package br.gov.frameworkdemoiselle.certificate.signer.pkcs7.bc;

import br.gov.frameworkdemoiselle.certificate.CertificateException;
import br.gov.frameworkdemoiselle.certificate.CertificateManager;
import br.gov.frameworkdemoiselle.certificate.CertificateValidatorException;
import br.gov.frameworkdemoiselle.certificate.IValidator;
import br.gov.frameworkdemoiselle.certificate.ca.manager.CAManager;
import br.gov.frameworkdemoiselle.certificate.extension.BasicCertificate;
import br.gov.frameworkdemoiselle.certificate.signer.SignerAlgorithmEnum;
import br.gov.frameworkdemoiselle.certificate.signer.SignerException;
import br.gov.frameworkdemoiselle.certificate.signer.factory.PKCS1Factory;
import br.gov.frameworkdemoiselle.certificate.signer.pkcs1.PKCS1Signer;
import br.gov.frameworkdemoiselle.certificate.signer.pkcs7.PKCS7Signer;
import br.gov.frameworkdemoiselle.certificate.signer.pkcs7.SignaturePolicy;
import br.gov.frameworkdemoiselle.certificate.signer.pkcs7.SignaturePolicyFactory;
import br.gov.frameworkdemoiselle.certificate.signer.pkcs7.attribute.Attribute;
import br.gov.frameworkdemoiselle.certificate.signer.pkcs7.attribute.SignaturePolicyIdentifier;
import br.gov.frameworkdemoiselle.certificate.signer.pkcs7.attribute.SignedAttribute;
import br.gov.frameworkdemoiselle.certificate.signer.pkcs7.attribute.SigningCertificate;
import br.gov.frameworkdemoiselle.certificate.signer.pkcs7.attribute.UnsignedAttribute;
import br.gov.frameworkdemoiselle.certificate.signer.pkcs7.bc.attribute.BCAdapter;
import br.gov.frameworkdemoiselle.certificate.signer.pkcs7.bc.attribute.BCAttribute;
import br.gov.frameworkdemoiselle.certificate.signer.pkcs7.bc.policies.ADRBCMS_1_0;
import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.PublicKey;
import java.security.Security;
import java.security.cert.CertStore;
import java.security.cert.CertStoreException;
import java.security.cert.Certificate;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.bouncycastle.asn1.DERObjectIdentifier;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.cms.AttributeTable;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.cms.CMSProcessable;
import org.bouncycastle.cms.CMSProcessableByteArray;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.cms.CMSSignedDataGenerator;
import org.bouncycastle.cms.SignerInformation;
import org.bouncycastle.jce.provider.BouncyCastleProvider;

/* loaded from: input_file:br/gov/frameworkdemoiselle/certificate/signer/pkcs7/bc/CAdESSigner.class */
public class CAdESSigner implements PKCS7Signer {
    private static final Logger LOGGER = Logger.getLogger(CAdESSigner.class.getName());
    private X509Certificate certificate;
    private Certificate[] certificateChain;
    private Map<Class<? extends Attribute>, Collection<Attribute>> attributes;
    private final PKCS1Signer pkcs1 = PKCS1Factory.getInstance().factoryDefault();
    private boolean attached = false;
    private SignaturePolicy signaturePolicy = null;
    private Collection<IValidator> certificateValidators = null;
    private boolean defaultCertificateValidators = true;

    public CAdESSigner() {
        this.pkcs1.setAlgorithm((String) null);
        setSignaturePolicy(new ADRBCMS_1_0());
    }

    @Override // br.gov.frameworkdemoiselle.certificate.signer.pkcs7.PKCS7Signer
    public void addAttribute(Attribute attribute) {
        if (this.attributes == null) {
            this.attributes = new HashMap();
        }
        if (attribute != null) {
            Class<? extends Attribute> typeAttribute = getTypeAttribute(attribute);
            Collection<Attribute> collection = this.attributes.get(typeAttribute);
            if (collection == null) {
                collection = new HashSet();
            }
            collection.add(attribute);
            this.attributes.put(typeAttribute, collection);
        }
    }

    @Override // br.gov.frameworkdemoiselle.certificate.signer.pkcs7.PKCS7Signer
    public void addAttributes(Collection<Attribute> collection) {
        Iterator<Attribute> it = collection.iterator();
        while (it.hasNext()) {
            addAttribute(it.next());
        }
    }

    public void addCertificateValidator(IValidator iValidator) {
        if (this.certificateValidators == null) {
            this.certificateValidators = new ArrayList();
        }
        if (this.certificateValidators.contains(iValidator)) {
            return;
        }
        this.certificateValidators.add(iValidator);
    }

    @Override // br.gov.frameworkdemoiselle.certificate.signer.Signer
    public boolean check(byte[] bArr, byte[] bArr2) {
        PublicKey publicKey = null;
        try {
            CMSSignedData cMSSignedData = bArr == null ? new CMSSignedData(bArr2) : new CMSSignedData(new CMSProcessableByteArray(bArr), bArr2);
            SignerInformation signerInformation = (SignerInformation) cMSSignedData.getSignerInfos().getSigners().iterator().next();
            try {
                try {
                    try {
                        try {
                            try {
                                Security.addProvider(new BouncyCastleProvider());
                                Collection<? extends Certificate> certificates = cMSSignedData.getCertificatesAndCRLs("Collection", "BC").getCertificates(signerInformation.getSID());
                                if (!certificates.isEmpty()) {
                                    this.certificate = (X509Certificate) certificates.iterator().next();
                                    publicKey = this.certificate.getPublicKey();
                                }
                                try {
                                    signerInformation.verify(publicKey, "BC");
                                    AttributeTable signedAttributes = signerInformation.getSignedAttributes();
                                    if (signedAttributes == null) {
                                        throw new SignerException("Package PKCS7 without signed attributes");
                                    }
                                    org.bouncycastle.asn1.cms.Attribute attribute = signedAttributes.get(new DERObjectIdentifier(new SignaturePolicyIdentifier().getOID()));
                                    if (attribute == null) {
                                        throw new SignerException("ICP-Brasil invalid format. There is not policy signature.");
                                    }
                                    Enumeration objects = attribute.getAttrValues().getObjects();
                                    while (objects.hasMoreElements()) {
                                        String id = ((DERSequence) objects.nextElement()).getObjectAt(0).getId();
                                        SignaturePolicy factory = SignaturePolicyFactory.getInstance().factory(id);
                                        if (factory != null) {
                                            factory.validate(bArr, bArr2);
                                        } else {
                                            LOGGER.log(Level.WARNING, "Não existe validador para a política {0}", id);
                                        }
                                    }
                                    return true;
                                } catch (NoSuchAlgorithmException e) {
                                    throw new SignerException(e);
                                } catch (NoSuchProviderException e2) {
                                    throw new SignerException(e2);
                                } catch (CMSException e3) {
                                    throw new SignerException("Invalid signature", e3);
                                }
                            } catch (NoSuchProviderException e4) {
                                throw new SignerException(e4);
                            }
                        } catch (CertStoreException e5) {
                            throw new SignerException(e5);
                        }
                    } catch (CMSException e6) {
                        throw new SignerException((Throwable) e6);
                    }
                } catch (NoSuchAlgorithmException e7) {
                    throw new SignerException(e7);
                }
            } catch (SignerException e8) {
                throw new SignerException("Error on get information about certificates and public keys from a package PKCS7", e8);
            }
        } catch (CMSException e9) {
            throw new SignerException("Invalid bytes for a PKCS7 package", e9);
        }
    }

    private CertStore generatedCertStore() {
        try {
            ArrayList arrayList = new ArrayList();
            for (Certificate certificate : this.certificateChain) {
                arrayList.add(certificate);
            }
            return CertStore.getInstance("Collection", new CollectionCertStoreParameters(arrayList), "BC");
        } catch (InvalidAlgorithmParameterException e) {
            throw new SignerException(e);
        } catch (NoSuchAlgorithmException e2) {
            throw new SignerException(e2);
        } catch (NoSuchProviderException e3) {
            throw new SignerException(e3);
        }
    }

    @Override // br.gov.frameworkdemoiselle.certificate.signer.Signer
    public String getAlgorithm() {
        return this.signaturePolicy.getSignerAlgorithm().getAlgorithm();
    }

    public byte[] getAttached(byte[] bArr) {
        return getAttached(bArr, true);
    }

    @Override // br.gov.frameworkdemoiselle.certificate.signer.pkcs7.PKCS7Signer
    public byte[] getAttached(byte[] bArr, boolean z) {
        byte[] bArr2 = null;
        if (z) {
            check(null, bArr);
        }
        try {
            try {
                CMSProcessable signedContent = new CMSSignedData(bArr).getSignedContent();
                if (signedContent != null) {
                    bArr2 = (byte[]) signedContent.getContent();
                }
                return bArr2;
            } catch (Exception e) {
                throw new SignerException("Error on get content from PKCS7", e);
            }
        } catch (CMSException e2) {
            throw new SignerException("Invalid bytes for a package PKCS7", e2);
        }
    }

    @Override // br.gov.frameworkdemoiselle.certificate.signer.pkcs7.PKCS7Signer
    public Collection<Attribute> getAttributes() {
        ArrayList arrayList = new ArrayList();
        Iterator<Class<? extends Attribute>> it = this.attributes.keySet().iterator();
        while (it.hasNext()) {
            arrayList.addAll(this.attributes.get(it.next()));
        }
        return arrayList;
    }

    @Override // br.gov.frameworkdemoiselle.certificate.signer.Signer
    public PrivateKey getPrivateKey() {
        return this.pkcs1.getPrivateKey();
    }

    @Override // br.gov.frameworkdemoiselle.certificate.signer.Signer
    public Provider getProvider() {
        return this.pkcs1.getProvider();
    }

    private String getProviderName() {
        if (this.pkcs1.getProvider() != null) {
            return this.pkcs1.getProvider().getName();
        }
        return null;
    }

    @Override // br.gov.frameworkdemoiselle.certificate.signer.Signer
    public PublicKey getPublicKey() {
        return this.pkcs1.getPublicKey();
    }

    private Class<? extends Attribute> getTypeAttribute(Attribute attribute) {
        if (attribute instanceof UnsignedAttribute) {
            return UnsignedAttribute.class;
        }
        if (attribute instanceof SignedAttribute) {
            return SignedAttribute.class;
        }
        throw new SignerException("Attribute invalid. Attribute should be SignedAttribute or UnsignedAttribute");
    }

    public boolean isDefaultCertificateValidators() {
        return this.defaultCertificateValidators;
    }

    private AttributeTable mountAttributeTable(Collection<Attribute> collection) {
        if (collection == null || collection.isEmpty()) {
            return null;
        }
        AttributeTable attributeTable = null;
        Hashtable hashtable = new Hashtable();
        Iterator<Attribute> it = collection.iterator();
        while (it.hasNext()) {
            org.bouncycastle.asn1.cms.Attribute transformAttribute = transformAttribute(it.next());
            hashtable.put(transformAttribute.getAttrType(), transformAttribute);
        }
        if (hashtable.size() > 0) {
            attributeTable = new AttributeTable(hashtable);
        }
        return attributeTable;
    }

    private AttributeTable mountSignedTable() {
        if (this.attributes == null || this.attributes.size() <= 0) {
            return null;
        }
        return mountAttributeTable(this.attributes.get(SignedAttribute.class));
    }

    private AttributeTable mountUnsignedTable() {
        if (this.attributes == null || this.attributes.size() <= 0) {
            return null;
        }
        return mountAttributeTable(this.attributes.get(UnsignedAttribute.class));
    }

    @Override // br.gov.frameworkdemoiselle.certificate.signer.Signer
    public void setAlgorithm(SignerAlgorithmEnum signerAlgorithmEnum) {
        this.pkcs1.setAlgorithm(signerAlgorithmEnum);
    }

    @Override // br.gov.frameworkdemoiselle.certificate.signer.Signer
    public void setAlgorithm(String str) {
        this.pkcs1.setAlgorithm(str);
    }

    @Override // br.gov.frameworkdemoiselle.certificate.signer.pkcs7.PKCS7Signer
    public void setAttached(boolean z) {
        this.attached = z;
    }

    @Override // br.gov.frameworkdemoiselle.certificate.signer.pkcs7.PKCS7Signer
    public void setCertificate(X509Certificate x509Certificate) {
        this.certificate = x509Certificate;
    }

    @Override // br.gov.frameworkdemoiselle.certificate.signer.pkcs7.PKCS7Signer
    public void setCertificates(Certificate[] certificateArr) {
        this.certificateChain = certificateArr;
    }

    public void setDefaultCertificateValidators(boolean z) {
        this.defaultCertificateValidators = z;
    }

    @Override // br.gov.frameworkdemoiselle.certificate.signer.Signer
    public void setPrivateKey(PrivateKey privateKey) {
        this.pkcs1.setPrivateKey(privateKey);
    }

    @Override // br.gov.frameworkdemoiselle.certificate.signer.Signer
    public void setProvider(Provider provider) {
        this.pkcs1.setProvider(provider);
    }

    @Override // br.gov.frameworkdemoiselle.certificate.signer.Signer
    public void setPublicKey(PublicKey publicKey) {
        this.pkcs1.setPublicKey(publicKey);
    }

    @Override // br.gov.frameworkdemoiselle.certificate.signer.pkcs7.PKCS7Signer
    public void setSignaturePolicy(SignaturePolicy signaturePolicy) {
        if (signaturePolicy == null) {
            return;
        }
        this.signaturePolicy = signaturePolicy;
    }

    @Override // br.gov.frameworkdemoiselle.certificate.signer.Signer
    public byte[] signer(byte[] bArr) {
        String oIDAlgorithmHash;
        String oIDAlgorithmCipher;
        Security.addProvider(new BouncyCastleProvider());
        if (this.certificate == null && this.certificateChain != null && this.certificateChain.length > 0) {
            this.certificate = (X509Certificate) this.certificateChain[0];
        }
        validateForSigner(bArr);
        if (this.certificateChain == null || this.certificateChain.length <= 1) {
            this.certificateChain = CAManager.getInstance().getCertificateChainArray(this.certificate);
        }
        SignaturePolicyIdentifier signaturePolicyIdentifier = new SignaturePolicyIdentifier();
        signaturePolicyIdentifier.setSignaturePolicyId(this.signaturePolicy.getSignaturePolicyId());
        addAttribute(signaturePolicyIdentifier);
        boolean z = true;
        Iterator<Attribute> it = getAttributes().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            if (it.next() instanceof SigningCertificate) {
                z = false;
                break;
            }
        }
        if (z) {
            addAttribute(this.signaturePolicy.getSigningCertificateAttribute(this.certificate));
        }
        setCertificate((X509Certificate) this.certificateChain[0]);
        if (this.certificateChain.length == 1) {
            throw new SignerException("Impossivel extrair a cadeia de confianca do certificado");
        }
        if (this.pkcs1 == null || this.pkcs1.getAlgorithm() == null || this.pkcs1.getAlgorithm().trim().length() <= 0) {
            oIDAlgorithmHash = this.signaturePolicy.getSignerAlgorithm().getOIDAlgorithmHash();
            oIDAlgorithmCipher = this.signaturePolicy.getSignerAlgorithm().getOIDAlgorithmCipher();
        } else {
            oIDAlgorithmHash = SignerAlgorithmEnum.valueOf(this.pkcs1.getAlgorithm()).getOIDAlgorithmHash();
            oIDAlgorithmCipher = SignerAlgorithmEnum.valueOf(this.pkcs1.getAlgorithm()).getOIDAlgorithmCipher();
        }
        CMSSignedDataGenerator cMSSignedDataGenerator = new CMSSignedDataGenerator();
        try {
            cMSSignedDataGenerator.addCertificatesAndCRLs(generatedCertStore());
            this.signaturePolicy.validate(this.certificate, this.pkcs1.getPrivateKey());
            CAManager.getInstance().validateRootCAs(CAManager.getInstance().getSignaturePolicyRootCAs(this.signaturePolicy.getSignaturePolicyId().getSigPolicyId()), this.certificate);
            cMSSignedDataGenerator.addSigner(this.pkcs1.getPrivateKey(), this.certificate, oIDAlgorithmCipher, oIDAlgorithmHash, mountSignedTable(), mountUnsignedTable());
            try {
                return cMSSignedDataGenerator.generate(CMSSignedDataGenerator.DATA, bArr == null ? new CMSAbsentContent() : new CMSProcessableByteArray(bArr), this.attached, getProviderName(), true).getEncoded();
            } catch (NoSuchProviderException e) {
                throw new SignerException(e);
            } catch (CMSException e2) {
                throw new SignerException((Throwable) e2);
            } catch (IOException e3) {
                throw new SignerException(e3);
            } catch (NoSuchAlgorithmException e4) {
                throw new SignerException(e4);
            }
        } catch (CertStoreException e5) {
            throw new SignerException(e5);
        } catch (CMSException e6) {
            throw new SignerException((Throwable) e6);
        }
    }

    private org.bouncycastle.asn1.cms.Attribute transformAttribute(Attribute attribute) {
        BCAttribute factoryBCAttribute = BCAdapter.factoryBCAttribute(attribute);
        return new org.bouncycastle.asn1.cms.Attribute(factoryBCAttribute.getObjectIdentifier(), factoryBCAttribute.getValue());
    }

    private void validateForSigner(byte... bArr) {
        if (this.pkcs1 == null) {
            throw new SignerException("Please enter the required properties");
        }
        if (this.pkcs1.getPrivateKey() == null) {
            throw new SignerException("Private Key is null");
        }
        if (this.certificate == null) {
            throw new SignerException("Certificate is null");
        }
        try {
            List cRLDistributionPoint = new BasicCertificate(this.certificate).getCRLDistributionPoint();
            if (cRLDistributionPoint == null || cRLDistributionPoint.isEmpty()) {
                throw new SignerException("Blank LCR distribuition point for certificate.");
            }
            try {
                if (this.certificateValidators == null || this.certificateValidators.isEmpty()) {
                    new CertificateManager(this.certificate, this.defaultCertificateValidators, new IValidator[0]);
                } else {
                    new CertificateManager(this.certificate, this.defaultCertificateValidators, (IValidator[]) this.certificateValidators.toArray(new IValidator[0]));
                }
            } catch (Throwable th) {
                if (th instanceof CertificateException) {
                    throw th;
                }
                if (!(th instanceof CertificateValidatorException)) {
                    throw new SignerException("Certificate is not valid", th);
                }
                throw ((CertificateValidatorException) th);
            }
        } catch (IOException e) {
            throw new SignerException("Error on read CRL distribuition point from Certificate");
        }
    }
}
