package com.itextpdf.signatures;

import com.itextpdf.bouncycastleconnector.BouncyCastleFactoryCreator;
import com.itextpdf.kernel.crypto.DigestAlgorithms;
import com.itextpdf.kernel.exceptions.PdfException;
import com.itextpdf.kernel.pdf.PdfDictionary;
import com.itextpdf.kernel.pdf.PdfName;
import com.itextpdf.signatures.PdfSigner;
import java.io.IOException;
import java.io.InputStream;
import java.security.GeneralSecurityException;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;

/* loaded from: input_file:com/itextpdf/signatures/PKCS7ExternalSignatureContainer.class */
public class PKCS7ExternalSignatureContainer implements IExternalSignatureContainer {
    private final Certificate[] chain;
    private final PrivateKey privateKey;
    private final String hashAlgorithm;
    private IOcspClient ocspClient;
    private ICrlClient crlClient;
    private ITSAClient tsaClient;
    private PdfSigner.CryptoStandard sigType = PdfSigner.CryptoStandard.CMS;
    private SignaturePolicyInfo signaturePolicy;

    public PKCS7ExternalSignatureContainer(PrivateKey privateKey, Certificate[] certificateArr, String str) {
        this.hashAlgorithm = str;
        this.chain = certificateArr;
        this.privateKey = privateKey;
    }

    @Override // com.itextpdf.signatures.IExternalSignatureContainer
    public byte[] sign(InputStream inputStream) throws GeneralSecurityException {
        PdfPKCS7 pdfPKCS7 = new PdfPKCS7((PrivateKey) null, this.chain, this.hashAlgorithm, null, new BouncyCastleDigest(), false);
        if (this.signaturePolicy != null) {
            pdfPKCS7.setSignaturePolicy(this.signaturePolicy);
        }
        try {
            byte[] digest = DigestAlgorithms.digest(inputStream, SignUtils.getMessageDigest(this.hashAlgorithm));
            Collection<byte[]> collection = null;
            int i = 0;
            while (this.crlClient != null && collection == null && i < this.chain.length) {
                int i2 = i;
                i++;
                collection = this.crlClient.getEncoded((X509Certificate) this.chain[i2], null);
            }
            ArrayList arrayList = new ArrayList();
            if (this.chain.length > 1 && this.ocspClient != null) {
                for (int i3 = 0; i3 < this.chain.length - 1; i3++) {
                    byte[] encoded = this.ocspClient.getEncoded((X509Certificate) this.chain[i3], (X509Certificate) this.chain[i3 + 1], null);
                    if (encoded != null && BouncyCastleFactoryCreator.getFactory().createCertificateStatus().getGood().equals(OcspClientBouncyCastle.getCertificateStatus(encoded))) {
                        arrayList.add(encoded);
                    }
                }
            }
            byte[] authenticatedAttributeBytes = pdfPKCS7.getAuthenticatedAttributeBytes(digest, this.sigType, arrayList, collection);
            PrivateKeySignature privateKeySignature = new PrivateKeySignature(this.privateKey, this.hashAlgorithm, BouncyCastleFactoryCreator.getFactory().getProviderName());
            pdfPKCS7.setExternalSignatureValue(privateKeySignature.sign(authenticatedAttributeBytes), null, privateKeySignature.getSignatureAlgorithmName(), privateKeySignature.getSignatureMechanismParameters());
            return pdfPKCS7.getEncodedPKCS7(digest, this.sigType, this.tsaClient, arrayList, collection);
        } catch (IOException e) {
            throw new PdfException(e);
        }
    }

    @Override // com.itextpdf.signatures.IExternalSignatureContainer
    public void modifySigningDictionary(PdfDictionary pdfDictionary) {
        pdfDictionary.put(PdfName.Filter, PdfName.Adobe_PPKLite);
        pdfDictionary.put(PdfName.SubFilter, this.sigType == PdfSigner.CryptoStandard.CADES ? PdfName.ETSI_CAdES_DETACHED : PdfName.Adbe_pkcs7_detached);
    }

    public void setOcspClient(IOcspClient iOcspClient) {
        this.ocspClient = iOcspClient;
    }

    public void setCrlClient(ICrlClient iCrlClient) {
        this.crlClient = iCrlClient;
    }

    public void setTsaClient(ITSAClient iTSAClient) {
        this.tsaClient = iTSAClient;
    }

    public void setSignaturePolicy(SignaturePolicyInfo signaturePolicyInfo) {
        this.signaturePolicy = signaturePolicyInfo;
    }

    public void setSignatureType(PdfSigner.CryptoStandard cryptoStandard) {
        this.sigType = cryptoStandard;
    }
}
