package es.gob.afirma.cert.signvalidation;

import com.aowagie.text.pdf.AcroFields;
import com.aowagie.text.pdf.PdfDictionary;
import com.aowagie.text.pdf.PdfName;
import com.aowagie.text.pdf.PdfPKCS7;
import com.aowagie.text.pdf.PdfReader;
import es.gob.afirma.cert.signvalidation.SignValidity;
import es.gob.afirma.ui.utils.Constants;
import java.io.IOException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.util.logging.Logger;

/* loaded from: input_file:es/gob/afirma/cert/signvalidation/ValidatePdfSignature.class */
public final class ValidatePdfSignature implements SignValider {
    private static final Logger LOGGER = Logger.getLogger(Constants.OUR_NODE_NAME);
    private static final PdfName PDFNAME_ETSI_RFC3161 = new PdfName("ETSI.RFC3161");
    private static final PdfName PDFNAME_DOCTIMESTAMP = new PdfName("DocTimeStamp");

    @Override // es.gob.afirma.cert.signvalidation.SignValider
    public SignValidity validate(byte[] bArr) throws IOException {
        AcroFields acroFields = new PdfReader(bArr).getAcroFields();
        for (String str : acroFields.getSignatureNames()) {
            PdfPKCS7 verifySignature = acroFields.verifySignature(str);
            PdfDictionary signatureDictionary = acroFields.getSignatureDictionary(str);
            if (!PDFNAME_ETSI_RFC3161.equals(signatureDictionary.get(PdfName.SUBFILTER)) && !PDFNAME_DOCTIMESTAMP.equals(signatureDictionary.get(PdfName.SUBFILTER))) {
                try {
                    if (!verifySignature.verify()) {
                        return new SignValidity(SignValidity.SIGN_DETAIL_TYPE.KO, SignValidity.VALIDITY_ERROR.NO_MATCH_DATA);
                    }
                } catch (Exception e) {
                    LOGGER.warning("Error validando la firma '" + str + "' del PDF: " + e);
                    return new SignValidity(SignValidity.SIGN_DETAIL_TYPE.KO, SignValidity.VALIDITY_ERROR.CORRUPTED_SIGN);
                }
            }
            try {
                verifySignature.getSigningCertificate().checkValidity();
            } catch (CertificateExpiredException e2) {
                LOGGER.info("El certificado usado ha expirado: " + e2);
                return new SignValidity(SignValidity.SIGN_DETAIL_TYPE.KO, SignValidity.VALIDITY_ERROR.CERTIFICATE_EXPIRED);
            } catch (CertificateNotYetValidException e3) {
                LOGGER.info("El certificado usado todavia no es valido: " + e3);
                return new SignValidity(SignValidity.SIGN_DETAIL_TYPE.KO, SignValidity.VALIDITY_ERROR.CERTIFICATE_NOT_VALID_YET);
            }
        }
        return new SignValidity(SignValidity.SIGN_DETAIL_TYPE.OK, null);
    }
}
