package org.apache.pdfbox.examples.signature.validation;

import java.io.File;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.cert.CRLException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.pdfbox.cos.COSArray;
import org.apache.pdfbox.cos.COSBase;
import org.apache.pdfbox.cos.COSDictionary;
import org.apache.pdfbox.cos.COSInteger;
import org.apache.pdfbox.cos.COSName;
import org.apache.pdfbox.cos.COSStream;
import org.apache.pdfbox.cos.COSUpdateInfo;
import org.apache.pdfbox.examples.signature.validation.CertInformationCollector;
import org.apache.pdfbox.pdmodel.PDDocument;
import org.apache.pdfbox.pdmodel.PDDocumentCatalog;
import org.bouncycastle.cert.ocsp.BasicOCSPResp;
import org.bouncycastle.cert.ocsp.OCSPException;
import org.bouncycastle.cert.ocsp.OCSPResp;

/* loaded from: input_file:org/apache/pdfbox/examples/signature/validation/AddValidationInformation.class */
public class AddValidationInformation {
    private static final Log LOG = LogFactory.getLog(AddValidationInformation.class);
    private CertInformationCollector certInformationHelper;
    private COSArray correspondingOCSPs;
    private COSArray correspondingCRLs;
    private COSDictionary vriBase;
    private COSArray ocsps;
    private COSArray crls;
    private COSArray certs;
    private PDDocument document;
    private final Set<BigInteger> foundRevocationInformation = new HashSet();

    public void validateSignature(File file, File file2) throws IOException {
        if (file == null || !file.exists()) {
            throw new FileNotFoundException("Document for signing does not exist");
        }
        PDDocument load = PDDocument.load(file);
        FileOutputStream fileOutputStream = new FileOutputStream(file2);
        this.document = load;
        doValidation(file.getAbsolutePath(), fileOutputStream);
        fileOutputStream.close();
        load.close();
    }

    private void doValidation(String str, OutputStream outputStream) throws IOException {
        this.certInformationHelper = new CertInformationCollector();
        try {
            CertInformationCollector.CertSignatureInformation lastCertInfo = this.certInformationHelper.getLastCertInfo(this.document, str);
            if (lastCertInfo == null) {
                throw new IOException("No Certificate information or signature found in the given document");
            }
            PDDocumentCatalog documentCatalog = this.document.getDocumentCatalog();
            COSDictionary cOSObject = documentCatalog.getCOSObject();
            cOSObject.setNeedToBeUpdated(true);
            COSDictionary orCreateDictionaryEntry = getOrCreateDictionaryEntry(COSDictionary.class, cOSObject, "DSS");
            addExtensions(documentCatalog);
            this.vriBase = getOrCreateDictionaryEntry(COSDictionary.class, orCreateDictionaryEntry, "VRI");
            this.ocsps = getOrCreateDictionaryEntry(COSArray.class, orCreateDictionaryEntry, "OCSPs");
            this.crls = getOrCreateDictionaryEntry(COSArray.class, orCreateDictionaryEntry, "CRLs");
            this.certs = getOrCreateDictionaryEntry(COSArray.class, orCreateDictionaryEntry, "Certs");
            addRevocationData(lastCertInfo);
            addAllCertsToCertArray();
            this.document.saveIncremental(outputStream);
        } catch (CertificateProccessingException e) {
            throw new IOException("An Error occurred processing the Signature", e);
        }
    }

    private static <T extends COSBase & COSUpdateInfo> T getOrCreateDictionaryEntry(Class<T> cls, COSDictionary cOSDictionary, String str) throws IOException {
        T newInstance;
        COSBase dictionaryObject = cOSDictionary.getDictionaryObject(str);
        if (dictionaryObject != null && cls.isInstance(dictionaryObject)) {
            newInstance = cls.cast(dictionaryObject);
            newInstance.setNeedToBeUpdated(true);
        } else {
            if (dictionaryObject != null) {
                throw new IOException("Element " + str + " from dictionary is not of type " + cls.getCanonicalName());
            }
            try {
                newInstance = cls.newInstance();
                newInstance.setDirect(false);
                cOSDictionary.setItem(COSName.getPDFName(str), newInstance);
            } catch (IllegalAccessException e) {
                LOG.error("Failed to create new instance of " + cls.getCanonicalName(), e);
                return null;
            } catch (InstantiationException e2) {
                LOG.error("Failed to create new instance of " + cls.getCanonicalName(), e2);
                return null;
            }
        }
        return newInstance;
    }

    private void addRevocationData(CertInformationCollector.CertSignatureInformation certSignatureInformation) throws IOException {
        COSDictionary cOSDictionary = new COSDictionary();
        this.vriBase.setItem(COSName.getPDFName(certSignatureInformation.getSignatureHash()), cOSDictionary);
        this.correspondingOCSPs = new COSArray();
        this.correspondingCRLs = new COSArray();
        addRevocationDataRecursive(certSignatureInformation);
        if (this.correspondingOCSPs.size() > 0) {
            cOSDictionary.setItem(COSName.getPDFName("OCSP"), this.correspondingOCSPs);
        }
        if (this.correspondingCRLs.size() > 0) {
            cOSDictionary.setItem(COSName.getPDFName("CRL"), this.correspondingCRLs);
        }
        if (certSignatureInformation.getTsaCerts() != null) {
            this.correspondingOCSPs = null;
            this.correspondingCRLs = null;
            addRevocationDataRecursive(certSignatureInformation.getTsaCerts());
        }
    }

    private void addRevocationDataRecursive(CertInformationCollector.CertSignatureInformation certSignatureInformation) throws IOException {
        if (certSignatureInformation.isSelfSigned()) {
            return;
        }
        boolean contains = this.foundRevocationInformation.contains(certSignatureInformation.getCertificate().getSerialNumber());
        if (!contains) {
            if (certSignatureInformation.getOcspUrl() != null && certSignatureInformation.getIssuerCertificate() != null) {
                contains = fetchOcspData(certSignatureInformation);
            }
            if (!contains && certSignatureInformation.getCrlUrl() != null) {
                fetchCrlData(certSignatureInformation);
                contains = true;
            }
            if (!contains) {
                throw new IOException("Could not fetch Revocation Info for Cert: " + certSignatureInformation.getCertificate().getSubjectDN());
            }
        }
        if (certSignatureInformation.getAlternativeCertChain() != null) {
            addRevocationDataRecursive(certSignatureInformation.getAlternativeCertChain());
        }
        if (certSignatureInformation.getCertChain() == null || certSignatureInformation.getCertChain().getCertificate() == null) {
            return;
        }
        addRevocationDataRecursive(certSignatureInformation.getCertChain());
    }

    private boolean fetchOcspData(CertInformationCollector.CertSignatureInformation certSignatureInformation) throws IOException {
        try {
            addOcspData(certSignatureInformation);
            return true;
        } catch (IOException e) {
            LOG.warn("Failed fetching Ocsp", e);
            return false;
        } catch (CertificateProccessingException e2) {
            LOG.warn("Failed fetching Ocsp", e2);
            return false;
        } catch (OCSPException e3) {
            LOG.warn("Failed fetching Ocsp", e3);
            return false;
        } catch (RevokedCertificateException e4) {
            throw new IOException(e4);
        }
    }

    private void fetchCrlData(CertInformationCollector.CertSignatureInformation certSignatureInformation) throws IOException {
        try {
            addCrlRevocationInfo(certSignatureInformation);
        } catch (IOException e) {
            LOG.warn("Failed fetching CRL", e);
            throw new IOException(e);
        } catch (CRLException e2) {
            LOG.warn("Failed fetching CRL", e2);
            throw new IOException(e2);
        } catch (RevokedCertificateException e3) {
            LOG.warn("Failed fetching CRL", e3);
            throw new IOException(e3);
        }
    }

    private void addOcspData(CertInformationCollector.CertSignatureInformation certSignatureInformation) throws IOException, OCSPException, CertificateProccessingException, RevokedCertificateException {
        OCSPResp responseOcsp = new OcspHelper(certSignatureInformation.getCertificate(), certSignatureInformation.getIssuerCertificate(), certSignatureInformation.getOcspUrl()).getResponseOcsp();
        this.certInformationHelper.addAllCertsFromHolders(((BasicOCSPResp) responseOcsp.getResponseObject()).getCerts());
        COSStream writeDataToStream = writeDataToStream(responseOcsp.getEncoded());
        this.ocsps.add(writeDataToStream);
        if (this.correspondingOCSPs != null) {
            this.correspondingOCSPs.add(writeDataToStream);
        }
        this.foundRevocationInformation.add(certSignatureInformation.getCertificate().getSerialNumber());
    }

    private void addCrlRevocationInfo(CertInformationCollector.CertSignatureInformation certSignatureInformation) throws CRLException, IOException, RevokedCertificateException {
        COSStream writeDataToStream = writeDataToStream(CrlHelper.performCrlRequestAndCheck(certSignatureInformation.getCrlUrl(), certSignatureInformation.getCertificate()));
        this.crls.add(writeDataToStream);
        if (this.correspondingCRLs != null) {
            this.correspondingCRLs.add(writeDataToStream);
        }
        this.foundRevocationInformation.add(certSignatureInformation.getCertificate().getSerialNumber());
    }

    private void addAllCertsToCertArray() throws IOException {
        try {
            Iterator<X509Certificate> it = this.certInformationHelper.getCertificateStore().values().iterator();
            while (it.hasNext()) {
                this.certs.add(writeDataToStream(it.next().getEncoded()));
            }
        } catch (CertificateEncodingException e) {
            throw new IOException(e);
        }
    }

    private COSStream writeDataToStream(byte[] bArr) throws IOException {
        COSStream createCOSStream = this.document.getDocument().createCOSStream();
        COSArray cOSArray = new COSArray();
        cOSArray.add(COSName.FLATE_DECODE);
        OutputStream createOutputStream = createCOSStream.createOutputStream(cOSArray);
        createOutputStream.write(bArr);
        createOutputStream.close();
        return createCOSStream;
    }

    private void addExtensions(PDDocumentCatalog pDDocumentCatalog) {
        COSDictionary cOSDictionary = new COSDictionary();
        cOSDictionary.setDirect(true);
        pDDocumentCatalog.getCOSObject().setItem(COSName.getPDFName("Extensions"), cOSDictionary);
        COSDictionary cOSDictionary2 = new COSDictionary();
        cOSDictionary2.setDirect(true);
        cOSDictionary.setItem(COSName.getPDFName("ADBE"), cOSDictionary2);
        cOSDictionary2.setItem(COSName.getPDFName("BaseVersion"), COSName.getPDFName("1.7"));
        cOSDictionary2.setItem(COSName.getPDFName("ExtensionLevel"), COSInteger.get(5L));
        pDDocumentCatalog.getCOSObject().setItem(COSName.getPDFName("Version"), COSName.getPDFName("1.7"));
    }

    public static void main(String[] strArr) throws IOException, GeneralSecurityException {
        if (strArr.length != 1) {
            usage();
            System.exit(1);
        }
        AddValidationInformation addValidationInformation = new AddValidationInformation();
        File file = new File(strArr[0]);
        String name = file.getName();
        addValidationInformation.validateSignature(file, new File(file.getParent(), name.substring(0, name.lastIndexOf(46)) + "_ocsp.pdf"));
    }

    private static void usage() {
        System.err.println("usage: java " + AddValidationInformation.class.getName() + " <pdf_to_add_ocsp>\n");
    }
}
