package es.gob.afirma.signers.multi.cades;

import es.gob.afirma.core.AOException;
import es.gob.afirma.core.AOFormatFileException;
import es.gob.afirma.core.signers.AOPkcs1Signer;
import es.gob.afirma.core.signers.AOSignConstants;
import es.gob.afirma.core.signers.AOSimpleSigner;
import es.gob.afirma.core.signers.AdESPolicy;
import es.gob.afirma.core.signers.CounterSignTarget;
import es.gob.afirma.signers.cades.CAdESSignerMetadata;
import es.gob.afirma.signers.cades.CAdESUtils;
import es.gob.afirma.signers.cades.CommitmentTypeIndicationBean;
import es.gob.afirma.signers.pkcs7.AOAlgorithmID;
import es.gob.afirma.signers.pkcs7.SigUtils;
import java.io.IOException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Date;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.List;
import java.util.Properties;
import java.util.logging.Logger;
import org.spongycastle.asn1.ASN1Encodable;
import org.spongycastle.asn1.ASN1EncodableVector;
import org.spongycastle.asn1.ASN1InputStream;
import org.spongycastle.asn1.ASN1ObjectIdentifier;
import org.spongycastle.asn1.ASN1Primitive;
import org.spongycastle.asn1.ASN1Sequence;
import org.spongycastle.asn1.ASN1Set;
import org.spongycastle.asn1.ASN1TaggedObject;
import org.spongycastle.asn1.DEROctetString;
import org.spongycastle.asn1.DERSet;
import org.spongycastle.asn1.cms.Attribute;
import org.spongycastle.asn1.cms.AttributeTable;
import org.spongycastle.asn1.cms.CMSAttributes;
import org.spongycastle.asn1.cms.ContentInfo;
import org.spongycastle.asn1.cms.IssuerAndSerialNumber;
import org.spongycastle.asn1.cms.SignedData;
import org.spongycastle.asn1.cms.SignerIdentifier;
import org.spongycastle.asn1.cms.SignerInfo;
import org.spongycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.spongycastle.asn1.x500.X500Name;
import org.spongycastle.asn1.x509.AlgorithmIdentifier;
import org.spongycastle.asn1.x509.TBSCertificate;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:es/gob/afirma/signers/multi/cades/CAdESCounterSigner.class */
public final class CAdESCounterSigner {
    private AOSimpleSigner ss = new AOPkcs1Signer();
    private Date date = null;

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setPkcs1Signer(AOSimpleSigner aOSimpleSigner, Date date) {
        if (aOSimpleSigner == null) {
            throw new IllegalArgumentException("El firmador PKCS#1 no puede ser nulo");
        }
        if (date == null) {
            Logger.getLogger("es.gob.afirma").warning("Se ha establecido una fecha nula, se usara la actual");
        }
        this.ss = aOSimpleSigner;
        this.date = date;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public byte[] counterSign(String str, byte[] bArr, CounterSignTarget counterSignTarget, PrivateKey privateKey, Certificate[] certificateArr, AdESPolicy adESPolicy, boolean z, List<CommitmentTypeIndicationBean> list, boolean z2, CAdESSignerMetadata cAdESSignerMetadata, boolean z3) throws IOException, NoSuchAlgorithmException, CertificateException, AOException {
        ASN1InputStream aSN1InputStream = new ASN1InputStream(bArr);
        Throwable th = null;
        try {
            try {
                ASN1Sequence readObject = aSN1InputStream.readObject();
                if (aSN1InputStream != null) {
                    if (0 != 0) {
                        try {
                            aSN1InputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        aSN1InputStream.close();
                    }
                }
                Enumeration objects = readObject.getObjects();
                Object nextElement = objects.nextElement();
                if (!(nextElement instanceof ASN1ObjectIdentifier) && ((ASN1ObjectIdentifier) nextElement).equals(PKCSObjectIdentifiers.signedData)) {
                    throw new AOFormatFileException("No se ha encontrado un SignedData en los datos a contrafirmar");
                }
                SignedData signedData = SignedData.getInstance(((ASN1TaggedObject) objects.nextElement()).getObject());
                return new ContentInfo(PKCSObjectIdentifiers.signedData, new SignedData(signedData.getDigestAlgorithms(), signedData.getEncapContentInfo(), CAdESMultiUtil.addCertificates(signedData, certificateArr), (ASN1Set) null, new DERSet(counterSignSignerInfos(signedData.getSignerInfos(), str, privateKey, certificateArr, adESPolicy, z, list, z2, cAdESSignerMetadata, counterSignTarget, z3)))).getEncoded("DER");
            } finally {
            }
        } catch (Throwable th3) {
            if (aSN1InputStream != null) {
                if (th != null) {
                    try {
                        aSN1InputStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    aSN1InputStream.close();
                }
            }
            throw th3;
        }
    }

    private ASN1EncodableVector counterSignSignerInfos(ASN1Set aSN1Set, String str, PrivateKey privateKey, Certificate[] certificateArr, AdESPolicy adESPolicy, boolean z, List<CommitmentTypeIndicationBean> list, boolean z2, CAdESSignerMetadata cAdESSignerMetadata, CounterSignTarget counterSignTarget, boolean z3) throws NoSuchAlgorithmException, IOException, CertificateException, AOException {
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        for (int i = 0; i < aSN1Set.size(); i++) {
            aSN1EncodableVector.add(counterSignSignerInfo(SignerInfo.getInstance(aSN1Set.getObjectAt(i)), str, privateKey, certificateArr, adESPolicy, z, list, z2, cAdESSignerMetadata, counterSignTarget, z3));
        }
        return aSN1EncodableVector;
    }

    private SignerInfo counterSignSignerInfo(SignerInfo signerInfo, String str, PrivateKey privateKey, Certificate[] certificateArr, AdESPolicy adESPolicy, boolean z, List<CommitmentTypeIndicationBean> list, boolean z2, CAdESSignerMetadata cAdESSignerMetadata, CounterSignTarget counterSignTarget, boolean z3) throws NoSuchAlgorithmException, IOException, CertificateException, AOException {
        ArrayList arrayList = new ArrayList();
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        boolean z4 = true;
        if (signerInfo.getUnauthenticatedAttributes() != null) {
            Enumeration objects = signerInfo.getUnauthenticatedAttributes().getObjects();
            while (objects.hasMoreElements()) {
                Attribute attribute = Attribute.getInstance(objects.nextElement());
                CAdESMultiUtil.checkUnsupported(attribute.getAttrType());
                if (CAdESMultiUtil.isCounterSignature(attribute.getAttrType())) {
                    z4 = false;
                    Iterator<SignerInfo> it = getSignerInfoFromUnauthenticatedAttributes(attribute).iterator();
                    while (it.hasNext()) {
                        aSN1EncodableVector.add(counterSignSignerInfo(it.next(), str, privateKey, certificateArr, adESPolicy, z, list, z2, cAdESSignerMetadata, counterSignTarget, z3));
                    }
                } else {
                    arrayList.add(attribute);
                }
            }
        }
        if (CounterSignTarget.TREE.equals(counterSignTarget) || (CounterSignTarget.LEAFS.equals(counterSignTarget) && z4)) {
            aSN1EncodableVector.add(signSignerInfo(signerInfo, str, privateKey, certificateArr, adESPolicy, z, list, z2, cAdESSignerMetadata, z3));
        }
        arrayList.add(new Attribute(CMSAttributes.counterSignature, new DERSet(aSN1EncodableVector)));
        return new SignerInfo(signerInfo.getSID(), signerInfo.getDigestAlgorithm(), signerInfo.getAuthenticatedAttributes(), signerInfo.getDigestEncryptionAlgorithm(), signerInfo.getEncryptedDigest(), new DERSet((ASN1Encodable[]) arrayList.toArray(new ASN1Encodable[arrayList.size()])));
    }

    private SignerInfo signSignerInfo(SignerInfo signerInfo, String str, PrivateKey privateKey, Certificate[] certificateArr, AdESPolicy adESPolicy, boolean z, List<CommitmentTypeIndicationBean> list, boolean z2, CAdESSignerMetadata cAdESSignerMetadata, boolean z3) throws NoSuchAlgorithmException, IOException, CertificateException {
        String digestAlgorithmName = AOSignConstants.getDigestAlgorithmName(str);
        ASN1EncodableVector generateSignerInfo = CAdESUtils.generateSignerInfo(certificateArr[0], digestAlgorithmName, signerInfo.getEncryptedDigest().getOctets(), adESPolicy, z, (byte[]) null, this.date != null ? this.date : new Date(), z2, false, PKCSObjectIdentifiers.data.toString(), (String) null, list, cAdESSignerMetadata, true, z3);
        try {
            DEROctetString dEROctetString = new DEROctetString(pkcs1Sign(SigUtils.getAttributeSet(new AttributeTable(generateSignerInfo)).getEncoded("DER"), str, privateKey, certificateArr));
            AlgorithmIdentifier makeAlgId = SigUtils.makeAlgId(AOAlgorithmID.getOID(digestAlgorithmName));
            AlgorithmIdentifier makeAlgId2 = SigUtils.makeAlgId(AOAlgorithmID.getOID("RSA"));
            TBSCertificate tBSCertificate = TBSCertificate.getInstance(ASN1Primitive.fromByteArray(((X509Certificate) certificateArr[0]).getTBSCertificate()));
            return new SignerInfo(new SignerIdentifier(new IssuerAndSerialNumber(X500Name.getInstance(tBSCertificate.getIssuer()), tBSCertificate.getSerialNumber().getValue())), makeAlgId, SigUtils.getAttributeSet(new AttributeTable(generateSignerInfo)), makeAlgId2, dEROctetString, (ASN1Set) null);
        } catch (AOException e) {
            throw new IOException("Error al realizar la firma: " + e, e);
        }
    }

    private static List<SignerInfo> getSignerInfoFromUnauthenticatedAttributes(Attribute attribute) {
        ArrayList arrayList = new ArrayList();
        Enumeration objects = attribute.getAttrValues().getObjects();
        while (objects.hasMoreElements()) {
            try {
                arrayList.add(SignerInfo.getInstance(objects.nextElement()));
            } catch (Exception e) {
            }
        }
        return arrayList;
    }

    private byte[] pkcs1Sign(byte[] bArr, String str, PrivateKey privateKey, Certificate[] certificateArr) throws AOException {
        try {
            return this.ss.sign(bArr, str, privateKey, certificateArr, (Properties) null);
        } catch (IOException e) {
            throw new AOException("Error en la firma PKCS#1 de la contrafirma CAdES: " + e, e);
        }
    }
}
