package org.apache.camel.component.as2.api.util;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import org.apache.camel.component.as2.api.AS2SignatureAlgorithm;
import org.apache.camel.component.as2.api.AS2SignedDataGenerator;
import org.apache.camel.component.as2.api.entity.ApplicationPkcs7SignatureEntity;
import org.apache.camel.component.as2.api.entity.MimeEntity;
import org.apache.camel.component.as2.api.entity.MultipartSignedEntity;
import org.apache.camel.util.ObjectHelper;
import org.apache.hc.core5.http.HttpException;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.cms.AttributeTable;
import org.bouncycastle.asn1.cms.IssuerAndSerialNumber;
import org.bouncycastle.asn1.smime.SMIMECapabilitiesAttribute;
import org.bouncycastle.asn1.smime.SMIMECapability;
import org.bouncycastle.asn1.smime.SMIMECapabilityVector;
import org.bouncycastle.asn1.smime.SMIMEEncryptionKeyPreferenceAttribute;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.cert.jcajce.JcaCertStore;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.cms.CMSProcessableByteArray;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.cms.SignerInformationVerifier;
import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoGeneratorBuilder;
import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/camel/component/as2/api/util/SigningUtils.class */
public final class SigningUtils {
    private static final Logger LOG = LoggerFactory.getLogger(SigningUtils.class);

    private SigningUtils() {
    }

    public static AS2SignedDataGenerator createSigningGenerator(AS2SignatureAlgorithm aS2SignatureAlgorithm, Certificate[] certificateArr, PrivateKey privateKey) throws HttpException {
        ObjectHelper.notNull(certificateArr, "certificateChain");
        if (certificateArr.length == 0 || !(certificateArr[0] instanceof X509Certificate)) {
            throw new IllegalArgumentException("Invalid certificate chain");
        }
        ObjectHelper.notNull(privateKey, "privateKey");
        AS2SignedDataGenerator aS2SignedDataGenerator = new AS2SignedDataGenerator();
        X509Certificate x509Certificate = (X509Certificate) certificateArr[0];
        SMIMECapabilityVector sMIMECapabilityVector = new SMIMECapabilityVector();
        sMIMECapabilityVector.addCapability(SMIMECapability.dES_EDE3_CBC);
        sMIMECapabilityVector.addCapability(SMIMECapability.rC2_CBC, 128);
        sMIMECapabilityVector.addCapability(SMIMECapability.dES_CBC);
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        aSN1EncodableVector.add(new SMIMEEncryptionKeyPreferenceAttribute(new IssuerAndSerialNumber(new X500Name(x509Certificate.getIssuerDN().getName()), x509Certificate.getSerialNumber())));
        aSN1EncodableVector.add(new SMIMECapabilitiesAttribute(sMIMECapabilityVector));
        try {
            aS2SignedDataGenerator.addSignerInfoGenerator(new JcaSimpleSignerInfoGeneratorBuilder().setProvider(BouncyCastleProvider.PROVIDER_NAME).setSignedAttributeGenerator(new AttributeTable(aSN1EncodableVector)).build(aS2SignatureAlgorithm.getSignatureAlgorithmName(), privateKey, x509Certificate));
            try {
                aS2SignedDataGenerator.addCertificates(new JcaCertStore(Arrays.asList(certificateArr)));
                return aS2SignedDataGenerator;
            } catch (CertificateEncodingException | CMSException e) {
                throw new HttpException("Failed to add certificate chain to signature", e);
            }
        } catch (Exception e2) {
            throw new HttpException("Failed to create signer info", e2);
        }
    }

    public static boolean isValidSigned(byte[] bArr, byte[] bArr2, Certificate[] certificateArr) {
        if (bArr == null || bArr2 == null || certificateArr == null) {
            return false;
        }
        try {
            return new CMSSignedData(new CMSProcessableByteArray(bArr), new ByteArrayInputStream(bArr2)).verifySignatures(signerId -> {
                for (Certificate certificate : certificateArr) {
                    SignerInformationVerifier build = new JcaSimpleSignerInfoVerifierBuilder().setProvider(BouncyCastleProvider.PROVIDER_NAME).build((X509Certificate) certificate);
                    if (build.getAssociatedCertificate().getIssuer().equals(signerId.getIssuer()) && build.getAssociatedCertificate().getSerialNumber().equals(signerId.getSerialNumber())) {
                        return build;
                    }
                }
                throw new RuntimeException("Signature was created with an unknown certificate");
            });
        } catch (CMSException e) {
            LOG.debug(e.getMessage(), e);
            return false;
        } catch (Exception e2) {
            LOG.debug(e2.getMessage(), e2);
            return false;
        }
    }

    public static boolean isValid(MultipartSignedEntity multipartSignedEntity, Certificate[] certificateArr) {
        MimeEntity signedDataEntity = multipartSignedEntity.getSignedDataEntity();
        ApplicationPkcs7SignatureEntity signatureEntity = multipartSignedEntity.getSignatureEntity();
        if (signedDataEntity == null || signatureEntity == null) {
            return false;
        }
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            try {
                signedDataEntity.writeTo(byteArrayOutputStream);
                boolean isValidSigned = isValidSigned(byteArrayOutputStream.toByteArray(), signatureEntity.getSignature(), certificateArr);
                byteArrayOutputStream.close();
                return isValidSigned;
            } finally {
            }
        } catch (IOException e) {
            return false;
        }
    }
}
