package eu.europa.esig.dss.token;

import eu.europa.esig.dss.enumerations.DigestAlgorithm;
import eu.europa.esig.dss.enumerations.EncryptionAlgorithm;
import eu.europa.esig.dss.enumerations.MaskGenerationFunction;
import eu.europa.esig.dss.enumerations.SignatureAlgorithm;
import eu.europa.esig.dss.model.DSSException;
import eu.europa.esig.dss.model.Digest;
import eu.europa.esig.dss.model.SignatureValue;
import eu.europa.esig.dss.model.ToBeSigned;
import java.security.GeneralSecurityException;
import java.security.NoSuchAlgorithmException;
import java.security.Signature;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.MGF1ParameterSpec;
import java.security.spec.PSSParameterSpec;
import java.util.Objects;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:BOOT-INF/lib/dss-token-6.0.jar:eu/europa/esig/dss/token/AbstractSignatureTokenConnection.class */
public abstract class AbstractSignatureTokenConnection implements SignatureTokenConnection {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) AbstractSignatureTokenConnection.class);

    @Override // eu.europa.esig.dss.token.SignatureTokenConnection
    public SignatureValue sign(ToBeSigned toBeSigned, DigestAlgorithm digestAlgorithm, DSSPrivateKeyEntry dSSPrivateKeyEntry) throws DSSException {
        return sign(toBeSigned, digestAlgorithm, (MaskGenerationFunction) null, dSSPrivateKeyEntry);
    }

    @Override // eu.europa.esig.dss.token.SignatureTokenConnection
    public SignatureValue sign(ToBeSigned toBeSigned, DigestAlgorithm digestAlgorithm, MaskGenerationFunction maskGenerationFunction, DSSPrivateKeyEntry dSSPrivateKeyEntry) throws DSSException {
        return sign(toBeSigned, getSignatureAlgorithm(dSSPrivateKeyEntry.getEncryptionAlgorithm(), digestAlgorithm, maskGenerationFunction), dSSPrivateKeyEntry);
    }

    @Override // eu.europa.esig.dss.token.SignatureTokenConnection
    public SignatureValue sign(ToBeSigned toBeSigned, SignatureAlgorithm signatureAlgorithm, DSSPrivateKeyEntry dSSPrivateKeyEntry) throws DSSException {
        assertEncryptionAlgorithmValid(signatureAlgorithm, dSSPrivateKeyEntry);
        String jCEId = signatureAlgorithm.getJCEId();
        byte[] bytes = toBeSigned.getBytes();
        AlgorithmParameterSpec algorithmParameterSpec = null;
        if (signatureAlgorithm.getMaskGenerationFunction() != null) {
            algorithmParameterSpec = createPSSParam(signatureAlgorithm.getDigestAlgorithm());
        }
        try {
            byte[] sign = sign(bytes, jCEId, algorithmParameterSpec, dSSPrivateKeyEntry);
            SignatureValue signatureValue = new SignatureValue();
            signatureValue.setAlgorithm(signatureAlgorithm);
            signatureValue.setValue(sign);
            return signatureValue;
        } catch (Exception e) {
            throw new DSSException(String.format("Unable to sign : %s", e.getMessage()), e);
        }
    }

    @Override // eu.europa.esig.dss.token.SignatureTokenConnection
    public SignatureValue signDigest(Digest digest, DSSPrivateKeyEntry dSSPrivateKeyEntry) throws DSSException {
        return signDigest(digest, (MaskGenerationFunction) null, dSSPrivateKeyEntry);
    }

    @Override // eu.europa.esig.dss.token.SignatureTokenConnection
    public SignatureValue signDigest(Digest digest, MaskGenerationFunction maskGenerationFunction, DSSPrivateKeyEntry dSSPrivateKeyEntry) throws DSSException {
        return signDigest(digest, getRawSignatureAlgorithm(dSSPrivateKeyEntry.getEncryptionAlgorithm(), maskGenerationFunction), dSSPrivateKeyEntry);
    }

    @Override // eu.europa.esig.dss.token.SignatureTokenConnection
    public SignatureValue signDigest(Digest digest, SignatureAlgorithm signatureAlgorithm, DSSPrivateKeyEntry dSSPrivateKeyEntry) throws DSSException {
        assertConfigurationValid(digest, signatureAlgorithm, dSSPrivateKeyEntry);
        String jCEId = getRawSignatureAlgorithm(signatureAlgorithm.getEncryptionAlgorithm(), signatureAlgorithm.getMaskGenerationFunction()).getJCEId();
        byte[] value = digest.getValue();
        AlgorithmParameterSpec algorithmParameterSpec = null;
        if (signatureAlgorithm.getMaskGenerationFunction() != null) {
            algorithmParameterSpec = createPSSParam(digest.getAlgorithm());
        }
        try {
            byte[] sign = sign(value, jCEId, algorithmParameterSpec, dSSPrivateKeyEntry);
            SignatureValue signatureValue = new SignatureValue();
            signatureValue.setAlgorithm(getSignatureAlgorithm(signatureAlgorithm.getEncryptionAlgorithm(), digest.getAlgorithm(), signatureAlgorithm.getMaskGenerationFunction()));
            signatureValue.setValue(sign);
            return signatureValue;
        } catch (Exception e) {
            throw new DSSException(String.format("Unable to sign digest : %s", e.getMessage()), e);
        }
    }

    private byte[] sign(byte[] bArr, String str, AlgorithmParameterSpec algorithmParameterSpec, DSSPrivateKeyEntry dSSPrivateKeyEntry) throws GeneralSecurityException {
        if (!(dSSPrivateKeyEntry instanceof DSSPrivateKeyAccessEntry)) {
            throw new IllegalArgumentException("Only DSSPrivateKeyAccessEntry are supported");
        }
        LOG.info("Signature algorithm : {}", str);
        Signature signatureInstance = getSignatureInstance(str);
        if (algorithmParameterSpec != null) {
            signatureInstance.setParameter(algorithmParameterSpec);
        }
        signatureInstance.initSign(((DSSPrivateKeyAccessEntry) dSSPrivateKeyEntry).getPrivateKey());
        signatureInstance.update(bArr);
        return signatureInstance.sign();
    }

    private SignatureAlgorithm getSignatureAlgorithm(EncryptionAlgorithm encryptionAlgorithm, DigestAlgorithm digestAlgorithm, MaskGenerationFunction maskGenerationFunction) {
        SignatureAlgorithm algorithm = SignatureAlgorithm.getAlgorithm(encryptionAlgorithm, digestAlgorithm, maskGenerationFunction);
        if (algorithm == null) {
            throw new UnsupportedOperationException(String.format("The SignatureAlgorithm is not found for the given configuration [EncryptionAlgorithm: %s; DigestAlgorithm: %s; MaskGenerationFunction: %s]", encryptionAlgorithm, digestAlgorithm, maskGenerationFunction));
        }
        return algorithm;
    }

    private SignatureAlgorithm getRawSignatureAlgorithm(EncryptionAlgorithm encryptionAlgorithm, MaskGenerationFunction maskGenerationFunction) {
        SignatureAlgorithm algorithm = SignatureAlgorithm.getAlgorithm(encryptionAlgorithm, null, maskGenerationFunction);
        if (algorithm == null) {
            throw new UnsupportedOperationException(String.format("The SignatureAlgorithm for digest signing is not found for the given configuration [EncryptionAlgorithm: %s; MaskGenerationFunction: %s]", encryptionAlgorithm, maskGenerationFunction));
        }
        return algorithm;
    }

    protected Signature getSignatureInstance(String str) throws NoSuchAlgorithmException {
        return Signature.getInstance(str);
    }

    protected AlgorithmParameterSpec createPSSParam(DigestAlgorithm digestAlgorithm) {
        String javaName = digestAlgorithm.getJavaName();
        return new PSSParameterSpec(javaName, "MGF1", new MGF1ParameterSpec(javaName), digestAlgorithm.getSaltLength(), 1);
    }

    private void assertConfigurationValid(Digest digest, SignatureAlgorithm signatureAlgorithm, DSSPrivateKeyEntry dSSPrivateKeyEntry) {
        assertEncryptionAlgorithmValid(signatureAlgorithm, dSSPrivateKeyEntry);
        assertDigestAlgorithmValid(digest, signatureAlgorithm);
    }

    private void assertEncryptionAlgorithmValid(SignatureAlgorithm signatureAlgorithm, DSSPrivateKeyEntry dSSPrivateKeyEntry) {
        Objects.requireNonNull(signatureAlgorithm, "SignatureAlgorithm shall be provided.");
        Objects.requireNonNull(signatureAlgorithm.getEncryptionAlgorithm(), "EncryptionAlgorithm shall be provided within the SignatureAlgorithm.");
        Objects.requireNonNull(dSSPrivateKeyEntry, "keyEntry shall be provided.");
        if (!signatureAlgorithm.getEncryptionAlgorithm().isEquivalent(dSSPrivateKeyEntry.getEncryptionAlgorithm())) {
            throw new IllegalArgumentException(String.format("The provided SignatureAlgorithm '%s' cannot be used to sign with the token's implied EncryptionAlgorithm '%s'", signatureAlgorithm.getName(), dSSPrivateKeyEntry.getEncryptionAlgorithm().getName()));
        }
    }

    private void assertDigestAlgorithmValid(Digest digest, SignatureAlgorithm signatureAlgorithm) {
        if (signatureAlgorithm.getDigestAlgorithm() != null && signatureAlgorithm.getDigestAlgorithm() != digest.getAlgorithm()) {
            throw new IllegalArgumentException(String.format("The DigestAlgorithm '%s' provided withing a SignatureAlgorithm does not match the one used to compute the Digest : '%s'!", signatureAlgorithm.getDigestAlgorithm().getName(), digest.getAlgorithm().getName()));
        }
    }
}
