package org.xipki.security.pkcs12;

import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.Signature;
import java.security.SignatureException;
import java.security.interfaces.DSAPrivateKey;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.RSAPrivateKey;
import java.util.ArrayList;
import javax.crypto.NoSuchPaddingException;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.crypto.ExtendedDigest;
import org.bouncycastle.crypto.Signer;
import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
import org.bouncycastle.crypto.params.RSAKeyParameters;
import org.bouncycastle.crypto.signers.DSADigestSigner;
import org.bouncycastle.crypto.signers.DSASigner;
import org.bouncycastle.crypto.signers.ECDSASigner;
import org.bouncycastle.crypto.signers.RSADigestSigner;
import org.bouncycastle.crypto.signers.SM2Signer;
import org.bouncycastle.jcajce.provider.asymmetric.dsa.DSAUtil;
import org.bouncycastle.jcajce.provider.asymmetric.util.ECUtil;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.bc.BcContentSignerBuilder;
import org.xipki.security.ConcurrentContentSigner;
import org.xipki.security.DSAPlainDigestSigner;
import org.xipki.security.DfltConcurrentContentSigner;
import org.xipki.security.SignAlgo;
import org.xipki.security.SignatureSigner;
import org.xipki.security.X509Cert;
import org.xipki.security.XiSecurityException;
import org.xipki.security.XiWrappedContentSigner;
import org.xipki.security.util.GMUtil;
import org.xipki.security.util.SignerUtil;
import org.xipki.util.Args;
import org.xipki.util.CollectionUtil;

/* loaded from: input_file:WEB-INF/lib/security-6.3.0.jar:org/xipki/security/pkcs12/P12ContentSignerBuilder.class */
public class P12ContentSignerBuilder {
    private final PrivateKey key;
    private final PublicKey publicKey;
    private final X509Cert[] certificateChain;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/security-6.3.0.jar:org/xipki/security/pkcs12/P12ContentSignerBuilder$DSAContentSignerBuilder.class */
    public static class DSAContentSignerBuilder extends BcContentSignerBuilder {
        private final SignAlgo signAlgo;

        private DSAContentSignerBuilder(SignAlgo signAlgo) throws NoSuchAlgorithmException {
            super(signAlgo.getAlgorithmIdentifier(), signAlgo.getHashAlgo().getAlgorithmIdentifier());
            this.signAlgo = signAlgo;
        }

        protected Signer createSigner(AlgorithmIdentifier algorithmIdentifier, AlgorithmIdentifier algorithmIdentifier2) throws OperatorCreationException {
            this.signAlgo.assertSameAlgorithm(algorithmIdentifier, algorithmIdentifier2);
            return new DSADigestSigner(new DSASigner(), this.signAlgo.getHashAlgo().createDigest());
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/security-6.3.0.jar:org/xipki/security/pkcs12/P12ContentSignerBuilder$ECDSAContentSignerBuilder.class */
    public static class ECDSAContentSignerBuilder extends BcContentSignerBuilder {
        private final SignAlgo signAlgo;

        private ECDSAContentSignerBuilder(SignAlgo signAlgo) throws NoSuchAlgorithmException {
            super(signAlgo.getAlgorithmIdentifier(), signAlgo.getHashAlgo().getAlgorithmIdentifier());
            this.signAlgo = signAlgo;
        }

        protected Signer createSigner(AlgorithmIdentifier algorithmIdentifier, AlgorithmIdentifier algorithmIdentifier2) throws OperatorCreationException {
            this.signAlgo.assertSameAlgorithm(algorithmIdentifier, algorithmIdentifier2);
            ExtendedDigest createDigest = this.signAlgo.getHashAlgo().createDigest();
            ECDSASigner eCDSASigner = new ECDSASigner();
            return this.signAlgo.isPlainECDSASigAlgo() ? new DSAPlainDigestSigner(eCDSASigner, createDigest) : new DSADigestSigner(eCDSASigner, createDigest);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/security-6.3.0.jar:org/xipki/security/pkcs12/P12ContentSignerBuilder$RSAContentSignerBuilder.class */
    public static class RSAContentSignerBuilder extends BcContentSignerBuilder {
        private final SignAlgo signAlgo;

        private RSAContentSignerBuilder(SignAlgo signAlgo) throws NoSuchAlgorithmException {
            super(signAlgo.getAlgorithmIdentifier(), signAlgo.getHashAlgo().getAlgorithmIdentifier());
            this.signAlgo = signAlgo;
        }

        protected Signer createSigner(AlgorithmIdentifier algorithmIdentifier, AlgorithmIdentifier algorithmIdentifier2) throws OperatorCreationException {
            this.signAlgo.assertSameAlgorithm(algorithmIdentifier, algorithmIdentifier2);
            if (!this.signAlgo.isRSAPSSSigAlgo()) {
                return new RSADigestSigner(this.digestProvider.get(algorithmIdentifier2));
            }
            try {
                return SignerUtil.createPSSRSASigner(this.signAlgo);
            } catch (XiSecurityException e) {
                throw new OperatorCreationException(e.getMessage(), e);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/security-6.3.0.jar:org/xipki/security/pkcs12/P12ContentSignerBuilder$SM2ContentSignerBuilder.class */
    public static class SM2ContentSignerBuilder extends BcContentSignerBuilder {
        private final SignAlgo signAlgo;

        private SM2ContentSignerBuilder(SignAlgo signAlgo) throws NoSuchAlgorithmException {
            super(signAlgo.getAlgorithmIdentifier(), signAlgo.getHashAlgo().getAlgorithmIdentifier());
            this.signAlgo = signAlgo;
        }

        protected Signer createSigner(AlgorithmIdentifier algorithmIdentifier, AlgorithmIdentifier algorithmIdentifier2) throws OperatorCreationException {
            this.signAlgo.assertSameAlgorithm(algorithmIdentifier, algorithmIdentifier2);
            return new SM2Signer(this.signAlgo.getHashAlgo().createDigest());
        }
    }

    public P12ContentSignerBuilder(PrivateKey privateKey, PublicKey publicKey) {
        this.key = (PrivateKey) Args.notNull(privateKey, "privateKey");
        this.publicKey = (PublicKey) Args.notNull(publicKey, "publicKey");
        this.certificateChain = null;
    }

    public P12ContentSignerBuilder(KeypairWithCert keypairWithCert) throws XiSecurityException {
        Args.notNull(keypairWithCert, "keypairWithCert");
        this.key = keypairWithCert.getKey();
        this.publicKey = keypairWithCert.getPublicKey();
        this.certificateChain = keypairWithCert.getCertificateChain();
    }

    public X509Cert getCertificate() {
        if (this.certificateChain == null || this.certificateChain.length <= 0) {
            return null;
        }
        return this.certificateChain[0];
    }

    public X509Cert[] getCertificateChain() {
        return this.certificateChain;
    }

    public PrivateKey getKey() {
        return this.key;
    }

    public ContentSigner createContentSigner(SignAlgo signAlgo, SecureRandom secureRandom) throws XiSecurityException {
        Args.notNull(signAlgo, "signAlgo");
        String providerName = getProviderName(signAlgo);
        if (providerName != null && Security.getProvider(providerName) != null) {
            try {
                return new SignatureSigner(signAlgo, createSignature(signAlgo, providerName, true), this.key);
            } catch (Exception e) {
            }
        }
        Object[] ff = ff(signAlgo, secureRandom);
        try {
            return ((BcContentSignerBuilder) ff[0]).build((AsymmetricKeyParameter) ff[1]);
        } catch (OperatorCreationException e2) {
            throw new XiSecurityException("operator creation error", e2);
        }
    }

    public ConcurrentContentSigner createSigner(SignAlgo signAlgo, int i, SecureRandom secureRandom) throws XiSecurityException, NoSuchPaddingException {
        Args.notNull(signAlgo, "signAlgo");
        Args.positive(i, "parallelism");
        ArrayList arrayList = new ArrayList(i);
        String providerName = getProviderName(signAlgo);
        if (providerName != null && Security.getProvider(providerName) != null) {
            int i2 = 0;
            while (i2 < i) {
                try {
                    arrayList.add(new SignatureSigner(signAlgo, createSignature(signAlgo, providerName, i2 == 0), this.key));
                    i2++;
                } catch (Exception e) {
                    arrayList.clear();
                }
            }
        }
        if (CollectionUtil.isEmpty(arrayList)) {
            Object[] ff = ff(signAlgo, secureRandom);
            BcContentSignerBuilder bcContentSignerBuilder = (BcContentSignerBuilder) ff[0];
            AsymmetricKeyParameter asymmetricKeyParameter = (AsymmetricKeyParameter) ff[1];
            for (int i3 = 0; i3 < i; i3++) {
                try {
                    arrayList.add(new XiWrappedContentSigner(bcContentSignerBuilder.build(asymmetricKeyParameter), true));
                } catch (OperatorCreationException e2) {
                    throw new XiSecurityException("operator creation error", e2);
                }
            }
        }
        try {
            DfltConcurrentContentSigner dfltConcurrentContentSigner = new DfltConcurrentContentSigner(false, arrayList, this.key);
            if (this.certificateChain != null) {
                dfltConcurrentContentSigner.setCertificateChain(this.certificateChain);
            } else {
                dfltConcurrentContentSigner.setPublicKey(this.publicKey);
            }
            return dfltConcurrentContentSigner;
        } catch (NoSuchAlgorithmException e3) {
            throw new XiSecurityException(e3.getMessage(), e3);
        }
    }

    private String getProviderName(SignAlgo signAlgo) {
        if (signAlgo.isRSAPkcs1SigAlgo()) {
            return "SunRsaSign";
        }
        if (signAlgo.isECDSASigAlgo()) {
            return null;
        }
        if (signAlgo.isDSASigAlgo()) {
            return "SUN";
        }
        if (signAlgo.isEDDSASigAlgo()) {
            return "BC";
        }
        return null;
    }

    private Signature createSignature(SignAlgo signAlgo, String str, boolean z) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException, SignatureException {
        Signature signature = Signature.getInstance(signAlgo.getJceName(), str);
        signature.initSign(this.key);
        if (z) {
            signature.update(new byte[]{1, 2, 3, 4});
            signature.sign();
        }
        return signature;
    }

    private Object[] ff(SignAlgo signAlgo, SecureRandom secureRandom) throws XiSecurityException {
        RSAKeyParameters generatePrivateKeyParameter;
        BcContentSignerBuilder eCDSAContentSignerBuilder;
        try {
            if (this.key instanceof RSAPrivateKey) {
                if (!signAlgo.isRSAPSSSigAlgo() && !signAlgo.isRSAPkcs1SigAlgo()) {
                    throw new NoSuchAlgorithmException("the given algorithm is not a valid RSA signature algorithm '" + signAlgo + "'");
                }
                generatePrivateKeyParameter = SignerUtil.generateRSAPrivateKeyParameter((RSAPrivateKey) this.key);
                eCDSAContentSignerBuilder = new RSAContentSignerBuilder(signAlgo);
            } else if (this.key instanceof DSAPrivateKey) {
                if (!signAlgo.isDSASigAlgo()) {
                    throw new NoSuchAlgorithmException("the given algorithm is not a valid DSA signature algirthm " + signAlgo);
                }
                generatePrivateKeyParameter = DSAUtil.generatePrivateKeyParameter(this.key);
                eCDSAContentSignerBuilder = new DSAContentSignerBuilder(signAlgo);
            } else {
                if (!(this.key instanceof ECPrivateKey)) {
                    throw new XiSecurityException("unsupported key " + this.key.getClass().getName());
                }
                generatePrivateKeyParameter = ECUtil.generatePrivateKeyParameter(this.key);
                if (GMUtil.isSm2primev2Curve(((ECPrivateKey) this.key).getParams().getCurve())) {
                    if (!signAlgo.isSM2SigAlgo()) {
                        throw new NoSuchAlgorithmException("the given algorithm is not a valid SM2 signature algirthm " + signAlgo);
                    }
                    eCDSAContentSignerBuilder = new SM2ContentSignerBuilder(signAlgo);
                } else {
                    if (!signAlgo.isECDSASigAlgo()) {
                        throw new NoSuchAlgorithmException("the given algorithm is not a valid ECDSA signature algirthm " + signAlgo);
                    }
                    eCDSAContentSignerBuilder = new ECDSAContentSignerBuilder(signAlgo);
                }
            }
            if (secureRandom != null) {
                eCDSAContentSignerBuilder.setSecureRandom(secureRandom);
            }
            return new Object[]{eCDSAContentSignerBuilder, generatePrivateKeyParameter};
        } catch (InvalidKeyException e) {
            throw new XiSecurityException("invalid key: " + e.getMessage(), e);
        } catch (NoSuchAlgorithmException e2) {
            throw new XiSecurityException("no such algorithm: " + e2.getMessage(), e2);
        }
    }
}
