package com.baltimore.jpkiplus.policies;

import com.baltimore.jcrypto.coders.BERCoder;
import com.baltimore.jpkiplus.pkcs7.CertificateChain;
import com.baltimore.jpkiplus.pkcs7.SignerInfo;
import com.baltimore.jpkiplus.pkcs7.content.Data;
import com.baltimore.jpkiplus.pkcs7.content.SignedData;
import com.baltimore.jpkiplus.vaults.Vault;
import com.baltimore.jpkiplus.x509.JCRYPTO_X509Certificate;
import java.security.SignatureException;
import java.security.cert.X509Certificate;

/* compiled from: [DashoPro-V1.3-013000] */
/* loaded from: input_file:com/baltimore/jpkiplus/policies/PolicySigner.class */
public class PolicySigner {
    public static byte[] sign(PKIPolicy pKIPolicy, Vault vault, X509Certificate x509Certificate) throws SignatureException {
        try {
            CertificateChain certificateChain = new CertificateChain((JCRYPTO_X509Certificate) x509Certificate);
            Data data = new Data();
            SignedData signedData = new SignedData("SHA1");
            signedData.setContent(data);
            data.setData(pKIPolicy.getTBSData());
            signedData.setCertificates(certificateChain);
            SignerInfo signerInfo = new SignerInfo(certificateChain.getCertificate());
            signedData.setSignerInfo(signerInfo);
            signerInfo.setSigningTime();
            signedData.sign(vault.primaryKeyProvider().getPrivateKeyForCert(x509Certificate));
            signedData.setClearSigned(true);
            return BERCoder.encode(signedData);
        } catch (Exception e) {
            throw new SignatureException(e.getMessage());
        }
    }

    public static boolean verify(byte[] bArr, PKIPolicy pKIPolicy, Vault vault) throws SignatureException {
        try {
            SignedData signedData = new SignedData(bArr);
            if (signedData.getCertificates().contains(signedData.getSigningCertificate()) == -1) {
                throw new SignatureException("Signing cert does not verify");
            }
            return signedData.verify(new Data(pKIPolicy.getTBSData()));
        } catch (Exception e) {
            throw new SignatureException(e.getMessage());
        }
    }
}
