package org.xwiki.crypto.signer.internal.cms;

import java.io.IOException;
import java.security.GeneralSecurityException;
import java.util.ArrayList;
import java.util.Iterator;
import javax.inject.Inject;
import javax.inject.Singleton;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.cms.CMSProcessableByteArray;
import org.bouncycastle.cms.SignerInfoGeneratorBuilder;
import org.bouncycastle.cms.SignerInformationStore;
import org.bouncycastle.operator.DigestCalculatorProvider;
import org.bouncycastle.operator.OperatorCreationException;
import org.xwiki.component.annotation.Component;
import org.xwiki.component.phase.Initializable;
import org.xwiki.component.phase.InitializationException;
import org.xwiki.crypto.DigestFactory;
import org.xwiki.crypto.pkix.CertifyingSigner;
import org.xwiki.crypto.pkix.internal.BcUtils;
import org.xwiki.crypto.pkix.params.CertifiedPublicKey;
import org.xwiki.crypto.signer.CMSSignedDataGenerator;
import org.xwiki.crypto.signer.param.CMSSignedDataGeneratorParameters;
import org.xwiki.crypto.signer.param.CMSSignerInfo;

@Singleton
@Component
/* loaded from: input_file:WEB-INF/lib/xwiki-commons-crypto-pkix-8.4.6.jar:org/xwiki/crypto/signer/internal/cms/DefaultCMSSignedDataGenerator.class */
public class DefaultCMSSignedDataGenerator implements CMSSignedDataGenerator, Initializable {

    @Inject
    private DigestFactory digestProvider;

    @Override // org.xwiki.component.phase.Initializable
    public void initialize() throws InitializationException {
        if (!(this.digestProvider instanceof DigestCalculatorProvider)) {
            throw new InitializationException("Incompatible DigestFactory for this signed data generator.");
        }
    }

    @Override // org.xwiki.crypto.signer.CMSSignedDataGenerator
    public byte[] generate(byte[] bArr, CMSSignedDataGeneratorParameters cMSSignedDataGeneratorParameters) throws GeneralSecurityException {
        return generate(bArr, cMSSignedDataGeneratorParameters, false);
    }

    @Override // org.xwiki.crypto.signer.CMSSignedDataGenerator
    public byte[] generate(byte[] bArr, CMSSignedDataGeneratorParameters cMSSignedDataGeneratorParameters, boolean z) throws GeneralSecurityException {
        org.bouncycastle.cms.CMSSignedDataGenerator cMSSignedDataGenerator = new org.bouncycastle.cms.CMSSignedDataGenerator();
        if (!cMSSignedDataGeneratorParameters.getSignatures().isEmpty()) {
            ArrayList arrayList = new ArrayList(cMSSignedDataGeneratorParameters.getSignatures().size());
            for (CMSSignerInfo cMSSignerInfo : cMSSignedDataGeneratorParameters.getSignatures()) {
                if (!(cMSSignerInfo instanceof BcCMSSignerInfo)) {
                    throw new GeneralSecurityException("Incompatible pre-calculated signature for this signed data generator");
                }
                arrayList.add(((BcCMSSignerInfo) cMSSignerInfo).getSignerInfo());
            }
            cMSSignedDataGenerator.addSigners(new SignerInformationStore(arrayList));
        }
        try {
            for (CertifyingSigner certifyingSigner : cMSSignedDataGeneratorParameters.getSigners()) {
                if (certifyingSigner.getAlgorithmIdentifier() == null) {
                    throw new GeneralSecurityException("Incompatible signer for this signed data generator for subject " + certifyingSigner.getCertifier().getSubject().getName());
                }
                cMSSignedDataGenerator.addSignerInfoGenerator(new SignerInfoGeneratorBuilder((DigestCalculatorProvider) this.digestProvider).build(certifyingSigner, BcUtils.getX509CertificateHolder(certifyingSigner.getCertifier())));
            }
            Iterator<CertifiedPublicKey> it = cMSSignedDataGeneratorParameters.getCertificates().iterator();
            while (it.hasNext()) {
                cMSSignedDataGenerator.addCertificate(BcUtils.getX509CertificateHolder(it.next()));
            }
            return cMSSignedDataGenerator.generate(new CMSProcessableByteArray(bArr), z).getEncoded();
        } catch (IOException e) {
            throw new GeneralSecurityException("Unable to encode signed data", e);
        } catch (CMSException e2) {
            throw new GeneralSecurityException("Unable to generate CMS signature", e2);
        } catch (OperatorCreationException e3) {
            throw new GeneralSecurityException("Unable to prepare signers", e3);
        }
    }
}
