package cfca.seal.sadk;

import cfca.com.itextpdf.text.DocumentException;
import cfca.com.itextpdf.text.error_messages.MessageLocalization;
import cfca.com.itextpdf.text.pdf.AcroFields;
import cfca.com.itextpdf.text.pdf.PdfArray;
import cfca.com.itextpdf.text.pdf.PdfDictionary;
import cfca.com.itextpdf.text.pdf.PdfIndirectReference;
import cfca.com.itextpdf.text.pdf.PdfName;
import cfca.com.itextpdf.text.pdf.PdfNumber;
import cfca.com.itextpdf.text.pdf.PdfReader;
import cfca.com.itextpdf.text.pdf.security.PdfPKCS7;
import cfca.sadk.algorithm.common.PKIException;
import cfca.sadk.org.bouncycastle.jce.provider.BouncyCastleProvider;
import cfca.sadk.x509.certificate.X509Cert;
import cfca.seal.sadk.cert.PdfX509Certificate;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.Security;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;

/* loaded from: input_file:cfca/seal/sadk/PdfSealVerifier.class */
public class PdfSealVerifier {
    private boolean isPKCS7Valid;
    private HashMap<String, PdfArray> coveredByteRangeMap;
    private long fileLength;
    private ArrayList<String> sigNames;
    private HashMap<String, X509Cert> sigNameCertMap;
    private HashMap<String, PdfPKCS7> sigNamePKCS7Map;
    private HashMap<String, List<AcroFields.FieldPosition>> signaturePositionMap;

    /* loaded from: input_file:cfca/seal/sadk/PdfSealVerifier$PreProceedingWithVerifyingPKCS7.class */
    public static abstract class PreProceedingWithVerifyingPKCS7 {
        public abstract boolean proceedingWithVerifyingPKCS7(int i, String str, PdfX509Certificate pdfX509Certificate, PdfPKCS7 pdfPKCS7, List<AcroFields.FieldPosition> list, PdfArray pdfArray, String str2, int i2, boolean z, boolean z2);
    }

    public PdfSealVerifier(byte[] bArr) throws PKIException, IOException, GeneralSecurityException {
        this.isPKCS7Valid = false;
        this.isPKCS7Valid = verifyPKCS7(bArr);
    }

    public PdfSealVerifier(PdfReader pdfReader) throws PKIException, GeneralSecurityException {
        this.isPKCS7Valid = false;
        this.isPKCS7Valid = verifyPKCS7(pdfReader);
    }

    public PdfSealVerifier() {
        this.isPKCS7Valid = false;
    }

    public HashMap<String, PdfArray> getCoveredByteRangeMap() {
        return this.coveredByteRangeMap;
    }

    public PdfArray getUncoveredByteRange() {
        long[] jArr = new long[2];
        long j = 0;
        String str = null;
        for (String str2 : this.coveredByteRangeMap.keySet()) {
            long[] asLongArray = this.coveredByteRangeMap.get(str2).asLongArray();
            long j2 = (asLongArray[2] + asLongArray[3]) - 1;
            if (j < j2) {
                j = j2;
                str = str2;
            }
        }
        long[] asLongArray2 = this.coveredByteRangeMap.get(str).asLongArray();
        jArr[0] = asLongArray2[2] + asLongArray2[3];
        jArr[1] = this.fileLength - jArr[0];
        PdfArray pdfArray = new PdfArray();
        PdfNumber pdfNumber = new PdfNumber(jArr[0]);
        PdfNumber pdfNumber2 = new PdfNumber(jArr[1]);
        pdfArray.add(pdfNumber);
        pdfArray.add(pdfNumber2);
        return pdfArray;
    }

    public boolean verifyPKCS7(PdfReader pdfReader) throws GeneralSecurityException, PKIException {
        boolean z = true;
        try {
            this.fileLength = pdfReader.getFileLength();
            AcroFields acroFields = pdfReader.getAcroFields();
            ArrayList<String> signatureNames = acroFields.getSignatureNames();
            if (signatureNames == null || signatureNames.isEmpty()) {
                return 1 == 0;
            }
            this.sigNameCertMap = new HashMap<>();
            this.sigNamePKCS7Map = new HashMap<>();
            this.sigNames = new ArrayList<>();
            this.coveredByteRangeMap = new HashMap<>();
            this.signaturePositionMap = new HashMap<>();
            Iterator<String> it = signatureNames.iterator();
            while (it.hasNext()) {
                String next = it.next();
                PdfPKCS7 verifySignature = acroFields.verifySignature(next);
                List<AcroFields.FieldPosition> fieldPositions = acroFields.getFieldPositions(next);
                PdfArray coveredByteRange = acroFields.getCoveredByteRange();
                X509Cert x509Cert = new X509Cert(verifySignature.getSigningCertificate().getEncoded());
                this.sigNames.add(next);
                this.sigNameCertMap.put(next, x509Cert);
                this.sigNamePKCS7Map.put(next, verifySignature);
                this.coveredByteRangeMap.put(next, coveredByteRange);
                this.signaturePositionMap.put(next, fieldPositions);
                z = z && verifySignature.verify();
                if (!z) {
                    break;
                }
            }
            if (null != pdfReader) {
                pdfReader.close();
            }
            this.isPKCS7Valid = z;
            return z;
        } finally {
            if (null != pdfReader) {
                pdfReader.close();
            }
        }
    }

    public boolean verifyPKCS7(byte[] bArr) throws PKIException, IOException, GeneralSecurityException {
        boolean z = true;
        PdfReader pdfReader = null;
        try {
            pdfReader = new PdfReader(bArr);
            this.fileLength = pdfReader.getFileLength();
            AcroFields acroFields = pdfReader.getAcroFields();
            ArrayList<String> signatureNames = acroFields.getSignatureNames();
            if (signatureNames == null || signatureNames.isEmpty()) {
                boolean z2 = 1 == 0;
                if (null != pdfReader) {
                    pdfReader.close();
                }
                return z2;
            }
            this.sigNameCertMap = new HashMap<>();
            this.sigNamePKCS7Map = new HashMap<>();
            this.sigNames = new ArrayList<>();
            this.coveredByteRangeMap = new HashMap<>();
            this.signaturePositionMap = new HashMap<>();
            Iterator<String> it = signatureNames.iterator();
            while (it.hasNext()) {
                String next = it.next();
                PdfPKCS7 verifySignature = acroFields.verifySignature(next);
                List<AcroFields.FieldPosition> fieldPositions = acroFields.getFieldPositions(next);
                PdfArray coveredByteRange = acroFields.getCoveredByteRange();
                X509Cert x509Cert = new X509Cert(verifySignature.getSigningCertificate().getEncoded());
                this.sigNames.add(next);
                this.sigNameCertMap.put(next, x509Cert);
                this.sigNamePKCS7Map.put(next, verifySignature);
                this.coveredByteRangeMap.put(next, coveredByteRange);
                this.signaturePositionMap.put(next, fieldPositions);
                z = z && verifySignature.verify();
                if (!z) {
                    break;
                }
            }
            if (null != pdfReader) {
                pdfReader.close();
            }
            this.isPKCS7Valid = z;
            return z;
        } catch (Throwable th) {
            if (null != pdfReader) {
                pdfReader.close();
            }
            throw th;
        }
    }

    public HashMap<String, X509Cert> getSigNameCertMap() throws DocumentException {
        if (this.isPKCS7Valid) {
            return this.sigNameCertMap;
        }
        throw new DocumentException("the sealed pdf is tampered or has not been verified!");
    }

    public boolean isPKCS7Valid() {
        return this.isPKCS7Valid;
    }

    public HashMap<String, X509Cert> getSigNameCertMap(String str) throws DocumentException {
        if (!this.isPKCS7Valid) {
            throw new DocumentException("the sealed pdf is tampered or has not been verified!");
        }
        HashMap<String, X509Cert> hashMap = new HashMap<>();
        ArrayList<String> sigNames = getSigNames(str);
        int size = sigNames.size();
        for (int i = 0; i < size; i++) {
            String str2 = sigNames.get(i);
            hashMap.put(str2, this.sigNameCertMap.get(str2));
        }
        return hashMap;
    }

    public HashMap<String, PdfPKCS7> getSigNamePKCS7Map() throws DocumentException {
        if (this.isPKCS7Valid) {
            return this.sigNamePKCS7Map;
        }
        throw new DocumentException("the sealed pdf is tampered or has not been verified!");
    }

    public HashMap<String, PdfPKCS7> getSigNamePKCS7Map(String str) throws DocumentException {
        if (!this.isPKCS7Valid) {
            throw new DocumentException("the sealed pdf is tampered or has not been verified!");
        }
        HashMap<String, PdfPKCS7> hashMap = new HashMap<>();
        ArrayList<String> sigNames = getSigNames(str);
        int size = sigNames.size();
        for (int i = 0; i < size; i++) {
            String str2 = sigNames.get(i);
            hashMap.put(str2, this.sigNamePKCS7Map.get(str2));
        }
        return hashMap;
    }

    public HashMap<String, List<AcroFields.FieldPosition>> getSignaturePositionMap() throws DocumentException {
        if (this.isPKCS7Valid) {
            return this.signaturePositionMap;
        }
        throw new DocumentException("the sealed pdf is tampered or has not been verified!");
    }

    public ArrayList<String> getSigNames() throws DocumentException {
        if (this.isPKCS7Valid) {
            return this.sigNames;
        }
        throw new DocumentException("the sealed pdf is tampered or has not been verified!");
    }

    public ArrayList<String> getSigNames(String str) throws DocumentException {
        ArrayList<String> arrayList = new ArrayList<>();
        if (!this.isPKCS7Valid) {
            throw new DocumentException("the sealed pdf is tampered or has not been verified!");
        }
        int size = this.sigNames.size();
        for (int i = 0; i < size; i++) {
            String str2 = this.sigNames.get(i);
            if (str2.contains(str)) {
                arrayList.add(str2);
            }
        }
        if (arrayList.isEmpty()) {
            throw new DocumentException("No specific field Signature/Seal found!");
        }
        return arrayList;
    }

    /* JADX WARN: Finally extract failed */
    public boolean verifyPKCS7(PdfReader pdfReader, PreProceedingWithVerifyingPKCS7 preProceedingWithVerifyingPKCS7) throws PKIException, GeneralSecurityException {
        String composedMessage;
        String composedMessage2;
        this.isPKCS7Valid = true;
        AcroFields acroFields = pdfReader.getAcroFields();
        ArrayList<String> signatureNames = acroFields.getSignatureNames();
        int i = 0;
        int size = signatureNames.size();
        if (size == 0) {
            throw new GeneralSecurityException("no signature found in pdf!");
        }
        try {
            this.fileLength = pdfReader.getFileLength();
            PdfDictionary asDict = pdfReader.getCatalog().getAsDict(PdfName.PERMS);
            int intValue = asDict != null ? ((PdfDictionary) PdfReader.getPdfObjectRelease(asDict.getAsIndirectObject(PdfName.DOCMDP))).getAsArray(PdfName.REFERENCE).getAsDict(0).getAsDict(PdfName.TRANSFORMPARAMS).getAsNumber(PdfName.P).intValue() : 0;
            long[] jArr = null;
            if (intValue == 0) {
                long[] replicaXref = pdfReader.getReplicaXref();
                PdfArray pdfArray = (PdfArray) PdfReader.getPdfObjectRelease(pdfReader.getAcroForm().get(PdfName.FIELDS));
                int size2 = pdfArray.size();
                jArr = new long[size2];
                long[] jArr2 = new long[size2];
                int i2 = 0;
                int i3 = 0;
                for (int i4 = 0; i4 < size2; i4++) {
                    PdfIndirectReference asIndirectObject = pdfArray.getAsIndirectObject(i4);
                    PdfDictionary pdfDictionary = (PdfDictionary) PdfReader.getPdfObjectRelease(asIndirectObject);
                    PdfName asName = pdfDictionary.getAsName(PdfName.TYPE);
                    PdfName asName2 = pdfDictionary.getAsName(PdfName.SUBTYPE);
                    PdfName asName3 = pdfDictionary.getAsName(PdfName.FT);
                    if (PdfName.ANNOT.equals(asName) && PdfName.WIDGET.equals(asName2) && (PdfName.TX.equals(asName3) || PdfName.BTN.equals(asName3) || PdfName.CH.equals(asName3))) {
                        int i5 = i2;
                        i2++;
                        jArr[i5] = replicaXref[asIndirectObject.getNumber() * 2];
                    } else if (PdfName.ANNOT.equals(asName) && PdfName.WIDGET.equals(asName2) && PdfName.SIG.equals(asName3)) {
                        int i6 = i3;
                        i3++;
                        jArr2[i6] = replicaXref[asIndirectObject.getNumber() * 2];
                    }
                }
            }
            boolean z = size == 1;
            Iterator<String> it = signatureNames.iterator();
            while (it.hasNext()) {
                String next = it.next();
                i++;
                PdfPKCS7 verifySignature = acroFields.verifySignature(next);
                List<AcroFields.FieldPosition> fieldPositions = acroFields.getFieldPositions(next);
                PdfArray coveredByteRange = acroFields.getCoveredByteRange();
                X509Cert x509Cert = new X509Cert(verifySignature.getSigningCertificate().getEncoded());
                boolean verify = verifySignature.verify();
                PdfX509Certificate pdfX509Certificate = new PdfX509Certificate(x509Cert);
                boolean z2 = verify;
                switch (intValue) {
                    case 0:
                        if (z2) {
                            long longValue = coveredByteRange.getAsNumber(2).longValue() + coveredByteRange.getAsNumber(3).longValue();
                            int length = jArr.length;
                            boolean z3 = false;
                            int i7 = 0;
                            while (true) {
                                if (i7 < length) {
                                    if (longValue < jArr[i7]) {
                                        z3 = true;
                                    } else {
                                        i7++;
                                    }
                                }
                            }
                            if (z3) {
                                z2 = false;
                            }
                        }
                        this.isPKCS7Valid = this.isPKCS7Valid && z2;
                        if (!preProceedingWithVerifyingPKCS7.proceedingWithVerifyingPKCS7(intValue, next, pdfX509Certificate, verifySignature, fieldPositions, coveredByteRange, z2 ? this.fileLength > coveredByteRange.getAsNumber(2).longValue() + coveredByteRange.getAsNumber(3).longValue() ? MessageLocalization.getComposedMessage("Pdf.Document.has.been.changed.since.the.current.document.is.verified.valid.but.that.change.is.accepted.by.verifier", new Object[0]) : MessageLocalization.getComposedMessage("Pdf.Document.has.not.been.changed.since.the.current.document.is.verified.valid", new Object[0]) : MessageLocalization.getComposedMessage("Pdf.Document.has.been.changed.or.damaged.since.the.current.certificate.is.applied", new Object[0]), i, verify, z2)) {
                            boolean z4 = this.isPKCS7Valid;
                            if (null != pdfReader) {
                                pdfReader.close();
                            }
                            return z4;
                        }
                        break;
                        break;
                    case 1:
                        if (z) {
                            if (this.fileLength > coveredByteRange.getAsNumber(2).longValue() + coveredByteRange.getAsNumber(3).longValue()) {
                                z2 = false;
                            }
                            composedMessage2 = z2 ? MessageLocalization.getComposedMessage("Pdf.Document.has.not.been.changed.since.the.current.document.is.verified.valid", new Object[0]) : MessageLocalization.getComposedMessage("Pdf.Document.has.been.changed.or.damaged.since.the.current.certificate.is.applied", new Object[0]);
                        } else if (size > i) {
                            z2 = false;
                            composedMessage2 = MessageLocalization.getComposedMessage("Pdf.Document.has.been.changed.or.damaged.since.the.current.certificate.is.applied", new Object[0]);
                        } else {
                            if (this.fileLength > coveredByteRange.getAsNumber(2).longValue() + coveredByteRange.getAsNumber(3).longValue()) {
                                z2 = false;
                            }
                            composedMessage2 = z2 ? MessageLocalization.getComposedMessage("Pdf.Document.has.not.been.changed.since.the.current.document.is.verified.valid", new Object[0]) : MessageLocalization.getComposedMessage("Pdf.Document.has.been.changed.or.damaged.since.the.current.certificate.is.applied", new Object[0]);
                        }
                        this.isPKCS7Valid = this.isPKCS7Valid && z2;
                        if (!preProceedingWithVerifyingPKCS7.proceedingWithVerifyingPKCS7(intValue, next, pdfX509Certificate, verifySignature, fieldPositions, coveredByteRange, composedMessage2, i, verify, z2)) {
                            boolean z5 = this.isPKCS7Valid;
                            if (null != pdfReader) {
                                pdfReader.close();
                            }
                            return z5;
                        }
                        break;
                        break;
                    case 2:
                    case 3:
                        if (z) {
                            composedMessage = this.fileLength > coveredByteRange.getAsNumber(2).longValue() + coveredByteRange.getAsNumber(3).longValue() ? z2 ? MessageLocalization.getComposedMessage("Pdf.Document.has.been.changed.since.the.current.document.is.verified.valid.but.that.change.is.accepted.by.verifier", new Object[0]) : MessageLocalization.getComposedMessage("Pdf.Document.has.been.changed.or.damaged.since.the.current.certificate.is.applied", new Object[0]) : z2 ? MessageLocalization.getComposedMessage("Pdf.Document.has.not.been.changed.since.the.current.document.is.verified.valid", new Object[0]) : MessageLocalization.getComposedMessage("Pdf.Document.has.been.changed.or.damaged.since.the.current.certificate.is.applied", new Object[0]);
                        } else if (size > i) {
                            z2 = false;
                            composedMessage = MessageLocalization.getComposedMessage("Pdf.Document.has.been.changed.or.damaged.since.the.current.certificate.is.applied", new Object[0]);
                        } else {
                            composedMessage = this.fileLength > coveredByteRange.getAsNumber(2).longValue() + coveredByteRange.getAsNumber(3).longValue() ? z2 ? MessageLocalization.getComposedMessage("Pdf.Document.has.been.changed.since.the.current.document.is.verified.valid.but.that.change.is.accepted.by.verifier", new Object[0]) : MessageLocalization.getComposedMessage("Pdf.Document.has.been.changed.or.damaged.since.the.current.certificate.is.applied", new Object[0]) : z2 ? MessageLocalization.getComposedMessage("Pdf.Document.has.not.been.changed.since.the.current.document.is.verified.valid", new Object[0]) : MessageLocalization.getComposedMessage("Pdf.Document.has.been.changed.or.damaged.since.the.current.certificate.is.applied", new Object[0]);
                        }
                        this.isPKCS7Valid = this.isPKCS7Valid && z2;
                        if (!preProceedingWithVerifyingPKCS7.proceedingWithVerifyingPKCS7(intValue, next, pdfX509Certificate, verifySignature, fieldPositions, coveredByteRange, composedMessage, i, verify, z2)) {
                            boolean z6 = this.isPKCS7Valid;
                            if (null != pdfReader) {
                                pdfReader.close();
                            }
                            return z6;
                        }
                        break;
                        break;
                    default:
                        throw new GeneralSecurityException("Not support certification level: " + intValue);
                }
            }
            if (null != pdfReader) {
                pdfReader.close();
            }
            return this.isPKCS7Valid;
        } catch (Throwable th) {
            if (null != pdfReader) {
                pdfReader.close();
            }
            throw th;
        }
    }

    static {
        Security.addProvider(new BouncyCastleProvider());
    }
}
