package com.cht.kms.client.cms;

import com.cht.com.google.gson.internal.LinkedTreeMap;
import com.cht.kms.client.io.Closer;
import com.cht.kms.client.rest.KMSClient;
import com.cht.kms.client.util.CryptoUtil;
import com.cht.org.bouncycastle.asn1.cms.CMSObjectIdentifiers;
import com.cht.org.bouncycastle.cert.jcajce.JcaX509CertificateHolder;
import com.cht.org.bouncycastle.cms.CMSException;
import com.cht.org.bouncycastle.cms.CMSSignedDataStreamGenerator;
import com.cht.org.bouncycastle.operator.OperatorCreationException;
import com.cht.org.jose4j.lang.StringUtil;
import java.io.BufferedInputStream;
import java.io.BufferedOutputStream;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.io.UnsupportedEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;

/* loaded from: input_file:com/cht/kms/client/cms/PKCS7SignedDataGenerator.class */
public class PKCS7SignedDataGenerator extends CMSSignedDataStreamGenerator {
    private boolean _withHeaderAndFooterLines = true;
    private CertificateFactory _f = CertificateFactory.getInstance("X.509");
    private X509Certificate _signingCertificate;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/cht/kms/client/cms/PKCS7SignedDataGenerator$CMSSignedDataArmoredOutputStream.class */
    public class CMSSignedDataArmoredOutputStream extends OutputStream {
        private OutputStream _cmsOut;
        private OutputStream _armoredOut;

        public CMSSignedDataArmoredOutputStream(OutputStream outputStream, OutputStream outputStream2) {
            this._cmsOut = outputStream;
            this._armoredOut = outputStream2;
        }

        @Override // java.io.OutputStream
        public void write(int i) throws IOException {
            this._cmsOut.write(i);
        }

        @Override // java.io.OutputStream
        public void write(byte[] bArr, int i, int i2) throws IOException {
            this._cmsOut.write(bArr, i, i2);
        }

        @Override // java.io.OutputStream
        public void write(byte[] bArr) throws IOException {
            this._cmsOut.write(bArr);
        }

        @Override // java.io.OutputStream, java.io.Closeable, java.lang.AutoCloseable
        public void close() throws IOException {
            this._cmsOut.close();
            this._armoredOut.close();
        }
    }

    public void withHeaderAndFooterLines(boolean z) {
        this._withHeaderAndFooterLines = z;
    }

    public void addPKCS11SignerInfoGenerator(KMSClient kMSClient, String str) throws UnsupportedEncodingException, CertificateException, OperatorCreationException, CMSException {
        LinkedTreeMap primaryCertificate = kMSClient.getPrimaryCertificate(str);
        X509Certificate x509Certificate = (X509Certificate) this._f.generateCertificate(new ByteArrayInputStream(((String) primaryCertificate.get("cer")).getBytes(StringUtil.UTF_8)));
        String str2 = "RSA".equalsIgnoreCase(x509Certificate.getPublicKey().getAlgorithm()) ? "CKM_SHA256_RSA_PKCS" : "CKM_ECDSA_SHA256";
        JcaX509CertificateHolder jcaX509CertificateHolder = new JcaX509CertificateHolder(x509Certificate);
        super.addSignerInfoGenerator(new PKCS11SignerInfoGeneratorBuilder().setDirectSignature(true).build(kMSClient, str2, str, (String) primaryCertificate.get("keyOid"), (String) primaryCertificate.get("certOid"), jcaX509CertificateHolder));
        super.addCertificate(jcaX509CertificateHolder);
    }

    public OutputStream open(OutputStream outputStream, boolean z, boolean z2) throws IOException {
        ArmoredOutputStream armoredOutputStream = new ArmoredOutputStream(outputStream, this._withHeaderAndFooterLines);
        return new CMSSignedDataArmoredOutputStream(super.open(CMSObjectIdentifiers.data, armoredOutputStream, z, null, 0, z2), armoredOutputStream);
    }

    public void generate(File file, File file2, boolean z, boolean z2) throws IOException {
        Closer create = Closer.create();
        try {
            if (!z2) {
                try {
                    super.setBufferSize((int) file.length());
                } catch (Throwable th) {
                    throw create.rethrow(th);
                }
            }
            CryptoUtil.write((InputStream) create.register(CryptoUtil.openBufferedInputStream(file)), (OutputStream) create.register(open((OutputStream) create.register(CryptoUtil.openBufferedOutputStream(file2)), z, z2)));
            create.close();
        } catch (Throwable th2) {
            create.close();
            throw th2;
        }
    }

    public byte[] generate(byte[] bArr, boolean z, boolean z2) throws IOException {
        Closer create = Closer.create();
        if (!z2) {
            try {
                super.setBufferSize(bArr.length);
            } catch (Throwable th) {
                throw create.rethrow(th);
            }
        }
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        OutputStream outputStream = (OutputStream) create.register(open((OutputStream) create.register(new BufferedOutputStream(byteArrayOutputStream)), z, z2));
        CryptoUtil.write((InputStream) create.register(new BufferedInputStream(new ByteArrayInputStream(bArr))), outputStream);
        outputStream.close();
        return byteArrayOutputStream.toByteArray();
    }
}
