package eu.europa.esig.dss.test.mock;

import eu.europa.esig.dss.DSSException;
import eu.europa.esig.dss.DSSRevocationUtils;
import eu.europa.esig.dss.DigestAlgorithm;
import eu.europa.esig.dss.x509.CertificateToken;
import eu.europa.esig.dss.x509.tsp.TSPSource;
import java.math.BigInteger;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.cert.CertificateEncodingException;
import java.util.Date;
import java.util.HashSet;
import java.util.Hashtable;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.cms.AttributeTable;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.x509.Time;
import org.bouncycastle.cert.jcajce.JcaCertStore;
import org.bouncycastle.cert.jcajce.JcaX509CertificateHolder;
import org.bouncycastle.cms.DefaultSignedAttributeTableGenerator;
import org.bouncycastle.cms.SignerInfoGeneratorBuilder;
import org.bouncycastle.cms.SimpleAttributeTableGenerator;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.bc.BcDigestCalculatorProvider;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.tsp.TSPAlgorithms;
import org.bouncycastle.tsp.TSPException;
import org.bouncycastle.tsp.TimeStampRequest;
import org.bouncycastle.tsp.TimeStampRequestGenerator;
import org.bouncycastle.tsp.TimeStampResponseGenerator;
import org.bouncycastle.tsp.TimeStampToken;
import org.bouncycastle.tsp.TimeStampTokenGenerator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:eu/europa/esig/dss/test/mock/MockTSPSource.class */
public class MockTSPSource implements TSPSource {
    private static final long serialVersionUID = 9003417203772249074L;
    private static final Logger LOG = LoggerFactory.getLogger(MockTSPSource.class);
    private ASN1ObjectIdentifier policyOid;
    private final PrivateKey key;
    private final CertificateToken cert;
    private boolean useNonce;
    private SecureRandom random;

    public MockTSPSource(PrivateKey privateKey, CertificateToken certificateToken, boolean z, byte[] bArr, String str) {
        this.key = privateKey;
        this.cert = certificateToken;
        this.useNonce = z;
        if (z) {
            if (bArr != null) {
                this.random = new SecureRandom(bArr);
            } else {
                this.random = new SecureRandom();
            }
        }
        this.policyOid = new ASN1ObjectIdentifier(str);
    }

    public MockTSPSource(MockPrivateKeyEntry mockPrivateKeyEntry) throws DSSException {
        this(mockPrivateKeyEntry.getPrivateKey(), mockPrivateKeyEntry.getCertificate(), true, null, "1.234.567.890");
        LOG.debug("TSP mockup with certificate {}", this.cert.getDSSIdAsString());
    }

    public TimeStampToken getTimeStampResponse(DigestAlgorithm digestAlgorithm, byte[] bArr) throws DSSException {
        TimeStampRequest generate;
        String signatureAlgorithm = getSignatureAlgorithm(digestAlgorithm, bArr);
        TimeStampRequestGenerator timeStampRequestGenerator = new TimeStampRequestGenerator();
        timeStampRequestGenerator.setCertReq(true);
        Date date = new Date();
        if (this.policyOid != null) {
            timeStampRequestGenerator.setReqPolicy(this.policyOid);
        }
        if (this.useNonce) {
            generate = timeStampRequestGenerator.generate(new ASN1ObjectIdentifier(digestAlgorithm.getOid()), bArr, BigInteger.valueOf(this.random.nextLong()));
        } else {
            generate = timeStampRequestGenerator.generate(new ASN1ObjectIdentifier(digestAlgorithm.getOid()), bArr);
        }
        try {
            ContentSigner build = new JcaContentSignerBuilder(signatureAlgorithm).build(this.key);
            JcaX509CertificateHolder jcaX509CertificateHolder = new JcaX509CertificateHolder(this.cert.getCertificate());
            DefaultSignedAttributeTableGenerator defaultSignedAttributeTableGenerator = new DefaultSignedAttributeTableGenerator(new AttributeTable(new Hashtable()).add(PKCSObjectIdentifiers.pkcs_9_at_signingTime, new Time(date)));
            SimpleAttributeTableGenerator simpleAttributeTableGenerator = new SimpleAttributeTableGenerator(new AttributeTable(new Hashtable()));
            SignerInfoGeneratorBuilder signerInfoGeneratorBuilder = new SignerInfoGeneratorBuilder(new BcDigestCalculatorProvider());
            signerInfoGeneratorBuilder.setSignedAttributeGenerator(defaultSignedAttributeTableGenerator);
            signerInfoGeneratorBuilder.setUnsignedAttributeGenerator(simpleAttributeTableGenerator);
            TimeStampTokenGenerator timeStampTokenGenerator = new TimeStampTokenGenerator(signerInfoGeneratorBuilder.build(build, jcaX509CertificateHolder), DSSRevocationUtils.getSHA1DigestCalculator(), this.policyOid);
            HashSet hashSet = new HashSet();
            hashSet.add(this.cert.getCertificate());
            timeStampTokenGenerator.addCertificates(new JcaCertStore(hashSet));
            return new TimeStampResponseGenerator(timeStampTokenGenerator, TSPAlgorithms.ALLOWED).generate(generate, BigInteger.ONE, new Date()).getTimeStampToken();
        } catch (CertificateEncodingException e) {
            throw new DSSException(e);
        } catch (TSPException e2) {
            throw new DSSException(e2);
        } catch (OperatorCreationException e3) {
            throw new DSSException(e3);
        }
    }

    private String getSignatureAlgorithm(DigestAlgorithm digestAlgorithm, byte[] bArr) {
        String str;
        if (DigestAlgorithm.SHA1.equals(digestAlgorithm)) {
            str = "SHA1withRSA";
            if (bArr.length != 20) {
                throw new IllegalArgumentException("Not valid size for a SHA1 digest : " + bArr.length + " bytes");
            }
        } else {
            if (!DigestAlgorithm.SHA256.equals(digestAlgorithm)) {
                throw new UnsupportedOperationException("No support for " + digestAlgorithm);
            }
            str = "SHA256withRSA";
            if (bArr.length != 32) {
                throw new IllegalArgumentException("Not valid size for a SHA256 digest : " + bArr.length + " bytes");
            }
        }
        return str;
    }

    static {
        Security.addProvider(new BouncyCastleProvider());
    }
}
