package de.governikus.signer.toolbox;

import java.io.IOException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.Collections;
import org.bouncycastle.cert.jcajce.JcaCertStore;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.cms.CMSProcessableByteArray;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.cms.CMSSignedDataGenerator;
import org.bouncycastle.cms.SignerInformation;
import org.bouncycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder;
import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;

/* loaded from: input_file:de/governikus/signer/toolbox/Pkcs7Tool.class */
public class Pkcs7Tool {
    private final byte[] data;
    private final X509Certificate certificate;
    private final ContentSigner contentSigner;

    public Pkcs7Tool(byte[] bArr, X509Certificate x509Certificate, ContentSigner contentSigner) {
        this.data = bArr;
        this.certificate = x509Certificate;
        this.contentSigner = contentSigner;
    }

    public byte[] createPkcs7() {
        try {
            CMSSignedDataGenerator cMSSignedDataGenerator = new CMSSignedDataGenerator();
            JcaSignerInfoGeneratorBuilder jcaSignerInfoGeneratorBuilder = new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().build());
            AbstractSign.addSigningCertificateV2(jcaSignerInfoGeneratorBuilder, new X509Certificate[]{this.certificate});
            cMSSignedDataGenerator.addSignerInfoGenerator(jcaSignerInfoGeneratorBuilder.build(this.contentSigner, this.certificate));
            cMSSignedDataGenerator.addCertificates(new JcaCertStore(Collections.singletonList(this.certificate)));
            return cMSSignedDataGenerator.generate(new CMSProcessableByteArray(this.data)).getEncoded();
        } catch (OperatorCreationException | CertificateEncodingException | CMSException | IOException e) {
            throw new RuntimeException("failed to create bouncycastle pkcs7", e);
        }
    }

    public boolean verifyPkcs7(byte[] bArr) {
        try {
            return ((SignerInformation) new CMSSignedData(new CMSProcessableByteArray(this.data), bArr).getSignerInfos().getSigners().iterator().next()).verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(this.certificate.getPublicKey()));
        } catch (CMSException | OperatorCreationException e) {
            throw new RuntimeException("failed to verify with bouncy castle", e);
        }
    }
}
