package net.jsign;

import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.net.HttpURLConnection;
import java.net.URL;
import java.nio.ByteBuffer;
import java.nio.ByteOrder;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import net.jsign.asn1.authenticode.AuthenticodeObjectIdentifiers;
import net.jsign.asn1.authenticode.AuthenticodeSignedDataGenerator;
import net.jsign.asn1.authenticode.AuthenticodeTimeStampRequest;
import net.jsign.asn1.authenticode.SpcIndirectDataContent;
import net.jsign.asn1.authenticode.SpcSpOpusInfo;
import net.jsign.asn1.authenticode.SpcStatementType;
import net.jsign.pe.DataDirectoryType;
import net.jsign.pe.PEFile;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.ASN1Set;
import org.bouncycastle.asn1.DERNull;
import org.bouncycastle.asn1.DERSet;
import org.bouncycastle.asn1.cms.Attribute;
import org.bouncycastle.asn1.cms.AttributeTable;
import org.bouncycastle.asn1.cms.CMSAttributes;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.DigestInfo;
import org.bouncycastle.asn1.x509.X509ObjectIdentifiers;
import org.bouncycastle.cert.jcajce.JcaCertStore;
import org.bouncycastle.cert.jcajce.JcaX509CertificateHolder;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.cms.DefaultAuthenticatedAttributeTableGenerator;
import org.bouncycastle.cms.SignerInfoGenerator;
import org.bouncycastle.cms.SignerInfoGeneratorBuilder;
import org.bouncycastle.cms.SignerInformation;
import org.bouncycastle.cms.SignerInformationStore;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.DigestCalculatorProvider;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;
import org.bouncycastle.util.CollectionStore;
import org.bouncycastle.util.encoders.Base64;

/* loaded from: input_file:net/jsign/PESigner.class */
public class PESigner {
    private Certificate[] chain;
    private PrivateKey privateKey;
    private String programName;
    private String programURL;
    private boolean timestamping;
    private String tsaurl;

    public PESigner(Certificate[] certificateArr, PrivateKey privateKey) {
        this.timestamping = true;
        this.tsaurl = "http://timestamp.comodoca.com/authenticode";
        this.chain = certificateArr;
        this.privateKey = privateKey;
    }

    public PESigner(KeyStore keyStore, String str, String str2) throws NoSuchAlgorithmException, KeyStoreException, UnrecoverableKeyException {
        this(keyStore.getCertificateChain(str), (PrivateKey) keyStore.getKey(str, str2.toCharArray()));
    }

    public PESigner withProgramName(String str) {
        this.programName = str;
        return this;
    }

    public PESigner withProgramURL(String str) {
        this.programURL = str;
        return this;
    }

    public PESigner withTimestamping(boolean z) {
        this.timestamping = z;
        return this;
    }

    public PESigner withTimestampingAutority(String str) {
        this.tsaurl = str;
        return this;
    }

    public void sign(PEFile pEFile) throws Exception {
        pEFile.pad(8);
        pEFile.writeDataDirectory(DataDirectoryType.CERTIFICATE_TABLE, createCertificateTable(pEFile));
        pEFile.close();
    }

    private byte[] createCertificateTable(PEFile pEFile) throws IOException, CMSException, OperatorCreationException, CertificateEncodingException {
        CMSSignedData createSignature = createSignature(pEFile);
        if (this.timestamping) {
            createSignature = timestamp(createSignature);
        }
        byte[] pad = pad(createSignature.toASN1Structure().getEncoded("DER"), 8);
        ByteBuffer allocate = ByteBuffer.allocate(pad.length + 8);
        allocate.order(ByteOrder.LITTLE_ENDIAN);
        allocate.putInt(allocate.limit());
        allocate.putShort((short) 512);
        allocate.putShort((short) 2);
        allocate.put(pad);
        return allocate.array();
    }

    private byte[] pad(byte[] bArr, int i) {
        if (bArr.length % i == 0) {
            return bArr;
        }
        byte[] bArr2 = new byte[bArr.length + (i - (bArr.length % i))];
        System.arraycopy(bArr, 0, bArr2, 0, bArr.length);
        return bArr2;
    }

    private CMSSignedData createSignature(PEFile pEFile) throws IOException, CMSException, OperatorCreationException, CertificateEncodingException {
        SpcIndirectDataContent spcIndirectDataContent = new SpcIndirectDataContent(new DigestInfo(new AlgorithmIdentifier(X509ObjectIdentifiers.id_SHA1, (ASN1Encodable) DERNull.INSTANCE), pEFile.computeDigest("SHA1")));
        ContentSigner build = new JcaContentSignerBuilder("SHA1with" + this.privateKey.getAlgorithm()).build(this.privateKey);
        DigestCalculatorProvider build2 = new JcaDigestCalculatorProviderBuilder().build();
        DefaultAuthenticatedAttributeTableGenerator defaultAuthenticatedAttributeTableGenerator = new DefaultAuthenticatedAttributeTableGenerator(createAuthenticatedAttributes());
        JcaX509CertificateHolder jcaX509CertificateHolder = new JcaX509CertificateHolder((X509Certificate) this.chain[0]);
        SignerInfoGeneratorBuilder signerInfoGeneratorBuilder = new SignerInfoGeneratorBuilder(build2);
        signerInfoGeneratorBuilder.setSignedAttributeGenerator(defaultAuthenticatedAttributeTableGenerator);
        SignerInfoGenerator build3 = signerInfoGeneratorBuilder.build(build, jcaX509CertificateHolder);
        AuthenticodeSignedDataGenerator authenticodeSignedDataGenerator = new AuthenticodeSignedDataGenerator();
        authenticodeSignedDataGenerator.addCertificates(new JcaCertStore(removeRoot(this.chain)));
        authenticodeSignedDataGenerator.addSignerInfoGenerator(build3);
        return authenticodeSignedDataGenerator.generate(AuthenticodeObjectIdentifiers.SPC_INDIRECT_DATA_OBJID, spcIndirectDataContent);
    }

    private List<Certificate> removeRoot(Certificate[] certificateArr) {
        ArrayList arrayList = new ArrayList();
        if (certificateArr.length == 1) {
            arrayList.add(certificateArr[0]);
        } else {
            for (Certificate certificate : certificateArr) {
                if (!isSelfSigned((X509Certificate) certificate)) {
                    arrayList.add(certificate);
                }
            }
        }
        return arrayList;
    }

    private boolean isSelfSigned(X509Certificate x509Certificate) {
        return x509Certificate.getSubjectDN().equals(x509Certificate.getIssuerDN());
    }

    private AttributeTable createAuthenticatedAttributes() {
        ArrayList arrayList = new ArrayList();
        arrayList.add(new Attribute(AuthenticodeObjectIdentifiers.SPC_STATEMENT_TYPE_OBJID, (ASN1Set) new DERSet(new SpcStatementType(AuthenticodeObjectIdentifiers.SPC_INDIVIDUAL_SP_KEY_PURPOSE_OBJID))));
        if (this.programName != null || this.programURL != null) {
            arrayList.add(new Attribute(AuthenticodeObjectIdentifiers.SPC_SP_OPUS_INFO_OBJID, (ASN1Set) new DERSet(new SpcSpOpusInfo(this.programName, this.programURL))));
        }
        return new AttributeTable(new DERSet((ASN1Encodable[]) arrayList.toArray(new ASN1Encodable[arrayList.size()])));
    }

    private CMSSignedData timestamp(CMSSignedData cMSSignedData) throws IOException, CMSException {
        SignerInformation signerInformation = (SignerInformation) cMSSignedData.getSignerInfos().getSigners().iterator().next();
        CMSSignedData timestamp = timestamp(signerInformation.toASN1Structure().getEncryptedDigest().getOctets(), new URL(this.tsaurl));
        SignerInformation replaceUnsignedAttributes = SignerInformation.replaceUnsignedAttributes(signerInformation, new AttributeTable(new DERSet(new Attribute(CMSAttributes.counterSignature, (ASN1Set) new DERSet(((SignerInformation) timestamp.getSignerInfos().getSigners().iterator().next()).toASN1Structure())))));
        ArrayList arrayList = new ArrayList();
        arrayList.addAll(cMSSignedData.getCertificates().getMatches(null));
        arrayList.addAll(timestamp.getCertificates().getMatches(null));
        CollectionStore collectionStore = new CollectionStore(arrayList);
        AuthenticodeSignedDataGenerator authenticodeSignedDataGenerator = new AuthenticodeSignedDataGenerator();
        authenticodeSignedDataGenerator.addCertificates(collectionStore);
        authenticodeSignedDataGenerator.addSigners(new SignerInformationStore(Arrays.asList(replaceUnsignedAttributes)));
        return authenticodeSignedDataGenerator.generate(new ASN1ObjectIdentifier(cMSSignedData.getSignedContentTypeOID()), ASN1Sequence.getInstance(cMSSignedData.getSignedContent().getContent()));
    }

    private CMSSignedData timestamp(byte[] bArr, URL url) throws IOException, CMSException {
        byte[] encode = Base64.encode(new AuthenticodeTimeStampRequest(bArr).getEncoded("DER"));
        HttpURLConnection httpURLConnection = (HttpURLConnection) url.openConnection();
        httpURLConnection.setConnectTimeout(10000);
        httpURLConnection.setReadTimeout(10000);
        httpURLConnection.setDoOutput(true);
        httpURLConnection.setDoInput(true);
        httpURLConnection.setUseCaches(false);
        httpURLConnection.setRequestMethod("POST");
        httpURLConnection.setRequestProperty("Content-type", "application/octet-stream");
        httpURLConnection.setRequestProperty("Content-length", String.valueOf(encode.length));
        httpURLConnection.setRequestProperty("Accept", "application/octet-stream");
        httpURLConnection.setRequestProperty("User-Agent", "Transport");
        httpURLConnection.getOutputStream().write(encode);
        httpURLConnection.getOutputStream().flush();
        if (httpURLConnection.getResponseCode() >= 400) {
            throw new IOException("Unable to complete the timestamping due to HTTP error: " + httpURLConnection.getResponseCode() + " - " + httpURLConnection.getResponseMessage());
        }
        InputStream inputStream = httpURLConnection.getInputStream();
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        byte[] bArr2 = new byte[4096];
        while (true) {
            int read = inputStream.read(bArr2);
            if (read == -1) {
                return new CMSSignedData(Base64.decode(byteArrayOutputStream.toByteArray()));
            }
            byteArrayOutputStream.write(bArr2, 0, read);
        }
    }
}
