package com.helger.asic;

import com.helger.bc.PBCProvider;
import com.helger.commons.base64.Base64;
import com.helger.commons.collection.impl.CommonsArrayList;
import com.helger.commons.io.stream.StreamHelper;
import com.helger.security.keystore.EKeyStoreType;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.annotation.WillClose;
import javax.annotation.WillNotClose;
import org.bouncycastle.cert.jcajce.JcaCertStore;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.cms.CMSProcessableByteArray;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.cms.CMSSignedDataGenerator;
import org.bouncycastle.cms.SignerInfoGenerator;
import org.bouncycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/helger/asic/SignatureHelper.class */
public class SignatureHelper {
    private static final Logger LOG = LoggerFactory.getLogger(SignatureHelper.class);
    private final Provider m_aProvider;
    private final JcaDigestCalculatorProviderBuilder m_aJcaDigestCalculatorProviderBuilder;
    private X509Certificate m_aX509Certificate;
    private Certificate[] m_aCertificateChain;
    private KeyPair m_aKeyPair;
    private JcaContentSignerBuilder m_aJcaContentSignerBuilder;

    public SignatureHelper(@Nonnull File file, @Nonnull String str, @Nonnull String str2) throws IOException {
        this(file, str, (String) null, str2);
    }

    public SignatureHelper(@Nonnull File file, @Nonnull String str, @Nullable String str2, @Nonnull String str3) throws IOException {
        this(PBCProvider.getProvider());
        InputStream newInputStream = Files.newInputStream(file.toPath(), new OpenOption[0]);
        Throwable th = null;
        try {
            try {
                loadCertificate(loadKeyStore(EKeyStoreType.JKS, newInputStream, str), str2, str3);
                if (newInputStream != null) {
                    if (0 == 0) {
                        newInputStream.close();
                        return;
                    }
                    try {
                        newInputStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
            } catch (Throwable th3) {
                th = th3;
                throw th3;
            }
        } catch (Throwable th4) {
            if (newInputStream != null) {
                if (th != null) {
                    try {
                        newInputStream.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    newInputStream.close();
                }
            }
            throw th4;
        }
    }

    public SignatureHelper(@Nonnull @WillClose InputStream inputStream, @Nonnull String str, @Nullable String str2, @Nonnull String str3) {
        this(PBCProvider.getProvider());
        try {
            loadCertificate(loadKeyStore(EKeyStoreType.JKS, inputStream, str), str2, str3);
            StreamHelper.close(inputStream);
        } catch (Throwable th) {
            StreamHelper.close(inputStream);
            throw th;
        }
    }

    protected SignatureHelper(@Nullable Provider provider) {
        this.m_aProvider = provider;
        this.m_aJcaDigestCalculatorProviderBuilder = new JcaDigestCalculatorProviderBuilder();
        if (provider != null) {
            this.m_aJcaDigestCalculatorProviderBuilder.setProvider(provider);
        }
    }

    protected KeyStore loadKeyStore(@Nonnull EKeyStoreType eKeyStoreType, @Nonnull @WillNotClose InputStream inputStream, @Nonnull String str) {
        try {
            KeyStore keyStore = eKeyStoreType.getKeyStore();
            keyStore.load(inputStream, str.toCharArray());
            return keyStore;
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            throw new IllegalStateException("Load keystore; " + e.getMessage(), e);
        }
    }

    protected void loadCertificate(@Nonnull KeyStore keyStore, @Nullable String str, @Nonnull String str2) {
        String nextElement;
        if (str != null) {
            nextElement = str;
        } else {
            try {
                nextElement = keyStore.aliases().nextElement();
            } catch (KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException e) {
                throw new IllegalStateException("Unable to retrieve private key from keystore: " + e.getMessage(), e);
            }
        }
        String str3 = nextElement;
        this.m_aX509Certificate = (X509Certificate) keyStore.getCertificate(str3);
        if (this.m_aX509Certificate == null) {
            throw new IllegalStateException("Failed to resolve alias '" + str3 + "' in keystore!");
        }
        this.m_aCertificateChain = keyStore.getCertificateChain(str3);
        PrivateKey privateKey = (PrivateKey) keyStore.getKey(str3, str2.toCharArray());
        this.m_aKeyPair = new KeyPair(this.m_aX509Certificate.getPublicKey(), privateKey);
        this.m_aJcaContentSignerBuilder = new JcaContentSignerBuilder("SHA1with" + privateKey.getAlgorithm());
        if (this.m_aProvider != null) {
            this.m_aJcaContentSignerBuilder.setProvider(this.m_aProvider);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public byte[] signData(@Nonnull byte[] bArr) {
        try {
            SignerInfoGenerator build = new JcaSignerInfoGeneratorBuilder(this.m_aJcaDigestCalculatorProviderBuilder.build()).build(this.m_aJcaContentSignerBuilder.build(this.m_aKeyPair.getPrivate()), this.m_aX509Certificate);
            CMSSignedDataGenerator cMSSignedDataGenerator = new CMSSignedDataGenerator();
            cMSSignedDataGenerator.addSignerInfoGenerator(build);
            cMSSignedDataGenerator.addCertificates(new JcaCertStore(new CommonsArrayList(this.m_aX509Certificate)));
            CMSSignedData generate = cMSSignedDataGenerator.generate(new CMSProcessableByteArray(bArr), false);
            if (LOG.isDebugEnabled()) {
                LOG.debug(Base64.encodeBytes(generate.getEncoded()));
            }
            return generate.getEncoded();
        } catch (OperatorCreationException | CertificateEncodingException | CMSException | IOException e) {
            throw new IllegalStateException("Unable to sign: " + e.getMessage(), e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public X509Certificate getX509Certificate() {
        return this.m_aX509Certificate;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Certificate[] getCertificateChain() {
        return this.m_aCertificateChain;
    }
}
