package de.bos_bremen.vii.doctype.pades.pdftoolbox;

import de.bos_bremen.algorithm_identifier.AlgorithmService;
import de.bos_bremen.algorithm_identifier.CipherAlgorithm;
import de.bos_bremen.algorithm_identifier.DigestAlgorithm;
import de.bos_bremen.algorithm_identifier.PaddingAlgorithm;
import de.bos_bremen.algorithm_identifier.SignatureAlgorithm;
import de.bos_bremen.algorithm_identifier.gen.FormatAlgorithm;
import de.bos_bremen.algorithm_identifier.gen.SignatureAlgorithmBase;
import de.bos_bremen.ci.BSource;
import de.bos_bremen.ci.Range;
import de.bos_bremen.ci.Run;
import de.bos_bremen.ci.asn1.AlgorithmIdentifier;
import de.bos_bremen.ci.asn1.ParseException;
import de.bos_bremen.ci.asn1.cms.SignaturePolicyId;
import de.bos_bremen.ci.asn1.cms.SignaturePolicyIdentifier;
import de.bos_bremen.ci.asn1.x509.AttributeCertificate;
import de.bos_bremen.ci.asn1.x509.Certificate;
import de.bos_bremen.ci.asn1.x509.RSASSAPSSParameters;
import de.bos_bremen.pdftoolbox.schema.ecardpades.MessageCode;
import de.bos_bremen.pdftoolbox.schema.ecardpades.Revision;
import de.bos_bremen.pdftoolbox.schema.ecardpades.Signature;
import de.bos_bremen.pdftoolbox.schema.ecardpades.SignerCertificate;
import de.bos_bremen.vii.algo.impl.AlgorithmCatalogFacade;
import de.bos_bremen.vii.common.SignalReason;
import de.bos_bremen.vii.common.SignalReasons;
import de.bos_bremen.vii.doctype.pades.PAdESSignalReasons;
import de.bos_bremen.vii.util.ades.AdESSignalReasons;
import java.io.File;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:de/bos_bremen/vii/doctype/pades/pdftoolbox/PAdESSignatureFactory.class */
public class PAdESSignatureFactory {
    protected static final Logger LOG = LoggerFactory.getLogger(PAdESSignatureFactory.class);
    private final File basePDFile;

    public PAdESSignatureFactory(File file) {
        this.basePDFile = file;
    }

    public PAdESSignature create(Revision revision) {
        PAdESSignature pAdESSignature = new PAdESSignature();
        pAdESSignature.setCertHashIntegrityReason(createCertHashIntegrity(revision.getSignature()));
        Certificate createCertificate = createCertificate(revision.getSignature());
        pAdESSignature.setCertificate(createCertificate);
        List<AttributeCertificate> createAttributeCertificate = createAttributeCertificate(revision.getSignature());
        if (createAttributeCertificate != null) {
            Iterator<AttributeCertificate> it = createAttributeCertificate.iterator();
            while (it.hasNext()) {
                pAdESSignature.addAttributeCertificate(it.next());
            }
        }
        pAdESSignature.setDelegate(revision.getSignature());
        pAdESSignature.setIntegrityReason(createIntegrityReason(revision.getSignature(), createCertificate));
        pAdESSignature.setPadesStandardCompliance(createPAdESStandardCompliance(revision.getSignature()));
        pAdESSignature.setParsingError(createParsingError(revision.getSignature()));
        pAdESSignature.setSignatureAlgorithm(createSignatureAlgorithm(revision.getSignature()));
        pAdESSignature.setSignaturePolicy(createSignaturePolicy(revision.getSignature()));
        pAdESSignature.setStandardCompliance(createStandardCompliance(revision.getSignature()));
        pAdESSignature.setWholeDocSignedReason(createWholeDocSignedReason(revision.getSignature(), this.basePDFile));
        pAdESSignature.setWholeRevisionSignedReason(createWholeRevisionSignedReason(revision.getSignature()));
        return pAdESSignature;
    }

    SignalReason createCertHashIntegrity(Signature signature) {
        SignerCertificate signerCertificate = signature.getSignerCertificate();
        if (signerCertificate != null && signerCertificate.isESSCertIDValid() != null) {
            return signerCertificate.isESSCertIDValid().booleanValue() ? SignalReasons.VALID : AdESSignalReasons.CERTHASH_DOESNOTMATCH;
        }
        if (new ResultUtil(signature.getResult()).contains(MessageCode.NO_SIGNING_CERTIFICATE_ENTRY)) {
            return PAdESSignalReasons.CERT_HASH_DOES_NOT_EXIST_REASON;
        }
        return null;
    }

    Certificate createCertificate(Signature signature) {
        SignerCertificate signerCertificate = signature.getSignerCertificate();
        if (signerCertificate == null) {
            return null;
        }
        try {
            return new Certificate(new BSource(signerCertificate.getValue()));
        } catch (ParseException e) {
            throw new PAdESVerifyException("Cannot parse signer certificate", e);
        }
    }

    List<AttributeCertificate> createAttributeCertificate(Signature signature) {
        if (signature.getSignerCertificate() == null) {
            return null;
        }
        List attributeCertificate = signature.getAttributeCertificate();
        if (attributeCertificate != null) {
            try {
                if (!attributeCertificate.isEmpty()) {
                    ArrayList arrayList = new ArrayList();
                    Iterator it = attributeCertificate.iterator();
                    while (it.hasNext()) {
                        arrayList.add(new AttributeCertificate(new BSource(((de.bos_bremen.pdftoolbox.schema.ecardpades.AttributeCertificate) it.next()).getValue())));
                    }
                    return arrayList;
                }
            } catch (ParseException e) {
                throw new PAdESVerifyException("Cannot parse attribute certificate", e);
            }
        }
        return Collections.emptyList();
    }

    SignalReason createIntegrityReason(Signature signature, Certificate certificate) {
        return certificate == null ? SignalReasons.INT_ESSCERT_IDyellow : signature.isMathCheckValid() == null ? SignalReasons.INTyellow : signature.isMathCheckValid().booleanValue() ? SignalReasons.VALID : SignalReasons.INTred;
    }

    SignalReason createPAdESStandardCompliance(Signature signature) {
        return new ResultUtil(signature.getResult()).containsOneOf(MessageCode.NO_PADES_CONFORM_CMS_CONTENTTYPE, MessageCode.NO_CERT_ENTRY_ALLOWED_INSIDE_SIGNATURE_DICTIONARY, MessageCode.NO_SIGNINGTIME_ALLOWED_INSIDE_CMS) ? PAdESSignalReasons.NOT_PADES_COMPLIANT : SignalReasons.VALID;
    }

    SignalReason createParsingError(Signature signature) {
        if (new ResultUtil(signature.getResult()).containsOneOf(MessageCode.COULD_NOT_PARSE_SIGNATURE, MessageCode.UNKNOWN_SUBFILTER, MessageCode.MORE_THAN_ONE_SIGNINFO)) {
            return PAdESSignalReasons.UNPARSABLE_SIGNATURE;
        }
        return null;
    }

    SignatureAlgorithm createSignatureAlgorithm(Signature signature) {
        SignatureAlgorithm signatureAlgoForOIDAndParams = getSignatureAlgoForOIDAndParams(signature.getSignatureAlgorithmIdentifierOID(), signature.getSignatureAlgorithmIdentifierParameters());
        if (signatureAlgoForOIDAndParams != null) {
            return signatureAlgoForOIDAndParams;
        }
        String encryptAlgorithmOID = signature.getEncryptAlgorithmOID();
        String digestAlgorithmOID = signature.getDigestAlgorithmOID();
        if (encryptAlgorithmOID == null || digestAlgorithmOID == null) {
            return null;
        }
        CipherAlgorithm cipherForOID = AlgorithmService.getCipherForOID(encryptAlgorithmOID);
        DigestAlgorithm digestForOID = AlgorithmService.getDigestForOID(digestAlgorithmOID);
        if (cipherForOID == null) {
            try {
                return AlgorithmCatalogFacade.getSignatureAlgorithm(AlgorithmIdentifier.valueOf(encryptAlgorithmOID));
            } catch (ParseException e) {
                LOG.debug("failed finding signature algorithm by OID: " + encryptAlgorithmOID);
            }
        }
        PaddingAlgorithm paddingAlgorithm = cipherForOID.getPaddingAlgorithm();
        String jCAName = cipherForOID.getJCAName();
        return AlgorithmService.getSignature(jCAName.startsWith(SignatureAlgorithmBase.RSA.name()) ? SignatureAlgorithmBase.RSA : SignatureAlgorithmBase.fromValue(jCAName), digestForOID, paddingAlgorithm, (FormatAlgorithm) null);
    }

    SignaturePolicyId createSignaturePolicy(Signature signature) {
        if (signature.getPolicy() == null) {
            return null;
        }
        try {
            SignaturePolicyId generate = SignaturePolicyIdentifier.Factory.generate(Run.create(new BSource(signature.getPolicy())));
            if (generate instanceof SignaturePolicyId) {
                return generate;
            }
            return null;
        } catch (ParseException e) {
            throw new PAdESVerifyException("Cannot create SignaturePolicy", e);
        }
    }

    SignalReason createStandardCompliance(Signature signature) {
        return new ResultUtil(signature.getResult()).containsOneOf(MessageCode.BYTE_RANGE_GAP_SHORTER_THAN_SIGNATURE, MessageCode.ENVELOPED_CMS_NOT_ALLOWED_INSIDE_PDF_SIGNATURE) ? PAdESSignalReasons.NOT_STANDARD_COMPLIANT : SignalReasons.VALID;
    }

    SignalReason createWholeDocSignedReason(Signature signature, File file) {
        try {
            List<Range> signatureByteRange = RangeUtil.getSignatureByteRange(signature);
            if (signatureByteRange.size() == 2) {
                int off = signatureByteRange.get(0).getOff();
                int off2 = signatureByteRange.get(1).getOff() + signatureByteRange.get(1).getLen();
                if (off == 0 && off2 == file.length()) {
                    return PAdESSignalReasons.WHOLE_DOC_SIGNED_REASON;
                }
            }
            return PAdESSignalReasons.NOT_WHOLE_DOC_SIGNED_REASON;
        } catch (IllegalArgumentException e) {
            return e.getMessage().contentEquals(RangeUtil.BYTERANGE) ? PAdESSignalReasons.CONTENT_IS_NOT_GUARANTEED : PAdESSignalReasons.UNPARSABLE_SIGNATURE;
        }
    }

    SignalReason createWholeRevisionSignedReason(Signature signature) {
        return new ResultUtil(signature.getResult()).containsOneOf(MessageCode.BYTE_RANGE_CONTAIN_MORE_THAN_ONE_GAP, MessageCode.BYTE_RANGE_GAP_LONGER_THAN_SIGNATURE) ? PAdESSignalReasons.NOT_WHOLE_REVISION_SIGNED : SignalReasons.VALID;
    }

    private SignatureAlgorithm getSignatureAlgoForOIDAndParams(String str, byte[] bArr) {
        if (str == null) {
            return null;
        }
        SignatureAlgorithm signatureAlgorithm = null;
        try {
            List signatureForOID = AlgorithmService.getSignatureForOID(str);
            if (signatureForOID.size() > 1) {
                PaddingAlgorithm paddingAlgorithm = ((SignatureAlgorithm) signatureForOID.get(0)).getPaddingAlgorithm();
                if (paddingAlgorithm != null && paddingAlgorithm.getName().equals("PSS") && bArr != null) {
                    DigestAlgorithm digestAlgorithm = new RSASSAPSSParameters(Run.create(new BSource(bArr))).getDigestAlgorithm();
                    Iterator it = signatureForOID.iterator();
                    while (true) {
                        if (!it.hasNext()) {
                            break;
                        }
                        SignatureAlgorithm signatureAlgorithm2 = (SignatureAlgorithm) it.next();
                        if (signatureAlgorithm2.getDigestAlgorithm().equals(digestAlgorithm)) {
                            signatureAlgorithm = signatureAlgorithm2;
                            break;
                        }
                    }
                }
            } else {
                signatureAlgorithm = signatureForOID.size() == 0 ? (SignatureAlgorithm) signatureForOID.get(0) : null;
            }
            return signatureAlgorithm;
        } catch (ParseException e) {
            return null;
        }
    }
}
