package net.sf.jsignpdf.verify;

import com.lowagie.text.pdf.AcroFields;
import com.lowagie.text.pdf.OcspClientBouncyCastle;
import com.lowagie.text.pdf.PdfPKCS7;
import com.lowagie.text.pdf.PdfReader;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.math.BigInteger;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Calendar;
import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import net.sf.jsignpdf.Constants;
import net.sf.jsignpdf.utils.KeyStoreUtils;
import net.sf.jsignpdf.utils.PdfUtils;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ocsp.BasicOCSPResponse;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.cms.SignerId;
import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder;
import org.bouncycastle.ocsp.BasicOCSPResp;
import org.bouncycastle.ocsp.CertificateID;
import org.bouncycastle.tsp.TSPException;
import org.bouncycastle.tsp.TimeStampToken;

/* loaded from: input_file:net/sf/jsignpdf/verify/VerifierLogic.class */
public class VerifierLogic {
    private KeyStore kall;
    private boolean failFast;

    public VerifierLogic(String str, String str2, String str3) {
        reinitKeystore(str, str2, str3);
    }

    public Exception addX509CertFile(String str) {
        try {
            Iterator<? extends Certificate> it = CertificateFactory.getInstance(Constants.CERT_TYPE_X509).generateCertificates(new FileInputStream(str)).iterator();
            while (it.hasNext()) {
                X509Certificate x509Certificate = (X509Certificate) it.next();
                this.kall.setCertificateEntry(x509Certificate.getSerialNumber().toString(36), x509Certificate);
            }
            return null;
        } catch (Exception e) {
            return e;
        }
    }

    public void reinitKeystore(String str, String str2, String str3) {
        try {
            this.kall = KeyStoreUtils.createKeyStore();
            KeyStore loadKeyStore = KeyStoreUtils.loadKeyStore(str, str2, str3);
            if (loadKeyStore != null) {
                KeyStoreUtils.copyCertificates(loadKeyStore, this.kall);
            }
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    public VerificationResult verify(String str, byte[] bArr) {
        try {
            return verify(PdfUtils.getPdfReader(str, bArr));
        } catch (Exception e) {
            VerificationResult verificationResult = new VerificationResult();
            verificationResult.setException(e);
            return verificationResult;
        }
    }

    public VerificationResult verify(byte[] bArr, byte[] bArr2) {
        try {
            return verify(PdfUtils.getPdfReader(bArr, bArr2));
        } catch (Exception e) {
            VerificationResult verificationResult = new VerificationResult();
            verificationResult.setException(e);
            return verificationResult;
        }
    }

    private VerificationResult verify(PdfReader pdfReader) {
        VerificationResult verificationResult = new VerificationResult();
        try {
            AcroFields acroFields = pdfReader.getAcroFields();
            List signatureNames = acroFields.getSignatureNames();
            verificationResult.setTotalRevisions(acroFields.getTotalRevisions());
            int size = signatureNames.size() - 1;
            if (size < 0) {
                verificationResult.setWithoutSignature();
            }
            int i = size;
            while (i >= 0) {
                String str = (String) signatureNames.get(i);
                SignatureVerification signatureVerification = new SignatureVerification(str);
                signatureVerification.setLastSignature(i == size);
                signatureVerification.setWholeDocument(acroFields.signatureCoversWholeDocument(str));
                signatureVerification.setRevision(acroFields.getRevision(str));
                PdfPKCS7 verifySignature = acroFields.verifySignature(str);
                TimeStampToken timeStampToken = verifySignature.getTimeStampToken();
                signatureVerification.setTsTokenPresent(timeStampToken != null);
                signatureVerification.setTsTokenValidationResult(validateTimeStampToken(timeStampToken));
                signatureVerification.setDate(verifySignature.getTimeStampDate() != null ? verifySignature.getTimeStampDate() : verifySignature.getSignDate());
                signatureVerification.setLocation(verifySignature.getLocation());
                signatureVerification.setReason(verifySignature.getReason());
                signatureVerification.setSignName(verifySignature.getSignName());
                Certificate[] certificates = verifySignature.getCertificates();
                signatureVerification.setSubject(PdfPKCS7.getSubjectFields(verifySignature.getSigningCertificate()).toString());
                signatureVerification.setModified(!verifySignature.verify());
                signatureVerification.setOcspPresent(verifySignature.getOcsp() != null);
                signatureVerification.setOcspValid(verifySignature.isRevocationValid());
                signatureVerification.setCrlPresent(verifySignature.getCRLs() != null && verifySignature.getCRLs().size() > 0);
                signatureVerification.setFails(PdfPKCS7.verifyCertificates(certificates, this.kall, verifySignature.getCRLs(), signatureVerification.getDate()));
                signatureVerification.setSigningCertificate(verifySignature.getSigningCertificate());
                signatureVerification.setCertPath(CertificateFactory.getInstance(Constants.CERT_TYPE_X509).generateCertPath(Arrays.asList(certificates)));
                if (!signatureVerification.isOcspValid()) {
                    String ocspurl = PdfPKCS7.getOCSPURL(verifySignature.getSigningCertificate());
                    signatureVerification.setOcspInCertPresent(ocspurl != null);
                    if (ocspurl != null) {
                        signatureVerification.setOcspInCertValid(validateCertificateOCSP(verifySignature.getSignCertificateChain(), ocspurl));
                    }
                }
                if (this.kall.getCertificateAlias(verifySignature.getSigningCertificate()) != null && PdfPKCS7.verifyCertificate(verifySignature.getSigningCertificate(), verifySignature.getCRLs(), signatureVerification.getDate()) == null) {
                    signatureVerification.setSignCertTrustedAndValid(true);
                }
                InputStream extractRevision = acroFields.extractRevision(str);
                try {
                    signatureVerification.setCertLevelCode(new PdfReader(extractRevision).getCertificationLevel());
                    if (extractRevision != null) {
                        extractRevision.close();
                    }
                    verificationResult.addVerification(signatureVerification);
                    if (this.failFast && signatureVerification.containsError()) {
                        return verificationResult;
                    }
                    i--;
                } finally {
                }
            }
        } catch (Exception e) {
            verificationResult.setException(e);
        }
        return verificationResult;
    }

    public boolean isFailFast() {
        return this.failFast;
    }

    public void setFailFast(boolean z) {
        this.failFast = z;
    }

    public InputStream extractRevision(String str, byte[] bArr, String str2) throws IOException {
        return PdfUtils.getPdfReader(str, bArr).getAcroFields().extractRevision(str2);
    }

    public KeyStore getKeyStore() {
        return this.kall;
    }

    public Exception validateTimeStampToken(TimeStampToken timeStampToken) {
        if (timeStampToken == null) {
            return null;
        }
        try {
            SignerId sid = timeStampToken.getSID();
            X509Certificate x509Certificate = null;
            X500Name issuer = sid.getIssuer();
            BigInteger serialNumber = sid.getSerialNumber();
            Collection<? extends Certificate> certificates = timeStampToken.getCertificatesAndCRLs("Collection", "BC").getCertificates(null);
            Iterator<? extends Certificate> it = certificates.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                X509Certificate x509Certificate2 = (X509Certificate) it.next();
                if (x509Certificate2.getIssuerX500Principal().equals(issuer) && x509Certificate2.getSerialNumber().equals(serialNumber)) {
                    x509Certificate = x509Certificate2;
                    break;
                }
            }
            if (x509Certificate == null) {
                throw new TSPException("Missing signing certificate for TSA.");
            }
            if (certificates.size() != 1) {
                int size = certificates.size();
                Certificate[] certificateArr = (Certificate[]) certificates.toArray(new Certificate[size]);
                Certificate[] certificateArr2 = new Certificate[size];
                for (int i = 0; i < size; i++) {
                    certificateArr2[i] = certificateArr[(size - 1) - i];
                }
                if (PdfPKCS7.verifyCertificates(certificateArr2, this.kall, (Collection) null, (Calendar) null) != null) {
                    throw new Exception("Timestamp certificate can't be verified.");
                }
            } else if (!PdfPKCS7.verifyTimestampCertificates(timeStampToken, this.kall, (String) null)) {
                throw new Exception("Timestamp certificate can't be verified.");
            }
            timeStampToken.validate(new JcaSimpleSignerInfoVerifierBuilder().build(x509Certificate));
            return null;
        } catch (Exception e) {
            return e;
        }
    }

    private static boolean validateCertificateOCSP(Certificate[] certificateArr, String str) {
        if (certificateArr.length < 2) {
            return false;
        }
        try {
            X509Certificate x509Certificate = (X509Certificate) certificateArr[0];
            X509Certificate x509Certificate2 = (X509Certificate) certificateArr[1];
            return new CertificateID("1.3.14.3.2.26", x509Certificate2, x509Certificate.getSerialNumber()).equals(new BasicOCSPResp(BasicOCSPResponse.getInstance(new ASN1InputStream(new OcspClientBouncyCastle(x509Certificate, x509Certificate2, str).getEncoded()).readObject())).getResponses()[0].getCertID());
        } catch (Exception e) {
            return false;
        }
    }

    public static Map<String, Integer> getValidationCodes(VerificationResult verificationResult) {
        HashMap hashMap = new HashMap();
        for (SignatureVerification signatureVerification : verificationResult.getVerifications()) {
            hashMap.put(signatureVerification.getName(), Integer.valueOf(signatureVerification.getValidationCode()));
        }
        return hashMap;
    }
}
