package org.adullact.parapheur.applets.splittedsign.sign.cms;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SignatureException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.adullact.parapheur.applets.splittedsign.utils.DERUtil;
import org.adullact.parapheur.applets.splittedsign.utils.HexString;
import org.adullact.parapheur.applets.splittedsign.utils.SignType;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1Integer;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1Set;
import org.bouncycastle.asn1.DERNull;
import org.bouncycastle.asn1.DERObjectIdentifier;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.DERSet;
import org.bouncycastle.asn1.cms.Attribute;
import org.bouncycastle.asn1.cms.AttributeTable;
import org.bouncycastle.asn1.cms.CMSAttributes;
import org.bouncycastle.asn1.cms.Time;
import org.bouncycastle.asn1.ess.ESSCertIDv2;
import org.bouncycastle.asn1.ess.SigningCertificateV2;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.asn1.x509.IssuerSerial;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.cms.CMSSignedDataGenerator;
import org.bouncycastle.cms.DefaultSignedAttributeTableGenerator;
import org.bouncycastle.cms.SignerInfoGenerator;
import org.bouncycastle.cms.SimpleAttributeTableGenerator;
import org.bouncycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.DigestCalculator;
import org.bouncycastle.operator.DigestCalculatorProvider;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.tsp.TimeStampToken;

/* loaded from: input_file:org/adullact/parapheur/applets/splittedsign/sign/cms/ExternalSignerInfoGenerator.class */
public class ExternalSignerInfoGenerator {
    private AttributeTable unsignedAttrTable;
    private AttributeTable signedAttrTable;
    private String encryptionAlgOID;
    private String digestAlgOID;
    private String securityProvider;
    private SignType signType;
    private final Logger logger = Logger.getLogger("ExternalSignerInfoGenerator");
    private ASN1Set unsignedAttr = null;
    private ASN1Set signedAttr = null;

    public ExternalSignerInfoGenerator(SignType signType, String str, String str2, String str3) {
        this.unsignedAttrTable = null;
        this.signedAttrTable = null;
        this.signType = signType;
        this.digestAlgOID = str;
        this.encryptionAlgOID = str2;
        this.securityProvider = str3;
        this.unsignedAttrTable = new AttributeTable(new Hashtable());
        this.signedAttrTable = new AttributeTable(new Hashtable());
    }

    public static String getDigestAlgName(String str) {
        return CMSSignedDataGenerator.DIGEST_MD5.equals(str) ? "MD5" : CMSSignedDataGenerator.DIGEST_SHA1.equals(str) ? "SHA1" : CMSSignedDataGenerator.DIGEST_SHA224.equals(str) ? "SHA224" : CMSSignedDataGenerator.DIGEST_SHA256.equals(str) ? "SHA256" : CMSSignedDataGenerator.DIGEST_SHA384.equals(str) ? "SHA384" : CMSSignedDataGenerator.DIGEST_SHA512.equals(str) ? "SHA512" : str;
    }

    public static String getOIDFromDigestAlgName(String str) {
        return "MD5".equals(str) ? CMSSignedDataGenerator.DIGEST_MD5 : "SHA1".equals(str) ? CMSSignedDataGenerator.DIGEST_SHA1 : "SHA224".equals(str) ? CMSSignedDataGenerator.DIGEST_SHA224 : "SHA256".equals(str) ? CMSSignedDataGenerator.DIGEST_SHA256 : "SHA384".equals(str) ? CMSSignedDataGenerator.DIGEST_SHA384 : "SHA512".equals(str) ? CMSSignedDataGenerator.DIGEST_SHA512 : str;
    }

    public String getEncryptionAlgName() {
        return CMSSignedDataGenerator.ENCRYPTION_DSA.equals(this.encryptionAlgOID) ? "DSA" : CMSSignedDataGenerator.ENCRYPTION_RSA.equals(this.encryptionAlgOID) ? "RSA" : this.encryptionAlgOID;
    }

    public static String getOIDFromEncryptionAlgName(String str) {
        return "DSA".equals(str) ? CMSSignedDataGenerator.ENCRYPTION_DSA : "RSA".equals(str) ? CMSSignedDataGenerator.ENCRYPTION_RSA : str;
    }

    public byte[] getPdfBytesToSign(byte[] bArr, Date date, DERObjectIdentifier dERObjectIdentifier, X509Certificate x509Certificate, TimeStampToken timeStampToken) throws IOException, SignatureException, InvalidKeyException, NoSuchProviderException, NoSuchAlgorithmException, CertificateEncodingException, CMSException {
        ASN1EncodableVector buildSignedAttributes = buildSignedAttributes(bArr, date, dERObjectIdentifier, x509Certificate);
        buildUnsignedAttributes(bArr, timeStampToken);
        byte[] hash = DERUtil.getHash(DERUtil.toByteArray(new DERSet(buildSignedAttributes)), this.digestAlgOID, this.securityProvider);
        this.logger.log(Level.INFO, "HASH:{0}", HexString.hexify(hash));
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        ASN1EncodableVector aSN1EncodableVector2 = new ASN1EncodableVector();
        aSN1EncodableVector2.add(new ASN1ObjectIdentifier(this.digestAlgOID));
        aSN1EncodableVector2.add(DERNull.INSTANCE);
        aSN1EncodableVector.add(new DERSequence(aSN1EncodableVector2));
        aSN1EncodableVector.add(new DEROctetString(hash));
        return DERUtil.toByteArray(new DERSequence(aSN1EncodableVector));
    }

    public byte[] getP7xBytesToSign(byte[] bArr, Date date, DERObjectIdentifier dERObjectIdentifier, X509Certificate x509Certificate, TimeStampToken timeStampToken) throws IOException, SignatureException, InvalidKeyException, NoSuchProviderException, NoSuchAlgorithmException, CertificateEncodingException, CMSException {
        ASN1EncodableVector buildSignedAttributes = buildSignedAttributes(bArr, date, dERObjectIdentifier, x509Certificate);
        buildUnsignedAttributes(bArr, timeStampToken);
        return DERUtil.toByteArray(new DERSet(buildSignedAttributes));
    }

    protected ASN1EncodableVector buildUnsignedAttributes(byte[] bArr, TimeStampToken timeStampToken) throws IOException {
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        Hashtable hashtable = this.unsignedAttrTable.toHashtable();
        if (timeStampToken != null) {
            if (hashtable.containsKey(PKCSObjectIdentifiers.id_aa_signatureTimeStampToken)) {
                aSN1EncodableVector.add((Attribute) hashtable.get(PKCSObjectIdentifiers.id_aa_signatureTimeStampToken));
                hashtable.remove(PKCSObjectIdentifiers.id_aa_signatureTimeStampToken);
            } else {
                ASN1InputStream aSN1InputStream = new ASN1InputStream(new ByteArrayInputStream(timeStampToken.getEncoded()));
                ASN1EncodableVector aSN1EncodableVector2 = new ASN1EncodableVector();
                aSN1EncodableVector2.add(new ASN1ObjectIdentifier(PKCSObjectIdentifiers.id_aa_signatureTimeStampToken.getId()));
                aSN1EncodableVector2.add(new DERSet(aSN1InputStream.readObject().getObjectAt(1)));
                aSN1EncodableVector.add(new DERSequence(aSN1EncodableVector2));
            }
        }
        Iterator it = hashtable.values().iterator();
        while (it.hasNext()) {
            aSN1EncodableVector.add(Attribute.getInstance(it.next()));
        }
        this.unsignedAttr = new DERSet(aSN1EncodableVector);
        return aSN1EncodableVector;
    }

    protected ASN1EncodableVector buildSignedAttributes(byte[] bArr, Date date, DERObjectIdentifier dERObjectIdentifier, X509Certificate x509Certificate) throws NoSuchAlgorithmException, NoSuchProviderException, CertificateEncodingException, IOException, CMSException {
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        Hashtable hashtable = this.signedAttrTable.toHashtable();
        if (dERObjectIdentifier != null) {
            if (hashtable.containsKey(CMSAttributes.contentType)) {
                aSN1EncodableVector.add((Attribute) hashtable.get(CMSAttributes.contentType));
                hashtable.remove(CMSAttributes.contentType);
            } else {
                aSN1EncodableVector.add(new Attribute(CMSAttributes.contentType, new DERSet(dERObjectIdentifier)));
            }
        }
        if (hashtable.containsKey(CMSAttributes.signingTime)) {
            aSN1EncodableVector.add((Attribute) hashtable.get(CMSAttributes.signingTime));
            hashtable.remove(CMSAttributes.signingTime);
        } else {
            aSN1EncodableVector.add(new Attribute(CMSAttributes.signingTime, new DERSet(new Time(date))));
        }
        if (hashtable.containsKey(CMSAttributes.messageDigest)) {
            aSN1EncodableVector.add((Attribute) hashtable.get(CMSAttributes.messageDigest));
            hashtable.remove(CMSAttributes.messageDigest);
        } else {
            aSN1EncodableVector.add(new Attribute(CMSAttributes.messageDigest, new DERSet(new DEROctetString(bArr))));
        }
        if (this.signType != SignType.Pkcs7 && this.signType != SignType.PDF && this.signType != SignType.XMLDSIG) {
            if (hashtable.containsKey(PKCSObjectIdentifiers.id_aa_signingCertificateV2)) {
                aSN1EncodableVector.add((Attribute) hashtable.get(PKCSObjectIdentifiers.id_aa_signingCertificateV2));
                hashtable.remove(PKCSObjectIdentifiers.id_aa_signingCertificateV2);
            } else if (x509Certificate != null) {
                aSN1EncodableVector.add(buildSigningCertificateV2Attribute(x509Certificate));
            }
        }
        Iterator it = hashtable.values().iterator();
        while (it.hasNext()) {
            aSN1EncodableVector.add(Attribute.getInstance(it.next()));
        }
        this.signedAttr = new DERSet(aSN1EncodableVector);
        return aSN1EncodableVector;
    }

    protected Attribute buildSigningCertificateV2Attribute(X509Certificate x509Certificate) throws NoSuchAlgorithmException, NoSuchProviderException, CertificateEncodingException, IOException, CMSException {
        AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(new ASN1ObjectIdentifier(this.digestAlgOID));
        byte[] hash = DERUtil.getHash(x509Certificate.getEncoded(), this.digestAlgOID, this.securityProvider);
        X509CertificateHolder x509CertificateHolder = new X509CertificateHolder(x509Certificate.getEncoded());
        return new Attribute(PKCSObjectIdentifiers.id_aa_signingCertificateV2, new DERSet(new SigningCertificateV2(new ESSCertIDv2[]{new ESSCertIDv2(algorithmIdentifier, hash, new IssuerSerial(new GeneralNames(new GeneralName(x509CertificateHolder.getIssuer())), new ASN1Integer(x509CertificateHolder.getSerialNumber())))})));
    }

    public void addTimeStampToken(TimeStampToken timeStampToken) throws IOException {
        ASN1InputStream aSN1InputStream = new ASN1InputStream(new ByteArrayInputStream(timeStampToken.getEncoded()));
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        aSN1EncodableVector.add(new ASN1ObjectIdentifier(PKCSObjectIdentifiers.id_aa_signatureTimeStampToken.getId()));
        aSN1EncodableVector.add(new DERSet(aSN1InputStream.readObject().getObjectAt(1)));
        this.unsignedAttrTable = this.unsignedAttrTable.add(PKCSObjectIdentifiers.id_aa_signatureTimeStampToken, new DERSequence(aSN1EncodableVector));
    }

    public AttributeTable getUnsignedAttrTable() {
        return this.unsignedAttrTable;
    }

    public AttributeTable getSignedAttrTable() {
        return this.signedAttrTable;
    }

    public SignerInfoGenerator generate(final byte[] bArr, final byte[] bArr2, X509Certificate x509Certificate) throws CertificateEncodingException, OperatorCreationException, IOException {
        X509CertificateHolder x509CertificateHolder = new X509CertificateHolder(x509Certificate.getEncoded());
        return new SignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(new DigestCalculatorProvider() { // from class: org.adullact.parapheur.applets.splittedsign.sign.cms.ExternalSignerInfoGenerator.2
            public DigestCalculator get(AlgorithmIdentifier algorithmIdentifier) throws OperatorCreationException {
                return new DigestCalculator() { // from class: org.adullact.parapheur.applets.splittedsign.sign.cms.ExternalSignerInfoGenerator.2.1
                    public AlgorithmIdentifier getAlgorithmIdentifier() {
                        return new AlgorithmIdentifier(new ASN1ObjectIdentifier(ExternalSignerInfoGenerator.this.digestAlgOID), DERNull.INSTANCE);
                    }

                    public OutputStream getOutputStream() {
                        return null;
                    }

                    public byte[] getDigest() {
                        return bArr;
                    }
                };
            }
        }).build(new ContentSigner() { // from class: org.adullact.parapheur.applets.splittedsign.sign.cms.ExternalSignerInfoGenerator.1
            public AlgorithmIdentifier getAlgorithmIdentifier() {
                return ExternalSignerInfoGenerator.this.encryptionAlgOID.equals(CMSSignedDataGenerator.ENCRYPTION_DSA) ? new AlgorithmIdentifier(new ASN1ObjectIdentifier(ExternalSignerInfoGenerator.this.encryptionAlgOID)) : new AlgorithmIdentifier(new ASN1ObjectIdentifier(ExternalSignerInfoGenerator.this.encryptionAlgOID), DERNull.INSTANCE);
            }

            public OutputStream getOutputStream() {
                return new ByteArrayOutputStream();
            }

            public byte[] getSignature() {
                return bArr2;
            }
        }, x509CertificateHolder), new DefaultSignedAttributeTableGenerator(new AttributeTable(this.signedAttr)), new SimpleAttributeTableGenerator(new AttributeTable(this.unsignedAttr)));
    }
}
