package es.gob.afirma.signers.cades;

import es.gob.afirma.core.misc.Base64;
import es.gob.afirma.core.signers.AOSignConstants;
import es.gob.afirma.core.signers.AdESPolicy;
import es.gob.afirma.signers.pkcs7.AOAlgorithmID;
import es.gob.afirma.signers.pkcs7.SigUtils;
import java.io.IOException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.Date;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.ASN1Set;
import org.bouncycastle.asn1.DERIA5String;
import org.bouncycastle.asn1.DERObjectIdentifier;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.DERSet;
import org.bouncycastle.asn1.DERUTCTime;
import org.bouncycastle.asn1.DERUTF8String;
import org.bouncycastle.asn1.cms.Attribute;
import org.bouncycastle.asn1.cms.CMSAttributes;
import org.bouncycastle.asn1.ess.ContentHints;
import org.bouncycastle.asn1.ess.ESSCertID;
import org.bouncycastle.asn1.ess.ESSCertIDv2;
import org.bouncycastle.asn1.ess.SigningCertificate;
import org.bouncycastle.asn1.ess.SigningCertificateV2;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.DigestInfo;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.asn1.x509.IssuerSerial;
import org.bouncycastle.asn1.x509.PolicyInformation;
import org.bouncycastle.asn1.x509.PolicyQualifierId;
import org.bouncycastle.asn1.x509.PolicyQualifierInfo;
import org.bouncycastle.asn1.x509.TBSCertificateStructure;

/* loaded from: input_file:es/gob/afirma/signers/cades/CAdESUtils.class */
public final class CAdESUtils {
    private CAdESUtils() {
    }

    public static ASN1EncodableVector generateSignerInfo(X509Certificate x509Certificate, String str, byte[] bArr, AdESPolicy adESPolicy, boolean z, byte[] bArr2, Date date, boolean z2, String str2, String str3) throws NoSuchAlgorithmException, IOException, CertificateEncodingException {
        SigningCertificate signingCertificate;
        AlgorithmIdentifier makeAlgId = SigUtils.makeAlgId(AOAlgorithmID.getOID(str));
        ASN1EncodableVector initContexExpecific = initContexExpecific(str, bArr, PKCSObjectIdentifiers.data.getId(), bArr2, date, z2);
        if (z) {
            TBSCertificateStructure tBSCertificateStructure = TBSCertificateStructure.getInstance(ASN1Primitive.fromByteArray(x509Certificate.getTBSCertificate()));
            ESSCertIDv2[] eSSCertIDv2Arr = {new ESSCertIDv2(makeAlgId, MessageDigest.getInstance(str).digest(x509Certificate.getEncoded()), new IssuerSerial(new GeneralNames(new GeneralName(tBSCertificateStructure.getIssuer())), tBSCertificateStructure.getSerialNumber()))};
            initContexExpecific.add(new Attribute(PKCSObjectIdentifiers.id_aa_signingCertificateV2, (ASN1Set) new DERSet(adESPolicy.getPolicyIdentifier() != null ? new SigningCertificateV2(eSSCertIDv2Arr, getPolicyInformation(adESPolicy)) : new SigningCertificateV2(eSSCertIDv2Arr))));
        } else {
            TBSCertificateStructure tBSCertificateStructure2 = TBSCertificateStructure.getInstance(ASN1Primitive.fromByteArray(x509Certificate.getTBSCertificate()));
            ESSCertID eSSCertID = new ESSCertID(MessageDigest.getInstance(str).digest(x509Certificate.getEncoded()), new IssuerSerial(new GeneralNames(new GeneralName(tBSCertificateStructure2.getIssuer())), tBSCertificateStructure2.getSerialNumber()));
            if (adESPolicy.getPolicyIdentifier() != null) {
                ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
                aSN1EncodableVector.add(new DERSequence(eSSCertID));
                aSN1EncodableVector.add(new DERSequence(getPolicyInformation(adESPolicy)));
                signingCertificate = SigningCertificate.getInstance(new DERSequence(aSN1EncodableVector));
            } else {
                signingCertificate = new SigningCertificate(eSSCertID);
            }
            initContexExpecific.add(new Attribute(PKCSObjectIdentifiers.id_aa_signingCertificate, (ASN1Set) new DERSet(signingCertificate)));
        }
        if (adESPolicy.getPolicyIdentifier() != null) {
            DERObjectIdentifier dERObjectIdentifier = new DERObjectIdentifier(adESPolicy.getPolicyIdentifier().toLowerCase().replace("urn:oid:", ""));
            DigestInfo digestInfo = new DigestInfo(adESPolicy.getPolicyIdentifierHashAlgorithm() != null ? SigUtils.makeAlgId(AOAlgorithmID.getOID(AOSignConstants.getDigestAlgorithmName(adESPolicy.getPolicyIdentifierHashAlgorithm()))) : makeAlgId, adESPolicy.getPolicyIdentifierHash() != null ? Base64.decode(adESPolicy.getPolicyIdentifierHash()) : new byte[]{0});
            AOSigPolicyQualifierInfo aOSigPolicyQualifierInfo = null;
            if (adESPolicy.getPolicyQualifier() != null) {
                aOSigPolicyQualifierInfo = new AOSigPolicyQualifierInfo(adESPolicy.getPolicyQualifier().toString());
            }
            ASN1EncodableVector aSN1EncodableVector2 = new ASN1EncodableVector();
            aSN1EncodableVector2.add(dERObjectIdentifier);
            aSN1EncodableVector2.add(digestInfo.toASN1Primitive());
            if (aOSigPolicyQualifierInfo != null) {
                aSN1EncodableVector2.add(new DERSequence(aOSigPolicyQualifierInfo.toASN1Primitive()));
            }
            initContexExpecific.add(new Attribute(PKCSObjectIdentifiers.id_aa_ets_sigPolicyId, (ASN1Set) new DERSet(new DERSequence(aSN1EncodableVector2).toASN1Primitive())));
        }
        if (str2 != null && !z2) {
            initContexExpecific.add(new Attribute(PKCSObjectIdentifiers.id_aa_contentHint, (ASN1Set) new DERSet((str3 != null ? new ContentHints(new ASN1ObjectIdentifier(str2), new DERUTF8String(str3)) : new ContentHints(new ASN1ObjectIdentifier(str2))).toASN1Primitive())));
        }
        return initContexExpecific;
    }

    private static PolicyInformation[] getPolicyInformation(AdESPolicy adESPolicy) {
        if (adESPolicy == null) {
            throw new IllegalArgumentException("La politica de firma no puede ser nula en este punto");
        }
        PolicyQualifierId policyQualifierId = PolicyQualifierId.id_qt_cps;
        DERIA5String dERIA5String = null;
        if (adESPolicy.getPolicyQualifier() != null && !adESPolicy.getPolicyQualifier().equals("")) {
            dERIA5String = new DERIA5String(adESPolicy.getPolicyQualifier().toString());
        }
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        PolicyQualifierInfo policyQualifierInfo = null;
        if (dERIA5String != null) {
            aSN1EncodableVector.add(policyQualifierId);
            aSN1EncodableVector.add(dERIA5String);
            policyQualifierInfo = new PolicyQualifierInfo(new DERSequence(aSN1EncodableVector));
        }
        return (adESPolicy.getPolicyQualifier() == null || policyQualifierInfo == null) ? new PolicyInformation[]{new PolicyInformation(new ASN1ObjectIdentifier(adESPolicy.getPolicyIdentifier().toLowerCase().replace("urn:oid:", "")))} : new PolicyInformation[]{new PolicyInformation(new ASN1ObjectIdentifier(adESPolicy.getPolicyIdentifier().toLowerCase().replace("urn:oid:", "")), new DERSequence(policyQualifierInfo))};
    }

    static ASN1EncodableVector initContexExpecific(String str, byte[] bArr, String str2, byte[] bArr2, Date date, boolean z) throws NoSuchAlgorithmException {
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        if (str2 != null) {
            aSN1EncodableVector.add(new Attribute(CMSAttributes.contentType, (ASN1Set) new DERSet(new DERObjectIdentifier(str2))));
        }
        if (!z) {
            aSN1EncodableVector.add(new Attribute(CMSAttributes.signingTime, (ASN1Set) new DERSet(new DERUTCTime(date))));
        }
        aSN1EncodableVector.add(new Attribute(CMSAttributes.messageDigest, (ASN1Set) new DERSet(new DEROctetString(bArr2 != null ? bArr2 : MessageDigest.getInstance(str).digest(bArr)))));
        return aSN1EncodableVector;
    }
}
