package es.gob.afirma.signers.pades;

import androidx.activity.result.d;
import es.gob.afirma.core.AOCancelledOperationException;
import es.gob.afirma.core.AOException;
import es.gob.afirma.core.AOInvalidFormatException;
import es.gob.afirma.core.misc.AOUtil;
import es.gob.afirma.core.signers.AOConfigurableContext;
import es.gob.afirma.core.signers.AOPkcs1Signer;
import es.gob.afirma.core.signers.AOSignConstants;
import es.gob.afirma.core.signers.AOSignInfo;
import es.gob.afirma.core.signers.AOSigner;
import es.gob.afirma.core.signers.AOSimpleSignInfo;
import es.gob.afirma.core.signers.CounterSignTarget;
import es.gob.afirma.core.signers.SignEnhancer;
import es.gob.afirma.core.util.tree.AOTreeModel;
import es.gob.afirma.core.util.tree.AOTreeNode;
import es.gob.afirma.signers.pades.common.PdfExtraParams;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.Security;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Calendar;
import java.util.Collection;
import java.util.GregorianCalendar;
import java.util.Iterator;
import java.util.Locale;
import java.util.Properties;
import java.util.logging.Level;
import java.util.logging.Logger;
import okhttp3.HttpUrl;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import s6.a;
import t6.e2;
import t6.n1;
import t6.t0;
import t6.w1;

/* loaded from: classes.dex */
public final class AOPDFSigner implements AOSigner, AOConfigurableContext {
    private static final Logger LOGGER;
    private static final n1 PDFNAME_DOCTIMESTAMP;
    private static final n1 PDFNAME_ETSI_RFC3161;
    private static final String PDF_FILE_HEADER = "%PDF-";
    private static final String PDF_FILE_SUFFIX = ".pdf";
    private static final int PDF_MIN_FILE_SIZE = 70;
    private static SignEnhancer enhancer;
    private static Properties enhancerConfig;
    private boolean secureMode = true;

    static {
        Logger logger = Logger.getLogger("es.gob.afirma");
        LOGGER = logger;
        PDFNAME_ETSI_RFC3161 = new n1("ETSI.RFC3161", true);
        PDFNAME_DOCTIMESTAMP = new n1("DocTimeStamp", true);
        String str = null;
        enhancer = null;
        Properties properties = new Properties();
        enhancerConfig = properties;
        try {
            properties.load(AOPDFSigner.class.getResourceAsStream("/enhancer.properties"));
            str = enhancerConfig.getProperty("enhancerClassFile");
            if (str != null) {
                enhancer = (SignEnhancer) Class.forName(str).getConstructor(new Class[0]).newInstance(new Object[0]);
                logger.info("Se usara el siguiente mejorador de firmas: ".concat(str));
            }
        } catch (ClassNotFoundException e10) {
            LOGGER.warning("Se ha configurado la clase de mejora '" + str + "', pero esta no se encuentra: " + e10);
        } catch (Exception e11) {
            LOGGER.info("No hay un mejorador de firmas correctamente instalado: " + e11);
        }
        String[] strArr = {"SunEC", BouncyCastleProvider.PROVIDER_NAME, "SC"};
        for (int i10 = 0; i10 < 3; i10++) {
            Provider provider = Security.getProvider(strArr[i10]);
            if (provider != null) {
                provider.put("Alg.Alias.Signature.SHA224with1.2.840.10045.4.3.2", AOSignConstants.SIGN_ALGORITHM_SHA224WITHECDSA);
                provider.put("Alg.Alias.Signature.SHA256with1.2.840.10045.4.3.2", AOSignConstants.SIGN_ALGORITHM_SHA256WITHECDSA);
                provider.put("Alg.Alias.Signature.SHA384with1.2.840.10045.4.3.2", AOSignConstants.SIGN_ALGORITHM_SHA384WITHECDSA);
                provider.put("Alg.Alias.Signature.SHA512with1.2.840.10045.4.3.2", AOSignConstants.SIGN_ALGORITHM_SHA512WITHECDSA);
            }
        }
    }

    private static void checkParams(String str, Properties properties) {
        if (str.toUpperCase(Locale.US).startsWith("MD")) {
            throw new IllegalArgumentException("PAdES no permite huellas digitales MD2 o MD5 (Decision 130/2011 CE)");
        }
        String property = properties.getProperty("profile");
        if (AOSignConstants.SIGN_PROFILE_BASELINE.equalsIgnoreCase(property)) {
            if (AOSignConstants.isSHA1SignatureAlgorithm(str)) {
                LOGGER.warning("El algoritmo '" + str + "' no esta recomendado para su uso en las firmas baseline");
            }
            if (properties.containsKey(PdfExtraParams.SIGNATURE_SUBFILTER)) {
                LOGGER.warning("Se ignorara el valor establecido en el parametro 'signatureSubFilter' ya que en las firmas baseline el subfiltro siempre sera ETSI.CAdES.detached");
                properties.remove(PdfExtraParams.SIGNATURE_SUBFILTER);
            }
        }
        if (properties.containsKey(PdfExtraParams.COMMITMENT_TYPE_INDICATIONS) && !AOSignConstants.SIGN_PROFILE_BASELINE.equalsIgnoreCase(property) && !properties.containsKey(PdfExtraParams.POLICY_IDENTIFIER)) {
            LOGGER.warning("Se ignoraran los commitment type indications establecidos por no estar permitidos en las firmas PAdES-EPES");
            properties.remove(PdfExtraParams.COMMITMENT_TYPE_INDICATIONS);
        }
        if (properties.containsKey(PdfExtraParams.SIGN_REASON) && properties.containsKey(PdfExtraParams.POLICY_IDENTIFIER)) {
            LOGGER.warning("Se ignorara la razon de firma establecida por haberse indicado una politica de firma");
            properties.remove(PdfExtraParams.SIGN_REASON);
        }
        if (properties.containsKey(PdfExtraParams.SIGN_REASON) && properties.containsKey(PdfExtraParams.COMMITMENT_TYPE_INDICATIONS)) {
            LOGGER.warning("Se ignoraran los commitment type indications establecidos por haberse indicado una razon de firma");
            properties.remove(PdfExtraParams.COMMITMENT_TYPE_INDICATIONS);
        }
    }

    public static void configureRespectfulProperties(byte[] bArr, Properties properties) {
        if (properties == null || properties.containsKey(PdfExtraParams.SIGNATURE_SUBFILTER)) {
            return;
        }
        try {
            String firstSupportedSignSubFilter = PdfUtil.getFirstSupportedSignSubFilter(bArr, properties);
            if (firstSupportedSignSubFilter != null) {
                properties.setProperty(PdfExtraParams.SIGNATURE_SUBFILTER, firstSupportedSignSubFilter.substring(firstSupportedSignSubFilter.indexOf(47) + 1));
            }
        } catch (Exception e10) {
            d.m("Error al configurar la firma PDF para que sea igual a las existentes: ", e10, LOGGER);
        }
    }

    private static Properties getExtraParams(Properties properties) {
        return properties != null ? (Properties) properties.clone() : new Properties();
    }

    public static SignEnhancer getSignEnhancer() {
        return enhancer;
    }

    public static Properties getSignEnhancerConfig() {
        Properties properties = enhancerConfig;
        if (properties != null) {
            return (Properties) properties.clone();
        }
        return null;
    }

    public static String getSignedName(String str) {
        return str == null ? "signed.pdf" : str.endsWith(PDF_FILE_SUFFIX) ? str.replace(PDF_FILE_SUFFIX, ".signed.pdf") : str.endsWith(".PDF") ? str.replace(".PDF", ".signed.pdf") : str.concat(".signed.pdf");
    }

    private static boolean isPdfFile(byte[] bArr) {
        if (bArr != null && bArr.length >= 70) {
            byte[] bArr2 = new byte[5];
            try {
                new ByteArrayInputStream(bArr).read(bArr2);
                if (!PDF_FILE_HEADER.equals(new String(bArr2))) {
                    return false;
                }
                try {
                    new e2(bArr, null);
                    return true;
                } catch (a e10) {
                    LOGGER.warning("El PDF esta protegido con contrasena, se toma como PDF valido: " + e10);
                    return true;
                } catch (Exception unused) {
                    return false;
                }
            } catch (Exception e11) {
                d.m("El contenido parece corrupto o truncado: ", e11, LOGGER);
            }
        }
        return false;
    }

    @Override // es.gob.afirma.core.signers.AOCoSigner
    public byte[] cosign(byte[] bArr, String str, PrivateKey privateKey, Certificate[] certificateArr, Properties properties) throws AOException, IOException {
        return sign(bArr, str, privateKey, certificateArr, properties);
    }

    @Override // es.gob.afirma.core.signers.AOCoSigner
    public byte[] cosign(byte[] bArr, byte[] bArr2, String str, PrivateKey privateKey, Certificate[] certificateArr, Properties properties) throws AOException, IOException {
        return sign(bArr2, str, privateKey, certificateArr, properties);
    }

    @Override // es.gob.afirma.core.signers.AOCounterSigner
    public byte[] countersign(byte[] bArr, String str, CounterSignTarget counterSignTarget, Object[] objArr, PrivateKey privateKey, Certificate[] certificateArr, Properties properties) {
        throw new UnsupportedOperationException("No es posible realizar contrafirmas de ficheros PDF");
    }

    @Override // es.gob.afirma.core.signers.AOSigner
    public byte[] getData(byte[] bArr) throws AOInvalidFormatException {
        if (isSign(bArr)) {
            return bArr;
        }
        throw new AOInvalidFormatException("El documento introducido no contiene una firma valida");
    }

    @Override // es.gob.afirma.core.signers.AOSigner
    public AOSignInfo getSignInfo(byte[] bArr) throws AOException {
        if (bArr == null) {
            throw new IllegalArgumentException("No se han introducido datos para analizar");
        }
        if (isSign(bArr)) {
            return new AOSignInfo(AOSignConstants.SIGN_FORMAT_PDF);
        }
        throw new AOInvalidFormatException("Los datos introducidos no se corresponden con un objeto de firma");
    }

    @Override // es.gob.afirma.core.signers.AOSigner
    public String getSignedName(String str, String str2) {
        StringBuilder sb2;
        if (str2 == null) {
            str2 = HttpUrl.FRAGMENT_ENCODE_SET;
        }
        if (str == null) {
            return "signed.pdf";
        }
        if (str.toLowerCase(Locale.US).endsWith(PDF_FILE_SUFFIX)) {
            sb2 = new StringBuilder();
            str = str.substring(0, str.length() - 4);
        } else {
            sb2 = new StringBuilder();
        }
        sb2.append(str);
        sb2.append(str2);
        sb2.append(PDF_FILE_SUFFIX);
        return sb2.toString();
    }

    @Override // es.gob.afirma.core.signers.AOSigner
    public AOTreeModel getSignersStructure(byte[] bArr, boolean z10) {
        AOTreeNode aOTreeNode = new AOTreeNode("Datos");
        if (!isPdfFile(bArr)) {
            return new AOTreeModel(aOTreeNode);
        }
        try {
            try {
                t6.a aVar = new t6.a(new e2(bArr, null), null);
                Iterator it = aVar.c().iterator();
                while (it.hasNext()) {
                    String str = (String) it.next();
                    t0 b10 = aVar.b(str);
                    n1 n1Var = PDFNAME_ETSI_RFC3161;
                    n1 n1Var2 = n1.J4;
                    if (!n1Var.equals(b10.q(n1Var2)) && !PDFNAME_DOCTIMESTAMP.equals(b10.q(n1Var2))) {
                        try {
                            w1 e10 = aVar.e(str);
                            if (z10) {
                                Collection<Certificate> collection = e10.f22109g;
                                int length = ((Certificate[]) collection.toArray(new X509Certificate[collection.size()])).length;
                                X509Certificate[] x509CertificateArr = new X509Certificate[length];
                                for (int i10 = 0; i10 < length; i10++) {
                                    Collection<Certificate> collection2 = e10.f22109g;
                                    x509CertificateArr[i10] = (X509Certificate) ((Certificate[]) collection2.toArray(new X509Certificate[collection2.size()]))[i10];
                                }
                                Calendar calendar = e10.f22120r;
                                AOSimpleSignInfo aOSimpleSignInfo = new AOSimpleSignInfo(x509CertificateArr, calendar != null ? calendar.getTime() : null);
                                byte[] bArr2 = e10.f22111i;
                                byte[] bArr3 = bArr2 != null ? (byte[]) bArr2.clone() : null;
                                if (bArr3 != null) {
                                    aOSimpleSignInfo.setPkcs1(bArr3);
                                }
                                String b11 = e10.b();
                                if (b11 != null) {
                                    aOSimpleSignInfo.setSignAlgorithm(b11);
                                }
                                aOTreeNode.add(new AOTreeNode(aOSimpleSignInfo));
                            } else {
                                aOTreeNode.add(new AOTreeNode(AOUtil.getCN(e10.f22110h)));
                            }
                        } catch (Exception e11) {
                            LOGGER.log(Level.SEVERE, "El PDF contiene una firma corrupta o con un formato desconocido (" + str + "), se continua con las siguientes si las hubiese: " + e11, (Throwable) e11);
                        }
                    }
                }
                return new AOTreeModel(aOTreeNode);
            } catch (Exception e12) {
                LOGGER.severe("No se ha podido obtener la informacion de los firmantes del PDF, se devolvera un arbol vacio: " + e12);
                return new AOTreeModel(aOTreeNode);
            }
        } catch (a e13) {
            LOGGER.info("El PDF necesita contrasena. Se devolvera el arbol vacio: " + e13);
            return new AOTreeModel(aOTreeNode);
        } catch (Exception e14) {
            LOGGER.severe("No se ha podido leer el PDF, se devolvera un arbol vacio: " + e14);
            return new AOTreeModel(aOTreeNode);
        }
    }

    @Override // es.gob.afirma.core.signers.AOConfigurableContext
    public boolean isSecureMode() {
        return this.secureMode;
    }

    @Override // es.gob.afirma.core.signers.AOSigner
    public boolean isSign(byte[] bArr) {
        if (bArr == null) {
            LOGGER.warning("Se han introducido datos nulos para su comprobacion");
            return false;
        }
        if (!isPdfFile(bArr)) {
            return false;
        }
        Object root = getSignersStructure(bArr, false).getRoot();
        if (root instanceof AOTreeNode) {
            if (AOTreeModel.getChildCount(root) > 0) {
                return true;
            }
            Properties properties = System.getProperties();
            try {
                if (PdfUtil.pdfHasUnregisteredSignatures(bArr, properties)) {
                    if (Boolean.TRUE.toString().equalsIgnoreCase(properties.getProperty(PdfExtraParams.ALLOW_COSIGNING_UNREGISTERED_SIGNATURES))) {
                        return true;
                    }
                }
            } catch (Exception e10) {
                LOGGER.severe("No se han podido comprobar las firmas no registradas del PDF: " + e10);
            }
        }
        return false;
    }

    @Override // es.gob.afirma.core.signers.AOSigner
    public boolean isValidDataFile(byte[] bArr) {
        if (bArr != null) {
            return isPdfFile(bArr);
        }
        LOGGER.warning("Se han introducido datos nulos para su comprobacion");
        return false;
    }

    @Override // es.gob.afirma.core.signers.AOConfigurableContext
    public void setSecureMode(boolean z10) {
        this.secureMode = z10;
    }

    @Override // es.gob.afirma.core.signers.AOSimpleSigner
    public byte[] sign(byte[] bArr, String str, PrivateKey privateKey, Certificate[] certificateArr, Properties properties) throws AOException, IOException {
        if (str == null) {
            str = "SHA512withRSA";
        }
        Properties extraParams = getExtraParams(properties);
        checkParams(str, extraParams);
        if (Boolean.parseBoolean(extraParams.getProperty("includeOnlySignningCertificate", Boolean.FALSE.toString()))) {
            certificateArr = new X509Certificate[]{(X509Certificate) certificateArr[0]};
        }
        GregorianCalendar signTime = PdfUtil.getSignTime(extraParams.getProperty(PdfExtraParams.SIGN_TIME));
        try {
            byte[] timestampPdf = PdfTimestamper.timestampPdf(bArr, extraParams, signTime);
            PdfSignResult preSign = PAdESTriPhaseSigner.preSign(str, timestampPdf, certificateArr, signTime, extraParams, this.secureMode);
            try {
                try {
                    return PAdESTriPhaseSigner.postSign(str, timestampPdf, certificateArr, new AOPkcs1Signer().sign(preSign.getSign(), str, privateKey, certificateArr, extraParams), preSign, getSignEnhancer(), getSignEnhancerConfig(), this.secureMode);
                } catch (NoSuchAlgorithmException e10) {
                    throw new AOException("Error el en algoritmo de firma: " + e10, e10);
                }
            } catch (AOCancelledOperationException e11) {
                throw e11;
            } catch (Exception e12) {
                throw new AOException(cj.a.e("Error al generar la firma PKCS#1 de la firma PAdES: ", e12), e12);
            }
        } catch (NoSuchAlgorithmException e13) {
            throw new IOException("No se soporta el algoritmo indicado para la huella digital del sello de tiempo: " + e13, e13);
        }
    }
}
