package oracle.security.digsig;

import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Calendar;
import java.util.Properties;
import java.util.Vector;
import oracle.security.crypto.asn1.ASN1Date;
import oracle.security.crypto.asn1.ASN1OctetString;
import oracle.security.crypto.cert.AttributeSet;
import oracle.security.crypto.cms.CMS;
import oracle.security.crypto.cms.CMSDataContentInfo;
import oracle.security.crypto.cms.CMSSignedDataContentInfo;
import oracle.security.crypto.cms.CMSSignerInfo;
import oracle.security.crypto.cms.CMSUtils;
import oracle.security.crypto.util.Utils;

/* loaded from: input_file:oracle/security/digsig/PKCS7Signer.class */
public class PKCS7Signer extends Signer {
    /* JADX INFO: Access modifiers changed from: package-private */
    public PKCS7Signer(KeyStoreWrapper keyStoreWrapper, CertificateMapper certificateMapper, Properties properties) throws DigitalSignatureException {
        super(keyStoreWrapper, certificateMapper, properties);
        this.signerFormat = 2;
    }

    @Override // oracle.security.digsig.Signer
    public void finish() throws DigitalSignatureException {
        try {
            super.finish();
            CMSSignedDataContentInfo cMSSignedDataContentInfo = !this.isAttached ? new CMSSignedDataContentInfo(new CMSDataContentInfo()) : new CMSSignedDataContentInfo(new CMSDataContentInfo(this.signerDocument.toByteArray()));
            AttributeSet attributeSet = new AttributeSet();
            attributeSet.addAttribute(CMS.id_signingTime, new ASN1Date(Calendar.getInstance().getTime()));
            attributeSet.addAttribute(CMS.id_messageDigest, new ASN1OctetString(this.signerDigestBits));
            attributeSet.addAttribute(CMS.id_contentType, CMS.id_data);
            try {
                if (this.signerPrivateKey.getAlgorithm().compareToIgnoreCase("RSA") != 0 && this.signerPrivateKey.getAlgorithm().compareToIgnoreCase("DSA") != 0) {
                    throw new DigitalSignatureException("Invalid private key");
                }
                Signature signature = Signature.getInstance(CMSUtils.getAlgoName(this.signerAlgorithm, true));
                signature.initSign(this.signerPrivateKey);
                signature.update(Utils.toBytes(attributeSet));
                byte[] sign = signature.sign();
                Vector vector = new Vector();
                Certificate[] certificateChain = this.signerKeyStore.getCertificateChain(this.signerAlias);
                X509Certificate[] x509CertificateArr = new X509Certificate[certificateChain.length];
                for (int i = 0; i < certificateChain.length; i++) {
                    x509CertificateArr[i] = (X509Certificate) certificateChain[i];
                    vector.add(i, x509CertificateArr[i]);
                }
                try {
                    cMSSignedDataContentInfo.addSignerInfo(x509CertificateArr[0], new CMSSignerInfo(x509CertificateArr[0], this.signerDigestAlgorithm, this.signerPKIAlgorithm, attributeSet, (AttributeSet) null, sign));
                    cMSSignedDataContentInfo.addCertificates(vector);
                    ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                    cMSSignedDataContentInfo.output(byteArrayOutputStream);
                    this.signerSignature.append(Utils.toBase64(byteArrayOutputStream.toByteArray()));
                } catch (NoSuchAlgorithmException e) {
                    throw new DigitalSignatureException("No Such Algorithm");
                }
            } catch (InvalidKeyException e2) {
                throw new DigitalSignatureException("Invalid private key.", e2);
            } catch (NoSuchAlgorithmException e3) {
                throw new DigitalSignatureException("Signature algorithm is not supported.", e3);
            }
        } catch (IOException e4) {
            throw new DigitalSignatureException(e4.toString());
        } catch (KeyStoreException e5) {
            throw new DigitalSignatureException(e5.toString());
        } catch (SignatureException e6) {
            throw new DigitalSignatureException(e6.toString());
        } catch (CertificateException e7) {
            throw new DigitalSignatureException(e7.toString());
        }
    }
}
