package org.xipki.security.pkcs11;

import java.security.NoSuchAlgorithmException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.Set;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.xipki.security.ConcurrentContentSigner;
import org.xipki.security.SecurityFactory;
import org.xipki.security.SignerConf;
import org.xipki.security.SignerFactory;
import org.xipki.security.XiSecurityException;
import org.xipki.security.util.AlgorithmUtil;
import org.xipki.util.Hex;
import org.xipki.util.LogUtil;
import org.xipki.util.ObjectCreationException;

/* loaded from: input_file:org/xipki/security/pkcs11/P11SignerFactory.class */
public class P11SignerFactory implements SignerFactory {
    private static final Logger LOG = LoggerFactory.getLogger(P11SignerFactory.class);
    private static final String TYPE = "pkcs11";
    private static final Set<String> types = Collections.unmodifiableSet(new HashSet(Arrays.asList(TYPE)));
    private P11CryptServiceFactory p11CryptServiceFactory;
    private SecurityFactory securityFactory;

    public void setP11CryptServiceFactory(P11CryptServiceFactory p11CryptServiceFactory) {
        this.p11CryptServiceFactory = p11CryptServiceFactory;
    }

    public void setSecurityFactory(SecurityFactory securityFactory) {
        this.securityFactory = securityFactory;
    }

    @Override // org.xipki.security.SignerFactory
    public Set<String> getSupportedSignerTypes() {
        return types;
    }

    @Override // org.xipki.security.SignerFactory
    public boolean canCreateSigner(String str) {
        return types.contains(str.toLowerCase());
    }

    @Override // org.xipki.security.SignerFactory
    public ConcurrentContentSigner newSigner(String str, SignerConf signerConf, X509Certificate[] x509CertificateArr) throws ObjectCreationException {
        P11SlotIdentifier slotIdForIndex;
        if (!TYPE.equalsIgnoreCase(str)) {
            throw new ObjectCreationException("unknown signer type " + str);
        }
        if (this.p11CryptServiceFactory == null) {
            throw new ObjectCreationException("p11CryptServiceFactory is not set");
        }
        if (this.securityFactory == null) {
            throw new ObjectCreationException("securityFactory is not set");
        }
        String confValue = signerConf.getConfValue("parallelism");
        int dfltSignerParallelism = this.securityFactory.getDfltSignerParallelism();
        if (confValue != null) {
            try {
                dfltSignerParallelism = Integer.parseInt(confValue);
                if (dfltSignerParallelism < 1) {
                    throw new ObjectCreationException("invalid parallelism " + confValue);
                }
            } catch (NumberFormatException e) {
                throw new ObjectCreationException("invalid parallelism " + confValue);
            }
        }
        String confValue2 = signerConf.getConfValue("module");
        String confValue3 = signerConf.getConfValue("slot");
        Integer valueOf = confValue3 == null ? null : Integer.valueOf(Integer.parseInt(confValue3));
        String confValue4 = signerConf.getConfValue("slot-id");
        Long valueOf2 = confValue4 == null ? null : Long.valueOf(Long.parseLong(confValue4));
        if ((valueOf == null && valueOf2 == null) || (valueOf != null && valueOf2 != null)) {
            throw new ObjectCreationException("exactly one of slot (index) and slot-id must be specified");
        }
        String confValue5 = signerConf.getConfValue("key-label");
        String confValue6 = signerConf.getConfValue("key-id");
        byte[] bArr = null;
        if (confValue6 != null) {
            bArr = Hex.decode(confValue6);
        }
        if ((bArr == null && confValue5 == null) || (bArr != null && confValue5 != null)) {
            throw new ObjectCreationException("exactly one of key-id and key-label must be specified");
        }
        try {
            P11CryptService p11CryptService = this.p11CryptServiceFactory.getP11CryptService(confValue2);
            P11Module module = p11CryptService.getModule();
            if (valueOf2 != null) {
                slotIdForIndex = module.getSlotIdForId(valueOf2.longValue());
            } else {
                if (valueOf == null) {
                    throw new IllegalStateException("should not reach here");
                }
                slotIdForIndex = module.getSlotIdForIndex(valueOf.intValue());
            }
            P11Slot slot = module.getSlot(slotIdForIndex);
            P11IdentityId identityId = slot.getIdentityId(bArr, confValue5);
            if (identityId == null) {
                throw new ObjectCreationException("cound not find identity with " + (bArr != null ? "id " + Hex.encode(bArr) : "label " + confValue5));
            }
            try {
                AlgorithmIdentifier algorithmIdentifier = null;
                String confValue7 = signerConf.getConfValue("algo");
                if (confValue7 != null) {
                    try {
                        algorithmIdentifier = AlgorithmUtil.getMacAlgId(confValue7);
                    } catch (NoSuchAlgorithmException e2) {
                    }
                }
                if (algorithmIdentifier != null) {
                    return new P11MacContentSignerBuilder(p11CryptService, identityId).createSigner(algorithmIdentifier, dfltSignerParallelism);
                }
                return new P11ContentSignerBuilder(p11CryptService, this.securityFactory, identityId, x509CertificateArr).createSigner(signerConf.getHashAlgo() == null ? AlgorithmUtil.getSigAlgId(null, signerConf) : AlgorithmUtil.getSigAlgId(slot.getIdentity(identityId.getKeyId()).getPublicKey(), signerConf), dfltSignerParallelism);
            } catch (NoSuchAlgorithmException | XiSecurityException | P11TokenException e3) {
                throw new ObjectCreationException(e3.getMessage(), e3);
            }
        } catch (XiSecurityException | P11TokenException e4) {
            throw new ObjectCreationException(e4.getMessage(), e4);
        }
    }

    @Override // org.xipki.security.SignerFactory
    public void refreshToken(String str) throws XiSecurityException {
        if (TYPE.equalsIgnoreCase(str)) {
            HashSet hashSet = new HashSet(2);
            for (String str2 : this.p11CryptServiceFactory.getModuleNames()) {
                try {
                    this.p11CryptServiceFactory.getP11CryptService(str2).refresh();
                } catch (P11TokenException e) {
                    LogUtil.error(LOG, e, "could not refresh PKCS#11 module " + str2);
                    hashSet.add(str2);
                }
            }
            if (!hashSet.isEmpty()) {
                throw new XiSecurityException("could not refreshed modules " + hashSet);
            }
        }
    }
}
