package eu.europa.esig.dss.spi.x509.tsp;

import eu.europa.esig.dss.enumerations.DigestAlgorithm;
import eu.europa.esig.dss.enumerations.EncryptionAlgorithm;
import eu.europa.esig.dss.enumerations.MaskGenerationFunction;
import eu.europa.esig.dss.enumerations.SignatureAlgorithm;
import eu.europa.esig.dss.model.DSSException;
import eu.europa.esig.dss.model.TimestampBinary;
import eu.europa.esig.dss.model.x509.CertificateToken;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.math.BigInteger;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.UnrecoverableEntryException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collection;
import java.util.Date;
import java.util.HashSet;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import java.util.stream.Collectors;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.DERSet;
import org.bouncycastle.asn1.cms.Attribute;
import org.bouncycastle.asn1.cms.CMSAttributes;
import org.bouncycastle.asn1.cms.Time;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaCertStore;
import org.bouncycastle.cms.CMSAttributeTableGenerator;
import org.bouncycastle.cms.DefaultSignedAttributeTableGenerator;
import org.bouncycastle.cms.SignerInfoGeneratorBuilder;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.bc.BcDigestCalculatorProvider;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;
import org.bouncycastle.tsp.TSPException;
import org.bouncycastle.tsp.TimeStampRequest;
import org.bouncycastle.tsp.TimeStampRequestGenerator;
import org.bouncycastle.tsp.TimeStampResponse;
import org.bouncycastle.tsp.TimeStampResponseGenerator;
import org.bouncycastle.tsp.TimeStampToken;
import org.bouncycastle.tsp.TimeStampTokenGenerator;

/* loaded from: input_file:BOOT-INF/lib/dss-spi-6.0.jar:eu/europa/esig/dss/spi/x509/tsp/KeyEntityTSPSource.class */
public class KeyEntityTSPSource implements TSPSource {
    private static final long serialVersionUID = -5082887845359355029L;
    private PrivateKey privateKey;
    private X509Certificate certificate;
    private List<X509Certificate> certificateChain;
    private final SecureRandom secureRandom;
    private Collection<DigestAlgorithm> acceptedDigestAlgorithms;
    private String tsaPolicy;
    protected Date productionTime;
    private DigestAlgorithm digestAlgorithm;
    private EncryptionAlgorithm encryptionAlgorithm;
    private MaskGenerationFunction maskGenerationFunction;

    protected KeyEntityTSPSource() {
        this.secureRandom = new SecureRandom();
        this.acceptedDigestAlgorithms = Arrays.asList(DigestAlgorithm.SHA224, DigestAlgorithm.SHA256, DigestAlgorithm.SHA384, DigestAlgorithm.SHA512);
        this.digestAlgorithm = DigestAlgorithm.SHA256;
    }

    public KeyEntityTSPSource(byte[] bArr, String str, char[] cArr, String str2, char[] cArr2) {
        this(loadKeyStore(new ByteArrayInputStream(bArr), str, cArr), str2, cArr2);
    }

    public KeyEntityTSPSource(String str, String str2, char[] cArr, String str3, char[] cArr2) throws IOException {
        this(new File(str), str2, cArr, str3, cArr2);
    }

    public KeyEntityTSPSource(File file, String str, char[] cArr, String str2, char[] cArr2) throws IOException {
        this(Files.newInputStream(file.toPath(), new OpenOption[0]), str, cArr, str2, cArr2);
    }

    public KeyEntityTSPSource(InputStream inputStream, String str, char[] cArr, String str2, char[] cArr2) {
        this(loadKeyStore(inputStream, str, cArr), str2, cArr2);
    }

    private static KeyStore loadKeyStore(InputStream inputStream, String str, char[] cArr) {
        try {
            try {
                KeyStore keyStore = KeyStore.getInstance(str);
                keyStore.load(inputStream, cArr);
                if (inputStream != null) {
                    inputStream.close();
                }
                return keyStore;
            } finally {
            }
        } catch (Exception e) {
            throw new DSSException("Unable to instantiate KeyStore", e);
        }
    }

    public KeyEntityTSPSource(KeyStore keyStore, String str, char[] cArr) {
        this.secureRandom = new SecureRandom();
        this.acceptedDigestAlgorithms = Arrays.asList(DigestAlgorithm.SHA224, DigestAlgorithm.SHA256, DigestAlgorithm.SHA384, DigestAlgorithm.SHA512);
        this.digestAlgorithm = DigestAlgorithm.SHA256;
        Objects.requireNonNull(keyStore, "KeyStore is not defined!");
        Objects.requireNonNull(str, "Alias is not defined!");
        Objects.requireNonNull(cArr, "KeyEntry Password is not defined!");
        KeyStore.PrivateKeyEntry privateKeyEntry = getPrivateKeyEntry(keyStore, str, cArr);
        this.privateKey = privateKeyEntry.getPrivateKey();
        this.certificate = (X509Certificate) privateKeyEntry.getCertificate();
        this.certificateChain = (List) Arrays.stream(privateKeyEntry.getCertificateChain()).map(certificate -> {
            return (X509Certificate) certificate;
        }).collect(Collectors.toList());
    }

    private static KeyStore.PrivateKeyEntry getPrivateKeyEntry(KeyStore keyStore, String str, char[] cArr) {
        try {
            if (!keyStore.isKeyEntry(str)) {
                throw new IllegalArgumentException(String.format("No related/supported key entry found for alias '%s'!", str));
            }
            if (keyStore.entryInstanceOf(str, KeyStore.PrivateKeyEntry.class)) {
                return (KeyStore.PrivateKeyEntry) keyStore.getEntry(str, new KeyStore.PasswordProtection(cArr));
            }
            throw new IllegalArgumentException(String.format("No key entry found for alias '%s' is not instance of a PrivateKeyEntry!", str));
        } catch (KeyStoreException | NoSuchAlgorithmException | UnrecoverableEntryException e) {
            throw new DSSException(String.format("Unable to recover the key entry with alias '%s'. Reason : %s", str, e.getMessage()), e);
        }
    }

    public KeyEntityTSPSource(PrivateKey privateKey, CertificateToken certificateToken, List<CertificateToken> list) {
        this(privateKey, certificateToken.getCertificate(), (List<X509Certificate>) list.stream().map((v0) -> {
            return v0.getCertificate();
        }).collect(Collectors.toList()));
    }

    public KeyEntityTSPSource(PrivateKey privateKey, X509Certificate x509Certificate, List<X509Certificate> list) {
        this.secureRandom = new SecureRandom();
        this.acceptedDigestAlgorithms = Arrays.asList(DigestAlgorithm.SHA224, DigestAlgorithm.SHA256, DigestAlgorithm.SHA384, DigestAlgorithm.SHA512);
        this.digestAlgorithm = DigestAlgorithm.SHA256;
        Objects.requireNonNull(privateKey, "PrivateKey is not defined!");
        Objects.requireNonNull(x509Certificate, "Certificate is not defined!");
        Objects.requireNonNull(list, "Certificate chain is not defined!");
        this.privateKey = privateKey;
        this.certificate = x509Certificate;
        this.certificateChain = list;
    }

    public void setPrivateKey(PrivateKey privateKey) {
        this.privateKey = privateKey;
    }

    public void setCertificate(X509Certificate x509Certificate) {
        this.certificate = x509Certificate;
    }

    public void setCertificateChain(List<X509Certificate> list) {
        this.certificateChain = list;
    }

    public void setTsaPolicy(String str) {
        this.tsaPolicy = str;
    }

    public void setAcceptedDigestAlgorithms(Collection<DigestAlgorithm> collection) {
        this.acceptedDigestAlgorithms = collection;
    }

    protected Date getProductionTime() {
        return this.productionTime == null ? new Date() : this.productionTime;
    }

    public void setProductionTime(Date date) {
        this.productionTime = date;
    }

    public void setDigestAlgorithm(DigestAlgorithm digestAlgorithm) {
        this.digestAlgorithm = digestAlgorithm;
    }

    public void setEncryptionAlgorithm(EncryptionAlgorithm encryptionAlgorithm) {
        this.encryptionAlgorithm = encryptionAlgorithm;
    }

    public void setMaskGenerationFunction(MaskGenerationFunction maskGenerationFunction) {
        this.maskGenerationFunction = maskGenerationFunction;
    }

    @Override // eu.europa.esig.dss.spi.x509.tsp.TSPSource
    public TimestampBinary getTimeStampResponse(DigestAlgorithm digestAlgorithm, byte[] bArr) {
        Objects.requireNonNull(this.privateKey, "PrivateKey is not defined! Use #setPrivateKey method.");
        Objects.requireNonNull(this.certificate, "Certificate is not defined! Use #setCertificate method.");
        Objects.requireNonNull(this.certificateChain, "Certificate chain is not defined! Use #setCertificateChain method.");
        Objects.requireNonNull(digestAlgorithm, "DigestAlgorithm is not defined!");
        Objects.requireNonNull(bArr, "digest is not defined!");
        Objects.requireNonNull(this.tsaPolicy, "TSAPolicy OID is not defined! Use #setTsaPolicy method.");
        if (!this.acceptedDigestAlgorithms.contains(digestAlgorithm)) {
            throw new DSSException(String.format("DigestAlgorithm '%s' is not supported by the KeyEntityTSPSource implementation!", digestAlgorithm));
        }
        try {
            return getTimestampBinary(generateResponse(createRequest(digestAlgorithm, bArr), digestAlgorithm));
        } catch (IOException | TSPException e) {
            throw new DSSException(String.format("Unable to generate a timestamp. Reason : %s", e.getMessage()), e);
        }
    }

    protected TimeStampRequest createRequest(DigestAlgorithm digestAlgorithm, byte[] bArr) {
        TimeStampRequestGenerator timeStampRequestGenerator = new TimeStampRequestGenerator();
        timeStampRequestGenerator.setCertReq(true);
        return timeStampRequestGenerator.generate(getASN1ObjectIdentifier(digestAlgorithm), bArr);
    }

    private Set<ASN1ObjectIdentifier> getAcceptedDigestAlgorithmIdentifiers() {
        HashSet hashSet = new HashSet();
        Iterator<DigestAlgorithm> it = this.acceptedDigestAlgorithms.iterator();
        while (it.hasNext()) {
            hashSet.add(getASN1ObjectIdentifier(it.next()));
        }
        return hashSet;
    }

    private ASN1ObjectIdentifier getASN1ObjectIdentifier(DigestAlgorithm digestAlgorithm) {
        return getASN1ObjectIdentifier(digestAlgorithm.getOid());
    }

    private ASN1ObjectIdentifier getASN1ObjectIdentifier(String str) {
        return new ASN1ObjectIdentifier(str);
    }

    protected SignatureAlgorithm getSignatureAlgorithm() {
        EncryptionAlgorithm forKey = EncryptionAlgorithm.forKey(this.privateKey);
        if (this.encryptionAlgorithm != null) {
            if (!this.encryptionAlgorithm.isEquivalent(forKey)) {
                throw new IllegalArgumentException(String.format("Defined EncryptionAlgorithm '%s' is not equivalent to the one returned by time-stamp issuer '%s'", this.encryptionAlgorithm, forKey));
            }
            forKey = this.encryptionAlgorithm;
        }
        return SignatureAlgorithm.getAlgorithm(forKey, this.digestAlgorithm, this.maskGenerationFunction);
    }

    protected TimeStampResponse generateResponse(TimeStampRequest timeStampRequest, DigestAlgorithm digestAlgorithm) throws TSPException {
        Date productionTime = getProductionTime();
        return buildResponse(initResponseGenerator(digestAlgorithm, productionTime), timeStampRequest, getTimeStampSerialNumber(), productionTime);
    }

    protected TimeStampResponseGenerator initResponseGenerator(DigestAlgorithm digestAlgorithm, Date date) {
        try {
            TimeStampTokenGenerator timeStampTokenGenerator = new TimeStampTokenGenerator(new SignerInfoGeneratorBuilder(new BcDigestCalculatorProvider()).setSignedAttributeGenerator(getSignedAttributeGenerator(date)).build(new JcaContentSignerBuilder(getSignatureAlgorithm().getJCEId()).build(this.privateKey), new X509CertificateHolder(this.certificate.getEncoded())), new JcaDigestCalculatorProviderBuilder().build().get(new AlgorithmIdentifier(getASN1ObjectIdentifier(digestAlgorithm))), getASN1ObjectIdentifier(this.tsaPolicy));
            timeStampTokenGenerator.addCertificates(new JcaCertStore(this.certificateChain));
            return new TimeStampResponseGenerator(timeStampTokenGenerator, getAcceptedDigestAlgorithmIdentifiers());
        } catch (IOException e) {
            throw new RuntimeException(e);
        } catch (CertificateEncodingException | OperatorCreationException | TSPException e2) {
            throw new DSSException(String.format("Unable to generate a timestamp. Reason : %s", e2.getMessage()), e2);
        }
    }

    protected CMSAttributeTableGenerator getSignedAttributeGenerator(final Date date) {
        return new DefaultSignedAttributeTableGenerator() { // from class: eu.europa.esig.dss.spi.x509.tsp.KeyEntityTSPSource.1
            /* JADX INFO: Access modifiers changed from: protected */
            @Override // org.bouncycastle.cms.DefaultSignedAttributeTableGenerator
            public Hashtable createStandardAttributeTable(Map map) {
                Hashtable createStandardAttributeTable = super.createStandardAttributeTable(map);
                if (date != null) {
                    createStandardAttributeTable.put(CMSAttributes.signingTime, new Attribute(CMSAttributes.signingTime, new DERSet(new Time(date))));
                }
                return createStandardAttributeTable;
            }
        };
    }

    protected TimeStampResponse buildResponse(TimeStampResponseGenerator timeStampResponseGenerator, TimeStampRequest timeStampRequest, BigInteger bigInteger, Date date) throws TSPException {
        return timeStampResponseGenerator.generate(timeStampRequest, bigInteger, date);
    }

    protected BigInteger getTimeStampSerialNumber() {
        return new BigInteger(128, this.secureRandom);
    }

    protected TimestampBinary getTimestampBinary(TimeStampResponse timeStampResponse) throws IOException {
        TimeStampToken timeStampToken = timeStampResponse.getTimeStampToken();
        if (timeStampToken != null) {
            return new TimestampBinary(timeStampToken.getEncoded());
        }
        if (timeStampResponse.getStatusString() != null) {
            throw new DSSException(String.format("Unable to generate a timestamp. Reason : %s", timeStampResponse.getStatusString()));
        }
        throw new DSSException("Unable to generate a timestamp. Response returned an empty time-stamp token.");
    }
}
