA-512", FACTORY.getProviderName()), iTSAClient);
    }
}
