package software.xdev.bzst.dip.client.signing;

import java.io.IOException;
import java.io.InputStream;
import java.nio.charset.StandardCharsets;
import java.security.KeyFactory;
import java.security.PrivateKey;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.Objects;
import java.util.function.Supplier;
import org.apache.hc.client5.http.utils.Base64;
import software.xdev.bzst.dip.client.exception.SigningException;

/* loaded from: input_file:software/xdev/bzst/dip/client/signing/SigningProviderByPem.class */
public class SigningProviderByPem implements SigningProvider {
    public static final String DEFAULT_PRIVATE_KEY_ALGORITHM = "RSASSA-PSS";
    private final Supplier<InputStream> certificatePemInputStream;
    private final Supplier<InputStream> privateKeyPemInputStream;
    private final String privateKeyAlgorithm;
    private X509Certificate certificate;
    private PrivateKey privateKey;

    public SigningProviderByPem(String str, String str2) {
        this(str, str2, DEFAULT_PRIVATE_KEY_ALGORITHM);
    }

    public SigningProviderByPem(String str, String str2, String str3) {
        this((Supplier<InputStream>) () -> {
            return ClassLoader.getSystemClassLoader().getResourceAsStream(str);
        }, (Supplier<InputStream>) () -> {
            return ClassLoader.getSystemClassLoader().getResourceAsStream(str2);
        }, str3);
        Objects.requireNonNull(str);
        Objects.requireNonNull(str2);
        Objects.requireNonNull(str3);
    }

    public SigningProviderByPem(Supplier<InputStream> supplier, Supplier<InputStream> supplier2) {
        this(supplier, supplier2, DEFAULT_PRIVATE_KEY_ALGORITHM);
    }

    public SigningProviderByPem(Supplier<InputStream> supplier, Supplier<InputStream> supplier2, String str) {
        this.certificatePemInputStream = (Supplier) Objects.requireNonNull(supplier);
        this.privateKeyPemInputStream = (Supplier) Objects.requireNonNull(supplier2);
        this.privateKeyAlgorithm = (String) Objects.requireNonNull(str);
    }

    @Override // software.xdev.bzst.dip.client.signing.SigningProvider
    public X509Certificate getCertificate() {
        if (this.certificate == null) {
            initKeys();
        }
        return this.certificate;
    }

    @Override // software.xdev.bzst.dip.client.signing.SigningProvider
    public PrivateKey getPrivateKey() {
        if (this.privateKey == null) {
            initKeys();
        }
        return this.privateKey;
    }

    private void initKeys() {
        try {
            this.certificate = readCertificate(this.certificatePemInputStream.get());
            try {
                this.privateKey = readPrivateKey(this.privateKeyPemInputStream.get());
            } catch (Exception e) {
                throw new SigningException("Could not read private key.", e);
            }
        } catch (Exception e2) {
            throw new SigningException("Could not read certificate.", e2);
        }
    }

    private X509Certificate readCertificate(InputStream inputStream) throws CertificateException, IOException {
        try {
            X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(inputStream);
            if (inputStream != null) {
                inputStream.close();
            }
            return x509Certificate;
        } catch (Throwable th) {
            if (inputStream != null) {
                try {
                    inputStream.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    private PrivateKey readPrivateKey(InputStream inputStream) throws Exception {
        return KeyFactory.getInstance(this.privateKeyAlgorithm).generatePrivate(new PKCS8EncodedKeySpec(Base64.decodeBase64(new String(inputStream.readAllBytes(), StandardCharsets.UTF_8).replace("-----BEGIN PRIVATE KEY-----", "").replaceAll(System.lineSeparator(), "").replace("-----END PRIVATE KEY-----", ""))));
    }
}
