package com.mulesoft.connectors.as2.internal.crypto;

import com.mulesoft.connectors.as2.internal.enums.HashAlgorithm;
import com.mulesoft.connectors.as2.internal.error.AS2ErrorType;
import com.mulesoft.connectors.as2.internal.error.exception.AS2ExtensionException;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.util.Iterator;
import java.util.List;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaCertStore;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.cms.CMSProcessableByteArray;
import org.bouncycastle.cms.CMSSignedDataGenerator;
import org.bouncycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;

/* loaded from: input_file:com/mulesoft/connectors/as2/internal/crypto/PKCS7SignatureBlock.class */
public class PKCS7SignatureBlock {
    private static final String GENERATING_THE_ENCODED_PKCS_7_OBJECT_FAILED = "Generating the encoded PKCS7 object failed";
    private List<Certificate> certificates;
    private List<byte[]> encryptedHashes;
    private List<HashAlgorithm> hashAlgorithms;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/mulesoft/connectors/as2/internal/crypto/PKCS7SignatureBlock$NonSigner.class */
    public class NonSigner implements ContentSigner {
        private HashAlgorithm hashAlgorithm;
        private byte[] encryptedHash;

        public NonSigner(HashAlgorithm hashAlgorithm, byte[] bArr) {
            this.hashAlgorithm = hashAlgorithm;
            this.encryptedHash = bArr;
        }

        public AlgorithmIdentifier getAlgorithmIdentifier() {
            return new DefaultSignatureAlgorithmIdentifierFinder().find(this.hashAlgorithm.name() + "withRSA");
        }

        public OutputStream getOutputStream() {
            return new ByteArrayOutputStream();
        }

        public byte[] getSignature() {
            return this.encryptedHash;
        }
    }

    public static PKCS7SignatureBlockBuilder builder() {
        return new PKCS7SignatureBlockBuilder();
    }

    public byte[] asn1EncodedPKCS7() {
        CMSSignedDataGenerator cMSSignedDataGenerator = new CMSSignedDataGenerator();
        addCertificatesToSignedData(cMSSignedDataGenerator);
        addSignerInfoToSignedData(cMSSignedDataGenerator);
        try {
            return cMSSignedDataGenerator.generate(new CMSProcessableByteArray(new byte[0]), false).getEncoded();
        } catch (IOException e) {
            throw new AS2ExtensionException(GENERATING_THE_ENCODED_PKCS_7_OBJECT_FAILED, AS2ErrorType.UNKNOWN, e);
        } catch (CMSException e2) {
            throw new AS2ExtensionException(GENERATING_THE_ENCODED_PKCS_7_OBJECT_FAILED, AS2ErrorType.SIGN, (Throwable) e2);
        }
    }

    private void addSignerInfoToSignedData(CMSSignedDataGenerator cMSSignedDataGenerator) {
        Iterator<Certificate> it = this.certificates.iterator();
        Iterator<byte[]> it2 = this.encryptedHashes.iterator();
        Iterator<HashAlgorithm> it3 = this.hashAlgorithms.iterator();
        while (it.hasNext() && it2.hasNext() && it3.hasNext()) {
            NonSigner nonSigner = new NonSigner(it3.next(), it2.next());
            try {
                org.bouncycastle.asn1.x509.Certificate certificate = org.bouncycastle.asn1.x509.Certificate.getInstance(ASN1Primitive.fromByteArray(it.next().getEncoded()));
                JcaSignerInfoGeneratorBuilder jcaSignerInfoGeneratorBuilder = new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().build());
                jcaSignerInfoGeneratorBuilder.setDirectSignature(true);
                cMSSignedDataGenerator.addSignerInfoGenerator(jcaSignerInfoGeneratorBuilder.build(nonSigner, new X509CertificateHolder(certificate)));
            } catch (IOException | OperatorCreationException | CertificateEncodingException e) {
                throw new AS2ExtensionException("Adding signer info to the PKCS7 object failed", AS2ErrorType.SIGN, e);
            }
        }
    }

    private void addCertificatesToSignedData(CMSSignedDataGenerator cMSSignedDataGenerator) {
        try {
            cMSSignedDataGenerator.addCertificates(new JcaCertStore(this.certificates));
        } catch (CMSException | CertificateEncodingException e) {
            throw new AS2ExtensionException("Adding certificates to the PKCS7 object failed", AS2ErrorType.SIGN, (Throwable) e);
        }
    }

    List<Certificate> getCertificates() {
        return this.certificates;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setCertificates(List<Certificate> list) {
        this.certificates = list;
    }

    List<byte[]> getEncryptedHashes() {
        return this.encryptedHashes;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setEncryptedHashes(List<byte[]> list) {
        this.encryptedHashes = list;
    }

    List<HashAlgorithm> getHashAlgorithms() {
        return this.hashAlgorithms;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setHashAlgorithms(List<HashAlgorithm> list) {
        this.hashAlgorithms = list;
    }
}
