package pl.unizeto.android.cryptoapi.etsi;

import iaik.asn1.CodingException;
import iaik.asn1.DerInputException;
import iaik.asn1.structures.AlgorithmID;
import iaik.cms.CMSException;
import iaik.cms.CMSParsingException;
import iaik.cms.ContentInfoStream;
import iaik.cms.SignedDataStream;
import iaik.utils.ASN1InputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.DigestOutputStream;
import java.security.InvalidKeyException;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import org.apache.commons.io.IOUtils;
import org.apache.commons.io.output.NullOutputStream;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import pl.unizeto.android.cryptoapi.SignProperties;
import pl.unizeto.android.cryptoapi.certificatestoremanager.UniCertificateStoreManagerException;
import pl.unizeto.android.cryptoapi.exception.PKIErrorCode;
import pl.unizeto.android.cryptoapi.exception.PKIException;
import pl.unizeto.android.cryptoapi.tst.UniTSTException;
import pl.unizeto.android.cryptoapi.util.Digest;
import pl.unizeto.android.cryptoapi.util.cert.CertificateExtensionsSupport;
import pl.unizeto.pki.electronicsignaturepolicies.SignaturePolicy;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes.dex */
public class SignatureBuilder {
    private static final Logger log = LoggerFactory.getLogger(SignatureBuilder.class.getSimpleName());
    private boolean addPolicyId = true;
    private final int DEFAULT_BLOCK_SIZE = 2048;

    /* JADX INFO: Access modifiers changed from: package-private */
    public void addSign(InputStream inputStream, InputStream inputStream2, X509Certificate x509Certificate, PrivateKey privateKey, SignaturePolicy signaturePolicy, boolean z, SignProperties signProperties, OutputStream outputStream) throws CMSException, IOException, CertificateException, NoSuchAlgorithmException, PKIException {
        byte[] digest;
        if (signaturePolicy == null) {
            throw new IllegalArgumentException("signaturePolicy");
        }
        CertificateExtensionsSupport.checkUnsupportedCriticalExceptions(x509Certificate);
        iaik.x509.X509Certificate x509Certificate2 = new iaik.x509.X509Certificate(x509Certificate.getEncoded());
        try {
            SignedDataStream signedDataStream = new SignedDataStream(new ASN1InputStream(inputStream));
            AlgorithmID algorithmID = signedDataStream.getDigestAlgorithms()[0];
            IndependentSignatureListener independentSignatureListener = new IndependentSignatureListener(x509Certificate2, privateKey, signedDataStream.getMode(), signaturePolicy, z, algorithmID);
            signedDataStream.setSDSEncodeListener(independentSignatureListener);
            independentSignatureListener.setSignProperties(signProperties);
            if (2 == signedDataStream.getMode()) {
                if (inputStream2 == null) {
                    throw new IllegalArgumentException("explicitData can't be null in explicit signature");
                }
                signedDataStream.setInputStream(inputStream2);
                MessageDigest messageDigest = MessageDigest.getInstance(algorithmID.getName());
                IOUtils.copy(signedDataStream.getInputStream(), new DigestOutputStream(new NullOutputStream(), messageDigest));
                digest = messageDigest.digest();
            } else {
                if (inputStream2 == null) {
                    throw new IllegalArgumentException("explicitData can't be null when adding another signature");
                }
                digest = Digest.digest(inputStream2, algorithmID);
            }
            independentSignatureListener.setDataDigest(digest);
            signedDataStream.setBlockSize(2048);
            ContentInfoStream contentInfoStream = new ContentInfoStream(signedDataStream);
            try {
                log.info("Rozpoczęcie procesu podpisu");
                contentInfoStream.writeTo(outputStream);
                log.info("Zakończenie procesu podpisu");
            } catch (Exception e) {
                if (independentSignatureListener.getException() != null) {
                    log.error("Błąd podczas dodawania podpisu", (Throwable) independentSignatureListener.getException());
                    if (independentSignatureListener.getException() instanceof UniTSTException) {
                        throw ((UniTSTException) independentSignatureListener.getException());
                    }
                    if (independentSignatureListener.getException() instanceof UniETSIException) {
                        throw ((UniETSIException) independentSignatureListener.getException());
                    }
                    if (independentSignatureListener.getException() instanceof UniCertificateStoreManagerException) {
                        throw ((UniCertificateStoreManagerException) independentSignatureListener.getException());
                    }
                    if (independentSignatureListener.getException() instanceof PKIException) {
                        throw ((PKIException) independentSignatureListener.getException());
                    }
                    if (independentSignatureListener.getException() instanceof IOException) {
                        throw ((IOException) independentSignatureListener.getException());
                    }
                }
                log.error("Błąd podczas generowania podpisu", (Throwable) e);
                if (!(e instanceof PKIException)) {
                    throw new PKIException(e, PKIErrorCode.UNEXPECTED_EXCEPTION, e.getClass().getSimpleName(), e.getMessage());
                }
                throw ((PKIException) e);
            }
        } catch (DerInputException e2) {
            throw new UniETSIException(e2, PKIErrorCode.UNI_ETSI_SIGNATURE_NOT_SIGNED, new String[0]);
        } catch (CMSParsingException e3) {
            throw new UniETSIException(e3, PKIErrorCode.UNI_ETSI_SIGNATURE_NOT_SIGNED, new String[0]);
        }
    }

    void counterSign(InputStream inputStream, X509Certificate x509Certificate, PrivateKey privateKey, SignaturePolicy signaturePolicy, boolean z, int i, SignProperties signProperties, OutputStream outputStream) throws CMSException, IOException, CertificateException, NoSuchAlgorithmException, PKIException {
        CertificateExtensionsSupport.checkUnsupportedCriticalExceptions(x509Certificate);
        iaik.x509.X509Certificate x509Certificate2 = new iaik.x509.X509Certificate(x509Certificate.getEncoded());
        try {
            SignedDataStream signedDataStream = new SignedDataStream(new ASN1InputStream(inputStream));
            CounterSignatureListener counterSignatureListener = new CounterSignatureListener(x509Certificate2, privateKey, signaturePolicy, z, AlgorithmID.getAlgorithmID(signProperties.getProperty("pl.unizeto.procertum.etsi.digestAlg", "SHA1")), i);
            counterSignatureListener.setSignProperties(signProperties);
            signedDataStream.setSDSEncodeListener(counterSignatureListener);
            signedDataStream.setBlockSize(2048);
            ContentInfoStream contentInfoStream = new ContentInfoStream(signedDataStream);
            try {
                log.info("Rozpoczęcie procesu podpisu");
                contentInfoStream.writeTo(outputStream);
                log.info("Zakończenie procesu podpisu");
            } catch (Exception e) {
                if (counterSignatureListener.getException() != null) {
                    log.error("Błąd podczas generowania kontrasygnaty", (Throwable) counterSignatureListener.getException());
                    if (counterSignatureListener.getException() instanceof UniTSTException) {
                        throw ((UniTSTException) counterSignatureListener.getException());
                    }
                    if (counterSignatureListener.getException() instanceof UniETSIException) {
                        throw ((UniETSIException) counterSignatureListener.getException());
                    }
                    if (counterSignatureListener.getException() instanceof UniCertificateStoreManagerException) {
                        throw ((UniCertificateStoreManagerException) counterSignatureListener.getException());
                    }
                    if (counterSignatureListener.getException() instanceof PKIException) {
                        throw ((PKIException) counterSignatureListener.getException());
                    }
                    if (counterSignatureListener.getException() instanceof IOException) {
                        throw ((IOException) counterSignatureListener.getException());
                    }
                }
                log.error("Błąd podczas generowania kontrasygnaty", (Throwable) e);
                if (!(e instanceof PKIException)) {
                    throw new PKIException(e, PKIErrorCode.UNEXPECTED_EXCEPTION, e.getClass().getSimpleName(), e.getMessage());
                }
                throw ((PKIException) e);
            }
        } catch (DerInputException e2) {
            throw new UniETSIException(e2, PKIErrorCode.UNI_ETSI_SIGNATURE_NOT_SIGNED, new String[0]);
        }
    }

    public boolean isAddPolicyId() {
        return this.addPolicyId;
    }

    public void setAddPolicyId(boolean z) {
        this.addPolicyId = z;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void sign(InputStream inputStream, X509Certificate x509Certificate, PrivateKey privateKey, int i, SignaturePolicy signaturePolicy, boolean z, SignProperties signProperties, OutputStream outputStream) throws CMSException, IOException, CertificateException, PKIException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, KeyStoreException, CodingException {
        if (signaturePolicy == null) {
            throw new IllegalArgumentException("signaturePolicy");
        }
        CertificateExtensionsSupport.checkUnsupportedCriticalExceptions(x509Certificate);
        iaik.x509.X509Certificate x509Certificate2 = new iaik.x509.X509Certificate(x509Certificate.getEncoded());
        SignedDataStream signedDataStream = new SignedDataStream(inputStream, i);
        AlgorithmID algorithmID = AlgorithmID.getAlgorithmID(signProperties.getProperty("pl.unizeto.procertum.etsi.digestAlg", "SHA1"));
        FirstSignatureListener firstSignatureListener = new FirstSignatureListener(x509Certificate2, privateKey, i, signaturePolicy, z, algorithmID);
        firstSignatureListener.setDigestAlgorithms(new AlgorithmID[]{algorithmID});
        firstSignatureListener.setSignProperties(signProperties);
        signedDataStream.setSDSEncodeListener(firstSignatureListener);
        if (i == 2) {
            IOUtils.copy(signedDataStream.getInputStream(), new NullOutputStream());
        }
        signedDataStream.setBlockSize(2048);
        ContentInfoStream contentInfoStream = new ContentInfoStream(signedDataStream);
        try {
            log.info("Rozpoczęcie procesu podpisu");
            contentInfoStream.writeTo(outputStream);
            log.info("Zakończenie procesu podpisu");
        } catch (Exception e) {
            if (firstSignatureListener.getException() != null) {
                log.error("Błąd podczas generowania podpisu", (Throwable) firstSignatureListener.getException());
                if (firstSignatureListener.getException() instanceof UniTSTException) {
                    throw ((UniTSTException) firstSignatureListener.getException());
                }
                if (firstSignatureListener.getException() instanceof UniETSIException) {
                    throw ((UniETSIException) firstSignatureListener.getException());
                }
                if (firstSignatureListener.getException() instanceof UniCertificateStoreManagerException) {
                    throw ((UniCertificateStoreManagerException) firstSignatureListener.getException());
                }
                if (firstSignatureListener.getException() instanceof PKIException) {
                    throw ((PKIException) firstSignatureListener.getException());
                }
                if (firstSignatureListener.getException() instanceof IOException) {
                    throw ((IOException) firstSignatureListener.getException());
                }
            }
            log.error("Błąd podczas generowania podpisu", (Throwable) e);
            if (!(e instanceof PKIException)) {
                throw new PKIException(e, PKIErrorCode.UNEXPECTED_EXCEPTION, e.getClass().getSimpleName(), e.getMessage());
            }
            throw ((PKIException) e);
        }
    }
}
