package eu.europa.esig.dss.pdf;

import eu.europa.esig.dss.crl.CRLBinary;
import eu.europa.esig.dss.enumerations.DigestAlgorithm;
import eu.europa.esig.dss.model.DSSDocument;
import eu.europa.esig.dss.model.DSSException;
import eu.europa.esig.dss.model.x509.CertificateToken;
import eu.europa.esig.dss.model.x509.Token;
import eu.europa.esig.dss.pades.PAdESUtils;
import eu.europa.esig.dss.pades.SignatureFieldParameters;
import eu.europa.esig.dss.pades.exception.InvalidPasswordException;
import eu.europa.esig.dss.pdf.visible.SignatureDrawerFactory;
import eu.europa.esig.dss.spi.DSSRevocationUtils;
import eu.europa.esig.dss.spi.DSSUtils;
import eu.europa.esig.dss.utils.Utils;
import eu.europa.esig.dss.validation.ByteRange;
import eu.europa.esig.dss.validation.PdfRevision;
import eu.europa.esig.dss.validation.PdfSignatureDictionary;
import java.io.IOException;
import java.io.InputStream;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.stream.Collectors;
import org.bouncycastle.cert.ocsp.BasicOCSPResp;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:eu/europa/esig/dss/pdf/AbstractPDFSignatureService.class */
public abstract class AbstractPDFSignatureService implements PDFSignatureService {
    private static final Logger LOG = LoggerFactory.getLogger(AbstractPDFSignatureService.class);
    protected final PDFServiceMode serviceMode;
    protected final SignatureDrawerFactory signatureDrawerFactory;

    protected AbstractPDFSignatureService(PDFServiceMode pDFServiceMode, SignatureDrawerFactory signatureDrawerFactory) {
        this.serviceMode = pDFServiceMode;
        this.signatureDrawerFactory = signatureDrawerFactory;
    }

    protected boolean isDocumentTimestampLayer() {
        return PDFServiceMode.SIGNATURE_TIMESTAMP == this.serviceMode || PDFServiceMode.ARCHIVE_TIMESTAMP == this.serviceMode;
    }

    protected String getType() {
        return isDocumentTimestampLayer() ? PAdESConstants.TIMESTAMP_TYPE : PAdESConstants.SIGNATURE_TYPE;
    }

    protected abstract void checkDocumentPermissions(DSSDocument dSSDocument, String str);

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v81, types: [eu.europa.esig.dss.pdf.PdfDocTimestampRevision] */
    @Override // eu.europa.esig.dss.pdf.PDFSignatureService
    public List<PdfRevision> getRevisions(DSSDocument dSSDocument, String str) {
        ArrayList arrayList = new ArrayList();
        try {
            PdfDocumentReader loadPdfDocumentReader = loadPdfDocumentReader(dSSDocument, str);
            try {
                PdfDssDict dSSDictionary = loadPdfDocumentReader.getDSSDictionary();
                boolean z = false;
                for (Map.Entry<PdfSignatureDictionary, List<String>> entry : sortSignatureDictionaries(loadPdfDocumentReader.extractSigDictionaries()).entrySet()) {
                    PdfSignatureDictionary key = entry.getKey();
                    List<String> value = entry.getValue();
                    try {
                        LOG.info("Signature field name: {}", value);
                        ByteRange byteRange = key.getByteRange();
                        byteRange.validate();
                        byte[] contents = key.getContents();
                        byte[] bArr = DSSUtils.EMPTY_BYTE_ARRAY;
                        if (isContentValueEqualsByteRangeExtraction(dSSDocument, byteRange, contents, value)) {
                            bArr = PAdESUtils.getSignedContent(dSSDocument, byteRange);
                        } else {
                            LOG.warn("Signature {} is skipped. SIWA detected !", value);
                        }
                        boolean isSignatureCoversWholeDocument = loadPdfDocumentReader.isSignatureCoversWholeDocument(key);
                        PdfDssDict dSSDictionaryPresentInRevision = dSSDictionary != null ? getDSSDictionaryPresentInRevision(extractBeforeSignatureValue(byteRange, bArr), str) : null;
                        PdfSignatureRevision pdfSignatureRevision = null;
                        if (isDocTimestamp(key)) {
                            pdfSignatureRevision = new PdfDocTimestampRevision(key, value, bArr, isSignatureCoversWholeDocument, dSSDictionaryPresentInRevision != null);
                        } else if (isSignature(key)) {
                            pdfSignatureRevision = new PdfSignatureRevision(key, dSSDictionary, value, bArr, isSignatureCoversWholeDocument);
                        } else {
                            LOG.warn("The entry {} is skipped. A signature dictionary entry with a type '{}' and subFilter '{}' is not acceptable configuration!", new Object[]{value, key.getType(), key.getSubFilter()});
                        }
                        if (((dSSDictionaryPresentInRevision == null || dSSDictionaryPresentInRevision.equals(dSSDictionary)) ? false : true) && !z) {
                            arrayList.add(new PdfDocDssRevision(dSSDictionary));
                        }
                        z = true;
                        if (pdfSignatureRevision != null) {
                            arrayList.add(pdfSignatureRevision);
                        }
                        if (dSSDictionaryPresentInRevision != null) {
                            arrayList.add(new PdfDocDssRevision(dSSDictionaryPresentInRevision));
                        }
                    } catch (Exception e) {
                        if (LOG.isDebugEnabled()) {
                            LOG.error("Unable to parse signature {} . Reason : {}", new Object[]{value, e.getMessage(), e});
                        } else {
                            LOG.error("Unable to parse signature {} . Reason : {}", value, e.getMessage());
                        }
                    }
                }
                if (loadPdfDocumentReader != null) {
                    loadPdfDocumentReader.close();
                }
                return arrayList;
            } finally {
            }
        } catch (IOException e2) {
            throw new DSSException(String.format("The document with name [%s] is either not accessible or not PDF compatible. Reason : [%s]", dSSDocument.getName(), e2.getMessage()), e2);
        } catch (DSSException e3) {
            throw e3;
        } catch (Exception e4) {
            throw new DSSException("Cannot analyze signatures : " + e4.getMessage(), e4);
        }
    }

    @Override // eu.europa.esig.dss.pdf.PDFSignatureService
    public DSSDocument addDssDictionary(DSSDocument dSSDocument, List<DSSDictionaryCallback> list) {
        return addDssDictionary(dSSDocument, list, null);
    }

    @Override // eu.europa.esig.dss.pdf.PDFSignatureService
    public List<String> getAvailableSignatureFields(DSSDocument dSSDocument) {
        return getAvailableSignatureFields(dSSDocument, null);
    }

    @Override // eu.europa.esig.dss.pdf.PDFSignatureService
    public DSSDocument addNewSignatureField(DSSDocument dSSDocument, SignatureFieldParameters signatureFieldParameters) {
        return addNewSignatureField(dSSDocument, signatureFieldParameters, null);
    }

    protected abstract PdfDocumentReader loadPdfDocumentReader(DSSDocument dSSDocument, String str) throws IOException, InvalidPasswordException;

    protected abstract PdfDocumentReader loadPdfDocumentReader(byte[] bArr, String str) throws IOException, InvalidPasswordException;

    private Map<PdfSignatureDictionary, List<String>> sortSignatureDictionaries(Map<PdfSignatureDictionary, List<String>> map) {
        return (Map) map.entrySet().stream().sorted(Map.Entry.comparingByKey(new PdfSignatureDictionaryComparator()).reversed()).collect(Collectors.toMap((v0) -> {
            return v0.getKey();
        }, (v0) -> {
            return v0.getValue();
        }, (list, list2) -> {
            return list;
        }, LinkedHashMap::new));
    }

    private PdfDssDict getDSSDictionaryPresentInRevision(byte[] bArr, String str) {
        try {
            PdfDocumentReader loadPdfDocumentReader = loadPdfDocumentReader(bArr, str);
            try {
                PdfDssDict dSSDictionary = loadPdfDocumentReader.getDSSDictionary();
                if (loadPdfDocumentReader != null) {
                    loadPdfDocumentReader.close();
                }
                return dSSDictionary;
            } finally {
            }
        } catch (Exception e) {
            LOG.debug("Cannot extract DSS dictionary from the previous revision : {}", e.getMessage(), e);
            return null;
        }
    }

    protected boolean isContentValueEqualsByteRangeExtraction(DSSDocument dSSDocument, ByteRange byteRange, byte[] bArr, List<String> list) {
        boolean z = false;
        try {
            z = Arrays.equals(bArr, getSignatureValue(dSSDocument, byteRange));
            if (!z) {
                LOG.warn("Conflict between /Content and ByteRange for Signature {}.", list);
            }
        } catch (Exception e) {
            String format = String.format("Unable to retrieve data from the ByteRange : [%s]", byteRange);
            if (LOG.isDebugEnabled()) {
                LOG.debug(format, e);
            } else {
                LOG.error(format);
            }
        }
        return z;
    }

    protected byte[] getSignatureValue(DSSDocument dSSDocument, ByteRange byteRange) throws IOException {
        int firstPartStart = byteRange.getFirstPartStart() + byteRange.getFirstPartEnd() + 1;
        int secondPartStart = (byteRange.getSecondPartStart() - 1) - firstPartStart;
        if (secondPartStart < 1) {
            throw new DSSException("The byte range present in the document is not valid! SignatureValue size cannot be negative or equal to zero!");
        }
        byte[] bArr = new byte[secondPartStart];
        InputStream openStream = dSSDocument.openStream();
        try {
            DSSUtils.skipAvailableBytes(openStream, firstPartStart);
            DSSUtils.readAvailableBytes(openStream, bArr);
            if (openStream != null) {
                openStream.close();
            }
            return Utils.fromHex(new String(bArr));
        } catch (Throwable th) {
            if (openStream != null) {
                try {
                    openStream.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    protected byte[] extractBeforeSignatureValue(ByteRange byteRange, byte[] bArr) {
        int firstPartEnd = byteRange.getFirstPartEnd();
        if (bArr.length < firstPartEnd) {
            return new byte[0];
        }
        byte[] bArr2 = new byte[firstPartEnd];
        System.arraycopy(bArr, 0, bArr2, 0, firstPartEnd);
        return bArr2;
    }

    protected boolean isDocTimestamp(PdfSignatureDictionary pdfSignatureDictionary) {
        String type = pdfSignatureDictionary.getType();
        return (type == null || PAdESConstants.TIMESTAMP_TYPE.equals(type)) && PAdESConstants.TIMESTAMP_DEFAULT_SUBFILTER.equals(pdfSignatureDictionary.getSubFilter());
    }

    protected boolean isSignature(PdfSignatureDictionary pdfSignatureDictionary) {
        String type = pdfSignatureDictionary.getType();
        return (type == null || PAdESConstants.SIGNATURE_TYPE.equals(type)) && !PAdESConstants.TIMESTAMP_DEFAULT_SUBFILTER.equals(pdfSignatureDictionary.getSubFilter());
    }

    protected Map<String, Long> buildKnownObjects(List<DSSDictionaryCallback> list) {
        HashMap hashMap = new HashMap();
        for (DSSDictionaryCallback dSSDictionaryCallback : list) {
            for (Map.Entry<Long, CertificateToken> entry : dSSDictionaryCallback.getStoredCertificates().entrySet()) {
                String tokenDigest = getTokenDigest((Token) entry.getValue());
                if (!hashMap.containsKey(tokenDigest)) {
                    hashMap.put(tokenDigest, entry.getKey());
                }
            }
            for (Map.Entry<Long, BasicOCSPResp> entry2 : dSSDictionaryCallback.getStoredOcspResps().entrySet()) {
                String base64 = Utils.toBase64(DSSUtils.digest(DigestAlgorithm.SHA256, DSSRevocationUtils.getEncoded(DSSRevocationUtils.fromBasicToResp(entry2.getValue()))));
                if (!hashMap.containsKey(base64)) {
                    hashMap.put(base64, entry2.getKey());
                }
            }
            for (Map.Entry<Long, CRLBinary> entry3 : dSSDictionaryCallback.getStoredCrls().entrySet()) {
                String base642 = Utils.toBase64(DSSUtils.digest(DigestAlgorithm.SHA256, entry3.getValue().getBinaries()));
                if (!hashMap.containsKey(base642)) {
                    hashMap.put(base642, entry3.getKey());
                }
            }
        }
        return hashMap;
    }

    protected String getTokenDigest(Token token) {
        return Utils.toBase64(token.getDigest(DigestAlgorithm.SHA256));
    }
}
