package kz.gamma.hardware.cms;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import kz.gamma.hardware.asn1.ASN1EncodableVector;
import kz.gamma.hardware.asn1.ASN1InputStream;
import kz.gamma.hardware.asn1.ASN1Set;
import kz.gamma.hardware.asn1.BERConstructedOctetString;
import kz.gamma.hardware.asn1.DERNull;
import kz.gamma.hardware.asn1.DERObject;
import kz.gamma.hardware.asn1.DERObjectIdentifier;
import kz.gamma.hardware.asn1.DEROctetString;
import kz.gamma.hardware.asn1.DEROutputStream;
import kz.gamma.hardware.asn1.DERSet;
import kz.gamma.hardware.asn1.cms.AttributeTable;
import kz.gamma.hardware.asn1.cms.ContentInfo;
import kz.gamma.hardware.asn1.cms.IssuerAndSerialNumber;
import kz.gamma.hardware.asn1.cms.SignedData;
import kz.gamma.hardware.asn1.cms.SignerIdentifier;
import kz.gamma.hardware.asn1.cms.SignerInfo;
import kz.gamma.hardware.asn1.pkcs.PKCSObjectIdentifiers;
import kz.gamma.hardware.asn1.x509.AlgorithmIdentifier;
import kz.gamma.hardware.asn1.x509.TBSCertificateStructure;
import kz.gamma.hardware.crypto.pcsc.exception.PcscException;
import kz.gamma.hardware.jce.JCEPrivateKey;
import kz.gamma.hardware.jce.JCESignature;
import kz.gamma.hardware.util.UtilCM;

/* loaded from: input_file:kz/gamma/hardware/cms/CMSSignedDataGenerator.class */
public class CMSSignedDataGenerator extends CMSSignedGenerator {
    List signerInfs = new ArrayList();
    boolean isCertexCMS = false;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:kz/gamma/hardware/cms/CMSSignedDataGenerator$DigOutputStream.class */
    public static class DigOutputStream extends OutputStream {
        MessageDigest dig;

        public DigOutputStream(MessageDigest messageDigest) {
            this.dig = messageDigest;
        }

        @Override // java.io.OutputStream
        public void write(byte[] bArr, int i, int i2) throws IOException {
            this.dig.update(bArr, i, i2);
        }

        @Override // java.io.OutputStream
        public void write(int i) throws IOException {
            this.dig.update((byte) i);
        }
    }

    /* loaded from: input_file:kz/gamma/hardware/cms/CMSSignedDataGenerator$SigOutputStream.class */
    static class SigOutputStream extends OutputStream {
        JCESignature sig;

        public SigOutputStream(JCESignature jCESignature) {
            this.sig = jCESignature;
        }

        @Override // java.io.OutputStream
        public void write(byte[] bArr, int i, int i2) throws IOException {
            try {
                this.sig.update(bArr, i, i2);
            } catch (Exception e) {
                throw new IOException("signature problem: " + e);
            }
        }

        @Override // java.io.OutputStream
        public void write(int i) throws IOException {
            try {
                this.sig.update((byte) i);
            } catch (Exception e) {
                throw new IOException("signature problem: " + e);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:kz/gamma/hardware/cms/CMSSignedDataGenerator$SignerInf.class */
    public class SignerInf {
        JCEPrivateKey key;
        X509Certificate cert;
        String digestOID;
        String encOID;
        CMSAttributeTableGenerator sAttr;
        CMSAttributeTableGenerator unsAttr;
        AttributeTable baseSignedTable;

        SignerInf(JCEPrivateKey jCEPrivateKey, X509Certificate x509Certificate, String str, String str2) {
            this.key = jCEPrivateKey;
            this.cert = x509Certificate;
            this.digestOID = str;
            this.encOID = str2;
        }

        SignerInf(JCEPrivateKey jCEPrivateKey, X509Certificate x509Certificate, String str, String str2, CMSAttributeTableGenerator cMSAttributeTableGenerator, CMSAttributeTableGenerator cMSAttributeTableGenerator2, AttributeTable attributeTable) {
            this.key = jCEPrivateKey;
            this.cert = x509Certificate;
            this.digestOID = str;
            this.encOID = str2;
            this.sAttr = cMSAttributeTableGenerator;
            this.unsAttr = cMSAttributeTableGenerator2;
            this.baseSignedTable = attributeTable;
        }

        JCEPrivateKey getKey() {
            return this.key;
        }

        X509Certificate getCertificate() {
            return this.cert;
        }

        String getDigestAlgOID() {
            return this.digestOID;
        }

        byte[] getDigestAlgParams() {
            return null;
        }

        String getEncryptionAlgOID() {
            return this.encOID;
        }

        CMSAttributeTableGenerator getSignedAttributes() {
            return this.sAttr;
        }

        CMSAttributeTableGenerator getUnsignedAttributes() {
            return this.unsAttr;
        }

        SignerInfo toSignerInfo(DERObjectIdentifier dERObjectIdentifier, CMSProcessable cMSProcessable, JCESignature jCESignature, boolean z) throws IOException, CertificateEncodingException, CMSException, NoSuchProviderException, NoSuchAlgorithmException, PcscException {
            AttributeTable attributeTable;
            AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(new DERObjectIdentifier(getDigestAlgOID()), new DERNull());
            AlgorithmIdentifier encAlgorithmIdentifier = CMSSignedDataGenerator.this.getEncAlgorithmIdentifier(getEncryptionAlgOID());
            MessageDigest messageDigest = jCESignature.getMessageDigest();
            byte[] bArr = null;
            if (!CMSSignedDataGenerator.this.isCertexCMS && cMSProcessable != null) {
                cMSProcessable.write(new DigOutputStream(messageDigest));
                bArr = messageDigest.digest();
                CMSSignedDataGenerator.this._digests.put(this.digestOID, bArr.clone());
            }
            if (z) {
                attributeTable = this.sAttr != null ? this.sAttr.getAttributes(Collections.unmodifiableMap(CMSSignedDataGenerator.this.getBaseParameters(dERObjectIdentifier, algorithmIdentifier, bArr))) : null;
            } else {
                attributeTable = this.baseSignedTable;
            }
            ASN1Set attributeSet = CMSSignedDataGenerator.this.getAttributeSet(attributeTable);
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            if (attributeSet != null) {
                new DEROutputStream(byteArrayOutputStream).writeObject(attributeSet);
            } else {
                cMSProcessable.write(byteArrayOutputStream);
            }
            jCESignature.initSign(this.key);
            jCESignature.update(byteArrayOutputStream.toByteArray());
            DEROctetString dEROctetString = CMSSignedDataGenerator.this.isCertexCMS ? new DEROctetString(UtilCM.copyByte(jCESignature.sign(), 0, 64)) : new DEROctetString(jCESignature.sign());
            Map baseParameters = CMSSignedDataGenerator.this.getBaseParameters(dERObjectIdentifier, algorithmIdentifier, bArr);
            baseParameters.put("encryptedDigest", dEROctetString.getOctets().clone());
            ASN1Set attributeSet2 = CMSSignedDataGenerator.this.getAttributeSet(this.unsAttr != null ? this.unsAttr.getAttributes(Collections.unmodifiableMap(baseParameters)) : null);
            TBSCertificateStructure tBSCertificateStructure = TBSCertificateStructure.getInstance(new ASN1InputStream(new ByteArrayInputStream(getCertificate().getTBSCertificate())).readObject());
            return new SignerInfo(new SignerIdentifier(new IssuerAndSerialNumber(tBSCertificateStructure.getIssuer(), tBSCertificateStructure.getSerialNumber().getValue())), algorithmIdentifier, attributeSet, encAlgorithmIdentifier, dEROctetString, attributeSet2);
        }
    }

    public void addSigner(JCEPrivateKey jCEPrivateKey, X509Certificate x509Certificate, String str) throws IllegalArgumentException {
        this.signerInfs.add(new SignerInf(jCEPrivateKey, x509Certificate, str, getEncOID(jCEPrivateKey, str), new DefaultSignedAttributeTableGenerator(), null, null));
    }

    public void addSigner(JCEPrivateKey jCEPrivateKey, X509Certificate x509Certificate, String str, AttributeTable attributeTable, AttributeTable attributeTable2) throws IllegalArgumentException {
        this.signerInfs.add(new SignerInf(jCEPrivateKey, x509Certificate, str, getEncOID(jCEPrivateKey, str), new DefaultSignedAttributeTableGenerator(attributeTable), new SimpleAttributeTableGenerator(attributeTable2), attributeTable));
    }

    public void addSigner(JCEPrivateKey jCEPrivateKey, X509Certificate x509Certificate, String str, CMSAttributeTableGenerator cMSAttributeTableGenerator, CMSAttributeTableGenerator cMSAttributeTableGenerator2) throws IllegalArgumentException {
        this.signerInfs.add(new SignerInf(jCEPrivateKey, x509Certificate, str, getEncOID(jCEPrivateKey, str), cMSAttributeTableGenerator, cMSAttributeTableGenerator2, null));
    }

    private DERObject makeObj(byte[] bArr) throws IOException {
        if (bArr == null) {
            return null;
        }
        return new ASN1InputStream(new ByteArrayInputStream(bArr)).readObject();
    }

    private AlgorithmIdentifier makeAlgId(String str, byte[] bArr) throws IOException {
        return bArr != null ? new AlgorithmIdentifier(new DERObjectIdentifier(str), makeObj(bArr)) : new AlgorithmIdentifier(new DERObjectIdentifier(str), new DERNull());
    }

    public CMSSignedData generate(CMSProcessable cMSProcessable, JCESignature jCESignature) throws CMSException {
        return generate(cMSProcessable, false, jCESignature);
    }

    public CMSSignedData generate(String str, CMSProcessable cMSProcessable, boolean z, JCESignature jCESignature) throws CMSException {
        return generate(str, cMSProcessable, z, jCESignature, true);
    }

    public CMSSignedData generate(String str, CMSProcessable cMSProcessable, boolean z, JCESignature jCESignature, boolean z2) throws CMSException {
        ContentInfo contentInfo;
        BERConstructedOctetString bERConstructedOctetString;
        if (str.equals("1.3.6.1.4.1.6801.11.1.9")) {
            this.isCertexCMS = true;
        }
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        ASN1EncodableVector aSN1EncodableVector2 = new ASN1EncodableVector();
        DERObjectIdentifier dERObjectIdentifier = new DERObjectIdentifier(str);
        this._digests.clear();
        for (SignerInformation signerInformation : this._signers) {
            try {
                aSN1EncodableVector.add(makeAlgId(signerInformation.getDigestAlgOID(), signerInformation.getDigestAlgParams()));
                aSN1EncodableVector2.add(signerInformation.toSignerInfo());
            } catch (IOException e) {
                throw new CMSException("encoding error.", e);
            }
        }
        for (SignerInf signerInf : this.signerInfs) {
            try {
                aSN1EncodableVector.add(makeAlgId(signerInf.getDigestAlgOID(), signerInf.getDigestAlgParams()));
                aSN1EncodableVector2.add(signerInf.toSignerInfo(dERObjectIdentifier, cMSProcessable, jCESignature, z2));
            } catch (IOException e2) {
                throw new CMSException("encoding error.", e2);
            } catch (NoSuchAlgorithmException e3) {
                throw new CMSException("No such algorithm.", e3);
            } catch (NoSuchProviderException e4) {
                throw new CMSException("No such provider.", e4);
            } catch (CertificateEncodingException e5) {
                throw new CMSException("error creating sid.", e5);
            } catch (PcscException e6) {
                throw new CMSException("Crypto error.", e6);
            }
        }
        ASN1Set createBerSetFromList = this._certs.size() != 0 ? CMSUtils.createBerSetFromList(this._certs) : null;
        ASN1Set createBerSetFromList2 = this._crls.size() != 0 ? CMSUtils.createBerSetFromList(this._crls) : null;
        if (z) {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            try {
                cMSProcessable.write(byteArrayOutputStream);
                if (this.isCertexCMS) {
                    byte[] bArr = new byte[24];
                    System.arraycopy("1.3.6.1.4.1.6801.11.1.9".getBytes(), 0, bArr, 0, 23);
                    bERConstructedOctetString = new BERConstructedOctetString(bArr);
                } else {
                    bERConstructedOctetString = new BERConstructedOctetString(byteArrayOutputStream.toByteArray());
                }
                contentInfo = new ContentInfo(dERObjectIdentifier, bERConstructedOctetString);
            } catch (IOException e7) {
                throw new CMSException("encapsulation error.", e7);
            }
        } else {
            contentInfo = new ContentInfo(dERObjectIdentifier, null);
        }
        return new CMSSignedData(cMSProcessable, new ContentInfo(PKCSObjectIdentifiers.signedData, new SignedData(new DERSet(aSN1EncodableVector), contentInfo, createBerSetFromList, createBerSetFromList2, new DERSet(aSN1EncodableVector2))));
    }

    public CMSSignedData generate(CMSProcessable cMSProcessable, boolean z, JCESignature jCESignature) throws CMSException {
        return generate(DATA, cMSProcessable, z, jCESignature);
    }
}
