package es.gob.jmulticard;

import es.gob.jmulticard.CryptoHelper;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.math.BigInteger;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyPair;
import java.security.NoSuchAlgorithmException;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAKey;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.ECField;
import java.security.spec.ECFieldFp;
import java.security.spec.ECParameterSpec;
import java.security.spec.ECPoint;
import java.security.spec.EllipticCurve;
import java.util.ArrayList;
import java.util.logging.Logger;
import org.spongycastle.cert.X509CertificateHolder;
import org.spongycastle.cms.CMSException;
import org.spongycastle.cms.CMSSignedData;
import org.spongycastle.cms.DefaultCMSSignatureAlgorithmNameGenerator;
import org.spongycastle.cms.SignerId;
import org.spongycastle.cms.SignerInformation;
import org.spongycastle.cms.SignerInformationVerifier;
import org.spongycastle.crypto.BufferedBlockCipher;
import org.spongycastle.crypto.DataLengthException;
import org.spongycastle.crypto.InvalidCipherTextException;
import org.spongycastle.crypto.digests.SHA1Digest;
import org.spongycastle.crypto.digests.SHA256Digest;
import org.spongycastle.crypto.digests.SHA384Digest;
import org.spongycastle.crypto.digests.SHA512Digest;
import org.spongycastle.crypto.engines.AESEngine;
import org.spongycastle.crypto.engines.DESEngine;
import org.spongycastle.crypto.engines.DESedeEngine;
import org.spongycastle.crypto.engines.RSAEngine;
import org.spongycastle.crypto.macs.CMac;
import org.spongycastle.crypto.modes.CBCBlockCipher;
import org.spongycastle.crypto.paddings.BlockCipherPadding;
import org.spongycastle.crypto.paddings.ISO7816d4Padding;
import org.spongycastle.crypto.paddings.PaddedBufferedBlockCipher;
import org.spongycastle.crypto.params.KeyParameter;
import org.spongycastle.crypto.params.ParametersWithIV;
import org.spongycastle.crypto.params.RSAKeyParameters;
import org.spongycastle.crypto.prng.DigestRandomGenerator;
import org.spongycastle.jcajce.provider.asymmetric.ec.KeyPairGeneratorSpi;
import org.spongycastle.jcajce.provider.asymmetric.x509.CertificateFactory;
import org.spongycastle.jce.ECNamedCurveTable;
import org.spongycastle.jce.provider.BouncyCastleProvider;
import org.spongycastle.jce.spec.ECNamedCurveGenParameterSpec;
import org.spongycastle.math.ec.ECCurve;
import org.spongycastle.math.ec.ECFieldElement;
import org.spongycastle.operator.DefaultSignatureAlgorithmIdentifierFinder;
import org.spongycastle.operator.OperatorCreationException;
import org.spongycastle.operator.bc.BcDigestCalculatorProvider;
import org.spongycastle.operator.jcajce.JcaContentVerifierProviderBuilder;
import org.spongycastle.util.Selector;
import org.spongycastle.util.Store;

/* loaded from: input_file:es/gob/jmulticard/BcCryptoHelper.class */
public final class BcCryptoHelper extends CryptoHelper {
    private static final Logger LOGGER = Logger.getLogger("es.gob.jmulticard");
    private transient CryptoHelper.PaceChannelHelper paceChannelHelper = null;

    /* renamed from: es.gob.jmulticard.BcCryptoHelper$1, reason: invalid class name */
    /* loaded from: input_file:es/gob/jmulticard/BcCryptoHelper$1.class */
    static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$es$gob$jmulticard$CryptoHelper$DigestAlgorithm;
        static final /* synthetic */ int[] $SwitchMap$es$gob$jmulticard$CryptoHelper$Padding = new int[CryptoHelper.Padding.values().length];

        static {
            try {
                $SwitchMap$es$gob$jmulticard$CryptoHelper$Padding[CryptoHelper.Padding.NOPADDING.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$es$gob$jmulticard$CryptoHelper$Padding[CryptoHelper.Padding.ISO7816_4PADDING.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            $SwitchMap$es$gob$jmulticard$CryptoHelper$DigestAlgorithm = new int[CryptoHelper.DigestAlgorithm.values().length];
            try {
                $SwitchMap$es$gob$jmulticard$CryptoHelper$DigestAlgorithm[CryptoHelper.DigestAlgorithm.SHA512.ordinal()] = 1;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$es$gob$jmulticard$CryptoHelper$DigestAlgorithm[CryptoHelper.DigestAlgorithm.SHA384.ordinal()] = 2;
            } catch (NoSuchFieldError e4) {
            }
            try {
                $SwitchMap$es$gob$jmulticard$CryptoHelper$DigestAlgorithm[CryptoHelper.DigestAlgorithm.SHA256.ordinal()] = 3;
            } catch (NoSuchFieldError e5) {
            }
            try {
                $SwitchMap$es$gob$jmulticard$CryptoHelper$DigestAlgorithm[CryptoHelper.DigestAlgorithm.SHA1.ordinal()] = 4;
            } catch (NoSuchFieldError e6) {
            }
        }
    }

    /* loaded from: input_file:es/gob/jmulticard/BcCryptoHelper$CertHolderBySignerIdSelector.class */
    private static final class CertHolderBySignerIdSelector implements Selector<X509CertificateHolder> {
        private final transient SignerId signerId;

        CertHolderBySignerIdSelector(SignerId signerId) {
            if (signerId == null) {
                throw new IllegalArgumentException("El ID del firmante no puede ser nulo");
            }
            this.signerId = signerId;
        }

        public boolean match(X509CertificateHolder x509CertificateHolder) {
            return this.signerId.getSerialNumber().equals(x509CertificateHolder.getSerialNumber());
        }

        public Object clone() {
            throw new UnsupportedOperationException();
        }
    }

    public byte[] digest(CryptoHelper.DigestAlgorithm digestAlgorithm, byte[] bArr) throws IOException {
        byte[] bArr2;
        if (digestAlgorithm == null) {
            throw new IllegalArgumentException("El algoritmo de huella digital no puede ser nulo");
        }
        if (bArr == null) {
            throw new IllegalArgumentException("Los datos para realizar la huella digital no pueden ser nulos");
        }
        switch (AnonymousClass1.$SwitchMap$es$gob$jmulticard$CryptoHelper$DigestAlgorithm[digestAlgorithm.ordinal()]) {
            case 1:
                SHA512Digest sHA512Digest = new SHA512Digest();
                sHA512Digest.update(bArr, 0, bArr.length);
                bArr2 = new byte[sHA512Digest.getDigestSize()];
                sHA512Digest.doFinal(bArr2, 0);
                break;
            case 2:
                SHA384Digest sHA384Digest = new SHA384Digest();
                sHA384Digest.update(bArr, 0, bArr.length);
                bArr2 = new byte[sHA384Digest.getDigestSize()];
                sHA384Digest.doFinal(bArr2, 0);
                break;
            case 3:
                SHA256Digest sHA256Digest = new SHA256Digest();
                sHA256Digest.update(bArr, 0, bArr.length);
                bArr2 = new byte[sHA256Digest.getDigestSize()];
                sHA256Digest.doFinal(bArr2, 0);
                break;
            case 4:
                SHA1Digest sHA1Digest = new SHA1Digest();
                sHA1Digest.update(bArr, 0, bArr.length);
                bArr2 = new byte[sHA1Digest.getDigestSize()];
                sHA1Digest.doFinal(bArr2, 0);
                break;
            default:
                throw new IOException("No se soporta el algoritmo de huella digital indicado: " + digestAlgorithm);
        }
        return bArr2;
    }

    private static byte[] doDesede(byte[] bArr, byte[] bArr2, boolean z) throws IOException {
        BufferedBlockCipher bufferedBlockCipher = new BufferedBlockCipher(new CBCBlockCipher(new DESedeEngine()));
        bufferedBlockCipher.init(z, new KeyParameter(prepareDesedeKey(bArr2)));
        byte[] bArr3 = new byte[bufferedBlockCipher.getOutputSize(bArr.length)];
        try {
            bufferedBlockCipher.doFinal(bArr3, bufferedBlockCipher.processBytes(bArr, 0, bArr.length, bArr3, 0));
            return bArr3;
        } catch (DataLengthException | IllegalStateException | InvalidCipherTextException e) {
            throw new IOException("Error en el cifrado o descifrado 3DES", e);
        }
    }

    public byte[] desedeEncrypt(byte[] bArr, byte[] bArr2) throws IOException {
        return doDesede(bArr, bArr2, true);
    }

    public byte[] desedeDecrypt(byte[] bArr, byte[] bArr2) throws IOException {
        return doDesede(bArr, bArr2, false);
    }

    private static byte[] prepareDesedeKey(byte[] bArr) {
        if (bArr == null) {
            throw new IllegalArgumentException("La clave 3DES no puede ser nula");
        }
        if (bArr.length == 24) {
            return bArr;
        }
        if (bArr.length != 16) {
            throw new IllegalArgumentException("Longitud de clave invalida, se esperaba 16 o 24, pero se indico " + bArr.length);
        }
        byte[] bArr2 = new byte[24];
        System.arraycopy(bArr, 0, bArr2, 0, 16);
        System.arraycopy(bArr, 0, bArr2, 16, 8);
        return bArr2;
    }

    private static byte[] doDes(byte[] bArr, byte[] bArr2, boolean z) throws IOException {
        BufferedBlockCipher bufferedBlockCipher = new BufferedBlockCipher(new DESEngine());
        bufferedBlockCipher.init(z, new KeyParameter(bArr2));
        byte[] bArr3 = new byte[bufferedBlockCipher.getOutputSize(bArr.length)];
        try {
            bufferedBlockCipher.doFinal(bArr3, bufferedBlockCipher.processBytes(bArr, 0, bArr.length, bArr3, 0));
            return bArr3;
        } catch (DataLengthException | IllegalStateException | InvalidCipherTextException e) {
            throw new IOException("Error el el cifrado / descifrado DES", e);
        }
    }

    public byte[] desEncrypt(byte[] bArr, byte[] bArr2) throws IOException {
        return doDes(bArr, bArr2, true);
    }

    public byte[] desDecrypt(byte[] bArr, byte[] bArr2) throws IOException {
        return doDes(bArr, bArr2, false);
    }

    private static byte[] doRsa(byte[] bArr, RSAKey rSAKey, boolean z) throws IOException {
        boolean z2 = rSAKey instanceof RSAPrivateKey;
        RSAKeyParameters rSAKeyParameters = new RSAKeyParameters(z2, rSAKey.getModulus(), z2 ? ((RSAPrivateKey) rSAKey).getPrivateExponent() : ((RSAPublicKey) rSAKey).getPublicExponent());
        RSAEngine rSAEngine = new RSAEngine();
        rSAEngine.init(z, rSAKeyParameters);
        try {
            return rSAEngine.processBlock(bArr, 0, bArr.length);
        } catch (InvalidCipherTextException e) {
            throw new IOException("Error en el cifrado/descifrado RSA", e);
        }
    }

    public byte[] rsaDecrypt(byte[] bArr, RSAKey rSAKey) throws IOException {
        return doRsa(bArr, rSAKey, false);
    }

    public byte[] rsaEncrypt(byte[] bArr, RSAKey rSAKey) throws IOException {
        return doRsa(bArr, rSAKey, true);
    }

    public byte[] generateRandomBytes(int i) {
        byte[] bArr = new byte[i];
        new DigestRandomGenerator(new SHA1Digest()).nextBytes(bArr);
        return bArr;
    }

    private static byte[] aesEncryptSingleBlock(byte[] bArr, byte[] bArr2) {
        KeyParameter keyParameter = new KeyParameter(bArr);
        AESEngine aESEngine = new AESEngine();
        aESEngine.init(true, keyParameter);
        byte[] bArr3 = new byte[aESEngine.getBlockSize()];
        aESEngine.processBlock(bArr2, 0, bArr3, 0);
        return bArr3;
    }

    private static byte[] doAes(byte[] bArr, byte[] bArr2, byte[] bArr3, BlockCipherPadding blockCipherPadding, boolean z) throws IOException, InvalidCipherTextException {
        byte[] bArr4;
        AESEngine aESEngine = new AESEngine();
        if (bArr2 == null) {
            bArr4 = null;
        } else if (bArr2.length == 0) {
            LOGGER.warning("Se usara un vector de inicializacion AES vacio");
            bArr4 = new byte[aESEngine.getBlockSize()];
        } else {
            bArr4 = bArr2;
        }
        ParametersWithIV parametersWithIV = new ParametersWithIV(new KeyParameter(bArr3), bArr4);
        PaddedBufferedBlockCipher paddedBufferedBlockCipher = blockCipherPadding != null ? new PaddedBufferedBlockCipher(new CBCBlockCipher(new AESEngine()), blockCipherPadding) : new BufferedBlockCipher(new CBCBlockCipher(aESEngine));
        paddedBufferedBlockCipher.init(z, parametersWithIV);
        byte[] bArr5 = new byte[16];
        byte[] bArr6 = new byte[512];
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        Throwable th = null;
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            Throwable th2 = null;
            while (true) {
                try {
                    int read = byteArrayInputStream.read(bArr5);
                    if (read < 0) {
                        break;
                    }
                    byteArrayOutputStream.write(bArr6, 0, paddedBufferedBlockCipher.processBytes(bArr5, 0, read, bArr6, 0));
                } catch (Throwable th3) {
                    if (byteArrayOutputStream != null) {
                        if (0 != 0) {
                            try {
                                byteArrayOutputStream.close();
                            } catch (Throwable th4) {
                                th2.addSuppressed(th4);
                            }
                        } else {
                            byteArrayOutputStream.close();
                        }
                    }
                    throw th3;
                }
            }
            byteArrayOutputStream.write(bArr6, 0, paddedBufferedBlockCipher.doFinal(bArr6, 0));
            byteArrayOutputStream.flush();
            byte[] byteArray = byteArrayOutputStream.toByteArray();
            if (byteArrayOutputStream != null) {
                if (0 != 0) {
                    try {
                        byteArrayOutputStream.close();
                    } catch (Throwable th5) {
                        th2.addSuppressed(th5);
                    }
                } else {
                    byteArrayOutputStream.close();
                }
            }
            return byteArray;
        } finally {
            if (byteArrayInputStream != null) {
                if (0 != 0) {
                    try {
                        byteArrayInputStream.close();
                    } catch (Throwable th6) {
                        th.addSuppressed(th6);
                    }
                } else {
                    byteArrayInputStream.close();
                }
            }
        }
    }

    public byte[] aesDecrypt(byte[] bArr, byte[] bArr2, byte[] bArr3, CryptoHelper.BlockMode blockMode, CryptoHelper.Padding padding) throws IOException {
        BlockCipherPadding iSO7816d4Padding;
        if (bArr == null) {
            throw new IllegalArgumentException("Los datos a cifrar no pueden ser nulos");
        }
        if (bArr3 == null) {
            throw new IllegalArgumentException("La clave de cifrado no puede ser nula");
        }
        switch (AnonymousClass1.$SwitchMap$es$gob$jmulticard$CryptoHelper$Padding[padding.ordinal()]) {
            case 1:
                iSO7816d4Padding = null;
                break;
            case 2:
                iSO7816d4Padding = new ISO7816d4Padding();
                break;
            default:
                throw new IOException("Algoritmo de relleno no soportado para AES: " + padding);
        }
        try {
            return doAes(bArr, bArr2, bArr3, iSO7816d4Padding, false);
        } catch (DataLengthException | IllegalStateException | InvalidCipherTextException e) {
            throw new IOException("Error en el descifrado AES: " + e, e);
        }
    }

    public byte[] aesEncrypt(byte[] bArr, byte[] bArr2, byte[] bArr3, CryptoHelper.BlockMode blockMode, CryptoHelper.Padding padding) throws IOException {
        BlockCipherPadding iSO7816d4Padding;
        if (bArr == null) {
            throw new IllegalArgumentException("Los datos a cifrar no pueden ser nulos");
        }
        if (bArr3 == null) {
            throw new IllegalArgumentException("La clave de cifrado no puede ser nula");
        }
        if (CryptoHelper.BlockMode.ECB.equals(blockMode) && CryptoHelper.Padding.NOPADDING.equals(padding) && bArr.length == 16) {
            return aesEncryptSingleBlock(bArr3, bArr);
        }
        switch (AnonymousClass1.$SwitchMap$es$gob$jmulticard$CryptoHelper$Padding[padding.ordinal()]) {
            case 1:
                iSO7816d4Padding = null;
                break;
            case 2:
                iSO7816d4Padding = new ISO7816d4Padding();
                break;
            default:
                throw new IOException("Algoritmo de relleno no soportado para AES: " + padding);
        }
        try {
            return doAes(bArr, bArr2, bArr3, iSO7816d4Padding, true);
        } catch (DataLengthException | IllegalStateException | InvalidCipherTextException | IOException e) {
            throw new IOException("Error en el cifrado AES", e);
        }
    }

    public KeyPair generateEcKeyPair(CryptoHelper.EcCurve ecCurve) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException {
        KeyPairGeneratorSpi.ECDH ecdh = new KeyPairGeneratorSpi.ECDH();
        ecdh.initialize(new ECNamedCurveGenParameterSpec(ecCurve.toString()));
        return ecdh.generateKeyPair();
    }

    public byte[] doAesCmac(byte[] bArr, byte[] bArr2) {
        CMac cMac = new CMac(new AESEngine(), 64);
        cMac.init(new KeyParameter(bArr2));
        cMac.update(bArr, 0, bArr.length);
        byte[] bArr3 = new byte[cMac.getMacSize()];
        cMac.doFinal(bArr3, 0);
        return bArr3;
    }

    public AlgorithmParameterSpec getEcPoint(byte[] bArr, byte[] bArr2, CryptoHelper.EcCurve ecCurve) {
        ECParameterSpec parameterSpec = ECNamedCurveTable.getParameterSpec(ecCurve.toString());
        BigInteger os2i = os2i(bArr2);
        return mapNonceGMWithECDH(os2i(bArr), new ECPoint(os2i, computeAffineY(os2i, parameterSpec)), parameterSpec);
    }

    private static BigInteger os2i(byte[] bArr) {
        if (bArr == null) {
            throw new IllegalArgumentException();
        }
        return os2i(bArr, 0, bArr.length);
    }

    private static BigInteger os2i(byte[] bArr, int i, int i2) {
        if (bArr == null) {
            throw new IllegalArgumentException("El Octet String no puede ser nulo");
        }
        BigInteger bigInteger = BigInteger.ZERO;
        BigInteger valueOf = BigInteger.valueOf(256L);
        for (int i3 = i; i3 < i + i2; i3++) {
            bigInteger = bigInteger.multiply(valueOf).add(BigInteger.valueOf(bArr[i3] & 255));
        }
        return bigInteger;
    }

    private static BigInteger computeAffineY(BigInteger bigInteger, ECParameterSpec eCParameterSpec) {
        ECCurve spongyCastleECCurve = toSpongyCastleECCurve(eCParameterSpec);
        ECFieldElement a = spongyCastleECCurve.getA();
        ECFieldElement b = spongyCastleECCurve.getB();
        ECFieldElement fromBigInteger = spongyCastleECCurve.fromBigInteger(bigInteger);
        return fromBigInteger.multiply(fromBigInteger).add(a).multiply(fromBigInteger).add(b).sqrt().toBigInteger();
    }

    private static ECCurve toSpongyCastleECCurve(ECParameterSpec eCParameterSpec) {
        EllipticCurve curve = eCParameterSpec.getCurve();
        ECField field = curve.getField();
        if (!(field instanceof ECFieldFp)) {
            throw new IllegalArgumentException("Solo se soporta 'ECFieldFp' y se proporciono  " + field.getClass().getCanonicalName());
        }
        int cofactor = eCParameterSpec.getCofactor();
        return new ECCurve.Fp(getPrime(eCParameterSpec), curve.getA(), curve.getB(), eCParameterSpec.getOrder(), BigInteger.valueOf(cofactor));
    }

    private static BigInteger getPrime(ECParameterSpec eCParameterSpec) {
        if (eCParameterSpec == null) {
            throw new IllegalArgumentException("Los parametros no pueden ser nulos");
        }
        ECField field = eCParameterSpec.getCurve().getField();
        if (field instanceof ECFieldFp) {
            return ((ECFieldFp) field).getP();
        }
        throw new IllegalStateException("Solo se soporta 'ECFieldFp' y se proporciono  " + field.getClass().getCanonicalName());
    }

    private static ECParameterSpec mapNonceGMWithECDH(BigInteger bigInteger, ECPoint eCPoint, ECParameterSpec eCParameterSpec) {
        ECPoint generator = eCParameterSpec.getGenerator();
        EllipticCurve curve = eCParameterSpec.getCurve();
        BigInteger a = curve.getA();
        BigInteger b = curve.getB();
        BigInteger p = ((ECFieldFp) curve.getField()).getP();
        BigInteger order = eCParameterSpec.getOrder();
        int cofactor = eCParameterSpec.getCofactor();
        ECPoint add = add(multiply(bigInteger, generator, eCParameterSpec), eCPoint, eCParameterSpec);
        if (!toSpongyCastleECPoint(add, eCParameterSpec).isValid()) {
            LOGGER.warning("Se ha generado un punto invalido");
        }
        return new ECParameterSpec(new EllipticCurve(new ECFieldFp(p), a, b), add, order, cofactor);
    }

    private static ECPoint multiply(BigInteger bigInteger, ECPoint eCPoint, ECParameterSpec eCParameterSpec) {
        return fromSpongyCastleECPoint(toSpongyCastleECPoint(eCPoint, eCParameterSpec).multiply(bigInteger));
    }

    private static ECPoint fromSpongyCastleECPoint(org.spongycastle.math.ec.ECPoint eCPoint) {
        org.spongycastle.math.ec.ECPoint normalize = eCPoint.normalize();
        if (!normalize.isValid()) {
            LOGGER.warning("Se ha proporcionado un punto invalido");
        }
        return new ECPoint(normalize.getAffineXCoord().toBigInteger(), normalize.getAffineYCoord().toBigInteger());
    }

    private static ECPoint add(ECPoint eCPoint, ECPoint eCPoint2, ECParameterSpec eCParameterSpec) {
        return fromSpongyCastleECPoint(toSpongyCastleECPoint(eCPoint, eCParameterSpec).add(toSpongyCastleECPoint(eCPoint2, eCParameterSpec)));
    }

    private static org.spongycastle.math.ec.ECPoint toSpongyCastleECPoint(ECPoint eCPoint, ECParameterSpec eCParameterSpec) {
        return toSpongyCastleECCurve(eCParameterSpec).createPoint(eCPoint.getAffineX(), eCPoint.getAffineY());
    }

    public X509Certificate[] validateCmsSignature(byte[] bArr) throws SignatureException, IOException, CertificateException {
        try {
            CMSSignedData cMSSignedData = new CMSSignedData(bArr);
            Store certificates = cMSSignedData.getCertificates();
            ArrayList arrayList = new ArrayList();
            for (SignerInformation signerInformation : cMSSignedData.getSignerInfos().getSigners()) {
                try {
                    X509Certificate generateCertificate = generateCertificate(((X509CertificateHolder) certificates.getMatches(new CertHolderBySignerIdSelector(signerInformation.getSID())).iterator().next()).getEncoded());
                    try {
                        generateCertificate.checkValidity();
                        try {
                            if (!signerInformation.verify(new SignerInformationVerifier(new DefaultCMSSignatureAlgorithmNameGenerator(), new DefaultSignatureAlgorithmIdentifierFinder(), new JcaContentVerifierProviderBuilder().setProvider(new BouncyCastleProvider()).build(generateCertificate), new BcDigestCalculatorProvider()))) {
                                throw new SignatureException("Firma del SOD no valida");
                            }
                            arrayList.add(generateCertificate);
                        } catch (OperatorCreationException | CMSException e) {
                            throw new SignatureException("No se ha podido comprobar la firma del SOD", e);
                        }
                    } catch (CertificateExpiredException | CertificateNotYetValidException e2) {
                        throw new CertificateException("El SignedData contiene un certificado fuera de su periodo temporal de validez", e2);
                    }
                } catch (IOException e3) {
                    throw new CertificateException("El SignedData contiene un certificado en formato incorrecto", e3);
                }
            }
            return (X509Certificate[]) arrayList.toArray(new X509Certificate[arrayList.size()]);
        } catch (CMSException e4) {
            throw new IOException("Los datos no son un SignedData de PKCS#7/CMS", e4);
        }
    }

    public byte[] getCmsSignatureSignedContent(byte[] bArr) throws IOException {
        try {
            return (byte[]) new CMSSignedData(bArr).getSignedContent().getContent();
        } catch (CMSException e) {
            throw new IOException("Los datos no son un SignedData de PKCS#7/CMS", e);
        }
    }

    public X509Certificate generateCertificate(byte[] bArr) throws CertificateException {
        return generateCertificate(new ByteArrayInputStream(bArr));
    }

    public X509Certificate generateCertificate(InputStream inputStream) throws CertificateException {
        return (X509Certificate) new CertificateFactory().engineGenerateCertificate(inputStream);
    }

    public CryptoHelper.PaceChannelHelper getPaceChannelHelper() {
        if (this.paceChannelHelper == null) {
            this.paceChannelHelper = new PaceChannelHelperBc(this);
        }
        return this.paceChannelHelper;
    }
}
