package br.jus.csjt.assinadorjt.assinatura;

import br.jus.csjt.assinadorjt.exception.AssinadorException;
import br.jus.csjt.assinadorjt.pojo.Certificado;
import java.io.ByteArrayOutputStream;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Date;
import sun.security.pkcs.ContentInfo;
import sun.security.pkcs.PKCS7;
import sun.security.pkcs.PKCS9Attribute;
import sun.security.pkcs.PKCS9Attributes;
import sun.security.pkcs.SignerInfo;
import sun.security.util.DerValue;
import sun.security.x509.AlgorithmId;
import sun.security.x509.X500Name;

/* loaded from: input_file:br/jus/csjt/assinadorjt/assinatura/AssinaturaP7S.class */
public class AssinaturaP7S implements Assinatura {
    private static final String ALGORITMO_DIGEST = "SHA1";

    @Override // br.jus.csjt.assinadorjt.assinatura.Assinatura
    public byte[] assinar(byte[] bArr, AlgoritmoAssinatura algoritmoAssinatura, Certificado certificado) throws AssinadorException {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance(ALGORITMO_DIGEST);
            messageDigest.update(bArr);
            PKCS9Attributes pKCS9Attributes = new PKCS9Attributes(new PKCS9Attribute[]{new PKCS9Attribute(PKCS9Attribute.CONTENT_TYPE_OID, ContentInfo.DATA_OID), new PKCS9Attribute(PKCS9Attribute.SIGNING_TIME_OID, new Date()), new PKCS9Attribute(PKCS9Attribute.MESSAGE_DIGEST_OID, messageDigest.digest())});
            Signature signature = Signature.getInstance(algoritmoAssinatura.getNome());
            signature.initSign(certificado.getChaveSecreta());
            signature.update(pKCS9Attributes.getDerEncoding());
            byte[] sign = signature.sign();
            Certificate[] cadeiaCertificados = certificado.getCadeiaCertificados();
            X509Certificate x509Certificate = cadeiaCertificados[0] instanceof X509Certificate ? (X509Certificate) cadeiaCertificados[0] : (X509Certificate) cadeiaCertificados[cadeiaCertificados.length - 1];
            AlgorithmId algorithmId = AlgorithmId.get(ALGORITMO_DIGEST);
            PKCS7 pkcs7 = new PKCS7(new AlgorithmId[]{algorithmId}, new ContentInfo(ContentInfo.DATA_OID, new DerValue((byte) 4, bArr)), new X509Certificate[]{x509Certificate}, new SignerInfo[]{new SignerInfo(new X500Name(x509Certificate.getIssuerDN().getName()), x509Certificate.getSerialNumber(), algorithmId, pKCS9Attributes, new AlgorithmId(AlgorithmId.RSAEncryption_oid), sign, (PKCS9Attributes) null)});
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            pkcs7.encodeSignedData(byteArrayOutputStream);
            byteArrayOutputStream.close();
            return byteArrayOutputStream.toByteArray();
        } catch (SecurityException e) {
            throw new AssinadorException("Falha de violação de segurança: " + e.getMessage(), e);
        } catch (InvalidKeyException e2) {
            throw new AssinadorException("Chave secreta inválida", e2);
        } catch (NoSuchAlgorithmException e3) {
            throw new AssinadorException("Algoritmo não encontrado", e3);
        } catch (SignatureException e4) {
            throw new AssinadorException("Falha ao assinar", e4);
        } catch (Exception e5) {
            throw new AssinadorException("Falha ao gerar conteúdo P7S: " + e5.getMessage(), e5);
        }
    }
}
