package es.gob.afirma.envelopers.cms;

import es.gob.afirma.core.ciphers.AOCipherConfig;
import es.gob.afirma.core.signers.AOSignConstants;
import es.gob.afirma.signers.pkcs7.AOAlgorithmID;
import es.gob.afirma.signers.pkcs7.P7ContentSignerParameters;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Date;
import java.util.Enumeration;
import java.util.Map;
import javax.crypto.BadPaddingException;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1Encoding;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.ASN1Set;
import org.bouncycastle.asn1.ASN1TaggedObject;
import org.bouncycastle.asn1.BEROctetString;
import org.bouncycastle.asn1.DERObjectIdentifier;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.DERPrintableString;
import org.bouncycastle.asn1.DERSet;
import org.bouncycastle.asn1.DERTaggedObject;
import org.bouncycastle.asn1.DERUTCTime;
import org.bouncycastle.asn1.cms.Attribute;
import org.bouncycastle.asn1.cms.AttributeTable;
import org.bouncycastle.asn1.cms.AuthenticatedData;
import org.bouncycastle.asn1.cms.CMSAttributes;
import org.bouncycastle.asn1.cms.ContentInfo;
import org.bouncycastle.asn1.cms.OriginatorInfo;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.x500.style.RFC4519Style;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.cms.CMSProcessableByteArray;

/* loaded from: input_file:es/gob/afirma/envelopers/cms/CMSAuthenticatedData.class */
final class CMSAuthenticatedData {
    private CMSAuthenticatedData() {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static byte[] genAuthenticatedData(P7ContentSignerParameters p7ContentSignerParameters, X509Certificate[] x509CertificateArr, String str, AOCipherConfig aOCipherConfig, X509Certificate[] x509CertificateArr2, String str2, boolean z, Map<String, byte[]> map, Map<String, byte[]> map2, Integer num) throws IOException, CertificateEncodingException, NoSuchAlgorithmException, InvalidKeyException, NoSuchPaddingException, InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException {
        SecretKey initEnvelopedData = Utils.initEnvelopedData(aOCipherConfig, x509CertificateArr2, num);
        byte[] content = p7ContentSignerParameters.getContent();
        ASN1Set fetchCertificatesList = Utils.fetchCertificatesList(x509CertificateArr);
        OriginatorInfo originatorInfo = null;
        if (x509CertificateArr.length != 0) {
            originatorInfo = new OriginatorInfo(fetchCertificatesList, SigUtils.createBerSetFromList(new ArrayList()));
        }
        Info initVariables = Utils.initVariables(content, aOCipherConfig, x509CertificateArr2, initEnvelopedData);
        AlgorithmIdentifier makeAlgId = SigUtils.makeAlgId(aOCipherConfig.getAlgorithm().getOid());
        String digestAlgorithmName = AOSignConstants.getDigestAlgorithmName(p7ContentSignerParameters.getSignatureAlgorithm());
        AlgorithmIdentifier makeAlgId2 = SigUtils.makeAlgId(AOAlgorithmID.getOID(digestAlgorithmName));
        ASN1ObjectIdentifier aSN1ObjectIdentifier = new ASN1ObjectIdentifier(str2);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            new CMSProcessableByteArray(content).write(byteArrayOutputStream);
            ContentInfo contentInfo = new ContentInfo(aSN1ObjectIdentifier, new BEROctetString(byteArrayOutputStream.toByteArray()));
            ASN1Set generateSignedAtt = generateSignedAtt(x509CertificateArr[0], digestAlgorithmName, content, str2, z, map);
            return new ContentInfo(PKCSObjectIdentifiers.id_ct_authData, new AuthenticatedData(originatorInfo, new DERSet(initVariables.getRecipientInfos()), makeAlgId, makeAlgId2, contentInfo, generateSignedAtt, new DEROctetString(Utils.genMac(str, generateSignedAtt.getEncoded(ASN1Encoding.DER), initEnvelopedData)), Utils.generateUnsignedAtt(map2))).getEncoded(ASN1Encoding.DER);
        } catch (CMSException e) {
            throw new IOException("Error en la escritura del procesable CMS: " + e, e);
        }
    }

    private static ASN1Set generateSignedAtt(X509Certificate x509Certificate, String str, byte[] bArr, String str2, boolean z, Map<String, byte[]> map) throws NoSuchAlgorithmException {
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        aSN1EncodableVector.add(new Attribute(CMSAttributes.contentType, (ASN1Set) new DERSet(new DERObjectIdentifier(str2))));
        if (z) {
            aSN1EncodableVector.add(new Attribute(CMSAttributes.signingTime, (ASN1Set) new DERSet(new DERUTCTime(new Date()))));
        }
        aSN1EncodableVector.add(new Attribute(CMSAttributes.messageDigest, (ASN1Set) new DERSet(new DEROctetString((byte[]) MessageDigest.getInstance(AOSignConstants.getDigestAlgorithmName(str)).digest(bArr).clone()))));
        aSN1EncodableVector.add(new Attribute(RFC4519Style.serialNumber, (ASN1Set) new DERSet(new DERPrintableString(x509Certificate.getSerialNumber().toString()))));
        if (map.size() != 0) {
            for (Map.Entry<String, byte[]> entry : map.entrySet()) {
                aSN1EncodableVector.add(new Attribute(new ASN1ObjectIdentifier(entry.getKey().toString()), (ASN1Set) new DERSet(new DERPrintableString(new String(entry.getValue())))));
            }
        }
        return SigUtils.getAttributeSet(new AttributeTable(aSN1EncodableVector));
    }

    static byte[] addOriginatorInfo(InputStream inputStream, X509Certificate[] x509CertificateArr) throws IOException, CertificateEncodingException {
        ASN1InputStream aSN1InputStream = new ASN1InputStream(inputStream);
        ASN1Sequence aSN1Sequence = (ASN1Sequence) aSN1InputStream.readObject();
        aSN1InputStream.close();
        Enumeration objects = aSN1Sequence.getObjects();
        if (!((DERObjectIdentifier) objects.nextElement()).equals(PKCSObjectIdentifiers.id_ct_authData)) {
            return null;
        }
        ASN1TaggedObject aSN1TaggedObject = (ASN1TaggedObject) objects.nextElement();
        AuthenticatedData authenticatedData = new AuthenticatedData((ASN1Sequence) aSN1TaggedObject.getObject());
        AlgorithmIdentifier extractAOIfromAuth = extractAOIfromAuth((ASN1Sequence) aSN1TaggedObject.getObject());
        OriginatorInfo originatorInfo = authenticatedData.getOriginatorInfo();
        ASN1Set aSN1Set = null;
        if (originatorInfo != null) {
            aSN1Set = originatorInfo.getCertificates();
        }
        OriginatorInfo checkCertificates = Utils.checkCertificates(x509CertificateArr, aSN1Set);
        if (checkCertificates != null) {
            originatorInfo = checkCertificates;
        }
        return new ContentInfo(PKCSObjectIdentifiers.id_ct_authData, new AuthenticatedData(originatorInfo, authenticatedData.getRecipientInfos(), authenticatedData.getMacAlgorithm(), extractAOIfromAuth, authenticatedData.getEncapsulatedContentInfo(), authenticatedData.getAuthAttrs(), authenticatedData.getMac(), authenticatedData.getUnauthAttrs())).getEncoded(ASN1Encoding.DER);
    }

    private static AlgorithmIdentifier extractAOIfromAuth(ASN1Sequence aSN1Sequence) {
        Enumeration objects = aSN1Sequence.getObjects();
        objects.nextElement();
        objects.nextElement();
        objects.nextElement();
        objects.nextElement();
        return new AlgorithmIdentifier((ASN1Sequence) ((DERTaggedObject) objects.nextElement()).getObject());
    }
}
