package org.xipki.security.pkcs12;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.nio.file.Paths;
import java.security.NoSuchAlgorithmException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.Set;
import javax.crypto.NoSuchPaddingException;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.xipki.password.PasswordResolver;
import org.xipki.password.PasswordResolverException;
import org.xipki.security.ConcurrentContentSigner;
import org.xipki.security.SecurityFactory;
import org.xipki.security.SignerConf;
import org.xipki.security.SignerFactory;
import org.xipki.security.XiSecurityException;
import org.xipki.security.util.AlgorithmUtil;
import org.xipki.util.Base64;
import org.xipki.util.IoUtil;
import org.xipki.util.ObjectCreationException;
import org.xipki.util.StringUtil;

/* loaded from: input_file:WEB-INF/lib/security-5.2.0.jar:org/xipki/security/pkcs12/P12SignerFactory.class */
public class P12SignerFactory implements SignerFactory {
    private static final String TYPE_PKCS12 = "pkcs12";
    private static final String TYPE_JKS = "jks";
    private static final String TYPE_JCEKS = "jceks";
    private static final Set<String> types = Collections.unmodifiableSet(new HashSet(Arrays.asList(TYPE_PKCS12, TYPE_JKS, TYPE_JCEKS)));
    private SecurityFactory securityFactory;

    public void setSecurityFactory(SecurityFactory securityFactory) {
        this.securityFactory = securityFactory;
    }

    @Override // org.xipki.security.SignerFactory
    public Set<String> getSupportedSignerTypes() {
        return types;
    }

    @Override // org.xipki.security.SignerFactory
    public boolean canCreateSigner(String str) {
        return types.contains(str.toLowerCase());
    }

    @Override // org.xipki.security.SignerFactory
    public ConcurrentContentSigner newSigner(String str, SignerConf signerConf, X509Certificate[] x509CertificateArr) throws ObjectCreationException {
        char[] resolvePassword;
        InputStream newInputStream;
        if (!canCreateSigner(str)) {
            throw new ObjectCreationException("unknown signer type " + str);
        }
        String confValue = signerConf.getConfValue("parallelism");
        int dfltSignerParallelism = this.securityFactory.getDfltSignerParallelism();
        if (confValue != null) {
            try {
                dfltSignerParallelism = Integer.parseInt(confValue);
                if (dfltSignerParallelism < 1) {
                    throw new ObjectCreationException("invalid parallelism " + confValue);
                }
            } catch (NumberFormatException e) {
                throw new ObjectCreationException("invalid parallelism " + confValue);
            }
        }
        String confValue2 = signerConf.getConfValue("password");
        if (confValue2 == null) {
            resolvePassword = null;
        } else {
            PasswordResolver passwordResolver = this.securityFactory.getPasswordResolver();
            if (passwordResolver == null) {
                resolvePassword = confValue2.toCharArray();
            } else {
                try {
                    resolvePassword = passwordResolver.resolvePassword(confValue2);
                } catch (PasswordResolverException e2) {
                    throw new ObjectCreationException("could not resolve password. Message: " + e2.getMessage());
                }
            }
        }
        String confValue3 = signerConf.getConfValue("keystore");
        String confValue4 = signerConf.getConfValue("key-label");
        if (StringUtil.startsWithIgnoreCase(confValue3, "base64:")) {
            newInputStream = new ByteArrayInputStream(Base64.decode(confValue3.substring("base64:".length())));
        } else {
            if (!StringUtil.startsWithIgnoreCase(confValue3, "file:")) {
                throw new ObjectCreationException("unknown keystore content format");
            }
            String substring = confValue3.substring("file:".length());
            try {
                newInputStream = Files.newInputStream(Paths.get(IoUtil.expandFilepath(substring), new String[0]), new OpenOption[0]);
            } catch (IOException e3) {
                throw new ObjectCreationException("file not found: " + substring);
            }
        }
        try {
            AlgorithmIdentifier algorithmIdentifier = null;
            String confValue5 = signerConf.getConfValue("algo");
            if (confValue5 != null) {
                try {
                    algorithmIdentifier = AlgorithmUtil.getMacAlgId(confValue5);
                } catch (NoSuchAlgorithmException e4) {
                }
            }
            if (algorithmIdentifier != null) {
                return new P12MacContentSignerBuilder(str, newInputStream, resolvePassword, confValue4, resolvePassword).createSigner(algorithmIdentifier, dfltSignerParallelism, this.securityFactory.getRandom4Sign());
            }
            P12ContentSignerBuilder p12ContentSignerBuilder = new P12ContentSignerBuilder(str, newInputStream, resolvePassword, confValue4, resolvePassword, x509CertificateArr);
            return p12ContentSignerBuilder.createSigner(signerConf.getHashAlgo() == null ? AlgorithmUtil.getSigAlgId(null, signerConf) : AlgorithmUtil.getSigAlgId(p12ContentSignerBuilder.getCertificate().getPublicKey(), signerConf), dfltSignerParallelism, this.securityFactory.getRandom4Sign());
        } catch (NoSuchAlgorithmException | NoSuchPaddingException | XiSecurityException e5) {
            throw new ObjectCreationException(String.format("%s: %s", e5.getClass().getName(), e5.getMessage()));
        }
    }

    @Override // org.xipki.security.SignerFactory
    public void refreshToken(String str) throws XiSecurityException {
    }
}
