path: root/unipdf/model/sighandler/sighandler.go

//
// Copyright 2020 FoxyUtils ehf. All rights reserved.
//
// This is a commercial product and requires a license to operate.
// A trial license can be obtained at https://unidoc.io
//
// DO NOT EDIT: generated by unitwist Go source code obfuscator.
//
// Use of this source code is governed by the UniDoc End User License Agreement
// terms that can be accessed at https://unidoc.io/eula/

// Package sighandler implements digital signature handlers for PDF signature validation and signing.
package sighandler ;import (_ae "bytes";_dca "crypto";_aa "crypto/ecdsa";_ac "crypto/rand";_dc "crypto/rsa";_b "crypto/x509";_cc "crypto/x509/pkix";_gg "encoding/asn1";_fc "encoding/hex";_e "errors";_da "fmt";_ff "github.com/unidoc/pkcs7";_gd "github.com/unidoc/timestamp";
_ed "github.com/unidoc/unipdf/v4/common";_cd "github.com/unidoc/unipdf/v4/core";_be "github.com/unidoc/unipdf/v4/model";_db "github.com/unidoc/unipdf/v4/model/mdp";_aac "github.com/unidoc/unipdf/v4/model/sigutil";_g "hash";_c "math/big";_d "strings";_f "time";
);

// DocTimeStampOpts defines options for configuring the timestamp handler.
type DocTimeStampOpts struct{

// SignatureSize is the estimated size of the signature contents in bytes.
// If not provided, a default signature size of 4192 is used.
// The signing process will report the model.ErrSignNotEnoughSpace error
// if the estimated signature size is smaller than the actual size of the
// signature.
SignatureSize int ;

// Client is the timestamp client used to make the signature request.
// If no client is provided, a default one is used.
Client *_aac .TimestampClient ;};

// IsApplicable returns true if the signature handler is applicable for the PdfSignature
func (_aaf *adobePKCS7Detached )IsApplicable (sig *_be .PdfSignature )bool {if sig ==nil ||sig .Filter ==nil ||sig .SubFilter ==nil {return false ;};return (*sig .Filter =="A\u0064\u006f\u0062\u0065\u002e\u0050\u0050\u004b\u004d\u0053"||*sig .Filter =="\u0041\u0064\u006f\u0062\u0065\u002e\u0050\u0050\u004b\u004c\u0069\u0074\u0065")&&*sig .SubFilter =="\u0061\u0064\u0062\u0065.p\u006b\u0063\u0073\u0037\u002e\u0064\u0065\u0074\u0061\u0063\u0068\u0065\u0064";
};

// InitSignature initialises the PdfSignature.
func (_ad *etsiPAdES )InitSignature (sig *_be .PdfSignature )error {if _ad ._fcg ==nil {return _e .New ("c\u0065\u0072\u0074\u0069\u0066\u0069c\u0061\u0074\u0065\u0020\u006d\u0075\u0073\u0074\u0020n\u006f\u0074\u0020b\u0065 \u006e\u0069\u006c");};if _ad ._aace ==nil {return _e .New ("p\u0072\u0069\u0076\u0061\u0074\u0065 \u006b\u0065\u0079\u0020\u006d\u0075\u0073\u0074\u0020n\u006f\u0074\u0020b\u0065 \u006e\u0069\u006c");
};if _ad ._ea >=LevelT {if _ad ._ecab ==""{return _e .New ("\u0063\u0065\u0072\u0074\u0069\u0066\u0069\u0063\u0061\u0074\u0065\u0020\u0074i\u006d\u0065\u0073\u0074\u0061\u006d\u0070\u0020\u0073e\u0072\u0076\u0065\u0072\u0020\u0055\u0052\u004c\u0020\u006d\u0075\u0073\u0074\u0020n\u006f\u0074\u0020\u0062\u0065\u0020\u0065\u006d\u0070\u0074\u0079\u0020\u0066\u006f\u0072\u0020\u004c\u0065\u0076\u0065\u006c\u0020\u0054\u0020\u0026\u0020\u004c\u0054\u0020\u0073i\u0067\u006e\u0061\u0074\u0075\u0072\u0065\u0020\u0068a\u006e\u0064l\u0065\u0072");
};if _ad .TimestampClient ==nil {_ed .Log .Trace ("\u0054\u0069\u006d\u0065\u0073\u0074\u0061\u006d\u0070\u0020\u0063\u006c\u0069\u0065\u006et\u0020\u006e\u006f\u0074\u0020\u0073\u0070\u0065\u0063\u0069\u0066\u0069\u0065d\u002c\u0020\u0075\u0073\u0069\u006e\u0067\u0020\u0061\u0020\u0064\u0065fa\u0075\u006c\u0074\u0020\u0063\u006c\u0069\u0065\u006e\u0074");
_ad .TimestampClient =_aac .NewTimestampClient ();};};if _ad ._ea ==LevelLT {if _ad .CertClient ==nil {_ed .Log .Trace ("\u0063\u0065\u0072\u0074\u0020\u0063l\u0069\u0065\u006e\u0074\u0020\u006e\u006f\u0074\u0020\u0073\u0070\u0065\u0063\u0069\u0066\u0069\u0065\u0064\u002c\u0020u\u0073\u0069\u006e\u0067\u0020\u0061\u0020\u0064\u0065\u0066\u0061\u0075\u006c\u0074 \u0063l\u0069\u0065\u006e\u0074");
_ad .CertClient =_aac .NewCertClient ();};if _ad .OCSPClient ==nil {_ed .Log .Trace ("\u004f\u0043\u0053\u0050\u0020\u0063l\u0069\u0065\u006e\u0074\u0020\u006e\u006f\u0074\u0020\u0073\u0070\u0065\u0063\u0069\u0066\u0069\u0065\u0064\u002c\u0020u\u0073\u0069\u006e\u0067\u0020\u0061\u0020\u0064\u0065\u0066\u0061\u0075\u006c\u0074 \u0063l\u0069\u0065\u006e\u0074");
_ad .OCSPClient =_aac .NewOCSPClient ();};if _ad .CRLClient ==nil {_ed .Log .Trace ("\u0043\u0052\u004c\u0020\u0063\u006c\u0069\u0065n\u0074\u0020\u006eot\u0020\u0073\u0070\u0065\u0063\u0069f\u0069\u0065\u0064\u002c\u0020\u0075\u0073\u0069\u006e\u0067\u0020\u0061\u0020\u0064\u0065f\u0061\u0075\u006c\u0074\u0020\u0063\u006c\u0069e\u006e\u0074");
_ad .CRLClient =_aac .NewCRLClient ();};if _ad ._cbb ==nil {return _e .New ("\u0061\u0070\u0070\u0065\u006e\u0064\u0065r\u0020\u006d\u0075s\u0074\u0020\u006eo\u0074\u0020b\u0065\u0020\u006e\u0069\u006c\u0020f\u006fr \u004c\u0065\u0076\u0065\u006c\u0020\u004c\u0054\u0020\u0073\u0069\u0067\u006e\u0061\u0074\u0075\u0072\u0065\u0020\u0068\u0061\u006e\u0064\u006c\u0065\u0072");
};if _ad ._aab ==nil {_fada :=_ad ._cbb .Reader .DSS ;if _fada ==nil {_fada =_be .NewDSS ();};if _bbg :=_fada .GenerateHashMaps ();_bbg !=nil {return _bbg ;};_ad ._aab =_fada ;};};_ged :=*_ad ;sig .Handler =&_ged ;sig .Filter =_cd .MakeName ("\u0041\u0064\u006f\u0062\u0065\u002e\u0050\u0050\u004b\u004c\u0069\u0074\u0065");
sig .SubFilter =_cd .MakeName ("\u0045\u0054\u0053\u0049.C\u0041\u0064\u0045\u0053\u002e\u0064\u0065\u0074\u0061\u0063\u0068\u0065\u0064");sig .Reference =nil ;_fd ,_ffg :=_ged .NewDigest (sig );if _ffg !=nil {return _ffg ;};_ ,_ffg =_fd .Write ([]byte ("\u0063\u0061\u006c\u0063\u0075\u006ca\u0074\u0065\u0020\u0074\u0068\u0065\u0020\u0043\u006f\u006e\u0074\u0065\u006et\u0073\u0020\u0066\u0069\u0065\u006c\u0064 \u0073\u0069\u007a\u0065"));
if _ffg !=nil {return _ffg ;};_ged ._gga =true ;_ffg =_ged .Sign (sig ,_fd );_ged ._gga =false ;return _ffg ;};

// IsApplicable returns true if the signature handler is applicable for the PdfSignature.
func (_gdf *DocMDPHandler )IsApplicable (sig *_be .PdfSignature )bool {_eb :=false ;for _ ,_ec :=range sig .Reference .Elements (){if _bd ,_ge :=_cd .GetDict (_ec );_ge {if _bb ,_ga :=_cd .GetNameVal (_bd .Get ("\u0054r\u0061n\u0073\u0066\u006f\u0072\u006d\u004d\u0065\u0074\u0068\u006f\u0064"));
_ga {if _bb !="\u0044\u006f\u0063\u004d\u0044\u0050"{return false ;};if _af ,_dg :=_cd .GetDict (_bd .Get ("\u0054r\u0061n\u0073\u0066\u006f\u0072\u006d\u0050\u0061\u0072\u0061\u006d\u0073"));_dg {_ ,_cb :=_cd .GetNumberAsInt64 (_af .Get ("\u0050"));if _cb !=nil {return false ;
};_eb =true ;break ;};};};};return _eb &&_gdf ._gge .IsApplicable (sig );};

// GetCertificate returns the signing certificate for the signature handler.
func (_dga *etsiPAdES )GetCertificate ()*_b .Certificate {return _dga ._fcg };

// SetTimestampServerURL sets the URL of the timestamp server.
func (_acd *etsiPAdES )SetTimestampServerURL (timestampServerURL string ){_acd ._ecab =timestampServerURL ;};

// AdobeX509RSASHA1Opts defines options for configuring the adbe.x509.rsa_sha1
// signature handler.
type AdobeX509RSASHA1Opts struct{

// EstimateSize specifies whether the size of the signature contents
// should be estimated based on the modulus size of the public key
// extracted from the signing certificate. If set to false, a mock Sign
// call is made in order to estimate the size of the signature contents.
EstimateSize bool ;

// Algorithm specifies the algorithm used for performing signing.
// If not specified, defaults to SHA1.
Algorithm _dca .Hash ;};

// IsApplicable returns true if the signature handler is applicable for the PdfSignature.
func (_daf *etsiPAdES )IsApplicable (sig *_be .PdfSignature )bool {if sig ==nil ||sig .Filter ==nil ||sig .SubFilter ==nil {return false ;};return (*sig .Filter =="\u0041\u0064\u006f\u0062\u0065\u002e\u0050\u0050\u004b\u004c\u0069\u0074\u0065")&&*sig .SubFilter =="\u0045\u0054\u0053\u0049.C\u0041\u0064\u0045\u0053\u002e\u0064\u0065\u0074\u0061\u0063\u0068\u0065\u0064";
};

// Sign sets the Contents fields for the PdfSignature.
func (_acgg *adobeX509RSASHA1 )Sign (sig *_be .PdfSignature ,digest _be .Hasher )error {var _abdd []byte ;var _cbe error ;if _acgg ._acg !=nil {_abdd ,_cbe =_acgg ._acg (sig ,digest );if _cbe !=nil {return _cbe ;};}else {_cfg ,_acf :=digest .(_g .Hash );
if !_acf {return _e .New ("\u0068a\u0073h\u0020\u0074\u0079\u0070\u0065\u0020\u0065\u0072\u0072\u006f\u0072");};_agf :=_cbf ;if _acgg ._bde !=0{_agf =_acgg ._bde ;};_abdd ,_cbe =_dc .SignPKCS1v15 (_ac .Reader ,_acgg ._cge ,_agf ,_cfg .Sum (nil ));if _cbe !=nil {return _cbe ;
};};_abdd ,_cbe =_gg .Marshal (_abdd );if _cbe !=nil {return _cbe ;};sig .Contents =_cd .MakeHexString (string (_abdd ));return nil ;};

// NewDigest creates a new digest.
func (_bbc *etsiPAdES )NewDigest (_ *_be .PdfSignature )(_be .Hasher ,error ){return _ae .NewBuffer (nil ),nil ;};

// RevocationInfoArchival is OIDAttributeAdobeRevocation attribute.
type RevocationInfoArchival struct{Crl []_gg .RawValue `asn1:"explicit,tag:0,optional"`;Ocsp []_gg .RawValue `asn1:"explicit,tag:1,optional"`;OtherRevInfo []_gg .RawValue `asn1:"explicit,tag:2,optional"`;};

// Sign adds a new reference to signature's references array.
func (_ce *DocMDPHandler )Sign (sig *_be .PdfSignature ,digest _be .Hasher )error {return _ce ._gge .Sign (sig ,digest );};

// SetTimestampClient sets the HTTP client for timestamp requests.
func (_bea *etsiPAdES )SetTimestampClient (timestampClient *_aac .TimestampClient ){_bea .TimestampClient =timestampClient ;};

// Validate validates PdfSignature.
func (_abca *adobeX509RSASHA1 )Validate (sig *_be .PdfSignature ,digest _be .Hasher )(_be .SignatureValidationResult ,error ){_efb ,_bgab :=_abca .getCertificate (sig );if _bgab !=nil {return _be .SignatureValidationResult {},_bgab ;};_beec :=sig .Contents .Bytes ();
var _gcd []byte ;if _ ,_ggde :=_gg .Unmarshal (_beec ,&_gcd );_ggde !=nil {return _be .SignatureValidationResult {},_ggde ;};_gea ,_cae :=digest .(_g .Hash );if !_cae {return _be .SignatureValidationResult {},_e .New ("\u0068a\u0073h\u0020\u0074\u0079\u0070\u0065\u0020\u0065\u0072\u0072\u006f\u0072");
};_bbcf ,_ :=_abca .getHashAlgorithm (sig );if _bbcf ==0{_bbcf =_cbf ;};if _edf :=_dc .VerifyPKCS1v15 (_efb .PublicKey .(*_dc .PublicKey ),_bbcf ,_gea .Sum (nil ),_gcd );_edf !=nil {return _be .SignatureValidationResult {},_edf ;};return _be .SignatureValidationResult {IsSigned :true ,IsVerified :true },nil ;
};

// GetCertClient returns the client for retrieving certificates.
func (_dcg *etsiPAdES )GetCertClient ()*_aac .CertClient {return _dcg .CertClient };

// Validate validates PdfSignature.
func (_gegb *adobePKCS7Detached )Validate (sig *_be .PdfSignature ,digest _be .Hasher )(_be .SignatureValidationResult ,error ){_acdg :=sig .Contents .Bytes ();_adfd ,_aga :=_ff .Parse (_acdg );if _aga !=nil {return _be .SignatureValidationResult {},_aga ;
};_afa ,_baf :=digest .(*_ae .Buffer );if !_baf {return _be .SignatureValidationResult {},_da .Errorf ("c\u0061s\u0074\u0020\u0074\u006f\u0020\u0062\u0075\u0066f\u0065\u0072\u0020\u0066ai\u006c\u0073");};_adfd .Content =_afa .Bytes ();if _aga =_adfd .Verify ();
_aga !=nil {return _be .SignatureValidationResult {},_aga ;};return _be .SignatureValidationResult {IsSigned :true ,IsVerified :true },nil ;};

// NewDigest creates a new digest.
func (_fda *adobeX509RSASHA1 )NewDigest (sig *_be .PdfSignature )(_be .Hasher ,error ){if _aeef ,_acdf :=_fda .getHashAlgorithm (sig );_aeef !=0&&_acdf ==nil {return _aeef .New (),nil ;};return _cbf .New (),nil ;};

// GetCA returns the CA certificate for the signature handler.
func (_bee *etsiPAdES )GetCA ()*_b .Certificate {return _bee ._fba };

// GetAppender returns the PDF appender.
func (_df *etsiPAdES )GetAppender ()*_be .PdfAppender {return _df ._cbb };

// NewDigest creates a new digest.
func (_ffaa *docTimeStamp )NewDigest (sig *_be .PdfSignature )(_be .Hasher ,error ){return _ae .NewBuffer (nil ),nil ;};

// InitSignature initialization of the DocMDP signature.
func (_ecb *DocMDPHandler )InitSignature (sig *_be .PdfSignature )error {_gdg :=_ecb ._gge .InitSignature (sig );if _gdg !=nil {return _gdg ;};sig .Handler =_ecb ;if sig .Reference ==nil {sig .Reference =_cd .MakeArray ();};sig .Reference .Append (_be .NewPdfSignatureReferenceDocMDP (_be .NewPdfTransformParamsDocMDP (_ecb .Permission )).ToPdfObject ());
return nil ;};func (_abd *etsiPAdES )getCerts (_ecbg []*_b .Certificate )([][]byte ,error ){_afc :=make ([][]byte ,0,len (_ecbg ));for _ ,_acb :=range _ecbg {_afc =append (_afc ,_acb .Raw );};return _afc ,nil ;};

// SetDSS sets the Document Security Store (DSS) for the signature handler.
// The DSS contains validation-related information such as certificates, CRLs, and OCSP responses.
func (_eec *etsiPAdES )SetDSS (dss *_be .DSS ){_eec ._aab =dss };

// SignFunc represents a custom signing function. The function should return
// the computed signature.
type SignFunc func (_aggd *_be .PdfSignature ,_ced _be .Hasher )([]byte ,error );

// NewEtsiPAdES creates a new PAdES signature handler with the specified algorithm and level.
// The handler should be further configured using the available setter methods.
func NewEtsiPAdES (level EtsiPAdESLevel )*etsiPAdES {return &etsiPAdES {_ea :level }};

// GetTimestampClient returns the HTTP client for timestamp requests.
func (_ccgd *etsiPAdES )GetTimestampClient ()*_aac .TimestampClient {return _ccgd .TimestampClient };

// IsApplicable returns true if the signature handler is applicable for the PdfSignature.
func (_gbgge *adobeX509RSASHA1 )IsApplicable (sig *_be .PdfSignature )bool {if sig ==nil ||sig .Filter ==nil ||sig .SubFilter ==nil {return false ;};return (*sig .Filter =="A\u0064\u006f\u0062\u0065\u002e\u0050\u0050\u004b\u004d\u0053"||*sig .Filter =="\u0041\u0064\u006f\u0062\u0065\u002e\u0050\u0050\u004b\u004c\u0069\u0074\u0065")&&*sig .SubFilter =="\u0061d\u0062e\u002e\u0078\u0035\u0030\u0039.\u0072\u0073a\u005f\u0073\u0068\u0061\u0031";
};

// Sign sets the Contents fields.
func (_efgb *adobePKCS7Detached )Sign (sig *_be .PdfSignature ,digest _be .Hasher )error {if _efgb ._bdac {_cdffd :=_efgb ._cgc ;if _cdffd <=0{_cdffd =8192;};sig .Contents =_cd .MakeHexString (string (make ([]byte ,_cdffd )));return nil ;};_gca ,_afad :=digest .(*_ae .Buffer );
if !_afad {return _da .Errorf ("c\u0061s\u0074\u0020\u0074\u006f\u0020\u0062\u0075\u0066f\u0065\u0072\u0020\u0066ai\u006c\u0073");};_fbbf ,_cfe :=_ff .NewSignedData (_gca .Bytes ());if _cfe !=nil {return _cfe ;};if _cdd :=_fbbf .AddSigner (_efgb ._ddgf ,_efgb ._feb ,_ff .SignerInfoConfig {});
_cdd !=nil {return _cdd ;};_fbbf .Detach ();_bbab ,_cfe :=_fbbf .Finish ();if _cfe !=nil {return _cfe ;};_aabc :=make ([]byte ,8192);copy (_aabc ,_bbab );sig .Contents =_cd .MakeHexString (string (_aabc ));return nil ;};

// Validate validates PdfSignature.
func (_gf *docTimeStamp )Validate (sig *_be .PdfSignature ,digest _be .Hasher )(_be .SignatureValidationResult ,error ){_fcf :=sig .Contents .Bytes ();_cee ,_aeab :=_ff .Parse (_fcf );if _aeab !=nil {return _be .SignatureValidationResult {},_aeab ;};if _aeab =_cee .Verify ();
_aeab !=nil {return _be .SignatureValidationResult {},_aeab ;};var _efab timestampInfo ;_ ,_aeab =_gg .Unmarshal (_cee .Content ,&_efab );if _aeab !=nil {return _be .SignatureValidationResult {},_aeab ;};_adg ,_aeab :=_beecg (_efab .MessageImprint .HashAlgorithm .Algorithm );
if _aeab !=nil {return _be .SignatureValidationResult {},_aeab ;};_agd :=_adg .New ();_cdg ,_afff :=digest .(*_ae .Buffer );if !_afff {return _be .SignatureValidationResult {},_da .Errorf ("c\u0061s\u0074\u0020\u0074\u006f\u0020\u0062\u0075\u0066f\u0065\u0072\u0020\u0066ai\u006c\u0073");
};_agd .Write (_cdg .Bytes ());_aedc :=_agd .Sum (nil );_adef :=_be .SignatureValidationResult {IsSigned :true ,IsVerified :_ae .Equal (_aedc ,_efab .MessageImprint .HashedMessage ),GeneralizedTime :_efab .GeneralizedTime };return _adef ,nil ;};

// NewAdobePKCS7Detached creates a new Adobe.PPKMS/Adobe.PPKLite adbe.pkcs7.detached signature handler.
// Both parameters may be nil for the signature validation.
func NewAdobePKCS7Detached (privateKey *_dc .PrivateKey ,certificate *_b .Certificate )(_be .SignatureHandler ,error ){return &adobePKCS7Detached {_ddgf :certificate ,_feb :privateKey },nil ;};

// ValidateWithOpts validates a PDF signature by checking PdfReader or PdfParser by the DiffPolicy
// params describes parameters for the DocMDP checks.
func (_gda *DocMDPHandler )ValidateWithOpts (sig *_be .PdfSignature ,digest _be .Hasher ,params _be .SignatureHandlerDocMDPParams )(_be .SignatureValidationResult ,error ){_dce ,_ecd :=_gda ._gge .Validate (sig ,digest );if _ecd !=nil {return _dce ,_ecd ;
};_bda :=params .Parser ;if _bda ==nil {return _be .SignatureValidationResult {},_e .New ("p\u0061r\u0073\u0065\u0072\u0020\u0063\u0061\u006e\u0027t\u0020\u0062\u0065\u0020nu\u006c\u006c");};if !_dce .IsVerified {return _dce ,nil ;};_bed :=params .DiffPolicy ;
if _bed ==nil {_bed =_db .NewDefaultDiffPolicy ();};for _eca :=0;_eca <=_bda .GetRevisionNumber ();_eca ++{_bcc ,_gdc :=_bda .GetRevision (_eca );if _gdc !=nil {return _be .SignatureValidationResult {},_gdc ;};_ffd :=_bcc .GetTrailer ();if _ffd ==nil {return _be .SignatureValidationResult {},_e .New ("\u0075\u006e\u0064\u0065f\u0069\u006e\u0065\u0064\u0020\u0074\u0068\u0065\u0020\u0074r\u0061i\u006c\u0065\u0072\u0020\u006f\u0062\u006ae\u0063\u0074");
};_ggg ,_cf :=_cd .GetDict (_ffd .Get ("\u0052\u006f\u006f\u0074"));if !_cf {return _be .SignatureValidationResult {},_e .New ("\u0075n\u0064\u0065\u0066\u0069n\u0065\u0064\u0020\u0074\u0068e\u0020r\u006fo\u0074\u0020\u006f\u0062\u006a\u0065\u0063t");};
_gag ,_cf :=_cd .GetDict (_ggg .Get ("\u0041\u0063\u0072\u006f\u0046\u006f\u0072\u006d"));if !_cf {continue ;};_ca ,_cf :=_cd .GetArray (_gag .Get ("\u0046\u0069\u0065\u006c\u0064\u0073"));if !_cf {continue ;};for _ ,_fb :=range _ca .Elements (){_cbd ,_gaa :=_cd .GetDict (_fb );
if !_gaa {continue ;};_geg ,_gaa :=_cd .GetDict (_cbd .Get ("\u0056"));if !_gaa {continue ;};if _cd .EqualObjects (_geg .Get ("\u0043\u006f\u006e\u0074\u0065\u006e\u0074\u0073"),sig .Contents ){_dce .DiffResults ,_gdc =_bed .ReviewFile (_bcc ,_bda ,&_db .MDPParameters {DocMDPLevel :_gda .Permission });
if _gdc !=nil {return _be .SignatureValidationResult {},_gdc ;};_dce .IsVerified =_dce .DiffResults .IsPermitted ();return _dce ,nil ;};};};return _be .SignatureValidationResult {},_e .New ("\u0064\u006f\u006e\u0027\u0074\u0020\u0066o\u0075\u006e\u0064 \u0074\u0068\u0069\u0073 \u0073\u0069\u0067\u006e\u0061\u0074\u0075\u0072\u0065\u0020\u0069\u006e\u0020\u0074\u0068\u0065\u0020\u0072\u0065\u0076\u0069\u0073\u0069\u006f\u006e\u0073");
};func (_bfaa *docTimeStamp )getCertificate (_aaa *_be .PdfSignature )(*_b .Certificate ,error ){_caa ,_dfcd :=_aaa .GetCerts ();if _dfcd !=nil {return nil ,_dfcd ;};return _caa [0],nil ;};

// SkipSigningCertificateAttribute skips adding signing certificate attribute during signing process.
// Generally, it is not recommended, call it only in case your signature validator requires it.
func (_cgd *etsiPAdES )SkipSigningCertificateAttribute (){_cgd ._ebd =true };

// NewEtsiPAdESLevelT creates a new Adobe.PPKLite ETSI.CAdES.detached Level T signature handler.
func NewEtsiPAdESLevelT (privateKey *_dc .PrivateKey ,certificate *_b .Certificate ,caCert *_b .Certificate ,certificateTimestampServerURL string )(_be .SignatureHandler ,error ){return &etsiPAdES {_ea :LevelT ,_fcg :certificate ,_aace :privateKey ,_fba :caCert ,_ecab :certificateTimestampServerURL },nil ;
};const (LevelB EtsiPAdESLevel =iota ;LevelT ;LevelLT ;);

// NewAdobeX509RSASHA1Custom creates a new Adobe.PPKMS/Adobe.PPKLite
// adbe.x509.rsa_sha1 signature handler with a custom signing function. Both the
// certificate and the sign function can be nil for the signature validation.
// NOTE: the handler will do a mock Sign when initializing the signature in
// order to estimate the signature size. Use NewAdobeX509RSASHA1CustomWithOpts
// for configuring the handler to estimate the signature size.
func NewAdobeX509RSASHA1Custom (certificate *_b .Certificate ,signFunc SignFunc )(_be .SignatureHandler ,error ){return &adobeX509RSASHA1 {_egae :certificate ,_acg :signFunc },nil ;};func _beecg (_abe _gg .ObjectIdentifier )(_dca .Hash ,error ){switch {case _abe .Equal (_ff .OIDDigestAlgorithmSHA1 ),_abe .Equal (_ff .OIDDigestAlgorithmECDSASHA1 ),_abe .Equal (_ff .OIDDigestAlgorithmDSA ),_abe .Equal (_ff .OIDDigestAlgorithmDSASHA1 ),_abe .Equal (_ff .OIDEncryptionAlgorithmRSA ):return _dca .SHA1 ,nil ;
case _abe .Equal (_ff .OIDDigestAlgorithmSHA256 ),_abe .Equal (_ff .OIDDigestAlgorithmECDSASHA256 ):return _dca .SHA256 ,nil ;case _abe .Equal (_ff .OIDDigestAlgorithmSHA384 ),_abe .Equal (_ff .OIDDigestAlgorithmECDSASHA384 ):return _dca .SHA384 ,nil ;
case _abe .Equal (_ff .OIDDigestAlgorithmSHA512 ),_abe .Equal (_ff .OIDDigestAlgorithmECDSASHA512 ):return _dca .SHA512 ,nil ;};return _dca .Hash (0),_ff .ErrUnsupportedAlgorithm ;};

// GetOCSPClient returns the client for retrieving OCSP responses.
func (_de *etsiPAdES )GetOCSPClient ()*_aac .OCSPClient {return _de .OCSPClient };func (_cde *etsiPAdES )makeTimestampRequest (_eed []byte )(_gg .RawValue ,error ){_ef :=_dca .SHA512 .New ();_ef .Write (_eed );_cdf :=_ef .Sum (nil );_dceg :=_gd .Request {HashAlgorithm :_dca .SHA512 ,HashedMessage :_cdf ,Certificates :true ,Extensions :nil ,ExtraExtensions :nil };
var _ab *_aac .TimestampClient ;if _cde .TimestampClient !=nil {_ab =_cde .TimestampClient ;}else {_ab =_aac .NewTimestampClient ();};_cdff ,_aef :=_ab .GetEncodedToken (_cde ._ecab ,&_dceg );if _aef !=nil {return _gg .NullRawValue ,_aef ;};return _gg .RawValue {FullBytes :_cdff },nil ;
};func (_bcb *etsiPAdES )addDss (_cac ,_aca []*_b .Certificate ,_gbgg *RevocationInfoArchival )(int ,error ){_ebb ,_aae ,_fbb :=_bcb .buildCertChain (_cac ,_aca );if _fbb !=nil {return 0,_fbb ;};_dgf ,_fbb :=_bcb .getCerts (_ebb );if _fbb !=nil {return 0,_fbb ;
};var _eea ,_dcbd [][]byte ;if _bcb .OCSPClient !=nil {_eea ,_fbb =_bcb .getOCSPs (_ebb ,_aae );if _fbb !=nil {return 0,_fbb ;};};if _bcb .CRLClient !=nil {_dcbd ,_fbb =_bcb .getCRLs (_ebb );if _fbb !=nil {return 0,_fbb ;};};if !_bcb ._gga {_ ,_fbb =_bcb ._aab .AddCerts (_dgf );
if _fbb !=nil {return 0,_fbb ;};_ ,_fbb =_bcb ._aab .AddOCSPs (_eea );if _fbb !=nil {return 0,_fbb ;};_ ,_fbb =_bcb ._aab .AddCRLs (_dcbd );if _fbb !=nil {return 0,_fbb ;};};_edcf :=0;for _ ,_efg :=range _dcbd {_edcf +=len (_efg );_gbgg .Crl =append (_gbgg .Crl ,_gg .RawValue {FullBytes :_efg });
};for _ ,_fed :=range _eea {_edcf +=len (_fed );_gbgg .Ocsp =append (_gbgg .Ocsp ,_gg .RawValue {FullBytes :_fed });};return _edcf ,nil ;};

// NewDigest creates a new digest.
func (_fa *DocMDPHandler )NewDigest (sig *_be .PdfSignature )(_be .Hasher ,error ){return _fa ._gge .NewDigest (sig );};type adobePKCS7Detached struct{_feb _dca .PrivateKey ;_ddgf *_b .Certificate ;_bdac bool ;_cgc int ;};

// GetCRLClient returns the client for retrieving CRLs.
func (_aad *etsiPAdES )GetCRLClient ()*_aac .CRLClient {return _aad .CRLClient };

// NewDocTimeStampWithOpts returns a new DocTimeStamp configured using the
// specified options. If no options are provided, default options will be used.
// Both the timestamp server URL and the hash algorithm can be empty for the
// signature validation.
// The following hash algorithms are supported:
// crypto.SHA1, crypto.SHA256, crypto.SHA384, crypto.SHA512.
func NewDocTimeStampWithOpts (timestampServerURL string ,hashAlgorithm _dca .Hash ,opts *DocTimeStampOpts )(_be .SignatureHandler ,error ){if opts ==nil {opts =&DocTimeStampOpts {};};if opts .SignatureSize <=0{opts .SignatureSize =4192;};return &docTimeStamp {_agaa :timestampServerURL ,_bbb :hashAlgorithm ,_afb :opts .SignatureSize ,_ebaf :opts .Client },nil ;
};

// NewDocTimeStamp creates a new DocTimeStamp signature handler.
// Both the timestamp server URL and the hash algorithm can be empty for the
// signature validation.
// The following hash algorithms are supported:
// crypto.SHA1, crypto.SHA256, crypto.SHA384, crypto.SHA512.
// NOTE: the handler will do a mock Sign when initializing the signature
// in order to estimate the signature size. Use NewDocTimeStampWithOpts
// for providing the signature size.
func NewDocTimeStamp (timestampServerURL string ,hashAlgorithm _dca .Hash )(_be .SignatureHandler ,error ){return &docTimeStamp {_agaa :timestampServerURL ,_bbb :hashAlgorithm },nil ;};func (_cba *etsiPAdES )getOCSPs (_dfg []*_b .Certificate ,_dcb map[string ]*_b .Certificate )([][]byte ,error ){_aed :=make ([][]byte ,0,len (_dfg ));
for _ ,_gbge :=range _dfg {for _ ,_cff :=range _gbge .OCSPServer {if _cba .CertClient .IsCA (_gbge ){continue ;};_ag ,_eee :=_dcb [_gbge .Issuer .CommonName ];if !_eee {_ed .Log .Debug ("\u0057\u0041\u0052\u004e:\u0020\u0053\u006b\u0069\u0070\u0070\u0069\u006e\u0067 \u004f\u0043\u0053\u0050\u0020\u0072\u0065\u0071\u0075\u0065\u0073\u0074\u003a\u0020\u0069\u0073\u0073\u0075e\u0072\u0020\u0063\u0065\u0072t\u0069\u0066\u0069\u0063\u0061\u0074\u0065\u0020\u006e\u006f\u0074\u0020\u0066\u006f\u0075\u006e\u0064");
continue ;};_ ,_dd ,_ddg :=_cba .OCSPClient .MakeRequest (_cff ,_gbge ,_ag );if _ddg !=nil {_ed .Log .Debug ("\u0057\u0041\u0052\u004e:\u0020\u004f\u0043\u0053\u0050\u0020\u0072\u0065\u0071\u0075e\u0073t\u0020\u0065\u0072\u0072\u006f\u0072\u003a \u0025\u0076",_ddg );
continue ;};_aed =append (_aed ,_dd );};};return _aed ,nil ;};

// NewEtsiPAdESLevelLTEcdsa creates a new Adobe.PPKLite ETSI.CAdES.detached Level LT signature handler.
// ECDSA keys are supported by PDF version >= 2.0, for earlier versions use NewEtsiPAdESLevelLT.
func NewEtsiPAdESLevelLTEcdsa (privateKey *_aa .PrivateKey ,certificate *_b .Certificate ,caCert *_b .Certificate ,certificateTimestampServerURL string ,appender *_be .PdfAppender )(_be .SignatureHandler ,error ){_fad :=appender .Reader .DSS ;if _fad ==nil {_fad =_be .NewDSS ();
};if _bcd :=_fad .GenerateHashMaps ();_bcd !=nil {return nil ,_bcd ;};return &etsiPAdES {_ea :LevelLT ,_fcg :certificate ,_aace :privateKey ,_fba :caCert ,_ecab :certificateTimestampServerURL ,CertClient :_aac .NewCertClient (),OCSPClient :_aac .NewOCSPClient (),CRLClient :_aac .NewCRLClient (),_cbb :appender ,_aab :_fad },nil ;
};

// Sign sets the Contents fields for the PdfSignature.
func (_faa *etsiPAdES )Sign (sig *_be .PdfSignature ,digest _be .Hasher )error {_gbf ,_fbe :=digest .(*_ae .Buffer );if !_fbe {return _da .Errorf ("c\u0061s\u0074\u0020\u0074\u006f\u0020\u0062\u0075\u0066f\u0065\u0072\u0020\u0066ai\u006c\u0073");};_ega ,_eeda :=_ff .NewSignedData (_gbf .Bytes ());
if _eeda !=nil {return _eeda ;};_ega .SetDigestAlgorithm (_ff .OIDDigestAlgorithmSHA256 );_bba :=_ff .SignerInfoConfig {};_efc :=_dca .SHA256 .New ();_efc .Write (_faa ._fcg .Raw );var _aea struct{Seq struct{Seq struct{Value []byte ;};};};_aea .Seq .Seq .Value =_efc .Sum (nil );
var _acc []*_b .Certificate ;var _dcea []*_b .Certificate ;if _faa ._fba !=nil {_dcea =[]*_b .Certificate {_faa ._fba };};_dfc :=RevocationInfoArchival {Crl :[]_gg .RawValue {},Ocsp :[]_gg .RawValue {},OtherRevInfo :[]_gg .RawValue {}};_dgad :=0;if _faa ._cbb !=nil &&(len (_faa ._ecab )> 0||_faa .TimestampClient !=nil ){_agg ,_gac :=_faa .makeTimestampRequest (([]byte )(""));
if _gac !=nil {return _gac ;};_cgb ,_gac :=_gd .Parse (_agg .FullBytes );if _gac !=nil {return _gac ;};_acc =append (_acc ,_cgb .Certificates ...);};if _faa ._cbb !=nil {_gaac ,_abc :=_faa .addDss ([]*_b .Certificate {_faa ._fcg },_dcea ,&_dfc );if _abc !=nil {return _abc ;
};_dgad +=_gaac ;if len (_acc )> 0{_gaac ,_abc =_faa .addDss (_acc ,nil ,&_dfc );if _abc !=nil {return _abc ;};_dgad +=_gaac ;};if !_faa ._gga {_faa ._cbb .SetDSS (_faa ._aab );};};if !_faa ._ebd {_bba .ExtraSignedAttributes =append (_bba .ExtraSignedAttributes ,_ff .Attribute {Type :_ff .OIDAttributeSigningCertificateV2 ,Value :_aea });
};if !_faa ._cfb {_bba .ExtraSignedAttributes =append (_bba .ExtraSignedAttributes ,_ff .Attribute {Type :_ff .OIDAttributeAdobeRevocation ,Value :_dfc });};if _gc :=_ega .AddSignerChainPAdES (_faa ._fcg ,_faa ._aace ,_dcea ,_bba );_gc !=nil {return _gc ;
};_ega .Detach ();if len (_faa ._ecab )> 0{_bf :=_ega .GetSignedData ().SignerInfos [0].EncryptedDigest ;_eab ,_eaf :=_faa .makeTimestampRequest (_bf );if _eaf !=nil {return _eaf ;};_eaf =_ega .AddTimestampTokenToSigner (0,_eab .FullBytes );if _eaf !=nil {return _eaf ;
};};_beb ,_eeda :=_ega .Finish ();if _eeda !=nil {return _eeda ;};const _cfc =1024;_eba :=(len (_beb )/_cfc )+2;_ccd :=make ([]byte ,_cfc *_eba +_dgad );copy (_ccd ,_beb );sig .Contents =_cd .MakeHexString (string (_ccd ));if !_faa ._gga &&_faa ._aab !=nil {_efc =_dca .SHA1 .New ();
_efc .Write (_ccd );_abdg :=_d .ToUpper (_fc .EncodeToString (_efc .Sum (nil )));if _abdg !=""{_faa ._aab .VRI [_abdg ]=&_be .VRI {Cert :_faa ._aab .Certs ,OCSP :_faa ._aab .OCSPs ,CRL :_faa ._aab .CRLs };};_faa ._cbb .SetDSS (_faa ._aab );};return nil ;
};type adobeX509RSASHA1 struct{_cge *_dc .PrivateKey ;_egae *_b .Certificate ;_acg SignFunc ;_ddf bool ;_bde _dca .Hash ;};type etsiPAdES struct{_ea EtsiPAdESLevel ;_aace _dca .PrivateKey ;_fcg *_b .Certificate ;_gga bool ;_fba *_b .Certificate ;_ecab string ;


// TimestampClient an optional client used to connect to a timestamp server.
//
// If not defined then a default client would be used.
TimestampClient *_aac .TimestampClient ;

// CertClient is the client used to retrieve certificates.
CertClient *_aac .CertClient ;

// OCSPClient is the client used to retrieve OCSP validation information.
OCSPClient *_aac .OCSPClient ;

// CRLClient is the client used to retrieve CRL validation information.
CRLClient *_aac .CRLClient ;_cbb *_be .PdfAppender ;_aab *_be .DSS ;_ebd bool ;_cfb bool ;};

// EtsiPAdESLevel represents the PAdES signature level.
type EtsiPAdESLevel int ;const _cbf =_dca .SHA1 ;

// NewEtsiPAdESLevelB creates a new Adobe.PPKLite ETSI.CAdES.detached Level B signature handler.
func NewEtsiPAdESLevelB (privateKey *_dc .PrivateKey ,certificate *_b .Certificate ,caCert *_b .Certificate )(_be .SignatureHandler ,error ){return &etsiPAdES {_ea :LevelB ,_fcg :certificate ,_aace :privateKey ,_fba :caCert },nil ;};

// SetCertificate sets the signing certificate for the signature handler.
func (_bccc *etsiPAdES )SetCertificate (certificate *_b .Certificate ){_bccc ._fcg =certificate };

// SetAppender sets the PDF appender.
func (_dba *etsiPAdES )SetAppender (appender *_be .PdfAppender ){_dba ._cbb =appender };func (_fcec *adobeX509RSASHA1 )sign (_ecf *_be .PdfSignature ,_gacf _be .Hasher ,_cbfa bool )error {if !_cbfa {return _fcec .Sign (_ecf ,_gacf );};_aeg ,_faca :=_fcec ._egae .PublicKey .(*_dc .PublicKey );
if !_faca {return _da .Errorf ("i\u006e\u0076\u0061\u006c\u0069\u0064 \u0070\u0075\u0062\u006c\u0069\u0063\u0020\u006b\u0065y\u0020\u0074\u0079p\u0065:\u0020\u0025\u0054",_aeg );};_aaff ,_gagg :=_gg .Marshal (make ([]byte ,_aeg .Size ()));if _gagg !=nil {return _gagg ;
};_ecf .Contents =_cd .MakeHexString (string (_aaff ));return nil ;};

// NewEtsiPAdESLevelBEcdsa creates a new Adobe.PPKLite ETSI.CAdES.detached Level B signature handler.
// ECDSA keys are supported by PDF version >= 2.0, for earlier versions use NewEtsiPAdESLevelB.
func NewEtsiPAdESLevelBEcdsa (privateKey *_aa .PrivateKey ,certificate *_b .Certificate ,caCert *_b .Certificate )(_be .SignatureHandler ,error ){return &etsiPAdES {_ea :LevelB ,_fcg :certificate ,_aace :privateKey ,_fba :caCert },nil ;};

// NewEtsiPAdESLevelTEcdsa creates a new Adobe.PPKLite ETSI.CAdES.detached Level T signature handler.
// ECDSA keys are supported by PDF version >= 2.0, for earlier versions use NewEtsiPAdESLevelT.
func NewEtsiPAdESLevelTEcdsa (privateKey *_aa .PrivateKey ,certificate *_b .Certificate ,caCert *_b .Certificate ,certificateTimestampServerURL string )(_be .SignatureHandler ,error ){return &etsiPAdES {_ea :LevelT ,_fcg :certificate ,_aace :privateKey ,_fba :caCert ,_ecab :certificateTimestampServerURL },nil ;
};

// NewDocMDPHandler returns the new DocMDP handler with the specific DocMDP restriction level.
func NewDocMDPHandler (handler _be .SignatureHandler ,permission _db .DocMDPPermission )(_be .SignatureHandler ,error ){return &DocMDPHandler {_gge :handler ,Permission :permission },nil ;};

// IsApplicable returns true if the signature handler is applicable for the PdfSignature.
func (_dcdb *docTimeStamp )IsApplicable (sig *_be .PdfSignature )bool {if sig ==nil ||sig .Filter ==nil ||sig .SubFilter ==nil {return false ;};return (*sig .Filter =="A\u0064\u006f\u0062\u0065\u002e\u0050\u0050\u004b\u004d\u0053"||*sig .Filter =="\u0041\u0064\u006f\u0062\u0065\u002e\u0050\u0050\u004b\u004c\u0069\u0074\u0065")&&*sig .SubFilter =="\u0045\u0054\u0053I\u002e\u0052\u0046\u0043\u0033\u0031\u0036\u0031";
};

// NewAdobeX509RSASHA1CustomWithOpts creates a new Adobe.PPKMS/Adobe.PPKLite
// adbe.x509.rsa_sha1 signature handler with a custom signing function. The
// handler is configured based on the provided options. If no options are
// provided, default options will be used. Both the certificate and the sign
// function can be nil for the signature validation.
func NewAdobeX509RSASHA1CustomWithOpts (certificate *_b .Certificate ,signFunc SignFunc ,opts *AdobeX509RSASHA1Opts )(_be .SignatureHandler ,error ){if opts ==nil {opts =&AdobeX509RSASHA1Opts {};};return &adobeX509RSASHA1 {_egae :certificate ,_acg :signFunc ,_ddf :opts .EstimateSize ,_bde :opts .Algorithm },nil ;
};

// SetPrivateKey sets the private key for the signature handler.
func (_cg *etsiPAdES )SetPrivateKey (privateKey _dca .PrivateKey ){_cg ._aace =privateKey };func (_cgg *adobeX509RSASHA1 )getHashAlgorithm (_aec *_be .PdfSignature )(_dca .Hash ,error ){_bddg ,_efga :=_cgg .getCertificate (_aec );if _efga !=nil {if _cgg ._bde !=0{return _cgg ._bde ,nil ;
};return _cbf ,_efga ;};if _aec .Contents !=nil {_fee :=_aec .Contents .Bytes ();var _gbda []byte ;if _ ,_efge :=_gg .Unmarshal (_fee ,&_gbda );_efge ==nil {_bfg :=_gef (_bddg .PublicKey .(*_dc .PublicKey ),_gbda );if _bfg > 0{return _bfg ,nil ;};};};if _cgg ._bde !=0{return _cgg ._bde ,nil ;
};return _cbf ,nil ;};

// NewAdobeX509RSASHA1 creates a new Adobe.PPKMS/Adobe.PPKLite
// adbe.x509.rsa_sha1 signature handler. Both the private key and the
// certificate can be nil for the signature validation.
func NewAdobeX509RSASHA1 (privateKey *_dc .PrivateKey ,certificate *_b .Certificate )(_be .SignatureHandler ,error ){return &adobeX509RSASHA1 {_egae :certificate ,_cge :privateKey },nil ;};

// SetCA sets the CA certificate for the signature handler.
func (_gaf *etsiPAdES )SetCA (certificate *_b .Certificate ){_gaf ._fba =certificate };

// NewEtsiPAdESLevelLT creates a new Adobe.PPKLite ETSI.CAdES.detached Level LT signature handler.
func NewEtsiPAdESLevelLT (privateKey *_dc .PrivateKey ,certificate *_b .Certificate ,caCert *_b .Certificate ,certificateTimestampServerURL string ,appender *_be .PdfAppender )(_be .SignatureHandler ,error ){_gbg :=appender .Reader .DSS ;if _gbg ==nil {_gbg =_be .NewDSS ();
};if _deb :=_gbg .GenerateHashMaps ();_deb !=nil {return nil ,_deb ;};return &etsiPAdES {_ea :LevelLT ,_fcg :certificate ,_aace :privateKey ,_fba :caCert ,_ecab :certificateTimestampServerURL ,CertClient :_aac .NewCertClient (),OCSPClient :_aac .NewOCSPClient (),CRLClient :_aac .NewCRLClient (),_cbb :appender ,_aab :_gbg },nil ;
};func _bae (_aaee []byte ,_cgge int )(_gba []byte ){_afd :=len (_aaee );if _afd > _cgge {_afd =_cgge ;};_gba =make ([]byte ,_cgge );copy (_gba [len (_gba )-_afd :],_aaee );return ;};

// InitSignature initialises the PdfSignature.
func (_ffdb *adobeX509RSASHA1 )InitSignature (sig *_be .PdfSignature )error {if _ffdb ._egae ==nil {return _e .New ("c\u0065\u0072\u0074\u0069\u0066\u0069c\u0061\u0074\u0065\u0020\u006d\u0075\u0073\u0074\u0020n\u006f\u0074\u0020b\u0065 \u006e\u0069\u006c");
};if _ffdb ._cge ==nil &&_ffdb ._acg ==nil {return _e .New ("\u006d\u0075\u0073\u0074\u0020\u0070\u0072o\u0076\u0069\u0064e\u0020\u0065\u0069t\u0068\u0065r\u0020\u0061\u0020\u0070\u0072\u0069v\u0061te\u0020\u006b\u0065\u0079\u0020\u006f\u0072\u0020\u0061\u0020\u0073\u0069\u0067\u006e\u0069\u006e\u0067\u0020\u0066\u0075\u006e\u0063\u0074\u0069\u006f\u006e");
};_cgfd :=*_ffdb ;sig .Handler =&_cgfd ;sig .Filter =_cd .MakeName ("\u0041\u0064\u006f\u0062\u0065\u002e\u0050\u0050\u004b\u004c\u0069\u0074\u0065");sig .SubFilter =_cd .MakeName ("\u0061d\u0062e\u002e\u0078\u0035\u0030\u0039.\u0072\u0073a\u005f\u0073\u0068\u0061\u0031");
sig .Cert =_cd .MakeString (string (_cgfd ._egae .Raw ));sig .Reference =nil ;_fce ,_bge :=_cgfd .NewDigest (sig );if _bge !=nil {return _bge ;};_fce .Write ([]byte ("\u0063\u0061\u006c\u0063\u0075\u006ca\u0074\u0065\u0020\u0074\u0068\u0065\u0020\u0043\u006f\u006e\u0074\u0065\u006et\u0073\u0020\u0066\u0069\u0065\u006c\u0064 \u0073\u0069\u007a\u0065"));
return _cgfd .sign (sig ,_fce ,_ffdb ._ddf );};

// InitSignature initialises the PdfSignature.
func (_gebf *adobePKCS7Detached )InitSignature (sig *_be .PdfSignature )error {if !_gebf ._bdac {if _gebf ._ddgf ==nil {return _e .New ("c\u0065\u0072\u0074\u0069\u0066\u0069c\u0061\u0074\u0065\u0020\u006d\u0075\u0073\u0074\u0020n\u006f\u0074\u0020b\u0065 \u006e\u0069\u006c");
};if _gebf ._feb ==nil {return _e .New ("\u0070\u0072\u0069\u0076\u0061\u0074\u0065\u004b\u0065\u0079\u0020m\u0075\u0073\u0074\u0020\u006e\u006f\u0074\u0020\u0062\u0065 \u006e\u0069\u006c");};};_ebe :=*_gebf ;sig .Handler =&_ebe ;sig .Filter =_cd .MakeName ("\u0041\u0064\u006f\u0062\u0065\u002e\u0050\u0050\u004b\u004c\u0069\u0074\u0065");
sig .SubFilter =_cd .MakeName ("\u0061\u0064\u0062\u0065.p\u006b\u0063\u0073\u0037\u002e\u0064\u0065\u0074\u0061\u0063\u0068\u0065\u0064");sig .Reference =nil ;_eac ,_age :=_ebe .NewDigest (sig );if _age !=nil {return _age ;};_eac .Write ([]byte ("\u0063\u0061\u006c\u0063\u0075\u006ca\u0074\u0065\u0020\u0074\u0068\u0065\u0020\u0043\u006f\u006e\u0074\u0065\u006et\u0073\u0020\u0066\u0069\u0065\u006c\u0064 \u0073\u0069\u007a\u0065"));
return _ebe .Sign (sig ,_eac );};

// SetOCSPClient sets the client for retrieving OCSP responses.
func (_dcd *etsiPAdES )SetOCSPClient (ocspClient *_aac .OCSPClient ){_dcd .OCSPClient =ocspClient };type timestampInfo struct{Version int ;Policy _gg .RawValue ;MessageImprint struct{HashAlgorithm _cc .AlgorithmIdentifier ;HashedMessage []byte ;};SerialNumber _gg .RawValue ;
GeneralizedTime _f .Time ;};

// GetPrivateKey returns the private key for the signature handler.
func (_ee *etsiPAdES )GetPrivateKey ()_dca .PrivateKey {return _ee ._aace };

// GetTimestampServerURL returns the URL of the timestamp server.
func (_aacef *etsiPAdES )GetTimestampServerURL ()string {return _aacef ._ecab };func (_aff *etsiPAdES )getCRLs (_ggd []*_b .Certificate )([][]byte ,error ){_dfd :=make ([][]byte ,0,len (_ggd ));for _ ,_gee :=range _ggd {for _ ,_fg :=range _gee .CRLDistributionPoints {if _aff .CertClient .IsCA (_gee ){continue ;
};_ffa ,_ebf :=_aff .CRLClient .MakeRequest (_fg ,_gee );if _ebf !=nil {_ed .Log .Debug ("W\u0041\u0052\u004e\u003a\u0020\u0043R\u004c\u0020\u0072\u0065\u0071\u0075\u0065\u0073\u0074 \u0065\u0072\u0072o\u0072:\u0020\u0025\u0076",_ebf );continue ;};_dfd =append (_dfd ,_ffa );
};};return _dfd ,nil ;};func (_aabe *adobeX509RSASHA1 )getCertificate (_adfdd *_be .PdfSignature )(*_b .Certificate ,error ){if _aabe ._egae !=nil {return _aabe ._egae ,nil ;};_bbee ,_gde :=_adfdd .GetCerts ();if _gde !=nil {return nil ,_gde ;};return _bbee [0],nil ;
};

// SkipRevocationInfoAttribute skips adding revocation attribute during signing process.
// Generally, it is not recommended, call it only in case your signature validator requires it.
func (_beg *etsiPAdES )SkipRevocationInfoAttribute (){_beg ._cfb =true };

// DocMDPHandler describes handler for the DocMDP realization.
type DocMDPHandler struct{_gge _be .SignatureHandler ;Permission _db .DocMDPPermission ;};

// GetDSS returns the Document Security Store (DSS) for the signature handler.
func (_ebg *etsiPAdES )GetDSS ()*_be .DSS {return _ebg ._aab };func (_geb *etsiPAdES )buildCertChain (_dfb ,_ebc []*_b .Certificate )([]*_b .Certificate ,map[string ]*_b .Certificate ,error ){_ba :=map[string ]*_b .Certificate {};for _ ,_ddb :=range _dfb {_ba [_ddb .Subject .CommonName ]=_ddb ;
};_bg :=_dfb ;for _ ,_gbd :=range _ebc {_egd :=_gbd .Subject .CommonName ;if _ ,_fe :=_ba [_egd ];_fe {continue ;};_ba [_egd ]=_gbd ;_bg =append (_bg ,_gbd );};if len (_bg )==0{return nil ,nil ,_be .ErrSignNoCertificates ;};var _bga error ;for _eeg :=_bg [0];
_eeg !=nil &&!_geb .CertClient .IsCA (_eeg );{var _bad *_b .Certificate ;_ ,_fff :=_ba [_eeg .Issuer .CommonName ];if !_fff {if _bad ,_bga =_geb .CertClient .GetIssuer (_eeg );_bga !=nil {_ed .Log .Debug ("W\u0041\u0052\u004e\u003a\u0020\u0043\u006f\u0075\u006cd\u0020\u006e\u006f\u0074\u0020\u0072\u0065tr\u0069\u0065\u0076\u0065 \u0063\u0065\u0072\u0074\u0069\u0066\u0069\u0063\u0061te\u0020\u0069s\u0073\u0075\u0065\u0072\u003a\u0020\u0025\u0076",_bga );
break ;};_ba [_eeg .Issuer .CommonName ]=_bad ;_bg =append (_bg ,_bad );}else {break ;};_eeg =_bad ;};return _bg ,_ba ,nil ;};

// SetCRLClient sets the client for retrieving CRLs.
func (_eg *etsiPAdES )SetCRLClient (crlClient *_aac .CRLClient ){_eg .CRLClient =crlClient };

// SetCertClient sets the client for retrieving certificates.
func (_aee *etsiPAdES )SetCertClient (certClient *_aac .CertClient ){_aee .CertClient =certClient };

// Sign sets the Contents fields for the PdfSignature.
func (_ageb *docTimeStamp )Sign (sig *_be .PdfSignature ,digest _be .Hasher )error {_baa ,_dae :=_aac .NewTimestampRequest (digest .(*_ae .Buffer ),&_gd .RequestOptions {Hash :_ageb ._bbb ,Certificates :true });if _dae !=nil {return _dae ;};_ddd :=_ageb ._ebaf ;
if _ddd ==nil {_ddd =_aac .NewTimestampClient ();};_cbef ,_dae :=_ddd .GetEncodedToken (_ageb ._agaa ,_baa );if _dae !=nil {return _dae ;};_bdc :=len (_cbef );if _ageb ._afb > 0&&_bdc > _ageb ._afb {return _be .ErrSignNotEnoughSpace ;};if _bdc > 0{_ageb ._afb =_bdc +128;
};if sig .Contents !=nil {_eedd :=sig .Contents .Bytes ();copy (_eedd ,_cbef );_cbef =_eedd ;};sig .Contents =_cd .MakeHexString (string (_cbef ));return nil ;};

// Validate validates PdfSignature.
func (_gab *etsiPAdES )Validate (sig *_be .PdfSignature ,digest _be .Hasher )(_be .SignatureValidationResult ,error ){_ebfe :=sig .Contents .Bytes ();_edb ,_fgd :=_ff .Parse (_ebfe );if _fgd !=nil {return _be .SignatureValidationResult {},_fgd ;};_dgc ,_bca :=digest .(*_ae .Buffer );
if !_bca {return _be .SignatureValidationResult {},_da .Errorf ("c\u0061s\u0074\u0020\u0074\u006f\u0020\u0062\u0075\u0066f\u0065\u0072\u0020\u0066ai\u006c\u0073");};_edb .Content =_dgc .Bytes ();if _fgd =_edb .Verify ();_fgd !=nil {return _be .SignatureValidationResult {},_fgd ;
};_cgf :=false ;_egb :=false ;var _efag _f .Time ;for _ ,_cdef :=range _edb .Signers {_bedb :=_cdef .EncryptedDigest ;var _ggc RevocationInfoArchival ;_fgd =_edb .UnmarshalSignedAttribute (_ff .OIDAttributeAdobeRevocation ,&_ggc );if _fgd ==nil {if len (_ggc .Crl )> 0{_egb =true ;
};if len (_ggc .Ocsp )> 0{_cgf =true ;};};for _ ,_bab :=range _cdef .UnauthenticatedAttributes {if _bab .Type .Equal (_ff .OIDAttributeTimeStampToken ){_bef ,_fgc :=_gd .Parse (_bab .Value .Bytes );if _fgc !=nil {return _be .SignatureValidationResult {},_fgc ;
};_efag =_bef .Time ;_cag :=_bef .HashAlgorithm .New ();_cag .Write (_bedb );if !_ae .Equal (_cag .Sum (nil ),_bef .HashedMessage ){return _be .SignatureValidationResult {},_e .New ("\u0068\u0061\u0073\u0068\u0020i\u006e\u0020\u0074\u0069\u006d\u0065\u0073\u0074\u0061\u006d\u0070\u0020\u0069s\u0020\u0064\u0069\u0066\u0066\u0065\u0072\u0065\u006e\u0074\u0020\u0066\u0072\u006f\u006d\u0020\u0070\u006b\u0063\u0073\u0037");
};break ;};};};_fgb :=_be .SignatureValidationResult {IsSigned :true ,IsVerified :true ,IsCrlFound :_egb ,IsOcspFound :_cgf ,GeneralizedTime :_efag };return _fgb ,nil ;};

// NewAdobePKCS7DetachedEcdsa creates a new Adobe.PPKMS/Adobe.PPKLite adbe.pkcs7.detached signature handler.
// Both parameters may be nil for the signature validation.
// ECDSA keys are supported by PDF version >= 2.0, for earlier versions use NewAdobePKCS7Detached.
func NewAdobePKCS7DetachedEcdsa (privateKey *_aa .PrivateKey ,certificate *_b .Certificate )(_be .SignatureHandler ,error ){return &adobePKCS7Detached {_ddgf :certificate ,_feb :privateKey },nil ;};type docTimeStamp struct{_agaa string ;_bbb _dca .Hash ;
_afb int ;_ebaf *_aac .TimestampClient ;};

// NewEmptyAdobePKCS7Detached creates a new Adobe.PPKMS/Adobe.PPKLite adbe.pkcs7.detached
// signature handler. The generated signature is empty and of size signatureLen.
// The signatureLen parameter can be 0 for the signature validation.
func NewEmptyAdobePKCS7Detached (signatureLen int )(_be .SignatureHandler ,error ){return &adobePKCS7Detached {_bdac :true ,_cgc :signatureLen },nil ;};

// Validate implementation of the SignatureHandler interface
// This check is impossible without checking the document's content.
// Please, use ValidateWithOpts with the PdfParser.
func (_ccg *DocMDPHandler )Validate (sig *_be .PdfSignature ,digest _be .Hasher )(_be .SignatureValidationResult ,error ){return _be .SignatureValidationResult {},_e .New ("i\u006d\u0070\u006f\u0073\u0073\u0069b\u006c\u0065\u0020\u0076\u0061\u006ci\u0064\u0061\u0074\u0069\u006f\u006e\u0020w\u0069\u0074\u0068\u006f\u0075\u0074\u0020\u0070\u0061\u0072s\u0065");
};func _gef (_eacd *_dc .PublicKey ,_agc []byte )_dca .Hash {_gdgb :=_eacd .Size ();if _gdgb !=len (_agc ){return 0;};_abb :=func (_bead *_c .Int ,_aag *_dc .PublicKey ,_gbc *_c .Int )*_c .Int {_dgb :=_c .NewInt (int64 (_aag .E ));_bead .Exp (_gbc ,_dgb ,_aag .N );
return _bead ;};_ceda :=new (_c .Int ).SetBytes (_agc );_cdc :=_abb (new (_c .Int ),_eacd ,_ceda );_ddfb :=_bae (_cdc .Bytes (),_gdgb );if _ddfb [0]!=0||_ddfb [1]!=1{return 0;};_cea :=[]struct{Hash _dca .Hash ;Prefix []byte ;}{{Hash :_dca .SHA1 ,Prefix :[]byte {0x30,0x21,0x30,0x09,0x06,0x05,0x2b,0x0e,0x03,0x02,0x1a,0x05,0x00,0x04,0x14}},{Hash :_dca .SHA256 ,Prefix :[]byte {0x30,0x31,0x30,0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x01,0x05,0x00,0x04,0x20}},{Hash :_dca .SHA384 ,Prefix :[]byte {0x30,0x41,0x30,0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x02,0x05,0x00,0x04,0x30}},{Hash :_dca .SHA512 ,Prefix :[]byte {0x30,0x51,0x30,0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x03,0x05,0x00,0x04,0x40}},{Hash :_dca .RIPEMD160 ,Prefix :[]byte {0x30,0x20,0x30,0x08,0x06,0x06,0x28,0xcf,0x06,0x03,0x00,0x31,0x04,0x14}}};
for _ ,_bbec :=range _cea {_edg :=_bbec .Hash .Size ();_ddgc :=len (_bbec .Prefix )+_edg ;if _ae .Equal (_ddfb [_gdgb -_ddgc :_gdgb -_edg ],_bbec .Prefix ){return _bbec .Hash ;};};return 0;};

// NewDigest creates a new digest.
func (_fac *adobePKCS7Detached )NewDigest (sig *_be .PdfSignature )(_be .Hasher ,error ){return _ae .NewBuffer (nil ),nil ;};

// InitSignature initialises the PdfSignature.
func (_ccdc *docTimeStamp )InitSignature (sig *_be .PdfSignature )error {_ade :=*_ccdc ;sig .Type =_cd .MakeName ("\u0044\u006f\u0063T\u0069\u006d\u0065\u0053\u0074\u0061\u006d\u0070");sig .Handler =&_ade ;sig .Filter =_cd .MakeName ("\u0041\u0064\u006f\u0062\u0065\u002e\u0050\u0050\u004b\u004c\u0069\u0074\u0065");
sig .SubFilter =_cd .MakeName ("\u0045\u0054\u0053I\u002e\u0052\u0046\u0043\u0033\u0031\u0036\u0031");sig .Reference =nil ;if _ccdc ._afb > 0{sig .Contents =_cd .MakeHexString (string (make ([]byte ,_ccdc ._afb )));}else {_bfa ,_dbf :=_ccdc .NewDigest (sig );
if _dbf !=nil {return _dbf ;};_bfa .Write ([]byte ("\u0063\u0061\u006c\u0063\u0075\u006ca\u0074\u0065\u0020\u0074\u0068\u0065\u0020\u0043\u006f\u006e\u0074\u0065\u006et\u0073\u0020\u0066\u0069\u0065\u006c\u0064 \u0073\u0069\u007a\u0065"));if _dbf =_ade .Sign (sig ,_bfa );
_dbf !=nil {return _dbf ;};_ccdc ._afb =_ade ._afb ;};return nil ;};