package de.trustable.cmp.client.cmpClient;

import de.trustable.cmp.client.ProtectedMessageHandler;
import java.security.GeneralSecurityException;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.cert.cmp.CMPException;
import org.bouncycastle.cert.cmp.ProtectedPKIMessage;
import org.bouncycastle.cert.cmp.ProtectedPKIMessageBuilder;
import org.bouncycastle.cert.crmf.CRMFException;
import org.bouncycastle.cert.crmf.PKMACBuilder;
import org.bouncycastle.cert.crmf.jcajce.JcePKMACValuesCalculator;
import org.bouncycastle.operator.MacCalculator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:de/trustable/cmp/client/cmpClient/DigestSigner.class */
public class DigestSigner implements ProtectedMessageHandler {
    private static final Logger LOGGER = LoggerFactory.getLogger(DigestSigner.class);
    private final char[] hmacSecret;
    private final boolean ignoreFailedVerification;

    public DigestSigner(String str) {
        this(str, false);
    }

    public DigestSigner(String str, boolean z) {
        this.hmacSecret = str.toCharArray();
        this.ignoreFailedVerification = z;
    }

    @Override // de.trustable.cmp.client.ProtectedMessageHandler
    public ProtectedPKIMessage signMessage(ProtectedPKIMessageBuilder protectedPKIMessageBuilder) throws GeneralSecurityException {
        LOGGER.debug("in DigestSigner.signMessage ...");
        try {
            return protectedPKIMessageBuilder.build(getMacCalculator(this.hmacSecret));
        } catch (CRMFException | CMPException e) {
            throw new GeneralSecurityException((Throwable) e);
        }
    }

    @Override // de.trustable.cmp.client.ProtectedMessageHandler
    public boolean verifyMessage(ProtectedPKIMessage protectedPKIMessage) throws GeneralSecurityException {
        LOGGER.debug("in DigestSigner.verifyMessage ...");
        if (!protectedPKIMessage.hasPasswordBasedMacProtection()) {
            if (!this.ignoreFailedVerification) {
                throw new GeneralSecurityException("HMAC secret present, but server did NOT use MacProtection!");
            }
            LOGGER.info("HMAC secret present, but server did NOT use MacProtection!");
        }
        try {
            return protectedPKIMessage.verify(getMacCalculatorBuilder(), this.hmacSecret);
        } catch (CMPException | CRMFException e) {
            if (!this.ignoreFailedVerification) {
                throw new GeneralSecurityException((Throwable) e);
            }
            LOGGER.info("HMAC verification failed, but ignoring it!", e);
            return true;
        }
    }

    @Override // de.trustable.cmp.client.ProtectedMessageHandler
    public X500Name getSender(X500Name x500Name) {
        return x500Name;
    }

    @Override // de.trustable.cmp.client.ProtectedMessageHandler
    public void addCertificate(ProtectedPKIMessageBuilder protectedPKIMessageBuilder) {
    }

    public static MacCalculator getMacCalculator(char[] cArr) throws CRMFException {
        return getMacCalculatorBuilder().build(cArr);
    }

    public static PKMACBuilder getMacCalculatorBuilder() throws CRMFException {
        JcePKMACValuesCalculator jcePKMACValuesCalculator = new JcePKMACValuesCalculator();
        jcePKMACValuesCalculator.setup(new AlgorithmIdentifier(new ASN1ObjectIdentifier("1.3.14.3.2.26")), new AlgorithmIdentifier(new ASN1ObjectIdentifier("1.2.840.113549.2.7")));
        return new PKMACBuilder(jcePKMACValuesCalculator);
    }
}
