package bo.gob.adsib.fido_android;

import bo.gob.adsib.fido_android.Util.Token;
import com.itextpdf.text.pdf.PdfDictionary;
import com.itextpdf.text.pdf.security.BouncyCastleDigest;
import com.itextpdf.text.pdf.security.DigestAlgorithms;
import com.itextpdf.text.pdf.security.ExternalSignatureContainer;
import com.itextpdf.text.pdf.security.MakeSignature;
import com.itextpdf.text.pdf.security.PdfPKCS7;
import com.itextpdf.text.pdf.security.SecurityConstants;
import com.itextpdf.text.pdf.security.TSAClientBouncyCastle;
import java.io.IOException;
import java.io.InputStream;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.Signature;

/* loaded from: classes.dex */
public class ExternalSignatureMovil implements ExternalSignatureContainer {
    private String pass;

    public ExternalSignatureMovil(String str) {
        this.pass = str;
    }

    @Override // com.itextpdf.text.pdf.security.ExternalSignatureContainer
    public void modifySigningDictionary(PdfDictionary pdfDictionary) {
        throw new UnsupportedOperationException("Not supported yet.");
    }

    @Override // com.itextpdf.text.pdf.security.ExternalSignatureContainer
    public byte[] sign(InputStream inputStream) throws GeneralSecurityException {
        try {
            Signature signature = Signature.getInstance("SHA256withRSA");
            signature.initSign(Token.getPrivateKey(this.pass));
            BouncyCastleDigest bouncyCastleDigest = new BouncyCastleDigest();
            PdfPKCS7 pdfPKCS7 = new PdfPKCS7(null, Token.getCertificate(this.pass), "SHA256", null, bouncyCastleDigest, false);
            byte[] digest = DigestAlgorithms.digest(inputStream, bouncyCastleDigest.getMessageDigest("SHA256"));
            signature.update(pdfPKCS7.getAuthenticatedAttributeBytes(digest, null, null, MakeSignature.CryptoStandard.CADES));
            pdfPKCS7.setExternalDigest(signature.sign(), null, SecurityConstants.RSA);
            return pdfPKCS7.getEncodedPKCS7(digest, MyApplication.isTimeStamp() ? new TSAClientBouncyCastle(MyApplication.getUrlTS(), MyApplication.getUserTS(), MyApplication.getPassTS()) : null, null, null, MakeSignature.CryptoStandard.CADES);
        } catch (Token.KeyException e) {
            throw new GeneralSecurityException(e.getMessage());
        } catch (IOException e2) {
            throw new GeneralSecurityException(e2.getMessage());
        } catch (InvalidKeyException e3) {
            throw new GeneralSecurityException(e3.getMessage());
        }
    }
}
