package org.ofdrw.gm.sm2strut.builder;

import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.Signature;
import java.security.cert.Certificate;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1Set;
import org.bouncycastle.asn1.ASN1UTCTime;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.DERSet;
import org.bouncycastle.asn1.cms.CMSAttributes;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.Attribute;
import org.bouncycastle.jcajce.provider.digest.SM3;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import org.ofdrw.gm.cert.CertTools;
import org.ofdrw.gm.sm2strut.ContentInfo;
import org.ofdrw.gm.sm2strut.IssuerAndSerialNumber;
import org.ofdrw.gm.sm2strut.OIDs;
import org.ofdrw.gm.sm2strut.SignedData;
import org.ofdrw.gm.sm2strut.SignerInfo;

/* loaded from: input_file:org/ofdrw/gm/sm2strut/builder/PKCS9SignedDataBuilder.class */
public final class PKCS9SignedDataBuilder {
    public static SignedData signedData(@NotNull byte[] bArr, @NotNull Signature signature, @NotNull Certificate certificate, @Nullable List<Certificate> list) throws GeneralSecurityException, IOException {
        if (bArr == null || bArr.length == 0) {
            throw new IllegalArgumentException("签名原文(plaintext)为空");
        }
        if (certificate == null) {
            throw new IllegalArgumentException("证书(signCert)为空");
        }
        if (signature == null) {
            throw new IllegalArgumentException("签名函数(signFnc)为空");
        }
        DERSet dERSet = new DERSet(new AlgorithmIdentifier(OIDs.sm3));
        ContentInfo contentInfo = new ContentInfo(OIDs.data, null);
        byte[] digest = new SM3.Digest().digest(bArr);
        int i = 1;
        int i2 = 0;
        if (list != null) {
            i = 1 + list.size();
        }
        ASN1Encodable[] aSN1EncodableArr = new ASN1Encodable[i];
        org.bouncycastle.asn1.x509.Certificate asn1 = CertTools.asn1(certificate);
        aSN1EncodableArr[0] = asn1;
        if (list != null) {
            Iterator<Certificate> it = list.iterator();
            while (it.hasNext()) {
                aSN1EncodableArr[i2] = CertTools.asn1(it.next());
                i2++;
            }
        }
        return new SignedData(dERSet, contentInfo, new DERSet(aSN1EncodableArr), new DERSet(new ASN1Encodable[]{sign(digest, signature, new IssuerAndSerialNumber(asn1.getIssuer(), asn1.getSerialNumber()))}));
    }

    public static SignerInfo sign(byte[] bArr, Signature signature, IssuerAndSerialNumber issuerAndSerialNumber) throws GeneralSecurityException {
        ASN1Set dERSet = new DERSet(new ASN1Encodable[]{new Attribute(CMSAttributes.contentType, new DERSet(OIDs.data)), new Attribute(CMSAttributes.signingTime, new DERSet(new ASN1UTCTime(new Date(), Locale.CHINA))), new Attribute(CMSAttributes.messageDigest, new DERSet(new DEROctetString(bArr)))});
        try {
            signature.update(dERSet.getEncoded());
        } catch (IOException e) {
        }
        SignerInfo signerInfo = new SignerInfo(issuerAndSerialNumber, new AlgorithmIdentifier(OIDs.sm3), new AlgorithmIdentifier(OIDs.sm2Sign), new DEROctetString(signature.sign()));
        signerInfo.setAuthenticatedAttributes(dERSet);
        return signerInfo;
    }
}
