package es.gob.afirma.signers.cades;

import bj.a;
import ej.c;
import es.gob.afirma.core.misc.Base64;
import es.gob.afirma.core.signers.AOSignConstants;
import es.gob.afirma.core.signers.AdESPolicy;
import es.gob.afirma.signers.pkcs7.AOAlgorithmID;
import es.gob.afirma.signers.pkcs7.SigUtils;
import fj.d;
import fj.e;
import java.io.IOException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.Iterator;
import java.util.Locale;
import mj.b;
import okhttp3.HttpUrl;
import tj.h;
import tj.i;
import tj.p;
import tj.s;
import tj.z;
import yi.c1;
import yi.e1;
import yi.f;
import yi.h1;
import yi.i1;
import yi.j1;
import yi.m;
import yi.n;
import yi.o;
import yi.t;
import yi.y0;

/* loaded from: classes.dex */
public final class CAdESUtils {
    private CAdESUtils() {
    }

    public static f generateSignedAttributes(Certificate certificate, CAdESParameters cAdESParameters, boolean z10) throws NoSuchAlgorithmException, IOException, CertificateEncodingException {
        f signerClaimedRoles;
        c signerLocation;
        f fVar = new f();
        if (!z10) {
            fVar.a(new a(bj.c.f4078a, new e1(b.F0)));
        }
        if (cAdESParameters.getDataDigest() == null && cAdESParameters.getContentData() == null) {
            throw new IllegalArgumentException("Ni los datos a firmar ni la huella de los mismos se han configurado o encontrado ");
        }
        fVar.a(new a(bj.c.f4079b, new e1(new y0(cAdESParameters.getDataDigest() != null ? cAdESParameters.getDataDigest() : MessageDigest.getInstance(cAdESParameters.getDigestAlgorithm()).digest(cAdESParameters.getContentData())))));
        X509Certificate x509Certificate = (X509Certificate) certificate;
        fVar.a(cAdESParameters.isSigningCertificateV2() ? getSigningCertificateV2(x509Certificate, cAdESParameters.getDigestAlgorithm(), cAdESParameters.isIncludedPolicyOnSigningCertificate(), cAdESParameters.isIncludedIssuerSerial()) : getSigningCertificateV1(x509Certificate, cAdESParameters.getDigestAlgorithm(), cAdESParameters.isIncludedPolicyOnSigningCertificate(), cAdESParameters.isIncludedIssuerSerial()));
        if (cAdESParameters.getExternalPolicy() != null && cAdESParameters.getExternalPolicy().getPolicyIdentifier() != null) {
            fVar.a(new a(b.f15586e1, getSigPolicyAttribute(cAdESParameters.getDigestAlgorithm(), cAdESParameters.getExternalPolicy())));
        }
        if ((!z10 || !AOSignConstants.SIGN_PROFILE_BASELINE.equals(cAdESParameters.getProfileSet())) && cAdESParameters.getContentTypeOid() != null) {
            fVar.a(new a(b.Z0, new e1((cAdESParameters.getContentDescription() != null ? new fj.a(new n(cAdESParameters.getContentTypeOid()), new j1(cAdESParameters.getContentDescription())) : new fj.a(new n(cAdESParameters.getContentTypeOid()))).toASN1Primitive())));
        }
        if (cAdESParameters.getCommitmentTypeIndications() != null && cAdESParameters.getCommitmentTypeIndications().size() > 0) {
            Iterator<CommitmentTypeIndicationBean> it = cAdESParameters.getCommitmentTypeIndications().iterator();
            while (it.hasNext()) {
                fVar.a(new a(b.f15588f1, new e1(CommitmentTypeIndicationsHelper.generateCommitmentTypeIndication(it.next()).toASN1Primitive())));
            }
        }
        if (cAdESParameters.getMetadata() != null && (signerLocation = CAdESSignerMetadataHelper.getSignerLocation(cAdESParameters.getMetadata().getSignerLocation())) != null) {
            fVar.a(new a(b.f15591i1, new e1(signerLocation)));
        }
        if (cAdESParameters.getClaimedRoles() != null && cAdESParameters.getClaimedRoles().length > 0 && (signerClaimedRoles = getSignerClaimedRoles(cAdESParameters.getClaimedRoles())) != null) {
            n nVar = "advanced".equals(cAdESParameters.getProfileSet()) ? b.f15593j1 : AOSignConstants.SIGN_PROFILE_BASELINE.equals(cAdESParameters.getProfileSet()) ? new n(CAdESAttributes.OID_id_aa_ets_signerAttrV2) : null;
            if (nVar != null) {
                fVar.a(new a(nVar, new e1(new c1(new h1(new c1(signerClaimedRoles))))));
            }
        }
        if (cAdESParameters.getSigningTime() != null) {
            fVar.a(new a(bj.c.f4080c, new e1(new i1(cAdESParameters.getSigningTime()))));
        }
        if (!z10 && cAdESParameters.getMimeType() != null) {
            fVar.a(new a(new n(CAdESAttributes.OID_id_aa_ets_mimeType), new e1(new j1(cAdESParameters.getMimeType()))));
        }
        return fVar;
    }

    private static s[] getPolicyInformation(X509Certificate x509Certificate) {
        if (x509Certificate == null) {
            throw new IllegalArgumentException("El certificado no puede ser nulo");
        }
        byte[] extensionValue = x509Certificate.getExtensionValue("2.5.29.32");
        h hVar = null;
        if (extensionValue == null || extensionValue.length < 1) {
            return null;
        }
        m p9 = t.p(o.p(extensionValue).t());
        if (p9 instanceof h) {
            hVar = (h) p9;
        } else if (p9 != null) {
            hVar = new h(t.p(p9));
        }
        s[] sVarArr = hVar.f22604a;
        s[] sVarArr2 = new s[sVarArr.length];
        System.arraycopy(sVarArr, 0, sVarArr2, 0, sVarArr.length);
        return sVarArr2;
    }

    private static e1 getSigPolicyAttribute(String str, AdESPolicy adESPolicy) throws IOException {
        n nVar = new n(adESPolicy.getPolicyIdentifier().toLowerCase(Locale.US).replace("urn:oid:", HttpUrl.FRAGMENT_ENCODE_SET));
        if (adESPolicy.getPolicyIdentifierHashAlgorithm() != null) {
            str = AOSignConstants.getDigestAlgorithmName(adESPolicy.getPolicyIdentifierHashAlgorithm());
        }
        i iVar = new i(SigUtils.makeAlgId(AOAlgorithmID.getOID(str)), adESPolicy.getPolicyIdentifierHash() != null ? Base64.decode(adESPolicy.getPolicyIdentifierHash()) : new byte[]{0});
        AOSigPolicyQualifierInfo aOSigPolicyQualifierInfo = adESPolicy.getPolicyQualifier() != null ? new AOSigPolicyQualifierInfo(adESPolicy.getPolicyQualifier().toString()) : null;
        f fVar = new f();
        fVar.a(nVar);
        fVar.a(iVar.toASN1Primitive());
        if (aOSigPolicyQualifierInfo != null) {
            fVar.a(new c1(aOSigPolicyQualifierInfo.toASN1Primitive()));
        }
        return new e1(new c1(fVar));
    }

    private static f getSignerClaimedRoles(String[] strArr) {
        f fVar = new f();
        for (String str : strArr) {
            if (str != null && !str.isEmpty()) {
                fVar.a(new a(z.f22677a, new e1(new j1(str))));
            }
        }
        if (fVar.c() > 0) {
            return fVar;
        }
        return null;
    }

    private static a getSigningCertificateV1(X509Certificate x509Certificate, String str, boolean z10, boolean z11) throws CertificateEncodingException, NoSuchAlgorithmException {
        d dVar;
        fj.b bVar = new fj.b(MessageDigest.getInstance(str).digest(x509Certificate.getEncoded()), z11 ? new p(new tj.o(new tj.n(rj.d.a(x509Certificate.getIssuerX500Principal().getEncoded()))), x509Certificate.getSerialNumber()) : null);
        s[] policyInformation = z10 ? getPolicyInformation(x509Certificate) : null;
        if (policyInformation != null) {
            f fVar = new f();
            fVar.a(new c1(bVar));
            fVar.a(new c1(policyInformation));
            m c1Var = new c1(fVar);
            dVar = c1Var instanceof d ? (d) c1Var : new d(t.p(c1Var));
        } else {
            dVar = new d(bVar);
        }
        return new a(b.f15583a1, new e1(dVar));
    }

    private static a getSigningCertificateV2(X509Certificate x509Certificate, String str, boolean z10, boolean z11) throws CertificateEncodingException, NoSuchAlgorithmException {
        String oid = AOAlgorithmID.getOID(str);
        fj.c[] cVarArr = {new fj.c(AOAlgorithmID.OID_SHA256.equals(oid) ? null : SigUtils.makeAlgId(oid), MessageDigest.getInstance(str).digest(x509Certificate.getEncoded()), z11 ? new p(new tj.o(new tj.n(rj.d.a(x509Certificate.getIssuerX500Principal().getEncoded()))), x509Certificate.getSerialNumber()) : null)};
        s[] policyInformation = z10 ? getPolicyInformation(x509Certificate) : null;
        return new a(b.f15584c1, new e1(policyInformation != null ? new e(cVarArr, policyInformation) : new e(cVarArr)));
    }
}
