package kr.jclab.winexetag;

import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.security.SecureRandom;
import java.security.spec.AlgorithmParameterSpec;
import java.util.ArrayList;
import java.util.Date;
import java.util.Iterator;
import java.util.Optional;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.sec.SECObjectIdentifiers;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.ExtendedKeyUsage;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.KeyPurposeId;
import org.bouncycastle.asn1.x509.KeyUsage;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.asn1.x9.ECNamedCurveTable;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.X509v3CertificateBuilder;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.jce.spec.ECNamedCurveGenParameterSpec;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.util.CollectionStore;

/* loaded from: input_file:kr/jclab/winexetag/WinExeTagUtils.class */
public class WinExeTagUtils {
    public static String TAG_OID_STRING = "1.3.6.1.4.1.88888.1.32.9999";
    public static ASN1ObjectIdentifier TAG_OID = new ASN1ObjectIdentifier("1.3.6.1.4.1.88888.1.32.9999");

    public static X509CertificateHolder generateTagCertificate(BouncyCastleProvider bouncyCastleProvider, SecureRandom secureRandom, byte[] bArr) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException, OperatorCreationException, IOException {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("ECDSA", (Provider) bouncyCastleProvider);
        keyPairGenerator.initialize((AlgorithmParameterSpec) new ECNamedCurveGenParameterSpec(ECNamedCurveTable.getName(SECObjectIdentifiers.secp256r1)));
        KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
        return new X509v3CertificateBuilder(new X500Name("CN=Unknown Issuer"), BigInteger.ONE, new Date(1546336800L), new Date(1554112800L), new X500Name("CN=Installation Tag Certificate"), SubjectPublicKeyInfo.getInstance(generateKeyPair.getPublic().getEncoded())).addExtension(Extension.basicConstraints, true, new BasicConstraints(false)).addExtension(Extension.keyUsage, false, new KeyUsage(4)).addExtension(Extension.extendedKeyUsage, false, new ExtendedKeyUsage(KeyPurposeId.anyExtendedKeyUsage)).addExtension(new Extension(new ASN1ObjectIdentifier(TAG_OID_STRING), false, new DEROctetString(bArr))).build(new JcaContentSignerBuilder("SHA256WithECDSA").setProvider(bouncyCastleProvider).setSecureRandom(secureRandom).build(generateKeyPair.getPrivate()));
    }

    public static CMSSignedData replaceTagCertificate(CMSSignedData cMSSignedData, X509CertificateHolder x509CertificateHolder) throws CMSException {
        ArrayList arrayList = new ArrayList();
        Iterator it = cMSSignedData.getCertificates().iterator();
        while (it.hasNext()) {
            arrayList.add((X509CertificateHolder) it.next());
        }
        int i = -1;
        int i2 = 0;
        while (true) {
            if (i2 >= arrayList.size()) {
                break;
            }
            if (TagCertificateSelector.INSTANCE.match((X509CertificateHolder) arrayList.get(i2))) {
                i = i2;
                break;
            }
            i2++;
        }
        if (i != -1) {
            arrayList.remove(i);
        }
        arrayList.add(x509CertificateHolder);
        return CMSSignedData.replaceCertificatesAndCRLs(cMSSignedData, new CollectionStore(arrayList), cMSSignedData.getAttributeCertificates(), cMSSignedData.getCRLs());
    }

    public static CMSSignedData replaceTagData(BouncyCastleProvider bouncyCastleProvider, SecureRandom secureRandom, CMSSignedData cMSSignedData, byte[] bArr) throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, IOException, OperatorCreationException, CMSException {
        return replaceTagCertificate(cMSSignedData, generateTagCertificate(bouncyCastleProvider, secureRandom, bArr));
    }

    public static byte[] getTag(CMSSignedData cMSSignedData) {
        return (byte[]) cMSSignedData.getCertificates().getMatches(TagCertificateSelector.INSTANCE).stream().findFirst().flatMap(x509CertificateHolder -> {
            return Optional.ofNullable(x509CertificateHolder.getExtension(TAG_OID));
        }).map(extension -> {
            return extension.getExtnValue().getOctets();
        }).orElse(null);
    }
}
