package org.xwiki.crypto.signer.internal.cms;

import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cms.SignerId;
import org.bouncycastle.cms.SignerInformation;
import org.bouncycastle.util.CollectionStore;
import org.bouncycastle.util.Store;
import org.xwiki.component.manager.ComponentLookupException;
import org.xwiki.component.manager.ComponentManager;
import org.xwiki.crypto.pkix.CertificateFactory;
import org.xwiki.crypto.pkix.CertificateProvider;
import org.xwiki.crypto.pkix.ChainingCertificateProvider;
import org.xwiki.crypto.pkix.internal.BcStoreX509CertificateProvider;
import org.xwiki.crypto.pkix.internal.BcUtils;
import org.xwiki.crypto.pkix.params.CertifiedPublicKey;
import org.xwiki.crypto.pkix.params.x509certificate.DistinguishedName;

/* loaded from: input_file:WEB-INF/lib/xwiki-commons-crypto-pkix-7.1.2.jar:org/xwiki/crypto/signer/internal/cms/BcStoreUtils.class */
public final class BcStoreUtils {
    private BcStoreUtils() {
    }

    public static CertificateProvider getCertificateProvider(ComponentManager componentManager, Store store, CertificateProvider certificateProvider) throws GeneralSecurityException {
        CertificateProvider newCertificateProvider = newCertificateProvider(componentManager, store);
        return certificateProvider == null ? newCertificateProvider : new ChainingCertificateProvider(newCertificateProvider, certificateProvider);
    }

    public static void addCertificatesToVerifiedData(Store store, BcCMSSignedDataVerified bcCMSSignedDataVerified, CertificateFactory certificateFactory) {
        Iterator<X509CertificateHolder> it = getCertificates(store).iterator();
        while (it.hasNext()) {
            bcCMSSignedDataVerified.addCertificate(BcUtils.convertCertificate(certificateFactory, it.next()));
        }
    }

    public static CertificateProvider getCertificateProvider(ComponentManager componentManager, Collection<CertifiedPublicKey> collection) throws GeneralSecurityException {
        if (collection == null || collection.isEmpty()) {
            return null;
        }
        ArrayList arrayList = new ArrayList(collection.size());
        Iterator<CertifiedPublicKey> it = collection.iterator();
        while (it.hasNext()) {
            arrayList.add(BcUtils.getX509CertificateHolder(it.next()));
        }
        return newCertificateProvider(componentManager, new CollectionStore(arrayList));
    }

    private static CertificateProvider newCertificateProvider(ComponentManager componentManager, Store store) throws GeneralSecurityException {
        try {
            CertificateProvider certificateProvider = (CertificateProvider) componentManager.getInstance(CertificateProvider.class, "BCStoreX509");
            ((BcStoreX509CertificateProvider) certificateProvider).setStore(store);
            return certificateProvider;
        } catch (ComponentLookupException e) {
            throw new GeneralSecurityException("Unable to initialize the certificates store", e);
        }
    }

    private static Collection<X509CertificateHolder> getCertificates(Store store) {
        return store.getMatches(null);
    }

    public static CertifiedPublicKey getCertificate(CertificateProvider certificateProvider, SignerInformation signerInformation, CertificateFactory certificateFactory) {
        SignerId sid = signerInformation.getSID();
        if (certificateProvider instanceof BcStoreX509CertificateProvider) {
            X509CertificateHolder certificate = ((BcStoreX509CertificateProvider) certificateProvider).getCertificate(sid);
            if (certificate != null) {
                return BcUtils.convertCertificate(certificateFactory, certificate);
            }
            return null;
        }
        X500Name issuer = sid.getIssuer();
        BigInteger serialNumber = sid.getSerialNumber();
        byte[] subjectKeyIdentifier = sid.getSubjectKeyIdentifier();
        if (issuer != null) {
            DistinguishedName distinguishedName = new DistinguishedName(issuer);
            return subjectKeyIdentifier != null ? certificateProvider.getCertificate(distinguishedName, serialNumber, subjectKeyIdentifier) : certificateProvider.getCertificate(distinguishedName, serialNumber);
        }
        if (subjectKeyIdentifier != null) {
            return certificateProvider.getCertificate(subjectKeyIdentifier);
        }
        return null;
    }
}
