package es.gob.afirma.signers.multi.cades;

import es.gob.afirma.core.AOException;
import es.gob.afirma.core.misc.AOUtil;
import es.gob.afirma.core.signers.AOPkcs1Signer;
import es.gob.afirma.core.signers.AOSignConstants;
import es.gob.afirma.signers.cades.CAdESParameters;
import es.gob.afirma.signers.cades.CAdESUtils;
import es.gob.afirma.signers.pkcs7.AOAlgorithmID;
import es.gob.afirma.signers.pkcs7.ContainsNoDataException;
import es.gob.afirma.signers.pkcs7.SigUtils;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
import java.util.Properties;
import org.spongycastle.asn1.ASN1EncodableVector;
import org.spongycastle.asn1.ASN1Encoding;
import org.spongycastle.asn1.ASN1InputStream;
import org.spongycastle.asn1.ASN1ObjectIdentifier;
import org.spongycastle.asn1.ASN1OctetString;
import org.spongycastle.asn1.ASN1Primitive;
import org.spongycastle.asn1.ASN1Sequence;
import org.spongycastle.asn1.ASN1Set;
import org.spongycastle.asn1.ASN1TaggedObject;
import org.spongycastle.asn1.BEROctetString;
import org.spongycastle.asn1.DEROctetString;
import org.spongycastle.asn1.DERSet;
import org.spongycastle.asn1.cms.AttributeTable;
import org.spongycastle.asn1.cms.CMSAttributes;
import org.spongycastle.asn1.cms.ContentInfo;
import org.spongycastle.asn1.cms.IssuerAndSerialNumber;
import org.spongycastle.asn1.cms.SignedData;
import org.spongycastle.asn1.cms.SignerIdentifier;
import org.spongycastle.asn1.cms.SignerInfo;
import org.spongycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.spongycastle.asn1.x500.X500Name;
import org.spongycastle.asn1.x509.AlgorithmIdentifier;
import org.spongycastle.asn1.x509.TBSCertificate;
import org.spongycastle.cms.CMSException;
import org.spongycastle.cms.CMSProcessableByteArray;

/* loaded from: input_file:WEB-INF/lib/afirma-crypto-cades-multi-1.7.2.jar:es/gob/afirma/signers/multi/cades/CAdESCoSigner.class */
final class CAdESCoSigner {
    CAdESCoSigner() {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static byte[] coSigner(byte[] bArr, String str, PrivateKey privateKey, Certificate[] certificateArr, CAdESParameters cAdESParameters) throws IOException, NoSuchAlgorithmException, CertificateException, ContainsNoDataException {
        ContentInfo encapContentInfo;
        DEROctetString dEROctetString;
        SignedData readData = readData(bArr);
        if (cAdESParameters.getContentData() != null) {
            ASN1ObjectIdentifier aSN1ObjectIdentifier = new ASN1ObjectIdentifier(PKCSObjectIdentifiers.data.getId());
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            try {
                new CMSProcessableByteArray(cAdESParameters.getContentData()).write(byteArrayOutputStream);
                encapContentInfo = new ContentInfo(aSN1ObjectIdentifier, new BEROctetString(byteArrayOutputStream.toByteArray()));
            } catch (CMSException e) {
                throw new IOException("Error en la escritura del procesable CMS: " + e, e);
            }
        } else {
            encapContentInfo = readData.getEncapContentInfo();
            if (cAdESParameters.getDataDigest() == null && (dEROctetString = (DEROctetString) encapContentInfo.getContent()) != null) {
                cAdESParameters.setDataDigest(MessageDigest.getInstance(cAdESParameters.getDigestAlgorithm()).digest(AOUtil.getDataFromInputStream(dEROctetString.getOctetStream())));
            }
        }
        ASN1Set addCertificates = CAdESMultiUtil.addCertificates(readData, certificateArr);
        String digestAlgorithmName = AOSignConstants.getDigestAlgorithmName(str);
        AlgorithmIdentifier makeAlgId = SigUtils.makeAlgId(AOAlgorithmID.getOID(digestAlgorithmName));
        TBSCertificate tBSCertificate = TBSCertificate.getInstance(ASN1Primitive.fromByteArray(((X509Certificate) certificateArr[0]).getTBSCertificate()));
        SignerIdentifier signerIdentifier = new SignerIdentifier(new IssuerAndSerialNumber(X500Name.getInstance(tBSCertificate.getIssuer()), tBSCertificate.getSerialNumber().getValue()));
        AlgorithmIdentifier makeAlgId2 = SigUtils.makeAlgId(AOAlgorithmID.getOID("RSA"));
        ASN1Set signerInfos = readData.getSignerInfos();
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        for (int i = 0; i < signerInfos.size(); i++) {
            SignerInfo signerInfo = SignerInfo.getInstance(signerInfos.getObjectAt(i));
            aSN1EncodableVector.add(signerInfo);
            if (cAdESParameters.getDataDigest() == null && signerInfo.getDigestAlgorithm().getAlgorithm().toString().equals(AOAlgorithmID.getOID(digestAlgorithmName))) {
                ASN1Set authenticatedAttributes = signerInfo.getAuthenticatedAttributes();
                for (int i2 = 0; i2 < authenticatedAttributes.size(); i2++) {
                    ASN1Sequence aSN1Sequence = (ASN1Sequence) authenticatedAttributes.getObjectAt(i2);
                    if (CMSAttributes.messageDigest.getId().equals(((ASN1ObjectIdentifier) aSN1Sequence.getObjectAt(0)).toString())) {
                        cAdESParameters.setDataDigest(((DEROctetString) ((DERSet) aSN1Sequence.getObjectAt(1)).getObjectAt(0)).getOctets());
                    }
                }
            }
        }
        if (cAdESParameters.getDataDigest() == null && cAdESParameters.getContentData() == null) {
            throw new ContainsNoDataException("No se puede crear la cofirma ya que no se han encontrado ni los datos firmados ni una huella digital compatible con el algoritmo de firma");
        }
        ASN1Set attributeSet = SigUtils.getAttributeSet(new AttributeTable(CAdESUtils.generateSignedAttributes(certificateArr[0], cAdESParameters, false)));
        try {
            aSN1EncodableVector.add(new SignerInfo(signerIdentifier, makeAlgId, attributeSet, makeAlgId2, generateSignValue(attributeSet, str, privateKey, certificateArr, cAdESParameters.getExtraParams()), (ASN1Set) null));
            return new ContentInfo(PKCSObjectIdentifiers.signedData, new SignedData(readData.getDigestAlgorithms(), encapContentInfo, addCertificates, null, new DERSet(aSN1EncodableVector))).getEncoded(ASN1Encoding.DER);
        } catch (AOException e2) {
            throw new IOException("Error al realizar la firma: " + e2, e2);
        }
    }

    private static SignedData readData(byte[] bArr) throws IOException {
        ASN1InputStream aSN1InputStream = new ASN1InputStream(bArr);
        Throwable th = null;
        try {
            try {
                ASN1Sequence aSN1Sequence = (ASN1Sequence) aSN1InputStream.readObject();
                if (aSN1InputStream != null) {
                    if (0 != 0) {
                        try {
                            aSN1InputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        aSN1InputStream.close();
                    }
                }
                Enumeration objects = aSN1Sequence.getObjects();
                objects.nextElement();
                return SignedData.getInstance((ASN1Sequence) ((ASN1TaggedObject) objects.nextElement()).getObject());
            } finally {
            }
        } catch (Throwable th3) {
            if (aSN1InputStream != null) {
                if (th != null) {
                    try {
                        aSN1InputStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    aSN1InputStream.close();
                }
            }
            throw th3;
        }
    }

    private static ASN1OctetString generateSignValue(ASN1Set aSN1Set, String str, PrivateKey privateKey, Certificate[] certificateArr, Properties properties) throws AOException {
        try {
            return new DEROctetString(new AOPkcs1Signer().sign(aSN1Set.getEncoded(ASN1Encoding.DER), str, privateKey, certificateArr, properties));
        } catch (IOException e) {
            throw new AOException("Error al obtener los datos a firmar", e);
        }
    }
}
