package org.xipki.security.pkcs12;

import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.Signature;
import java.security.cert.X509Certificate;
import java.security.interfaces.DSAPrivateKey;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.RSAPrivateKey;
import java.util.ArrayList;
import javax.crypto.NoSuchPaddingException;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.gm.GMObjectIdentifiers;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.crypto.ExtendedDigest;
import org.bouncycastle.crypto.Signer;
import org.bouncycastle.crypto.params.RSAKeyParameters;
import org.bouncycastle.crypto.signers.DSADigestSigner;
import org.bouncycastle.crypto.signers.DSASigner;
import org.bouncycastle.crypto.signers.ECDSASigner;
import org.bouncycastle.crypto.signers.RSADigestSigner;
import org.bouncycastle.crypto.signers.SM2Signer;
import org.bouncycastle.jcajce.provider.asymmetric.dsa.DSAUtil;
import org.bouncycastle.jcajce.provider.asymmetric.util.ECUtil;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.bc.BcContentSignerBuilder;
import org.xipki.security.ConcurrentContentSigner;
import org.xipki.security.DSAPlainDigestSigner;
import org.xipki.security.DfltConcurrentContentSigner;
import org.xipki.security.EdECConstants;
import org.xipki.security.SignatureSigner;
import org.xipki.security.XiSecurityException;
import org.xipki.security.XiWrappedContentSigner;
import org.xipki.security.util.AlgorithmUtil;
import org.xipki.security.util.GMUtil;
import org.xipki.security.util.SignerUtil;
import org.xipki.util.Args;
import org.xipki.util.CollectionUtil;

/* loaded from: input_file:org/xipki/security/pkcs12/P12ContentSignerBuilder.class */
public class P12ContentSignerBuilder {
    private static final AlgorithmIdentifier ALGID_SM2_SM3 = new AlgorithmIdentifier(GMObjectIdentifiers.sm2sign_with_sm3);
    private static final AlgorithmIdentifier ALGID_SM3 = new AlgorithmIdentifier(GMObjectIdentifiers.sm3);
    private final PrivateKey key;
    private final PublicKey publicKey;
    private final X509Certificate[] certificateChain;

    /* loaded from: input_file:org/xipki/security/pkcs12/P12ContentSignerBuilder$DSAContentSignerBuilder.class */
    private static class DSAContentSignerBuilder extends BcContentSignerBuilder {
        private final boolean plain;

        private DSAContentSignerBuilder(AlgorithmIdentifier algorithmIdentifier, boolean z) throws NoSuchAlgorithmException {
            super(algorithmIdentifier, AlgorithmUtil.extractDigesetAlgFromSigAlg(algorithmIdentifier));
            this.plain = z;
        }

        protected Signer createSigner(AlgorithmIdentifier algorithmIdentifier, AlgorithmIdentifier algorithmIdentifier2) throws OperatorCreationException {
            if (!AlgorithmUtil.isDSASigAlg(algorithmIdentifier)) {
                throw new OperatorCreationException("the given algorithm is not a valid DSA signature algirthm '" + algorithmIdentifier.getAlgorithm().getId() + "'");
            }
            ExtendedDigest extendedDigest = this.digestProvider.get(algorithmIdentifier2);
            DSASigner dSASigner = new DSASigner();
            return this.plain ? new DSAPlainDigestSigner(dSASigner, extendedDigest) : new DSADigestSigner(dSASigner, extendedDigest);
        }
    }

    /* loaded from: input_file:org/xipki/security/pkcs12/P12ContentSignerBuilder$ECDSAContentSignerBuilder.class */
    private static class ECDSAContentSignerBuilder extends BcContentSignerBuilder {
        private final boolean plain;

        private ECDSAContentSignerBuilder(AlgorithmIdentifier algorithmIdentifier, boolean z) throws NoSuchAlgorithmException {
            super(algorithmIdentifier, AlgorithmUtil.extractDigesetAlgFromSigAlg(algorithmIdentifier));
            this.plain = z;
        }

        protected Signer createSigner(AlgorithmIdentifier algorithmIdentifier, AlgorithmIdentifier algorithmIdentifier2) throws OperatorCreationException {
            if (!AlgorithmUtil.isECSigAlg(algorithmIdentifier)) {
                throw new OperatorCreationException("the given algorithm is not a valid EC signature algorithm '" + algorithmIdentifier.getAlgorithm().getId() + "'");
            }
            ExtendedDigest extendedDigest = this.digestProvider.get(algorithmIdentifier2);
            ECDSASigner eCDSASigner = new ECDSASigner();
            return this.plain ? new DSAPlainDigestSigner(eCDSASigner, extendedDigest) : new DSADigestSigner(eCDSASigner, extendedDigest);
        }
    }

    /* loaded from: input_file:org/xipki/security/pkcs12/P12ContentSignerBuilder$RSAContentSignerBuilder.class */
    private static class RSAContentSignerBuilder extends BcContentSignerBuilder {
        private RSAContentSignerBuilder(AlgorithmIdentifier algorithmIdentifier) throws NoSuchAlgorithmException, NoSuchPaddingException {
            super(algorithmIdentifier, AlgorithmUtil.extractDigesetAlgFromSigAlg(algorithmIdentifier));
        }

        protected Signer createSigner(AlgorithmIdentifier algorithmIdentifier, AlgorithmIdentifier algorithmIdentifier2) throws OperatorCreationException {
            if (!AlgorithmUtil.isRSASigAlgId(algorithmIdentifier)) {
                throw new OperatorCreationException("the given algorithm is not a valid RSA signature algirthm '" + algorithmIdentifier.getAlgorithm().getId() + "'");
            }
            if (!PKCSObjectIdentifiers.id_RSASSA_PSS.equals(algorithmIdentifier.getAlgorithm())) {
                return new RSADigestSigner(this.digestProvider.get(algorithmIdentifier2));
            }
            try {
                return SignerUtil.createPSSRSASigner(algorithmIdentifier);
            } catch (XiSecurityException e) {
                throw new OperatorCreationException(e.getMessage(), e);
            }
        }
    }

    /* loaded from: input_file:org/xipki/security/pkcs12/P12ContentSignerBuilder$SM2ContentSignerBuilder.class */
    private static class SM2ContentSignerBuilder extends BcContentSignerBuilder {
        private SM2ContentSignerBuilder() throws NoSuchAlgorithmException {
            super(P12ContentSignerBuilder.ALGID_SM2_SM3, P12ContentSignerBuilder.ALGID_SM3);
        }

        protected Signer createSigner(AlgorithmIdentifier algorithmIdentifier, AlgorithmIdentifier algorithmIdentifier2) throws OperatorCreationException {
            if (AlgorithmUtil.isSM2SigAlg(algorithmIdentifier)) {
                return new SM2Signer();
            }
            throw new OperatorCreationException("the given algorithm is not a valid EC signature algorithm '" + algorithmIdentifier.getAlgorithm().getId() + "'");
        }
    }

    public P12ContentSignerBuilder(PrivateKey privateKey, PublicKey publicKey) throws XiSecurityException {
        this.key = (PrivateKey) Args.notNull(privateKey, "privateKey");
        this.publicKey = (PublicKey) Args.notNull(publicKey, "publicKey");
        this.certificateChain = null;
    }

    public P12ContentSignerBuilder(KeypairWithCert keypairWithCert) throws XiSecurityException {
        Args.notNull(keypairWithCert, "keypairWithCert");
        this.key = keypairWithCert.getKey();
        this.publicKey = keypairWithCert.getPublicKey();
        this.certificateChain = keypairWithCert.getCertificateChain();
    }

    public ConcurrentContentSigner createSigner(AlgorithmIdentifier algorithmIdentifier, int i, SecureRandom secureRandom) throws XiSecurityException, NoSuchPaddingException {
        RSAKeyParameters generatePrivateKeyParameter;
        BcContentSignerBuilder sM2ContentSignerBuilder;
        Args.notNull(algorithmIdentifier, "signatureAlgId");
        Args.positive(i, "parallelism");
        ArrayList arrayList = new ArrayList(i);
        String str = null;
        if (AlgorithmUtil.isRSASigAlgId(algorithmIdentifier)) {
            str = "SunRsaSign";
        } else if (AlgorithmUtil.isECSigAlg(algorithmIdentifier)) {
            str = null;
        } else if (AlgorithmUtil.isDSASigAlg(algorithmIdentifier)) {
            str = "SUN";
        } else {
            ASN1ObjectIdentifier algorithm = algorithmIdentifier.getAlgorithm();
            if (EdECConstants.id_Ed25519.equals(algorithm) || EdECConstants.id_Ed448.equals(algorithm)) {
                str = "BC";
            }
        }
        if (str != null && Security.getProvider(str) != null) {
            try {
                String signatureAlgoName = AlgorithmUtil.getSignatureAlgoName(algorithmIdentifier);
                for (int i2 = 0; i2 < i; i2++) {
                    try {
                        Signature signature = Signature.getInstance(signatureAlgoName, str);
                        signature.initSign(this.key);
                        if (i2 == 0) {
                            signature.update(new byte[]{1, 2, 3, 4});
                            signature.sign();
                        }
                        arrayList.add(new SignatureSigner(algorithmIdentifier, signature, this.key));
                    } catch (Exception e) {
                        arrayList.clear();
                    }
                }
            } catch (NoSuchAlgorithmException e2) {
                throw new XiSecurityException(e2.getMessage());
            }
        }
        if (CollectionUtil.isEmpty(arrayList)) {
            try {
                if (this.key instanceof RSAPrivateKey) {
                    generatePrivateKeyParameter = SignerUtil.generateRSAPrivateKeyParameter((RSAPrivateKey) this.key);
                    sM2ContentSignerBuilder = new RSAContentSignerBuilder(algorithmIdentifier);
                } else if (this.key instanceof DSAPrivateKey) {
                    generatePrivateKeyParameter = DSAUtil.generatePrivateKeyParameter(this.key);
                    sM2ContentSignerBuilder = new DSAContentSignerBuilder(algorithmIdentifier, AlgorithmUtil.isDSAPlainSigAlg(algorithmIdentifier));
                } else {
                    if (!(this.key instanceof ECPrivateKey)) {
                        throw new XiSecurityException("unsupported key " + this.key.getClass().getName());
                    }
                    generatePrivateKeyParameter = ECUtil.generatePrivateKeyParameter(this.key);
                    sM2ContentSignerBuilder = GMUtil.isSm2primev2Curve(((ECPrivateKey) this.key).getParams().getCurve()) ? new SM2ContentSignerBuilder() : new ECDSAContentSignerBuilder(algorithmIdentifier, AlgorithmUtil.isDSAPlainSigAlg(algorithmIdentifier));
                }
                for (int i3 = 0; i3 < i; i3++) {
                    if (secureRandom != null) {
                        sM2ContentSignerBuilder.setSecureRandom(secureRandom);
                    }
                    try {
                        arrayList.add(new XiWrappedContentSigner(sM2ContentSignerBuilder.build(generatePrivateKeyParameter), true));
                    } catch (OperatorCreationException e3) {
                        throw new XiSecurityException("operator creation error", e3);
                    }
                }
            } catch (InvalidKeyException e4) {
                throw new XiSecurityException("invalid key", e4);
            } catch (NoSuchAlgorithmException e5) {
                throw new XiSecurityException("no such algorithm", e5);
            }
        }
        try {
            DfltConcurrentContentSigner dfltConcurrentContentSigner = new DfltConcurrentContentSigner(false, arrayList, this.key);
            if (this.certificateChain != null) {
                dfltConcurrentContentSigner.setCertificateChain(this.certificateChain);
            } else {
                dfltConcurrentContentSigner.setPublicKey(this.publicKey);
            }
            return dfltConcurrentContentSigner;
        } catch (NoSuchAlgorithmException e6) {
            throw new XiSecurityException(e6.getMessage(), e6);
        }
    }

    public X509Certificate getCertificate() {
        if (this.certificateChain == null || this.certificateChain.length <= 0) {
            return null;
        }
        return this.certificateChain[0];
    }

    public X509Certificate[] getCertificateChain() {
        return this.certificateChain;
    }

    public PrivateKey getKey() {
        return this.key;
    }
}
