package com.adobe.internal.pdftoolkit.services.digsig.cryptoprovider.impl;

import com.adobe.internal.pdftoolkit.core.credentials.impl.JCECredentials;
import com.adobe.internal.pdftoolkit.core.exceptions.PDFSignatureException;
import com.adobe.internal.pdftoolkit.services.digsig.SignatureOptionsCADES;
import com.adobe.internal.pdftoolkit.services.digsig.cryptoprovider.CryptoContext;
import java.io.IOException;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.security.Security;
import java.util.ArrayList;
import java.util.Date;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.DLSequence;
import org.bouncycastle.asn1.DLSet;
import org.bouncycastle.asn1.cms.Attribute;
import org.bouncycastle.asn1.cms.AttributeTable;
import org.bouncycastle.asn1.cms.CMSAttributes;
import org.bouncycastle.asn1.cms.Time;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.x509.Certificate;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaCertStore;
import org.bouncycastle.cms.CMSAttributeTableGenerator;
import org.bouncycastle.cms.CMSProcessableByteArray;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.cms.CMSSignedDataGenerator;
import org.bouncycastle.cms.DefaultSignedAttributeTableGenerator;
import org.bouncycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;

/* loaded from: input_file:com/adobe/internal/pdftoolkit/services/digsig/cryptoprovider/impl/JCEPKCS7SignedDataBuilder.class */
public final class JCEPKCS7SignedDataBuilder {
    private static final String OID_SIGNING_CERTIFICATE_V2_ATTRIBUTE = "1.2.840.113549.1.9.16.2.47";
    private static final String OID_SIGNING_CERTIFICATE_OLD_ATTRIBUTE = "1.2.840.113549.1.9.16.2.12";
    public static final String CERTIFICATE_HASH_ALGORITHM_NAME_FOR_OLD_SIGNING_CERTIFICATE_ATTRIBUTE = "SHA1";
    static final DefaultSignatureAlgorithmIdentifierFinder defaultSignatureAlgorithmIdentifierFinder = new DefaultSignatureAlgorithmIdentifierFinder();

    private byte[] buildSignedData(byte[] bArr, JCECredentials jCECredentials, CryptoContext cryptoContext, boolean z, boolean z2, SignatureOptionsCADES signatureOptionsCADES) throws PDFSignatureException {
        ArrayList arrayList;
        boolean embedRevocationInfo = cryptoContext.embedRevocationInfo();
        boolean z3 = cryptoContext.applyTimestamp() && cryptoContext.getTimeStampProvider() != null;
        try {
            Certificate certificate = Certificate.getInstance(jCECredentials.getCertificate().getEncoded());
            java.security.cert.Certificate[] certificateChain = jCECredentials.getCertificateChain();
            if (certificateChain != null) {
                arrayList = new ArrayList(certificateChain.length);
                for (java.security.cert.Certificate certificate2 : certificateChain) {
                    arrayList.add(certificate2);
                }
            } else {
                arrayList = new ArrayList();
                arrayList.add(jCECredentials.getCertificate());
            }
            JcaCertStore jcaCertStore = new JcaCertStore(arrayList);
            CMSSignedDataGenerator cMSSignedDataGenerator = new CMSSignedDataGenerator();
            String digestAlgorithm = cryptoContext.getDigestAlgorithm();
            String signatureAlgorithm = cryptoContext.getSignatureAlgorithm();
            Provider provider = BCUtilities.provider;
            String str = digestAlgorithm + "with" + signatureAlgorithm;
            if (provider.getService("Signature", str) == null) {
                Provider[] providers = Security.getProviders("Signature." + str);
                if (providers == null) {
                    throw new PDFSignatureException("no available signature providers for " + str);
                }
                provider = providers[0];
            }
            ContentSigner build = new JcaContentSignerBuilder(str).setProvider(provider).build(jCECredentials.getPrivateKey());
            ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
            aSN1EncodableVector.add(new Attribute(CMSAttributes.contentType, new DLSet(PKCSObjectIdentifiers.data)));
            if (z2) {
                aSN1EncodableVector.add(new Attribute(CMSAttributes.messageDigest, new DLSet(new DEROctetString(bArr))));
            }
            aSN1EncodableVector.add(new Attribute(CMSAttributes.signingTime, new DLSet(new Time(new Date()))));
            if (signatureOptionsCADES != null) {
                addCAdESpecificAttributesToSignedAttributes(aSN1EncodableVector, certificate, signatureOptionsCADES);
            }
            if (embedRevocationInfo) {
                JCERevInfoUtil.addRevocationAttributeToSignedAttributes(aSN1EncodableVector, cryptoContext.getRevocationInfoProvider());
            }
            DefaultSignedAttributeTableGenerator defaultSignedAttributeTableGenerator = new DefaultSignedAttributeTableGenerator(new AttributeTable(aSN1EncodableVector));
            JcaSignerInfoGeneratorBuilder jcaSignerInfoGeneratorBuilder = new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().setProvider(BCUtilities.provider).build());
            jcaSignerInfoGeneratorBuilder.setSignedAttributeGenerator(defaultSignedAttributeTableGenerator);
            if (cryptoContext != null && cryptoContext.getSignatureAlgorithm().equalsIgnoreCase("DSA") && z2) {
                jcaSignerInfoGeneratorBuilder.setSignedAttributeGenerator((CMSAttributeTableGenerator) null);
            }
            cMSSignedDataGenerator.addSignerInfoGenerator(jcaSignerInfoGeneratorBuilder.build(build, new X509CertificateHolder(certificate.getEncoded("DER"))));
            cMSSignedDataGenerator.addCertificates(jcaCertStore);
            CMSSignedData generate = ((cryptoContext == null || !cryptoContext.getSignatureAlgorithm().equalsIgnoreCase("DSA")) && !z2) ? cMSSignedDataGenerator.generate(new CMSProcessableByteArray(bArr), true) : cMSSignedDataGenerator.generate(new CMSProcessableByteArray(bArr), false);
            if (z3) {
                generate = JCETimeStampingUtil.addTSAttributeToSignedData(generate, cryptoContext.getTimeStampProvider(), z);
            }
            return new DLSequence(JCEASNUtilities.JCESigAlgorithmFixer(ASN1Sequence.getInstance(generate.getEncoded()), defaultSignatureAlgorithmIdentifierFinder.find(str)).toArray()).getEncoded();
        } catch (Exception e) {
            throw new PDFSignatureException("Error building CMS", e);
        }
    }

    private static void addCAdESpecificAttributesToSignedAttributes(ASN1EncodableVector aSN1EncodableVector, Certificate certificate, SignatureOptionsCADES signatureOptionsCADES) throws NoSuchAlgorithmException, PDFSignatureException, IOException {
        aSN1EncodableVector.add(createSigningCertificateAttribute(signatureOptionsCADES.getCertificateHashAlgorithmName(), certificate, signatureOptionsCADES.isPolicyInformationInSigningCertificateAttributeEnabled()));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Attribute createSigningCertificateAttribute(String str, Certificate certificate, boolean z) throws NoSuchAlgorithmException, PDFSignatureException, IOException {
        return new Attribute(str.equalsIgnoreCase("SHA1") ? new ASN1ObjectIdentifier(OID_SIGNING_CERTIFICATE_OLD_ATTRIBUTE) : new ASN1ObjectIdentifier(OID_SIGNING_CERTIFICATE_V2_ATTRIBUTE), new DLSet(JCEASNUtilities.getSigningCertificateVXDerEncoded(str, certificate, z)));
    }

    public byte[] buildPacket(byte[] bArr, JCECredentials jCECredentials, CryptoContext cryptoContext, boolean z, boolean z2) throws PDFSignatureException {
        return buildSignedData(bArr, jCECredentials, cryptoContext, z, z2, null);
    }

    public byte[] buildPacketForCADES(byte[] bArr, JCECredentials jCECredentials, CryptoContext cryptoContext, boolean z, SignatureOptionsCADES signatureOptionsCADES) throws PDFSignatureException {
        return buildSignedData(bArr, jCECredentials, cryptoContext, z, true, signatureOptionsCADES);
    }
}
