package org.xipki.security;

import java.io.IOException;
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.SignatureException;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicInteger;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.xipki.ca.gateway.PasswordHash;
import org.xipki.password.PasswordResolver;
import org.xipki.util.Args;
import org.xipki.util.CollectionUtil;
import org.xipki.util.concurrent.ConcurrentBag;

/* loaded from: input_file:WEB-INF/lib/security-6.0.0.jar:org/xipki/security/DfltConcurrentContentSigner.class */
public class DfltConcurrentContentSigner implements ConcurrentContentSigner {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) DfltConcurrentContentSigner.class);
    private static final AtomicInteger NAME_INDEX = new AtomicInteger(1);
    private static int defaultSignServiceTimeout;
    private final ConcurrentBag<ConcurrentBagEntrySigner> signers;
    private final String name;
    private final SignAlgo algorithm;
    private final boolean mac;
    private byte[] sha1OfMacKey;
    private final Key signingKey;
    private PublicKey publicKey;
    private X509Cert[] certificateChain;

    public DfltConcurrentContentSigner(boolean z, List<XiContentSigner> list) throws NoSuchAlgorithmException {
        this(z, list, null);
    }

    public DfltConcurrentContentSigner(boolean z, List<XiContentSigner> list, Key key) throws NoSuchAlgorithmException {
        this.signers = new ConcurrentBag<>();
        Args.notEmpty((List) list, "signers");
        this.mac = z;
        this.algorithm = SignAlgo.getInstance(list.get(0).getAlgorithmIdentifier());
        Iterator<XiContentSigner> it = list.iterator();
        while (it.hasNext()) {
            this.signers.add(new ConcurrentBagEntrySigner(it.next()));
        }
        this.signingKey = key;
        this.name = "defaultSigner-" + NAME_INDEX.getAndIncrement();
    }

    @Override // org.xipki.security.ConcurrentContentSigner
    public String getName() {
        return this.name;
    }

    @Override // org.xipki.security.ConcurrentContentSigner
    public boolean isMac() {
        return this.mac;
    }

    public void setSha1DigestOfMacKey(byte[] bArr) {
        if (bArr == null) {
            this.sha1OfMacKey = null;
        } else {
            if (bArr.length != 20) {
                throw new IllegalArgumentException("invalid sha1Digest.length (" + bArr.length + " != 20)");
            }
            this.sha1OfMacKey = Arrays.copyOf(bArr, 20);
        }
    }

    @Override // org.xipki.security.ConcurrentContentSigner
    public byte[] getSha1OfMacKey() {
        if (this.sha1OfMacKey == null) {
            return null;
        }
        return Arrays.copyOf(this.sha1OfMacKey, 20);
    }

    @Override // org.xipki.security.ConcurrentContentSigner
    public SignAlgo getAlgorithm() {
        return this.algorithm;
    }

    @Override // org.xipki.security.ConcurrentContentSigner
    public ConcurrentBagEntrySigner borrowSigner() throws NoIdleSignerException {
        return borrowSigner(defaultSignServiceTimeout);
    }

    @Override // org.xipki.security.ConcurrentContentSigner
    public ConcurrentBagEntrySigner borrowSigner(int i) throws NoIdleSignerException {
        ConcurrentBagEntrySigner concurrentBagEntrySigner = null;
        try {
            concurrentBagEntrySigner = this.signers.borrow(i, TimeUnit.MILLISECONDS);
        } catch (InterruptedException e) {
        }
        if (concurrentBagEntrySigner == null) {
            throw new NoIdleSignerException("no idle signer available");
        }
        return concurrentBagEntrySigner;
    }

    @Override // org.xipki.security.ConcurrentContentSigner
    public void requiteSigner(ConcurrentBagEntrySigner concurrentBagEntrySigner) {
        this.signers.requite(concurrentBagEntrySigner);
    }

    @Override // org.xipki.security.ConcurrentContentSigner
    public void initialize(String str, PasswordResolver passwordResolver) throws XiSecurityException {
    }

    @Override // org.xipki.security.ConcurrentContentSigner
    public Key getSigningKey() {
        return this.signingKey;
    }

    @Override // org.xipki.security.ConcurrentContentSigner
    public void setCertificateChain(X509Cert[] x509CertArr) {
        if (CollectionUtil.isEmpty(x509CertArr)) {
            this.certificateChain = null;
        } else {
            this.certificateChain = x509CertArr;
            setPublicKey(x509CertArr[0].getPublicKey());
        }
    }

    @Override // org.xipki.security.ConcurrentContentSigner
    public PublicKey getPublicKey() {
        return this.publicKey;
    }

    @Override // org.xipki.security.ConcurrentContentSigner
    public void setPublicKey(PublicKey publicKey) {
        this.publicKey = publicKey;
    }

    @Override // org.xipki.security.ConcurrentContentSigner
    public X509Cert getCertificate() {
        if (CollectionUtil.isEmpty(this.certificateChain)) {
            return null;
        }
        return this.certificateChain[0];
    }

    @Override // org.xipki.security.ConcurrentContentSigner
    public X509Cert[] getCertificateChain() {
        return this.certificateChain;
    }

    /* JADX WARN: Removed duplicated region for block: B:10:0x004c  */
    @Override // org.xipki.security.ConcurrentContentSigner
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public boolean isHealthy() {
        /*
            r6 = this;
            r0 = 0
            r7 = r0
            r0 = r6
            org.xipki.security.ConcurrentBagEntrySigner r0 = r0.borrowSigner()     // Catch: java.lang.Exception -> L54 java.lang.Throwable -> L69
            r7 = r0
            r0 = r7
            java.lang.Object r0 = r0.value()     // Catch: java.lang.Exception -> L54 java.lang.Throwable -> L69
            org.xipki.security.XiContentSigner r0 = (org.xipki.security.XiContentSigner) r0     // Catch: java.lang.Exception -> L54 java.lang.Throwable -> L69
            java.io.OutputStream r0 = r0.getOutputStream()     // Catch: java.lang.Exception -> L54 java.lang.Throwable -> L69
            r8 = r0
            r0 = r8
            r1 = 4
            byte[] r1 = new byte[r1]     // Catch: java.lang.Exception -> L54 java.lang.Throwable -> L69
            r2 = r1
            r3 = 0
            r4 = 1
            r2[r3] = r4     // Catch: java.lang.Exception -> L54 java.lang.Throwable -> L69
            r2 = r1
            r3 = 1
            r4 = 2
            r2[r3] = r4     // Catch: java.lang.Exception -> L54 java.lang.Throwable -> L69
            r2 = r1
            r3 = 2
            r4 = 3
            r2[r3] = r4     // Catch: java.lang.Exception -> L54 java.lang.Throwable -> L69
            r2 = r1
            r3 = 3
            r4 = 4
            r2[r3] = r4     // Catch: java.lang.Exception -> L54 java.lang.Throwable -> L69
            r0.write(r1)     // Catch: java.lang.Exception -> L54 java.lang.Throwable -> L69
            r0 = r7
            java.lang.Object r0 = r0.value()     // Catch: java.lang.Exception -> L54 java.lang.Throwable -> L69
            org.xipki.security.XiContentSigner r0 = (org.xipki.security.XiContentSigner) r0     // Catch: java.lang.Exception -> L54 java.lang.Throwable -> L69
            byte[] r0 = r0.getSignature()     // Catch: java.lang.Exception -> L54 java.lang.Throwable -> L69
            r9 = r0
            r0 = r9
            if (r0 == 0) goto L45
            r0 = r9
            int r0 = r0.length     // Catch: java.lang.Exception -> L54 java.lang.Throwable -> L69
            if (r0 <= 0) goto L45
            r0 = 1
            goto L46
        L45:
            r0 = 0
        L46:
            r10 = r0
            r0 = r7
            if (r0 == 0) goto L51
            r0 = r6
            r1 = r7
            r0.requiteSigner(r1)
        L51:
            r0 = r10
            return r0
        L54:
            r8 = move-exception
            org.slf4j.Logger r0 = org.xipki.security.DfltConcurrentContentSigner.LOG     // Catch: java.lang.Throwable -> L69
            r1 = r8
            org.xipki.util.LogUtil.error(r0, r1)     // Catch: java.lang.Throwable -> L69
            r0 = 0
            r9 = r0
            r0 = r7
            if (r0 == 0) goto L67
            r0 = r6
            r1 = r7
            r0.requiteSigner(r1)
        L67:
            r0 = r9
            return r0
        L69:
            r11 = move-exception
            r0 = r7
            if (r0 == 0) goto L74
            r0 = r6
            r1 = r7
            r0.requiteSigner(r1)
        L74:
            r0 = r11
            throw r0
        */
        throw new UnsupportedOperationException("Method not decompiled: org.xipki.security.DfltConcurrentContentSigner.isHealthy():boolean");
    }

    @Override // java.io.Closeable, java.lang.AutoCloseable
    public void close() {
    }

    @Override // org.xipki.security.ConcurrentContentSigner
    public byte[] sign(byte[] bArr) throws NoIdleSignerException, SignatureException {
        ConcurrentBagEntrySigner borrowSigner = borrowSigner();
        try {
            try {
                borrowSigner.value().getOutputStream().write(bArr);
                byte[] signature = borrowSigner.value().getSignature();
                requiteSigner(borrowSigner);
                return signature;
            } catch (IOException e) {
                throw new SignatureException("could not write data to SignatureStream: " + e.getMessage(), e);
            }
        } catch (Throwable th) {
            requiteSigner(borrowSigner);
            throw th;
        }
    }

    /* JADX WARN: Type inference failed for: r0v2, types: [byte[], byte[][]] */
    @Override // org.xipki.security.ConcurrentContentSigner
    public byte[][] sign(byte[][] bArr) throws NoIdleSignerException, SignatureException {
        ?? r0 = new byte[bArr.length];
        ConcurrentBagEntrySigner borrowSigner = borrowSigner();
        try {
            XiContentSigner value = borrowSigner.value();
            for (int i = 0; i < bArr.length; i++) {
                try {
                    value.getOutputStream().write(bArr[i]);
                    r0[i] = value.getSignature();
                } catch (IOException e) {
                    throw new SignatureException("could not write data to SignatureStream: " + e.getMessage(), e);
                }
            }
            return r0;
        } finally {
            requiteSigner(borrowSigner);
        }
    }

    static {
        defaultSignServiceTimeout = PasswordHash.PBKDF2_ITERATIONS;
        String property = System.getProperty("org.xipki.security.signservice.timeout");
        if (property != null) {
            int parseInt = Integer.parseInt(property);
            if (parseInt < 0 || parseInt > 60000) {
                LOG.error("invalid {}: {}", "org.xipki.security.signservice.timeout", Integer.valueOf(parseInt));
            } else {
                LOG.info("use {}: {}", "org.xipki.security.signservice.timeout", Integer.valueOf(parseInt));
                defaultSignServiceTimeout = parseInt;
            }
        }
    }
}
