package com.kinggrid.pdf.executes.electronicseal;

import com.KGitextpdf.text.pdf.PdfAnnotation;
import com.KGitextpdf.text.pdf.PdfIndirectReference;
import com.KGitextpdf.text.pdf.PdfName;
import com.KGitextpdf.text.pdf.PdfObject;
import com.KGitextpdf.text.pdf.PdfStamper;
import com.KGitextpdf.text.pdf.PdfStream;
import com.KGitextpdf.text.pdf.PdfString;
import com.KGitextpdf.text.pdf.security.PdfPKCS7;
import com.KGitextpdf.text.pdf.security.SecurityConstants;
import com.KGitextpdf.text.xml.xmp.XmpWriter;
import com.kinggrid.commons.KGDateUtils;
import com.kinggrid.encrypt.KGBase64;
import com.kinggrid.encrypt.KGSignature;
import com.kinggrid.encrypt.SM3Utils;
import com.kinggrid.exception.KGServerInterfaceErrorException;
import com.kinggrid.kgcore.gm.SealUtil;
import com.kinggrid.pdf.executes.signature.sm2.SesSignature;
import com.kinggrid.pdf.signinter.DigitalSignature;
import com.kinggrid.pdf.signinter.DigitalSignatureByServerSM2;
import com.kinggrid.pdf.signinter.DigitalSignatureCertBytes;
import java.io.InputStream;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Calendar;
import org.kg.bouncycastle.asn1.DERSequence;
import org.kg.bouncycastle.jce.provider.BouncyCastleProvider;

/* loaded from: input_file:lib/iSignature_PDF_API_V6.0.0.680.jar:com/kinggrid/pdf/executes/electronicseal/KGPdfElectronicSig.class */
public class KGPdfElectronicSig extends KGPdfElectronicExecute {
    private String certSignMsg;
    private String certContext;
    private String pwd;
    private InputStream pfxStream;
    private DigitalSignature digitalSignature;
    private PdfIndirectReference refCertSignMsg;
    private PdfIndirectReference refCertContext;
    private KGSignature kgSignature;
    private byte[] sm2Cert;
    private String sealData;
    private String esType;
    private int sigType = 0;
    private String signatureAlgorithm = SecurityConstants.RSA;

    @Deprecated
    public void setSig(String str, String str2) {
        this.sigType = 0;
        this.certSignMsg = str;
        this.certContext = str2;
    }

    public void setCertMsg(InputStream inputStream, String str) {
        this.sigType = 1;
        this.pfxStream = inputStream;
        this.pwd = str;
    }

    public void setCertMsg(DigitalSignature digitalSignature) {
        this.sigType = 2;
        this.digitalSignature = digitalSignature;
    }

    public void setRef(PdfIndirectReference pdfIndirectReference, PdfIndirectReference pdfIndirectReference2) {
        this.refCertContext = pdfIndirectReference2;
        this.refCertSignMsg = pdfIndirectReference;
    }

    @Override // com.kinggrid.pdf.executes.electronicseal.KGPdfElectronicExecute
    public void execute(PdfStamper pdfStamper, PdfAnnotation pdfAnnotation, int i, String str) {
        try {
            if (this.sigType == 1) {
                KGBase64 kGBase64 = new KGBase64();
                byte[] bytes = str.getBytes("GBK");
                if (this.kgSignature == null) {
                    this.kgSignature = new KGSignature(this.pfxStream, this.pwd, this.pwd);
                }
                this.kgSignature.update(bytes);
                byte[] sign = this.kgSignature.sign();
                Certificate[] chain = this.kgSignature.getChain();
                PdfPKCS7 pdfPKCS7 = new PdfPKCS7(null, chain, SecurityConstants.SHA1, BouncyCastleProvider.PROVIDER_NAME, null, false);
                pdfPKCS7.setExternalDigest(sign, bytes, SecurityConstants.RSA);
                byte[] encodedPKCS7 = pdfPKCS7.getEncodedPKCS7();
                String str2 = "-----BEGIN CERTIFICATE-----\n" + kGBase64.encode(chain[0].getEncoded()) + "\n-----END CERTIFICATE-----\n";
                this.certSignMsg = kGBase64.encode(encodedPKCS7);
                this.certContext = str2;
            } else if (this.sigType == 2 && this.digitalSignature != null) {
                if (SecurityConstants.RSA.equals(this.signatureAlgorithm)) {
                    sigWithRSA(str);
                } else {
                    if (!"SM2".equals(this.signatureAlgorithm)) {
                        throw new RuntimeException("不支持数字签名算法：" + this.signatureAlgorithm);
                    }
                    sigWithSM2(str);
                }
            }
            if (this.esType != null) {
                pdfAnnotation.put(new PdfName("ESType"), new PdfString(this.esType));
            }
            if (this.refCertSignMsg == null) {
                this.refCertSignMsg = pdfStamper.getWriter().addToBody(new PdfStream(this.certSignMsg.getBytes(XmpWriter.UTF16LE))).getIndirectReference();
            }
            pdfAnnotation.put(new PdfName("certSignMsg"), this.refCertSignMsg);
            if (this.refCertContext == null) {
                byte[] bytes2 = this.certContext.getBytes(XmpWriter.UTF16LE);
                byte[] bArr = new byte[bytes2.length * 2];
                System.arraycopy(bytes2, 0, bArr, 0, bytes2.length);
                this.refCertContext = pdfStamper.getWriter().addToBody(new PdfStream(bArr)).getIndirectReference();
            }
            pdfAnnotation.put(new PdfName("certContext"), this.refCertContext);
            pdfStamper.markUsed(pdfAnnotation);
        } catch (KGServerInterfaceErrorException e) {
            throw e;
        } catch (Exception e2) {
            throw new RuntimeException(e2);
        }
    }

    private void sigWithRSA(String str) throws Exception {
        KGBase64 kGBase64 = new KGBase64();
        byte[] bytes = str.getBytes("GBK");
        byte[] sign = this.digitalSignature.sign(bytes);
        X509Certificate[] certificate = this.digitalSignature.getCertificate();
        PdfPKCS7 pdfPKCS7 = new PdfPKCS7(null, certificate, SecurityConstants.SHA1, BouncyCastleProvider.PROVIDER_NAME, null, false);
        pdfPKCS7.setExternalDigest(sign, bytes, SecurityConstants.RSA);
        byte[] encodedPKCS7 = pdfPKCS7.getEncodedPKCS7();
        String str2 = "-----BEGIN CERTIFICATE-----\n" + kGBase64.encode(certificate[0].getEncoded()) + "\n-----END CERTIFICATE-----\n";
        this.certSignMsg = kGBase64.encode(encodedPKCS7);
        this.certContext = str2;
    }

    private void sigWithSM2(String str) throws Exception {
        byte[] sign;
        byte[] encoded;
        KGBase64 kGBase64 = new KGBase64();
        byte[] bytes = str.getBytes("GBK");
        int i = 0;
        if (this.sealData != null && !this.sealData.equals(PdfObject.NOTHING)) {
            i = SealUtil.getSealInfo(kGBase64.decode(this.sealData)).getVersion();
        }
        if (i == 4) {
            DERSequence toSignData = SesSignature.getToSignData(kGBase64.decode(this.sealData), String.valueOf(KGDateUtils.format2GMTTime(Calendar.getInstance().getTime(), "yyyyMMddHHmmss")) + "Z", SM3Utils.sm3Digest(bytes), "hash");
            byte[] encoded2 = toSignData.getEncoded();
            setEsType("GMV4");
            if (this.digitalSignature instanceof DigitalSignatureByServerSM2) {
                ((DigitalSignatureByServerSM2) this.digitalSignature).setClientVerify(false);
            }
            byte[] decode = kGBase64.decode(new String(this.digitalSignature.sign(encoded2)));
            X509Certificate[] certificate = this.digitalSignature.getCertificate();
            encoded = certificate != null ? certificate[0].getEncoded() : this.digitalSignature instanceof DigitalSignatureCertBytes ? ((DigitalSignatureCertBytes) this.digitalSignature).getCert() : this.sm2Cert;
            byte[] bArr = null;
            if (this.timeStampInter != null) {
                bArr = this.timeStampInter.getTimeStamp(decode);
            }
            sign = kGBase64.encode(SesSignature.getSesSignature(toSignData, encoded, decode, bArr).getEncoded()).getBytes(XmpWriter.UTF8);
        } else {
            sign = this.digitalSignature.sign(bytes);
            X509Certificate[] certificate2 = this.digitalSignature.getCertificate();
            encoded = certificate2 != null ? certificate2[0].getEncoded() : this.digitalSignature instanceof DigitalSignatureCertBytes ? ((DigitalSignatureCertBytes) this.digitalSignature).getCert() : this.sm2Cert;
        }
        String str2 = "-----BEGIN CERTIFICATE-----\n" + kGBase64.encode(encoded) + "\n-----END CERTIFICATE-----\n";
        this.certSignMsg = new String(sign);
        this.certContext = str2;
    }

    public String getSignatureAlgorithm() {
        return this.signatureAlgorithm;
    }

    public void setSignatureAlgorithm(String str) {
        this.signatureAlgorithm = str;
    }

    public byte[] getSm2Cert() {
        return this.sm2Cert;
    }

    public void setSm2Cert(byte[] bArr) {
        this.sm2Cert = bArr;
    }

    public String getEsType() {
        return this.esType;
    }

    public void setEsType(String str) {
        this.esType = str;
    }

    public String getSealData() {
        return this.sealData;
    }

    public void setSealData(String str) {
        this.sealData = str;
    }

    public DigitalSignature getDigitalSignature() {
        return this.digitalSignature;
    }
}
