package cfca.seal.sadk.security.external;

import cfca.com.itextpdf.text.pdf.PdfDictionary;
import cfca.com.itextpdf.text.pdf.PdfName;
import cfca.com.itextpdf.text.pdf.security.CrlClient;
import cfca.com.itextpdf.text.pdf.security.DigestAlgorithms;
import cfca.com.itextpdf.text.pdf.security.ExternalDigest;
import cfca.com.itextpdf.text.pdf.security.ExternalSignature;
import cfca.com.itextpdf.text.pdf.security.ExternalSignatureContainer;
import cfca.com.itextpdf.text.pdf.security.MakeSignature;
import cfca.com.itextpdf.text.pdf.security.OcspClient;
import cfca.com.itextpdf.text.pdf.security.PdfPKCS7;
import cfca.com.itextpdf.text.pdf.security.TSAClient;
import cfca.org.slf4j.Logger;
import cfca.org.slf4j.LoggerFactory;
import cfca.sadk.algorithm.common.Mechanism;
import cfca.sadk.algorithm.common.PKCS7SignedData;
import cfca.sadk.algorithm.common.PKIException;
import cfca.sadk.lib.crypto.bcsoft.BCSoftLib;
import cfca.sadk.org.bouncycastle.asn1.sm2.ASN1SM2Signature;
import cfca.sadk.util.Base64;
import cfca.sadk.x509.certificate.X509Cert;
import cfca.seal.sadk.PrePdfSeal;
import cfca.seal.sadk.cert.PdfX509Certificate;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.GeneralSecurityException;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Calendar;
import java.util.Collection;
import java.util.Iterator;
import org.apache.commons.io.IOUtils;

/* loaded from: input_file:cfca/seal/sadk/security/external/DoneExternalSessionSignatureContainer.class */
public class DoneExternalSessionSignatureContainer implements ExternalSignatureContainer {
    private PdfDictionary sigDic;
    private Certificate[] chain;
    private Collection<CrlClient> crlList;
    private OcspClient ocspClient;
    private TSAClient tsaClient;
    private MakeSignature.CryptoStandard cryptoStandard;
    private ExternalSignature externalSignature;
    private ExternalDigest externalDigest;
    private int externalSignatureSize;
    private int deferredType;
    private static Logger logger = LoggerFactory.getLogger(DoneExternalSessionSignatureContainer.class);

    public DoneExternalSessionSignatureContainer(PdfDictionary pdfDictionary) {
        this.sigDic = pdfDictionary;
    }

    public DoneExternalSessionSignatureContainer(PdfName pdfName, PdfName pdfName2) {
        this.sigDic = new PdfDictionary();
        this.sigDic.put(PdfName.FILTER, pdfName);
        this.sigDic.put(PdfName.SUBFILTER, pdfName2);
    }

    public DoneExternalSessionSignatureContainer(PdfName pdfName, PdfName pdfName2, ExternalDigest externalDigest, ExternalSignature externalSignature) {
        this.sigDic = new PdfDictionary();
        this.sigDic.put(PdfName.FILTER, pdfName);
        this.sigDic.put(PdfName.SUBFILTER, pdfName2);
        this.externalDigest = externalDigest;
        this.externalSignature = externalSignature;
    }

    @Override // cfca.com.itextpdf.text.pdf.security.ExternalSignatureContainer
    public byte[] sign(InputStream inputStream) throws GeneralSecurityException {
        String encryptionAlgorithm = this.externalSignature.getEncryptionAlgorithm();
        String hashAlgorithm = this.externalSignature.getHashAlgorithm();
        PdfName asName = this.sigDic.getAsName(PdfName.FILTER);
        PdfName asName2 = this.sigDic.getAsName(PdfName.SUBFILTER);
        byte[] bArr = new byte[0];
        Collection<byte[]> collection = null;
        int i = 0;
        while (null != this.chain && collection == null && i < this.chain.length) {
            try {
                int i2 = i;
                i++;
                collection = MakeSignature.processCrl(this.chain[i2], this.crlList);
            } catch (PKIException e) {
                throw new GeneralSecurityException(e.getMessage());
            } catch (IOException e2) {
                throw new GeneralSecurityException(e2.getMessage());
            }
        }
        if ("RSA".equals(encryptionAlgorithm) && PdfName.ADOBE_PPKLITE.equals(asName) && (PdfName.ADBE_PKCS7_SHA1.equals(asName2) || PdfName.ETSI_CADES_DETACHED.equals(asName2) || PdfName.ADBE_PKCS7_DETACHED.equals(asName2))) {
            if (64 == (64 & this.deferredType) && 2 == (2 & this.deferredType)) {
                logger.info("external rsa pkcs1 encoded");
                PdfPKCS7 pdfPKCS7 = new PdfPKCS7(null, this.chain, hashAlgorithm, null, this.externalDigest, false);
                byte[] digest = DigestAlgorithms.digest(inputStream, this.externalDigest.getMessageDigest(hashAlgorithm));
                Calendar calendar = Calendar.getInstance();
                byte[] bArr2 = null;
                if (this.chain.length >= 2 && this.ocspClient != null) {
                    bArr2 = this.ocspClient.getEncoded((X509Certificate) this.chain[0], (X509Certificate) this.chain[1], null);
                }
                byte[] sign = this.externalSignature.sign(pdfPKCS7.getAuthenticatedAttributeBytes(digest, calendar, bArr2, collection, this.cryptoStandard));
                logger.info("base 64 signature string:" + new String(Base64.encode(sign), "utf8"));
                pdfPKCS7.setExternalDigest(sign, null, this.externalSignature.getEncryptionAlgorithm());
                bArr = pdfPKCS7.getEncodedPKCS7(digest, calendar, this.tsaClient, bArr2, collection, this.cryptoStandard);
            } else if (32 == (32 & this.deferredType) && 2 == (2 & this.deferredType)) {
                logger.info("external rsa pkcs1 full");
                byte[] byteArray = IOUtils.toByteArray(inputStream);
                IOUtils.closeQuietly(inputStream);
                byte[] sign2 = this.externalSignature.sign(byteArray);
                logger.info("base 64 signature string:" + new String(Base64.encode(sign2), "utf8"));
                PKCS7SignedData pKCS7SignedData = new PKCS7SignedData(new BCSoftLib());
                X509Cert x509Cert = new X509Cert(this.chain[0].getEncoded());
                Mechanism mechanism = null;
                if ("SHA1".equals(hashAlgorithm)) {
                    mechanism = new Mechanism("sha1WithRSAEncryption");
                } else if ("SHA256".equals(hashAlgorithm)) {
                    mechanism = new Mechanism("sha256WithRSAEncryption");
                } else if ("SHA512".equals(hashAlgorithm)) {
                    mechanism = new Mechanism("sha512WithRSAEncryption");
                }
                bArr = pKCS7SignedData.packageSignedData(false, (String) null, (byte[]) null, sign2, mechanism, new X509Cert[]{x509Cert});
            } else if (32 == (32 & this.deferredType) && 4 == (4 & this.deferredType)) {
                logger.info("external rsa pkcs7");
                byte[] byteArray2 = IOUtils.toByteArray(inputStream);
                IOUtils.closeQuietly(inputStream);
                bArr = this.externalSignature.sign(byteArray2);
                logger.info("base 64 signature string:" + new String(Base64.encode(bArr), "utf8"));
            }
        } else if ("RSA".equals(encryptionAlgorithm) && PdfName.CFCA_TrustSignPDF.equals(asName) && PdfName.RSA_BASE64_SHA1.equals(asName2)) {
            logger.info("external rsa base64 sha1");
            PdfPKCS7 pdfPKCS72 = new PdfPKCS7(null, this.chain, hashAlgorithm, null, this.externalDigest, false);
            byte[] byteArray3 = IOUtils.toByteArray(inputStream);
            IOUtils.closeQuietly(inputStream);
            byte[] encode = Base64.encode(DigestAlgorithms.digest(new ByteArrayInputStream(byteArray3), this.externalDigest.getMessageDigest(hashAlgorithm)));
            pdfPKCS72.setExternalDigest(this.externalSignature.sign(encode), null, this.externalSignature.getEncryptionAlgorithm());
            bArr = pdfPKCS72.getEncodedPKCS7(encode, null, this.tsaClient, null, null, this.cryptoStandard);
        } else if (PrePdfSeal.EncryptionAlgorithm.SM2.equals(encryptionAlgorithm) && 32 == (32 & this.deferredType) && 8 == (8 & this.deferredType)) {
            byte[] byteArray4 = IOUtils.toByteArray(inputStream);
            logger.info("external sm2 pkcs1");
            try {
                Mechanism mechanism2 = new Mechanism("sm3WithSM2Encryption");
                byte[] sign3 = this.externalSignature.sign(byteArray4);
                logger.info("base 64 signature string:" + new String(Base64.encode(sign3), "utf8"));
                bArr = new PKCS7SignedData(new BCSoftLib()).packageSignedData(false, (String) null, (byte[]) null, new ASN1SM2Signature(sign3).getRSRaw64Bytes(), mechanism2, new X509Cert[]{((PdfX509Certificate) this.chain[0]).getX509Cert()});
            } catch (PKIException e3) {
                throw new GeneralSecurityException(e3.getMessage());
            }
        } else if (PrePdfSeal.EncryptionAlgorithm.SM2.equals(encryptionAlgorithm) && 32 == (32 & this.deferredType) && 16 == (16 & this.deferredType)) {
            logger.info("external sm2 pkcs7");
            byte[] byteArray5 = IOUtils.toByteArray(inputStream);
            IOUtils.closeQuietly(inputStream);
            bArr = this.externalSignature.sign(byteArray5);
            logger.info("base 64 signature string:" + new String(Base64.encode(bArr), "utf8"));
        }
        return bArr;
    }

    @Override // cfca.com.itextpdf.text.pdf.security.ExternalSignatureContainer
    public void modifySigningDictionary(PdfDictionary pdfDictionary) {
        pdfDictionary.putAll(this.sigDic);
    }

    public void setTSAClient(TSAClient tSAClient) {
        this.tsaClient = tSAClient;
    }

    public void setCryptoStandard(MakeSignature.CryptoStandard cryptoStandard) {
        this.cryptoStandard = cryptoStandard;
    }

    public void setCertificateChain(Certificate[] certificateArr) {
        this.chain = certificateArr;
    }

    public void setDeferredType(int i) {
        this.deferredType = i;
    }

    public int getExternalSignatureSize() {
        Collection<byte[]> collection = null;
        int i = 0;
        while (null != this.chain && collection == null && i < this.chain.length) {
            int i2 = i;
            i++;
            collection = MakeSignature.processCrl(this.chain[i2], this.crlList);
        }
        if (this.externalSignatureSize == 0) {
            this.externalSignatureSize = 8192;
            if (collection != null) {
                Iterator<byte[]> it = collection.iterator();
                while (it.hasNext()) {
                    this.externalSignatureSize += it.next().length + 10;
                }
            }
            if (this.ocspClient != null) {
                this.externalSignatureSize += 4192;
            }
            if (this.tsaClient != null) {
                this.externalSignatureSize += 4192;
            }
        }
        return this.externalSignatureSize;
    }
}
