package net.netca.pki.impl.jce;

import java.util.ArrayList;
import java.util.Date;
import net.netca.pki.encoding.asn1.pki.AlgorithmIdentifier;
import net.netca.pki.encoding.asn1.pki.Attribute;
import net.netca.pki.encoding.asn1.pki.JCEHasher;
import net.netca.pki.encoding.asn1.pki.Time;
import net.netca.pki.encoding.asn1.pki.X509Certificate;
import net.netca.pki.encoding.asn1.pki.X509CertificateAndPrivateKey;
import net.netca.pki.encoding.asn1.pki.cms.ESSCertID;
import net.netca.pki.encoding.asn1.pki.cms.ESSCertIDv2;
import net.netca.pki.encoding.asn1.pki.cms.SignedData;
import net.netca.pki.encoding.asn1.pki.cms.SignedDataBuilder;
import net.netca.pki.encoding.asn1.pki.cms.Signer;
import net.netca.pki.encoding.asn1.pki.cms.SigningCertificate;
import net.netca.pki.encoding.asn1.pki.cms.SigningCertificateV2;
import net.netca.pki.global.ISignedDataSign;
import net.netca.pki.u;

/* loaded from: classes.dex */
public class JCESignedDataSign implements ISignedDataSign {
    private X509CertificateAndPrivateKey certAndPrivateKey;
    private SignedDataSignInfo info;
    private JCEPki pki;
    private AlgorithmIdentifier signAlgo;
    private SignedData signedData;
    private Date tsaTime = null;

    /* JADX INFO: Access modifiers changed from: package-private */
    public JCESignedDataSign(JCEPki jCEPki, X509CertificateAndPrivateKey x509CertificateAndPrivateKey, AlgorithmIdentifier algorithmIdentifier, SignedDataSignInfo signedDataSignInfo) {
        this.pki = jCEPki;
        this.certAndPrivateKey = x509CertificateAndPrivateKey;
        this.signAlgo = algorithmIdentifier;
        this.info = signedDataSignInfo;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void addSigningCertHashAttribute(Signer signer, AlgorithmIdentifier algorithmIdentifier, X509Certificate[] x509CertificateArr) {
        signer.addSignedAttribute(algorithmIdentifier.getOid().equals(AlgorithmIdentifier.SHA1_OID) ? newSigningCertificateAttribute(x509CertificateArr) : newSigningCertificateAttributeV2(algorithmIdentifier, x509CertificateArr));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void addSigningTimeAttribute(Signer signer, Date date) {
        signer.addSignedAttribute(newSigningTimeAttribute(date));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static X509Certificate[] builderCertPath(JCEPki jCEPki, X509Certificate x509Certificate) {
        try {
            net.netca.pki.global.X509Certificate[] buildCertPath = new JCEX509Certificate(jCEPki, x509Certificate.derEncode()).buildCertPath();
            if (buildCertPath == null) {
                return new X509Certificate[]{x509Certificate};
            }
            int length = buildCertPath.length;
            X509Certificate[] x509CertificateArr = new X509Certificate[length];
            for (int i = 0; i < length; i++) {
                x509CertificateArr[i] = new X509Certificate(buildCertPath[i].derEncode());
            }
            return x509CertificateArr;
        } catch (u unused) {
            return new X509Certificate[]{x509Certificate};
        }
    }

    private static SignedDataBuilder createSignedDataBuilder(JCEPki jCEPki, X509CertificateAndPrivateKey x509CertificateAndPrivateKey, AlgorithmIdentifier algorithmIdentifier, SignedDataSignInfo signedDataSignInfo) {
        SignedDataBuilder signedDataBuilder = new SignedDataBuilder();
        X509Certificate cert = x509CertificateAndPrivateKey.getCert();
        Signer signer = new Signer(cert, x509CertificateAndPrivateKey.getSigner());
        signer.setSignatureAlgorithm(algorithmIdentifier);
        if (signedDataSignInfo.useSubjectKeyId) {
            signer.setSignerIdType(2);
        } else {
            signer.setSignerIdType(1);
        }
        if (signedDataSignInfo.useSigningTime) {
            addSigningTimeAttribute(signer, new Date());
        }
        X509Certificate[] x509CertificateArr = null;
        if (signedDataSignInfo.hasSigningCertAttribute) {
            x509CertificateArr = builderCertPath(jCEPki, cert);
            addSigningCertHashAttribute(signer, signedDataSignInfo.signingCertHashAlgo, x509CertificateArr);
        }
        int i = 0;
        if (signedDataSignInfo.includeCertOption == 1) {
            signedDataBuilder.setIncludeSignCert(false);
        } else if (signedDataSignInfo.includeCertOption == 4) {
            if (x509CertificateArr != null) {
                x509CertificateArr = builderCertPath(jCEPki, cert);
            }
            X509Certificate[] x509CertificateArr2 = x509CertificateArr;
            signedDataBuilder.setIncludeSignCert(false);
            while (i < x509CertificateArr2.length) {
                signedDataBuilder.addX509PublicKeyCertificate(x509CertificateArr2[i]);
                i++;
            }
        } else {
            if (signedDataSignInfo.includeCertOption == 3) {
                if (x509CertificateArr != null) {
                    x509CertificateArr = builderCertPath(jCEPki, cert);
                }
                if (x509CertificateArr.length != 1) {
                    signedDataBuilder.setIncludeSignCert(false);
                    while (i < x509CertificateArr.length - 1) {
                        signedDataBuilder.addX509PublicKeyCertificate(x509CertificateArr[i]);
                        i++;
                    }
                }
            }
            signedDataBuilder.setIncludeSignCert(true);
        }
        signedDataBuilder.setHasher(new JCEHasher());
        signedDataBuilder.addSigner(signer);
        if (signedDataSignInfo.isQ7) {
            signedDataBuilder.setSM2Q7(true);
        }
        return signedDataBuilder;
    }

    private static Attribute newSigningCertificateAttribute(X509Certificate[] x509CertificateArr) {
        JCEHasher jCEHasher = new JCEHasher();
        ArrayList arrayList = new ArrayList();
        for (X509Certificate x509Certificate : x509CertificateArr) {
            arrayList.add(new ESSCertID(x509Certificate, jCEHasher, true));
        }
        return new Attribute(Attribute.SIGNING_CERTIFICATE, new SigningCertificate(arrayList, null).getASN1Object());
    }

    private static Attribute newSigningCertificateAttributeV2(AlgorithmIdentifier algorithmIdentifier, X509Certificate[] x509CertificateArr) {
        JCEHasher jCEHasher = new JCEHasher();
        ArrayList arrayList = new ArrayList();
        for (X509Certificate x509Certificate : x509CertificateArr) {
            arrayList.add(new ESSCertIDv2(algorithmIdentifier, x509Certificate, jCEHasher, true));
        }
        return new Attribute(Attribute.SIGNING_CERTIFICATE_V2, new SigningCertificateV2(arrayList, null).getASN1Object());
    }

    private static Attribute newSigningTimeAttribute(Date date) {
        return new Attribute(Attribute.SIGNING_TIME, new Time(date).getASN1Object());
    }

    @Override // net.netca.pki.global.ISignedDataSign
    public byte[] attachSignatureTimeStamp() {
        if (this.signedData == null) {
            throw new u("must sign first");
        }
        this.tsaTime = JCESignedDataDetachedSign.attachSignatureTimeStamp(this.pki, this.signedData);
        return this.signedData.encode(this.info.isContentInfo);
    }

    @Override // net.netca.pki.global.ISignedDataSign
    public Date getSignatureTimeStampTime() {
        return this.tsaTime;
    }

    @Override // net.netca.pki.global.ISignedDataSign
    public byte[] sign(byte[] bArr, int i, int i2) {
        SignedDataBuilder createSignedDataBuilder = createSignedDataBuilder(this.pki, this.certAndPrivateKey, this.signAlgo, this.info);
        createSignedDataBuilder.setContent(bArr, i, i2);
        this.signedData = createSignedDataBuilder.sign();
        return this.signedData.encode(this.info.isContentInfo);
    }
}
