package es.gob.afirma.envelopers.cms;

import es.gob.afirma.core.ciphers.AOCipherConfig;
import es.gob.afirma.core.ciphers.CipherConstants;
import es.gob.afirma.ui.utils.Constants;
import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyStore;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.InvalidKeySpecException;
import java.util.ArrayList;
import java.util.Date;
import java.util.Enumeration;
import java.util.Map;
import java.util.logging.Logger;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.Mac;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.PBEParameterSpec;
import org.spongycastle.asn1.ASN1Encodable;
import org.spongycastle.asn1.ASN1EncodableVector;
import org.spongycastle.asn1.ASN1Encoding;
import org.spongycastle.asn1.ASN1InputStream;
import org.spongycastle.asn1.ASN1ObjectIdentifier;
import org.spongycastle.asn1.ASN1OctetString;
import org.spongycastle.asn1.ASN1Primitive;
import org.spongycastle.asn1.ASN1Sequence;
import org.spongycastle.asn1.ASN1Set;
import org.spongycastle.asn1.ASN1TaggedObject;
import org.spongycastle.asn1.BERSet;
import org.spongycastle.asn1.DERNull;
import org.spongycastle.asn1.DEROctetString;
import org.spongycastle.asn1.DERPrintableString;
import org.spongycastle.asn1.DERSequence;
import org.spongycastle.asn1.DERSet;
import org.spongycastle.asn1.DERUTCTime;
import org.spongycastle.asn1.cms.Attribute;
import org.spongycastle.asn1.cms.AttributeTable;
import org.spongycastle.asn1.cms.CMSAttributes;
import org.spongycastle.asn1.cms.EncryptedContentInfo;
import org.spongycastle.asn1.cms.IssuerAndSerialNumber;
import org.spongycastle.asn1.cms.KeyTransRecipientInfo;
import org.spongycastle.asn1.cms.OriginatorInfo;
import org.spongycastle.asn1.cms.RecipientIdentifier;
import org.spongycastle.asn1.cms.RecipientInfo;
import org.spongycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.spongycastle.asn1.x500.X500Name;
import org.spongycastle.asn1.x509.AlgorithmIdentifier;
import org.spongycastle.asn1.x509.Certificate;
import org.spongycastle.asn1.x509.TBSCertificateStructure;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:es/gob/afirma/envelopers/cms/Utils.class */
public final class Utils {
    private static final int ITERATION_COUNT = 9;
    private static final String ENCRYPTION_ALG_DEFAULT = "HmacSHA512";
    private static final byte[] SALT = {-94, 53, -36, -92, 17, 124, -103, 75};
    private static final byte[] IV_8 = {-58, -70, -34, -92, 118, 67, 50, 107};
    private static final byte[] IV_16 = {-78, -70, -34, -92, 65, Byte.MAX_VALUE, -105, 75, -84, 99, -84, -86, 118, 115, 18, 107};
    private static final Logger LOGGER = Logger.getLogger(Constants.OUR_NODE_NAME);

    private Utils() {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static SecretKey initEnvelopedData(AOCipherConfig aOCipherConfig, Integer num) {
        try {
            return assignKey(aOCipherConfig, num);
        } catch (Exception e) {
            LOGGER.severe("Error durante el proceso de asignado de clave, se devolvera null: " + e);
            return null;
        }
    }

    private static SecretKey assignKey(AOCipherConfig aOCipherConfig, Integer num) throws NoSuchAlgorithmException {
        KeyGenerator keyGenerator = KeyGenerator.getInstance(aOCipherConfig.getAlgorithm().getName());
        if (num != null) {
            keyGenerator.init(num.intValue(), new SecureRandom());
        } else {
            keyGenerator.init(new SecureRandom());
        }
        return keyGenerator.generateKey();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static ASN1Set fetchCertificatesList(X509Certificate[] x509CertificateArr) throws IOException, CertificateEncodingException {
        if (x509CertificateArr.length == 0) {
            return null;
        }
        ArrayList arrayList = new ArrayList();
        for (X509Certificate x509Certificate : x509CertificateArr) {
            arrayList.add(Certificate.getInstance(ASN1Primitive.fromByteArray(x509Certificate.getEncoded())));
        }
        return EvelopUtils.createBerSetFromList(arrayList);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Info initVariables(byte[] bArr, AOCipherConfig aOCipherConfig, X509Certificate[] x509CertificateArr, SecretKey secretKey) throws CertificateEncodingException, IOException, InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException {
        Info info = new Info();
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        for (X509Certificate x509Certificate : x509CertificateArr) {
            TBSCertificateStructure tBSCertificateStructure = TBSCertificateStructure.getInstance(ASN1Primitive.fromByteArray(x509Certificate.getTBSCertificate()));
            aSN1EncodableVector.add(new RecipientInfo(new KeyTransRecipientInfo(new RecipientIdentifier(new IssuerAndSerialNumber(X500Name.getInstance(tBSCertificateStructure.getIssuer()), tBSCertificateStructure.getSerialNumber().getValue())), tBSCertificateStructure.getSubjectPublicKeyInfo().getAlgorithm(), new DEROctetString(cipherKey(x509Certificate.getPublicKey(), secretKey)))));
        }
        info.setEncInfo(getEncryptedContentInfo(bArr, aOCipherConfig, secretKey));
        info.setRecipientInfos(aSN1EncodableVector);
        return info;
    }

    static EncryptedContentInfo getEncryptedContentInfo(byte[] bArr, AOCipherConfig aOCipherConfig, SecretKey secretKey) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidAlgorithmParameterException, InvalidKeyException, IOException, IllegalBlockSizeException, BadPaddingException {
        AlgorithmParameterSpec params = getParams(aOCipherConfig);
        Cipher createCipher = createCipher(aOCipherConfig.toString());
        createCipher.init(1, secretKey, params);
        return getEncryptedContentInfo(bArr, aOCipherConfig, params, createCipher);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static EncryptedContentInfo getEncryptedContentInfo(byte[] bArr, Key key, AOCipherConfig aOCipherConfig) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidAlgorithmParameterException, InvalidKeyException, IOException, IllegalBlockSizeException, BadPaddingException {
        AlgorithmParameterSpec params = getParams(aOCipherConfig);
        Cipher createCipher = createCipher(aOCipherConfig.toString());
        createCipher.init(1, key, params);
        return getEncryptedContentInfo(bArr, aOCipherConfig, params, createCipher);
    }

    private static EncryptedContentInfo getEncryptedContentInfo(byte[] bArr, AOCipherConfig aOCipherConfig, AlgorithmParameterSpec algorithmParameterSpec, Cipher cipher) throws IOException, IllegalBlockSizeException, BadPaddingException {
        ASN1Encodable aSN1Encodable;
        if (algorithmParameterSpec != null) {
            ASN1InputStream aSN1InputStream = new ASN1InputStream(cipher.getParameters().getEncoded("ASN.1"));
            Throwable th = null;
            try {
                try {
                    aSN1Encodable = aSN1InputStream.readObject();
                    if (aSN1InputStream != null) {
                        if (0 != 0) {
                            try {
                                aSN1InputStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            aSN1InputStream.close();
                        }
                    }
                } finally {
                }
            } catch (Throwable th3) {
                if (aSN1InputStream != null) {
                    if (th != null) {
                        try {
                            aSN1InputStream.close();
                        } catch (Throwable th4) {
                            th.addSuppressed(th4);
                        }
                    } else {
                        aSN1InputStream.close();
                    }
                }
                throw th3;
            }
        } else {
            aSN1Encodable = DERNull.INSTANCE;
        }
        return new EncryptedContentInfo(PKCSObjectIdentifiers.encryptedData, new AlgorithmIdentifier(new ASN1ObjectIdentifier(aOCipherConfig.getAlgorithm().getOid()), aSN1Encodable), new DEROctetString(cipher.doFinal(bArr)));
    }

    private static Cipher createCipher(String str) throws NoSuchAlgorithmException, NoSuchPaddingException {
        return Cipher.getInstance(str);
    }

    private static AlgorithmParameterSpec getParams(AOCipherConfig aOCipherConfig) {
        AlgorithmParameterSpec algorithmParameterSpec = null;
        if (aOCipherConfig.getAlgorithm().supportsPassword()) {
            algorithmParameterSpec = new PBEParameterSpec(SALT, 9);
        } else if (!aOCipherConfig.getBlockMode().equals(CipherConstants.AOCipherBlockMode.ECB)) {
            algorithmParameterSpec = new IvParameterSpec(aOCipherConfig.getAlgorithm().equals(CipherConstants.AOCipherAlgorithm.AES) ? IV_16 : IV_8);
        }
        return algorithmParameterSpec;
    }

    private static byte[] cipherKey(PublicKey publicKey, SecretKey secretKey) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException {
        Cipher createCipher = createCipher(publicKey.getAlgorithm());
        createCipher.init(3, publicKey);
        return createCipher.wrap(secretKey);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static ASN1EncodableVector initContexExpecific(String str, byte[] bArr, String str2, byte[] bArr2) throws NoSuchAlgorithmException {
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        if (str2 != null) {
            aSN1EncodableVector.add(new Attribute(CMSAttributes.contentType, new DERSet(new ASN1ObjectIdentifier(str2))));
        }
        aSN1EncodableVector.add(new Attribute(CMSAttributes.signingTime, new DERSet(new DERUTCTime(new Date()))));
        aSN1EncodableVector.add(new Attribute(CMSAttributes.messageDigest, new DERSet(new DEROctetString(bArr2 != null ? bArr2 : MessageDigest.getInstance(str).digest(bArr)))));
        return aSN1EncodableVector;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static ASN1Set generateUnsignedAtt(Map<String, byte[]> map) {
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        if (map.size() == 0) {
            return null;
        }
        for (Map.Entry<String, byte[]> entry : map.entrySet()) {
            aSN1EncodableVector.add(new Attribute(new ASN1ObjectIdentifier(entry.getKey().toString()), new DERSet(new DERPrintableString(new String(entry.getValue())))));
        }
        return EvelopUtils.getAttributeSet(new AttributeTable(aSN1EncodableVector));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static byte[] genMac(String str, byte[] bArr, SecretKey secretKey) throws NoSuchAlgorithmException, InvalidKeyException {
        Mac mac = (str == null || str.equals("")) ? Mac.getInstance(ENCRYPTION_ALG_DEFAULT) : Mac.getInstance(str);
        mac.init(secretKey);
        return mac.doFinal(bArr);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static OriginatorInfo checkCertificates(X509Certificate[] x509CertificateArr, ASN1Set aSN1Set) throws IOException, CertificateEncodingException {
        OriginatorInfo originatorInfo = null;
        if (x509CertificateArr.length != 0) {
            if (aSN1Set == null) {
                ArrayList arrayList = new ArrayList();
                for (X509Certificate x509Certificate : x509CertificateArr) {
                    if (x509Certificate != null) {
                        arrayList.add(Certificate.getInstance(ASN1Primitive.fromByteArray(x509Certificate.getEncoded())));
                    }
                }
                if (arrayList.size() != 0) {
                    originatorInfo = new OriginatorInfo(EvelopUtils.createBerSetFromList(arrayList), null);
                }
            } else {
                ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
                if (aSN1Set.getObjectAt(0) instanceof DERSequence) {
                    ASN1EncodableVector aSN1EncodableVector2 = new ASN1EncodableVector();
                    for (int i = 0; i < aSN1Set.size(); i++) {
                        aSN1EncodableVector2.add(aSN1Set.getObjectAt(i));
                    }
                    aSN1EncodableVector.add(new BERSet(aSN1EncodableVector2));
                } else {
                    for (int i2 = 0; i2 < aSN1Set.size(); i2++) {
                        aSN1EncodableVector.add(aSN1Set.getObjectAt(i2));
                    }
                }
                BERSet bERSet = new BERSet(new ASN1EncodableVector());
                ArrayList arrayList2 = new ArrayList();
                for (X509Certificate x509Certificate2 : x509CertificateArr) {
                    if (x509Certificate2 != null) {
                        arrayList2.add(Certificate.getInstance(ASN1Primitive.fromByteArray(x509Certificate2.getEncoded())));
                    }
                }
                if (arrayList2.size() != 0) {
                    aSN1EncodableVector.add(EvelopUtils.createBerSetFromList(arrayList2));
                    originatorInfo = new OriginatorInfo(new BERSet(aSN1EncodableVector), bERSet);
                }
            }
        }
        return originatorInfo;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static EncryptedKeyDatas fetchEncryptedKeyDatas(X509Certificate x509Certificate, Enumeration<?> enumeration) throws AOInvalidRecipientException, IOException, CertificateEncodingException {
        EncryptedKeyDatas encryptedKeyDatas = new EncryptedKeyDatas();
        AlgorithmIdentifier algorithmIdentifier = null;
        byte[] bArr = null;
        TBSCertificateStructure tBSCertificateStructure = TBSCertificateStructure.getInstance(ASN1Primitive.fromByteArray(x509Certificate.getTBSCertificate()));
        IssuerAndSerialNumber issuerAndSerialNumber = new IssuerAndSerialNumber(X500Name.getInstance(tBSCertificateStructure.getIssuer()), tBSCertificateStructure.getSerialNumber().getValue());
        while (enumeration.hasMoreElements()) {
            KeyTransRecipientInfo keyTransRecipientInfo = KeyTransRecipientInfo.getInstance(RecipientInfo.getInstance((ASN1Sequence) enumeration.nextElement()).toASN1Primitive());
            if (IssuerAndSerialNumber.getInstance(keyTransRecipientInfo.getRecipientIdentifier().toASN1Primitive()).equals(issuerAndSerialNumber)) {
                bArr = keyTransRecipientInfo.getEncryptedKey().getOctets();
                algorithmIdentifier = keyTransRecipientInfo.getKeyEncryptionAlgorithm();
            }
        }
        if (bArr == null || algorithmIdentifier == null) {
            throw new AOInvalidRecipientException("El usuario indicado no es uno de los destinatarios del sobre digital");
        }
        encryptedKeyDatas.setAlgEncryptedKey(algorithmIdentifier);
        encryptedKeyDatas.setEncryptedKey(bArr);
        return encryptedKeyDatas;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static ASN1Sequence fetchWrappedData(byte[] bArr) throws IOException {
        ASN1InputStream aSN1InputStream = new ASN1InputStream(bArr);
        Throwable th = null;
        try {
            try {
                ASN1Sequence aSN1Sequence = (ASN1Sequence) aSN1InputStream.readObject();
                if (aSN1InputStream != null) {
                    if (0 != 0) {
                        try {
                            aSN1InputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        aSN1InputStream.close();
                    }
                }
                Enumeration objects = aSN1Sequence.getObjects();
                objects.nextElement();
                return (ASN1Sequence) ((ASN1TaggedObject) objects.nextElement()).getObject();
            } finally {
            }
        } catch (Throwable th3) {
            if (aSN1InputStream != null) {
                if (th != null) {
                    try {
                        aSN1InputStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    aSN1InputStream.close();
                }
            }
            throw th3;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static byte[] deCipherContent(byte[] bArr, AOCipherConfig aOCipherConfig, SecretKey secretKey) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidAlgorithmParameterException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException {
        AlgorithmParameterSpec params = getParams(aOCipherConfig);
        Cipher createCipher = createCipher(aOCipherConfig.toString());
        createCipher.init(2, secretKey, params);
        return createCipher.doFinal(bArr);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static SecretKey loadCipherKey(AOCipherConfig aOCipherConfig, String str) throws InvalidKeySpecException, NoSuchAlgorithmException {
        return SecretKeyFactory.getInstance(aOCipherConfig.getAlgorithm().getName()).generateSecret(new PBEKeySpec(str.toCharArray(), SALT, 9));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static KeyAsigned assignKey(byte[] bArr, KeyStore.PrivateKeyEntry privateKeyEntry, AlgorithmIdentifier algorithmIdentifier) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, Pkcs11WrapOperationException {
        KeyAsigned keyAsigned = new KeyAsigned();
        CipherConstants.AOCipherAlgorithm aOCipherAlgorithm = null;
        CipherConstants.AOCipherAlgorithm[] values = CipherConstants.AOCipherAlgorithm.values();
        int length = values.length;
        int i = 0;
        while (true) {
            if (i >= length) {
                break;
            }
            CipherConstants.AOCipherAlgorithm aOCipherAlgorithm2 = values[i];
            if (aOCipherAlgorithm2.getOid().equals(algorithmIdentifier.getAlgorithm().toString())) {
                aOCipherAlgorithm = aOCipherAlgorithm2;
                break;
            }
            i++;
        }
        if (aOCipherAlgorithm == null) {
            throw new NoSuchAlgorithmException("No se ha podido determinar el algoritmo de cifrado de la clave");
        }
        keyAsigned.setConfig(new AOCipherConfig(aOCipherAlgorithm, null, null));
        Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
        cipher.init(4, privateKeyEntry.getPrivateKey());
        try {
            keyAsigned.setCipherKey((SecretKey) cipher.unwrap(bArr, aOCipherAlgorithm.getName(), 3));
            return keyAsigned;
        } catch (InvalidKeyException e) {
            if (e.getCause() == null || !e.getCause().getClass().getName().equals("sun.security.pkcs11.wrapper.PKCS11Exception")) {
                throw e;
            }
            throw new Pkcs11WrapOperationException(e.getCause().getMessage(), e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static ASN1Set generateSignerInfo(String str, byte[] bArr, String str2, Map<String, byte[]> map) throws NoSuchAlgorithmException {
        ASN1EncodableVector initContexExpecific = initContexExpecific(str, bArr, str2, null);
        if (map.size() == 0) {
            return null;
        }
        for (Map.Entry<String, byte[]> entry : map.entrySet()) {
            initContexExpecific.add(new Attribute(new ASN1ObjectIdentifier(entry.getKey().toString()), new DERSet(new DERPrintableString(new String(entry.getValue())))));
        }
        return EvelopUtils.getAttributeSet(new AttributeTable(initContexExpecific));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static ASN1OctetString firma(String str, KeyStore.PrivateKeyEntry privateKeyEntry, ASN1Set aSN1Set) throws NoSuchAlgorithmException, IOException, InvalidKeyException, SignatureException {
        Signature signature = Signature.getInstance(str);
        byte[] encoded = aSN1Set.getEncoded(ASN1Encoding.DER);
        signature.initSign(privateKeyEntry.getPrivateKey());
        if (encoded != null) {
            signature.update(encoded);
        }
        return new DEROctetString(signature.sign());
    }
}
