package org.jscep.pkcs7;

import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CRLException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.HashSet;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Set;
import java.util.logging.Logger;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1Object;
import org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.DEREncodable;
import org.bouncycastle.asn1.DEREncodableVector;
import org.bouncycastle.asn1.DERNull;
import org.bouncycastle.asn1.DERObjectIdentifier;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.DEROutputStream;
import org.bouncycastle.asn1.DERSet;
import org.bouncycastle.asn1.cms.AttributeTable;
import org.bouncycastle.asn1.cms.ContentInfo;
import org.bouncycastle.asn1.cms.IssuerAndSerialNumber;
import org.bouncycastle.asn1.cms.SignedData;
import org.bouncycastle.asn1.cms.SignerIdentifier;
import org.bouncycastle.asn1.cms.SignerInfo;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.jscep.pkcs9.ContentTypeAttribute;
import org.jscep.pkcs9.MessageDigestAttribute;
import org.jscep.util.AlgorithmDictionary;
import org.jscep.util.LoggingUtil;
import org.jscep.x509.X509Util;

/* loaded from: input_file:org/jscep/pkcs7/SignedDataGenerator.class */
public class SignedDataGenerator {
    private static Logger LOGGER = LoggingUtil.getLogger((Class<?>) SignedDataGenerator.class);
    private final List<X509Certificate> certs = new LinkedList();
    private final List<X509CRL> crls = new LinkedList();
    private final Set<SignerInformation> signerInfos = new HashSet();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/jscep/pkcs7/SignedDataGenerator$SignerInformation.class */
    public class SignerInformation {
        private final PrivateKey privateKey;
        private final X509Certificate certificate;
        private final AlgorithmIdentifier digestAlgorithm;
        private final AttributeTable authenticatedAttributes;
        private final AlgorithmIdentifier digestEncryptionAlgorithm = AlgorithmDictionary.getAlgId("RSA");
        private final AttributeTable unauthenticatedAttributes;

        public SignerInformation(PrivateKey privateKey, X509Certificate x509Certificate, AlgorithmIdentifier algorithmIdentifier, AttributeTable attributeTable, AttributeTable attributeTable2) {
            this.privateKey = privateKey;
            this.certificate = x509Certificate;
            this.digestAlgorithm = algorithmIdentifier;
            this.authenticatedAttributes = attributeTable;
            this.unauthenticatedAttributes = attributeTable2;
        }

        public AlgorithmIdentifier getDigestAlgorithm() {
            return this.digestAlgorithm;
        }

        private SignerIdentifier getSignerIdentifier() {
            return new SignerIdentifier(getIssuerAndSerialNumber());
        }

        private IssuerAndSerialNumber getIssuerAndSerialNumber() {
            return X509Util.toIssuerAndSerialNumber(this.certificate);
        }

        private DERSet getAuthenticatedAttributes(ContentInfo contentInfo) throws NoSuchAlgorithmException, IOException {
            if (contentInfo.getContentType().equals(PKCSObjectIdentifiers.data)) {
                return this.authenticatedAttributes == null ? new DERSet() : new DERSet(this.authenticatedAttributes.toASN1EncodableVector());
            }
            Hashtable hashtable = this.authenticatedAttributes == null ? new Hashtable() : this.authenticatedAttributes.toHashtable();
            if (hashtable.get(PKCSObjectIdentifiers.pkcs_9_at_contentType) == null) {
                hashtable.put(PKCSObjectIdentifiers.pkcs_9_at_contentType, new ContentTypeAttribute(contentInfo.getContentType()));
            }
            if (hashtable.get(PKCSObjectIdentifiers.pkcs_9_at_messageDigest) == null) {
                hashtable.put(PKCSObjectIdentifiers.pkcs_9_at_messageDigest, new MessageDigestAttribute(getMessageDigest(contentInfo)));
            }
            return new DERSet(new AttributeTable(hashtable).toASN1EncodableVector());
        }

        private ASN1OctetString getEncryptedDigest(ContentInfo contentInfo) throws NoSuchAlgorithmException, IOException {
            if (this.authenticatedAttributes == null && contentInfo.getContentType().equals(PKCSObjectIdentifiers.data)) {
                return new DEROctetString(getMessageDigest(contentInfo));
            }
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            DEROutputStream dEROutputStream = new DEROutputStream(byteArrayOutputStream);
            dEROutputStream.writeObject(getAuthenticatedAttributes(contentInfo));
            dEROutputStream.close();
            Signature signature = Signature.getInstance(AlgorithmDictionary.getRSASignatureAlgorithm(AlgorithmDictionary.lookup(this.digestAlgorithm)));
            try {
                byte[] byteArray = byteArrayOutputStream.toByteArray();
                signature.initSign(this.privateKey);
                signature.update(byteArray);
                return new DEROctetString(signature.sign());
            } catch (InvalidKeyException e) {
                throw new IOException(e);
            } catch (SignatureException e2) {
                throw new IOException(e2);
            }
        }

        private byte[] getMessageDigest(ContentInfo contentInfo) throws NoSuchAlgorithmException, IOException {
            return MessageDigest.getInstance(AlgorithmDictionary.lookup(this.digestAlgorithm)).digest(contentInfo.getEncoded());
        }

        private DERSet getUnauthenticatedAttributes() {
            return new DERSet();
        }

        public SignerInfo asSignerInfo(ContentInfo contentInfo) throws NoSuchAlgorithmException, IOException {
            return new SignerInfo(getSignerIdentifier(), this.digestAlgorithm, getAuthenticatedAttributes(contentInfo), this.digestEncryptionAlgorithm, getEncryptedDigest(contentInfo), getUnauthenticatedAttributes());
        }
    }

    public void addCertificate(X509Certificate x509Certificate) {
        this.certs.add(x509Certificate);
    }

    public void addSigner(PrivateKey privateKey, X509Certificate x509Certificate, String str, AttributeTable attributeTable, AttributeTable attributeTable2) {
        this.signerInfos.add(new SignerInformation(privateKey, x509Certificate, AlgorithmDictionary.getAlgId(str), attributeTable, attributeTable2));
    }

    public void addCRL(X509CRL x509crl) {
        this.crls.add(x509crl);
    }

    public SignedData generate(DERObjectIdentifier dERObjectIdentifier, DEREncodable dEREncodable) throws IOException {
        LOGGER.entering(getClass().getName(), "generate", new Object[]{dERObjectIdentifier, dEREncodable});
        SignedData doGenerate = doGenerate(dERObjectIdentifier, dEREncodable);
        LOGGER.exiting(getClass().getName(), "generate", doGenerate);
        return doGenerate;
    }

    public SignedData generate() throws IOException {
        LOGGER.entering(getClass().getName(), "generate");
        SignedData doGenerate = doGenerate(PKCSObjectIdentifiers.data, new DERNull());
        LOGGER.exiting(getClass().getName(), "generate", doGenerate);
        return doGenerate;
    }

    private SignedData doGenerate(DERObjectIdentifier dERObjectIdentifier, DEREncodable dEREncodable) throws IOException {
        DERSet digestAlgorithmIdentifiers = getDigestAlgorithmIdentifiers();
        ContentInfo contentInfo = new ContentInfo(dERObjectIdentifier, dEREncodable);
        try {
            return new SignedData(digestAlgorithmIdentifiers, contentInfo, getCertificates(), getCRLs(), getSignerInfos(contentInfo));
        } catch (NoSuchAlgorithmException e) {
            throw new IOException(e);
        }
    }

    private DERSet getDigestAlgorithmIdentifiers() {
        return new DERSet(getDigestAlgorithmIdentifiersVector());
    }

    private DEREncodableVector getDigestAlgorithmIdentifiersVector() {
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        Iterator<SignerInformation> it = this.signerInfos.iterator();
        while (it.hasNext()) {
            aSN1EncodableVector.add(it.next().getDigestAlgorithm());
        }
        return aSN1EncodableVector;
    }

    private DERSet getSignerInfos(ContentInfo contentInfo) throws NoSuchAlgorithmException, IOException {
        return new DERSet(getSignerInfoVector(contentInfo));
    }

    private DEREncodableVector getSignerInfoVector(ContentInfo contentInfo) throws NoSuchAlgorithmException, IOException {
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        Iterator<SignerInformation> it = this.signerInfos.iterator();
        while (it.hasNext()) {
            aSN1EncodableVector.add(it.next().asSignerInfo(contentInfo));
        }
        return aSN1EncodableVector;
    }

    private DERSet getCertificates() throws IOException {
        return new DERSet(getCertificatesVector());
    }

    private DEREncodableVector getCertificatesVector() throws IOException {
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        Iterator<X509Certificate> it = this.certs.iterator();
        while (it.hasNext()) {
            try {
                aSN1EncodableVector.add(ASN1Object.fromByteArray(it.next().getEncoded()));
            } catch (CertificateEncodingException e) {
                throw new IOException(e);
            }
        }
        return aSN1EncodableVector;
    }

    private DERSet getCRLs() throws IOException {
        return new DERSet(getCRLsVector());
    }

    private DEREncodableVector getCRLsVector() throws IOException {
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        Iterator<X509CRL> it = this.crls.iterator();
        while (it.hasNext()) {
            try {
                aSN1EncodableVector.add(ASN1Object.fromByteArray(it.next().getEncoded()));
            } catch (CRLException e) {
                throw new IOException(e);
            }
        }
        return aSN1EncodableVector;
    }
}
