package org.apache.pdfbox.examples.signature;

import java.io.IOException;
import java.io.InputStream;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Enumeration;
import org.apache.pdfbox.pdmodel.interactive.digitalsignature.SignatureInterface;
import org.bouncycastle.cert.jcajce.JcaCertStore;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.cms.CMSSignedDataGenerator;
import org.bouncycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;

/* loaded from: input_file:org/apache/pdfbox/examples/signature/CreateSignatureBase.class */
public abstract class CreateSignatureBase implements SignatureInterface {
    private PrivateKey privateKey;
    private Certificate[] certificateChain;
    private String tsaUrl;
    private boolean externalSigning;

    public CreateSignatureBase(KeyStore keyStore, char[] cArr) throws KeyStoreException, UnrecoverableKeyException, NoSuchAlgorithmException, IOException, CertificateException {
        Enumeration<String> aliases = keyStore.aliases();
        Certificate certificate = null;
        while (certificate == null && aliases.hasMoreElements()) {
            String nextElement = aliases.nextElement();
            setPrivateKey((PrivateKey) keyStore.getKey(nextElement, cArr));
            Certificate[] certificateChain = keyStore.getCertificateChain(nextElement);
            if (certificateChain != null) {
                setCertificateChain(certificateChain);
                certificate = certificateChain[0];
                if (certificate instanceof X509Certificate) {
                    ((X509Certificate) certificate).checkValidity();
                    SigUtils.checkCertificateUsage((X509Certificate) certificate);
                }
            }
        }
        if (certificate == null) {
            throw new IOException("Could not find certificate");
        }
    }

    public final void setPrivateKey(PrivateKey privateKey) {
        this.privateKey = privateKey;
    }

    public final void setCertificateChain(Certificate[] certificateArr) {
        this.certificateChain = certificateArr;
    }

    public Certificate[] getCertificateChain() {
        return this.certificateChain;
    }

    public void setTsaUrl(String str) {
        this.tsaUrl = str;
    }

    public byte[] sign(InputStream inputStream) throws IOException {
        try {
            CMSSignedDataGenerator cMSSignedDataGenerator = new CMSSignedDataGenerator();
            X509Certificate x509Certificate = (X509Certificate) this.certificateChain[0];
            cMSSignedDataGenerator.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().build()).build(new JcaContentSignerBuilder(x509Certificate.getSigAlgName()).build(this.privateKey), x509Certificate));
            cMSSignedDataGenerator.addCertificates(new JcaCertStore(Arrays.asList(this.certificateChain)));
            CMSSignedData generate = cMSSignedDataGenerator.generate(new CMSProcessableInputStream(inputStream), false);
            if (this.tsaUrl != null && this.tsaUrl.length() > 0) {
                generate = new ValidationTimeStamp(this.tsaUrl).addSignedTimeStamp(generate);
            }
            return generate.getEncoded();
        } catch (OperatorCreationException e) {
            throw new IOException((Throwable) e);
        } catch (GeneralSecurityException e2) {
            throw new IOException(e2);
        } catch (CMSException e3) {
            throw new IOException((Throwable) e3);
        }
    }

    public void setExternalSigning(boolean z) {
        this.externalSigning = z;
    }

    public boolean isExternalSigning() {
        return this.externalSigning;
    }
}
