package de.cardcontact.scdp.cms;

import de.cardcontact.opencard.service.smartcardhsm.SmartCardHSMKey;
import de.cardcontact.scdp.gp.ByteString;
import de.cardcontact.scdp.gp.GPError;
import de.cardcontact.scdp.gp.GPKey;
import de.cardcontact.scdp.js.JsX509;
import de.cardcontact.scdp.utils.ArgChecker;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.PrivateKey;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.List;
import javax.crypto.spec.OAEPParameterSpec;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.cert.jcajce.JcaCertStore;
import org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils;
import org.bouncycastle.cms.CMSAlgorithm;
import org.bouncycastle.cms.CMSEnvelopedDataGenerator;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.cms.CMSProcessableByteArray;
import org.bouncycastle.cms.CMSSignedDataGenerator;
import org.bouncycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder;
import org.bouncycastle.cms.jcajce.JceCMSContentEncryptorBuilder;
import org.bouncycastle.cms.jcajce.JceKeyTransRecipientInfoGenerator;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaAlgorithmParametersConverter;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;
import org.mozilla.javascript.Context;
import org.mozilla.javascript.Function;
import org.mozilla.javascript.FunctionObject;
import org.mozilla.javascript.Scriptable;
import org.mozilla.javascript.ScriptableObject;

/* loaded from: input_file:de/cardcontact/scdp/cms/JsCMSGenerator.class */
public class JsCMSGenerator extends ScriptableObject {
    private static final long serialVersionUID = 541218970602060992L;
    private byte[] data;
    static final String clazzName = "CMSGenerator";
    private int type;
    public static final int SIGNED_DATA = 1;
    public static final int ENVELOPED_DATA = 2;
    public static final int DIGESTED_DATA = 3;
    public static final int ENCRYPTED_DATA = 4;
    public static final int AUTHENTICATED_DATA = 5;
    private CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
    List<X509Certificate> certList = new ArrayList();
    List<X509Certificate> recipientList = new ArrayList();

    public static Scriptable jsConstructor(Context context, Object[] objArr, Function function, boolean z) throws Exception {
        if (!z) {
            Context.reportError("CMSGenerator() can not be called as function");
        }
        ArgChecker.checkRange(function, clazzName, objArr, 1, 1);
        int i = ArgChecker.getInt(function, clazzName, objArr, 0, 0);
        if (i != 1 && i != 2) {
            GPError.throwAsGPErrorEx(function, 16, i, "Type not supported yet.");
        }
        JsCMSGenerator jsCMSGenerator = new JsCMSGenerator();
        jsCMSGenerator.type = i;
        return jsCMSGenerator;
    }

    public static void finishInit(Scriptable scriptable, FunctionObject functionObject, Scriptable scriptable2) {
        ScriptableObject.defineProperty(functionObject, "TYPE_SIGNED_DATA", 1, 0);
        ScriptableObject.defineProperty(functionObject, "TYPE_ENVELOPED_DATA", 2, 0);
        ScriptableObject.defineProperty(functionObject, "TYPE_DIGESTED_DATA", 3, 0);
        ScriptableObject.defineProperty(functionObject, "TYPE_ENCRYPTED_DATA", 4, 0);
        ScriptableObject.defineProperty(functionObject, "TYPE_AUTHENTICATED_DATA", 5, 0);
    }

    public static void jsFunction_setDataContent(Context context, Scriptable scriptable, Object[] objArr, Function function) {
        ArgChecker.checkRange(scriptable, clazzName, objArr, 1, 1);
        ((JsCMSGenerator) scriptable).data = ArgChecker.getByteString(scriptable, clazzName, objArr, 0, null).getBytes();
    }

    public static void jsFunction_addCertificate(Context context, Scriptable scriptable, Object[] objArr, Function function) {
        ArgChecker.checkRange(scriptable, clazzName, objArr, 1, 1);
        if (!(objArr[0] instanceof JsX509)) {
            GPError.throwAsGPErrorEx(scriptable, 16, 0, "Argument 0 must be a x509 certificate.");
        }
        try {
            ((JsCMSGenerator) scriptable).certList.add(((JsX509) objArr[0]).getCertificate());
        } catch (IllegalArgumentException e) {
            GPError.throwAsGPErrorEx(scriptable, 8, 0, e.getLocalizedMessage());
        }
    }

    public static void jsFunction_addRecipient(Context context, Scriptable scriptable, Object[] objArr, Function function) {
        ArgChecker.checkRange(scriptable, clazzName, objArr, 1, 1);
        if (!(objArr[0] instanceof JsX509)) {
            GPError.throwAsGPErrorEx(scriptable, 16, 0, "Argument 0 must be a x509 certificate.");
        }
        try {
            ((JsCMSGenerator) scriptable).recipientList.add(((JsX509) objArr[0]).getCertificate());
        } catch (IllegalArgumentException e) {
            GPError.throwAsGPErrorEx(scriptable, 8, 0, e.getLocalizedMessage());
        }
    }

    public static void jsFunction_addSigner(Context context, Scriptable scriptable, Object[] objArr, Function function) {
        ArgChecker.checkRange(scriptable, clazzName, objArr, 3, 4);
        if (!(objArr[0] instanceof GPKey)) {
            GPError.throwAsGPErrorEx(scriptable, 16, 16, "Argument 1 must be a key.");
        }
        GPKey gPKey = (GPKey) objArr[0];
        JsX509 jsX509 = null;
        ByteString byteString = null;
        if (objArr[1] instanceof JsX509) {
            jsX509 = (JsX509) objArr[1];
        } else {
            if (!(objArr[1] instanceof ByteString)) {
                GPError.throwAsGPErrorEx(scriptable, 16, 16, "Argument 2 must be a x509 certificate or ByteString.");
            }
            byteString = (ByteString) objArr[1];
        }
        if (objArr[2] instanceof ByteString) {
            GPError.throwAsGPErrorEx(scriptable, 16, 16, "Passing a digestAlgorithmOID is deprecated. Please use a Java signing algorithm string (e.g. \"SHA256withRSA\") instead");
        }
        String string = ArgChecker.getString(scriptable, clazzName, objArr, 2, null);
        boolean z = ArgChecker.getBoolean(scriptable, clazzName, objArr, 3, false);
        JsCMSGenerator jsCMSGenerator = (JsCMSGenerator) scriptable;
        try {
            JcaContentSignerBuilder jcaContentSignerBuilder = new JcaContentSignerBuilder(string);
            PrivateKey privateKey = (PrivateKey) gPKey.getJCEKey(null);
            if (privateKey instanceof SmartCardHSMKey) {
                jcaContentSignerBuilder.setProvider("SmartCardHSM");
            } else {
                jcaContentSignerBuilder.setProvider("BC");
            }
            ContentSigner build = jcaContentSignerBuilder.build(privateKey);
            JcaDigestCalculatorProviderBuilder jcaDigestCalculatorProviderBuilder = new JcaDigestCalculatorProviderBuilder();
            jcaDigestCalculatorProviderBuilder.setProvider("BC");
            JcaSignerInfoGeneratorBuilder jcaSignerInfoGeneratorBuilder = new JcaSignerInfoGeneratorBuilder(jcaDigestCalculatorProviderBuilder.build());
            if (jsX509 != null) {
                jsCMSGenerator.gen.addSignerInfoGenerator(jcaSignerInfoGeneratorBuilder.build(build, jsX509.getCertificate()));
                if (z) {
                    jsCMSGenerator.certList.add(jsX509.getCertificate());
                }
            } else {
                jsCMSGenerator.gen.addSignerInfoGenerator(jcaSignerInfoGeneratorBuilder.build(build, byteString.getBytes()));
            }
        } catch (IllegalArgumentException e) {
            GPError.throwAsGPErrorEx(scriptable, 8, 0, e.getLocalizedMessage());
        } catch (OperatorCreationException e2) {
            GPError.throwAsGPErrorEx(scriptable, 8, 0, e2.getLocalizedMessage());
        } catch (GeneralSecurityException e3) {
            GPError.throwAsGPErrorEx(scriptable, 16, 0, e3.getLocalizedMessage());
        }
    }

    private byte[] generateEnvelopedData(ASN1ObjectIdentifier aSN1ObjectIdentifier) throws InvalidAlgorithmParameterException, IOException, CMSException, CertificateException {
        AlgorithmIdentifier algorithmIdentifier = new JcaAlgorithmParametersConverter().getAlgorithmIdentifier(PKCSObjectIdentifiers.id_RSAES_OAEP, OAEPParameterSpec.DEFAULT);
        CMSEnvelopedDataGenerator cMSEnvelopedDataGenerator = new CMSEnvelopedDataGenerator();
        for (X509Certificate x509Certificate : this.recipientList) {
            byte[] extensionValue = x509Certificate.getExtensionValue(Extension.subjectKeyIdentifier.getId());
            if (extensionValue == null) {
                throw new CertificateException("Certificate has no Subject Key Identifier");
            }
            JceKeyTransRecipientInfoGenerator jceKeyTransRecipientInfoGenerator = new JceKeyTransRecipientInfoGenerator(ASN1OctetString.getInstance(JcaX509ExtensionUtils.parseExtensionValue(extensionValue).getEncoded()).getOctets(), algorithmIdentifier, x509Certificate.getPublicKey());
            jceKeyTransRecipientInfoGenerator.setProvider("BC");
            cMSEnvelopedDataGenerator.addRecipientInfoGenerator(jceKeyTransRecipientInfoGenerator);
        }
        JceCMSContentEncryptorBuilder jceCMSContentEncryptorBuilder = new JceCMSContentEncryptorBuilder(CMSAlgorithm.AES128_GCM);
        jceCMSContentEncryptorBuilder.setProvider("BC");
        return cMSEnvelopedDataGenerator.generate(aSN1ObjectIdentifier == null ? new CMSProcessableByteArray(this.data) : new CMSProcessableByteArray(aSN1ObjectIdentifier, this.data), jceCMSContentEncryptorBuilder.build()).getEncoded();
    }

    private byte[] generateSignedData(ASN1ObjectIdentifier aSN1ObjectIdentifier) throws CertificateEncodingException, CMSException, IOException {
        this.gen.addCertificates(new JcaCertStore(this.certList));
        return this.gen.generate(aSN1ObjectIdentifier == null ? new CMSProcessableByteArray(this.data) : new CMSProcessableByteArray(aSN1ObjectIdentifier, this.data), true).getEncoded();
    }

    public static ByteString jsFunction_generate(Context context, Scriptable scriptable, Object[] objArr, Function function) {
        ArgChecker.checkRange(scriptable, clazzName, objArr, 0, 1);
        JsCMSGenerator jsCMSGenerator = (JsCMSGenerator) scriptable;
        ByteString byteString = null;
        ByteString byteString2 = ArgChecker.getByteString(scriptable, clazzName, objArr, 0, null);
        ASN1ObjectIdentifier aSN1ObjectIdentifier = null;
        if (byteString2 != null) {
            byte[] bytes = byteString2.getBytes();
            byte[] bArr = new byte[2 + bytes.length];
            bArr[0] = 6;
            bArr[1] = (byte) (bytes.length & 255);
            System.arraycopy(bytes, 0, bArr, 2, bytes.length);
            aSN1ObjectIdentifier = ASN1ObjectIdentifier.getInstance(bArr);
        }
        try {
            byteString = ByteString.newInstance(scriptable, jsCMSGenerator.type == 2 ? jsCMSGenerator.generateEnvelopedData(aSN1ObjectIdentifier) : jsCMSGenerator.generateSignedData(aSN1ObjectIdentifier));
        } catch (IOException e) {
            GPError.throwAsGPErrorEx(scriptable, 5, 0, e.getLocalizedMessage());
        } catch (CMSException e2) {
            GPError.throwAsGPErrorEx(scriptable, 9, 0, e2.getLocalizedMessage());
        } catch (InvalidAlgorithmParameterException e3) {
            GPError.throwAsGPErrorEx(scriptable, 5, 0, e3.getLocalizedMessage());
        } catch (CertificateEncodingException e4) {
            GPError.throwAsGPErrorEx(scriptable, 9, 0, e4.getLocalizedMessage());
        } catch (CertificateException e5) {
            GPError.throwAsGPErrorEx(scriptable, 5, 0, e5.getLocalizedMessage());
        }
        return byteString;
    }

    public String getClassName() {
        return clazzName;
    }
}
