package net.ripe.rpki.commons.crypto.cms;

import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.cert.CertStoreException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.Date;
import java.util.Hashtable;
import java.util.Map;
import net.ripe.rpki.commons.crypto.util.BouncyCastleUtil;
import net.ripe.rpki.commons.crypto.x509cert.X509CertificateBuilderHelper;
import net.ripe.rpki.commons.crypto.x509cert.X509CertificateUtil;
import org.apache.commons.lang.Validate;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.DERSet;
import org.bouncycastle.asn1.cms.Attribute;
import org.bouncycastle.asn1.cms.AttributeTable;
import org.bouncycastle.asn1.cms.CMSAttributes;
import org.bouncycastle.asn1.cms.Time;
import org.bouncycastle.cert.jcajce.JcaCertStore;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.cms.CMSProcessableByteArray;
import org.bouncycastle.cms.DefaultSignedAttributeTableGenerator;
import org.bouncycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;

/* loaded from: input_file:net/ripe/rpki/commons/crypto/cms/RpkiSignedObjectBuilder.class */
public abstract class RpkiSignedObjectBuilder {
    /* JADX INFO: Access modifiers changed from: protected */
    public byte[] generateCms(X509Certificate x509Certificate, PrivateKey privateKey, String str, ASN1ObjectIdentifier aSN1ObjectIdentifier, byte[] bArr) {
        try {
            return doGenerate(x509Certificate, privateKey, str, aSN1ObjectIdentifier, bArr);
        } catch (NoSuchAlgorithmException | NoSuchProviderException | CMSException | IOException | InvalidAlgorithmParameterException | CertStoreException | CertificateEncodingException | OperatorCreationException e) {
            throw new RpkiSignedObjectBuilderException(e);
        }
    }

    private byte[] doGenerate(X509Certificate x509Certificate, PrivateKey privateKey, String str, ASN1ObjectIdentifier aSN1ObjectIdentifier, byte[] bArr) throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, CertStoreException, CMSException, NoSuchProviderException, IOException, CertificateEncodingException, OperatorCreationException {
        Validate.notNull(X509CertificateUtil.getSubjectKeyIdentifier(x509Certificate), "certificate must contain SubjectKeyIdentifier extension");
        RPKISignedDataGenerator rPKISignedDataGenerator = new RPKISignedDataGenerator();
        addSignerInfo(rPKISignedDataGenerator, privateKey, str, x509Certificate);
        rPKISignedDataGenerator.addCertificates(new JcaCertStore(Collections.singleton(x509Certificate)));
        return rPKISignedDataGenerator.generate(new CMSProcessableByteArray(aSN1ObjectIdentifier, bArr), true).getEncoded();
    }

    private void addSignerInfo(RPKISignedDataGenerator rPKISignedDataGenerator, PrivateKey privateKey, String str, X509Certificate x509Certificate) throws OperatorCreationException {
        rPKISignedDataGenerator.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(BouncyCastleUtil.DIGEST_CALCULATOR_PROVIDER).setSignedAttributeGenerator(new DefaultSignedAttributeTableGenerator(createSignedAttributes(x509Certificate.getNotBefore())) { // from class: net.ripe.rpki.commons.crypto.cms.RpkiSignedObjectBuilder.1
            public AttributeTable getAttributes(Map map) {
                return super.getAttributes(map).remove(CMSAttributes.cmsAlgorithmProtect);
            }
        }).build(new JcaContentSignerBuilder(X509CertificateBuilderHelper.DEFAULT_SIGNATURE_ALGORITHM).setProvider(str).build(privateKey), X509CertificateUtil.getSubjectKeyIdentifier(x509Certificate)));
    }

    private AttributeTable createSignedAttributes(Date date) {
        Hashtable hashtable = new Hashtable();
        hashtable.put(CMSAttributes.signingTime, new Attribute(CMSAttributes.signingTime, new DERSet(new Time(date))));
        return new AttributeTable(hashtable);
    }
}
