package org.xipki.security.pkcs11;

import java.math.BigInteger;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertPathBuilderException;
import java.security.interfaces.ECPublicKey;
import java.security.spec.ECPoint;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashSet;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.gm.GMObjectIdentifiers;
import org.xipki.pkcs11.wrapper.PKCS11Constants;
import org.xipki.pkcs11.wrapper.TokenException;
import org.xipki.security.ConcurrentContentSigner;
import org.xipki.security.DfltConcurrentContentSigner;
import org.xipki.security.SecurityFactory;
import org.xipki.security.SignAlgo;
import org.xipki.security.X509Cert;
import org.xipki.security.XiContentSigner;
import org.xipki.security.XiSecurityException;
import org.xipki.security.pkcs11.P11ContentSigner;
import org.xipki.security.util.X509Util;
import org.xipki.util.Args;

/* loaded from: input_file:WEB-INF/lib/security-6.1.0.jar:org/xipki/security/pkcs11/P11ContentSignerBuilder.class */
public class P11ContentSignerBuilder {
    private final X509Cert[] certificateChain;
    private final SecurityFactory securityFactory;
    private final P11Identity identity;

    public P11ContentSignerBuilder(SecurityFactory securityFactory, P11Identity p11Identity, X509Cert[] x509CertArr) throws XiSecurityException, TokenException {
        X509Cert x509Cert;
        this.securityFactory = (SecurityFactory) Args.notNull(securityFactory, "securityFactory");
        this.identity = (P11Identity) Args.notNull(p11Identity, "identity");
        HashSet hashSet = new HashSet();
        if (x509CertArr == null || x509CertArr.length <= 0) {
            x509Cert = null;
        } else {
            int length = x509CertArr.length;
            x509Cert = x509CertArr[0];
            if (length > 1) {
                hashSet.addAll(Arrays.asList(x509CertArr).subList(1, length));
            }
        }
        if (x509Cert == null) {
            this.certificateChain = null;
            return;
        }
        try {
            this.certificateChain = X509Util.buildCertPath(x509Cert, hashSet);
        } catch (CertPathBuilderException e) {
            throw new XiSecurityException(e);
        }
    }

    public ConcurrentContentSigner createSigner(SignAlgo signAlgo, int i) throws XiSecurityException, TokenException {
        XiContentSigner createSM2ContentSigner;
        Args.positive(i, "parallelism");
        ArrayList arrayList = new ArrayList(i);
        long keyType = this.identity.getKeyType();
        Boolean bool = null;
        BigInteger bigInteger = null;
        BigInteger bigInteger2 = null;
        for (int i2 = 0; i2 < i; i2++) {
            if (keyType == 0) {
                createSM2ContentSigner = createRSAContentSigner(signAlgo);
            } else if (keyType == 3 || keyType == 4294963201L) {
                if (i2 == 0) {
                    bool = Boolean.valueOf(keyType == 4294963201L || GMObjectIdentifiers.sm2p256v1.equals(this.identity.getEcParams()));
                    if (bool.booleanValue()) {
                        ECPoint w = ((ECPublicKey) (this.certificateChain != null ? this.certificateChain[0].getPublicKey() : this.identity.getPublicKey())).getW();
                        bigInteger = w.getAffineX();
                        bigInteger2 = w.getAffineY();
                    }
                }
                createSM2ContentSigner = bool.booleanValue() ? createSM2ContentSigner(signAlgo, GMObjectIdentifiers.sm2p256v1, bigInteger, bigInteger2) : createECContentSigner(signAlgo);
            } else if (keyType == 1) {
                createSM2ContentSigner = createDSAContentSigner(signAlgo);
            } else {
                if (keyType != 64) {
                    throw new XiSecurityException("unsupported key type " + PKCS11Constants.ckkCodeToName(keyType));
                }
                createSM2ContentSigner = createEdDSAContentSigner(signAlgo);
            }
            arrayList.add(createSM2ContentSigner);
        }
        try {
            DfltConcurrentContentSigner dfltConcurrentContentSigner = new DfltConcurrentContentSigner(false, arrayList);
            if (this.certificateChain != null) {
                dfltConcurrentContentSigner.setCertificateChain(this.certificateChain);
            } else {
                dfltConcurrentContentSigner.setPublicKey(this.identity.getPublicKey());
            }
            return dfltConcurrentContentSigner;
        } catch (NoSuchAlgorithmException e) {
            throw new XiSecurityException(e.getMessage(), e);
        }
    }

    private XiContentSigner createRSAContentSigner(SignAlgo signAlgo) throws XiSecurityException {
        return signAlgo.isRSAPSSSigAlgo() ? new P11ContentSigner.RSAPSS(this.identity, signAlgo, this.securityFactory.getRandom4Sign()) : new P11ContentSigner.RSA(this.identity, signAlgo);
    }

    private XiContentSigner createECContentSigner(SignAlgo signAlgo) throws XiSecurityException {
        return new P11ContentSigner.ECDSA(this.identity, signAlgo);
    }

    private XiContentSigner createSM2ContentSigner(SignAlgo signAlgo, ASN1ObjectIdentifier aSN1ObjectIdentifier, BigInteger bigInteger, BigInteger bigInteger2) throws XiSecurityException {
        return new P11ContentSigner.SM2(this.identity, signAlgo, aSN1ObjectIdentifier, bigInteger, bigInteger2);
    }

    private XiContentSigner createDSAContentSigner(SignAlgo signAlgo) throws XiSecurityException {
        return new P11ContentSigner.DSA(this.identity, signAlgo);
    }

    private XiContentSigner createEdDSAContentSigner(SignAlgo signAlgo) throws XiSecurityException {
        return new P11ContentSigner.EdDSA(this.identity, signAlgo);
    }
}
