package org.nuxeo.ecm.platform.signature.core.sign;

import com.lowagie.text.DocumentException;
import com.lowagie.text.Rectangle;
import com.lowagie.text.pdf.AcroFields;
import com.lowagie.text.pdf.PdfReader;
import com.lowagie.text.pdf.PdfSignatureAppearance;
import com.lowagie.text.pdf.PdfStamper;
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.Serializable;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.cert.CRL;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.apache.commons.io.FilenameUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.nuxeo.ecm.core.api.Blob;
import org.nuxeo.ecm.core.api.Blobs;
import org.nuxeo.ecm.core.api.DocumentModel;
import org.nuxeo.ecm.core.api.ListDiff;
import org.nuxeo.ecm.core.api.blobholder.BlobHolder;
import org.nuxeo.ecm.core.api.blobholder.DocumentBlobHolder;
import org.nuxeo.ecm.core.api.blobholder.SimpleBlobHolder;
import org.nuxeo.ecm.core.convert.api.ConversionException;
import org.nuxeo.ecm.core.convert.api.ConversionService;
import org.nuxeo.ecm.platform.signature.api.exception.AlreadySignedException;
import org.nuxeo.ecm.platform.signature.api.exception.SignException;
import org.nuxeo.ecm.platform.signature.api.pki.CertService;
import org.nuxeo.ecm.platform.signature.api.sign.SignatureAppearanceFactory;
import org.nuxeo.ecm.platform.signature.api.sign.SignatureLayout;
import org.nuxeo.ecm.platform.signature.api.sign.SignatureService;
import org.nuxeo.ecm.platform.signature.api.user.AliasType;
import org.nuxeo.ecm.platform.signature.api.user.AliasWrapper;
import org.nuxeo.ecm.platform.signature.api.user.CUserService;
import org.nuxeo.ecm.platform.signature.core.sign.SignatureDescriptor;
import org.nuxeo.runtime.api.Framework;
import org.nuxeo.runtime.model.ComponentInstance;
import org.nuxeo.runtime.model.DefaultComponent;

/* loaded from: input_file:org/nuxeo/ecm/platform/signature/core/sign/SignatureServiceImpl.class */
public class SignatureServiceImpl extends DefaultComponent implements SignatureService {
    private static final Log log = LogFactory.getLog(SignatureServiceImpl.class);
    protected static final int SIGNATURE_FIELD_HEIGHT = 50;
    protected static final int SIGNATURE_FIELD_WIDTH = 150;
    protected static final int SIGNATURE_MARGIN = 10;
    protected static final int PAGE_TO_SIGN = 1;
    protected static final String XP_SIGNATURE = "signature";
    protected static final String ALREADY_SIGNED_BY = "This document has already been signed by ";
    protected static final String MIME_TYPE_PDF = "application/pdf";
    protected static final String PDFA1_PARAM = "PDF/A-1";
    protected static final String FILE_CONTENT = "file:content";
    protected static final String FILES_FILES = "files:files";
    protected static final String FILES_FILE = "file";
    protected static final String USER_EMAIL = "user:email";
    protected final Map<String, SignatureDescriptor> signatureRegistryMap = new HashMap();

    /* renamed from: org.nuxeo.ecm.platform.signature.core.sign.SignatureServiceImpl$1, reason: invalid class name */
    /* loaded from: input_file:org/nuxeo/ecm/platform/signature/core/sign/SignatureServiceImpl$1.class */
    static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$nuxeo$ecm$platform$signature$api$sign$SignatureService$SigningDisposition = new int[SignatureService.SigningDisposition.values().length];

        static {
            try {
                $SwitchMap$org$nuxeo$ecm$platform$signature$api$sign$SignatureService$SigningDisposition[SignatureService.SigningDisposition.REPLACE.ordinal()] = SignatureServiceImpl.PAGE_TO_SIGN;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$nuxeo$ecm$platform$signature$api$sign$SignatureService$SigningDisposition[SignatureService.SigningDisposition.ARCHIVE.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$nuxeo$ecm$platform$signature$api$sign$SignatureService$SigningDisposition[SignatureService.SigningDisposition.ATTACH.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
        }
    }

    public void registerContribution(Object obj, String str, ComponentInstance componentInstance) {
        if (XP_SIGNATURE.equals(str)) {
            SignatureDescriptor signatureDescriptor = (SignatureDescriptor) obj;
            if (signatureDescriptor.getRemoveExtension()) {
                this.signatureRegistryMap.remove(signatureDescriptor.getId());
            } else {
                this.signatureRegistryMap.put(signatureDescriptor.getId(), signatureDescriptor);
            }
        }
    }

    public void unregisterContribution(Object obj, String str, ComponentInstance componentInstance) {
        if (XP_SIGNATURE.equals(str)) {
            SignatureDescriptor signatureDescriptor = (SignatureDescriptor) obj;
            if (signatureDescriptor.getRemoveExtension()) {
                return;
            }
            this.signatureRegistryMap.remove(signatureDescriptor.getId());
        }
    }

    public SignatureService.StatusWithBlob getSigningStatus(DocumentModel documentModel, DocumentModel documentModel2) {
        Blob blob;
        if (documentModel == null) {
            return new SignatureService.StatusWithBlob(-1, (Blob) null, (BlobHolder) null, (String) null);
        }
        SignatureService.StatusWithBlob signedPdfBlobAndStatus = getSignedPdfBlobAndStatus(documentModel, documentModel2);
        if (signedPdfBlobAndStatus != null) {
            return signedPdfBlobAndStatus;
        }
        BlobHolder blobHolder = (BlobHolder) documentModel.getAdapter(BlobHolder.class);
        return (blobHolder == null || (blob = blobHolder.getBlob()) == null) ? new SignatureService.StatusWithBlob(-1, (Blob) null, (BlobHolder) null, (String) null) : new SignatureService.StatusWithBlob(0, blob, blobHolder, FILE_CONTENT);
    }

    protected int getSigningStatus(Blob blob, DocumentModel documentModel) {
        if (blob == null) {
            return 0;
        }
        List<X509Certificate> certificates = getCertificates(blob);
        if (certificates.isEmpty()) {
            return 0;
        }
        if (documentModel == null) {
            return 2;
        }
        String str = (String) documentModel.getPropertyValue(USER_EMAIL);
        if (StringUtils.isEmpty(str)) {
            return 2;
        }
        CertService certService = (CertService) Framework.getService(CertService.class);
        Iterator<X509Certificate> it = certificates.iterator();
        while (it.hasNext()) {
            if (str.equals(certService.getCertificateEmail(it.next()))) {
                return PAGE_TO_SIGN;
            }
        }
        return 2;
    }

    protected SignatureService.StatusWithBlob getSignedPdfBlobAndStatus(DocumentModel documentModel, DocumentModel documentModel2) {
        int signingStatus;
        Blob blob;
        int signingStatus2;
        BlobHolder blobHolder = (BlobHolder) documentModel.getAdapter(BlobHolder.class);
        if (blobHolder != null && (blob = blobHolder.getBlob()) != null && MIME_TYPE_PDF.equals(blob.getMimeType()) && (signingStatus2 = getSigningStatus(blob, documentModel2)) != 0) {
            return new SignatureService.StatusWithBlob(signingStatus2, blob, blobHolder, FILE_CONTENT);
        }
        int i = -1;
        for (Map map : (List) documentModel.getPropertyValue(FILES_FILES)) {
            i += PAGE_TO_SIGN;
            Blob blob2 = (Blob) map.get(FILES_FILE);
            if (blob2 != null && MIME_TYPE_PDF.equals(blob2.getMimeType()) && (signingStatus = getSigningStatus(blob2, documentModel2)) != 0) {
                String str = ("files:files/" + i + "/") + FILES_FILE;
                return new SignatureService.StatusWithBlob(signingStatus, blob2, new DocumentBlobHolder(documentModel, str), str);
            }
        }
        return null;
    }

    public Blob signDocument(DocumentModel documentModel, DocumentModel documentModel2, String str, String str2, boolean z, SignatureService.SigningDisposition signingDisposition, String str3) {
        Serializable blob;
        Serializable blob2;
        SignatureService.StatusWithBlob signedPdfBlobAndStatus = getSignedPdfBlobAndStatus(documentModel, documentModel2);
        if (signedPdfBlobAndStatus != null) {
            Blob signPDF = signPDF(signedPdfBlobAndStatus.blob, documentModel, documentModel2, str, str2);
            signPDF.setFilename(signedPdfBlobAndStatus.blob.getFilename());
            signedPdfBlobAndStatus.blobHolder.setBlob(signPDF);
            return signPDF;
        }
        BlobHolder blobHolder = (BlobHolder) documentModel.getAdapter(BlobHolder.class);
        if (blobHolder == null || (blob = blobHolder.getBlob()) == null) {
            return null;
        }
        if (MIME_TYPE_PDF.equals(blob.getMimeType())) {
            blob2 = blob;
        } else {
            ConversionService conversionService = (ConversionService) Framework.getService(ConversionService.class);
            HashMap hashMap = new HashMap();
            if (z) {
                hashMap.put(PDFA1_PARAM, Boolean.TRUE);
            }
            try {
                blob2 = conversionService.convert("any2pdf", new SimpleBlobHolder(blob), hashMap).getBlob();
            } catch (ConversionException e) {
                throw new SignException(e);
            }
        }
        Serializable signPDF2 = signPDF(blob2, documentModel, documentModel2, str, str2);
        signPDF2.setFilename(FilenameUtils.getBaseName(blob.getFilename()) + ".pdf");
        switch (AnonymousClass1.$SwitchMap$org$nuxeo$ecm$platform$signature$api$sign$SignatureService$SigningDisposition[signingDisposition.ordinal()]) {
            case PAGE_TO_SIGN /* 1 */:
                blobHolder.setBlob(signPDF2);
                break;
            case 2:
                blob.setFilename(str3);
                HashMap hashMap2 = new HashMap();
                hashMap2.put(FILES_FILE, blob);
                ListDiff listDiff = new ListDiff();
                listDiff.add(hashMap2);
                documentModel.setPropertyValue(FILES_FILES, listDiff);
                blobHolder.setBlob(signPDF2);
                break;
            case 3:
                HashMap hashMap3 = new HashMap();
                hashMap3.put(FILES_FILE, signPDF2);
                ListDiff listDiff2 = new ListDiff();
                listDiff2.insert(0, hashMap3);
                documentModel.setPropertyValue(FILES_FILES, listDiff2);
                break;
        }
        return signPDF2;
    }

    public Blob signPDF(Blob blob, DocumentModel documentModel, DocumentModel documentModel2, String str, String str2) {
        CertService certService = (CertService) Framework.getService(CertService.class);
        CUserService cUserService = (CUserService) Framework.getService(CUserService.class);
        try {
            File createTempFile = Framework.createTempFile("signed-", ".pdf");
            Blob createBlob = Blobs.createBlob(createTempFile, MIME_TYPE_PDF);
            Framework.trackFile(createTempFile, createBlob);
            PdfReader pdfReader = new PdfReader(blob.getStream());
            List<X509Certificate> certificates = getCertificates(pdfReader);
            PdfStamper createSignature = PdfStamper.createSignature(pdfReader, new FileOutputStream(createTempFile), (char) 0, (File) null, true);
            String str3 = (String) documentModel2.getPropertyValue("user:username");
            AliasWrapper aliasWrapper = new AliasWrapper(str3);
            KeyStore userKeystore = cUserService.getUserKeystore(str3, str);
            X509Certificate certificate = certService.getCertificate(userKeystore, aliasWrapper.getId(AliasType.CERT));
            KeyPair keyPair = certService.getKeyPair(userKeystore, aliasWrapper.getId(AliasType.KEY), aliasWrapper.getId(AliasType.CERT), str);
            if (certificatePresentInPDF(certificate, certificates)) {
                String str4 = ALREADY_SIGNED_BY + certificate.getSubjectDN();
                log.debug(str4);
                throw new AlreadySignedException(str4);
            }
            PdfSignatureAppearance signatureAppearance = createSignature.getSignatureAppearance();
            signatureAppearance.setCrypto(keyPair.getPrivate(), certificate, (CRL) null, PdfSignatureAppearance.SELF_SIGNED);
            if (StringUtils.isBlank(str2)) {
                str2 = getSigningReason();
            }
            signatureAppearance.setVisibleSignature(getNextCertificatePosition(pdfReader, certificates), PAGE_TO_SIGN, (String) null);
            getSignatureAppearanceFactory().format(signatureAppearance, documentModel, str3, str2);
            createSignature.close();
            log.debug("File " + createTempFile.getAbsolutePath() + " created and signed with " + str2);
            return createBlob;
        } catch (IOException | DocumentException | IllegalAccessException | InstantiationException e) {
            throw new SignException(e);
        } catch (IllegalArgumentException e2) {
            if (String.valueOf(e2.getMessage()).contains("PdfReader not opened with owner password")) {
                throw new SignException("PDF is password-protected");
            }
            throw new SignException(e2);
        }
    }

    public SignatureLayout getSignatureLayout() {
        Iterator<SignatureDescriptor> it = this.signatureRegistryMap.values().iterator();
        while (it.hasNext()) {
            SignatureDescriptor.SignatureLayout signatureLayout = it.next().getSignatureLayout();
            if (signatureLayout != null) {
                return signatureLayout;
            }
        }
        return new SignatureDescriptor.SignatureLayout();
    }

    protected SignatureAppearanceFactory getSignatureAppearanceFactory() throws InstantiationException, IllegalAccessException {
        return !this.signatureRegistryMap.isEmpty() ? this.signatureRegistryMap.values().iterator().next().getAppearanceFatory() : new DefaultSignatureAppearanceFactory();
    }

    protected String getSigningReason() throws SignException {
        Iterator<SignatureDescriptor> it = this.signatureRegistryMap.values().iterator();
        while (it.hasNext()) {
            String reason = it.next().getReason();
            if (!StringUtils.isBlank(reason)) {
                return reason;
            }
        }
        throw new SignException("No default signing reason provided in configuration");
    }

    protected boolean certificatePresentInPDF(Certificate certificate, List<X509Certificate> list) throws SignException {
        X509Certificate x509Certificate = (X509Certificate) certificate;
        Iterator<X509Certificate> it = list.iterator();
        while (it.hasNext()) {
            if (it.next().getSubjectX500Principal().equals(x509Certificate.getSubjectX500Principal())) {
                return true;
            }
        }
        return false;
    }

    protected Rectangle getNextCertificatePosition(PdfReader pdfReader, List<X509Certificate> list) throws SignException {
        int size = list.size();
        Rectangle pageSize = pdfReader.getPageSize(PAGE_TO_SIGN);
        float width = pageSize.getWidth();
        float height = pageSize.getHeight();
        float intValue = width / getSignatureLayout().getColumns().intValue();
        float intValue2 = height / getSignatureLayout().getLines().intValue();
        int intValue3 = (size % getSignatureLayout().getColumns().intValue()) + getSignatureLayout().getStartColumn().intValue();
        int intValue4 = (size / getSignatureLayout().getColumns().intValue()) + getSignatureLayout().getStartLine().intValue();
        if (intValue3 > getSignatureLayout().getColumns().intValue()) {
            intValue3 %= getSignatureLayout().getColumns().intValue();
            intValue4 += PAGE_TO_SIGN;
        }
        if (intValue4 > getSignatureLayout().getLines().intValue()) {
            return new Rectangle(0.0f, 0.0f, 0.0f, 0.0f);
        }
        float f = intValue * intValue3;
        float f2 = height - (intValue2 * intValue4);
        float f3 = f - 150.0f;
        float f4 = f2 + 50.0f;
        validatePageBounds(pdfReader, PAGE_TO_SIGN, f3, true);
        validatePageBounds(pdfReader, PAGE_TO_SIGN, f2, false);
        validatePageBounds(pdfReader, PAGE_TO_SIGN, f, true);
        validatePageBounds(pdfReader, PAGE_TO_SIGN, f4, false);
        return new Rectangle(f3, f2, f, f4);
    }

    protected void validatePageBounds(PdfReader pdfReader, int i, float f, boolean z) throws SignException {
        if (f < 0.0f) {
            String str = "The new signature position " + f + " exceeds the page bounds. The position must be a positive number.";
            log.debug(str);
            throw new SignException(str);
        }
        Rectangle pageSize = pdfReader.getPageSize(i);
        if (z && f > pageSize.getRight()) {
            String str2 = "The new signature position " + f + " exceeds the horizontal page bounds. The page dimensions are: (" + pageSize + ").";
            log.debug(str2);
            throw new SignException(str2);
        }
        if (z || f <= pageSize.getTop()) {
            return;
        }
        String str3 = "The new signature position " + f + " exceeds the vertical page bounds. The page dimensions are: (" + pageSize + ").";
        log.debug(str3);
        throw new SignException(str3);
    }

    public List<X509Certificate> getCertificates(DocumentModel documentModel) {
        SignatureService.StatusWithBlob signedPdfBlobAndStatus = getSignedPdfBlobAndStatus(documentModel, null);
        return signedPdfBlobAndStatus == null ? Collections.emptyList() : getCertificates(signedPdfBlobAndStatus.blob);
    }

    protected List<X509Certificate> getCertificates(Blob blob) throws SignException {
        try {
            return getCertificates(new PdfReader(blob.getStream()));
        } catch (IOException e) {
            throw new SignException(e.getMessage().equals("PDF header signature not found.") ? "PDF seems to be corrupted" : "", e);
        }
    }

    protected List<X509Certificate> getCertificates(PdfReader pdfReader) throws SignException {
        ArrayList arrayList = new ArrayList();
        AcroFields acroFields = pdfReader.getAcroFields();
        Iterator it = acroFields.getSignatureNames().iterator();
        while (it.hasNext()) {
            arrayList.add(acroFields.verifySignature((String) it.next()).getSigningCertificate());
        }
        return arrayList;
    }
}
