package org.demoiselle.signer.policy.impl.cades.pkcs7.attribute.impl;

import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1Integer;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.DERSet;
import org.bouncycastle.asn1.cms.Attribute;
import org.bouncycastle.asn1.ess.OtherCertID;
import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.asn1.x509.IssuerSerial;
import org.demoiselle.signer.cryptography.Digest;
import org.demoiselle.signer.cryptography.DigestAlgorithmEnum;
import org.demoiselle.signer.cryptography.factory.DigestFactory;
import org.demoiselle.signer.policy.engine.asn1.etsi.SignaturePolicy;
import org.demoiselle.signer.policy.impl.cades.SignerException;
import org.demoiselle.signer.policy.impl.cades.pkcs7.attribute.UnsignedAttribute;

/* loaded from: input_file:org/demoiselle/signer/policy/impl/cades/pkcs7/attribute/impl/CertificateRefs.class */
public class CertificateRefs implements UnsignedAttribute {
    private final String identifier = "1.2.840.113549.1.9.16.2.21";
    private Certificate[] certificates = null;

    @Override // org.demoiselle.signer.policy.impl.cades.pkcs7.attribute.SignedOrUnsignedAttribute
    public void initialize(PrivateKey privateKey, Certificate[] certificateArr, byte[] bArr, SignaturePolicy signaturePolicy, byte[] bArr2) {
        this.certificates = certificateArr;
    }

    @Override // org.demoiselle.signer.policy.impl.cades.pkcs7.attribute.SignedOrUnsignedAttribute
    public String getOID() {
        return "1.2.840.113549.1.9.16.2.21";
    }

    @Override // org.demoiselle.signer.policy.impl.cades.pkcs7.attribute.SignedOrUnsignedAttribute
    public Attribute getValue() throws SignerException {
        try {
            int length = this.certificates.length - 1;
            OtherCertID[] otherCertIDArr = new OtherCertID[length];
            int i = 1;
            while (i <= length) {
                X509Certificate x509Certificate = (X509Certificate) this.certificates[i];
                X509Certificate x509Certificate2 = i < length ? (X509Certificate) this.certificates[i + 1] : (X509Certificate) this.certificates[i];
                Digest factoryDefault = DigestFactory.getInstance().factoryDefault();
                factoryDefault.setAlgorithm(DigestAlgorithmEnum.SHA_256);
                otherCertIDArr[i - 1] = new OtherCertID(new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha256), factoryDefault.digest(x509Certificate.getEncoded()), new IssuerSerial(new GeneralNames(new GeneralName(new X500Name(x509Certificate2.getSubjectX500Principal().getName()))), new ASN1Integer(x509Certificate.getSerialNumber())));
                i++;
            }
            return new Attribute(new ASN1ObjectIdentifier("1.2.840.113549.1.9.16.2.21"), new DERSet(new ASN1Encodable[]{new DERSequence(otherCertIDArr)}));
        } catch (CertificateEncodingException e) {
            throw new SignerException(e.getMessage());
        }
    }
}
