package org.jscep.message;

import java.io.IOException;
import java.security.PrivateKey;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.LinkedList;
import org.bouncycastle.asn1.ASN1Object;
import org.bouncycastle.cert.jcajce.JcaCertStore;
import org.bouncycastle.cms.CMSAbsentContent;
import org.bouncycastle.cms.CMSAttributeTableGenerator;
import org.bouncycastle.cms.CMSEnvelopedData;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.cms.CMSProcessableByteArray;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.cms.CMSSignedDataGenerator;
import org.bouncycastle.cms.CMSTypedData;
import org.bouncycastle.cms.DefaultSignedAttributeTableGenerator;
import org.bouncycastle.cms.SignerInfoGenerator;
import org.bouncycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.DigestCalculatorProvider;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;
import org.bouncycastle.pkcs.PKCS10CertificationRequest;
import org.jscep.transaction.PkiStatus;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:jscep-2.5.0.jar:org/jscep/message/PkiMessageEncoder.class */
public final class PkiMessageEncoder {
    private static final String DATA = "1.2.840.113549.1.7.1";
    private static final Logger LOGGER = LoggerFactory.getLogger(PkiMessageEncoder.class);
    private final PrivateKey signerKey;
    private final X509Certificate signerId;
    private X509Certificate[] chain;
    private final PkcsPkiEnvelopeEncoder enveloper;
    private final String signatureAlgorithm;

    public PkiMessageEncoder(PrivateKey privateKey, X509Certificate x509Certificate, PkcsPkiEnvelopeEncoder pkcsPkiEnvelopeEncoder) {
        this.chain = null;
        this.signerKey = privateKey;
        this.signerId = x509Certificate;
        this.enveloper = pkcsPkiEnvelopeEncoder;
        this.signatureAlgorithm = "SHA1withRSA";
    }

    public PkiMessageEncoder(PrivateKey privateKey, X509Certificate x509Certificate, X509Certificate[] x509CertificateArr, PkcsPkiEnvelopeEncoder pkcsPkiEnvelopeEncoder) {
        this.chain = null;
        this.signerKey = privateKey;
        this.signerId = x509Certificate;
        this.chain = x509CertificateArr;
        this.enveloper = pkcsPkiEnvelopeEncoder;
        this.signatureAlgorithm = "SHA1withRSA";
    }

    public PkiMessageEncoder(PrivateKey privateKey, X509Certificate x509Certificate, PkcsPkiEnvelopeEncoder pkcsPkiEnvelopeEncoder, String str) {
        this.chain = null;
        this.signerKey = privateKey;
        this.signerId = x509Certificate;
        this.enveloper = pkcsPkiEnvelopeEncoder;
        this.signatureAlgorithm = str;
    }

    public CMSSignedData encode(PkiMessage<?> pkiMessage) throws MessageEncodingException {
        LOGGER.debug("Encoding pkiMessage");
        LOGGER.debug("Encoding message: {}", pkiMessage);
        CMSTypedData content = getContent(pkiMessage);
        LOGGER.debug("Signing pkiMessage using key belonging to [dn={}; serial={}]", this.signerId.getSubjectDN(), this.signerId.getSerialNumber());
        try {
            CMSSignedDataGenerator cMSSignedDataGenerator = new CMSSignedDataGenerator();
            cMSSignedDataGenerator.addSignerInfoGenerator(getSignerInfo(pkiMessage));
            cMSSignedDataGenerator.addCertificates(getCertificates());
            LOGGER.debug("Signing {} content", content);
            CMSSignedData generate = cMSSignedDataGenerator.generate(content, true);
            LOGGER.debug("Finished encoding pkiMessage");
            return generate;
        } catch (CMSException e) {
            throw new MessageEncodingException(e);
        } catch (Exception e2) {
            throw new MessageEncodingException(e2);
        }
    }

    private CMSTypedData getContent(PkiMessage<?> pkiMessage) throws MessageEncodingException {
        CMSTypedData cMSProcessableByteArray;
        boolean z = true;
        if ((pkiMessage instanceof CertRep) && ((CertRep) pkiMessage).getPkiStatus() != PkiStatus.SUCCESS) {
            z = false;
        }
        if (z) {
            try {
                cMSProcessableByteArray = new CMSProcessableByteArray(encodeMessage(pkiMessage).getEncoded());
            } catch (IOException e) {
                throw new MessageEncodingException(e);
            }
        } else {
            cMSProcessableByteArray = new CMSAbsentContent();
        }
        return cMSProcessableByteArray;
    }

    private CMSEnvelopedData encodeMessage(PkiMessage<?> pkiMessage) throws MessageEncodingException {
        byte[] encoded;
        Object messageData = pkiMessage.getMessageData();
        if (messageData instanceof byte[]) {
            encoded = (byte[]) messageData;
        } else if (messageData instanceof PKCS10CertificationRequest) {
            try {
                encoded = ((PKCS10CertificationRequest) messageData).getEncoded();
            } catch (IOException e) {
                throw new MessageEncodingException(e);
            }
        } else if (messageData instanceof CMSSignedData) {
            try {
                encoded = ((CMSSignedData) messageData).getEncoded();
            } catch (IOException e2) {
                throw new MessageEncodingException(e2);
            }
        } else {
            try {
                encoded = ((ASN1Object) messageData).getEncoded();
            } catch (IOException e3) {
                throw new MessageEncodingException(e3);
            }
        }
        return this.enveloper.encode(encoded);
    }

    private JcaCertStore getCertificates() throws MessageEncodingException {
        LinkedList linkedList = new LinkedList();
        linkedList.add(this.signerId);
        if (this.chain != null) {
            for (X509Certificate x509Certificate : this.chain) {
                linkedList.add(x509Certificate);
                LOGGER.debug("Add ca certificate {} to signed data", x509Certificate.getSubjectX500Principal().toString());
            }
        }
        try {
            return new JcaCertStore(linkedList);
        } catch (CertificateEncodingException e) {
            throw new MessageEncodingException(e);
        }
    }

    private SignerInfoGenerator getSignerInfo(PkiMessage<?> pkiMessage) throws MessageEncodingException {
        JcaSignerInfoGeneratorBuilder jcaSignerInfoGeneratorBuilder = new JcaSignerInfoGeneratorBuilder(getDigestCalculator());
        jcaSignerInfoGeneratorBuilder.setSignedAttributeGenerator(getTableGenerator(pkiMessage));
        try {
            return jcaSignerInfoGeneratorBuilder.build(getContentSigner(), this.signerId);
        } catch (Exception e) {
            throw new MessageEncodingException(e);
        }
    }

    private CMSAttributeTableGenerator getTableGenerator(PkiMessage<?> pkiMessage) {
        return new DefaultSignedAttributeTableGenerator(new AttributeTableFactory().fromPkiMessage(pkiMessage));
    }

    private DigestCalculatorProvider getDigestCalculator() throws MessageEncodingException {
        try {
            return new JcaDigestCalculatorProviderBuilder().build();
        } catch (OperatorCreationException e) {
            throw new MessageEncodingException(e);
        }
    }

    private ContentSigner getContentSigner() throws OperatorCreationException {
        return new JcaContentSignerBuilder(this.signatureAlgorithm).build(this.signerKey);
    }
}
