package com.wangyin.key.server.pdf;

import com.itextpdf.text.pdf.PdfDate;
import com.itextpdf.text.pdf.PdfDeveloperExtension;
import com.itextpdf.text.pdf.PdfDictionary;
import com.itextpdf.text.pdf.PdfName;
import com.itextpdf.text.pdf.PdfSignature;
import com.itextpdf.text.pdf.PdfSignatureAppearance;
import com.itextpdf.text.pdf.PdfString;
import com.itextpdf.text.pdf.security.CrlClient;
import com.itextpdf.text.pdf.security.DigestAlgorithms;
import com.itextpdf.text.pdf.security.ExternalDigest;
import com.itextpdf.text.pdf.security.MakeSignature;
import com.itextpdf.text.pdf.security.OcspClient;
import com.itextpdf.text.pdf.security.PdfPKCS7;
import com.itextpdf.text.pdf.security.TSAClient;
import com.wangyin.key.server.jni.AKSNativeCryptoService;
import com.wangyin.key.server.model.DigestAlgEnum;
import com.wangyin.key.server.util.AKSConstant;
import com.wangyin.key.server.util.ByteUtil;
import com.wangyin.key.server.util.DatatypeConverter;
import java.io.IOException;
import java.security.MessageDigest;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;

/* loaded from: input_file:com/wangyin/key/server/pdf/CAMakeSignature.class */
public class CAMakeSignature {
    public static void signDetached(String str, PdfSignatureAppearance pdfSignatureAppearance, ExternalDigest externalDigest, Certificate[] certificateArr, Collection<CrlClient> collection, OcspClient ocspClient, TSAClient tSAClient, int i, MakeSignature.CryptoStandard cryptoStandard) throws Exception {
        Collection collection2 = null;
        int i2 = 0;
        while (collection2 == null && i2 < certificateArr.length) {
            int i3 = i2;
            i2++;
            collection2 = MakeSignature.processCrl(certificateArr[i3], collection);
        }
        if (i == 0) {
            i = 8192;
            if (collection2 != null) {
                Iterator it = collection2.iterator();
                while (it.hasNext()) {
                    i += ((byte[]) it.next()).length + 10;
                }
            }
            if (ocspClient != null) {
                i += 4192;
            }
            if (tSAClient != null) {
                i += 4192;
            }
        }
        pdfSignatureAppearance.setCertificate(certificateArr[0]);
        if (cryptoStandard == MakeSignature.CryptoStandard.CADES) {
            pdfSignatureAppearance.addDeveloperExtension(PdfDeveloperExtension.ESIC_1_7_EXTENSIONLEVEL2);
        }
        PdfSignature pdfSignature = new PdfSignature(PdfName.ADOBE_PPKLITE, cryptoStandard == MakeSignature.CryptoStandard.CADES ? PdfName.ETSI_CADES_DETACHED : PdfName.ADBE_PKCS7_DETACHED);
        pdfSignature.setReason(pdfSignatureAppearance.getReason());
        pdfSignature.setLocation(pdfSignatureAppearance.getLocation());
        pdfSignature.setSignatureCreator(pdfSignatureAppearance.getSignatureCreator());
        pdfSignature.setContact(pdfSignatureAppearance.getContact());
        pdfSignature.setDate(new PdfDate(pdfSignatureAppearance.getSignDate()));
        pdfSignatureAppearance.setCryptoDictionary(pdfSignature);
        HashMap hashMap = new HashMap();
        hashMap.put(PdfName.CONTENTS, Integer.valueOf((i * 2) + 2));
        pdfSignatureAppearance.preClose(hashMap);
        PdfPKCS7 pdfPKCS7 = new PdfPKCS7((PrivateKey) null, certificateArr, "SHA1", (String) null, externalDigest, false);
        byte[] digest = DigestAlgorithms.digest(pdfSignatureAppearance.getRangeStream(), externalDigest.getMessageDigest("SHA1"));
        byte[] bArr = null;
        if (certificateArr.length >= 2 && ocspClient != null) {
            bArr = ocspClient.getEncoded((X509Certificate) certificateArr[0], (X509Certificate) certificateArr[1], (String) null);
        }
        pdfPKCS7.setExternalDigest(getExtSignature(str, pdfPKCS7.getAuthenticatedAttributeBytes(digest, bArr, collection2, cryptoStandard)), (byte[]) null, certificateArr[0].getPublicKey().getAlgorithm());
        byte[] encodedPKCS7 = pdfPKCS7.getEncodedPKCS7(digest, tSAClient, bArr, collection2, cryptoStandard);
        System.out.println("encodedSig len is " + encodedPKCS7.length + " data is " + DatatypeConverter.printBase64Binary(encodedPKCS7));
        if (i < encodedPKCS7.length) {
            throw new IOException("Not enough space");
        }
        byte[] bArr2 = new byte[i];
        System.arraycopy(encodedPKCS7, 0, bArr2, 0, encodedPKCS7.length);
        PdfDictionary pdfDictionary = new PdfDictionary();
        pdfDictionary.put(PdfName.CONTENTS, new PdfString(bArr2).setHexWriting(true));
        pdfSignatureAppearance.close(pdfDictionary);
    }

    /* JADX WARN: Type inference failed for: r0v6, types: [byte[], byte[][]] */
    private static byte[] getExtSignature(String str, byte[] bArr) throws Exception {
        return AKSNativeCryptoService.privateKeyEncrypt(str, ByteUtil.joinBytes(new byte[]{AKSConstant.HASH_PREFIX_SHA1, MessageDigest.getInstance(DigestAlgEnum.ALG_SHA1.getCode()).digest(bArr)}));
    }
}
