package org.xipki.security;

import java.io.ByteArrayInputStream;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.InputStream;
import java.security.NoSuchAlgorithmException;
import java.security.cert.X509Certificate;
import java.util.Iterator;
import java.util.concurrent.ConcurrentLinkedDeque;
import javax.crypto.NoSuchPaddingException;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.util.encoders.Hex;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.xipki.common.ObjectCreationException;
import org.xipki.common.util.Base64;
import org.xipki.common.util.IoUtil;
import org.xipki.common.util.ParamUtil;
import org.xipki.common.util.StringUtil;
import org.xipki.password.PasswordResolver;
import org.xipki.password.PasswordResolverException;
import org.xipki.security.exception.P11TokenException;
import org.xipki.security.exception.XiSecurityException;
import org.xipki.security.pkcs11.P11ContentSignerBuilder;
import org.xipki.security.pkcs11.P11CryptService;
import org.xipki.security.pkcs11.P11CryptServiceFactory;
import org.xipki.security.pkcs11.P11EntityIdentifier;
import org.xipki.security.pkcs11.P11MacContentSignerBuilder;
import org.xipki.security.pkcs11.P11Module;
import org.xipki.security.pkcs11.P11ObjectIdentifier;
import org.xipki.security.pkcs11.P11Slot;
import org.xipki.security.pkcs11.P11SlotIdentifier;
import org.xipki.security.pkcs12.SoftTokenContentSignerBuilder;
import org.xipki.security.pkcs12.SoftTokenMacContentSignerBuilder;
import org.xipki.security.util.AlgorithmUtil;

/* loaded from: input_file:org/xipki/security/SignerFactoryRegisterImpl.class */
public class SignerFactoryRegisterImpl implements SignerFactoryRegister {
    private static final Logger LOG = LoggerFactory.getLogger(SignerFactoryRegisterImpl.class);
    private P11CryptServiceFactory p11CryptServiceFactory;
    private ConcurrentLinkedDeque<SignerFactory> services = new ConcurrentLinkedDeque<>();

    public void setP11CryptServiceFactory(P11CryptServiceFactory p11CryptServiceFactory) {
        this.p11CryptServiceFactory = p11CryptServiceFactory;
    }

    public void bindService(SignerFactory signerFactory) {
        if (signerFactory == null) {
            LOG.info("bindService invoked with null.");
            return;
        }
        boolean remove = this.services.remove(signerFactory);
        this.services.add(signerFactory);
        LOG.info("{} SignerFactory binding for {}", remove ? "replaced" : "added", signerFactory);
    }

    public void unbindService(SignerFactory signerFactory) {
        if (signerFactory == null) {
            LOG.info("unbindService invoked with null.");
        } else if (this.services.remove(signerFactory)) {
            LOG.info("removed SignerFactory binding for {}", signerFactory);
        } else {
            LOG.info("no SignerFactory binding found to remove for '{}'", signerFactory);
        }
    }

    @Override // org.xipki.security.SignerFactoryRegister
    public ConcurrentContentSigner newSigner(SecurityFactory securityFactory, String str, SignerConf signerConf, X509Certificate[] x509CertificateArr) throws ObjectCreationException {
        ParamUtil.requireNonBlank("type", str);
        if ("PKCS12".equalsIgnoreCase(str) || "JKS".equalsIgnoreCase(str) || "JCEKS".equalsIgnoreCase(str)) {
            return newKeystoreSigner(securityFactory, str, signerConf, x509CertificateArr);
        }
        if ("PKCS11".equalsIgnoreCase(str)) {
            return newPkcs11Signer(securityFactory, str, signerConf, x509CertificateArr);
        }
        Iterator<SignerFactory> it = this.services.iterator();
        while (it.hasNext()) {
            SignerFactory next = it.next();
            if (next.canCreateSigner(str)) {
                return next.newSigner(str, signerConf, x509CertificateArr);
            }
        }
        throw new ObjectCreationException("could not find Factory to create Signer of type '" + str + "'");
    }

    private ConcurrentContentSigner newKeystoreSigner(SecurityFactory securityFactory, String str, SignerConf signerConf, X509Certificate[] x509CertificateArr) throws ObjectCreationException {
        char[] resolvePassword;
        InputStream fileInputStream;
        String confValue = signerConf.getConfValue("parallelism");
        int defaultSignerParallelism = securityFactory.getDefaultSignerParallelism();
        if (confValue != null) {
            try {
                defaultSignerParallelism = Integer.parseInt(confValue);
                if (defaultSignerParallelism < 1) {
                    throw new ObjectCreationException("invalid parallelism " + confValue);
                }
            } catch (NumberFormatException e) {
                throw new ObjectCreationException("invalid parallelism " + confValue);
            }
        }
        String confValue2 = signerConf.getConfValue("password");
        if (confValue2 == null) {
            resolvePassword = null;
        } else {
            PasswordResolver passwordResolver = securityFactory.getPasswordResolver();
            if (passwordResolver == null) {
                resolvePassword = confValue2.toCharArray();
            } else {
                try {
                    resolvePassword = passwordResolver.resolvePassword(confValue2);
                } catch (PasswordResolverException e2) {
                    throw new ObjectCreationException("could not resolve password. Message: " + e2.getMessage());
                }
            }
        }
        String confValue3 = signerConf.getConfValue("keystore");
        String confValue4 = signerConf.getConfValue("key-label");
        if (StringUtil.startsWithIgnoreCase(confValue3, "base64:")) {
            fileInputStream = new ByteArrayInputStream(Base64.decode(confValue3.substring("base64:".length())));
        } else {
            if (!StringUtil.startsWithIgnoreCase(confValue3, "file:")) {
                throw new ObjectCreationException("unknown keystore content format");
            }
            String substring = confValue3.substring("file:".length());
            try {
                fileInputStream = new FileInputStream(IoUtil.expandFilepath(substring));
            } catch (FileNotFoundException e3) {
                throw new ObjectCreationException("file not found: " + substring);
            }
        }
        try {
            AlgorithmIdentifier algorithmIdentifier = null;
            String confValue5 = signerConf.getConfValue("algo");
            if (confValue5 != null) {
                try {
                    algorithmIdentifier = AlgorithmUtil.getMacAlgId(confValue5);
                } catch (NoSuchAlgorithmException e4) {
                }
            }
            if (algorithmIdentifier != null) {
                return new SoftTokenMacContentSignerBuilder(str, fileInputStream, resolvePassword, confValue4, resolvePassword).createSigner(algorithmIdentifier, defaultSignerParallelism, securityFactory.getRandom4Sign());
            }
            SoftTokenContentSignerBuilder softTokenContentSignerBuilder = new SoftTokenContentSignerBuilder(str, fileInputStream, resolvePassword, confValue4, resolvePassword, x509CertificateArr);
            return softTokenContentSignerBuilder.createSigner(signerConf.hashAlgo() == null ? AlgorithmUtil.getSigAlgId(null, signerConf) : AlgorithmUtil.getSigAlgId(softTokenContentSignerBuilder.certificate().getPublicKey(), signerConf), defaultSignerParallelism, securityFactory.getRandom4Sign());
        } catch (NoSuchAlgorithmException | NoSuchPaddingException | XiSecurityException e5) {
            throw new ObjectCreationException(String.format("%s: %s", e5.getClass().getName(), e5.getMessage()));
        }
    }

    public ConcurrentContentSigner newPkcs11Signer(SecurityFactory securityFactory, String str, SignerConf signerConf, X509Certificate[] x509CertificateArr) throws ObjectCreationException {
        P11SlotIdentifier slotIdForIndex;
        if (this.p11CryptServiceFactory == null) {
            throw new ObjectCreationException("p11CryptServiceFactory is not set");
        }
        String confValue = signerConf.getConfValue("parallelism");
        int defaultSignerParallelism = securityFactory.getDefaultSignerParallelism();
        if (confValue != null) {
            try {
                defaultSignerParallelism = Integer.parseInt(confValue);
                if (defaultSignerParallelism < 1) {
                    throw new ObjectCreationException("invalid parallelism " + confValue);
                }
            } catch (NumberFormatException e) {
                throw new ObjectCreationException("invalid parallelism " + confValue);
            }
        }
        String confValue2 = signerConf.getConfValue("module");
        String confValue3 = signerConf.getConfValue("slot");
        Integer valueOf = confValue3 == null ? null : Integer.valueOf(Integer.parseInt(confValue3));
        String confValue4 = signerConf.getConfValue("slot-id");
        Long valueOf2 = confValue4 == null ? null : Long.valueOf(Long.parseLong(confValue4));
        if ((valueOf == null && valueOf2 == null) || (valueOf != null && valueOf2 != null)) {
            throw new ObjectCreationException("exactly one of slot (index) and slot-id must be specified");
        }
        String confValue5 = signerConf.getConfValue("key-label");
        String confValue6 = signerConf.getConfValue("key-id");
        byte[] bArr = null;
        if (confValue6 != null) {
            bArr = Hex.decode(confValue6);
        }
        if ((bArr == null && confValue5 == null) || (bArr != null && confValue5 != null)) {
            throw new ObjectCreationException("exactly one of key-id and key-label must be specified");
        }
        try {
            P11CryptService p11CryptService = this.p11CryptServiceFactory.getP11CryptService(confValue2);
            P11Module module = p11CryptService.module();
            if (valueOf2 != null) {
                slotIdForIndex = module.getSlotIdForId(valueOf2.longValue());
            } else {
                if (valueOf == null) {
                    throw new RuntimeException("should not reach here");
                }
                slotIdForIndex = module.getSlotIdForIndex(valueOf.intValue());
            }
            P11Slot slot = module.getSlot(slotIdForIndex);
            P11ObjectIdentifier objectIdForId = bArr != null ? slot.getObjectIdForId(bArr) : slot.getObjectIdForLabel(confValue5);
            if (objectIdForId == null) {
                throw new ObjectCreationException("cound not find identity with " + (bArr != null ? "id " + Hex.toHexString(bArr) : "label " + confValue5));
            }
            P11EntityIdentifier p11EntityIdentifier = new P11EntityIdentifier(slot.slotId(), objectIdForId);
            try {
                AlgorithmIdentifier algorithmIdentifier = null;
                String confValue7 = signerConf.getConfValue("algo");
                if (confValue7 != null) {
                    try {
                        algorithmIdentifier = AlgorithmUtil.getMacAlgId(confValue7);
                    } catch (NoSuchAlgorithmException e2) {
                    }
                }
                if (algorithmIdentifier != null) {
                    return new P11MacContentSignerBuilder(p11CryptService, p11EntityIdentifier).createSigner(algorithmIdentifier, defaultSignerParallelism);
                }
                return new P11ContentSignerBuilder(p11CryptService, securityFactory, p11EntityIdentifier, x509CertificateArr).createSigner(signerConf.hashAlgo() == null ? AlgorithmUtil.getSigAlgId(null, signerConf) : AlgorithmUtil.getSigAlgId(slot.getIdentity(objectIdForId).publicKey(), signerConf), defaultSignerParallelism);
            } catch (NoSuchAlgorithmException | P11TokenException | XiSecurityException e3) {
                throw new ObjectCreationException(e3.getMessage(), e3);
            }
        } catch (P11TokenException | XiSecurityException e4) {
            throw new ObjectCreationException(e4.getMessage(), e4);
        }
    }
}
