package net.jsign.nuget;

import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.IOException;
import java.nio.channels.SeekableByteChannel;
import java.security.MessageDigest;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Base64;
import java.util.Collections;
import java.util.List;
import net.jsign.ChannelUtils;
import net.jsign.DigestAlgorithm;
import net.jsign.Signable;
import net.jsign.SignatureUtils;
import net.jsign.zip.CentralDirectory;
import net.jsign.zip.ZipFile;
import org.apache.poi.util.IOUtils;
import org.bouncycastle.asn1.ASN1Object;
import org.bouncycastle.asn1.DERSet;
import org.bouncycastle.asn1.cms.Attribute;
import org.bouncycastle.asn1.esf.CommitmentTypeIndication;
import org.bouncycastle.asn1.ess.ESSCertIDv2;
import org.bouncycastle.asn1.ess.SigningCertificateV2;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.IssuerSerial;
import org.bouncycastle.cms.CMSProcessableByteArray;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.cms.CMSTypedData;

/* loaded from: input_file:net/jsign/nuget/NugetFile.class */
public class NugetFile extends ZipFile implements Signable {
    private static final String SIGNATURE_ENTRY = ".signature.p7s";

    public NugetFile(File file) throws IOException {
        super(file);
        verifyPackage();
    }

    public NugetFile(SeekableByteChannel seekableByteChannel) throws IOException {
        super(seekableByteChannel);
        verifyPackage();
    }

    private void verifyPackage() throws IOException {
        if (this.centralDirectory.entries.get("[Content_Types].xml") == null) {
            throw new IOException("Invalid NuGet package, [Content_Types].xml is missing");
        }
    }

    @Override // net.jsign.Signable
    public byte[] computeDigest(DigestAlgorithm digestAlgorithm) throws IOException {
        MessageDigest messageDigest = digestAlgorithm.getMessageDigest();
        long j = this.centralDirectory.centralDirectoryOffset;
        if (this.centralDirectory.entries.containsKey(SIGNATURE_ENTRY)) {
            j = this.centralDirectory.entries.get(SIGNATURE_ENTRY).getLocalHeaderOffset();
        }
        ChannelUtils.updateDigest(this.channel, messageDigest, 0L, j);
        messageDigest.update(getUnsignedCentralDirectory());
        return String.format("Version:1\n\n%s-Hash:%s\n\n", digestAlgorithm.oid, Base64.getEncoder().encodeToString(messageDigest.digest())).getBytes();
    }

    private byte[] getUnsignedCentralDirectory() throws IOException {
        CentralDirectory centralDirectory = new CentralDirectory();
        centralDirectory.read(this.channel);
        centralDirectory.removeEntry(SIGNATURE_ENTRY);
        return centralDirectory.toBytes();
    }

    @Override // net.jsign.Signable
    public CMSTypedData createSignedContent(DigestAlgorithm digestAlgorithm) throws IOException {
        return new CMSProcessableByteArray(PKCSObjectIdentifiers.data, computeDigest(digestAlgorithm));
    }

    @Override // net.jsign.Signable
    public ASN1Object createIndirectData(DigestAlgorithm digestAlgorithm) {
        throw new UnsupportedOperationException();
    }

    @Override // net.jsign.Signable
    public List<Attribute> createSignedAttributes(X509Certificate x509Certificate) throws CertificateEncodingException {
        ArrayList arrayList = new ArrayList();
        arrayList.add(new Attribute(PKCSObjectIdentifiers.id_aa_ets_commitmentType, new DERSet(new CommitmentTypeIndication(PKCSObjectIdentifiers.id_cti_ets_proofOfOrigin))));
        arrayList.add(new Attribute(PKCSObjectIdentifiers.id_aa_signingCertificateV2, new DERSet(new SigningCertificateV2(new ESSCertIDv2(DigestAlgorithm.SHA256.getMessageDigest().digest(x509Certificate.getEncoded()), new IssuerSerial(X500Name.getInstance(x509Certificate.getIssuerX500Principal().getEncoded()), x509Certificate.getSerialNumber()))))));
        return arrayList;
    }

    @Override // net.jsign.Signable
    public List<CMSSignedData> getSignatures() throws IOException {
        return this.centralDirectory.entries.containsKey(SIGNATURE_ENTRY) ? SignatureUtils.getSignatures(IOUtils.toByteArray(getInputStream(SIGNATURE_ENTRY, 1048576))) : Collections.emptyList();
    }

    @Override // net.jsign.Signable
    public void setSignature(CMSSignedData cMSSignedData) throws IOException {
        if (this.centralDirectory.entries.containsKey(SIGNATURE_ENTRY)) {
            removeEntry(SIGNATURE_ENTRY);
        }
        if (cMSSignedData != null) {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            cMSSignedData.toASN1Structure().encodeTo(byteArrayOutputStream, "DER");
            addEntry(SIGNATURE_ENTRY, byteArrayOutputStream.toByteArray(), false);
        }
    }

    @Override // net.jsign.Signable
    public void save() throws IOException {
    }
}
