package com.adobe.internal.pdftoolkit.services.digsig.cryptoprovider.impl;

import com.adobe.internal.pdftoolkit.core.credentials.impl.HSMCredentials;
import com.adobe.internal.pdftoolkit.core.credentials.impl.RSACredentials;
import com.adobe.internal.pdftoolkit.core.exceptions.PDFSignatureException;
import com.adobe.internal.pdftoolkit.core.securityframework.CryptoMode;
import com.adobe.internal.pdftoolkit.services.digsig.SignatureOptionsCADES;
import com.adobe.internal.pdftoolkit.services.digsig.cryptoprovider.CryptoContext;
import com.rsa.certj.CertJ;
import com.rsa.certj.InvalidParameterException;
import com.rsa.certj.InvalidUseException;
import com.rsa.certj.ProviderManagementException;
import com.rsa.certj.cert.CertificateException;
import com.rsa.certj.cert.NameException;
import com.rsa.certj.cert.X500Name;
import com.rsa.certj.cert.X501Attributes;
import com.rsa.certj.cert.X509Certificate;
import com.rsa.certj.cert.attributes.ContentType;
import com.rsa.certj.cert.attributes.NonStandardAttribute;
import com.rsa.certj.cert.attributes.X501Attribute;
import com.rsa.certj.pkcs7.ContentInfo;
import com.rsa.certj.pkcs7.Data;
import com.rsa.certj.pkcs7.PKCS7Exception;
import com.rsa.certj.pkcs7.SignedData;
import com.rsa.certj.pkcs7.SignerInfo;
import com.rsa.certj.spi.path.CertPathCtx;
import com.rsa.jsafe.JSAFE_InvalidUseException;
import com.rsa.jsafe.JSAFE_UnimplementedException;
import java.security.cert.CertificateEncodingException;
import java.util.Arrays;

/* loaded from: input_file:com/adobe/internal/pdftoolkit/services/digsig/cryptoprovider/impl/RSAPKCS7SignedDataBuilder.class */
public final class RSAPKCS7SignedDataBuilder {
    private static final byte[] OID_SIGNING_CERTIFICATE_V2_ATTRIBUTE = {42, -122, 72, -122, -9, 13, 1, 9, 16, 2, 47};
    private static final byte[] OID_SIGNING_CERTIFICATE_OLD_ATTRIBUTE = {42, -122, 72, -122, -9, 13, 1, 9, 16, 2, 12};
    private static final byte[] OID_POLICY_IDENTIFIER_ATTRIBUTE = {42, -122, 72, -122, -9, 13, 1, 9, 16, 2, 15};
    private static final byte[] OID_CONTENT_TYPE_DATA = {42, -122, 72, -122, -9, 13, 1, 7, 1};
    private static final byte[] OID_CONTENT_TYPE = {42, -122, 72, -122, -9, 13, 1, 9, 3};
    public static final String CERTIFICATE_HASH_ALGORITHM_NAME_FOR_OLD_SIGNING_CERTIFICATE_ATTRIBUTE = "SHA1";

    private byte[] buildSignedData(byte[] bArr, RSACredentials rSACredentials, CryptoContext cryptoContext, boolean z, boolean z2, SignatureOptionsCADES signatureOptionsCADES) throws PDFSignatureException, JSAFE_InvalidUseException {
        boolean embedRevocationInfo = cryptoContext.embedRevocationInfo();
        boolean applyTimestamp = cryptoContext.applyTimestamp();
        try {
            X509Certificate[] rSAX509CertChain = rSACredentials.getRSAX509CertChain();
            SignedData constructSignedDataObject = constructSignedDataObject(rSACredentials, cryptoContext.getMode());
            if (!z2) {
                Data contentInfo = ContentInfo.getInstance(1, (CertJ) null, (CertPathCtx) null);
                contentInfo.setContent(bArr, 0, bArr.length);
                constructSignedDataObject.setContentInfo(contentInfo);
            } else if ("DSA".equals(cryptoContext.getSignatureAlgorithm())) {
                Data contentInfo2 = ContentInfo.getInstance(1, (CertJ) null, (CertPathCtx) null);
                contentInfo2.setContent(bArr, 0, bArr.length);
                constructSignedDataObject.setContentInfo(contentInfo2);
            } else {
                constructSignedDataObject.setDigest(bArr, cryptoContext.getDigestAlgorithm());
            }
            SignerInfo constructSignerInfo = constructSignerInfo(rSACredentials, cryptoContext.getSignatureAlgorithm(), cryptoContext.getDigestAlgorithm());
            if (signatureOptionsCADES != null) {
                addCaDesSpecificAttributesToSignerInfo(constructSignerInfo, rSACredentials.getRSAX509Cert(), signatureOptionsCADES);
            }
            constructSignedDataObject.addSignerInfo(constructSignerInfo);
            if (rSAX509CertChain != null) {
                for (X509Certificate x509Certificate : rSAX509CertChain) {
                    constructSignedDataObject.addCertificate(x509Certificate);
                }
            } else {
                constructSignedDataObject.addCertificate(rSACredentials.getRSAX509Cert());
            }
            if (z2) {
                constructSignedDataObject.createDetachedSignature();
            }
            if (embedRevocationInfo) {
                RSARevInfoUtil.addRevocationAttributeToSignerInfo(constructSignedDataObject, cryptoContext.getRevocationInfoProvider());
            }
            int contentInfoDERLen = constructSignedDataObject.getContentInfoDERLen();
            if (cryptoContext.applyTimestamp() && RSATimeStampingUtil.addTSAttributeToSignerInfo(constructSignedDataObject, cryptoContext.getTimeStampProvider(), z) == 1) {
                contentInfoDERLen = constructSignedDataObject.getContentInfoDERLen();
            }
            byte[] bArr2 = new byte[contentInfoDERLen];
            constructSignedDataObject.writeMessage(bArr2, 0);
            constructSignedDataObject.clearSensitiveData();
            return bArr2;
        } catch (PDFSignatureException e) {
            String str = embedRevocationInfo ? "Revocation attribute" : "attributes";
            if (applyTimestamp) {
                str = "Timestamp attribute";
            }
            if (embedRevocationInfo && applyTimestamp) {
                str = "Revocation and timestamp attributes";
            }
            throw new PDFSignatureException("Error adding " + str + " to PKCS#7 SignedData object.", e);
        } catch (NameException e2) {
            throw new PDFSignatureException("Error building PKCS#7 SignedData object.", e2);
        } catch (InvalidUseException e3) {
            throw new PDFSignatureException("Error building PKCS#7 SignedData object. We are using the rsa cert-j api's incorrectly. ", e3);
        } catch (InvalidParameterException e4) {
            throw new PDFSignatureException("Error building PKCS#7 SignedData object.Parameters sent to the rsa cert-j api's are incorrect", e4);
        } catch (CertificateException e5) {
            throw new PDFSignatureException("Error building PKCS#7 SignedData object.The certificate used has a problem", e5);
        } catch (PKCS7Exception e6) {
            throw new PDFSignatureException("Error building PKCS#7 SignedData object.", e6);
        } catch (ProviderManagementException e7) {
            throw new PDFSignatureException("Error building PKCS#7 SignedData object.", e7);
        } catch (JSAFE_UnimplementedException e8) {
            throw new PDFSignatureException("Error building PKCS#7 SignedData object.", e8);
        } catch (CertificateEncodingException e9) {
            throw new PDFSignatureException("Error building PKCS#7 SignedData object.", e9);
        }
    }

    private static void addCaDesSpecificAttributesToSignerInfo(SignerInfo signerInfo, X509Certificate x509Certificate, SignatureOptionsCADES signatureOptionsCADES) throws PDFSignatureException {
        X501Attribute createPolicyIdentifierAttribute;
        try {
            RSASigningUtils.addAuthenticatedAttribute(signerInfo, createSigningCertificateAttribute(signatureOptionsCADES.getCertificateHashAlgorithmName(), x509Certificate, signatureOptionsCADES.isPolicyInformationInSigningCertificateAttributeEnabled()));
            if (signatureOptionsCADES.isSignaturePolicyIdentifierAttributeEnabled() && (createPolicyIdentifierAttribute = createPolicyIdentifierAttribute(signatureOptionsCADES.getPolicyHashAlgorithmName(), x509Certificate, signatureOptionsCADES.getPolicyID())) != null) {
                RSASigningUtils.addAuthenticatedAttribute(signerInfo, createPolicyIdentifierAttribute);
            }
            if (!Arrays.equals(RSASigningUtils.getContentTypeAttributeValue(signerInfo), OID_CONTENT_TYPE_DATA)) {
                RSASigningUtils.addAuthenticatedAttribute(signerInfo, new ContentType(OID_CONTENT_TYPE_DATA, 0, OID_CONTENT_TYPE_DATA.length));
            }
        } catch (RuntimeException e) {
            throw e;
        } catch (Exception e2) {
            throw new PDFSignatureException("Error adding authenticated attributes", e2);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static X501Attribute createPolicyIdentifierAttribute(String str, X509Certificate x509Certificate, byte[] bArr) throws PDFSignatureException {
        NonStandardAttribute nonStandardAttribute = new NonStandardAttribute();
        nonStandardAttribute.setOID(OID_POLICY_IDENTIFIER_ATTRIBUTE, 0, OID_POLICY_IDENTIFIER_ATTRIBUTE.length);
        try {
            byte[] policyIdentiferAttributeDerEncoded = RSAASNUtilities.getPolicyIdentiferAttributeDerEncoded(str, x509Certificate, bArr);
            if (policyIdentiferAttributeDerEncoded == null) {
                return null;
            }
            nonStandardAttribute.setValue(policyIdentiferAttributeDerEncoded, 0, policyIdentiferAttributeDerEncoded.length);
            return nonStandardAttribute;
        } catch (RuntimeException e) {
            throw e;
        } catch (Exception e2) {
            throw new PDFSignatureException("Error creating signaturePolicyIdentifier attribute", e2);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static X501Attribute createSigningCertificateAttribute(String str, X509Certificate x509Certificate, boolean z) throws PDFSignatureException {
        NonStandardAttribute nonStandardAttribute = new NonStandardAttribute();
        if (str.equalsIgnoreCase("SHA1")) {
            nonStandardAttribute.setOID(OID_SIGNING_CERTIFICATE_OLD_ATTRIBUTE, 0, OID_SIGNING_CERTIFICATE_OLD_ATTRIBUTE.length);
        } else {
            nonStandardAttribute.setOID(OID_SIGNING_CERTIFICATE_V2_ATTRIBUTE, 0, OID_SIGNING_CERTIFICATE_V2_ATTRIBUTE.length);
        }
        try {
            byte[] signingCertificateVXDerEncoded = RSAASNUtilities.getSigningCertificateVXDerEncoded(str, x509Certificate, z);
            nonStandardAttribute.setValue(signingCertificateVXDerEncoded, 0, signingCertificateVXDerEncoded.length);
            return nonStandardAttribute;
        } catch (RuntimeException e) {
            throw e;
        } catch (Exception e2) {
            throw new PDFSignatureException("Error Creating SigningCertificate Attribute", e2);
        }
    }

    private SignedData constructSignedDataObject(RSACredentials rSACredentials, CryptoMode cryptoMode) throws CertificateEncodingException, JSAFE_UnimplementedException, InvalidParameterException, ProviderManagementException, InvalidUseException, PKCS7Exception, CertificateException, PDFSignatureException, JSAFE_InvalidUseException {
        if (!(rSACredentials instanceof HSMCredentials)) {
            return RSASigningUtils.buildRSASignedDataWithMemoryDB(rSACredentials, cryptoMode);
        }
        try {
            return RSASigningUtils.buildRSASignedDataForHSM((HSMCredentials) rSACredentials);
        } catch (Exception e) {
            throw new PDFSignatureException("Could not parse HSM credentials when constructing SignedData object", e);
        }
    }

    private SignerInfo constructSignerInfo(RSACredentials rSACredentials, String str, String str2) throws NameException, PKCS7Exception, CertificateException {
        SignerInfo signerInfo = new SignerInfo();
        if (rSACredentials instanceof HSMCredentials) {
            X509Certificate rSAX509Cert = ((HSMCredentials) rSACredentials).getRSAX509Cert();
            new X500Name();
            X500Name issuerName = rSAX509Cert.getIssuerName();
            byte[] serialNumber = rSAX509Cert.getSerialNumber();
            signerInfo.setIssuerAndSerialNumber(issuerName, serialNumber, 0, serialNumber.length);
        } else {
            new X500Name();
            X500Name issuerName2 = rSACredentials.getRSAX509Cert().getIssuerName();
            byte[] serialNumber2 = rSACredentials.getRSAX509Cert().getSerialNumber();
            signerInfo.setIssuerAndSerialNumber(issuerName2, serialNumber2, 0, serialNumber2.length);
        }
        if (str.equalsIgnoreCase("EC")) {
            X501Attributes x501Attributes = new X501Attributes();
            x501Attributes.addAttribute(new ContentType(OID_CONTENT_TYPE, 0, OID_CONTENT_TYPE.length));
            signerInfo.setAuthenticatedAttrs(x501Attributes);
            signerInfo.setEncryptionAlgorithm("ECDSA");
        } else {
            signerInfo.setEncryptionAlgorithm(str);
        }
        signerInfo.setDigestAlgorithm(str2);
        return signerInfo;
    }

    public byte[] buildPacket(byte[] bArr, RSACredentials rSACredentials, CryptoContext cryptoContext, boolean z, boolean z2) throws PDFSignatureException {
        try {
            return buildSignedData(bArr, rSACredentials, cryptoContext, z, z2, null);
        } catch (JSAFE_InvalidUseException e) {
            throw new PDFSignatureException(e);
        }
    }

    public byte[] buildPacketForCADES(byte[] bArr, RSACredentials rSACredentials, CryptoContext cryptoContext, boolean z, SignatureOptionsCADES signatureOptionsCADES) throws PDFSignatureException {
        try {
            return buildSignedData(bArr, rSACredentials, cryptoContext, z, true, signatureOptionsCADES);
        } catch (JSAFE_InvalidUseException e) {
            throw new PDFSignatureException(e);
        }
    }
}
