package stirling.software.SPDF.controller.api.security;

import ch.qos.logback.core.net.ssl.SSL;
import io.github.pixee.security.Filenames;
import io.micrometer.common.util.StringUtils;
import io.swagger.v3.oas.annotations.Operation;
import io.swagger.v3.oas.annotations.tags.Tag;
import java.awt.Color;
import java.beans.PropertyEditorSupport;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.nio.file.Files;
import java.nio.file.attribute.FileAttribute;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Security;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Calendar;
import java.util.List;
import lombok.Generated;
import org.apache.commons.io.FileUtils;
import org.apache.pdfbox.examples.signature.CreateSignatureBase;
import org.apache.pdfbox.pdmodel.PDDocument;
import org.apache.pdfbox.pdmodel.PDPage;
import org.apache.pdfbox.pdmodel.PDPageContentStream;
import org.apache.pdfbox.pdmodel.PDResources;
import org.apache.pdfbox.pdmodel.common.PDRectangle;
import org.apache.pdfbox.pdmodel.common.PDStream;
import org.apache.pdfbox.pdmodel.font.PDType1Font;
import org.apache.pdfbox.pdmodel.font.Standard14Fonts;
import org.apache.pdfbox.pdmodel.graphics.blend.BlendMode;
import org.apache.pdfbox.pdmodel.graphics.form.PDFormXObject;
import org.apache.pdfbox.pdmodel.graphics.image.PDImageXObject;
import org.apache.pdfbox.pdmodel.graphics.state.PDExtendedGraphicsState;
import org.apache.pdfbox.pdmodel.interactive.annotation.PDAnnotationWidget;
import org.apache.pdfbox.pdmodel.interactive.annotation.PDAppearanceDictionary;
import org.apache.pdfbox.pdmodel.interactive.annotation.PDAppearanceStream;
import org.apache.pdfbox.pdmodel.interactive.digitalsignature.PDSignature;
import org.apache.pdfbox.pdmodel.interactive.digitalsignature.SignatureOptions;
import org.apache.pdfbox.pdmodel.interactive.form.PDAcroForm;
import org.apache.pdfbox.pdmodel.interactive.form.PDField;
import org.apache.pdfbox.pdmodel.interactive.form.PDSignatureField;
import org.apache.pdfbox.printing.PDFPrintable;
import org.apache.pdfbox.util.Matrix;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x500.style.BCStyle;
import org.bouncycastle.asn1.x500.style.IETFUtils;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.PEMEncryptedKeyPair;
import org.bouncycastle.openssl.PEMKeyPair;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
import org.bouncycastle.openssl.jcajce.JceOpenSSLPKCS8DecryptorProviderBuilder;
import org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfo;
import org.bouncycastle.pkcs.PKCSException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.core.io.ClassPathResource;
import org.springframework.http.ResponseEntity;
import org.springframework.web.bind.WebDataBinder;
import org.springframework.web.bind.annotation.InitBinder;
import org.springframework.web.bind.annotation.ModelAttribute;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
import org.springframework.web.multipart.MultipartFile;
import stirling.software.SPDF.model.api.security.SignPDFWithCertRequest;
import stirling.software.common.service.CustomPDFDocumentFactory;
import stirling.software.common.util.ExceptionUtils;
import stirling.software.common.util.WebResponseUtils;

@RequestMapping({"/api/v1/security"})
@RestController
@Tag(name = "Security", description = "Security APIs")
/* loaded from: input_file:BOOT-INF/classes/stirling/software/SPDF/controller/api/security/CertSignController.class */
public class CertSignController {

    @Generated
    private static final Logger log = LoggerFactory.getLogger((Class<?>) CertSignController.class);
    private final CustomPDFDocumentFactory pdfDocumentFactory;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:BOOT-INF/classes/stirling/software/SPDF/controller/api/security/CertSignController$CreateSignature.class */
    public class CreateSignature extends CreateSignatureBase {
        File logoFile;

        public CreateSignature(KeyStore keyStore, char[] cArr) throws KeyStoreException, UnrecoverableKeyException, NoSuchAlgorithmException, IOException, CertificateException {
            super(keyStore, cArr);
            try {
                InputStream inputStream = new ClassPathResource("static/images/signature.png").getInputStream();
                try {
                    this.logoFile = Files.createTempFile("signature", ".png", new FileAttribute[0]).toFile();
                    FileUtils.copyInputStreamToFile(inputStream, this.logoFile);
                    if (inputStream != null) {
                        inputStream.close();
                    }
                } finally {
                }
            } catch (IOException e) {
                CertSignController.log.error("Failed to load image signature file");
                throw e;
            }
        }

        public InputStream createVisibleSignature(PDDocument pDDocument, PDSignature pDSignature, Integer num, Boolean bool) throws IOException {
            PDDocument pDDocument2 = new PDDocument();
            try {
                pDDocument2.addPage(new PDPage(pDDocument.getPage(num.intValue()).getMediaBox()));
                PDAcroForm pDAcroForm = new PDAcroForm(pDDocument2);
                pDDocument2.getDocumentCatalog().setAcroForm(pDAcroForm);
                PDSignatureField pDSignatureField = new PDSignatureField(pDAcroForm);
                PDAnnotationWidget pDAnnotationWidget = pDSignatureField.getWidgets().get(0);
                List<PDField> fields = pDAcroForm.getFields();
                pDAcroForm.setSignaturesExist(true);
                pDAcroForm.setAppendOnly(true);
                pDAcroForm.getCOSObject().setDirect(true);
                fields.add(pDSignatureField);
                PDRectangle pDRectangle = new PDRectangle(PDFPrintable.RASTERIZE_OFF, PDFPrintable.RASTERIZE_OFF, 200.0f, 50.0f);
                pDAnnotationWidget.setRectangle(pDRectangle);
                PDFormXObject pDFormXObject = new PDFormXObject(new PDStream(pDDocument2));
                pDFormXObject.setResources(new PDResources());
                pDFormXObject.setFormType(1);
                PDRectangle pDRectangle2 = new PDRectangle(pDRectangle.getWidth(), pDRectangle.getHeight());
                float height = pDRectangle2.getHeight();
                pDFormXObject.setBBox(pDRectangle2);
                PDType1Font pDType1Font = new PDType1Font(Standard14Fonts.FontName.TIMES_BOLD);
                PDAppearanceDictionary pDAppearanceDictionary = new PDAppearanceDictionary();
                pDAppearanceDictionary.getCOSObject().setDirect(true);
                PDAppearanceStream pDAppearanceStream = new PDAppearanceStream(pDFormXObject.getCOSObject());
                pDAppearanceDictionary.setNormalAppearance(pDAppearanceStream);
                pDAnnotationWidget.setAppearance(pDAppearanceDictionary);
                PDPageContentStream pDPageContentStream = new PDPageContentStream(pDDocument2, pDAppearanceStream);
                try {
                    if (Boolean.TRUE.equals(bool)) {
                        pDPageContentStream.saveGraphicsState();
                        PDExtendedGraphicsState pDExtendedGraphicsState = new PDExtendedGraphicsState();
                        pDExtendedGraphicsState.setBlendMode(BlendMode.MULTIPLY);
                        pDExtendedGraphicsState.setNonStrokingAlphaConstant(Float.valueOf(0.5f));
                        pDPageContentStream.setGraphicsStateParameters(pDExtendedGraphicsState);
                        pDPageContentStream.transform(Matrix.getScaleInstance(0.08f, 0.08f));
                        pDPageContentStream.drawImage(PDImageXObject.createFromFileByExtension(this.logoFile, pDDocument2), 100.0f, PDFPrintable.RASTERIZE_OFF);
                        pDPageContentStream.restoreGraphicsState();
                    }
                    float f = 10.0f * 1.5f;
                    pDPageContentStream.beginText();
                    pDPageContentStream.setFont(pDType1Font, 10.0f);
                    pDPageContentStream.setNonStrokingColor(Color.black);
                    pDPageContentStream.newLineAtOffset(10.0f, height - f);
                    pDPageContentStream.setLeading(f);
                    String valueToString = IETFUtils.valueToString(new X500Name(((X509Certificate) getCertificateChain()[0]).getSubjectX500Principal().getName()).getRDNs(BCStyle.CN)[0].getFirst().getValue());
                    String date = pDSignature.getSignDate().getTime().toString();
                    String reason = pDSignature.getReason();
                    pDPageContentStream.showText("Signed by " + valueToString);
                    pDPageContentStream.newLine();
                    pDPageContentStream.showText(date);
                    pDPageContentStream.newLine();
                    pDPageContentStream.showText(reason);
                    pDPageContentStream.endText();
                    pDPageContentStream.close();
                    ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                    pDDocument2.save(byteArrayOutputStream);
                    ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(byteArrayOutputStream.toByteArray());
                    pDDocument2.close();
                    return byteArrayInputStream;
                } finally {
                }
            } catch (Throwable th) {
                try {
                    pDDocument2.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
                throw th;
            }
        }
    }

    @InitBinder
    public void initBinder(WebDataBinder webDataBinder) {
        webDataBinder.registerCustomEditor(MultipartFile.class, new PropertyEditorSupport() { // from class: stirling.software.SPDF.controller.api.security.CertSignController.1
            public void setAsText(String str) throws IllegalArgumentException {
                setValue(null);
            }
        });
    }

    private static void sign(CustomPDFDocumentFactory customPDFDocumentFactory, MultipartFile multipartFile, OutputStream outputStream, CreateSignature createSignature, Boolean bool, Integer num, String str, String str2, String str3, Boolean bool2) {
        try {
            PDDocument load = customPDFDocumentFactory.load(multipartFile);
            try {
                PDSignature pDSignature = new PDSignature();
                pDSignature.setFilter(PDSignature.FILTER_ADOBE_PPKLITE);
                pDSignature.setSubFilter(PDSignature.SUBFILTER_ADBE_PKCS7_DETACHED);
                pDSignature.setName(str);
                pDSignature.setLocation(str2);
                pDSignature.setReason(str3);
                pDSignature.setSignDate(Calendar.getInstance());
                if (Boolean.TRUE.equals(bool)) {
                    SignatureOptions signatureOptions = new SignatureOptions();
                    signatureOptions.setVisualSignature(createSignature.createVisibleSignature(load, pDSignature, num, bool2));
                    signatureOptions.setPage(num.intValue());
                    load.addSignature(pDSignature, createSignature, signatureOptions);
                } else {
                    load.addSignature(pDSignature, createSignature);
                }
                load.saveIncremental(outputStream);
                if (load != null) {
                    load.close();
                }
            } finally {
            }
        } catch (Exception e) {
            ExceptionUtils.logException("PDF signing", e);
        }
    }

    @PostMapping(consumes = {"multipart/form-data", "application/x-www-form-urlencoded"}, value = {"/cert-sign"})
    @Operation(summary = "Sign PDF with a Digital Certificate", description = "This endpoint accepts a PDF file, a digital certificate and related information to sign the PDF. It then returns the digitally signed PDF file. Input:PDF Output:PDF Type:SISO")
    public ResponseEntity<byte[]> signPDFWithCert(@ModelAttribute SignPDFWithCertRequest signPDFWithCertRequest) throws Exception {
        KeyStore keyStore;
        MultipartFile fileInput = signPDFWithCertRequest.getFileInput();
        String certType = signPDFWithCertRequest.getCertType();
        MultipartFile privateKeyFile = signPDFWithCertRequest.getPrivateKeyFile();
        MultipartFile certFile = signPDFWithCertRequest.getCertFile();
        MultipartFile p12File = signPDFWithCertRequest.getP12File();
        MultipartFile jksFile = signPDFWithCertRequest.getJksFile();
        String password = signPDFWithCertRequest.getPassword();
        Boolean showSignature = signPDFWithCertRequest.getShowSignature();
        String reason = signPDFWithCertRequest.getReason();
        String location = signPDFWithCertRequest.getLocation();
        String name = signPDFWithCertRequest.getName();
        Integer valueOf = signPDFWithCertRequest.getPageNumber() != null ? Integer.valueOf(signPDFWithCertRequest.getPageNumber().intValue() - 1) : null;
        Boolean showLogo = signPDFWithCertRequest.getShowLogo();
        if (StringUtils.isBlank(certType)) {
            throw ExceptionUtils.createIllegalArgumentException("error.optionsNotSpecified", "{0} options are not specified", "certificate type");
        }
        boolean z = -1;
        switch (certType.hashCode()) {
            case -1933293812:
                if (certType.equals("PKCS12")) {
                    z = true;
                    break;
                }
                break;
            case 73522:
                if (certType.equals(SSL.DEFAULT_KEYSTORE_TYPE)) {
                    z = 2;
                    break;
                }
                break;
            case 79096:
                if (certType.equals("PEM")) {
                    z = false;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                keyStore = KeyStore.getInstance(SSL.DEFAULT_KEYSTORE_TYPE);
                keyStore.load(null);
                keyStore.setKeyEntry("alias", getPrivateKeyFromPEM(privateKeyFile.getBytes(), password), password.toCharArray(), new Certificate[]{getCertificateFromPEM(certFile.getBytes())});
                break;
            case true:
                keyStore = KeyStore.getInstance("PKCS12");
                keyStore.load(p12File.getInputStream(), password.toCharArray());
                break;
            case true:
                keyStore = KeyStore.getInstance(SSL.DEFAULT_KEYSTORE_TYPE);
                keyStore.load(jksFile.getInputStream(), password.toCharArray());
                break;
            default:
                throw ExceptionUtils.createIllegalArgumentException("error.invalidArgument", "Invalid argument: {0}", "certificate type: " + certType);
        }
        CreateSignature createSignature = new CreateSignature(keyStore, password.toCharArray());
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        sign(this.pdfDocumentFactory, fileInput, byteArrayOutputStream, createSignature, showSignature, valueOf, name, location, reason, showLogo);
        return WebResponseUtils.baosToWebResponse(byteArrayOutputStream, Filenames.toSimpleFileName(fileInput.getOriginalFilename()).replaceFirst("[.][^.]+$", "") + "_signed.pdf");
    }

    private PrivateKey getPrivateKeyFromPEM(byte[] bArr, String str) throws IOException, OperatorCreationException, PKCSException {
        PEMParser pEMParser = new PEMParser(new InputStreamReader(new ByteArrayInputStream(bArr)));
        try {
            Object readObject = pEMParser.readObject();
            PrivateKey privateKey = new JcaPEMKeyConverter().setProvider(BouncyCastleProvider.PROVIDER_NAME).getPrivateKey(readObject instanceof PKCS8EncryptedPrivateKeyInfo ? ((PKCS8EncryptedPrivateKeyInfo) readObject).decryptPrivateKeyInfo(new JceOpenSSLPKCS8DecryptorProviderBuilder().build(str.toCharArray())) : readObject instanceof PEMEncryptedKeyPair ? ((PEMEncryptedKeyPair) readObject).decryptKeyPair(new JcePEMDecryptorProviderBuilder().build(str.toCharArray())).getPrivateKeyInfo() : ((PEMKeyPair) readObject).getPrivateKeyInfo());
            pEMParser.close();
            return privateKey;
        } catch (Throwable th) {
            try {
                pEMParser.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    private Certificate getCertificateFromPEM(byte[] bArr) throws IOException, CertificateException {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        try {
            Certificate generateCertificate = CertificateFactory.getInstance("X.509").generateCertificate(byteArrayInputStream);
            byteArrayInputStream.close();
            return generateCertificate;
        } catch (Throwable th) {
            try {
                byteArrayInputStream.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    @Generated
    public CertSignController(CustomPDFDocumentFactory customPDFDocumentFactory) {
        this.pdfDocumentFactory = customPDFDocumentFactory;
    }

    static {
        Security.addProvider(new BouncyCastleProvider());
    }
}
