package stirling.software.SPDF.controller.api.security;

import io.swagger.v3.oas.annotations.Operation;
import io.swagger.v3.oas.annotations.tags.Tag;
import java.beans.PropertyEditorSupport;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPublicKey;
import java.util.ArrayList;
import java.util.Date;
import java.util.List;
import lombok.Generated;
import org.apache.pdfbox.pdmodel.PDDocument;
import org.apache.pdfbox.pdmodel.interactive.digitalsignature.PDSignature;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cms.CMSProcessableByteArray;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.cms.SignerInformation;
import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder;
import org.bouncycastle.util.Store;
import org.springframework.http.ResponseEntity;
import org.springframework.web.bind.WebDataBinder;
import org.springframework.web.bind.annotation.InitBinder;
import org.springframework.web.bind.annotation.ModelAttribute;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
import org.springframework.web.multipart.MultipartFile;
import stirling.software.SPDF.model.api.security.SignatureValidationRequest;
import stirling.software.SPDF.model.api.security.SignatureValidationResult;
import stirling.software.SPDF.service.CertificateValidationService;
import stirling.software.common.service.CustomPDFDocumentFactory;
import stirling.software.common.util.ExceptionUtils;

@RequestMapping({"/api/v1/security"})
@RestController
@Tag(name = "Security", description = "Security APIs")
/* loaded from: input_file:BOOT-INF/classes/stirling/software/SPDF/controller/api/security/ValidateSignatureController.class */
public class ValidateSignatureController {
    private final CustomPDFDocumentFactory pdfDocumentFactory;
    private final CertificateValidationService certValidationService;

    @InitBinder
    public void initBinder(WebDataBinder webDataBinder) {
        webDataBinder.registerCustomEditor(MultipartFile.class, new PropertyEditorSupport() { // from class: stirling.software.SPDF.controller.api.security.ValidateSignatureController.1
            public void setAsText(String str) throws IllegalArgumentException {
                setValue(null);
            }
        });
    }

    @PostMapping(value = {"/validate-signature"}, consumes = {"multipart/form-data"})
    @Operation(summary = "Validate PDF Digital Signature", description = "Validates the digital signatures in a PDF file against default or custom certificates. Input:PDF Output:JSON Type:SISO")
    public ResponseEntity<List<SignatureValidationResult>> validateSignature(@ModelAttribute SignatureValidationRequest signatureValidationRequest) throws IOException {
        ArrayList arrayList = new ArrayList();
        MultipartFile fileInput = signatureValidationRequest.getFileInput();
        MultipartFile certFile = signatureValidationRequest.getCertFile();
        X509Certificate x509Certificate = null;
        if (certFile != null && !certFile.isEmpty()) {
            try {
                ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(certFile.getBytes());
                try {
                    x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(byteArrayInputStream);
                    byteArrayInputStream.close();
                } finally {
                }
            } catch (CertificateException e) {
                throw ExceptionUtils.createRuntimeException("error.invalidFormat", "Invalid {0} format: {1}", e, "certificate file", e.getMessage());
            }
        }
        PDDocument load = this.pdfDocumentFactory.load(fileInput.getInputStream());
        try {
            for (PDSignature pDSignature : load.getSignatureDictionaries()) {
                SignatureValidationResult signatureValidationResult = new SignatureValidationResult();
                try {
                    CMSSignedData cMSSignedData = new CMSSignedData(new CMSProcessableByteArray(pDSignature.getSignedContent(fileInput.getInputStream())), pDSignature.getContents(fileInput.getInputStream()));
                    Store<X509CertificateHolder> certificates = cMSSignedData.getCertificates();
                    for (SignerInformation signerInformation : cMSSignedData.getSignerInfos().getSigners()) {
                        X509Certificate certificate = new JcaX509CertificateConverter().getCertificate(certificates.getMatches(signerInformation.getSID()).iterator().next());
                        signatureValidationResult.setValid(signerInformation.verify(new JcaSimpleSignerInfoVerifierBuilder().build(certificate)));
                        signatureValidationResult.setChainValid(x509Certificate != null ? this.certValidationService.validateCertificateChainWithCustomCert(certificate, x509Certificate) : this.certValidationService.validateCertificateChain(certificate));
                        signatureValidationResult.setTrustValid(x509Certificate != null ? this.certValidationService.validateTrustWithCustomCert(certificate, x509Certificate) : this.certValidationService.validateTrustStore(certificate));
                        signatureValidationResult.setNotRevoked(!this.certValidationService.isRevoked(certificate));
                        signatureValidationResult.setNotExpired(!certificate.getNotAfter().before(new Date()));
                        signatureValidationResult.setSignerName(pDSignature.getName());
                        signatureValidationResult.setSignatureDate(pDSignature.getSignDate().getTime().toString());
                        signatureValidationResult.setReason(pDSignature.getReason());
                        signatureValidationResult.setLocation(pDSignature.getLocation());
                        signatureValidationResult.setIssuerDN(certificate.getIssuerX500Principal().getName());
                        signatureValidationResult.setSubjectDN(certificate.getSubjectX500Principal().getName());
                        signatureValidationResult.setSerialNumber(certificate.getSerialNumber().toString(16));
                        signatureValidationResult.setValidFrom(certificate.getNotBefore().toString());
                        signatureValidationResult.setValidUntil(certificate.getNotAfter().toString());
                        signatureValidationResult.setSignatureAlgorithm(certificate.getSigAlgName());
                        try {
                            signatureValidationResult.setKeySize(((RSAPublicKey) certificate.getPublicKey()).getModulus().bitLength());
                        } catch (Exception e2) {
                            signatureValidationResult.setKeySize(0);
                        }
                        signatureValidationResult.setVersion(String.valueOf(certificate.getVersion()));
                        ArrayList arrayList2 = new ArrayList();
                        boolean[] keyUsage = certificate.getKeyUsage();
                        if (keyUsage != null) {
                            String[] strArr = {"Digital Signature", "Non-Repudiation", "Key Encipherment", "Data Encipherment", "Key Agreement", "Certificate Signing", "CRL Signing", "Encipher Only", "Decipher Only"};
                            for (int i = 0; i < keyUsage.length; i++) {
                                if (keyUsage[i]) {
                                    arrayList2.add(strArr[i]);
                                }
                            }
                        }
                        signatureValidationResult.setKeyUsages(arrayList2);
                        signatureValidationResult.setSelfSigned(certificate.getSubjectX500Principal().equals(certificate.getIssuerX500Principal()));
                    }
                } catch (Exception e3) {
                    signatureValidationResult.setValid(false);
                    signatureValidationResult.setErrorMessage("Signature validation failed: " + e3.getMessage());
                }
                arrayList.add(signatureValidationResult);
            }
            if (load != null) {
                load.close();
            }
            return ResponseEntity.ok(arrayList);
        } catch (Throwable th) {
            if (load != null) {
                try {
                    load.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Generated
    public ValidateSignatureController(CustomPDFDocumentFactory customPDFDocumentFactory, CertificateValidationService certificateValidationService) {
        this.pdfDocumentFactory = customPDFDocumentFactory;
        this.certValidationService = certificateValidationService;
    }
}
