package es.gob.afirma.signers.cades;

import es.gob.afirma.core.misc.Base64;
import es.gob.afirma.core.signers.AOSignConstants;
import es.gob.afirma.core.signers.AdESPolicy;
import es.gob.afirma.signers.pkcs7.AOAlgorithmID;
import es.gob.afirma.signers.pkcs7.SigUtils;
import java.io.IOException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import java.util.logging.Logger;
import org.spongycastle.asn1.ASN1Encodable;
import org.spongycastle.asn1.ASN1EncodableVector;
import org.spongycastle.asn1.ASN1ObjectIdentifier;
import org.spongycastle.asn1.ASN1OctetString;
import org.spongycastle.asn1.ASN1Sequence;
import org.spongycastle.asn1.ASN1UTCTime;
import org.spongycastle.asn1.DEROctetString;
import org.spongycastle.asn1.DERSequence;
import org.spongycastle.asn1.DERSet;
import org.spongycastle.asn1.DERTaggedObject;
import org.spongycastle.asn1.DERUTCTime;
import org.spongycastle.asn1.DERUTF8String;
import org.spongycastle.asn1.cms.Attribute;
import org.spongycastle.asn1.cms.CMSAttributes;
import org.spongycastle.asn1.ess.ContentHints;
import org.spongycastle.asn1.ess.ESSCertID;
import org.spongycastle.asn1.ess.ESSCertIDv2;
import org.spongycastle.asn1.ess.SigningCertificate;
import org.spongycastle.asn1.ess.SigningCertificateV2;
import org.spongycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.spongycastle.asn1.x500.X500Name;
import org.spongycastle.asn1.x509.CertificatePolicies;
import org.spongycastle.asn1.x509.DigestInfo;
import org.spongycastle.asn1.x509.GeneralName;
import org.spongycastle.asn1.x509.GeneralNames;
import org.spongycastle.asn1.x509.IssuerSerial;
import org.spongycastle.asn1.x509.PolicyInformation;
import org.spongycastle.asn1.x509.X509AttributeIdentifiers;

/* loaded from: classes.dex */
public final class CAdESUtils {
    private static final Logger LOGGER = Logger.getLogger("es.gob.afirma");

    private CAdESUtils() {
    }

    public static ASN1EncodableVector generateSignerInfo(Certificate certificate, String str, byte[] bArr, AdESPolicy adESPolicy, boolean z, byte[] bArr2, Date date, boolean z2, boolean z3, String str2, String str3, List<CommitmentTypeIndicationBean> list, String[] strArr, CAdESSignerMetadata cAdESSignerMetadata, boolean z4, boolean z5) throws NoSuchAlgorithmException, IOException, CertificateEncodingException {
        if (z3) {
            LOGGER.info("Se ha seleccionado la generacion de CAdES para inclusion en PAdES");
        }
        if (z2) {
            LOGGER.info("Se incluira el atributo SigningTime (OID:1.2.840.113549.1.9.5) en la firma CAdES");
        }
        ASN1EncodableVector initContextSpecific = initContextSpecific(str, bArr, bArr2, date, z4, z3);
        if (z) {
            initContextSpecific.add((ASN1Encodable) getSigningCertificateV2((X509Certificate) certificate, str, z5));
        } else {
            initContextSpecific.add((ASN1Encodable) getSigningCertificateV1((X509Certificate) certificate, str, z5));
        }
        if (adESPolicy != null && adESPolicy.getPolicyIdentifier() != null) {
            initContextSpecific.add((ASN1Encodable) getSigPolicyId(str, adESPolicy));
        }
        if (str2 != null && !z3) {
            initContextSpecific.add((ASN1Encodable) new Attribute(PKCSObjectIdentifiers.id_aa_contentHint, new DERSet((ASN1Encodable) (str3 != null ? new ContentHints(new ASN1ObjectIdentifier(str2), new DERUTF8String(str3)) : new ContentHints(new ASN1ObjectIdentifier(str2))).toASN1Primitive())));
        }
        if (list != null && list.size() > 0) {
            Iterator<CommitmentTypeIndicationBean> it = list.iterator();
            while (it.hasNext()) {
                initContextSpecific.add((ASN1Encodable) new Attribute(PKCSObjectIdentifiers.id_aa_ets_commitmentType, new DERSet((ASN1Encodable) CommitmentTypeIndicationsHelper.generateCommitmentTypeIndication(it.next()).toASN1Primitive())));
            }
        }
        if (!z3 && cAdESSignerMetadata != null && CAdESSignerMetadataHelper.getSignerLocation(cAdESSignerMetadata.getSignerLocation()) != null) {
            initContextSpecific.add((ASN1Encodable) new Attribute(PKCSObjectIdentifiers.id_aa_ets_signerLocation, new DERSet((ASN1Encodable) CAdESSignerMetadataHelper.getSignerLocation(cAdESSignerMetadata.getSignerLocation()))));
        }
        if (strArr != null && strArr.length > 0) {
            ArrayList arrayList = new ArrayList();
            for (String str4 : strArr) {
                if (str4 != null && !str4.isEmpty()) {
                    arrayList.add(new Attribute(X509AttributeIdentifiers.id_at_role, new DERSet((ASN1Encodable) new DERUTF8String(str4))));
                }
            }
            if (!arrayList.isEmpty()) {
                ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
                Iterator it2 = arrayList.iterator();
                while (it2.hasNext()) {
                    aSN1EncodableVector.add((ASN1Encodable) it2.next());
                }
                initContextSpecific.add((ASN1Encodable) new Attribute(PKCSObjectIdentifiers.id_aa_ets_signerAttr, new DERSet((ASN1Encodable) new DERSequence((ASN1Encodable) new DERTaggedObject(0, (ASN1Encodable) new DERSequence(aSN1EncodableVector))))));
            }
        }
        if (z2) {
            initContextSpecific.add((ASN1Encodable) new Attribute(PKCSObjectIdentifiers.pkcs_9_at_signingTime, new DERSet((ASN1Encodable) new DERUTCTime(date))));
        }
        return initContextSpecific;
    }

    private static PolicyInformation[] getPolicyInformation(X509Certificate x509Certificate) {
        if (x509Certificate == null) {
            throw new IllegalArgumentException("El certificado no puede ser nulo");
        }
        byte[] extensionValue = x509Certificate.getExtensionValue("2.5.29.32");
        if (extensionValue == null || extensionValue.length < 1) {
            return null;
        }
        return CertificatePolicies.getInstance(ASN1Sequence.getInstance(ASN1OctetString.getInstance(extensionValue).getOctets())).getPolicyInformation();
    }

    private static Attribute getSigPolicyId(String str, AdESPolicy adESPolicy) throws IOException {
        ASN1ObjectIdentifier aSN1ObjectIdentifier = new ASN1ObjectIdentifier(adESPolicy.getPolicyIdentifier().toLowerCase(Locale.US).replace("urn:oid:", ""));
        DigestInfo digestInfo = new DigestInfo(adESPolicy.getPolicyIdentifierHashAlgorithm() != null ? SigUtils.makeAlgId(AOAlgorithmID.getOID(AOSignConstants.getDigestAlgorithmName(adESPolicy.getPolicyIdentifierHashAlgorithm()))) : SigUtils.makeAlgId(AOAlgorithmID.getOID(str)), adESPolicy.getPolicyIdentifierHash() != null ? Base64.decode(adESPolicy.getPolicyIdentifierHash()) : new byte[]{0});
        AOSigPolicyQualifierInfo aOSigPolicyQualifierInfo = adESPolicy.getPolicyQualifier() != null ? new AOSigPolicyQualifierInfo(adESPolicy.getPolicyQualifier().toString()) : null;
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        aSN1EncodableVector.add((ASN1Encodable) aSN1ObjectIdentifier);
        aSN1EncodableVector.add((ASN1Encodable) digestInfo.toASN1Primitive());
        if (aOSigPolicyQualifierInfo != null) {
            aSN1EncodableVector.add((ASN1Encodable) new DERSequence((ASN1Encodable) aOSigPolicyQualifierInfo.toASN1Primitive()));
        }
        return new Attribute(PKCSObjectIdentifiers.id_aa_ets_sigPolicyId, new DERSet((ASN1Encodable) new DERSequence(aSN1EncodableVector).toASN1Primitive()));
    }

    private static Attribute getSigningCertificateV1(X509Certificate x509Certificate, String str, boolean z) throws CertificateEncodingException, NoSuchAlgorithmException {
        SigningCertificate signingCertificate;
        ESSCertID eSSCertID = new ESSCertID(MessageDigest.getInstance(str).digest(x509Certificate.getEncoded()), new IssuerSerial(new GeneralNames(new GeneralName(X500Name.getInstance(x509Certificate.getIssuerX500Principal().getEncoded()))), x509Certificate.getSerialNumber()));
        PolicyInformation[] policyInformation = z ? null : getPolicyInformation(x509Certificate);
        if (policyInformation != null) {
            ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
            aSN1EncodableVector.add((ASN1Encodable) new DERSequence((ASN1Encodable) eSSCertID));
            aSN1EncodableVector.add((ASN1Encodable) new DERSequence(policyInformation));
            signingCertificate = SigningCertificate.getInstance(new DERSequence(aSN1EncodableVector));
        } else {
            signingCertificate = new SigningCertificate(eSSCertID);
        }
        return new Attribute(PKCSObjectIdentifiers.id_aa_signingCertificate, new DERSet((ASN1Encodable) signingCertificate));
    }

    private static Attribute getSigningCertificateV2(X509Certificate x509Certificate, String str, boolean z) throws CertificateEncodingException, NoSuchAlgorithmException {
        String oid = AOAlgorithmID.getOID(str);
        ESSCertIDv2[] eSSCertIDv2Arr = {new ESSCertIDv2(AOAlgorithmID.OID_SHA256.equals(oid) ? null : SigUtils.makeAlgId(oid), MessageDigest.getInstance(str).digest(x509Certificate.getEncoded()), new IssuerSerial(new GeneralNames(new GeneralName(X500Name.getInstance(x509Certificate.getIssuerX500Principal().getEncoded()))), x509Certificate.getSerialNumber()))};
        PolicyInformation[] policyInformation = z ? null : getPolicyInformation(x509Certificate);
        return new Attribute(PKCSObjectIdentifiers.id_aa_signingCertificateV2, new DERSet((ASN1Encodable) (policyInformation != null ? new SigningCertificateV2(eSSCertIDv2Arr, policyInformation) : new SigningCertificateV2(eSSCertIDv2Arr))));
    }

    private static ASN1EncodableVector initContextSpecific(String str, byte[] bArr, byte[] bArr2, Date date, boolean z, boolean z2) throws NoSuchAlgorithmException {
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        if (!z) {
            aSN1EncodableVector.add((ASN1Encodable) new Attribute(CMSAttributes.contentType, new DERSet((ASN1Encodable) PKCSObjectIdentifiers.data)));
        }
        if (!z2) {
            aSN1EncodableVector.add((ASN1Encodable) new Attribute(CMSAttributes.signingTime, new DERSet((ASN1Encodable) new ASN1UTCTime(date))));
        }
        ASN1ObjectIdentifier aSN1ObjectIdentifier = CMSAttributes.messageDigest;
        if (bArr2 == null) {
            bArr2 = MessageDigest.getInstance(str).digest(bArr);
        }
        aSN1EncodableVector.add((ASN1Encodable) new Attribute(aSN1ObjectIdentifier, new DERSet((ASN1Encodable) new DEROctetString(bArr2))));
        return aSN1EncodableVector;
    }
}
