package org.catcert.crypto.signImpl;

import java.io.ByteArrayOutputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertStore;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import lib.org.bouncycastle.asn1.ASN1EncodableVector;
import lib.org.bouncycastle.asn1.ASN1Sequence;
import lib.org.bouncycastle.asn1.DEREncodableVector;
import lib.org.bouncycastle.asn1.DERObject;
import lib.org.bouncycastle.asn1.DERObjectIdentifier;
import lib.org.bouncycastle.asn1.DEROctetString;
import lib.org.bouncycastle.asn1.DERSequence;
import lib.org.bouncycastle.asn1.DERSequenceGenerator;
import lib.org.bouncycastle.asn1.DERSet;
import lib.org.bouncycastle.asn1.DERTaggedObject;
import lib.org.bouncycastle.asn1.DERUTCTime;
import lib.org.bouncycastle.asn1.cms.Attribute;
import lib.org.bouncycastle.asn1.cms.AttributeTable;
import lib.org.bouncycastle.asn1.esf.CommitmentTypeIndication;
import lib.org.bouncycastle.asn1.esf.OtherHashAlgAndValue;
import lib.org.bouncycastle.asn1.esf.SignaturePolicyId;
import lib.org.bouncycastle.asn1.esf.SignaturePolicyIdentifier;
import lib.org.bouncycastle.asn1.esf.SignerAttribute;
import lib.org.bouncycastle.asn1.ess.ESSCertID;
import lib.org.bouncycastle.asn1.ess.SigningCertificate;
import lib.org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import lib.org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import lib.org.bouncycastle.cms.CMSException;
import lib.org.bouncycastle.cms.CMSProcessableByteArray;
import lib.org.bouncycastle.cms.CMSSignedData;
import lib.org.bouncycastle.cms.CMSSignedDataGenerator;
import lib.org.bouncycastle.util.encoders.Base64;
import org.catcert.AppletParams;
import org.catcert.crypto.keyStoreImpl.CompositeKeyStore;

/* loaded from: input_file:org/catcert/crypto/signImpl/CMSSignatureGeneration.class */
public class CMSSignatureGeneration {
    public static final int CMS = 1;
    public static final int CAdES_BES = 2;
    public static final int CAdES_T = 3;
    public static final int CAdES_C = 4;
    private static final String SHA1OID = "1.3.14.3.2.26";
    private static final String SHA256OID = "2.16.840.1.101.3.4.2.1";
    private static final String SHA512OID = "2.16.840.1.101.3.4.2.3";
    private static final String SHA1 = "SHA-1";
    private static final String SHA256 = "SHA-256";
    private static final String SHA512 = "SHA-512";

    public static byte[] sign(byte[] bArr, CompositeKeyStore compositeKeyStore, String str, char[] cArr, boolean z, AttributeTable attributeTable, boolean z2) throws CMSSignatureGenerationException {
        byte[] sign = sign(bArr, compositeKeyStore, str, cArr, z, attributeTable);
        if (sign != null) {
            return z2 ? Base64.encode(sign) : sign;
        }
        return null;
    }

    private static byte[] sign(byte[] bArr, CompositeKeyStore compositeKeyStore, String str, char[] cArr, boolean z, AttributeTable attributeTable) throws CMSSignatureGenerationException {
        try {
            AppletParams appletParams = AppletParams.getInstance();
            String cmstsTsaUrl = appletParams.getCmstsTsaUrl();
            Map<String, String> proxySettings = appletParams.getProxySettings();
            List<String> commitmentIdentifier = appletParams.getCommitmentIdentifier();
            String signerRole = appletParams.getSignerRole();
            String signaturePolicyHash = appletParams.getSignaturePolicyHash();
            String signaturePolicy = appletParams.getSignaturePolicy();
            boolean isTimeStampCMSSignature = appletParams.isTimeStampCMSSignature();
            String hashAlgorithm = appletParams.getHashAlgorithm();
            String signaturePolicyHashAlgorithm = appletParams.getSignaturePolicyHashAlgorithm();
            int cAdESType = appletParams.getCAdESType();
            X509Certificate certificate = compositeKeyStore.getCertificate(str);
            PrivateKey privateKey = (PrivateKey) compositeKeyStore.getKey(str, cArr);
            Certificate[] certificateChain = compositeKeyStore.getCertificateChain(str);
            if (certificateChain == null) {
                certificateChain = new Certificate[]{certificate};
            }
            CertStore certStore = CertStore.getInstance("Collection", new CollectionCertStoreParameters(Arrays.asList(certificateChain)), "BC");
            CMSSignedDataGenerator cMSSignedDataGenerator = new CMSSignedDataGenerator();
            CMSProcessableByteArray cMSProcessableByteArray = new CMSProcessableByteArray(bArr);
            if (attributeTable == null) {
                attributeTable = new AttributeTable(new DEREncodableVector());
            }
            switch (cAdESType) {
                case 2:
                    attributeTable = addCAdESAttributes(attributeTable, certificate, hashAlgorithm);
                    break;
                case 3:
                    attributeTable = addCAdESAttributes(attributeTable, certificate, hashAlgorithm);
                    break;
                case 4:
                    attributeTable = addCAdESAttributes(attributeTable, certificate, hashAlgorithm);
                    break;
            }
            if (signaturePolicy != null && signaturePolicyHash != null && cAdESType > 1) {
                addEPESAttributes(attributeTable, signaturePolicy, signaturePolicyHash, signaturePolicyHashAlgorithm, signerRole, commitmentIdentifier);
            }
            cMSSignedDataGenerator.addSigner(privateKey, certificate, AlgorithmIDtoOID(hashAlgorithm), attributeTable, (AttributeTable) null);
            cMSSignedDataGenerator.addCertificatesAndCRLs(certStore);
            String name = compositeKeyStore.getProvider(str).getName();
            CMSSignedData generate = cMSSignedDataGenerator.generate(CMSSignedDataGenerator.DATA, cMSProcessableByteArray, z, name.equals("Apple") ? "BC" : name);
            if (isTimeStampCMSSignature || cAdESType >= 3) {
                generate = TimeStampGeneration.addTimeStampToSignature(generate, proxySettings, cmstsTsaUrl);
            }
            return generate.getEncoded();
        } catch (FileNotFoundException e) {
            e.printStackTrace();
            throw new CMSSignatureGenerationException("Problemes en obrir el document a signar:\n" + e.getMessage());
        } catch (IOException e2) {
            e2.printStackTrace();
            throw new CMSSignatureGenerationException("Problemes en obrir el document a signar:\n" + e2.getMessage());
        } catch (KeyStoreException e3) {
            e3.printStackTrace();
            throw new CMSSignatureGenerationException("Problemes en l'accés al magatzem de claus:\n" + e3.getMessage());
        } catch (NoSuchAlgorithmException e4) {
            e4.printStackTrace();
            throw new CMSSignatureGenerationException("No ha estat possible recuperar la clau privada del magatzem de claus:\n" + e4.getMessage());
        } catch (NoSuchProviderException e5) {
            e5.printStackTrace();
            throw new CMSSignatureGenerationException("Problemes en crear el magatzem de certificats. No s'ha trobat el proveïdor.\n" + e5.getMessage());
        } catch (UnrecoverableKeyException e6) {
            e6.printStackTrace();
            throw new CMSSignatureGenerationException("No ha estat possible recuperar la clau privada del magatzem de claus:\n" + e6.getMessage());
        } catch (TimeStampGenerationException e7) {
            e7.printStackTrace();
            throw new CMSSignatureGenerationException("Problemes durant la generació del segell de temps:\n" + e7.getMessage());
        } catch (CMSException e8) {
            e8.printStackTrace();
            return null;
        } catch (Throwable th) {
            th.printStackTrace();
            throw new CMSSignatureGenerationException("Problemes durant la generació de la signatura: error desconegut.\n" + th.getMessage());
        }
    }

    public static byte[] signHash(byte[] bArr, CompositeKeyStore compositeKeyStore, String str, char[] cArr, AttributeTable attributeTable, boolean z) throws CMSSignatureGenerationException {
        byte[] signHash = signHash(bArr, compositeKeyStore, str, cArr, attributeTable);
        if (signHash != null) {
            return z ? Base64.encode(signHash) : signHash;
        }
        return null;
    }

    private static byte[] signHash(byte[] bArr, CompositeKeyStore compositeKeyStore, String str, char[] cArr, AttributeTable attributeTable) throws CMSSignatureGenerationException {
        try {
            AppletParams appletParams = AppletParams.getInstance();
            String signerRole = appletParams.getSignerRole();
            List<String> commitmentIdentifier = appletParams.getCommitmentIdentifier();
            Map<String, String> proxySettings = appletParams.getProxySettings();
            String cmstsTsaUrl = appletParams.getCmstsTsaUrl();
            String signaturePolicy = appletParams.getSignaturePolicy();
            String signaturePolicyHash = appletParams.getSignaturePolicyHash();
            boolean isTimeStampCMSSignature = appletParams.isTimeStampCMSSignature();
            String hashAlgorithm = appletParams.getHashAlgorithm();
            String signaturePolicyHashAlgorithm = appletParams.getSignaturePolicyHashAlgorithm();
            int cAdESType = appletParams.getCAdESType();
            X509Certificate certificate = compositeKeyStore.getCertificate(str);
            PrivateKey privateKey = (PrivateKey) compositeKeyStore.getKey(str, cArr);
            Certificate[] certificateChain = compositeKeyStore.getCertificateChain(str);
            if (certificateChain == null) {
                certificateChain = new Certificate[]{certificate};
            }
            CertStore certStore = CertStore.getInstance("Collection", new CollectionCertStoreParameters(Arrays.asList(certificateChain)), "BC");
            CMSSignedDataGenerator cMSSignedDataGenerator = new CMSSignedDataGenerator();
            CMSProcessableByteArray cMSProcessableByteArray = new CMSProcessableByteArray(bArr);
            if (attributeTable == null) {
                attributeTable = buildAuthenticatedAttributes(bArr, certificate, false, proxySettings);
            }
            switch (cAdESType) {
                case 2:
                    attributeTable = addCAdESAttributes(attributeTable, certificate, hashAlgorithm);
                    break;
                case 3:
                    attributeTable = addCAdESAttributes(attributeTable, certificate, hashAlgorithm);
                    break;
                case 4:
                    attributeTable = addCAdESAttributes(attributeTable, certificate, hashAlgorithm);
                    break;
            }
            if (signaturePolicy != null && signaturePolicyHash != null && cAdESType > 1) {
                addEPESAttributes(attributeTable, signaturePolicy, signaturePolicyHash, signaturePolicyHashAlgorithm, signerRole, commitmentIdentifier);
            }
            cMSSignedDataGenerator.addSigner(privateKey, certificate, AlgorithmIDtoOID(hashAlgorithm), attributeTable, (AttributeTable) null);
            cMSSignedDataGenerator.addCertificatesAndCRLs(certStore);
            String name = compositeKeyStore.getProvider(str).getName();
            CMSSignedData generate = cMSSignedDataGenerator.generate(CMSSignedDataGenerator.DATA, cMSProcessableByteArray, false, name.equals("Apple") ? "BC" : name);
            if (isTimeStampCMSSignature || cAdESType >= 3) {
                generate = TimeStampGeneration.addTimeStampToSignature(generate, proxySettings, cmstsTsaUrl);
            }
            return generate.getEncoded();
        } catch (FileNotFoundException e) {
            e.printStackTrace();
            throw new CMSSignatureGenerationException("Problemes en obrir el document a signar:\n" + e.getMessage());
        } catch (IOException e2) {
            e2.printStackTrace();
            throw new CMSSignatureGenerationException("Problemes en obrir el document a signar:\n" + e2.getMessage());
        } catch (KeyStoreException e3) {
            e3.printStackTrace();
            throw new CMSSignatureGenerationException("Problemes en l'accés al magatzem de claus:\n" + e3.getMessage());
        } catch (NoSuchAlgorithmException e4) {
            e4.printStackTrace();
            throw new CMSSignatureGenerationException("No ha estat possible recuperar la clau privada del magatzem de claus:\n" + e4.getMessage());
        } catch (NoSuchProviderException e5) {
            e5.printStackTrace();
            throw new CMSSignatureGenerationException("Problemes en crear el magatzem de certificats. No s'ha trobat el proveïdor.\n" + e5.getMessage());
        } catch (UnrecoverableKeyException e6) {
            e6.printStackTrace();
            throw new CMSSignatureGenerationException("No ha estat possible recuperar la clau privada del magatzem de claus:\n" + e6.getMessage());
        } catch (CMSException e7) {
            e7.printStackTrace();
            return null;
        } catch (TimeStampGenerationException e8) {
            e8.printStackTrace();
            throw new CMSSignatureGenerationException("Problemes durant la generació del segell de temps:\n" + e8.getMessage());
        } catch (Throwable th) {
            th.printStackTrace();
            throw new CMSSignatureGenerationException("Problemes durant la generació de la signatura: error desconegut.\n" + th.getMessage());
        }
    }

    public static AttributeTable buildAuthenticatedAttributes(byte[] bArr, X509Certificate x509Certificate, boolean z, Map<String, String> map) {
        DERSet dERSet;
        DEREncodableVector dEREncodableVector = new DEREncodableVector();
        if (z) {
            try {
                DERObject generateCRLResponse = CRLResponseGeneration.generateCRLResponse(x509Certificate, map);
                DEREncodableVector dEREncodableVector2 = new DEREncodableVector();
                dEREncodableVector2.add(new DERTaggedObject(true, 0, new DERSequence(generateCRLResponse)));
                dERSet = new DERSet(new DERSequence(dEREncodableVector2));
            } catch (CRLResponseGenerationException e) {
                e.printStackTrace();
                dERSet = new DERSet(new DERSequence());
            }
            dEREncodableVector.add(new Attribute(new DERObjectIdentifier("1.2.840.113583.1.1.8"), dERSet));
        }
        dEREncodableVector.add(new Attribute(new DERObjectIdentifier("1.2.840.113549.1.9.5"), new DERSet(new DERUTCTime(new Date()))));
        dEREncodableVector.add(new Attribute(new DERObjectIdentifier("1.2.840.113549.1.9.3"), new DERSet(new DERObjectIdentifier("1.2.840.113549.1.7.1"))));
        dEREncodableVector.add(new Attribute(new DERObjectIdentifier("1.2.840.113549.1.9.4"), new DERSet(new DEROctetString(bArr))));
        return new AttributeTable(dEREncodableVector);
    }

    public static AttributeTable addCAdESAttributes(AttributeTable attributeTable, X509Certificate x509Certificate, String str) throws CMSSignatureGenerationException {
        try {
            Attribute attribute = new Attribute(PKCSObjectIdentifiers.id_aa_signingCertificate, new DERSet(new SigningCertificate(new ESSCertID(MessageDigest.getInstance(AlgorithmIDtoOID(str), "BC").digest(x509Certificate.getEncoded())))));
            ASN1EncodableVector aSN1EncodableVector = attributeTable.toASN1EncodableVector();
            aSN1EncodableVector.add(attribute);
            return new AttributeTable(aSN1EncodableVector);
        } catch (NoSuchAlgorithmException e) {
            e.printStackTrace();
            throw new CMSSignatureGenerationException(e);
        } catch (NoSuchProviderException e2) {
            e2.printStackTrace();
            throw new CMSSignatureGenerationException(e2);
        } catch (CertificateEncodingException e3) {
            e3.printStackTrace();
            throw new CMSSignatureGenerationException(e3);
        }
    }

    public static AttributeTable addEPESAttributes(AttributeTable attributeTable, String str, String str2, String str3, String str4, List<String> list) throws CMSSignatureGenerationException {
        Attribute attribute = new Attribute(PKCSObjectIdentifiers.id_aa_ets_sigPolicyId, new DERSet(new SignaturePolicyIdentifier(new SignaturePolicyId(new DERObjectIdentifier(str), new OtherHashAlgAndValue(new AlgorithmIdentifier(AlgorithmIDtoOID(str3)), new DEROctetString(str2.getBytes()))))));
        ASN1EncodableVector aSN1EncodableVector = attributeTable == null ? new ASN1EncodableVector() : attributeTable.toASN1EncodableVector();
        aSN1EncodableVector.add(attribute);
        if (str4 != null) {
            try {
                Attribute attribute2 = new Attribute(PKCSObjectIdentifiers.id_aa_ets_signerAttr, new DERSet(new DEROctetString(str4.getBytes())));
                ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                DERSequenceGenerator dERSequenceGenerator = new DERSequenceGenerator(byteArrayOutputStream);
                dERSequenceGenerator.addObject(attribute2);
                byte[] byteArray = ((ByteArrayOutputStream) dERSequenceGenerator.getRawOutputStream()).toByteArray();
                dERSequenceGenerator.close();
                byteArrayOutputStream.close();
                aSN1EncodableVector.add(new SignerAttribute(ASN1Sequence.fromByteArray(byteArray)));
            } catch (Exception e) {
                throw new CMSSignatureGenerationException(e.getMessage(), e.getCause());
            }
        }
        if (list != null && list.size() > 0) {
            Iterator<String> it = list.iterator();
            while (it.hasNext()) {
                aSN1EncodableVector.add(new CommitmentTypeIndication(new DERObjectIdentifier(it.next())));
            }
        }
        return new AttributeTable(aSN1EncodableVector);
    }

    private static String AlgorithmIDtoOID(String str) {
        String str2 = str;
        if (str.equals("SHA-1")) {
            str2 = SHA1OID;
        } else if (str.equals("SHA-256")) {
            str2 = SHA256OID;
        } else if (str.equals("SHA-512")) {
            str2 = SHA512OID;
        }
        return str2;
    }
}
