package net.jsign.jca;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStoreException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.function.Function;
import java.util.stream.Collectors;
import javax.smartcardio.CardException;
import net.jsign.DigestAlgorithm;
import net.jsign.jca.OpenPGPCard;
import org.bouncycastle.asn1.DERNull;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.DigestInfo;

/* loaded from: input_file:net/jsign/jca/OpenPGPCardSigningService.class */
public class OpenPGPCardSigningService implements SigningService {
    private final OpenPGPCard pgpcard;
    private final Function<String, Certificate[]> certificateStore;

    public OpenPGPCardSigningService(String str, Function<String, Certificate[]> function) throws CardException {
        this(null, str, function);
    }

    public OpenPGPCardSigningService(String str, String str2, Function<String, Certificate[]> function) throws CardException {
        OpenPGPCard card = OpenPGPCard.getCard(str);
        if (card == null) {
            throw new CardException("OpenPGP card not found");
        }
        this.certificateStore = function;
        this.pgpcard = card;
        this.pgpcard.verify(str2);
    }

    @Override // net.jsign.jca.SigningService
    public String getName() {
        return "OPENPGP";
    }

    @Override // net.jsign.jca.SigningService
    public List<String> aliases() throws KeyStoreException {
        try {
            return (List) this.pgpcard.getAvailableKeys().stream().map((v0) -> {
                return v0.name();
            }).collect(Collectors.toList());
        } catch (CardException e) {
            throw new KeyStoreException((Throwable) e);
        }
    }

    @Override // net.jsign.jca.SigningService
    public Certificate[] getCertificateChain(String str) throws KeyStoreException {
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        try {
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(this.pgpcard.getCertificate(OpenPGPCard.Key.valueOf(str)));
            byteArrayInputStream.mark(0);
            if (byteArrayInputStream.available() > 0) {
                CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
                try {
                    for (Certificate certificate : (Certificate[]) certificateFactory.generateCertPath(byteArrayInputStream).getCertificates().toArray(new Certificate[0])) {
                        linkedHashMap.put(((X509Certificate) certificate).getSubjectX500Principal().getName(), certificate);
                    }
                } catch (CertificateException e) {
                    byteArrayInputStream.reset();
                    Certificate generateCertificate = certificateFactory.generateCertificate(byteArrayInputStream);
                    linkedHashMap.put(((X509Certificate) generateCertificate).getSubjectX500Principal().getName(), generateCertificate);
                }
            }
            if (this.certificateStore != null) {
                for (Certificate certificate2 : this.certificateStore.apply(str)) {
                    linkedHashMap.put(((X509Certificate) certificate2).getSubjectX500Principal().getName(), certificate2);
                }
            }
            return (Certificate[]) linkedHashMap.values().toArray(new Certificate[0]);
        } catch (CardException | CertificateException e2) {
            throw new KeyStoreException((Throwable) e2);
        }
    }

    @Override // net.jsign.jca.SigningService
    public SigningServicePrivateKey getPrivateKey(String str, char[] cArr) throws UnrecoverableKeyException {
        String str2;
        try {
            OpenPGPCard.KeyInfo keyInfo = this.pgpcard.getKeyInfo(OpenPGPCard.Key.valueOf(str));
            if (keyInfo.isRSA()) {
                str2 = "RSA";
            } else {
                if (!keyInfo.isEC()) {
                    throw new UnrecoverableKeyException("Unsupported key algorithm " + keyInfo.algorithm + " for key " + str);
                }
                str2 = "ECDSA";
            }
            return new SigningServicePrivateKey(str, str2, this);
        } catch (CardException e) {
            throw ((UnrecoverableKeyException) new UnrecoverableKeyException("Unable to retrieve the info for key " + str).initCause(e));
        }
    }

    @Override // net.jsign.jca.SigningService
    public byte[] sign(SigningServicePrivateKey signingServicePrivateKey, String str, byte[] bArr) throws GeneralSecurityException {
        byte[] copyOf;
        DigestAlgorithm of = DigestAlgorithm.of(str.substring(0, str.toLowerCase().indexOf("with")));
        byte[] digest = of.getMessageDigest().digest(bArr);
        try {
            if ("RSA".equals(signingServicePrivateKey.getAlgorithm())) {
                copyOf = new DigestInfo(new AlgorithmIdentifier(of.oid, DERNull.INSTANCE), digest).getEncoded("DER");
            } else {
                OpenPGPCard.KeyInfo keyInfo = this.pgpcard.getKeyInfo(OpenPGPCard.Key.valueOf(signingServicePrivateKey.getId()));
                copyOf = digest.length > keyInfo.size / 8 ? Arrays.copyOf(digest, keyInfo.size / 8) : digest;
            }
            return this.pgpcard.sign(OpenPGPCard.Key.valueOf(signingServicePrivateKey.getId()), copyOf);
        } catch (CardException | IOException e) {
            throw new GeneralSecurityException((Throwable) e);
        }
    }
}
