package pt.digitalis.dif.utils.pdf;

import com.lowagie.text.Document;
import com.lowagie.text.DocumentException;
import com.lowagie.text.Paragraph;
import com.lowagie.text.Rectangle;
import com.lowagie.text.pdf.AcroFields;
import com.lowagie.text.pdf.PdfPKCS7;
import com.lowagie.text.pdf.PdfReader;
import com.lowagie.text.pdf.PdfSignatureAppearance;
import com.lowagie.text.pdf.PdfStamper;
import com.lowagie.text.pdf.PdfWriter;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.Map;
import org.apache.batik.util.XMLConstants;
import org.opensaml.xml.security.x509.X500DNHandler;
import pt.digitalis.dif.ioc.DIFIoCRegistry;
import pt.digitalis.dif.utils.logging.DIFLogger;
import pt.digitalis.log.LogLevel;
import pt.digitalis.utils.config.IConfigurations;

/* loaded from: input_file:WEB-INF/lib/dif-presentation-core-2.3.8-1.jar:pt/digitalis/dif/utils/pdf/CertificateManager.class */
public class CertificateManager {
    public static String CONFIG_ID = "dif2";
    private static CertificateManager instance = null;
    public static String SECTION_ID = "Security/DigitalCertificate";
    private static final String SIGNATURE_NAME = "SignatureAddedByDigitalis";
    private Map<String, DigitalCertificateConfiguration> certificateCache = new HashMap();

    public static ByteArrayOutputStream createDummyPDF() throws DocumentException, IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        Document document = new Document();
        PdfWriter.getInstance(document, byteArrayOutputStream);
        document.open();
        document.add(new Paragraph("Create by Digitalis Development Team (For Tests Purpose)"));
        document.add(new Paragraph(new Date().toString()));
        document.close();
        return byteArrayOutputStream;
    }

    public static CertificateManager getInstance() throws Exception {
        if (instance == null) {
            instance = new CertificateManager();
            instance.certificateCache = ((IConfigurations) DIFIoCRegistry.getRegistry().getImplementation(IConfigurations.class)).readAllConfigurations(CONFIG_ID, SECTION_ID, DigitalCertificateConfiguration.class);
            if (instance.certificateCache != null) {
                Iterator<DigitalCertificateConfiguration> it2 = instance.certificateCache.values().iterator();
                while (it2.hasNext()) {
                    it2.next().initialize();
                }
            }
        }
        return instance;
    }

    public Map<String, DigitalCertificateConfiguration> getAllCertificates() {
        return this.certificateCache;
    }

    public boolean getCertificateAvailable(String str) throws Exception {
        return (str == null ? DigitalCertificateConfiguration.getInstance() : getCertificateConfiguration(str)).isCertificateValid().booleanValue();
    }

    public DigitalCertificateConfiguration getCertificateConfiguration(String str) throws Exception {
        if (!this.certificateCache.containsKey(str)) {
            if (str == null) {
                this.certificateCache.put(str, DigitalCertificateConfiguration.getInstance());
            } else {
                DigitalCertificateConfiguration digitalCertificateConfiguration = (DigitalCertificateConfiguration) ((IConfigurations) DIFIoCRegistry.getRegistry().getImplementation(IConfigurations.class)).readConfiguration(CONFIG_ID, SECTION_ID + "/" + str, DigitalCertificateConfiguration.class);
                if (digitalCertificateConfiguration != null) {
                    digitalCertificateConfiguration.setId(str);
                    digitalCertificateConfiguration.initialize();
                    this.certificateCache.put(str, digitalCertificateConfiguration);
                }
            }
        }
        return this.certificateCache.get(str);
    }

    public Map<String, String> getCertificateData(String str) throws Exception {
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        DigitalCertificateConfiguration digitalCertificateConfiguration = str == null ? DigitalCertificateConfiguration.getInstance() : getCertificateConfiguration(str);
        X509Certificate x509Certificate = (X509Certificate) digitalCertificateConfiguration.getKeystore().getCertificate(digitalCertificateConfiguration.getAlias());
        for (String str2 : x509Certificate.getSubjectX500Principal().getName(X500DNHandler.FORMAT_RFC1779).split(",")) {
            String[] split = str2.split(XMLConstants.XML_EQUAL_SIGN);
            if (split.length == 2) {
                linkedHashMap.put("Issue To \"" + split[0] + "\"", split[1]);
            }
        }
        linkedHashMap.put("Issuer", x509Certificate.getIssuerX500Principal().getName());
        if (x509Certificate.getNotBefore() != null) {
            linkedHashMap.put("Validity From", x509Certificate.getNotBefore().toString());
        }
        if (x509Certificate.getNotAfter() != null) {
            linkedHashMap.put("Validity To", x509Certificate.getNotAfter().toString());
        }
        linkedHashMap.put("SerialNumber", x509Certificate.getSerialNumber().toString());
        linkedHashMap.put("Type", x509Certificate.getType());
        return linkedHashMap;
    }

    public boolean getDefaultCertificateAvailable() throws Exception {
        return getCertificateAvailable(null);
    }

    public DigitalCertificateConfiguration getDefaultCertificateConfiguration() throws Exception {
        return getCertificateConfiguration(null);
    }

    public Map<String, String> getDefaultCertificateData() throws Exception {
        return getCertificateData(null);
    }

    private ByteArrayOutputStream internalSignPDF(byte[] bArr, DigitalCertificateConfiguration digitalCertificateConfiguration) throws Exception {
        if (digitalCertificateConfiguration == null) {
            digitalCertificateConfiguration = DigitalCertificateConfiguration.getInstance();
        }
        KeyStore keystore = digitalCertificateConfiguration.getKeystore();
        String alias = digitalCertificateConfiguration.getAlias();
        PrivateKey privateKey = (PrivateKey) keystore.getKey(alias, digitalCertificateConfiguration.getPassword().toCharArray());
        Certificate[] certificateChain = keystore.getCertificateChain(alias);
        PdfReader pdfReader = new PdfReader(bArr);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        PdfStamper createSignature = PdfStamper.createSignature(pdfReader, byteArrayOutputStream, (char) 0);
        PdfSignatureAppearance signatureAppearance = createSignature.getSignatureAppearance();
        signatureAppearance.setCrypto(privateKey, certificateChain, null, PdfSignatureAppearance.WINCER_SIGNED);
        if (digitalCertificateConfiguration.getReason() != null) {
            signatureAppearance.setReason(digitalCertificateConfiguration.getReason());
        }
        if (digitalCertificateConfiguration.getLocation() != null) {
            signatureAppearance.setLocation(digitalCertificateConfiguration.getLocation());
        }
        if (digitalCertificateConfiguration.getContact() != null) {
            signatureAppearance.setContact(digitalCertificateConfiguration.getContact());
        }
        if (digitalCertificateConfiguration.getShowSignature().booleanValue()) {
            signatureAppearance.setVisibleSignature(new Rectangle(Float.valueOf(digitalCertificateConfiguration.getLowerLeftX() == null ? 100.0f : digitalCertificateConfiguration.getLowerLeftX().floatValue()).floatValue(), Float.valueOf(digitalCertificateConfiguration.getLowerLeftY() == null ? 100.0f : digitalCertificateConfiguration.getLowerLeftY().floatValue()).floatValue(), Float.valueOf(digitalCertificateConfiguration.getUpperRightX() == null ? 200.0f : digitalCertificateConfiguration.getUpperRightX().floatValue()).floatValue(), Float.valueOf(digitalCertificateConfiguration.getUpperRightY() == null ? 200.0f : digitalCertificateConfiguration.getUpperRightY().floatValue()).floatValue()), 1, SIGNATURE_NAME);
        }
        signatureAppearance.setCertificationLevel(1);
        createSignature.close();
        return byteArrayOutputStream;
    }

    public void saveConfiguration(String str, String str2, String str3, Boolean bool, Double d, Double d2, Double d3, Double d4, String str4, String str5, String str6) throws Exception {
        DigitalCertificateConfiguration digitalCertificateConfiguration = str == null ? DigitalCertificateConfiguration.getInstance() : getCertificateConfiguration(str);
        if (str2 != null && !"".equals(str2)) {
            digitalCertificateConfiguration.setPath(str2);
        }
        if (str3 != null && !"".equals(str3)) {
            digitalCertificateConfiguration.setPassword(str3);
        }
        digitalCertificateConfiguration.setShowSignature(bool);
        if (d != null) {
            digitalCertificateConfiguration.setLowerLeftX(d.toString());
        }
        if (d2 != null) {
            digitalCertificateConfiguration.setLowerLeftY(d2.toString());
        }
        if (d3 != null) {
            digitalCertificateConfiguration.setUpperRightX(d3.toString());
        }
        if (d4 != null) {
            digitalCertificateConfiguration.setUpperRightY(d4.toString());
        }
        if (str6 != null) {
            digitalCertificateConfiguration.setLocation(str6);
        }
        if (str5 != null) {
            digitalCertificateConfiguration.setReason(str5);
        }
        if (str4 != null) {
            digitalCertificateConfiguration.setContact(str4);
        }
        String str7 = SECTION_ID;
        if (str != null) {
            str7 = str7 + "/" + str;
        }
        ((IConfigurations) DIFIoCRegistry.getRegistry().getImplementation(IConfigurations.class)).writeConfiguration(CONFIG_ID, str7, digitalCertificateConfiguration);
        digitalCertificateConfiguration.cleanCache();
        if (str != null) {
            this.certificateCache.put(str, digitalCertificateConfiguration);
        }
    }

    public void saveDefaultConfiguration(String str, String str2, Boolean bool, Double d, Double d2, Double d3, Double d4, String str3, String str4, String str5) throws Exception {
        saveConfiguration(null, str, str2, bool, d, d2, d3, d4, str3, str4, str5);
    }

    public ByteArrayOutputStream signPDF(byte[] bArr) throws Exception {
        return signPDF(bArr, null);
    }

    public ByteArrayOutputStream signPDF(byte[] bArr, boolean z, String str, String str2, String str3, Double d, Double d2, Double d3, Double d4) throws Exception {
        return internalSignPDF(bArr, null);
    }

    public ByteArrayOutputStream signPDF(byte[] bArr, String str) throws Exception {
        return internalSignPDF(bArr, str == null ? DigitalCertificateConfiguration.getInstance() : getCertificateConfiguration(str));
    }

    public boolean validateSignature(byte[] bArr) throws Exception {
        return validateSignature(bArr, null);
    }

    public boolean validateSignature(byte[] bArr, String str) throws Exception {
        Boolean bool = null;
        DigitalCertificateConfiguration digitalCertificateConfiguration = str == null ? DigitalCertificateConfiguration.getInstance() : getCertificateConfiguration(str);
        AcroFields acroFields = new PdfReader(bArr).getAcroFields();
        ArrayList signatureNames = acroFields.getSignatureNames();
        for (int i = 0; i < signatureNames.size(); i++) {
            PdfPKCS7 verifySignature = acroFields.verifySignature((String) signatureNames.get(i));
            if (PdfPKCS7.verifyCertificates((X509Certificate[]) verifySignature.getCertificates(), digitalCertificateConfiguration.getKeyStoreAll(), null, verifySignature.getSignDate()) == null) {
                bool = bool == null ? true : Boolean.valueOf(bool.booleanValue());
            }
        }
        if (bool == null) {
            bool = false;
        }
        return bool.booleanValue();
    }

    public void verifyAllCertificates(LogLevel logLevel) throws Exception {
        if (!getCertificateAvailable(null)) {
            DIFLogger.getLogger().log(logLevel, "The default digital certificate is not valid!");
        }
        for (String str : this.certificateCache.keySet()) {
            if (!getCertificateAvailable(str)) {
                DIFLogger.getLogger().log(logLevel, "The '" + str + "' digital certificate is not valid!");
            }
        }
    }
}
