package no.difi.asic;

import com.google.common.io.BaseEncoding;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Collections;
import org.bouncycastle.cert.jcajce.JcaCertStore;
import org.bouncycastle.cms.CMSProcessableByteArray;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.cms.CMSSignedDataGenerator;
import org.bouncycastle.cms.SignerInfoGenerator;
import org.bouncycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:no/difi/asic/SignatureHelper.class */
public class SignatureHelper {
    private static final Logger logger = LoggerFactory.getLogger(SignatureHelper.class);
    protected final Provider provider;
    protected final JcaDigestCalculatorProviderBuilder jcaDigestCalculatorProviderBuilder;
    protected X509Certificate x509Certificate;
    protected Certificate[] certificateChain;
    protected KeyPair keyPair;
    protected JcaContentSignerBuilder jcaContentSignerBuilder;

    public SignatureHelper(File file, String str, String str2) throws IOException {
        this(file, str, (String) null, str2);
    }

    public SignatureHelper(File file, String str, String str2, String str3) throws IOException {
        this(BCHelper.getProvider());
        InputStream newInputStream = Files.newInputStream(file.toPath(), new OpenOption[0]);
        Throwable th = null;
        try {
            try {
                loadCertificate(loadKeyStore(newInputStream, str), str2, str3);
                if (newInputStream != null) {
                    if (0 == 0) {
                        newInputStream.close();
                        return;
                    }
                    try {
                        newInputStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
            } catch (Throwable th3) {
                th = th3;
                throw th3;
            }
        } catch (Throwable th4) {
            if (newInputStream != null) {
                if (th != null) {
                    try {
                        newInputStream.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    newInputStream.close();
                }
            }
            throw th4;
        }
    }

    public SignatureHelper(InputStream inputStream, String str, String str2, String str3) {
        this(BCHelper.getProvider());
        loadCertificate(loadKeyStore(inputStream, str), str2, str3);
    }

    protected SignatureHelper(Provider provider) {
        this.provider = provider;
        this.jcaDigestCalculatorProviderBuilder = new JcaDigestCalculatorProviderBuilder();
        if (provider != null) {
            this.jcaDigestCalculatorProviderBuilder.setProvider(provider);
        }
    }

    protected KeyStore loadKeyStore(InputStream inputStream, String str) {
        try {
            KeyStore keyStore = KeyStore.getInstance("JKS");
            keyStore.load(inputStream, str.toCharArray());
            return keyStore;
        } catch (Exception e) {
            throw new IllegalStateException(String.format("Load keystore; %s", e.getMessage()), e);
        }
    }

    protected void loadCertificate(KeyStore keyStore, String str, String str2) {
        if (str == null) {
            try {
                str = keyStore.aliases().nextElement();
            } catch (Exception e) {
                throw new IllegalStateException(String.format("Unable to retrieve private key from keystore: %s", e.getMessage()), e);
            }
        }
        this.x509Certificate = (X509Certificate) keyStore.getCertificate(str);
        this.certificateChain = keyStore.getCertificateChain(str);
        PrivateKey privateKey = (PrivateKey) keyStore.getKey(str, str2.toCharArray());
        this.keyPair = new KeyPair(this.x509Certificate.getPublicKey(), privateKey);
        this.jcaContentSignerBuilder = new JcaContentSignerBuilder(String.format("SHA1with%s", privateKey.getAlgorithm()));
        if (this.provider != null) {
            this.jcaContentSignerBuilder.setProvider(this.provider);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public byte[] signData(byte[] bArr) {
        try {
            SignerInfoGenerator build = new JcaSignerInfoGeneratorBuilder(this.jcaDigestCalculatorProviderBuilder.build()).build(this.jcaContentSignerBuilder.build(this.keyPair.getPrivate()), this.x509Certificate);
            CMSSignedDataGenerator cMSSignedDataGenerator = new CMSSignedDataGenerator();
            cMSSignedDataGenerator.addSignerInfoGenerator(build);
            cMSSignedDataGenerator.addCertificates(new JcaCertStore(Collections.singletonList(this.x509Certificate)));
            CMSSignedData generate = cMSSignedDataGenerator.generate(new CMSProcessableByteArray(bArr), false);
            logger.debug(BaseEncoding.base64().encode(generate.getEncoded()));
            return generate.getEncoded();
        } catch (Exception e) {
            throw new IllegalStateException(String.format("Unable to sign: %s", e.getMessage()), e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public X509Certificate getX509Certificate() {
        return this.x509Certificate;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Certificate[] getCertificateChain() {
        return this.certificateChain;
    }
}
