package net.jsign.jca;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStoreException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.util.ArrayList;
import java.util.Base64;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import net.jsign.DigestAlgorithm;

/* loaded from: input_file:net/jsign/jca/GaraSignSigningService.class */
public class GaraSignSigningService implements SigningService {
    private final String endpoint;
    private final RESTClient client;
    private final GaraSignCredentials credentials;
    private final Map<String, Map<String, ?>> certificates = new LinkedHashMap();
    private long timeout = 3600;

    public GaraSignSigningService(String str, GaraSignCredentials garaSignCredentials) {
        this.endpoint = str != null ? str : "https://garasign.com:8443/CodeSigningRestService/";
        this.credentials = garaSignCredentials;
        this.client = new RESTClient(str);
    }

    void setTimeout(int i) {
        this.timeout = i;
    }

    @Override // net.jsign.jca.SigningService
    public String getName() {
        return "GaraSign";
    }

    private void loadKeyStore() throws KeyStoreException {
        if (this.certificates.isEmpty()) {
            try {
                LinkedHashMap linkedHashMap = new LinkedHashMap();
                linkedHashMap.put("api_version", "1.0");
                linkedHashMap.put("session_token", this.credentials.getSessionToken(this.endpoint));
                Map<String, ?> post = this.client.post("/keystore", linkedHashMap);
                if (!"SUCCESS".equals((String) post.get("status"))) {
                    throw new KeyStoreException("Unable to retrieve the GaraSign keystore: " + post.get("message"));
                }
                for (Object obj : (Object[]) post.get("keys")) {
                    this.certificates.put((String) ((Map) obj).get("name"), (Map) obj);
                }
            } catch (IOException e) {
                throw new KeyStoreException("Unable to retrieve the GaraSign keystore", e);
            }
        }
    }

    @Override // net.jsign.jca.SigningService
    public List<String> aliases() throws KeyStoreException {
        loadKeyStore();
        return new ArrayList(this.certificates.keySet());
    }

    @Override // net.jsign.jca.SigningService
    public Certificate[] getCertificateChain(String str) throws KeyStoreException {
        loadKeyStore();
        Map<String, ?> map = this.certificates.get(str);
        if (map == null) {
            throw new KeyStoreException("Unable to retrieve GaraSign certificate '" + str + "'");
        }
        Object[] objArr = (Object[]) map.get("certChain");
        Certificate[] certificateArr = new Certificate[objArr.length];
        for (int i = 0; i < objArr.length; i++) {
            try {
                certificateArr[i] = CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(decode((Object[]) objArr[i])));
            } catch (CertificateException e) {
                throw new KeyStoreException(e);
            }
        }
        return certificateArr;
    }

    private String getAlgorithm(String str) throws KeyStoreException {
        loadKeyStore();
        Map<String, ?> map = this.certificates.get(str);
        if (map == null) {
            return null;
        }
        return (String) map.get("algorithm");
    }

    @Override // net.jsign.jca.SigningService
    public SigningServicePrivateKey getPrivateKey(String str, char[] cArr) throws UnrecoverableKeyException {
        try {
            String algorithm = getAlgorithm(str);
            if (algorithm == null) {
                throw new UnrecoverableKeyException("Unable to fetch GaraSign private key for the certificate '" + str + "'");
            }
            return new SigningServicePrivateKey(str, algorithm, this);
        } catch (KeyStoreException e) {
            throw ((UnrecoverableKeyException) new UnrecoverableKeyException().initCause(e));
        }
    }

    @Override // net.jsign.jca.SigningService
    public byte[] sign(SigningServicePrivateKey signingServicePrivateKey, String str, byte[] bArr) throws GeneralSecurityException {
        byte[] digest = DigestAlgorithm.of(str.substring(0, str.toLowerCase().indexOf("with"))).getMessageDigest().digest(bArr);
        try {
            LinkedHashMap linkedHashMap = new LinkedHashMap();
            linkedHashMap.put("api_version", "1.0");
            linkedHashMap.put("session_token", this.credentials.getSessionToken(this.endpoint));
            linkedHashMap.put("key_name", signingServicePrivateKey.getId());
            linkedHashMap.put("signature_scheme", str);
            linkedHashMap.put("data_to_sign", Base64.getEncoder().encodeToString(digest));
            Map<String, ?> post = this.client.post("/sign", linkedHashMap);
            String str2 = (String) post.get("status");
            if ("FAILURE".equals(str2)) {
                throw new IOException("Signing operation failed: " + post.get("message"));
            }
            String str3 = (String) post.get("requestId");
            linkedHashMap.put("request_id", str3);
            linkedHashMap.remove("key_name");
            linkedHashMap.remove("signature_scheme");
            linkedHashMap.remove("data_to_sign");
            String str4 = null;
            if ("IN_PROGRESS".equals(str2)) {
                long currentTimeMillis = System.currentTimeMillis();
                int i = 0;
                while (true) {
                    if (System.currentTimeMillis() - currentTimeMillis >= this.timeout * 1000) {
                        break;
                    }
                    try {
                        int i2 = i;
                        i++;
                        Thread.sleep(Math.min(1000, 100 + (100 * i2)));
                        post = this.client.post("/sign", linkedHashMap);
                        String str5 = (String) post.get("status");
                        if ("IN_PROGRESS".equals(str5)) {
                            if (System.currentTimeMillis() - currentTimeMillis > 3000 && post.get("message") != null && !post.get("message").equals(str4)) {
                                str4 = (String) post.get("message");
                            }
                        } else if (!"SUCCESS".equals(str5)) {
                            throw new IOException("Signing operation " + str3 + " failed: " + post.get("message"));
                        }
                    } catch (InterruptedException e) {
                    }
                }
            }
            if ("SUCCESS".equals(post.get("status"))) {
                return decode((Object[]) post.get("signature"));
            }
            throw new IOException("Signing operation " + str3 + " timed out");
        } catch (IOException e2) {
            throw new GeneralSecurityException(e2);
        }
    }

    private byte[] decode(Object[] objArr) {
        byte[] bArr = new byte[objArr.length];
        for (int i = 0; i < objArr.length; i++) {
            bArr[i] = ((Number) objArr[i]).byteValue();
        }
        return bArr;
    }
}
