package com.adobe.internal.pdftoolkit.services.digsig.cryptoprovider.impl;

import com.adobe.internal.pdftoolkit.core.credentials.impl.HSMCredentials;
import com.adobe.internal.pdftoolkit.core.credentials.impl.RSACredentials;
import com.adobe.internal.pdftoolkit.core.exceptions.PDFInvalidParameterException;
import com.adobe.internal.pdftoolkit.core.exceptions.PDFSignatureException;
import com.adobe.internal.pdftoolkit.core.securityframework.CryptoMode;
import com.adobe.internal.pdftoolkit.services.digsig.SignatureOptionsCADES;
import com.adobe.internal.pdftoolkit.services.digsig.cryptoprovider.CryptoContext;
import com.adobe.internal.pdftoolkit.services.digsig.spi.RevocationInfoProvider;
import com.adobe.internal.pdftoolkit.services.digsig.spi.TimeStampProvider;
import com.rsa.asn1.ASN1;
import com.rsa.asn1.ASN1Container;
import com.rsa.asn1.ASN_Exception;
import com.rsa.asn1.OctetStringContainer;
import com.rsa.certj.CertJ;
import com.rsa.certj.InvalidParameterException;
import com.rsa.certj.InvalidUseException;
import com.rsa.certj.Provider;
import com.rsa.certj.ProviderManagementException;
import com.rsa.certj.cert.Certificate;
import com.rsa.certj.cert.CertificateException;
import com.rsa.certj.cert.X501Attributes;
import com.rsa.certj.cert.X509Certificate;
import com.rsa.certj.cert.attributes.ContentType;
import com.rsa.certj.cert.attributes.X501Attribute;
import com.rsa.certj.pkcs7.ContentInfo;
import com.rsa.certj.pkcs7.PKCS7Exception;
import com.rsa.certj.pkcs7.SignedData;
import com.rsa.certj.pkcs7.SignerInfo;
import com.rsa.certj.provider.db.MemoryDB;
import com.rsa.certj.spi.path.CertPathCtx;
import com.rsa.jsafe.JSAFE_InvalidUseException;
import com.rsa.jsafe.JSAFE_PKCS11SessionSpec;
import com.rsa.jsafe.JSAFE_PublicKey;
import com.rsa.jsafe.JSAFE_Session;
import com.rsa.jsafe.JSAFE_UnimplementedException;
import java.security.cert.CertificateEncodingException;
import java.util.Date;

/* loaded from: input_file:com/adobe/internal/pdftoolkit/services/digsig/cryptoprovider/impl/RSASigningUtils.class */
public final class RSASigningUtils {
    private RSASigningUtils() {
    }

    public static SignedData buildRSASignedDataWithMemoryDB(RSACredentials rSACredentials, CryptoMode cryptoMode) throws CertificateEncodingException, CertificateException, JSAFE_UnimplementedException, InvalidParameterException, ProviderManagementException, InvalidUseException, PKCS7Exception, JSAFE_InvalidUseException {
        try {
            CertJ certJ = (CertJ) Class.forName("com.adobe.internal.pdftoolkit.core.encryption.impl.PKCS7Utils").getDeclaredMethod("createCertJContext", RSACredentials[].class, CryptoMode.class).invoke(null, new RSACredentials[]{rSACredentials}, cryptoMode);
            return ContentInfo.getInstance(2, certJ, new CertPathCtx(4, rSACredentials.getRSAX509CertChain(), (byte[][]) null, new Date(), certJ.bindServices(1)));
        } catch (Exception e) {
            e.printStackTrace();
            throw new InvalidUseException("can not create certj context without encryption jar");
        }
    }

    public static SignedData buildRSASignedDataForHSM(HSMCredentials hSMCredentials) throws Exception {
        CertJ certJ = new CertJ();
        certJ.setDevice("PKCS11/Java");
        JSAFE_Session[] session = hSMCredentials.getSession();
        if (session == null) {
            throw new Exception("There are no available JSAFE Sessions");
        }
        JSAFE_PKCS11SessionSpec sessionSpec = session[0].getSessionSpec();
        certJ.setPKCS11Sessions(session);
        certJ.registerService(createP11Provider(hSMCredentials, sessionSpec));
        return ContentInfo.getInstance(2, certJ, new CertPathCtx(4, hSMCredentials.getRSAX509CertChain() == null ? new Certificate[]{hSMCredentials.getRSAX509Cert()} : hSMCredentials.getRSAX509CertChain(), (byte[][]) null, new Date(), certJ.bindService(1, "PKCS 11 Database")));
    }

    private static Provider createP11Provider(HSMCredentials hSMCredentials, JSAFE_PKCS11SessionSpec jSAFE_PKCS11SessionSpec) throws InvalidParameterException {
        if (!hSMCredentials.getCustomDBPref()) {
            try {
                return (Provider) Class.forName("com.rsa.certj.provider.db.pkcs11.PKCS11DB").getConstructor(String.class, JSAFE_PKCS11SessionSpec.class).newInstance("PKCS 11 Database", jSAFE_PKCS11SessionSpec);
            } catch (Throwable th) {
                return new MemoryDB("memory Database");
            }
        }
        RSAHSMCustomDBProvider rSAHSMCustomDBProvider = new RSAHSMCustomDBProvider("PKCS 11 Database");
        rSAHSMCustomDBProvider.setCredentials(hSMCredentials);
        return rSAHSMCustomDBProvider;
    }

    public static int estimatePacketSizeUsingRSA(RSACredentials rSACredentials, CryptoContext cryptoContext, AbstractDigester abstractDigester, boolean z) throws PDFSignatureException {
        X501Attributes createAdobeRevocationInfo;
        try {
            X509Certificate rSAX509Cert = rSACredentials.getRSAX509Cert();
            X509Certificate[] rSAX509CertChain = rSACredentials.getRSAX509CertChain();
            int computeJSAFEPublicKeySize = computeJSAFEPublicKeySize(rSAX509Cert.getSubjectPublicKey("Java"));
            int length = 1024 + ASN1.derEncode(new ASN1Container[]{new OctetStringContainer(0, true, 0, new byte[computeJSAFEPublicKeySize], 0, computeJSAFEPublicKeySize)}).length;
            if (!z) {
                length += abstractDigester.getSize();
            }
            int length2 = length + rSAX509Cert.getIssuerAndSerialNumber().length;
            if (rSAX509CertChain != null) {
                for (X509Certificate x509Certificate : rSAX509CertChain) {
                    length2 += x509Certificate.getDERLen(0);
                }
            }
            RevocationInfoProvider revocationInfoProvider = cryptoContext.getRevocationInfoProvider();
            if (revocationInfoProvider != null && (createAdobeRevocationInfo = RSARevInfoUtil.createAdobeRevocationInfo(revocationInfoProvider)) != null) {
                length2 += createAdobeRevocationInfo.getDERLen(0);
            }
            TimeStampProvider timeStampProvider = cryptoContext.getTimeStampProvider();
            if (timeStampProvider != null) {
                length2 += RSATimeStampingUtil.createTSAttribute(new byte[abstractDigester.getSize()], timeStampProvider, true).getDERLen(0);
            }
            return length2;
        } catch (ASN_Exception e) {
            throw new PDFSignatureException("Unable to estimate PKCS7 packet size", e);
        } catch (CertificateException e2) {
            throw new PDFSignatureException("Unable to estimate PKCS7 packet size", e2);
        }
    }

    private static int computeJSAFEPublicKeySize(JSAFE_PublicKey jSAFE_PublicKey) {
        return jSAFE_PublicKey.getKeyData()[0].length * 8;
    }

    public static int estimatePacketSizeUsingRSAForCADES(RSACredentials rSACredentials, CryptoContext cryptoContext, AbstractDigester abstractDigester, SignatureOptionsCADES signatureOptionsCADES) throws PDFSignatureException {
        X501Attribute createPolicyIdentifierAttribute;
        int estimatePacketSizeUsingRSA = estimatePacketSizeUsingRSA(rSACredentials, cryptoContext, abstractDigester, true);
        X501Attribute createSigningCertificateAttribute = RSAPKCS7SignedDataBuilder.createSigningCertificateAttribute(signatureOptionsCADES.getCertificateHashAlgorithmName(), rSACredentials.getRSAX509Cert(), signatureOptionsCADES.isPolicyInformationInSigningCertificateAttributeEnabled());
        if (createSigningCertificateAttribute != null) {
            estimatePacketSizeUsingRSA += createSigningCertificateAttribute.getDERLen(0);
        }
        if (signatureOptionsCADES.isSignaturePolicyIdentifierAttributeEnabled() && (createPolicyIdentifierAttribute = RSAPKCS7SignedDataBuilder.createPolicyIdentifierAttribute(signatureOptionsCADES.getPolicyHashAlgorithmName(), rSACredentials.getRSAX509Cert(), signatureOptionsCADES.getPolicyID())) != null) {
            estimatePacketSizeUsingRSA += createPolicyIdentifierAttribute.getDERLen(0);
        }
        return estimatePacketSizeUsingRSA;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void addAuthenticatedAttribute(SignerInfo signerInfo, X501Attribute x501Attribute) throws PKCS7Exception {
        X501Attributes authenticatedAttrs = signerInfo.getAuthenticatedAttrs();
        if (authenticatedAttrs == null) {
            authenticatedAttrs = new X501Attributes();
        }
        authenticatedAttrs.addAttribute(x501Attribute);
        signerInfo.setAuthenticatedAttrs(authenticatedAttrs);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static byte[] getContentTypeAttributeValue(SignerInfo signerInfo) throws PKCS7Exception {
        ContentType attributeByType;
        X501Attributes authenticatedAttrs = signerInfo.getAuthenticatedAttrs();
        if (authenticatedAttrs == null || (attributeByType = authenticatedAttrs.getAttributeByType(14)) == null) {
            return null;
        }
        return attributeByType.getContentType();
    }

    /* JADX WARN: Type inference failed for: r0v8, types: [byte[], byte[][]] */
    public static byte[][] buildDERCertChainFromRSA(RSACredentials rSACredentials) throws PDFInvalidParameterException {
        try {
            X509Certificate[] rSAX509CertChain = rSACredentials.getRSAX509CertChain();
            if (rSAX509CertChain == null) {
                return (byte[][]) null;
            }
            ?? r0 = new byte[rSAX509CertChain.length];
            for (int i = 0; i < rSAX509CertChain.length; i++) {
                byte[] bArr = new byte[rSAX509CertChain[i].getDERLen(0)];
                rSAX509CertChain[i].getDEREncoding(bArr, 0, 0);
                r0[i] = bArr;
            }
            return r0;
        } catch (CertificateException e) {
            throw new PDFInvalidParameterException(e);
        }
    }

    public static byte[] createDERCertFromRSA(RSACredentials rSACredentials) throws PDFInvalidParameterException {
        X509Certificate rSAX509Cert = rSACredentials.getRSAX509Cert();
        try {
            byte[] bArr = new byte[rSAX509Cert.getDERLen(0)];
            rSAX509Cert.getDEREncoding(bArr, 0, 0);
            return bArr;
        } catch (CertificateException e) {
            throw new PDFInvalidParameterException("Cannot get encoded certificate", e);
        }
    }

    public static String getKeyAlgorithm(X509Certificate x509Certificate) throws PDFInvalidParameterException {
        try {
            return x509Certificate.getSubjectPublicKey("Java").getAlgorithm();
        } catch (CertificateException e) {
            throw new PDFInvalidParameterException("Cannot obtain key algorithm from the RSA X509 Certificate", e);
        }
    }
}
