package org.xipki.security.pkcs12;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.nio.file.Paths;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import javax.crypto.NoSuchPaddingException;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.xipki.password.PasswordResolver;
import org.xipki.password.PasswordResolverException;
import org.xipki.security.ConcurrentContentSigner;
import org.xipki.security.EdECConstants;
import org.xipki.security.SecurityFactory;
import org.xipki.security.SignAlgo;
import org.xipki.security.SignerConf;
import org.xipki.security.SignerFactory;
import org.xipki.security.X509Cert;
import org.xipki.security.XiSecurityException;
import org.xipki.util.Base64;
import org.xipki.util.IoUtil;
import org.xipki.util.StringUtil;
import org.xipki.util.exception.ObjectCreationException;

/* loaded from: input_file:WEB-INF/lib/security-6.2.0.jar:org/xipki/security/pkcs12/P12SignerFactory.class */
public class P12SignerFactory implements SignerFactory {
    private static final String TYPE_PKCS12 = "pkcs12";
    private static final String TYPE_JCEKS = "jceks";
    private static final Set<String> types = Collections.unmodifiableSet(new HashSet(Arrays.asList(TYPE_PKCS12, TYPE_JCEKS)));
    private SecurityFactory securityFactory;

    public void setSecurityFactory(SecurityFactory securityFactory) {
        this.securityFactory = securityFactory;
    }

    @Override // org.xipki.security.SignerFactory
    public Set<String> getSupportedSignerTypes() {
        return types;
    }

    @Override // org.xipki.security.SignerFactory
    public boolean canCreateSigner(String str) {
        return types.contains(str.toLowerCase());
    }

    @Override // org.xipki.security.SignerFactory
    public ConcurrentContentSigner newSigner(String str, SignerConf signerConf, X509Cert[] x509CertArr) throws ObjectCreationException {
        char[] resolvePassword;
        if (!canCreateSigner(str)) {
            throw new ObjectCreationException("unknown signer type " + str);
        }
        String confValue = signerConf.getConfValue("parallelism");
        int dfltSignerParallelism = this.securityFactory.getDfltSignerParallelism();
        if (confValue != null) {
            try {
                dfltSignerParallelism = Integer.parseInt(confValue);
                if (dfltSignerParallelism < 1) {
                    throw new ObjectCreationException("invalid parallelism " + confValue);
                }
            } catch (NumberFormatException e) {
                throw new ObjectCreationException("invalid parallelism " + confValue);
            }
        }
        String confValue2 = signerConf.getConfValue("password");
        if (confValue2 == null) {
            resolvePassword = null;
        } else {
            PasswordResolver passwordResolver = this.securityFactory.getPasswordResolver();
            if (passwordResolver == null) {
                resolvePassword = confValue2.toCharArray();
            } else {
                try {
                    resolvePassword = passwordResolver.resolvePassword(confValue2);
                } catch (PasswordResolverException e2) {
                    throw new ObjectCreationException("could not resolve password. Message: " + e2.getMessage());
                }
            }
        }
        String confValue3 = signerConf.getConfValue("keystore");
        String confValue4 = signerConf.getConfValue("key-label");
        InputStream inputStream = getInputStream(confValue3);
        try {
            SignAlgo signAlgo = null;
            String confValue5 = signerConf.getConfValue("algo");
            if (confValue5 != null) {
                signAlgo = SignAlgo.getInstance(confValue5);
            }
            if (signAlgo != null && signAlgo.isMac()) {
                return new P12MacContentSignerBuilder(str, inputStream, resolvePassword, confValue4, resolvePassword).createSigner(signAlgo, dfltSignerParallelism);
            }
            KeypairWithCert fromKeystore = KeypairWithCert.fromKeystore(str, inputStream, resolvePassword, confValue4, resolvePassword, x509CertArr);
            String algorithm = fromKeystore.getPublicKey().getAlgorithm();
            ASN1ObjectIdentifier curveOid = EdECConstants.getCurveOid(algorithm);
            if (curveOid == null || !EdECConstants.isMontgomeryCurve(curveOid)) {
                P12ContentSignerBuilder p12ContentSignerBuilder = new P12ContentSignerBuilder(fromKeystore);
                if (signAlgo == null) {
                    signAlgo = SignAlgo.getInstance(p12ContentSignerBuilder.getCertificate().getPublicKey(), signerConf);
                }
                return p12ContentSignerBuilder.createSigner(signAlgo, dfltSignerParallelism, this.securityFactory.getRandom4Sign());
            }
            X509Cert x509Cert = null;
            if (signerConf.getPeerCertificates() != null) {
                Iterator<X509Cert> it = signerConf.getPeerCertificates().iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    X509Cert next = it.next();
                    if (algorithm.equalsIgnoreCase(next.getPublicKey().getAlgorithm())) {
                        x509Cert = next;
                        break;
                    }
                }
            }
            if (x509Cert == null) {
                throw new ObjectCreationException("could not find peer certificate for algorithm " + algorithm);
            }
            return new P12XdhMacContentSignerBuilder(fromKeystore, x509Cert).createSigner(dfltSignerParallelism);
        } catch (NoSuchAlgorithmException | NoSuchPaddingException | XiSecurityException e3) {
            throw new ObjectCreationException(String.format("%s: %s", e3.getClass().getName(), e3.getMessage()));
        }
    }

    private static InputStream getInputStream(String str) throws ObjectCreationException {
        if (StringUtil.startsWithIgnoreCase(str, "base64:")) {
            return new ByteArrayInputStream(Base64.decode(str.substring("base64:".length())));
        }
        if (!StringUtil.startsWithIgnoreCase(str, "file:")) {
            throw new ObjectCreationException("unknown content format");
        }
        String substring = str.substring("file:".length());
        try {
            return Files.newInputStream(Paths.get(IoUtil.detectPath(substring), new String[0]), new OpenOption[0]);
        } catch (IOException e) {
            throw new ObjectCreationException("file not found: " + substring);
        }
    }
}
