package de.governikus.signer.toolbox;

import de.bos_bremen.basecard.common.crypto.UsageRelated;
import de.bos_bremen.gov2.jca_provider.OCFPrivateKey;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collections;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.bouncycastle.cert.jcajce.JcaCertStore;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.cms.CMSSignedDataStreamGenerator;
import org.bouncycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.OperatorStreamException;
import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;

/* loaded from: input_file:de/governikus/signer/toolbox/SignBnotk.class */
public class SignBnotk extends AbstractSign {
    private final Logger log = LogManager.getLogger(getClass().getName());
    private final OCFPrivateKey key;

    /* loaded from: input_file:de/governikus/signer/toolbox/SignBnotk$SignatureOutputStream.class */
    static class SignatureOutputStream extends OutputStream {
        private Signature sig;

        SignatureOutputStream(Signature signature) {
            this.sig = signature;
        }

        @Override // java.io.OutputStream
        public void write(byte[] bArr, int i, int i2) throws IOException {
            try {
                this.sig.update(bArr, i, i2);
            } catch (SignatureException e) {
                throw new OperatorStreamException("exception in content signer: " + e.getMessage(), e);
            }
        }

        @Override // java.io.OutputStream
        public void write(byte[] bArr) throws IOException {
            try {
                this.sig.update(bArr);
            } catch (SignatureException e) {
                throw new OperatorStreamException("exception in content signer: " + e.getMessage(), e);
            }
        }

        @Override // java.io.OutputStream
        public void write(int i) throws IOException {
            try {
                this.sig.update((byte) i);
            } catch (SignatureException e) {
                throw new OperatorStreamException("exception in content signer: " + e.getMessage(), e);
            }
        }

        byte[] getSignature() throws SignatureException {
            return this.sig.sign();
        }
    }

    public SignBnotk(OCFPrivateKey oCFPrivateKey) {
        this.key = oCFPrivateKey;
        beginTransaction();
    }

    @Override // de.governikus.signer.toolbox.Sign
    public synchronized InputStream signQualifiedCAdES(InputStream inputStream) throws Exception {
        if (this.key == null) {
            throw new IllegalAccessException("key is null");
        }
        OCFPrivateKey oCFPrivateKey = this.key;
        return new FileInputStream(signCMS(inputStream, new BnotkContentSigner(oCFPrivateKey, getAlgorithm(this.key), "OCF"), getSignerCertChain(this.key)));
    }

    private String getAlgorithm(OCFPrivateKey oCFPrivateKey) {
        String algorithmName = oCFPrivateKey.getRecommendedAlgorithm(UsageRelated.Usage.SIGNATURE).getAlgorithmParameterSpec().getAlgorithmName();
        this.log.info("algorithmName: " + algorithmName);
        return algorithmName;
    }

    protected void beginTransaction() {
        if (this.key != null) {
            this.transactionStarted = this.key.getCardService().beginTransaction();
        }
    }

    protected void endTransaction() {
        if (this.key != null) {
            try {
                this.key.getCardService().endTransaction(this.transactionStarted);
            } finally {
                this.transactionStarted = false;
            }
        }
    }

    @Override // de.governikus.signer.toolbox.AbstractSign, de.governikus.signer.toolbox.Sign
    public void reset() {
        this.log.info("");
        if (this.key == null) {
            return;
        }
        endTransaction();
    }

    @Override // de.governikus.signer.toolbox.AbstractSign, de.governikus.signer.toolbox.Sign
    public void quit() {
        this.log.info("");
        endTransaction();
        dispose();
    }

    @Override // de.governikus.signer.toolbox.Sign
    public X509Certificate signingCertificate() {
        if (this.key != null) {
            return this.key.getOCFCertificatInfo().getX509Certificate();
        }
        return null;
    }

    protected Certificate[] getSignerCertChain(OCFPrivateKey oCFPrivateKey) {
        return new Certificate[]{oCFPrivateKey.getOCFCertificatInfo().getX509Certificate()};
    }

    private File signCMS(InputStream inputStream, ContentSigner contentSigner, Certificate... certificateArr) throws OperatorCreationException, CertificateEncodingException, CMSException, IOException, InvalidKeyException, NoSuchAlgorithmException, NoSuchProviderException {
        CMSSignedDataStreamGenerator cMSSignedDataStreamGenerator = new CMSSignedDataStreamGenerator();
        JcaSignerInfoGeneratorBuilder jcaSignerInfoGeneratorBuilder = new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().build());
        addSigningCertificateV2(jcaSignerInfoGeneratorBuilder, certificateArr);
        cMSSignedDataStreamGenerator.addSignerInfoGenerator(jcaSignerInfoGeneratorBuilder.build(contentSigner, (X509Certificate) certificateArr[0]));
        cMSSignedDataStreamGenerator.addCertificates(new JcaCertStore(Collections.unmodifiableList(Arrays.asList(certificateArr))));
        File createTempFile = File.createTempFile("signedFile", ".p7s");
        createTempFile.deleteOnExit();
        FileOutputStream fileOutputStream = new FileOutputStream(createTempFile);
        try {
            OutputStream open = cMSSignedDataStreamGenerator.open(fileOutputStream, false);
            try {
                Utilities.handleContent(inputStream, open);
                if (inputStream != null) {
                    inputStream.close();
                }
                open.close();
                fileOutputStream.close();
                return createTempFile;
            } finally {
            }
        } catch (Throwable th) {
            try {
                fileOutputStream.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }
}
