package asia.dbt.thundercrypt.core.generators;

import asia.dbt.thundercrypt.core.attributes.AttributeBuilder;
import asia.dbt.thundercrypt.core.attributes.EsedoAttributeDirector;
import asia.dbt.thundercrypt.core.keys.KeyLoader;
import asia.dbt.thundercrypt.core.log.LoggingPoint;
import asia.dbt.thundercrypt.core.utils.OCSPUtil;
import asia.dbt.thundercrypt.core.utils.TimeStampToAttributeTableConverter;
import asia.dbt.thundercrypt.core.utils.TimeStampUtil;
import java.security.cert.CertStore;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Date;
import kz.gov.pki.kalkan.asn1.cms.AttributeTable;
import kz.gov.pki.kalkan.asn1.knca.KNCAObjectIdentifiers;
import kz.gov.pki.kalkan.asn1.pkcs.PKCSObjectIdentifiers;
import kz.gov.pki.kalkan.jce.provider.cms.CMSProcessableByteArray;
import kz.gov.pki.kalkan.jce.provider.cms.CMSSignedDataGenerator;
import kz.gov.pki.kalkan.ocsp.OCSPResp;
import kz.gov.pki.kalkan.tsp.TimeStampRequest;
import kz.gov.pki.kalkan.tsp.TimeStampResponse;
import kz.gov.pki.kalkan.util.encoders.Base64;

/* loaded from: input_file:asia/dbt/thundercrypt/core/generators/DefaultSignatureGenerator.class */
public class DefaultSignatureGenerator implements SignatureGenerator {
    private final String filesNames;

    public DefaultSignatureGenerator(String str) {
        this.filesNames = str;
    }

    @Override // asia.dbt.thundercrypt.core.generators.SignatureGenerator
    public String sign(KeyLoader keyLoader, byte[] bArr) throws Exception {
        X509Certificate certificate = keyLoader.getCertificate();
        OCSPResp oCSPResponse = new OCSPUtil(certificate).getOCSPResponse();
        AttributeTable createUnsignedAttributeTable = createUnsignedAttributeTable(certificate, bArr);
        Date signDateFromAttributeTable = TimeStampUtil.getSignDateFromAttributeTable(createUnsignedAttributeTable);
        debugLocalTime(signDateFromAttributeTable);
        AttributeTable createSignedAttributeTable = createSignedAttributeTable(certificate, oCSPResponse.getEncoded(), signDateFromAttributeTable);
        CertStore createCertStore = createCertStore(certificate);
        CMSSignedDataGenerator cMSSignedDataGenerator = new CMSSignedDataGenerator();
        cMSSignedDataGenerator.addSigner(keyLoader.getPrivateKey(), certificate, extractSignAlgorithm(certificate), createSignedAttributeTable, createUnsignedAttributeTable);
        cMSSignedDataGenerator.addCertificatesAndCRLs(createCertStore);
        try {
            return Base64.encodeStr(cMSSignedDataGenerator.generate(new CMSProcessableByteArray(bArr), false, "KALKAN").getEncoded());
        } catch (Exception e) {
            throw new Exception("Could not create sign!");
        }
    }

    private void debugLocalTime(Date date) {
        LoggingPoint.log("signTime: " + date.getTime());
        LoggingPoint.log("currentDate: " + new Date(System.currentTimeMillis()).getTime());
    }

    private AttributeTable createUnsignedAttributeTable(X509Certificate x509Certificate, byte[] bArr) {
        try {
            TimeStampUtil timeStampUtil = new TimeStampUtil(bArr, x509Certificate.getSerialNumber());
            TimeStampRequest buildRequest = timeStampUtil.buildRequest();
            TimeStampResponse sendRequest = timeStampUtil.sendRequest(buildRequest);
            sendRequest.validate(buildRequest);
            return TimeStampToAttributeTableConverter.convert(sendRequest);
        } catch (Exception e) {
            throw new RuntimeException("Could not create unsigned attributes!", e);
        }
    }

    private AttributeTable createSignedAttributeTable(X509Certificate x509Certificate, byte[] bArr, Date date) {
        return new EsedoAttributeDirector(new AttributeBuilder(), x509Certificate, bArr, this.filesNames, date, null).make();
    }

    private static String extractSignAlgorithm(X509Certificate x509Certificate) {
        return x509Certificate.getSigAlgOID().equals(PKCSObjectIdentifiers.sha1WithRSAEncryption.getId()) ? CMSSignedDataGenerator.DIGEST_SHA1 : x509Certificate.getSigAlgOID().equals(PKCSObjectIdentifiers.sha256WithRSAEncryption.getId()) ? CMSSignedDataGenerator.DIGEST_SHA256 : x509Certificate.getSigAlgOID().equals(KNCAObjectIdentifiers.gost34311_95_with_gost34310_2004.getId()) ? CMSSignedDataGenerator.DIGEST_GOST34311_95 : CMSSignedDataGenerator.DIGEST_GOST3411_GT;
    }

    private static CertStore createCertStore(X509Certificate x509Certificate) throws Exception {
        ArrayList arrayList = new ArrayList();
        arrayList.add(x509Certificate);
        return CertStore.getInstance("Collection", new CollectionCertStoreParameters(arrayList), "KALKAN");
    }
}
