package es.gob.afirma.signers.cms;

import es.gob.afirma.core.AOException;
import es.gob.afirma.core.misc.AOUtil;
import es.gob.afirma.core.signers.AOSignConstants;
import es.gob.afirma.signers.pkcs7.AOAlgorithmID;
import es.gob.afirma.signers.pkcs7.ContainsNoDataException;
import es.gob.afirma.signers.pkcs7.P7ContentSignerParameters;
import es.gob.afirma.signers.pkcs7.SigUtils;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Date;
import java.util.Enumeration;
import java.util.Map;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1Encoding;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.ASN1Set;
import org.bouncycastle.asn1.ASN1TaggedObject;
import org.bouncycastle.asn1.BEROctetString;
import org.bouncycastle.asn1.DERObjectIdentifier;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.DERPrintableString;
import org.bouncycastle.asn1.DERSet;
import org.bouncycastle.asn1.DERUTCTime;
import org.bouncycastle.asn1.cms.Attribute;
import org.bouncycastle.asn1.cms.AttributeTable;
import org.bouncycastle.asn1.cms.CMSAttributes;
import org.bouncycastle.asn1.cms.ContentInfo;
import org.bouncycastle.asn1.cms.IssuerAndSerialNumber;
import org.bouncycastle.asn1.cms.SignedData;
import org.bouncycastle.asn1.cms.SignerIdentifier;
import org.bouncycastle.asn1.cms.SignerInfo;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x500.style.RFC4519Style;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.TBSCertificateStructure;
import org.bouncycastle.cms.CMSProcessableByteArray;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:es/gob/afirma/signers/cms/CoSigner.class */
public final class CoSigner {
    private ASN1Set signedAttr2;

    /* JADX INFO: Access modifiers changed from: package-private */
    public byte[] coSigner(P7ContentSignerParameters p7ContentSignerParameters, byte[] bArr, boolean z, String str, PrivateKey privateKey, Certificate[] certificateArr, Map<String, byte[]> map, Map<String, byte[]> map2, byte[] bArr2) throws IOException, NoSuchAlgorithmException, CertificateException {
        ContentInfo contentInfo;
        ASN1InputStream aSN1InputStream = new ASN1InputStream(bArr);
        ASN1Sequence aSN1Sequence = (ASN1Sequence) aSN1InputStream.readObject();
        aSN1InputStream.close();
        Enumeration objects = aSN1Sequence.getObjects();
        objects.nextElement();
        SignedData signedData = SignedData.getInstance((ASN1Sequence) ((ASN1TaggedObject) objects.nextElement()).getObject());
        ASN1ObjectIdentifier aSN1ObjectIdentifier = new ASN1ObjectIdentifier(str);
        byte[] bArr3 = null;
        if (z) {
            contentInfo = new ContentInfo(aSN1ObjectIdentifier, null);
        } else {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            bArr3 = p7ContentSignerParameters.getContent();
            try {
                new CMSProcessableByteArray(bArr3).write(byteArrayOutputStream);
                contentInfo = new ContentInfo(aSN1ObjectIdentifier, new BEROctetString(byteArrayOutputStream.toByteArray()));
            } catch (Exception e) {
                throw new IOException("Error en la escritura del procesable CMS: " + e, e);
            }
        }
        ASN1Set aSN1Set = null;
        ASN1Set certificates = signedData.getCertificates();
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        Enumeration objects2 = certificates.getObjects();
        while (objects2.hasMoreElements()) {
            aSN1EncodableVector.add((ASN1Encodable) objects2.nextElement());
        }
        if (certificateArr.length != 0) {
            ArrayList arrayList = new ArrayList();
            for (Certificate certificate : certificateArr) {
                arrayList.add(org.bouncycastle.asn1.x509.Certificate.getInstance(ASN1Primitive.fromByteArray(certificate.getEncoded())));
            }
            aSN1Set = SigUtils.fillRestCerts(arrayList, aSN1EncodableVector);
        }
        String signatureAlgorithm = p7ContentSignerParameters.getSignatureAlgorithm();
        String digestAlgorithmName = AOSignConstants.getDigestAlgorithmName(signatureAlgorithm);
        AlgorithmIdentifier makeAlgId = SigUtils.makeAlgId(AOAlgorithmID.getOID(digestAlgorithmName));
        TBSCertificateStructure tBSCertificateStructure = TBSCertificateStructure.getInstance(ASN1Primitive.fromByteArray(((X509Certificate) certificateArr[0]).getTBSCertificate()));
        SignerIdentifier signerIdentifier = new SignerIdentifier(new IssuerAndSerialNumber(X500Name.getInstance(tBSCertificateStructure.getIssuer()), tBSCertificateStructure.getSerialNumber().getValue()));
        ASN1Set generateSignerInfo = bArr2 == null ? generateSignerInfo(digestAlgorithmName, bArr3 != null ? bArr3 : p7ContentSignerParameters.getContent(), str, map) : generateSignerInfoFromHash((X509Certificate) certificateArr[0], bArr2, str, map);
        ASN1Set generateUnsignerInfo = generateUnsignerInfo(map2);
        AlgorithmIdentifier makeAlgId2 = SigUtils.makeAlgId(AOAlgorithmID.getOID("RSA"));
        ASN1Set signerInfos = signedData.getSignerInfos();
        ASN1EncodableVector aSN1EncodableVector2 = new ASN1EncodableVector();
        for (int i = 0; i < signerInfos.size(); i++) {
            aSN1EncodableVector2.add(new SignerInfo((ASN1Sequence) signerInfos.getObjectAt(i)));
        }
        try {
            aSN1EncodableVector2.add(new SignerInfo(signerIdentifier, makeAlgId, generateSignerInfo, makeAlgId2, firma(signatureAlgorithm, privateKey), generateUnsignerInfo));
            return new ContentInfo(PKCSObjectIdentifiers.signedData, new SignedData(signedData.getDigestAlgorithms(), contentInfo, aSN1Set, null, new DERSet(aSN1EncodableVector2))).getEncoded(ASN1Encoding.DER);
        } catch (Exception e2) {
            throw new IOException("Error al generar la firma: " + e2, e2);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public byte[] coSigner(String str, X509Certificate[] x509CertificateArr, byte[] bArr, String str2, PrivateKey privateKey, Map<String, byte[]> map, Map<String, byte[]> map2, byte[] bArr2) throws IOException, NoSuchAlgorithmException, CertificateException, ContainsNoDataException {
        ASN1Set generateSignerInfoFromHash;
        byte[] bArr3 = bArr2 != null ? (byte[]) bArr2.clone() : null;
        ASN1InputStream aSN1InputStream = new ASN1InputStream(bArr);
        ASN1Sequence aSN1Sequence = (ASN1Sequence) aSN1InputStream.readObject();
        aSN1InputStream.close();
        Enumeration objects = aSN1Sequence.getObjects();
        objects.nextElement();
        SignedData signedData = SignedData.getInstance((ASN1Sequence) ((ASN1TaggedObject) objects.nextElement()).getObject());
        ContentInfo encapContentInfo = signedData.getEncapContentInfo();
        DEROctetString dEROctetString = (DEROctetString) encapContentInfo.getContent();
        byte[] dataFromInputStream = dEROctetString != null ? AOUtil.getDataFromInputStream(dEROctetString.getOctetStream()) : null;
        ASN1Set aSN1Set = null;
        ASN1Set certificates = signedData.getCertificates();
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        Enumeration objects2 = certificates.getObjects();
        while (objects2.hasMoreElements()) {
            aSN1EncodableVector.add((ASN1Encodable) objects2.nextElement());
        }
        if (x509CertificateArr.length != 0) {
            ArrayList arrayList = new ArrayList();
            for (X509Certificate x509Certificate : x509CertificateArr) {
                arrayList.add(org.bouncycastle.asn1.x509.Certificate.getInstance(ASN1Primitive.fromByteArray(x509Certificate.getEncoded())));
            }
            aSN1Set = SigUtils.fillRestCerts(arrayList, aSN1EncodableVector);
        }
        String digestAlgorithmName = AOSignConstants.getDigestAlgorithmName(str);
        AlgorithmIdentifier makeAlgId = SigUtils.makeAlgId(AOAlgorithmID.getOID(digestAlgorithmName));
        TBSCertificateStructure tBSCertificateStructure = TBSCertificateStructure.getInstance(ASN1Primitive.fromByteArray(x509CertificateArr[0].getTBSCertificate()));
        SignerIdentifier signerIdentifier = new SignerIdentifier(new IssuerAndSerialNumber(X500Name.getInstance(tBSCertificateStructure.getIssuer()), tBSCertificateStructure.getSerialNumber().getValue()));
        ASN1Set generateUnsignerInfo = generateUnsignerInfo(map2);
        AlgorithmIdentifier makeAlgId2 = SigUtils.makeAlgId(AOAlgorithmID.getOID("RSA"));
        ASN1Set signerInfos = signedData.getSignerInfos();
        ASN1EncodableVector aSN1EncodableVector2 = new ASN1EncodableVector();
        for (int i = 0; i < signerInfos.size(); i++) {
            SignerInfo signerInfo = new SignerInfo((ASN1Sequence) signerInfos.getObjectAt(i));
            if (signerInfo.getDigestAlgorithm().getAlgorithm().toString().equals(AOAlgorithmID.getOID(digestAlgorithmName))) {
                ASN1Set authenticatedAttributes = signerInfo.getAuthenticatedAttributes();
                for (int i2 = 0; i2 < authenticatedAttributes.size(); i2++) {
                    ASN1Sequence aSN1Sequence2 = (ASN1Sequence) authenticatedAttributes.getObjectAt(i2);
                    if (CMSAttributes.messageDigest.getId().toString().equals(((DERObjectIdentifier) aSN1Sequence2.getObjectAt(0)).toString())) {
                        bArr3 = ((DEROctetString) ((DERSet) aSN1Sequence2.getObjectAt(1)).getObjectAt(0)).getOctets();
                    }
                }
            }
            aSN1EncodableVector2.add(signerInfo);
        }
        if (dataFromInputStream != null) {
            generateSignerInfoFromHash = generateSignerInfo(digestAlgorithmName, dataFromInputStream, str2, map);
        } else {
            if (bArr3 == null) {
                throw new ContainsNoDataException("No se puede crear la cofirma ya que no se han encontrado ni los datos firmados ni una huella digital compatible con el algoritmo de firma");
            }
            generateSignerInfoFromHash = generateSignerInfoFromHash(x509CertificateArr[0], bArr3, str2, map);
        }
        try {
            aSN1EncodableVector2.add(new SignerInfo(signerIdentifier, makeAlgId, generateSignerInfoFromHash, makeAlgId2, firma(str, privateKey), generateUnsignerInfo));
            return new ContentInfo(PKCSObjectIdentifiers.signedData, new SignedData(signedData.getDigestAlgorithms(), encapContentInfo, aSN1Set, null, new DERSet(aSN1EncodableVector2))).getEncoded(ASN1Encoding.DER);
        } catch (Exception e) {
            throw new IOException("Error al generar la firma: " + e, e);
        }
    }

    private ASN1Set generateSignerInfo(String str, byte[] bArr, String str2, Map<String, byte[]> map) throws NoSuchAlgorithmException {
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        aSN1EncodableVector.add(new Attribute(CMSAttributes.contentType, (ASN1Set) new DERSet(new DERObjectIdentifier(str2))));
        aSN1EncodableVector.add(new Attribute(CMSAttributes.signingTime, (ASN1Set) new DERSet(new DERUTCTime(new Date()))));
        aSN1EncodableVector.add(new Attribute(CMSAttributes.messageDigest, (ASN1Set) new DERSet(new DEROctetString((byte[]) MessageDigest.getInstance(AOSignConstants.getDigestAlgorithmName(str)).digest(bArr).clone()))));
        if (map.size() != 0) {
            for (Map.Entry<String, byte[]> entry : map.entrySet()) {
                aSN1EncodableVector.add(new Attribute(new ASN1ObjectIdentifier(entry.getKey().toString()), (ASN1Set) new DERSet(new DERPrintableString(new String(entry.getValue())))));
            }
        }
        this.signedAttr2 = SigUtils.getAttributeSet(new AttributeTable(aSN1EncodableVector));
        return SigUtils.getAttributeSet(new AttributeTable(aSN1EncodableVector));
    }

    private ASN1Set generateSignerInfoFromHash(X509Certificate x509Certificate, byte[] bArr, String str, Map<String, byte[]> map) {
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        aSN1EncodableVector.add(new Attribute(CMSAttributes.contentType, (ASN1Set) new DERSet(new DERObjectIdentifier(str))));
        aSN1EncodableVector.add(new Attribute(CMSAttributes.signingTime, (ASN1Set) new DERSet(new DERUTCTime(new Date()))));
        aSN1EncodableVector.add(new Attribute(CMSAttributes.messageDigest, (ASN1Set) new DERSet(new DEROctetString(bArr))));
        aSN1EncodableVector.add(new Attribute(RFC4519Style.serialNumber, (ASN1Set) new DERSet(new DERPrintableString(x509Certificate.getSerialNumber().toString()))));
        if (map.size() != 0) {
            for (Map.Entry<String, byte[]> entry : map.entrySet()) {
                aSN1EncodableVector.add(new Attribute(new ASN1ObjectIdentifier(entry.getKey().toString()), (ASN1Set) new DERSet(new DERPrintableString(new String(entry.getValue())))));
            }
        }
        this.signedAttr2 = SigUtils.getAttributeSet(new AttributeTable(aSN1EncodableVector));
        return SigUtils.getAttributeSet(new AttributeTable(aSN1EncodableVector));
    }

    private static ASN1Set generateUnsignerInfo(Map<String, byte[]> map) {
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        if (map.size() == 0) {
            return null;
        }
        for (Map.Entry<String, byte[]> entry : map.entrySet()) {
            aSN1EncodableVector.add(new Attribute(new ASN1ObjectIdentifier(entry.getKey().toString()), (ASN1Set) new DERSet(new DERPrintableString(new String(entry.getValue())))));
        }
        return SigUtils.getAttributeSet(new AttributeTable(aSN1EncodableVector));
    }

    private ASN1OctetString firma(String str, PrivateKey privateKey) throws AOException {
        try {
            Signature signature = Signature.getInstance(str);
            try {
                byte[] encoded = this.signedAttr2.getEncoded(ASN1Encoding.DER);
                try {
                    signature.initSign(privateKey);
                    try {
                        signature.update(encoded);
                        try {
                            return new DEROctetString(signature.sign());
                        } catch (Exception e) {
                            throw new AOException("Error durante el proceso de firma", e);
                        }
                    } catch (SignatureException e2) {
                        throw new AOException("Error al configurar la informacion de firma", (Exception) e2);
                    }
                } catch (Exception e3) {
                    throw new AOException("Error al inicializar la firma con la clave privada", e3);
                }
            } catch (IOException e4) {
                throw new AOException("Error obteniendo los atributos firmados", (Exception) e4);
            }
        } catch (Exception e5) {
            throw new AOException("Error obteniendo la clase de firma para el algoritmo " + str, e5);
        }
    }
}
