package org.apache.camel.component.crypto.cms.sig;

import java.io.InputStream;
import java.io.OutputStream;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import org.apache.camel.Exchange;
import org.apache.camel.Message;
import org.apache.camel.component.crypto.cms.common.CryptoCmsConstants;
import org.apache.camel.component.crypto.cms.common.CryptoCmsMarshallerAbstract;
import org.apache.camel.component.crypto.cms.exception.CryptoCmsException;
import org.apache.camel.component.crypto.cms.exception.CryptoCmsInvalidKeyException;
import org.apache.camel.util.IOHelper;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cms.CMSSignedDataStreamGenerator;
import org.bouncycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/camel/component/crypto/cms/sig/SignedDataCreator.class */
public class SignedDataCreator extends CryptoCmsMarshallerAbstract {
    private static final Logger LOG = LoggerFactory.getLogger(SignedDataCreator.class);
    private SignedDataCreatorConfiguration config;

    public SignedDataCreator(SignedDataCreatorConfiguration signedDataCreatorConfiguration) {
        super(signedDataCreatorConfiguration);
        this.config = signedDataCreatorConfiguration;
    }

    @Override // org.apache.camel.component.crypto.cms.common.CryptoCmsMarshallerAbstract
    protected void setBodyAndHeader(Message message, Object obj) {
        if (Boolean.TRUE.equals(this.config.getIncludeContent())) {
            message.setBody(obj);
        } else {
            message.setHeader(CryptoCmsConstants.CAMEL_CRYPTO_CMS_SIGNED_DATA, obj);
        }
    }

    @Override // org.apache.camel.component.crypto.cms.common.CryptoCmsMarshallerAbstract
    protected void marshalInternal(InputStream inputStream, OutputStream outputStream, Exchange exchange) throws Exception {
        CMSSignedDataStreamGenerator cMSSignedDataStreamGenerator = new CMSSignedDataStreamGenerator();
        if (this.config.getSignerList().isEmpty()) {
            throw new CryptoCmsException("No signer information configured");
        }
        for (SignerInfo signerInfo : this.config.getSignerList()) {
            LOG.debug("Signer info: {}", signerInfo);
            X509Certificate certificate = signerInfo.getCertificate(exchange);
            if (certificate == null) {
                throw new CryptoCmsException("Certificate missing in the singer information " + signerInfo);
            }
            PrivateKey privateKey = signerInfo.getPrivateKey(exchange);
            if (privateKey == null) {
                throw new CryptoCmsException("Private key missing in the singer information " + signerInfo);
            }
            try {
                ContentSigner build = new JcaContentSignerBuilder(signerInfo.getSignatureAlgorithm(exchange)).setProvider("BC").build(privateKey);
                JcaSignerInfoGeneratorBuilder jcaSignerInfoGeneratorBuilder = new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().setProvider("BC").build());
                jcaSignerInfoGeneratorBuilder.setSignedAttributeGenerator(signerInfo.getSignedAttributeGenerator(exchange)).setUnsignedAttributeGenerator(signerInfo.getUnsignedAttributeGenerator(exchange));
                cMSSignedDataStreamGenerator.addSignerInfoGenerator(jcaSignerInfoGeneratorBuilder.build(build, certificate));
                ArrayList arrayList = new ArrayList();
                for (Certificate certificate2 : signerInfo.getCertificateChain(exchange)) {
                    if (!arrayList.contains(certificate2)) {
                        arrayList.add(certificate2);
                        cMSSignedDataStreamGenerator.addCertificate(new X509CertificateHolder(certificate2.getEncoded()));
                        LOG.debug("Certificate added to Signed Data certificate list: {}", certificate2);
                    }
                }
            } catch (OperatorCreationException e) {
                throw new CryptoCmsInvalidKeyException("The private key of the signer information  '" + signerInfo + "' does not fit to the specified signature algorithm '" + signerInfo.getSignatureAlgorithm(exchange) + "': " + e.getMessage(), e);
            }
        }
        OutputStream open = cMSSignedDataStreamGenerator.open(outputStream, this.config.getIncludeContent().booleanValue());
        try {
            IOHelper.copyAndCloseInput(inputStream, open);
            IOHelper.close(open);
            LOG.debug("CMS Signed Data generation successful");
        } catch (Throwable th) {
            IOHelper.close(open);
            throw th;
        }
    }
}
