package org.nuxeo.ecm.platform.signature.core.sign;

import com.lowagie.text.DocumentException;
import com.lowagie.text.FontFactory;
import com.lowagie.text.Rectangle;
import com.lowagie.text.pdf.AcroFields;
import com.lowagie.text.pdf.PdfReader;
import com.lowagie.text.pdf.PdfSignatureAppearance;
import com.lowagie.text.pdf.PdfStamper;
import java.awt.Color;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.SignatureException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CRL;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import org.apache.commons.io.IOUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.nuxeo.ecm.core.api.DocumentModel;
import org.nuxeo.ecm.platform.signature.api.exception.AlreadySignedException;
import org.nuxeo.ecm.platform.signature.api.exception.CertException;
import org.nuxeo.ecm.platform.signature.api.exception.SignException;
import org.nuxeo.ecm.platform.signature.api.pki.CertService;
import org.nuxeo.ecm.platform.signature.api.sign.SignatureService;
import org.nuxeo.ecm.platform.signature.api.user.AliasType;
import org.nuxeo.ecm.platform.signature.api.user.AliasWrapper;
import org.nuxeo.ecm.platform.signature.api.user.CUserService;
import org.nuxeo.runtime.api.Framework;
import org.nuxeo.runtime.model.ComponentInstance;
import org.nuxeo.runtime.model.DefaultComponent;

/* loaded from: input_file:org/nuxeo/ecm/platform/signature/core/sign/SignatureServiceImpl.class */
public class SignatureServiceImpl extends DefaultComponent implements SignatureService {
    private static final int SIGNATURE_FIELD_HEIGHT = 50;
    private static final int SIGNATURE_FIELD_WIDTH = 150;
    private static final int SIGNATURE_MARGIN = 10;
    private static final int PAGE_TO_SIGN = 1;
    private static final Log log = LogFactory.getLog(SignatureServiceImpl.class);
    private List<SignatureDescriptor> config = new ArrayList();
    protected CertService certService;
    protected CUserService cUserService;

    public File signPDF(DocumentModel documentModel, String str, String str2, InputStream inputStream) throws SignException {
        try {
            byte[] byteArray = IOUtils.toByteArray(inputStream);
            String str3 = (String) documentModel.getPropertyValue("user:username");
            File createTempFile = File.createTempFile("signed-", ".pdf");
            PdfReader pdfReader = new PdfReader(byteArray);
            PdfStamper createSignature = PdfStamper.createSignature(pdfReader, new FileOutputStream(createTempFile), (char) 0, (File) null, true);
            PdfSignatureAppearance signatureAppearance = createSignature.getSignatureAppearance();
            AliasWrapper aliasWrapper = new AliasWrapper(str3);
            KeyStore userKeystore = getCUserService().getUserKeystore(str3, str);
            X509Certificate certificate = getCertService().getCertificate(userKeystore, aliasWrapper.getId(AliasType.CERT));
            KeyPair keyPair = getCertService().getKeyPair(userKeystore, aliasWrapper.getId(AliasType.KEY), aliasWrapper.getId(AliasType.CERT), str);
            if (certificatePresentInPDF(byteArray, certificate)) {
                String str4 = "This document has already been signed by " + certificate.getSubjectX500Principal().getName();
                log.info(str4);
                throw new AlreadySignedException(str4);
            }
            ArrayList arrayList = new ArrayList();
            arrayList.add(certificate);
            signatureAppearance.setCrypto(keyPair.getPrivate(), (Certificate[]) arrayList.toArray(new Certificate[0]), (CRL[]) null, PdfSignatureAppearance.SELF_SIGNED);
            if (null == str2 || str2 == "") {
                str2 = getSigningReason();
            }
            signatureAppearance.setReason(str2);
            signatureAppearance.setAcro6Layers(true);
            signatureAppearance.setLayer2Font(FontFactory.getFont("Times", 10.0f, 0, new Color(0, 0, 0)));
            signatureAppearance.setRender(0);
            signatureAppearance.setVisibleSignature(getNextCertificatePosition(pdfReader, byteArray), PAGE_TO_SIGN, (String) null);
            createSignature.close();
            log.debug("File " + createTempFile.getAbsolutePath() + " created and signed with " + str2);
            return createTempFile;
        } catch (FileNotFoundException e) {
            throw new SignException(e);
        } catch (DocumentException e2) {
            throw new SignException(e2);
        } catch (IOException e3) {
            throw new SignException(e3);
        } catch (KeyStoreException e4) {
            throw new CertException(e4);
        } catch (NoSuchAlgorithmException e5) {
            throw new SignException(e5);
        } catch (SignatureException e6) {
            throw new SignException(e6);
        } catch (UnrecoverableKeyException e7) {
            throw new CertException(e7);
        } catch (CertificateException e8) {
            throw new SignException(e8);
        } catch (Exception e9) {
            throw new SignException(e9);
        } catch (AlreadySignedException e10) {
            throw new SignException(e10);
        }
    }

    private boolean certificatePresentInPDF(byte[] bArr, Certificate certificate) throws SignException {
        X509Certificate x509Certificate = (X509Certificate) certificate;
        Iterator<X509Certificate> it = getPDFCertificates(new ByteArrayInputStream(bArr)).iterator();
        while (it.hasNext()) {
            if (it.next().getSubjectX500Principal().equals(x509Certificate.getSubjectX500Principal())) {
                return true;
            }
        }
        return false;
    }

    private Rectangle getNextCertificatePosition(PdfReader pdfReader, byte[] bArr) throws SignException {
        int size = getPDFCertificates(new ByteArrayInputStream(bArr)).size();
        Rectangle pageSize = pdfReader.getPageSize(PAGE_TO_SIGN);
        float right = pageSize.getRight() - 10.0f;
        float height = (pageSize.getHeight() - 10.0f) - (size * SIGNATURE_FIELD_HEIGHT);
        float f = right - 150.0f;
        float f2 = height - 50.0f;
        log.debug("The new signature position is: " + f + " " + f2 + " " + right + " " + height);
        validatePageBounds(pdfReader, PAGE_TO_SIGN, f, true);
        validatePageBounds(pdfReader, PAGE_TO_SIGN, f2, false);
        validatePageBounds(pdfReader, PAGE_TO_SIGN, right, true);
        validatePageBounds(pdfReader, PAGE_TO_SIGN, height, false);
        return new Rectangle(f, f2, right, height);
    }

    public List<X509Certificate> getPDFCertificates(InputStream inputStream) throws SignException {
        ArrayList arrayList = new ArrayList();
        try {
            AcroFields acroFields = new PdfReader(inputStream).getAcroFields();
            ArrayList signatureNames = acroFields.getSignatureNames();
            for (int i = 0; i < signatureNames.size(); i += PAGE_TO_SIGN) {
                arrayList.add(acroFields.verifySignature((String) signatureNames.get(i)).getSigningCertificate());
            }
            return arrayList;
        } catch (IOException e) {
            throw new SignException(e.getMessage().equals("PDF header signature not found.") ? "PDF seems to be corrupted" : "", e);
        }
    }

    protected void validatePageBounds(PdfReader pdfReader, int i, float f, boolean z) throws SignException {
        if (f <= 0.0f) {
            String str = "The new signature position " + f + " exceeds the page bounds. The position must be a positive number.";
            log.warn(str);
            throw new SignException(str);
        }
        Rectangle pageSize = pdfReader.getPageSize(i);
        if (z && f > pageSize.getRight()) {
            String str2 = "The new signature position " + f + " exceeds the horizontal page bounds. The page dimensions are: (" + pageSize + ").";
            log.warn(str2);
            throw new SignException(str2);
        }
        if (z || f <= pageSize.getTop()) {
            return;
        }
        String str3 = "The new signature position " + f + " exceeds the vertical page bounds. The page dimensions are: (" + pageSize + ").";
        log.warn(str3);
        throw new SignException(str3);
    }

    protected CertService getCertService() throws Exception {
        if (this.certService == null) {
            this.certService = (CertService) Framework.getService(CertService.class);
        }
        return this.certService;
    }

    protected CUserService getCUserService() throws Exception {
        if (this.cUserService == null) {
            this.cUserService = (CUserService) Framework.getService(CUserService.class);
        }
        return this.cUserService;
    }

    private String getSigningReason() throws SignatureException {
        String str = null;
        for (SignatureDescriptor signatureDescriptor : this.config) {
            if (signatureDescriptor.getReason() != null) {
                str = signatureDescriptor.getReason();
            }
        }
        if (str == null) {
            throw new SignatureException("You have to provide a default reason in the extension point");
        }
        return str;
    }

    public void registerContribution(Object obj, String str, ComponentInstance componentInstance) {
        this.config.add((SignatureDescriptor) obj);
    }

    public void unregisterContribution(Object obj, String str, ComponentInstance componentInstance) {
        this.config.remove(obj);
    }
}
