package com.helger.asic;

import com.helger.bc.PBCProvider;
import com.helger.commons.ValueEnforcer;
import com.helger.commons.base64.Base64;
import com.helger.commons.collection.impl.CommonsArrayList;
import com.helger.commons.text.util.TextHelper;
import com.helger.security.keystore.IKeyStoreType;
import com.helger.security.keystore.KeyStoreHelper;
import com.helger.security.keystore.LoadedKey;
import com.helger.security.keystore.LoadedKeyStore;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.MessageDigest;
import java.security.Provider;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import javax.annotation.Nonnull;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.DERNull;
import org.bouncycastle.asn1.DERSet;
import org.bouncycastle.asn1.cms.Attribute;
import org.bouncycastle.asn1.cms.AttributeTable;
import org.bouncycastle.asn1.ess.ESSCertID;
import org.bouncycastle.asn1.ess.ESSCertIDv2;
import org.bouncycastle.asn1.ess.SigningCertificate;
import org.bouncycastle.asn1.ess.SigningCertificateV2;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.asn1.x509.IssuerSerial;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaCertStore;
import org.bouncycastle.cms.CMSProcessableByteArray;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.cms.CMSSignedDataGenerator;
import org.bouncycastle.cms.DefaultSignedAttributeTableGenerator;
import org.bouncycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.DigestCalculatorProvider;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/helger/asic/SignatureHelper.class */
public class SignatureHelper {
    private static final Logger LOGGER = LoggerFactory.getLogger(SignatureHelper.class);
    private final X509Certificate m_aX509Certificate;
    private final Certificate[] m_aCertificateChain;
    private final KeyPair m_aKeyPair;

    public SignatureHelper(@Nonnull IKeyStoreType iKeyStoreType, @Nonnull String str, @Nonnull String str2, @Nonnull String str3, @Nonnull String str4) {
        ValueEnforcer.notNull(iKeyStoreType, "KeyStoreType");
        ValueEnforcer.notNull(str, "KeyStorePath");
        ValueEnforcer.notNull(str2, "KeyStorePassword");
        ValueEnforcer.notNull(str3, "KeyAlias");
        ValueEnforcer.notNull(str4, "KeyPassword");
        LoadedKeyStore loadKeyStore = KeyStoreHelper.loadKeyStore(iKeyStoreType, str, str2);
        if (loadKeyStore.isFailure()) {
            throw new IllegalStateException(loadKeyStore.getErrorText(TextHelper.EN));
        }
        LoadedKey loadPrivateKey = KeyStoreHelper.loadPrivateKey(loadKeyStore.getKeyStore(), str, str3, str4.toCharArray());
        if (loadPrivateKey.isFailure()) {
            throw new IllegalStateException(loadPrivateKey.getErrorText(TextHelper.EN));
        }
        this.m_aCertificateChain = ((KeyStore.PrivateKeyEntry) loadPrivateKey.getKeyEntry()).getCertificateChain();
        this.m_aX509Certificate = (X509Certificate) ((KeyStore.PrivateKeyEntry) loadPrivateKey.getKeyEntry()).getCertificate();
        this.m_aKeyPair = new KeyPair(this.m_aX509Certificate.getPublicKey(), ((KeyStore.PrivateKeyEntry) loadPrivateKey.getKeyEntry()).getPrivateKey());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final byte[] signData(@Nonnull byte[] bArr, @Nonnull EMessageDigestAlgorithm eMessageDigestAlgorithm) {
        Attribute attribute;
        try {
            Provider provider = PBCProvider.getProvider();
            DigestCalculatorProvider build = new JcaDigestCalculatorProviderBuilder().setProvider(provider).build();
            JcaContentSignerBuilder provider2 = new JcaContentSignerBuilder(eMessageDigestAlgorithm.getContentSignerAlgorithm() + "with" + this.m_aKeyPair.getPrivate().getAlgorithm()).setProvider(provider);
            MessageDigest messageDigest = MessageDigest.getInstance(eMessageDigestAlgorithm.getMessageDigestAlgorithm());
            messageDigest.update(this.m_aX509Certificate.getEncoded());
            byte[] digest = messageDigest.digest();
            IssuerSerial issuerSerial = new IssuerSerial(new GeneralNames(new GeneralName(new X509CertificateHolder(this.m_aX509Certificate.getEncoded()).getIssuer())), this.m_aX509Certificate.getSerialNumber());
            if (eMessageDigestAlgorithm.isSHA1()) {
                attribute = new Attribute(PKCSObjectIdentifiers.id_aa_signingCertificate, new DERSet(new SigningCertificate(new ESSCertID(digest, issuerSerial))));
            } else {
                attribute = new Attribute(PKCSObjectIdentifiers.id_aa_signingCertificateV2, new DERSet(new SigningCertificateV2(new ESSCertIDv2(new AlgorithmIdentifier(eMessageDigestAlgorithm.getOID(), DERNull.INSTANCE), digest, issuerSerial))));
            }
            ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
            aSN1EncodableVector.add(attribute);
            DefaultSignedAttributeTableGenerator defaultSignedAttributeTableGenerator = new DefaultSignedAttributeTableGenerator(new AttributeTable(aSN1EncodableVector));
            ContentSigner build2 = provider2.build(this.m_aKeyPair.getPrivate());
            CMSSignedDataGenerator cMSSignedDataGenerator = new CMSSignedDataGenerator();
            cMSSignedDataGenerator.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(build).setSignedAttributeGenerator(defaultSignedAttributeTableGenerator).build(build2, this.m_aX509Certificate));
            cMSSignedDataGenerator.addCertificates(new JcaCertStore(new CommonsArrayList(getCertificateChain())));
            CMSSignedData generate = cMSSignedDataGenerator.generate(new CMSProcessableByteArray(bArr), false);
            if (LOGGER.isDebugEnabled()) {
                LOGGER.debug(Base64.encodeBytes(generate.getEncoded()));
            }
            return generate.getEncoded();
        } catch (Exception e) {
            throw new IllegalStateException("Unable to sign with " + eMessageDigestAlgorithm, e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Nonnull
    public final X509Certificate getX509Certificate() {
        return this.m_aX509Certificate;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Nonnull
    public final Certificate[] getCertificateChain() {
        return this.m_aCertificateChain;
    }

    @Nonnull
    protected final KeyPair getKeyPair() {
        return this.m_aKeyPair;
    }
}
