package net.jsign.jca;

import com.cedarsoftware.util.io.JsonWriter;
import java.io.IOException;
import java.net.HttpURLConnection;
import java.security.GeneralSecurityException;
import java.security.KeyStoreException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.util.ArrayList;
import java.util.Base64;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.function.Consumer;
import java.util.function.Function;
import net.jsign.DigestAlgorithm;

/* loaded from: input_file:net/jsign/jca/HashiCorpVaultSigningService.class */
public class HashiCorpVaultSigningService implements SigningService {
    private final Function<String, Certificate[]> certificateStore;
    private final Map<String, SigningServicePrivateKey> keys = new HashMap();
    private final RESTClient client;

    public HashiCorpVaultSigningService(String str, String str2, Function<String, Certificate[]> function) {
        this.certificateStore = function;
        this.client = new RESTClient(str.endsWith("/") ? str : str + "/", (Consumer<HttpURLConnection>) httpURLConnection -> {
            httpURLConnection.setRequestProperty("Authorization", "Bearer " + str2);
        });
    }

    @Override // net.jsign.jca.SigningService
    public String getName() {
        return "HashiCorpVault";
    }

    @Override // net.jsign.jca.SigningService
    public List<String> aliases() throws KeyStoreException {
        ArrayList arrayList = new ArrayList();
        try {
            for (Object obj : (Object[]) ((Map) this.client.get("keys?list=true").get("data")).get("keys")) {
                arrayList.add((String) obj);
            }
            return arrayList;
        } catch (IOException e) {
            throw new KeyStoreException(e);
        }
    }

    @Override // net.jsign.jca.SigningService
    public Certificate[] getCertificateChain(String str) throws KeyStoreException {
        return this.certificateStore.apply(str);
    }

    @Override // net.jsign.jca.SigningService
    public SigningServicePrivateKey getPrivateKey(String str, char[] cArr) throws UnrecoverableKeyException {
        if (this.keys.containsKey(str)) {
            return this.keys.get(str);
        }
        if (!str.contains(":")) {
            throw new UnrecoverableKeyException("Unable to fetch HashiCorp Vault Google Cloud private key '" + str + "' (missing key version)");
        }
        try {
            String str2 = (String) ((Map) this.client.get("keys/" + str.substring(0, str.indexOf(":"))).get("data")).get("algorithm");
            SigningServicePrivateKey signingServicePrivateKey = new SigningServicePrivateKey(str, str2.substring(0, str2.indexOf("_")).toUpperCase(), this);
            this.keys.put(str, signingServicePrivateKey);
            return signingServicePrivateKey;
        } catch (IOException e) {
            throw ((UnrecoverableKeyException) new UnrecoverableKeyException("Unable to fetch HashiCorp Vault Google Cloud private key '" + str + "'").initCause(e));
        }
    }

    @Override // net.jsign.jca.SigningService
    public byte[] sign(SigningServicePrivateKey signingServicePrivateKey, String str, byte[] bArr) throws GeneralSecurityException {
        byte[] digest = DigestAlgorithm.of(str.substring(0, str.toLowerCase().indexOf("with"))).getMessageDigest().digest(bArr);
        String id = signingServicePrivateKey.getId();
        String substring = id.substring(0, id.indexOf(":"));
        String substring2 = id.substring(id.indexOf(":") + 1);
        HashMap hashMap = new HashMap();
        hashMap.put("key_version", substring2);
        hashMap.put("digest", Base64.getEncoder().encodeToString(digest));
        try {
            HashMap hashMap2 = new HashMap();
            hashMap2.put("TYPE", "false");
            return Base64.getDecoder().decode((String) ((Map) this.client.post("sign/" + substring, JsonWriter.objectToJson(hashMap, hashMap2)).get("data")).get("signature"));
        } catch (IOException e) {
            throw new GeneralSecurityException(e);
        }
    }
}
