package org.apache.poi.poifs.crypt.dsig;

import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.PrivateKey;
import org.apache.poi.EncryptedDocumentException;
import org.apache.poi.poifs.crypt.ChainingMode;
import org.apache.poi.poifs.crypt.CipherAlgorithm;
import org.apache.poi.poifs.crypt.CryptoFunctions;
import org.apache.poi.poifs.crypt.HashAlgorithm;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.Oid;

/* JADX WARN: Classes with same name are omitted:
  input_file:WEB-INF/lib/poi-ooxml-4.1.2.jar:org/apache/poi/poifs/crypt/dsig/DigestOutputStream.class
 */
/* loaded from: input_file:org/apache/poi/poifs/crypt/dsig/DigestOutputStream.class */
class DigestOutputStream extends OutputStream {
    final HashAlgorithm algo;
    final PrivateKey key;
    private MessageDigest md;

    /* JADX INFO: Access modifiers changed from: package-private */
    public DigestOutputStream(HashAlgorithm hashAlgorithm, PrivateKey privateKey) {
        this.algo = hashAlgorithm;
        this.key = privateKey;
    }

    public void init() throws GeneralSecurityException {
        if (isMSCapi(this.key)) {
            throw new EncryptedDocumentException("Windows keystore entries can't be signed with the " + this.algo + " hash. Please use one digest algorithm of sha1 / sha256 / sha384 / sha512.");
        }
        this.md = CryptoFunctions.getMessageDigest(this.algo);
    }

    @Override // java.io.OutputStream
    public void write(int i) throws IOException {
        this.md.update((byte) i);
    }

    @Override // java.io.OutputStream
    public void write(byte[] bArr, int i, int i2) throws IOException {
        this.md.update(bArr, i, i2);
    }

    public byte[] sign() throws IOException, GeneralSecurityException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        byteArrayOutputStream.write(getHashMagic());
        byteArrayOutputStream.write(this.md.digest());
        return CryptoFunctions.getCipher(this.key, CipherAlgorithm.rsa, ChainingMode.ecb, null, 1, "PKCS1Padding").doFinal(byteArrayOutputStream.toByteArray());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean isMSCapi(PrivateKey privateKey) {
        return privateKey != null && privateKey.getClass().getName().contains("mscapi");
    }

    byte[] getHashMagic() {
        try {
            byte[] der = new Oid(this.algo.rsaOid).getDER();
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            byteArrayOutputStream.write(48);
            byteArrayOutputStream.write(this.algo.hashSize + der.length + 6);
            byteArrayOutputStream.write(48);
            byteArrayOutputStream.write(der.length + 2);
            byteArrayOutputStream.write(der);
            byteArrayOutputStream.write(new byte[]{5, 0, 4});
            byteArrayOutputStream.write(this.algo.hashSize);
            return byteArrayOutputStream.toByteArray();
        } catch (GSSException | IOException e) {
            throw new IllegalStateException((Throwable) e);
        }
    }
}
