package org.xipki.security.pkcs12;

import java.io.IOException;
import java.io.InputStream;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.util.ArrayList;
import java.util.Enumeration;
import javax.crypto.SecretKey;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.xipki.security.ConcurrentContentSigner;
import org.xipki.security.DfltConcurrentContentSigner;
import org.xipki.security.HashAlgo;
import org.xipki.security.XiSecurityException;
import org.xipki.security.util.KeyUtil;
import org.xipki.util.Args;

/* loaded from: input_file:WEB-INF/lib/security-5.3.3.jar:org/xipki/security/pkcs12/P12MacContentSignerBuilder.class */
public class P12MacContentSignerBuilder {
    private final SecretKey key;

    public P12MacContentSignerBuilder(SecretKey secretKey) throws XiSecurityException {
        this.key = (SecretKey) Args.notNull(secretKey, "key");
    }

    public P12MacContentSignerBuilder(String str, InputStream inputStream, char[] cArr, String str2, char[] cArr2) throws XiSecurityException {
        if (!"JCEKS".equalsIgnoreCase(str)) {
            throw new IllegalArgumentException("unsupported keystore type: " + str);
        }
        Args.notNull(inputStream, "keystoreStream");
        Args.notNull(cArr, "keystorePassword");
        Args.notNull(cArr2, "keyPassword");
        try {
            KeyStore keyStore = KeyUtil.getKeyStore(str);
            keyStore.load(inputStream, cArr);
            String str3 = str2;
            if (str3 == null) {
                Enumeration<String> aliases = keyStore.aliases();
                while (true) {
                    if (!aliases.hasMoreElements()) {
                        break;
                    }
                    String nextElement = aliases.nextElement();
                    if (keyStore.isKeyEntry(nextElement)) {
                        str3 = nextElement;
                        break;
                    }
                }
            } else if (!keyStore.isKeyEntry(str3)) {
                throw new XiSecurityException("unknown key named " + str3);
            }
            this.key = (SecretKey) keyStore.getKey(str3, cArr2);
        } catch (IOException | ClassCastException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException | CertificateException e) {
            throw new XiSecurityException(e.getMessage(), e);
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r2v5, types: [byte[], byte[][]] */
    public ConcurrentContentSigner createSigner(AlgorithmIdentifier algorithmIdentifier, int i, SecureRandom secureRandom) throws XiSecurityException {
        Args.notNull(algorithmIdentifier, "signatureAlgId");
        Args.positive(i, "parallelism");
        ArrayList arrayList = new ArrayList(i);
        ASN1ObjectIdentifier algorithm = algorithmIdentifier.getAlgorithm();
        boolean z = algorithm.equals(NISTObjectIdentifiers.id_aes128_GCM) || algorithm.equals(NISTObjectIdentifiers.id_aes192_GCM) || algorithm.equals(NISTObjectIdentifiers.id_aes256_GCM);
        for (int i2 = 0; i2 < i; i2++) {
            arrayList.add(z ? new AESGmacContentSigner(algorithm, this.key) : new HmacContentSigner(algorithmIdentifier, this.key));
        }
        try {
            DfltConcurrentContentSigner dfltConcurrentContentSigner = new DfltConcurrentContentSigner(true, arrayList, this.key);
            dfltConcurrentContentSigner.setSha1DigestOfMacKey(HashAlgo.SHA1.hash(new byte[]{this.key.getEncoded()}));
            return dfltConcurrentContentSigner;
        } catch (NoSuchAlgorithmException e) {
            throw new XiSecurityException(e.getMessage(), e);
        }
    }

    public SecretKey getKey() {
        return this.key;
    }
}
