package org.xipki.security.pkcs12;

import java.io.IOException;
import java.io.OutputStream;
import java.util.Arrays;
import javax.crypto.SecretKey;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.crypto.macs.HMac;
import org.bouncycastle.crypto.params.KeyParameter;
import org.xipki.security.HashAlgo;
import org.xipki.security.XiContentSigner;
import org.xipki.security.XiSecurityException;
import org.xipki.security.util.AlgorithmUtil;
import org.xipki.util.Args;

/* loaded from: input_file:WEB-INF/lib/security-5.3.9.jar:org/xipki/security/pkcs12/HmacContentSigner.class */
public class HmacContentSigner implements XiContentSigner {
    private final AlgorithmIdentifier algorithmIdentifier;
    private final byte[] encodedAlgorithmIdentifier;
    private final HmacOutputStream outputStream;
    private final HMac hmac;
    private final int outLen;

    /* loaded from: input_file:WEB-INF/lib/security-5.3.9.jar:org/xipki/security/pkcs12/HmacContentSigner$HmacOutputStream.class */
    private class HmacOutputStream extends OutputStream {
        private HmacOutputStream() {
        }

        @Override // java.io.OutputStream
        public void write(int i) throws IOException {
            HmacContentSigner.this.hmac.update((byte) i);
        }

        @Override // java.io.OutputStream
        public void write(byte[] bArr) throws IOException {
            HmacContentSigner.this.hmac.update(bArr, 0, bArr.length);
        }

        @Override // java.io.OutputStream
        public void write(byte[] bArr, int i, int i2) throws IOException {
            HmacContentSigner.this.hmac.update(bArr, i, i2);
        }
    }

    public HmacContentSigner(AlgorithmIdentifier algorithmIdentifier, SecretKey secretKey) throws XiSecurityException {
        this(null, algorithmIdentifier, secretKey);
    }

    public HmacContentSigner(HashAlgo hashAlgo, AlgorithmIdentifier algorithmIdentifier, SecretKey secretKey) throws XiSecurityException {
        this.algorithmIdentifier = (AlgorithmIdentifier) Args.notNull(algorithmIdentifier, "algorithmIdentifier");
        Args.notNull(secretKey, "signingKey");
        try {
            this.encodedAlgorithmIdentifier = algorithmIdentifier.getEncoded();
            this.hmac = new HMac((hashAlgo == null ? AlgorithmUtil.extractHashAlgoFromMacAlg(algorithmIdentifier) : hashAlgo).createDigest());
            byte[] encoded = secretKey.getEncoded();
            this.hmac.init(new KeyParameter(encoded, 0, encoded.length));
            this.outLen = this.hmac.getMacSize();
            this.outputStream = new HmacOutputStream();
        } catch (IOException e) {
            throw new XiSecurityException("could not encode AlgorithmIdentifier", e);
        }
    }

    public AlgorithmIdentifier getAlgorithmIdentifier() {
        return this.algorithmIdentifier;
    }

    @Override // org.xipki.security.XiContentSigner
    public byte[] getEncodedAlgorithmIdentifier() {
        return Arrays.copyOf(this.encodedAlgorithmIdentifier, this.encodedAlgorithmIdentifier.length);
    }

    public OutputStream getOutputStream() {
        this.hmac.reset();
        return this.outputStream;
    }

    public byte[] getSignature() {
        byte[] bArr = new byte[this.outLen];
        this.hmac.doFinal(bArr, 0);
        return bArr;
    }
}
