package at.gv.egiz.bku.slcommands.impl.cms;

import at.buergerkarte.namespaces.securitylayer._1_2_3.ExcludedByteRangeType;
import at.gv.egiz.bku.slcommands.impl.xsect.STALSignatureException;
import at.gv.egiz.stal.ErrorResponse;
import at.gv.egiz.stal.HashDataInput;
import at.gv.egiz.stal.STAL;
import at.gv.egiz.stal.STALResponse;
import at.gv.egiz.stal.SignRequest;
import at.gv.egiz.stal.SignResponse;
import iaik.asn1.DerCoder;
import iaik.asn1.INTEGER;
import iaik.asn1.SEQUENCE;
import iaik.asn1.structures.AlgorithmID;
import iaik.cms.IaikProvider;
import iaik.utils.Util;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.SignatureException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:BKULocal.war:WEB-INF/lib/bkucommon-1.4.1.jar:at/gv/egiz/bku/slcommands/impl/cms/STALSecurityProvider.class */
public class STALSecurityProvider extends IaikProvider {
    private static final Logger log = LoggerFactory.getLogger(STALSecurityProvider.class);
    private static final String ID_ECSIGTYPE = "1.2.840.10045.4";
    private static final String ECDSA_PLAIN_SIGNATURES = "0.4.0.127.0.7.1.1.4.1";
    private String keyboxIdentifier;
    private STAL stal;
    private List<HashDataInput> hashDataInput = new ArrayList();
    private ExcludedByteRangeType excludedByteRange;
    private STALSignatureException stalSignatureException;

    public STALSecurityProvider(STAL stal, String str, HashDataInput hashDataInput, ExcludedByteRangeType excludedByteRangeType) {
        this.keyboxIdentifier = str;
        this.stal = stal;
        this.hashDataInput.add(hashDataInput);
        this.excludedByteRange = excludedByteRangeType;
    }

    @Override // iaik.cms.IaikProvider, iaik.cms.SecurityProvider
    public byte[] calculateSignatureFromSignedAttributes(AlgorithmID algorithmID, AlgorithmID algorithmID2, PrivateKey privateKey, byte[] bArr) throws SignatureException, InvalidKeyException, NoSuchAlgorithmException {
        this.stalSignatureException = null;
        log.debug("calculateSignatureFromSignedAttributes: " + algorithmID + ", " + algorithmID2);
        STALPrivateKey sTALPrivateKey = (STALPrivateKey) privateKey;
        SignRequest sTALSignRequest = getSTALSignRequest(this.keyboxIdentifier, bArr, sTALPrivateKey.getAlgorithm(), sTALPrivateKey.getDigestAlgorithm(), this.hashDataInput, this.excludedByteRange);
        log.debug("Sending STAL request ({})", privateKey.getAlgorithm());
        List<STALResponse> handleRequest = this.stal.handleRequest(Collections.singletonList(sTALSignRequest));
        if (handleRequest == null || handleRequest.size() != 1) {
            throw new SignatureException("Failed to access STAL.");
        }
        STALResponse sTALResponse = handleRequest.get(0);
        if (sTALResponse instanceof SignResponse) {
            byte[] signatureValue = ((SignResponse) sTALResponse).getSignatureValue();
            log.debug("Got STAL response: " + Util.toBase64String(signatureValue));
            return wrapSignatureValue(signatureValue, algorithmID);
        }
        if (!(sTALResponse instanceof ErrorResponse)) {
            throw new SignatureException("Failed to access STAL.");
        }
        ErrorResponse errorResponse = (ErrorResponse) sTALResponse;
        this.stalSignatureException = new STALSignatureException(errorResponse.getErrorCode(), errorResponse.getErrorMessage());
        throw new SignatureException(this.stalSignatureException);
    }

    private static SignRequest getSTALSignRequest(String str, byte[] bArr, String str2, String str3, List<HashDataInput> list, ExcludedByteRangeType excludedByteRangeType) {
        SignRequest signRequest = new SignRequest();
        signRequest.setKeyIdentifier(str);
        log.debug("SignedAttributes: " + Util.toBase64String(bArr));
        SignRequest.SignedInfo signedInfo = new SignRequest.SignedInfo();
        signedInfo.setValue(bArr);
        signedInfo.setIsCMSSignedAttributes(true);
        signRequest.setSignedInfo(signedInfo);
        signRequest.setSignatureMethod(str2);
        signRequest.setDigestMethod(str3);
        signRequest.setHashDataInput(list);
        if (excludedByteRangeType != null) {
            SignRequest.ExcludedByteRange excludedByteRange = new SignRequest.ExcludedByteRange();
            excludedByteRange.setFrom(excludedByteRangeType.getFrom());
            excludedByteRange.setTo(excludedByteRangeType.getTo());
            signRequest.setExcludedByteRange(excludedByteRange);
        }
        return signRequest;
    }

    private static byte[] wrapSignatureValue(byte[] bArr, AlgorithmID algorithmID) {
        if (!algorithmID.getAlgorithm().getID().startsWith(ID_ECSIGTYPE)) {
            return bArr;
        }
        byte[] copyOfRange = Arrays.copyOfRange(bArr, 0, bArr.length / 2);
        byte[] copyOfRange2 = Arrays.copyOfRange(bArr, bArr.length / 2, bArr.length);
        SEQUENCE sequence = new SEQUENCE();
        sequence.addComponent(new INTEGER(new BigInteger(1, copyOfRange)));
        sequence.addComponent(new INTEGER(new BigInteger(1, copyOfRange2)));
        return DerCoder.encode(sequence);
    }

    public STALSignatureException getStalSignatureException() {
        return this.stalSignatureException;
    }
}
