package com.kinggrid.pdf.executes.electronicseal;

import com.KGitextpdf.text.pdf.PdfAnnotation;
import com.KGitextpdf.text.pdf.PdfIndirectReference;
import com.KGitextpdf.text.pdf.PdfName;
import com.KGitextpdf.text.pdf.PdfStamper;
import com.KGitextpdf.text.pdf.PdfStream;
import com.KGitextpdf.text.pdf.security.PdfPKCS7;
import com.KGitextpdf.text.pdf.security.SecurityConstants;
import com.KGitextpdf.text.xml.xmp.XmpWriter;
import com.kinggrid.encrypt.KGBase64;
import com.kinggrid.encrypt.KGSignature;
import com.kinggrid.pdf.signinter.DigitalSignature;
import java.io.InputStream;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;

/* loaded from: input_file:com/kinggrid/pdf/executes/electronicseal/KGPdfElectronicSig.class */
public class KGPdfElectronicSig extends KGPdfElectronicExecute {
    private String certSignMsg;
    private String certContext;
    private String pwd;
    private InputStream pfxStream;
    private DigitalSignature digitalSignature;
    private PdfIndirectReference refCertSignMsg;
    private PdfIndirectReference refCertContext;
    private byte[] sm2Cert;
    private int sigType = 0;
    private String signatureAlgorithm = SecurityConstants.RSA;

    public void setSig(String str, String str2) {
        this.sigType = 0;
        this.certSignMsg = str;
        this.certContext = str2;
    }

    public void setCertMsg(InputStream inputStream, String str) {
        this.sigType = 1;
        this.pfxStream = inputStream;
        this.pwd = str;
    }

    public void setCertMsg(DigitalSignature digitalSignature) {
        this.sigType = 2;
        this.digitalSignature = digitalSignature;
    }

    @Override // com.kinggrid.pdf.executes.electronicseal.KGPdfElectronicExecute
    public void execute(PdfStamper pdfStamper, PdfAnnotation pdfAnnotation, int i, String str) {
        try {
            if (this.refCertSignMsg != null && this.refCertContext != null) {
                pdfAnnotation.put(new PdfName("certContext"), this.refCertContext);
                pdfAnnotation.put(new PdfName("certSignMsg"), this.refCertSignMsg);
                return;
            }
            if (this.sigType == 1) {
                KGBase64 kGBase64 = new KGBase64();
                byte[] bytes = str.getBytes("GBK");
                KGSignature kGSignature = new KGSignature(this.pfxStream, this.pwd, this.pwd);
                kGSignature.update(bytes);
                byte[] sign = kGSignature.sign();
                Certificate[] chain = kGSignature.getChain();
                PdfPKCS7 pdfPKCS7 = new PdfPKCS7(null, chain, SecurityConstants.SHA1, "BC", null, false);
                pdfPKCS7.setExternalDigest(sign, bytes, SecurityConstants.RSA);
                setSig(kGBase64.encode(pdfPKCS7.getEncodedPKCS7()), "-----BEGIN CERTIFICATE-----\n" + kGBase64.encode(chain[0].getEncoded()) + "\n-----END CERTIFICATE-----\n");
            } else if (this.sigType == 2 && this.digitalSignature != null) {
                if (SecurityConstants.RSA.equals(this.signatureAlgorithm)) {
                    sigWithRSA(str);
                } else {
                    if (!"SM2".equals(this.signatureAlgorithm)) {
                        throw new RuntimeException("不支持数字签名算法：" + this.signatureAlgorithm);
                    }
                    sigWithSM2(str);
                }
            }
            if (this.certSignMsg != null) {
                this.refCertSignMsg = pdfStamper.getWriter().addToBody(new PdfStream(this.certSignMsg.getBytes(XmpWriter.UTF16LE))).getIndirectReference();
                pdfAnnotation.put(new PdfName("certSignMsg"), this.refCertSignMsg);
            }
            if (this.certContext != null) {
                byte[] bytes2 = this.certContext.getBytes(XmpWriter.UTF16LE);
                byte[] bArr = new byte[bytes2.length * 2];
                System.arraycopy(bytes2, 0, bArr, 0, bytes2.length);
                this.refCertContext = pdfStamper.getWriter().addToBody(new PdfStream(bArr)).getIndirectReference();
                pdfAnnotation.put(new PdfName("certContext"), this.refCertContext);
            }
            pdfStamper.markUsed(pdfAnnotation);
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    private void sigWithRSA(String str) throws Exception {
        KGBase64 kGBase64 = new KGBase64();
        byte[] bytes = str.getBytes("GBK");
        X509Certificate[] certificate = this.digitalSignature.getCertificate();
        byte[] sign = this.digitalSignature.sign(bytes);
        PdfPKCS7 pdfPKCS7 = new PdfPKCS7(null, certificate, SecurityConstants.SHA1, "BC", null, false);
        pdfPKCS7.setExternalDigest(sign, bytes, SecurityConstants.RSA);
        setSig(kGBase64.encode(pdfPKCS7.getEncodedPKCS7()), "-----BEGIN CERTIFICATE-----\n" + kGBase64.encode(certificate[0].getEncoded()) + "\n-----END CERTIFICATE-----\n");
    }

    private void sigWithSM2(String str) throws Exception {
        KGBase64 kGBase64 = new KGBase64();
        byte[] sign = this.digitalSignature.sign(str.getBytes("GBK"));
        X509Certificate[] certificate = this.digitalSignature.getCertificate();
        setSig(new String(sign), "-----BEGIN CERTIFICATE-----\n" + kGBase64.encode(certificate != null ? certificate[0].getEncoded() : this.sm2Cert) + "\n-----END CERTIFICATE-----\n");
    }

    public String getSignatureAlgorithm() {
        return this.signatureAlgorithm;
    }

    public void setSignatureAlgorithm(String str) {
        this.signatureAlgorithm = str;
    }

    public byte[] getSm2Cert() {
        return this.sm2Cert;
    }

    public void setSm2Cert(byte[] bArr) {
        this.sm2Cert = bArr;
    }
}
