package br.net.woodstock.rockframework.security.sign.impl;

import br.net.woodstock.rockframework.security.Alias;
import br.net.woodstock.rockframework.security.sign.PKCS7SignatureParameters;
import br.net.woodstock.rockframework.security.sign.PKCS7Signer;
import br.net.woodstock.rockframework.security.sign.Signatory;
import br.net.woodstock.rockframework.security.sign.Signature;
import br.net.woodstock.rockframework.security.sign.SignatureType;
import br.net.woodstock.rockframework.security.sign.SignerException;
import br.net.woodstock.rockframework.security.store.PrivateKeyEntry;
import br.net.woodstock.rockframework.security.store.StoreEntryType;
import br.net.woodstock.rockframework.security.timestamp.TimeStampClient;
import br.net.woodstock.rockframework.security.timestamp.impl.BouncyCastleTimeStampHelper;
import br.net.woodstock.rockframework.security.util.BouncyCastleProviderHelper;
import br.net.woodstock.rockframework.util.Assert;
import br.net.woodstock.rockframework.util.Require;
import br.net.woodstock.rockframework.utils.CollectionUtils;
import br.net.woodstock.rockframework.utils.ConditionUtils;
import java.io.IOException;
import java.math.BigInteger;
import java.security.PrivateKey;
import java.security.cert.CRLException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Hashtable;
import java.util.Iterator;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.BERConstructedOctetString;
import org.bouncycastle.asn1.DERObject;
import org.bouncycastle.asn1.DERObjectIdentifier;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.DERSet;
import org.bouncycastle.asn1.cms.Attribute;
import org.bouncycastle.asn1.cms.AttributeTable;
import org.bouncycastle.asn1.cms.CMSObjectIdentifiers;
import org.bouncycastle.asn1.cms.ContentInfo;
import org.bouncycastle.asn1.cms.SignedData;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaCRLStore;
import org.bouncycastle.cert.jcajce.JcaCertStore;
import org.bouncycastle.cms.CMSProcessableByteArray;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.cms.CMSSignedDataGenerator;
import org.bouncycastle.cms.SignerId;
import org.bouncycastle.cms.SignerInformation;
import org.bouncycastle.cms.SignerInformationStore;
import org.bouncycastle.cms.SignerInformationVerifier;
import org.bouncycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.ContentVerifierProvider;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.operator.jcajce.JcaContentVerifierProviderBuilder;
import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;
import org.bouncycastle.tsp.TimeStampToken;
import org.bouncycastle.util.CollectionStore;
import org.bouncycastle.util.Selector;
import org.bouncycastle.util.Store;

/* loaded from: input_file:br/net/woodstock/rockframework/security/sign/impl/BouncyCastlePKCS7Signer.class */
public class BouncyCastlePKCS7Signer implements PKCS7Signer {
    private PKCS7SignatureParameters parameters;

    public BouncyCastlePKCS7Signer(PKCS7SignatureParameters pKCS7SignatureParameters) {
        this.parameters = pKCS7SignatureParameters;
    }

    @Override // br.net.woodstock.rockframework.security.sign.Signer
    public byte[] sign(byte[] bArr) {
        Require.notNull(this.parameters, "parameters");
        Assert.notEmpty(bArr, "data");
        try {
            CMSSignedDataGenerator cMSSignedDataGenerator = new CMSSignedDataGenerator();
            TimeStampClient timeStampClient = this.parameters.getTimeStampClient();
            for (Alias alias : this.parameters.getAliases()) {
                PrivateKeyEntry privateKeyEntry = (PrivateKeyEntry) this.parameters.getStore().get(alias, StoreEntryType.PRIVATE_KEY);
                if (privateKeyEntry == null) {
                    throw new SignerException("PrivateKey not found for alias '" + alias.getName() + "'");
                }
                PrivateKey value = privateKeyEntry.getValue();
                Certificate[] chain = privateKeyEntry.getChain();
                Certificate certificate = chain[0];
                JcaContentSignerBuilder jcaContentSignerBuilder = new JcaContentSignerBuilder(SignatureType.SHA1_RSA.getAlgorithm());
                jcaContentSignerBuilder.setProvider(BouncyCastleProviderHelper.PROVIDER_NAME);
                ContentSigner build = jcaContentSignerBuilder.build(value);
                JcaDigestCalculatorProviderBuilder jcaDigestCalculatorProviderBuilder = new JcaDigestCalculatorProviderBuilder();
                jcaDigestCalculatorProviderBuilder.setProvider(BouncyCastleProviderHelper.PROVIDER_NAME);
                cMSSignedDataGenerator.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(jcaDigestCalculatorProviderBuilder.build()).build(build, (X509Certificate) certificate));
                cMSSignedDataGenerator.addCertificates(getCertificateStore(chain));
            }
            CMSSignedData generate = cMSSignedDataGenerator.generate(new CMSProcessableByteArray(bArr), true);
            if (timeStampClient != null) {
                SignerInformationStore signerInfos = generate.getSignerInfos();
                ArrayList arrayList = new ArrayList();
                for (SignerInformation signerInformation : signerInfos.getSigners()) {
                    DERSet dERSet = new DERSet(new ASN1InputStream(timeStampClient.getTimeStamp(signerInformation.getSignature()).getEncoded()).readObject());
                    Hashtable hashtable = new Hashtable();
                    hashtable.put(PKCSObjectIdentifiers.id_aa_signatureTimeStampToken, new Attribute(PKCSObjectIdentifiers.id_aa_signatureTimeStampToken, dERSet));
                    arrayList.add(SignerInformation.replaceUnsignedAttributes(signerInformation, new AttributeTable(hashtable)));
                }
                generate = CMSSignedData.replaceSigners(generate, new SignerInformationStore(arrayList));
            }
            return generate.getEncoded();
        } catch (Exception e) {
            throw new SignerException(e);
        }
    }

    @Override // br.net.woodstock.rockframework.security.sign.Signer
    public boolean verify(byte[] bArr, byte[] bArr2) {
        Assert.notEmpty(bArr, "data");
        Assert.notEmpty(bArr2, "signature");
        try {
            CMSSignedData cMSSignedData = new CMSSignedData(bArr2);
            CollectionStore certificates = cMSSignedData.getCertificates();
            boolean z = true;
            for (SignerInformation signerInformation : cMSSignedData.getSignerInfos().getSigners()) {
                Collection<Certificate> matches = certificates.getMatches((Selector) null);
                if (!matches.isEmpty()) {
                    for (Certificate certificate : matches) {
                        JcaContentVerifierProviderBuilder jcaContentVerifierProviderBuilder = new JcaContentVerifierProviderBuilder();
                        jcaContentVerifierProviderBuilder.setProvider(BouncyCastleProviderHelper.PROVIDER_NAME);
                        ContentVerifierProvider build = jcaContentVerifierProviderBuilder.build((X509Certificate) certificate);
                        JcaDigestCalculatorProviderBuilder jcaDigestCalculatorProviderBuilder = new JcaDigestCalculatorProviderBuilder();
                        jcaDigestCalculatorProviderBuilder.setProvider(BouncyCastleProviderHelper.PROVIDER_NAME);
                        if (!signerInformation.verify(new SignerInformationVerifier(build, jcaDigestCalculatorProviderBuilder.build()))) {
                            z = false;
                        }
                    }
                }
            }
            if (z) {
                z = Arrays.equals(bArr, (byte[]) cMSSignedData.getSignedContent().getContent());
            }
            return z;
        } catch (Exception e) {
            throw new SignerException(e);
        }
    }

    @Override // br.net.woodstock.rockframework.security.sign.DocumentSigner
    public Signature[] getSignatures(byte[] bArr) {
        try {
            CMSSignedData cMSSignedData = new CMSSignedData(bArr);
            Collection matches = cMSSignedData.getCertificates().getMatches((Selector) null);
            Collection<SignerInformation> signers = cMSSignedData.getSignerInfos().getSigners();
            ArrayList arrayList = new ArrayList();
            if (ConditionUtils.isNotEmpty(signers)) {
                for (SignerInformation signerInformation : signers) {
                    Signature signature = new Signature();
                    signature.setEncoded(null);
                    signature.setLocation(null);
                    signature.setReason(null);
                    signature.setSignatories(new ArrayList());
                    signature.setValid(Boolean.TRUE);
                    AttributeTable signedAttributes = signerInformation.getSignedAttributes();
                    AttributeTable unsignedAttributes = signerInformation.getUnsignedAttributes();
                    DERSequence attribute = getAttribute(signedAttributes, unsignedAttributes, PKCSObjectIdentifiers.id_aa_signatureTimeStampToken);
                    DERSequence attribute2 = getAttribute(signedAttributes, unsignedAttributes, PKCSObjectIdentifiers.pkcs_9_at_signingTime);
                    if (attribute != null && attribute.size() == 2) {
                        DERObject aSN1Object = attribute.getObjectAt(0).toASN1Object();
                        DERSet aSN1Object2 = attribute.getObjectAt(1).toASN1Object();
                        if ((aSN1Object instanceof ASN1ObjectIdentifier) && (aSN1Object2 instanceof DERSet)) {
                            signature.setTimeStamp(BouncyCastleTimeStampHelper.toTimeStamp(new TimeStampToken(new CMSSignedData(aSN1Object2.getObjectAt(0).getDERObject().getEncoded()))));
                        }
                    }
                    if (attribute2 != null) {
                        DERObject aSN1Object3 = attribute2.getObjectAt(0).toASN1Object();
                        DERSet aSN1Object4 = attribute2.getObjectAt(1).toASN1Object();
                        if ((aSN1Object3 instanceof ASN1ObjectIdentifier) && (aSN1Object4 instanceof DERSet)) {
                            signature.setDate(aSN1Object4.getObjectAt(0).getAdjustedDate());
                        }
                    }
                    SignerId sid = signerInformation.getSID();
                    if (sid != null) {
                        BigInteger serialNumber = sid.getSerialNumber();
                        X509CertificateHolder x509CertificateHolder = null;
                        Iterator it = matches.iterator();
                        while (true) {
                            if (!it.hasNext()) {
                                break;
                            }
                            X509CertificateHolder x509CertificateHolder2 = (X509CertificateHolder) it.next();
                            if (x509CertificateHolder2.getSerialNumber().equals(serialNumber)) {
                                x509CertificateHolder = x509CertificateHolder2;
                                break;
                            }
                        }
                        if (x509CertificateHolder != null) {
                            Signatory signatory = new Signatory();
                            signatory.setSubject(BouncyCastleProviderHelper.getName(x509CertificateHolder.getSubject()));
                            signatory.setIssuer(BouncyCastleProviderHelper.getName(x509CertificateHolder.getIssuer()));
                            signatory.setCertificate(BouncyCastleProviderHelper.getCertificate(x509CertificateHolder));
                            signature.getSignatories().add(signatory);
                        }
                    }
                    arrayList.add(signature);
                }
            }
            return (Signature[]) CollectionUtils.toArray(arrayList, Signature.class);
        } catch (Exception e) {
            throw new SignerException(e);
        }
    }

    protected byte[] encapsulateContent(byte[] bArr, byte[] bArr2) throws IOException {
        SignedData signedData = new SignedData(new ContentInfo(new ASN1InputStream(bArr2).readObject()).getContent());
        return new ContentInfo(PKCSObjectIdentifiers.signedData, new SignedData(signedData.getDigestAlgorithms(), new ContentInfo(CMSObjectIdentifiers.data, new BERConstructedOctetString(bArr)), signedData.getCertificates(), signedData.getCRLs(), signedData.getSignerInfos())).getDEREncoded();
    }

    protected Store getCertificateStore(Certificate[] certificateArr) throws CertificateEncodingException {
        return new JcaCertStore(Arrays.asList(certificateArr));
    }

    protected Store getCRLStore() throws CRLException {
        return new JcaCRLStore(new ArrayList());
    }

    private DERSequence getAttribute(AttributeTable attributeTable, AttributeTable attributeTable2, DERObjectIdentifier dERObjectIdentifier) {
        DERSequence dERSequence = null;
        if (attributeTable != null && attributeTable.get(dERObjectIdentifier) != null) {
            dERSequence = (DERSequence) attributeTable.get(dERObjectIdentifier).getDERObject();
        } else if (attributeTable2 != null && attributeTable2.get(dERObjectIdentifier) != null) {
            dERSequence = attributeTable2.get(dERObjectIdentifier).getDERObject();
        }
        return dERSequence;
    }
}
