package de.intarsys.tools.functor;

import de.intarsys.tools.encoding.Base64;
import de.intarsys.tools.string.StringTools;
import java.security.GeneralSecurityException;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.util.Collections;
import java.util.List;

/* loaded from: input_file:de/intarsys/tools/functor/ArgsSigner.class */
public class ArgsSigner extends ArgsCryptoBase {
    protected IArgs createHashArgs(String str, IArgs iArgs) throws GeneralSecurityException {
        Args create = Args.create();
        if (!ArgsCryptoBase.DEFAULT_DIGEST_ALGORITHM.equals(str)) {
            create.put("algorithm", str);
        }
        create.put(ArgsCryptoBase.ARG_RAW, new String(Base64.encode(hash(str, iArgs))));
        return create;
    }

    protected String createSignatureValue(String str, PrivateKey privateKey, IArgs iArgs) throws GeneralSecurityException {
        Signature signature = Signature.getInstance(str);
        signature.initSign(privateKey);
        updateSignature(signature, iArgs);
        return new String(Base64.encode(signature.sign()));
    }

    protected IArgs createSignedArgs(IArgs iArgs, String str, List<String> list, String str2) throws GeneralSecurityException {
        Args create = Args.create();
        if (!ArgsCryptoBase.DEFAULT_SIGNATURE_ALGORITHM.equals(str)) {
            create.put("algorithm", str);
        }
        if (list == null || list.isEmpty()) {
            list = DEFAULT_SELECT;
        }
        create.put(ArgsCryptoBase.ARG_SELECT, StringTools.join(list, ";"));
        create.put(ArgsCryptoBase.ARG_HASH, createHashArgs(str2, createSignedContentArgs(iArgs, list)));
        return create;
    }

    protected IArgs createSignerArgs(List<Certificate> list) throws CertificateEncodingException {
        Args create = Args.create();
        Args create2 = Args.create();
        create.put(ArgsCryptoBase.ARG_CERTIFICATES, create2);
        for (Certificate certificate : list) {
            Args create3 = Args.create();
            create2.add(create3);
            if (!ArgsCryptoBase.DEFAULT_CERTIFICATE_TYPE.equals(certificate.getType())) {
                create3.put("type", certificate.getType());
            }
            create3.put("value", new String(Base64.encode(certificate.getEncoded())));
        }
        return create;
    }

    public IArgs sign(IArgs iArgs, List<String> list, String str, String str2, PrivateKey privateKey, List<Certificate> list2) throws GeneralSecurityException {
        Args create = Args.create();
        create.put("type", ArgsCryptoBase.TYPE_ARGDSIG);
        create.put("version", ArgsCryptoBase.VERSION_1_0);
        Args create2 = Args.create();
        create.put(ArgsCryptoBase.ARG_CONTENT, create2);
        IArgs createSignedArgs = createSignedArgs(iArgs, str2, list, str);
        create2.put(ArgsCryptoBase.ARG_SIGNED, createSignedArgs);
        create2.put(ArgsCryptoBase.ARG_SIGNER, createSignerArgs(list2));
        create2.put("value", createSignatureValue(str2, privateKey, createSignedArgs));
        return create;
    }

    public IArgs sign(IArgs iArgs, PrivateKey privateKey, List<Certificate> list) throws GeneralSecurityException {
        return sign(iArgs, Collections.emptyList(), ArgsCryptoBase.DEFAULT_DIGEST_ALGORITHM, ArgsCryptoBase.DEFAULT_SIGNATURE_ALGORITHM, privateKey, list);
    }
}
