package org.xipki.security.pkcs11;

import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Set;
import org.xipki.audit.services.MacAuditService;
import org.xipki.pkcs11.wrapper.TokenException;
import org.xipki.security.ConcurrentContentSigner;
import org.xipki.security.DfltConcurrentContentSigner;
import org.xipki.security.SecurityFactory;
import org.xipki.security.SignAlgo;
import org.xipki.security.SignerConf;
import org.xipki.security.SignerFactory;
import org.xipki.security.X509Cert;
import org.xipki.security.XiSecurityException;
import org.xipki.util.Hex;
import org.xipki.util.exception.ObjectCreationException;

/* loaded from: input_file:WEB-INF/lib/security-6.3.1.jar:org/xipki/security/pkcs11/P11SignerFactory.class */
public class P11SignerFactory implements SignerFactory {
    private static final String TYPE = "pkcs11";
    private static final Set<String> types = Set.copyOf(Collections.singletonList(TYPE));
    private P11CryptServiceFactory p11CryptServiceFactory;
    private SecurityFactory securityFactory;

    public void setP11CryptServiceFactory(P11CryptServiceFactory p11CryptServiceFactory) {
        this.p11CryptServiceFactory = p11CryptServiceFactory;
    }

    public void setSecurityFactory(SecurityFactory securityFactory) {
        this.securityFactory = securityFactory;
    }

    @Override // org.xipki.security.SignerFactory
    public Set<String> getSupportedSignerTypes() {
        return types;
    }

    @Override // org.xipki.security.SignerFactory
    public boolean canCreateSigner(String str) {
        return types.contains(str.toLowerCase());
    }

    @Override // org.xipki.security.SignerFactory
    public ConcurrentContentSigner newSigner(String str, SignerConf signerConf, X509Cert[] x509CertArr) throws ObjectCreationException {
        if (!TYPE.equalsIgnoreCase(str)) {
            throw new ObjectCreationException("unknown signer type " + str);
        }
        if (this.p11CryptServiceFactory == null) {
            throw new ObjectCreationException("p11CryptServiceFactory is not set");
        }
        if (this.securityFactory == null) {
            throw new ObjectCreationException("securityFactory is not set");
        }
        String confValue = signerConf.getConfValue("parallelism");
        int dfltSignerParallelism = this.securityFactory.getDfltSignerParallelism();
        if (confValue != null) {
            try {
                dfltSignerParallelism = Integer.parseInt(confValue);
                if (dfltSignerParallelism < 1) {
                    throw new ObjectCreationException("invalid parallelism " + confValue);
                }
            } catch (NumberFormatException e) {
                throw new ObjectCreationException("invalid parallelism " + confValue);
            }
        }
        String confValue2 = signerConf.getConfValue("module");
        String confValue3 = signerConf.getConfValue("slot");
        Integer valueOf = confValue3 == null ? null : Integer.valueOf(Integer.parseInt(confValue3));
        String confValue4 = signerConf.getConfValue("slot-id");
        Long valueOf2 = confValue4 == null ? null : Long.valueOf(Long.parseLong(confValue4));
        if ((valueOf == null && valueOf2 == null) || (valueOf != null && valueOf2 != null)) {
            throw new ObjectCreationException("exactly one of slot (index) and slot-id must be specified");
        }
        String confValue5 = signerConf.getConfValue("key-label");
        String confValue6 = signerConf.getConfValue("key-id");
        byte[] decode = confValue6 != null ? Hex.decode(confValue6) : null;
        if ((decode == null && confValue5 == null) || (decode != null && confValue5 != null)) {
            throw new ObjectCreationException("exactly one of key-id and key-label must be specified");
        }
        try {
            P11Module module = this.p11CryptServiceFactory.getP11CryptService(confValue2).getModule();
            P11Slot slot = module.getSlot(valueOf2 != null ? module.getSlotIdForId(valueOf2.longValue()) : module.getSlotIdForIndex(valueOf.intValue()));
            String str2 = decode != null ? "id " + Hex.encode(decode) : "label " + confValue5;
            try {
                P11Key key = slot.getKey(decode, confValue5);
                if (key == null) {
                    throw new ObjectCreationException("unknown identity with " + str2);
                }
                try {
                    String confValue7 = signerConf.getConfValue(MacAuditService.KEY_ALGO);
                    SignAlgo signAlgo = confValue7 != null ? SignAlgo.getInstance(confValue7) : SignAlgo.getInstance(key, signerConf);
                    ArrayList arrayList = new ArrayList(dfltSignerParallelism);
                    PublicKey publicKey = null;
                    if (x509CertArr != null && x509CertArr.length > 0) {
                        publicKey = x509CertArr[0].getPublicKey();
                    }
                    for (int i = 0; i < dfltSignerParallelism; i++) {
                        arrayList.add(P11ContentSigner.newInstance(key, signAlgo, this.securityFactory.getRandom4Sign(), publicKey));
                    }
                    DfltConcurrentContentSigner dfltConcurrentContentSigner = new DfltConcurrentContentSigner(signAlgo.isMac(), arrayList);
                    if (x509CertArr != null) {
                        dfltConcurrentContentSigner.setCertificateChain(x509CertArr);
                    } else {
                        dfltConcurrentContentSigner.setPublicKey(key.getPublicKey());
                    }
                    if (signAlgo.isMac()) {
                        dfltConcurrentContentSigner.setSha1DigestOfMacKey(key.digestSecretKey(544L));
                    }
                    return dfltConcurrentContentSigner;
                } catch (TokenException | NoSuchAlgorithmException | XiSecurityException e2) {
                    throw new ObjectCreationException(e2.getMessage(), e2);
                }
            } catch (TokenException e3) {
                throw new ObjectCreationException("error finding identity with " + str2 + ": " + e3.getMessage());
            }
        } catch (TokenException | XiSecurityException e4) {
            throw new ObjectCreationException(e4.getMessage(), e4);
        }
    }
}
