package br.com.fiorilli.webpki.util.pdf;

import br.com.fiorilli.webpki.model.Certificate;
import br.com.fiorilli.webpki.model.PDFResult;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.IOException;
import java.security.MessageDigest;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Base64;
import java.util.List;
import org.apache.pdfbox.cos.COSDictionary;
import org.apache.pdfbox.cos.COSName;
import org.apache.pdfbox.cos.COSString;
import org.apache.pdfbox.pdmodel.PDDocument;
import org.apache.pdfbox.pdmodel.interactive.digitalsignature.PDSignature;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cms.CMSProcessableByteArray;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.cms.SignerInformation;

/* loaded from: input_file:br/com/fiorilli/webpki/util/pdf/PDFSignatureInfo.class */
public final class PDFSignatureInfo {
    public List<PDFResult> extractCertificates(File file) throws Exception {
        return extractCertificates(PDDocument.load(file));
    }

    public List<PDFResult> extractCertificates(byte[] bArr) throws Exception {
        return extractCertificates(PDDocument.load(bArr));
    }

    /* JADX WARN: Failed to find 'out' block for switch in B:11:0x00c9. Please report as an issue. */
    private List<PDFResult> extractCertificates(PDDocument pDDocument) throws Exception {
        ArrayList arrayList = new ArrayList();
        for (PDSignature pDSignature : pDDocument.getSignatureDictionaries()) {
            COSDictionary cOSObject = pDSignature.getCOSObject();
            COSString cOSString = (COSString) cOSObject.getDictionaryObject(COSName.CONTENTS);
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(cOSString.getBytes());
            try {
                byte[] signedContent = pDSignature.getSignedContent(byteArrayInputStream);
                byteArrayInputStream.close();
                String subFilter = pDSignature.getSubFilter();
                if (subFilter == null) {
                    throw new IOException("Missing subfilter for cert dictionary");
                }
                PDFResult pDFResult = new PDFResult();
                pDFResult.setName(pDSignature.getName());
                pDFResult.setReason(pDSignature.getReason());
                pDFResult.setContactInfo(pDSignature.getContactInfo());
                pDFResult.setLocation(pDSignature.getLocation());
                pDFResult.setFilter(pDSignature.getFilter());
                pDFResult.setSubFilter(subFilter);
                boolean z = -1;
                switch (subFilter.hashCode()) {
                    case -2135955201:
                        if (subFilter.equals("ETSI.RFC3161")) {
                            z = 4;
                            break;
                        }
                        break;
                    case -2014161137:
                        if (subFilter.equals("adbe.pkcs7.sha1")) {
                            z = 2;
                            break;
                        }
                        break;
                    case 1783016132:
                        if (subFilter.equals("adbe.x509.rsa_sha1")) {
                            z = 3;
                            break;
                        }
                        break;
                    case 1939488501:
                        if (subFilter.equals("ETSI.CAdES.detached")) {
                            z = true;
                            break;
                        }
                        break;
                    case 2015163516:
                        if (subFilter.equals("adbe.pkcs7.detached")) {
                            z = false;
                            break;
                        }
                        break;
                }
                switch (z) {
                    case false:
                    case true:
                        verifyPKCS7(signedContent, cOSString, pDFResult);
                        break;
                    case true:
                        CertificateFactory.getInstance("X.509").generateCertificates(new ByteArrayInputStream(cOSString.getBytes()));
                        verifyPKCS7(MessageDigest.getInstance("SHA1").digest(signedContent), cOSString, pDFResult);
                        break;
                    case true:
                        COSString dictionaryObject = cOSObject.getDictionaryObject(COSName.CERT);
                        if (dictionaryObject == null) {
                            throw new IllegalStateException("The /Cert certificate string is missing in the pdfResult dictionary");
                        }
                        X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificates(new ByteArrayInputStream(dictionaryObject.getBytes())).iterator().next();
                        pDFResult.setCertificate(new Certificate(x509Certificate));
                        pDFResult.setCertificateEncoded(Base64.getEncoder().encodeToString(x509Certificate.getEncoded()));
                        break;
                    case true:
                        verifyETSIdotRFC3161(signedContent, cOSString, pDFResult);
                        break;
                    default:
                        throw new IOException("Unknown certificate type: " + subFilter);
                }
                arrayList.add(pDFResult);
            } catch (Throwable th) {
                try {
                    byteArrayInputStream.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
                throw th;
            }
        }
        return arrayList;
    }

    private void verifyPKCS7(byte[] bArr, COSString cOSString, PDFResult pDFResult) throws Exception {
        CMSSignedData cMSSignedData = new CMSSignedData(new CMSProcessableByteArray(bArr), cOSString.getBytes());
        X509Certificate certificate = new JcaX509CertificateConverter().getCertificate((X509CertificateHolder) cMSSignedData.getCertificates().getMatches(((SignerInformation) cMSSignedData.getSignerInfos().getSigners().iterator().next()).getSID()).iterator().next());
        pDFResult.setCertificate(new Certificate(certificate));
        pDFResult.setCertificateEncoded(Base64.getEncoder().encodeToString(certificate.getEncoded()));
    }

    private void verifyETSIdotRFC3161(byte[] bArr, COSString cOSString, PDFResult pDFResult) throws Exception {
        X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificates(new ByteArrayInputStream(cOSString.getBytes())).iterator().next();
        pDFResult.setCertificate(new Certificate(x509Certificate));
        pDFResult.setCertificateEncoded(Base64.getEncoder().encodeToString(x509Certificate.getEncoded()));
    }
}
