package at.gv.egiz.bku.slcommands.impl.cms;

import at.buergerkarte.namespaces.securitylayer._1_2_3.CMSDataObjectOptionalMetaType;
import at.buergerkarte.namespaces.securitylayer._1_2_3.CMSDataObjectRequiredMetaType;
import at.buergerkarte.namespaces.securitylayer._1_2_3.DigestAndRefType;
import at.buergerkarte.namespaces.securitylayer._1_2_3.ExcludedByteRangeType;
import at.gv.egiz.bku.slcommands.impl.xsect.AlgorithmMethodFactoryImpl;
import at.gv.egiz.bku.slcommands.impl.xsect.STALSignatureException;
import at.gv.egiz.bku.slexceptions.SLCommandException;
import at.gv.egiz.bku.utils.urldereferencer.URLDereferencer;
import at.gv.egiz.stal.HashDataInput;
import at.gv.egiz.stal.STAL;
import iaik.asn1.ASN1Object;
import iaik.asn1.CodingException;
import iaik.asn1.ObjectID;
import iaik.asn1.SEQUENCE;
import iaik.asn1.UTF8String;
import iaik.asn1.structures.AlgorithmID;
import iaik.asn1.structures.Attribute;
import iaik.asn1.structures.ChoiceOfTime;
import iaik.cms.CMSException;
import iaik.cms.CMSSignatureException;
import iaik.cms.CertificateIdentifier;
import iaik.cms.ContentInfo;
import iaik.cms.IssuerAndSerialNumber;
import iaik.cms.SignedData;
import iaik.cms.SignerInfo;
import iaik.smime.ess.ESSCertID;
import iaik.smime.ess.ESSCertIDv2;
import iaik.x509.X509ExtensionException;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.net.URI;
import java.net.URISyntaxException;
import java.security.InvalidParameterException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Date;
import java.util.List;
import org.apache.commons.lang.ArrayUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3._2000._09.xmldsig_.DigestMethodType;

/* loaded from: input_file:BKULocal.war:WEB-INF/lib/bkucommon-1.4.1.jar:at/gv/egiz/bku/slcommands/impl/cms/Signature.class */
public class Signature {
    public static final String ID_AA_ETS_MIMETYPE = "0.4.0.1733.2.1";
    private final Logger log = LoggerFactory.getLogger(Signature.class);
    protected SignedData signedData;
    protected SignerInfo signerInfo;
    protected byte[] signedDocument;
    protected String mimeType;
    protected AlgorithmID signatureAlgorithm;
    protected AlgorithmID digestAlgorithm;
    protected byte[] digestValue;
    protected String signatureAlgorithmURI;
    protected String digestAlgorithmURI;
    protected ExcludedByteRangeType excludedByteRange;
    private HashDataInput hashDataInput;

    public Signature(CMSDataObjectOptionalMetaType cMSDataObjectOptionalMetaType, String str, X509Certificate x509Certificate, Date date, URLDereferencer uRLDereferencer, boolean z) throws NoSuchAlgorithmException, CertificateEncodingException, CertificateException, X509ExtensionException, InvalidParameterException, CodingException, SLCommandException, IOException, CMSException {
        int i = str.equalsIgnoreCase("enveloping") ? 1 : 2;
        if (cMSDataObjectOptionalMetaType.getContent() != null) {
            this.signedData = new SignedData(getContent(cMSDataObjectOptionalMetaType, uRLDereferencer), i);
            if (cMSDataObjectOptionalMetaType.getMetaInfo() != null) {
                this.mimeType = cMSDataObjectOptionalMetaType.getMetaInfo().getMimeType();
            }
            this.hashDataInput = new CMSHashDataInput(this.signedDocument, this.mimeType);
        } else {
            DigestAndRefType digestAndRef = cMSDataObjectOptionalMetaType.getDigestAndRef();
            DigestMethodType digestMethod = digestAndRef.getDigestMethod();
            this.hashDataInput = new ReferencedHashDataInput(cMSDataObjectOptionalMetaType.getMetaInfo().getMimeType(), uRLDereferencer, digestAndRef.getReference(), cMSDataObjectOptionalMetaType.getExcludedByteRange());
            try {
                this.digestAlgorithm = getAlgorithmID(digestMethod.getAlgorithm());
                this.digestValue = digestAndRef.getDigestValue();
                this.signedData = new SignedData(ObjectID.pkcs7_data);
            } catch (URISyntaxException e) {
                throw new NoSuchAlgorithmException(e);
            }
        }
        setAlgorithmIDs(x509Certificate, z);
        createSignerInfo(x509Certificate);
        setSignerCertificate(x509Certificate);
        this.mimeType = cMSDataObjectOptionalMetaType.getMetaInfo().getMimeType();
        setAttributes(this.mimeType, x509Certificate, date);
    }

    public Signature(CMSDataObjectRequiredMetaType cMSDataObjectRequiredMetaType, String str, X509Certificate x509Certificate, URLDereferencer uRLDereferencer, boolean z) throws NoSuchAlgorithmException, CertificateEncodingException, CertificateException, X509ExtensionException, InvalidParameterException, CodingException, SLCommandException, IOException {
        this.signedData = new SignedData(getContent(cMSDataObjectRequiredMetaType, uRLDereferencer), str.equalsIgnoreCase("enveloping") ? 1 : 2);
        setAlgorithmIDs(x509Certificate, z);
        createSignerInfo(x509Certificate);
        setSignerCertificate(x509Certificate);
        setAttributes(x509Certificate);
    }

    private void createSignerInfo(X509Certificate x509Certificate) throws CertificateEncodingException, CertificateException {
        this.signerInfo = new SignerInfo((CertificateIdentifier) new IssuerAndSerialNumber(new iaik.x509.X509Certificate(x509Certificate.getEncoded())), this.digestAlgorithm, this.signatureAlgorithm, (PrivateKey) new STALPrivateKey(this.signatureAlgorithmURI, this.digestAlgorithmURI));
    }

    private void setSignerCertificate(X509Certificate x509Certificate) {
        this.signedData.addCertificates(new X509Certificate[]{x509Certificate});
    }

    private void setAttributes(String str, X509Certificate x509Certificate, Date date) throws CertificateException, NoSuchAlgorithmException, CodingException {
        ArrayList arrayList = new ArrayList();
        setMimeTypeAttrib(arrayList, str);
        setContentTypeAttrib(arrayList);
        setSigningCertificateAttrib(arrayList, x509Certificate);
        if (date != null) {
            setSigningTimeAttrib(arrayList, date);
        }
        this.signerInfo.setSignedAttributes((Attribute[]) arrayList.toArray(new Attribute[arrayList.size()]));
    }

    private void setAttributes(X509Certificate x509Certificate) throws CertificateException, NoSuchAlgorithmException, CodingException {
        ArrayList arrayList = new ArrayList();
        setContentTypeAttrib(arrayList);
        setSigningCertificateAttrib(arrayList, x509Certificate);
        this.signerInfo.setSignedAttributes((Attribute[]) arrayList.toArray(new Attribute[arrayList.size()]));
    }

    private void setMimeTypeAttrib(List<Attribute> list, String str) {
        list.add(new Attribute(new ObjectID("0.4.0.1733.2.1", "mime-type"), new ASN1Object[]{new UTF8String(str)}));
    }

    private void setContentTypeAttrib(List<Attribute> list) {
        list.add(new Attribute(ObjectID.contentType, new ASN1Object[]{ObjectID.cms_data}));
    }

    private void setSigningCertificateAttrib(List<Attribute> list, X509Certificate x509Certificate) throws CertificateException, NoSuchAlgorithmException, CodingException {
        ObjectID objectID;
        SEQUENCE sequence = new SEQUENCE();
        if (this.digestAlgorithm.equals(AlgorithmID.sha1)) {
            objectID = ObjectID.signingCertificate;
            sequence.addComponent(new ESSCertID(x509Certificate, true).toASN1Object());
        } else {
            objectID = ObjectID.signingCertificateV2;
            sequence.addComponent(new ESSCertIDv2(this.digestAlgorithm, (Certificate) x509Certificate, true).toASN1Object());
        }
        SEQUENCE sequence2 = new SEQUENCE();
        sequence2.addComponent(sequence);
        list.add(new Attribute(objectID, new ASN1Object[]{sequence2}));
    }

    private void setSigningTimeAttrib(List<Attribute> list, Date date) {
        list.add(new Attribute(ObjectID.signingTime, new ASN1Object[]{new ChoiceOfTime(date).toASN1Object()}));
    }

    private byte[] getContent(CMSDataObjectOptionalMetaType cMSDataObjectOptionalMetaType, URLDereferencer uRLDereferencer) throws InvalidParameterException, SLCommandException, IOException {
        byte[] base64Content = cMSDataObjectOptionalMetaType.getContent().getBase64Content();
        if (base64Content == null) {
            String reference = cMSDataObjectOptionalMetaType.getContent().getReference();
            if (reference == null) {
                throw new SLCommandException(4003);
            }
            InputStream stream = uRLDereferencer.dereference(reference).getStream();
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            byte[] bArr = new byte[1024];
            int read = stream.read(bArr);
            while (true) {
                int i = read;
                if (i <= -1) {
                    break;
                }
                byteArrayOutputStream.write(bArr, 0, i);
                read = stream.read(bArr);
            }
            base64Content = byteArrayOutputStream.toByteArray();
            stream.close();
        }
        this.signedDocument = (byte[]) base64Content.clone();
        this.excludedByteRange = cMSDataObjectOptionalMetaType.getExcludedByteRange();
        if (this.excludedByteRange == null) {
            return base64Content;
        }
        int intValue = this.excludedByteRange.getFrom().intValue();
        int intValue2 = this.excludedByteRange.getTo().intValue();
        if (intValue > base64Content.length || intValue2 > base64Content.length || intValue > intValue2) {
            throw new InvalidParameterException("ExcludedByteRange contains invalid data: [" + intValue + "-" + intValue2 + "], Content length: " + base64Content.length);
        }
        Arrays.fill(this.signedDocument, intValue, intValue2 + 1, (byte) 0);
        byte[] bArr2 = null;
        byte[] bArr3 = null;
        if (intValue > 0) {
            bArr2 = Arrays.copyOfRange(base64Content, 0, intValue);
        }
        if (intValue2 + 1 < base64Content.length) {
            bArr3 = Arrays.copyOfRange(base64Content, intValue2 + 1, base64Content.length);
        }
        byte[] addAll = ArrayUtils.addAll(bArr2, bArr3);
        this.log.debug("ExcludedByteRange [" + intValue + "-" + intValue2 + "], Content length: " + addAll.length);
        return addAll;
    }

    protected void setAlgorithmIDs(X509Certificate x509Certificate, boolean z) throws NoSuchAlgorithmException {
        AlgorithmMethodFactoryImpl algorithmMethodFactoryImpl = new AlgorithmMethodFactoryImpl(x509Certificate, z);
        this.signatureAlgorithmURI = algorithmMethodFactoryImpl.getSignatureAlgorithmURI();
        this.signatureAlgorithm = algorithmMethodFactoryImpl.getSignatureAlgorithmID();
        if (this.digestAlgorithm == null) {
            this.digestAlgorithmURI = algorithmMethodFactoryImpl.getDigestAlgorithmURI();
            this.digestAlgorithm = algorithmMethodFactoryImpl.getDigestAlgorithmID();
            return;
        }
        if (AlgorithmID.sha1.equals(this.digestAlgorithm)) {
            this.digestAlgorithmURI = "http://www.w3.org/2000/09/xmldsig#sha1";
            return;
        }
        if (AlgorithmID.sha256.equals(this.digestAlgorithm)) {
            this.digestAlgorithmURI = "http://www.w3.org/2001/04/xmlenc#sha256";
        } else if (AlgorithmID.sha512.equals(this.digestAlgorithm)) {
            this.digestAlgorithmURI = "http://www.w3.org/2001/04/xmlenc#sha512";
        } else {
            if (!AlgorithmID.ripeMd160.equals(this.digestAlgorithm)) {
                throw new NoSuchAlgorithmException("Algorithm '" + this.digestAlgorithm + "' not supported.");
            }
            this.digestAlgorithmURI = "http://www.w3.org/2001/04/xmlenc#ripemd160";
        }
    }

    public HashDataInput getHashDataInput() {
        return this.hashDataInput != null ? this.hashDataInput : new CMSHashDataInput(this.signedDocument, this.mimeType);
    }

    public byte[] sign(STAL stal, String str) throws CMSException, CMSSignatureException, SLCommandException {
        STALSecurityProvider sTALSecurityProvider = new STALSecurityProvider(stal, str, getHashDataInput(), this.excludedByteRange);
        this.signedData.setSecurityProvider(sTALSecurityProvider);
        try {
            this.signedData.addSignerInfo(this.signerInfo);
            if (this.digestValue != null) {
                try {
                    this.signedData.setMessageDigest(this.digestAlgorithm, this.digestValue);
                } catch (NoSuchAlgorithmException e) {
                    throw new CMSSignatureException(e);
                }
            }
            return new ContentInfo(this.signedData).getEncoded();
        } catch (NoSuchAlgorithmException e2) {
            STALSignatureException stalSignatureException = sTALSecurityProvider.getStalSignatureException();
            if (stalSignatureException != null) {
                throw new SLCommandException(stalSignatureException.getErrorCode());
            }
            throw new CMSSignatureException(e2);
        }
    }

    protected AlgorithmID getAlgorithmID(String str) throws URISyntaxException {
        String str2 = null;
        URI uri = new URI(str);
        if ("URN".equalsIgnoreCase(uri.getScheme())) {
            String lowerCase = uri.getSchemeSpecificPart().toLowerCase();
            if (lowerCase.startsWith("oid:")) {
                str2 = lowerCase.substring(4, lowerCase.length());
            }
        }
        return new AlgorithmID(new ObjectID(str2));
    }
}
