package org.adullact.parapheur.applets.splittedsign;

import iaik.pkcs.pkcs11.provider.keys.IAIKPKCS11RsaPrivateKey;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.Security;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateKey;
import java.util.Arrays;
import java.util.Date;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import sun.security.pkcs.ContentInfo;
import sun.security.pkcs.PKCS7;
import sun.security.pkcs.PKCS9Attribute;
import sun.security.pkcs.PKCS9Attributes;
import sun.security.pkcs.ParsingException;
import sun.security.pkcs.SignerInfo;
import sun.security.util.DerValue;
import sun.security.x509.AlgorithmId;
import sun.security.x509.X500Name;
import sun.security.x509.X509CertInfo;

/* loaded from: input_file:org/adullact/parapheur/applets/splittedsign/PKCS7SignUtil.class */
public class PKCS7SignUtil {
    static final String DIGEST_ALG = "SHA1";
    static final String OS_NAME = System.getProperty("os.name");
    static final Logger logger = Logger.getLogger(PKCS7SignUtil.class.getName());

    public static byte[] signAndCreateP7(X509Certificate[] x509CertificateArr, PrivateKey privateKey, byte[] bArr) throws NoSuchAlgorithmException, InvalidKeyException, IOException, SignatureException, CertificateException, CMSException {
        if (!(x509CertificateArr[0].getIssuerDN() instanceof X500Name)) {
            System.out.println("Certificat fourni par: " + ((Principal) new X509CertInfo(x509CertificateArr[0].getTBSCertificate()).get("issuer.dname")));
        }
        try {
            Security.addProvider(new BouncyCastleProvider());
            AlgorithmId algorithmId = AlgorithmId.get(DIGEST_ALG);
            Signature signature = privateKey instanceof IAIKPKCS11RsaPrivateKey ? Signature.getInstance("ExternalSHA1WithRSA") : privateKey instanceof RSAPrivateKey ? Signature.getInstance("SHA1WithRSA", "BC") : OS_NAME.startsWith("Windows") ? Signature.getInstance("SHA1WithRSA", "SunMSCAPI") : Signature.getInstance("SHA1WithRSA", "SunRsaSign");
            PKCS9Attributes pKCS9Attributes = new PKCS9Attributes(new PKCS9Attribute[]{new PKCS9Attribute(PKCS9Attribute.SIGNING_TIME_OID, new Date()), new PKCS9Attribute(PKCS9Attribute.CONTENT_TYPE_OID, ContentInfo.DATA_OID), new PKCS9Attribute(PKCS9Attribute.MESSAGE_DIGEST_OID, bArr)});
            signature.initSign(privateKey);
            signature.update(pKCS9Attributes.getDerEncoding());
            PKCS7 pkcs7 = new PKCS7(new AlgorithmId[]{algorithmId}, new ContentInfo(ContentInfo.DATA_OID, (DerValue) null), x509CertificateArr, new SignerInfo[]{new SignerInfo(new X500Name(x509CertificateArr[0].getIssuerDN().getName()), x509CertificateArr[0].getSerialNumber(), algorithmId, pKCS9Attributes, new AlgorithmId(AlgorithmId.RSAEncryption_oid), signature.sign(), (PKCS9Attributes) null)});
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            pkcs7.encodeSignedData(byteArrayOutputStream);
            return byteArrayOutputStream.toByteArray();
        } catch (NoSuchProviderException e) {
            Logger.getLogger(PKCS7SignUtil.class.getName()).log(Level.SEVERE, (String) null, (Throwable) e);
            throw new CMSException(e.getMessage(), e);
        }
    }

    public static byte[] signAndCreateP7(X509Certificate x509Certificate, PrivateKey privateKey, byte[] bArr) throws CMSException, InvalidKeyException {
        try {
            return signAndCreateP7(new X509Certificate[]{x509Certificate}, privateKey, bArr);
        } catch (IOException e) {
            logger.log(Level.SEVERE, (String) null, (Throwable) e);
            throw new CMSException(e.getMessage(), e);
        } catch (NoSuchAlgorithmException e2) {
            logger.log(Level.SEVERE, (String) null, (Throwable) e2);
            throw new CMSException(e2.getMessage(), e2);
        } catch (SignatureException e3) {
            logger.log(Level.SEVERE, e3.getLocalizedMessage(), (Throwable) e3);
            throw new CMSException(e3.getMessage(), e3);
        } catch (CertificateException e4) {
            logger.log(Level.SEVERE, (String) null, (Throwable) e4);
            throw new CMSException(e4.getMessage(), e4);
        }
    }

    public static byte[] updateP7Signature(X509Certificate x509Certificate, PrivateKey privateKey, byte[] bArr, byte[] bArr2) throws CMSException, InvalidKeyException {
        if (bArr2 == null) {
            return signAndCreateP7(x509Certificate, privateKey, bArr);
        }
        logger.log(Level.INFO, "signed length {0}", Integer.valueOf(bArr2.length));
        try {
            Security.addProvider(new BouncyCastleProvider());
            PKCS7 pkcs7 = new PKCS7(new ByteArrayInputStream(bArr2));
            PKCS9Attributes pKCS9Attributes = new PKCS9Attributes(new PKCS9Attribute[]{new PKCS9Attribute(PKCS9Attribute.SIGNING_TIME_OID, new Date()), new PKCS9Attribute(PKCS9Attribute.CONTENT_TYPE_OID, ContentInfo.DATA_OID), new PKCS9Attribute(PKCS9Attribute.MESSAGE_DIGEST_OID, bArr)});
            Signature signature = privateKey instanceof RSAPrivateKey ? Signature.getInstance("SHA1WithRSA", "BC") : OS_NAME.startsWith("Windows") ? Signature.getInstance("SHA1WithRSA", "SunMSCAPI") : Signature.getInstance("SHA1WithRSA", "SunRsaSign");
            signature.initSign(privateKey);
            signature.update(pKCS9Attributes.getDerEncoding());
            byte[] sign = signature.sign();
            ContentInfo contentInfo = pkcs7.getContentInfo();
            AlgorithmId algorithmId = AlgorithmId.get(DIGEST_ALG);
            AlgorithmId[] digestAlgorithmIds = pkcs7.getDigestAlgorithmIds();
            AlgorithmId[] algorithmIdArr = (AlgorithmId[]) Arrays.copyOf(digestAlgorithmIds, digestAlgorithmIds.length + 1);
            algorithmIdArr[algorithmIdArr.length - 1] = algorithmId;
            SignerInfo signerInfo = new SignerInfo(new X500Name(x509Certificate.getIssuerDN().getName()), x509Certificate.getSerialNumber(), algorithmId, pKCS9Attributes, new AlgorithmId(AlgorithmId.RSAEncryption_oid), sign, (PKCS9Attributes) null);
            SignerInfo[] signerInfos = pkcs7.getSignerInfos();
            SignerInfo[] signerInfoArr = (SignerInfo[]) Arrays.copyOf(signerInfos, signerInfos.length + 1);
            signerInfoArr[signerInfoArr.length - 1] = signerInfo;
            X509Certificate[] certificates = pkcs7.getCertificates();
            X509Certificate[] x509CertificateArr = (X509Certificate[]) Arrays.copyOf(certificates, certificates.length + 1);
            x509CertificateArr[x509CertificateArr.length - 1] = x509Certificate;
            PKCS7 pkcs72 = new PKCS7(algorithmIdArr, contentInfo, x509CertificateArr, signerInfoArr);
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            pkcs72.encodeSignedData(byteArrayOutputStream);
            return byteArrayOutputStream.toByteArray();
        } catch (IOException e) {
            logger.log(Level.SEVERE, (String) null, (Throwable) e);
            throw new CMSException(e.getMessage(), e);
        } catch (NoSuchAlgorithmException e2) {
            logger.log(Level.SEVERE, (String) null, (Throwable) e2);
            throw new CMSException(e2.getMessage(), e2);
        } catch (NoSuchProviderException e3) {
            logger.log(Level.SEVERE, (String) null, (Throwable) e3);
            throw new CMSException(e3.getMessage(), e3);
        } catch (SignatureException e4) {
            logger.log(Level.SEVERE, (String) null, (Throwable) e4);
            throw new CMSException(e4.getMessage(), e4);
        } catch (ParsingException e5) {
            logger.log(Level.SEVERE, (String) null, (Throwable) e5);
            throw new CMSException(e5.getMessage(), e5);
        }
    }
}
