package com.cht.kms.client.cms;

import com.cht.kms.client.rest.KMSClient;
import com.cht.org.bouncycastle.asn1.ASN1Encoding;
import com.cht.org.bouncycastle.asn1.ASN1ObjectIdentifier;
import com.cht.org.bouncycastle.asn1.DERNull;
import com.cht.org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
import com.cht.org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
import com.cht.org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import com.cht.org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import com.cht.org.bouncycastle.asn1.x509.DigestInfo;
import com.cht.org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
import com.cht.org.bouncycastle.crypto.Digest;
import com.cht.org.bouncycastle.operator.ContentSigner;
import com.cht.org.bouncycastle.operator.OperatorCreationException;
import com.cht.org.bouncycastle.operator.OperatorStreamException;
import com.cht.org.bouncycastle.operator.RuntimeOperatorException;
import com.cht.org.bouncycastle.operator.bc.BcDefaultDigestProvider;
import com.cht.org.bouncycastle.util.encoders.Base64;
import java.io.IOException;
import java.io.OutputStream;
import java.util.HashMap;
import java.util.Map;

/* loaded from: input_file:com/cht/kms/client/cms/PKCS11ContentSignerBuilder.class */
public class PKCS11ContentSignerBuilder {
    private static Map<String, ASN1ObjectIdentifier> algorithms = new HashMap();
    private static Map<String, AlgorithmIdentifier> digestOids = new HashMap();
    private String mechanism;
    private AlgorithmIdentifier sigAlgId;
    private AlgorithmIdentifier digestAlgId;
    private Digest digest;
    private boolean derEncode;

    /* loaded from: input_file:com/cht/kms/client/cms/PKCS11ContentSignerBuilder$DigestOutputStream.class */
    private class DigestOutputStream extends OutputStream {
        private Digest digest;

        DigestOutputStream(Digest digest) {
            this.digest = digest;
        }

        @Override // java.io.OutputStream
        public void write(byte[] bArr, int i, int i2) throws IOException {
            try {
                byte[] bArr2 = new byte[i2];
                System.arraycopy(bArr, i, bArr2, 0, i2);
                this.digest.update(bArr2, 0, i2);
            } catch (Exception e) {
                throw new OperatorStreamException("exception in content signer: " + e.getMessage(), e);
            }
        }

        @Override // java.io.OutputStream
        public void write(byte[] bArr) throws IOException {
            try {
                this.digest.update(bArr, 0, bArr.length);
            } catch (Exception e) {
                throw new OperatorStreamException("exception in content signer: " + e.getMessage(), e);
            }
        }

        @Override // java.io.OutputStream
        public void write(int i) throws IOException {
            write(new byte[]{(byte) i});
        }

        byte[] getDigest() {
            byte[] bArr = new byte[this.digest.getDigestSize()];
            this.digest.doFinal(bArr, 0);
            return bArr;
        }
    }

    public PKCS11ContentSignerBuilder(String str) throws OperatorCreationException {
        ASN1ObjectIdentifier aSN1ObjectIdentifier = algorithms.get(str);
        if (aSN1ObjectIdentifier == null) {
            throw new IllegalArgumentException("Unknown signature type requested: " + str);
        }
        if (str.contains("RSA")) {
            this.mechanism = "CKM_RSA_PKCS";
            this.derEncode = true;
        } else {
            this.mechanism = "CKM_ECDSA";
        }
        this.sigAlgId = new AlgorithmIdentifier(aSN1ObjectIdentifier, DERNull.INSTANCE);
        this.digestAlgId = digestOids.get(str);
        this.digest = BcDefaultDigestProvider.INSTANCE.get(this.digestAlgId);
    }

    public ContentSigner build(final KMSClient kMSClient, final String str, final String str2, final String str3) throws OperatorCreationException {
        try {
            return new ContentSigner() { // from class: com.cht.kms.client.cms.PKCS11ContentSignerBuilder.1
                private DigestOutputStream stream;

                {
                    this.stream = new DigestOutputStream(PKCS11ContentSignerBuilder.this.digest);
                }

                @Override // com.cht.org.bouncycastle.operator.ContentSigner
                public AlgorithmIdentifier getAlgorithmIdentifier() {
                    return PKCS11ContentSignerBuilder.this.sigAlgId;
                }

                @Override // com.cht.org.bouncycastle.operator.ContentSigner
                public OutputStream getOutputStream() {
                    return this.stream;
                }

                @Override // com.cht.org.bouncycastle.operator.ContentSigner
                public byte[] getSignature() {
                    try {
                        return Base64.decode((String) kMSClient.rawsign(str, str2, str3, Base64.toBase64String(PKCS11ContentSignerBuilder.this.derEncode ? derEncode(this.stream.getDigest()) : this.stream.getDigest()), PKCS11ContentSignerBuilder.this.mechanism).get("signature"));
                    } catch (Exception e) {
                        throw new RuntimeOperatorException("exception obtaining signature: " + e.getMessage(), e);
                    }
                }

                private byte[] derEncode(byte[] bArr) throws IOException {
                    return new DigestInfo(PKCS11ContentSignerBuilder.this.digestAlgId, bArr).getEncoded(ASN1Encoding.DER);
                }
            };
        } catch (Exception e) {
            throw new OperatorCreationException("cannot create signer: " + e.getMessage(), e);
        }
    }

    static {
        algorithms.put("CKM_SHA1_RSA_PKCS", PKCSObjectIdentifiers.sha1WithRSAEncryption);
        algorithms.put("CKM_SHA256_RSA_PKCS", PKCSObjectIdentifiers.sha256WithRSAEncryption);
        algorithms.put("CKM_SHA384_RSA_PKCS", PKCSObjectIdentifiers.sha384WithRSAEncryption);
        algorithms.put("CKM_SHA512_RSA_PKCS", PKCSObjectIdentifiers.sha512WithRSAEncryption);
        algorithms.put("CKM_ECDSA_SHA1", X9ObjectIdentifiers.ecdsa_with_SHA1);
        algorithms.put("CKM_ECDSA_SHA256", X9ObjectIdentifiers.ecdsa_with_SHA256);
        algorithms.put("CKM_ECDSA_SHA384", X9ObjectIdentifiers.ecdsa_with_SHA384);
        algorithms.put("CKM_ECDSA_SHA512", X9ObjectIdentifiers.ecdsa_with_SHA512);
        digestOids.put("CKM_SHA1_RSA_PKCS", new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1, DERNull.INSTANCE));
        digestOids.put("CKM_SHA256_RSA_PKCS", new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha256, DERNull.INSTANCE));
        digestOids.put("CKM_SHA384_RSA_PKCS", new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha384, DERNull.INSTANCE));
        digestOids.put("CKM_SHA512_RSA_PKCS", new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha512, DERNull.INSTANCE));
        digestOids.put("CKM_ECDSA_SHA1", new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1));
        digestOids.put("CKM_ECDSA_SHA256", new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha256));
        digestOids.put("CKM_ECDSA_SHA384", new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha384));
        digestOids.put("CKM_ECDSA_SHA512", new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha512));
    }
}
