package es.gob.afirma.envelopers.cms;

import es.gob.afirma.core.AOException;
import es.gob.afirma.core.AOInvalidFormatException;
import es.gob.afirma.core.ciphers.AOCipherConfig;
import es.gob.afirma.core.ciphers.CipherConstants;
import es.gob.afirma.core.envelopers.AOEnveloper;
import es.gob.afirma.signers.cms.AOCMSSigner;
import es.gob.afirma.signers.pkcs7.P7ContentSignerParameters;
import es.gob.afirma.ui.utils.Constants;
import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.SignatureException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException;
import java.util.HashMap;
import java.util.Map;
import java.util.Properties;
import java.util.logging.Logger;
import javax.crypto.BadPaddingException;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.DERObjectIdentifier;
import org.bouncycastle.asn1.cms.CMSObjectIdentifiers;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;

/* loaded from: input_file:es/gob/afirma/envelopers/cms/AOCMSEnveloper.class */
public class AOCMSEnveloper implements AOEnveloper {
    public static final String CMS_CONTENTTYPE_DATA = "Data";
    public static final String CMS_CONTENTTYPE_SIGNEDDATA = "SignedData";
    public static final String CMS_CONTENTTYPE_DIGESTEDDATA = "DigestedData";
    public static final String CMS_CONTENTTYPE_COMPRESSEDDATA = "CompressedData";
    public static final String CMS_CONTENTTYPE_ENCRYPTEDDATA = "EncryptedData";
    public static final String CMS_CONTENTTYPE_ENVELOPEDDATA = "EnvelopedData";
    public static final String CMS_CONTENTTYPE_SIGNEDANDENVELOPEDDATA = "SignedAndEnvelopedData";
    public static final String CMS_CONTENTTYPE_AUTHENTICATEDDATA = "AuthenticatedData";
    public static final String CMS_CONTENTTYPE_AUTHENVELOPEDDATA = "AuthEnvelopedData";
    public static final String DEFAULT_CMS_CONTENTTYPE = "EnvelopedData";
    private static final String DATA_TYPE_OID = PKCSObjectIdentifiers.data.getId();
    private String signatureAlgorithm = "SHA1withRSA";
    private final Map<String, byte[]> attrib = new HashMap();
    private final Map<String, byte[]> uattrib = new HashMap();
    private String cipherKey = null;

    @Override // es.gob.afirma.core.envelopers.AOEnveloper
    public byte[] envelop(byte[] bArr, String str, String str2, KeyStore.PrivateKeyEntry privateKeyEntry, X509Certificate[] x509CertificateArr, CipherConstants.AOCipherAlgorithm aOCipherAlgorithm, String str3, Properties properties) throws AOException {
        return null;
    }

    @Override // es.gob.afirma.core.envelopers.AOEnveloper
    public byte[] encrypt(byte[] bArr, String str, String str2, CipherConstants.AOCipherAlgorithm aOCipherAlgorithm, String str3) throws AOException {
        if (bArr == null) {
            throw new IllegalArgumentException("Los datos a cifrar no pueden ser nulo.");
        }
        return null;
    }

    public void addSignedAttribute(String str, byte[] bArr) {
        this.attrib.put(str, bArr);
    }

    public void addUnsignedAttribute(String str, byte[] bArr) {
        this.uattrib.put(str, bArr);
    }

    static byte[] createCMSData(byte[] bArr) throws IOException {
        return CMSData.genData(bArr);
    }

    byte[] createCMSDigestedData(byte[] bArr) throws IOException, NoSuchAlgorithmException {
        return CMSDigestedData.genDigestedData(bArr, this.signatureAlgorithm, DATA_TYPE_OID);
    }

    static byte[] createCMSCompressedData(byte[] bArr) throws IOException {
        return CMSCompressedData.genCompressedData(bArr);
    }

    public byte[] createCMSEncryptedData(byte[] bArr, AOCipherConfig aOCipherConfig, Key key) throws NoSuchAlgorithmException, IOException {
        return CMSEncryptedData.genEncryptedData(bArr, this.signatureAlgorithm, aOCipherConfig, key, DATA_TYPE_OID, this.uattrib);
    }

    public byte[] createCMSEnvelopedData(byte[] bArr, KeyStore.PrivateKeyEntry privateKeyEntry, AOCipherConfig aOCipherConfig, X509Certificate[] x509CertificateArr, Integer num) throws NoSuchAlgorithmException, CertificateEncodingException, IOException, AOException, InvalidKeyException, NoSuchPaddingException, InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException {
        return privateKeyEntry != null ? new CMSEnvelopedData().genEnvelopedData(createContentSignerParementers(bArr, privateKeyEntry, this.signatureAlgorithm), (X509Certificate[]) privateKeyEntry.getCertificateChain(), aOCipherConfig, x509CertificateArr, DATA_TYPE_OID, this.uattrib, num) : new CMSEnvelopedData().genEnvelopedData(bArr, this.signatureAlgorithm, aOCipherConfig, x509CertificateArr, DATA_TYPE_OID, this.uattrib, num);
    }

    public byte[] createCMSSignedAndEnvelopedData(byte[] bArr, KeyStore.PrivateKeyEntry privateKeyEntry, AOCipherConfig aOCipherConfig, X509Certificate[] x509CertificateArr, Integer num) throws CertificateEncodingException, NoSuchAlgorithmException, IOException, AOException, InvalidKeyException, NoSuchPaddingException, InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException, SignatureException {
        return new CMSSignedAndEnvelopedData().genSignedAndEnvelopedData(createContentSignerParementers(bArr, privateKeyEntry, this.signatureAlgorithm), (X509Certificate[]) privateKeyEntry.getCertificateChain(), aOCipherConfig, x509CertificateArr, DATA_TYPE_OID, privateKeyEntry, this.attrib, this.uattrib, num);
    }

    byte[] createCMSAuthenticatedData(byte[] bArr, KeyStore.PrivateKeyEntry privateKeyEntry, AOCipherConfig aOCipherConfig, X509Certificate[] x509CertificateArr, Integer num) throws CertificateEncodingException, NoSuchAlgorithmException, IOException, AOException, InvalidKeyException, NoSuchPaddingException, InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException {
        return CMSAuthenticatedData.genAuthenticatedData(createContentSignerParementers(bArr, privateKeyEntry, this.signatureAlgorithm), (X509Certificate[]) privateKeyEntry.getCertificateChain(), null, aOCipherConfig, x509CertificateArr, DATA_TYPE_OID, true, this.attrib, this.uattrib, num);
    }

    public byte[] createCMSAuthenticatedEnvelopedData(byte[] bArr, KeyStore.PrivateKeyEntry privateKeyEntry, AOCipherConfig aOCipherConfig, X509Certificate[] x509CertificateArr, Integer num) throws CertificateEncodingException, NoSuchAlgorithmException, IOException, AOException, InvalidKeyException, NoSuchPaddingException, InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException {
        return CMSAuthenticatedEnvelopedData.genAuthenticatedEnvelopedData(createContentSignerParementers(bArr, privateKeyEntry, this.signatureAlgorithm), (X509Certificate[]) privateKeyEntry.getCertificateChain(), null, aOCipherConfig, x509CertificateArr, DATA_TYPE_OID, true, this.attrib, this.uattrib, num);
    }

    private static P7ContentSignerParameters createContentSignerParementers(byte[] bArr, KeyStore.PrivateKeyEntry privateKeyEntry, String str) {
        return new P7ContentSignerParameters(bArr, str);
    }

    public static byte[] addOriginator(byte[] bArr, KeyStore.PrivateKeyEntry privateKeyEntry) throws AOException, IOException, CertificateEncodingException {
        String str;
        if (ValidateCMS.isCMSEnvelopedData(bArr)) {
            str = "EnvelopedData";
        } else if (ValidateCMS.isCMSSignedAndEnvelopedData(bArr)) {
            str = "SignedAndEnvelopedData";
        } else {
            if (!ValidateCMS.isCMSAuthenticatedEnvelopedData(bArr)) {
                throw new AOInvalidFormatException("Los datos proporcionado no son un envoltorio que soporte multiples remitentes");
            }
            str = "AuthEnvelopedData";
        }
        return addOriginator(bArr, str, privateKeyEntry);
    }

    private static byte[] addOriginator(byte[] bArr, String str, KeyStore.PrivateKeyEntry privateKeyEntry) throws AOException, IOException, CertificateEncodingException {
        byte[] addOriginatorInfo;
        if (str.equals("EnvelopedData")) {
            addOriginatorInfo = CMSEnvelopedData.addOriginatorInfo(bArr, (X509Certificate[]) privateKeyEntry.getCertificateChain());
        } else if (str.equals("SignedAndEnvelopedData")) {
            addOriginatorInfo = new AOCMSSigner().cosign(bArr, "SHA1withRSA", privateKeyEntry.getPrivateKey(), privateKeyEntry.getCertificateChain(), null);
        } else {
            if (!str.equals("AuthEnvelopedData")) {
                throw new IllegalArgumentException("La estructura para el ContentInfo indicado no esta soportada o no admite multiples remitentes");
            }
            addOriginatorInfo = CMSAuthenticatedEnvelopedData.addOriginatorInfo(bArr, (X509Certificate[]) privateKeyEntry.getCertificateChain());
        }
        if (addOriginatorInfo == null) {
            throw new AOException("Error al agregar el nuevo remitente al envoltorio");
        }
        return addOriginatorInfo;
    }

    public void setSignatureAlgorithm(String str) {
        this.signatureAlgorithm = str == null ? "SHA1withRSA" : str;
    }

    public void setCipherKey(String str) {
        this.cipherKey = str;
    }

    String getSignatureAlgorithm() {
        return this.signatureAlgorithm;
    }

    String getCipherKey() {
        return this.cipherKey;
    }

    @Override // es.gob.afirma.core.envelopers.AOEnveloper
    public byte[] recoverData(byte[] bArr, KeyStore.PrivateKeyEntry privateKeyEntry) throws InvalidKeyException, AOException, IOException, InvalidKeySpecException {
        byte[] recoverCMSSignedEnvelopedData;
        ASN1InputStream aSN1InputStream = new ASN1InputStream(bArr);
        ASN1Sequence aSN1Sequence = (ASN1Sequence) aSN1InputStream.readObject();
        aSN1InputStream.close();
        DERObjectIdentifier dERObjectIdentifier = (DERObjectIdentifier) aSN1Sequence.getObjects().nextElement();
        try {
            if (dERObjectIdentifier.equals(PKCSObjectIdentifiers.data)) {
                Logger.getLogger(Constants.OUR_NODE_NAME).warning("La extraccion de datos de los envoltorios CMS Data no esta implementada");
                recoverCMSSignedEnvelopedData = null;
            } else if (dERObjectIdentifier.equals(PKCSObjectIdentifiers.digestedData)) {
                Logger.getLogger(Constants.OUR_NODE_NAME).warning("La extraccion de datos de los envoltorios CMS DigestedData no esta implementada");
                recoverCMSSignedEnvelopedData = null;
            } else if (dERObjectIdentifier.equals(CMSObjectIdentifiers.compressedData)) {
                recoverCMSSignedEnvelopedData = recoverCMSCompressedData(bArr);
            } else if (dERObjectIdentifier.equals(PKCSObjectIdentifiers.encryptedData)) {
                recoverCMSSignedEnvelopedData = recoverCMSEncryptedData(bArr, this.cipherKey);
            } else if (dERObjectIdentifier.equals(PKCSObjectIdentifiers.envelopedData)) {
                recoverCMSSignedEnvelopedData = recoverCMSEnvelopedData(bArr, privateKeyEntry);
            } else if (dERObjectIdentifier.equals(CMSObjectIdentifiers.authEnvelopedData)) {
                recoverCMSSignedEnvelopedData = recoverCMSAuthenticatedEnvelopedData(bArr, privateKeyEntry);
            } else if (dERObjectIdentifier.equals(CMSObjectIdentifiers.authenticatedData)) {
                recoverCMSSignedEnvelopedData = recoverCMSAuthenticatedData(bArr, privateKeyEntry);
            } else {
                if (!dERObjectIdentifier.equals(CMSObjectIdentifiers.signedAndEnvelopedData)) {
                    throw new AOInvalidFormatException("Los datos introducidos no se corresponden con un tipo de objeto CMS soportado");
                }
                recoverCMSSignedEnvelopedData = recoverCMSSignedEnvelopedData(bArr, privateKeyEntry);
            }
            return recoverCMSSignedEnvelopedData;
        } catch (AOInvalidRecipientException e) {
            throw new InvalidKeyException("La clave indicada no pertenece a ninguno de los destinatarios del envoltorio", e);
        } catch (InvalidAlgorithmParameterException e2) {
            throw new AOException("No se reconoce la configuracion del algoritmo indicado", (Exception) e2);
        } catch (NoSuchAlgorithmException e3) {
            throw new AOException("No se reconoce el algoritmo indicado", (Exception) e3);
        } catch (CertificateEncodingException e4) {
            throw new AOException("Error al descodificar los certificados del envoltorio", (Exception) e4);
        } catch (BadPaddingException e5) {
            throw new AOException("relleno invalido: " + e5, (Exception) e5);
        } catch (IllegalBlockSizeException e6) {
            throw new AOException("Tamano de bloque invalido: " + e6, (Exception) e6);
        } catch (NoSuchPaddingException e7) {
            throw new AOException("No se reconoce el tipo de relleno indicado", (Exception) e7);
        }
    }

    static byte[] recoverCMSCompressedData(byte[] bArr) throws IOException {
        return CMSCompressedData.getContentCompressedData(bArr);
    }

    static byte[] recoverCMSEncryptedData(byte[] bArr, String str) throws InvalidKeyException, AOException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException, InvalidKeySpecException, IOException {
        return new CMSDecipherEncryptedData().dechiperEncryptedData(bArr, str);
    }

    static byte[] recoverCMSEnvelopedData(byte[] bArr, KeyStore.PrivateKeyEntry privateKeyEntry) throws IOException, CertificateEncodingException, AOException, InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException {
        return CMSDecipherEnvelopData.dechiperEnvelopData(bArr, privateKeyEntry);
    }

    static byte[] recoverCMSSignedEnvelopedData(byte[] bArr, KeyStore.PrivateKeyEntry privateKeyEntry) throws IOException, CertificateEncodingException, AOException, InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException {
        return CMSDecipherSignedAndEnvelopedData.dechiperSignedAndEnvelopData(bArr, privateKeyEntry);
    }

    static byte[] recoverCMSAuthenticatedData(byte[] bArr, KeyStore.PrivateKeyEntry privateKeyEntry) throws IOException, CertificateEncodingException, AOException, InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException {
        return new CMSDecipherAuthenticatedData().decipherAuthenticatedData(bArr, privateKeyEntry);
    }

    static byte[] recoverCMSAuthenticatedEnvelopedData(byte[] bArr, KeyStore.PrivateKeyEntry privateKeyEntry) throws IOException, CertificateEncodingException, AOException, InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException {
        return CMSDecipherAuthenticatedEnvelopedData.dechiperAuthenticatedEnvelopedData(bArr, privateKeyEntry);
    }

    public static boolean isCMSValid(byte[] bArr) {
        return CMSHelper.isCMSValid(bArr);
    }

    public static boolean isCMSValid(byte[] bArr, String str) {
        return CMSHelper.isCMSValid(bArr, str);
    }
}
