package stirling.software.SPDF.controller.api.security;

import ch.qos.logback.core.net.ssl.SSL;
import io.github.pixee.security.Filenames;
import io.swagger.v3.oas.annotations.Operation;
import io.swagger.v3.oas.annotations.tags.Tag;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Security;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.util.Calendar;
import org.apache.pdfbox.Loader;
import org.apache.pdfbox.examples.signature.CreateSignatureBase;
import org.apache.pdfbox.pdmodel.PDDocument;
import org.apache.pdfbox.pdmodel.interactive.digitalsignature.PDSignature;
import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.PEMEncryptedKeyPair;
import org.bouncycastle.openssl.PEMKeyPair;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
import org.bouncycastle.openssl.jcajce.JceOpenSSLPKCS8DecryptorProviderBuilder;
import org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfo;
import org.bouncycastle.pkcs.PKCSException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.ResponseEntity;
import org.springframework.web.bind.annotation.ModelAttribute;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
import org.springframework.web.multipart.MultipartFile;
import stirling.software.SPDF.model.api.security.SignPDFWithCertRequest;
import stirling.software.SPDF.utils.WebResponseUtils;

@RequestMapping({"/api/v1/security"})
@RestController
@Tag(name = "Security", description = "Security APIs")
/* loaded from: input_file:BOOT-INF/classes/stirling/software/SPDF/controller/api/security/CertSignController.class */
public class CertSignController {
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) CertSignController.class);

    /* loaded from: input_file:BOOT-INF/classes/stirling/software/SPDF/controller/api/security/CertSignController$CreateSignature.class */
    class CreateSignature extends CreateSignatureBase {
        public CreateSignature(KeyStore keyStore, char[] cArr) throws KeyStoreException, UnrecoverableKeyException, NoSuchAlgorithmException, IOException, CertificateException {
            super(keyStore, cArr);
        }
    }

    @PostMapping(consumes = {"multipart/form-data"}, value = {"/cert-sign"})
    @Operation(summary = "Sign PDF with a Digital Certificate", description = "This endpoint accepts a PDF file, a digital certificate and related information to sign the PDF. It then returns the digitally signed PDF file. Input:PDF Output:PDF Type:SISO")
    public ResponseEntity<byte[]> signPDFWithCert(@ModelAttribute SignPDFWithCertRequest signPDFWithCertRequest) throws Exception {
        KeyStore keyStore;
        MultipartFile fileInput = signPDFWithCertRequest.getFileInput();
        String certType = signPDFWithCertRequest.getCertType();
        MultipartFile privateKeyFile = signPDFWithCertRequest.getPrivateKeyFile();
        MultipartFile certFile = signPDFWithCertRequest.getCertFile();
        MultipartFile p12File = signPDFWithCertRequest.getP12File();
        MultipartFile jksFile = signPDFWithCertRequest.getJksFile();
        String password = signPDFWithCertRequest.getPassword();
        Boolean.valueOf(signPDFWithCertRequest.isShowSignature());
        String reason = signPDFWithCertRequest.getReason();
        String location = signPDFWithCertRequest.getLocation();
        String name = signPDFWithCertRequest.getName();
        signPDFWithCertRequest.getPageNumber();
        if (certType == null) {
            throw new IllegalArgumentException("Cert type must be provided");
        }
        boolean z = -1;
        switch (certType.hashCode()) {
            case -1933293812:
                if (certType.equals("PKCS12")) {
                    z = true;
                    break;
                }
                break;
            case 73522:
                if (certType.equals(SSL.DEFAULT_KEYSTORE_TYPE)) {
                    z = 2;
                    break;
                }
                break;
            case 79096:
                if (certType.equals("PEM")) {
                    z = false;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                keyStore = KeyStore.getInstance(SSL.DEFAULT_KEYSTORE_TYPE);
                keyStore.load(null);
                keyStore.setKeyEntry("alias", getPrivateKeyFromPEM(privateKeyFile.getBytes(), password), password.toCharArray(), new Certificate[]{getCertificateFromPEM(certFile.getBytes())});
                break;
            case true:
                keyStore = KeyStore.getInstance("PKCS12");
                keyStore.load(p12File.getInputStream(), password.toCharArray());
                break;
            case true:
                keyStore = KeyStore.getInstance(SSL.DEFAULT_KEYSTORE_TYPE);
                keyStore.load(jksFile.getInputStream(), password.toCharArray());
                break;
            default:
                throw new IllegalArgumentException("Invalid cert type: " + certType);
        }
        CreateSignature createSignature = new CreateSignature(keyStore, password.toCharArray());
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        sign(fileInput.getBytes(), byteArrayOutputStream, createSignature, name, location, reason);
        return WebResponseUtils.boasToWebResponse(byteArrayOutputStream, Filenames.toSimpleFileName(fileInput.getOriginalFilename()).replaceFirst("[.][^.]+$", "") + "_signed.pdf");
    }

    private static void sign(byte[] bArr, OutputStream outputStream, CreateSignature createSignature, String str, String str2, String str3) {
        try {
            PDDocument loadPDF = Loader.loadPDF(bArr);
            try {
                PDSignature pDSignature = new PDSignature();
                pDSignature.setFilter(PDSignature.FILTER_ADOBE_PPKLITE);
                pDSignature.setSubFilter(PDSignature.SUBFILTER_ADBE_PKCS7_DETACHED);
                pDSignature.setName(str);
                pDSignature.setLocation(str2);
                pDSignature.setReason(str3);
                pDSignature.setSignDate(Calendar.getInstance());
                loadPDF.addSignature(pDSignature, createSignature);
                loadPDF.saveIncremental(outputStream);
                if (loadPDF != null) {
                    loadPDF.close();
                }
            } finally {
            }
        } catch (Exception e) {
            e.printStackTrace();
        }
    }

    private PrivateKey getPrivateKeyFromPEM(byte[] bArr, String str) throws IOException, OperatorCreationException, PKCSException {
        PrivateKeyInfo privateKeyInfo;
        PEMParser pEMParser = new PEMParser(new InputStreamReader(new ByteArrayInputStream(bArr)));
        try {
            Object readObject = pEMParser.readObject();
            JcaPEMKeyConverter provider = new JcaPEMKeyConverter().setProvider(BouncyCastleProvider.PROVIDER_NAME);
            if (readObject instanceof PKCS8EncryptedPrivateKeyInfo) {
                privateKeyInfo = ((PKCS8EncryptedPrivateKeyInfo) readObject).decryptPrivateKeyInfo(new JceOpenSSLPKCS8DecryptorProviderBuilder().build(str.toCharArray()));
            } else if (readObject instanceof PEMEncryptedKeyPair) {
                privateKeyInfo = ((PEMEncryptedKeyPair) readObject).decryptKeyPair(new JcePEMDecryptorProviderBuilder().build(str.toCharArray())).getPrivateKeyInfo();
            } else {
                privateKeyInfo = ((PEMKeyPair) readObject).getPrivateKeyInfo();
            }
            PrivateKey privateKey = provider.getPrivateKey(privateKeyInfo);
            pEMParser.close();
            return privateKey;
        } catch (Throwable th) {
            try {
                pEMParser.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    private Certificate getCertificateFromPEM(byte[] bArr) throws IOException, CertificateException {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        try {
            Certificate generateCertificate = CertificateFactory.getInstance("X.509").generateCertificate(byteArrayInputStream);
            byteArrayInputStream.close();
            return generateCertificate;
        } catch (Throwable th) {
            try {
                byteArrayInputStream.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    static {
        Security.addProvider(new BouncyCastleProvider());
    }
}
