package net.jsign.jca;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.KeyStoreException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.util.ArrayList;
import java.util.Base64;
import java.util.HashMap;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import net.jsign.DigestAlgorithm;

/* loaded from: input_file:net/jsign/jca/SignPathSigningService.class */
public class SignPathSigningService implements SigningService {
    private final Map<String, Map<String, ?>> certificates;
    private final RESTClient client;

    public SignPathSigningService(String str, String str2) {
        this("https://app.signpath.io/API/v1", str, str2);
    }

    SignPathSigningService(String str, String str2, String str3) {
        this.certificates = new HashMap();
        this.client = new RESTClient(str + "/" + str2).authentication(httpURLConnection -> {
            httpURLConnection.setRequestProperty("Authorization", "Bearer " + str3);
        }).errorHandler(map -> {
            return map.get("status") + " - " + map.get("title") + " - " + JsonWriter.format(map.get("errors"));
        });
    }

    @Override // net.jsign.jca.SigningService
    public String getName() {
        return "SignPath";
    }

    private void loadKeyStore() throws KeyStoreException {
        if (this.certificates.isEmpty()) {
            try {
                for (Object obj : (Object[]) this.client.get("/Cryptoki/MySigningPolicies").get("signingPolicies")) {
                    this.certificates.put(((Map) obj).get("projectSlug") + "/" + ((Map) obj).get("signingPolicySlug"), (Map) obj);
                }
            } catch (IOException e) {
                throw new KeyStoreException("Unable to retrieve the SignPath signing policies", e);
            }
        }
    }

    @Override // net.jsign.jca.SigningService
    public List<String> aliases() throws KeyStoreException {
        loadKeyStore();
        return new ArrayList(this.certificates.keySet());
    }

    @Override // net.jsign.jca.SigningService
    public Certificate[] getCertificateChain(String str) throws KeyStoreException {
        loadKeyStore();
        Map<String, ?> map = this.certificates.get(str);
        if (map == null) {
            throw new KeyStoreException("Unable to retrieve SignPath signing policy '" + str + "'");
        }
        try {
            return new Certificate[]{CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(Base64.getDecoder().decode((String) map.get("certificateBytes"))))};
        } catch (CertificateException e) {
            throw new KeyStoreException(e);
        }
    }

    private String getAlgorithm(String str) throws KeyStoreException {
        String str2;
        loadKeyStore();
        Map<String, ?> map = this.certificates.get(str);
        if (map == null || (str2 = (String) map.get("keyType")) == null) {
            return null;
        }
        return str2.toUpperCase();
    }

    @Override // net.jsign.jca.SigningService
    public SigningServicePrivateKey getPrivateKey(String str, char[] cArr) throws UnrecoverableKeyException {
        try {
            String algorithm = getAlgorithm(str);
            if (algorithm == null) {
                throw new UnrecoverableKeyException("Unable to initialize the SignPath private key for the certificate '" + str + "'");
            }
            return new SigningServicePrivateKey(str, algorithm, this);
        } catch (KeyStoreException e) {
            throw ((UnrecoverableKeyException) new UnrecoverableKeyException(e.getMessage()).initCause(e));
        }
    }

    @Override // net.jsign.jca.SigningService
    public byte[] sign(SigningServicePrivateKey signingServicePrivateKey, String str, byte[] bArr) throws GeneralSecurityException {
        DigestAlgorithm of = DigestAlgorithm.of(str.substring(0, str.toLowerCase().indexOf("with")));
        byte[] digest = of.getMessageDigest().digest(bArr);
        String[] split = signingServicePrivateKey.getId().split("/");
        String str2 = split[0];
        String str3 = split[1];
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        linkedHashMap.put("SignatureAlgorithm", "RsaPkcs1");
        linkedHashMap.put("RsaHashAlgorithm", of.oid.toString());
        linkedHashMap.put("Base64EncodedHash", Base64.getEncoder().encodeToString(digest));
        LinkedHashMap linkedHashMap2 = new LinkedHashMap();
        linkedHashMap2.put("ProjectSlug", str2);
        linkedHashMap2.put("SigningPolicySlug", str3);
        linkedHashMap2.put("IsFastSigningRequest", "true");
        linkedHashMap2.put("Artifact", JsonWriter.format(linkedHashMap).getBytes(StandardCharsets.UTF_8));
        try {
            return Base64.getDecoder().decode((String) this.client.post("/SigningRequests", (Map<String, ?>) linkedHashMap2, true).get("Signature"));
        } catch (IOException e) {
            throw new GeneralSecurityException(e);
        }
    }
}
