package cfca.seal.sadk.security.deferred;

import cfca.com.itextpdf.text.pdf.PdfDate;
import cfca.com.itextpdf.text.pdf.PdfDictionary;
import cfca.com.itextpdf.text.pdf.PdfName;
import cfca.com.itextpdf.text.pdf.security.ExternalBlankSignatureContainer;
import cfca.com.itextpdf.text.pdf.security.ExternalDigest;
import cfca.com.itextpdf.text.pdf.security.ExternalSignature;
import cfca.com.itextpdf.text.pdf.security.MakeSignature;
import cfca.com.itextpdf.text.pdf.security.PdfPKCS7;
import cfca.com.itextpdf.text.pdf.security.TSAClientBouncyCastle;
import cfca.sadk.algorithm.common.Mechanism;
import cfca.sadk.algorithm.common.PKCS7SignedData;
import cfca.sadk.algorithm.common.PKIException;
import cfca.sadk.lib.crypto.bcsoft.BCSoftLib;
import cfca.sadk.org.bouncycastle.asn1.ASN1InputStream;
import cfca.sadk.org.bouncycastle.asn1.ASN1Integer;
import cfca.sadk.org.bouncycastle.asn1.ASN1Sequence;
import cfca.sadk.x509.certificate.X509Cert;
import cfca.seal.sadk.PrePdfSeal;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.GeneralSecurityException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;

/* loaded from: input_file:cfca/seal/sadk/security/deferred/ExternalReservedSignatureContainer.class */
public class ExternalReservedSignatureContainer extends ExternalBlankSignatureContainer {
    private ExternalSignature externalSignature;
    private ExternalDigest externalDigest;
    private ReservedPdfPKCS7 reservedPdfPKCS7;

    public ExternalReservedSignatureContainer(PdfDictionary pdfDictionary) {
        super(pdfDictionary);
    }

    public ExternalReservedSignatureContainer(PdfName pdfName, PdfName pdfName2) {
        super(pdfName, pdfName2);
    }

    public ExternalReservedSignatureContainer(PdfName pdfName, PdfName pdfName2, ExternalDigest externalDigest, ExternalSignature externalSignature, ReservedPdfPKCS7 reservedPdfPKCS7) {
        super(pdfName, pdfName2);
        this.externalDigest = externalDigest;
        this.externalSignature = externalSignature;
        this.reservedPdfPKCS7 = reservedPdfPKCS7;
    }

    @Override // cfca.com.itextpdf.text.pdf.security.ExternalBlankSignatureContainer, cfca.com.itextpdf.text.pdf.security.ExternalSignatureContainer
    public byte[] sign(InputStream inputStream) throws GeneralSecurityException {
        String hashAlgorithm = this.externalSignature.getHashAlgorithm();
        String encryptionAlgorithm = this.externalSignature.getEncryptionAlgorithm();
        byte[][] bArr = this.reservedPdfPKCS7.chainBytes;
        int length = bArr.length;
        X509Certificate[] x509CertificateArr = new X509Certificate[length];
        byte[] bArr2 = new byte[0];
        if ("RSA".equals(encryptionAlgorithm)) {
            if (this.reservedPdfPKCS7.type != 1) {
                int i = 0;
                while (i < length) {
                    ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr[i]);
                    int i2 = i;
                    i++;
                    x509CertificateArr[i2] = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(byteArrayInputStream);
                }
                PdfPKCS7 pdfPKCS7 = new PdfPKCS7(null, x509CertificateArr, hashAlgorithm, null, this.externalDigest, false);
                byte[] bArr3 = this.reservedPdfPKCS7.hashPdf;
                byte[] bArr4 = this.reservedPdfPKCS7.ocspBytes;
                pdfPKCS7.setExternalDigest(this.reservedPdfPKCS7.signaturePKCS1, null, this.externalSignature.getEncryptionAlgorithm());
                TSAClientBouncyCastle tSAClientBouncyCastle = null;
                if (this.reservedPdfPKCS7.tsaClientBouncyCastle != null) {
                    tSAClientBouncyCastle = this.reservedPdfPKCS7.tsaClientBouncyCastle;
                } else if (this.reservedPdfPKCS7.tsaUrl != null) {
                    tSAClientBouncyCastle = new TSAClientBouncyCastle(this.reservedPdfPKCS7.tsaUrl, this.reservedPdfPKCS7.tsaUserName, this.reservedPdfPKCS7.tsaPassword, this.reservedPdfPKCS7.tsaEstimatedTokenSize, this.reservedPdfPKCS7.tsaDigestAlgorithm);
                }
                byte[][] bArr5 = this.reservedPdfPKCS7.crlBytes;
                ArrayList arrayList = null;
                if (bArr5 != null) {
                    arrayList = new ArrayList();
                    int length2 = bArr5.length;
                    int i3 = 0;
                    while (i3 < length2) {
                        int i4 = i3;
                        i3++;
                        arrayList.add(bArr5[i4]);
                    }
                }
                bArr2 = pdfPKCS7.getEncodedPKCS7(bArr3, 2 == this.reservedPdfPKCS7.type ? PdfDate.decode(this.reservedPdfPKCS7.calendarLocalString) : null, tSAClientBouncyCastle, bArr4, arrayList, MakeSignature.CryptoStandard.CADES.ordinal() == this.reservedPdfPKCS7.cryptostandard ? MakeSignature.CryptoStandard.CADES : MakeSignature.CryptoStandard.CMS);
            } else {
                int i5 = 0;
                while (i5 < length) {
                    ByteArrayInputStream byteArrayInputStream2 = new ByteArrayInputStream(bArr[i5]);
                    int i6 = i5;
                    i5++;
                    x509CertificateArr[i6] = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(byteArrayInputStream2);
                }
                PdfPKCS7 pdfPKCS72 = new PdfPKCS7(null, x509CertificateArr, hashAlgorithm, null, this.externalDigest, false);
                byte[] bArr6 = this.reservedPdfPKCS7.hashPdf;
                pdfPKCS72.setExternalDigest(this.reservedPdfPKCS7.signaturePKCS1, null, this.externalSignature.getEncryptionAlgorithm());
                bArr2 = pdfPKCS72.getEncodedPKCS7(bArr6, null, this.reservedPdfPKCS7.tsaUrl != null ? new TSAClientBouncyCastle(this.reservedPdfPKCS7.tsaUrl, this.reservedPdfPKCS7.tsaUserName, this.reservedPdfPKCS7.tsaPassword, this.reservedPdfPKCS7.tsaEstimatedTokenSize, this.reservedPdfPKCS7.tsaDigestAlgorithm) : null, null, null, MakeSignature.CryptoStandard.CADES.ordinal() == this.reservedPdfPKCS7.cryptostandard ? MakeSignature.CryptoStandard.CADES : MakeSignature.CryptoStandard.CMS);
            }
        } else if (PrePdfSeal.EncryptionAlgorithm.SM2.equals(encryptionAlgorithm)) {
            try {
                byte[][] bArr7 = this.reservedPdfPKCS7.chainBytes;
                Mechanism mechanism = new Mechanism("sm3WithSM2Encryption");
                PKCS7SignedData pKCS7SignedData = new PKCS7SignedData(new BCSoftLib());
                ASN1Sequence readObject = new ASN1InputStream(this.reservedPdfPKCS7.signaturePKCS1).readObject();
                ASN1Integer objectAt = readObject.getObjectAt(0);
                ASN1Integer objectAt2 = readObject.getObjectAt(1);
                byte[] byteArray = objectAt.getValue().toByteArray();
                byte[] byteArray2 = objectAt2.getValue().toByteArray();
                byte[] bArr8 = new byte[64];
                int length3 = byteArray.length;
                for (int i7 = 0; i7 < length3 && i7 < 32; i7++) {
                    bArr8[31 - i7] = byteArray[(length3 - 1) - i7];
                }
                int length4 = byteArray2.length;
                for (int i8 = 0; i8 < length4 && i8 < 32; i8++) {
                    bArr8[63 - i8] = byteArray2[(length4 - 1) - i8];
                }
                bArr2 = pKCS7SignedData.packageSignedData(false, (String) null, (byte[]) null, bArr8, mechanism, new X509Cert[]{new X509Cert(bArr7[0])});
            } catch (IOException e) {
                throw new GeneralSecurityException("read asn1 object failed!");
            } catch (PKIException e2) {
                throw new GeneralSecurityException("create pkcs7 failed!");
            }
        }
        return bArr2;
    }
}
