package br.net.woodstock.rockframework.security.timestamp.impl;

import br.net.woodstock.rockframework.security.Alias;
import br.net.woodstock.rockframework.security.sign.SignatureType;
import br.net.woodstock.rockframework.security.store.PrivateKeyEntry;
import br.net.woodstock.rockframework.security.store.Store;
import br.net.woodstock.rockframework.security.store.StoreEntryType;
import br.net.woodstock.rockframework.security.timestamp.TimeStampException;
import br.net.woodstock.rockframework.security.timestamp.TimeStampServer;
import br.net.woodstock.rockframework.security.util.BouncyCastleProviderHelper;
import br.net.woodstock.rockframework.text.impl.RandomGenerator;
import br.net.woodstock.rockframework.util.Assert;
import java.math.BigInteger;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Date;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.cert.jcajce.JcaCertStore;
import org.bouncycastle.cms.SignerInfoGenerator;
import org.bouncycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.DigestCalculatorProvider;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;
import org.bouncycastle.tsp.TSPAlgorithms;
import org.bouncycastle.tsp.TimeStampRequest;
import org.bouncycastle.tsp.TimeStampResponse;
import org.bouncycastle.tsp.TimeStampResponseGenerator;
import org.bouncycastle.tsp.TimeStampTokenGenerator;

/* loaded from: input_file:br/net/woodstock/rockframework/security/timestamp/impl/BouncyCastleTimeStampServer.class */
public class BouncyCastleTimeStampServer implements TimeStampServer {
    private static final String TSA_POLICY_ID = "1.2";
    private TimeStampTokenGenerator timeStampTokenGenerator;
    private RandomGenerator randomGenerator = new RandomGenerator(32, RandomGenerator.RandomPattern.DIGITS);

    public BouncyCastleTimeStampServer(Store store, Alias alias) {
        Assert.notNull(store, "store");
        Assert.notNull(alias, "alias");
        PrivateKeyEntry privateKeyEntry = (PrivateKeyEntry) store.get(alias, StoreEntryType.PRIVATE_KEY);
        if (privateKeyEntry == null) {
            throw new TimeStampException("Private key not found for " + alias);
        }
        init(privateKeyEntry.getValue(), privateKeyEntry.getChain());
    }

    public BouncyCastleTimeStampServer(PrivateKey privateKey, Certificate[] certificateArr) {
        Assert.notNull(privateKey, "privateKey");
        Assert.notEmpty(certificateArr, "chain");
        init(privateKey, certificateArr);
    }

    private void init(PrivateKey privateKey, Certificate[] certificateArr) {
        try {
            Certificate certificate = certificateArr[0];
            JcaContentSignerBuilder jcaContentSignerBuilder = new JcaContentSignerBuilder(SignatureType.SHA1_RSA.getAlgorithm());
            jcaContentSignerBuilder.setProvider(BouncyCastleProviderHelper.PROVIDER_NAME);
            ContentSigner build = jcaContentSignerBuilder.build(privateKey);
            JcaDigestCalculatorProviderBuilder jcaDigestCalculatorProviderBuilder = new JcaDigestCalculatorProviderBuilder();
            jcaDigestCalculatorProviderBuilder.setProvider(BouncyCastleProviderHelper.PROVIDER_NAME);
            DigestCalculatorProvider build2 = jcaDigestCalculatorProviderBuilder.build();
            SignerInfoGenerator build3 = new JcaSignerInfoGeneratorBuilder(build2).build(build, (X509Certificate) certificate);
            this.timeStampTokenGenerator = new TimeStampTokenGenerator(build2.get(build3.getDigestAlgorithm()), build3, new ASN1ObjectIdentifier(TSA_POLICY_ID));
            this.timeStampTokenGenerator.addCertificates(new JcaCertStore(Arrays.asList(certificateArr)));
        } catch (Exception e) {
            throw new TimeStampException(e);
        }
    }

    @Override // br.net.woodstock.rockframework.security.timestamp.TimeStampServer
    public byte[] getTimeStamp(byte[] bArr) {
        try {
            TimeStampRequest timeStampRequest = new TimeStampRequest(bArr);
            TimeStampResponse generate = new TimeStampResponseGenerator(this.timeStampTokenGenerator, TSPAlgorithms.ALLOWED).generate(timeStampRequest, getSerialNumber(), new Date());
            generate.validate(timeStampRequest);
            return generate.getEncoded();
        } catch (Exception e) {
            throw new TimeStampException(e);
        }
    }

    private BigInteger getSerialNumber() {
        return new BigInteger(System.currentTimeMillis() + this.randomGenerator.generate());
    }
}
