package eu.europa.esig.dss.signature;

import eu.europa.esig.dss.client.crl.OnlineCRLSource;
import eu.europa.esig.dss.client.http.DataLoader;
import eu.europa.esig.dss.client.http.IgnoreDataLoader;
import eu.europa.esig.dss.client.http.commons.CommonsDataLoader;
import eu.europa.esig.dss.client.http.commons.FileCacheDataLoader;
import eu.europa.esig.dss.client.http.commons.OCSPDataLoader;
import eu.europa.esig.dss.client.http.commons.TimestampDataLoader;
import eu.europa.esig.dss.client.http.proxy.ProxyConfig;
import eu.europa.esig.dss.client.ocsp.OnlineOCSPSource;
import eu.europa.esig.dss.client.tsp.OnlineTSPSource;
import eu.europa.esig.dss.token.AbstractKeyStoreTokenConnection;
import eu.europa.esig.dss.token.KSPrivateKeyEntry;
import eu.europa.esig.dss.token.KeyStoreSignatureTokenConnection;
import eu.europa.esig.dss.validation.CertificateVerifier;
import eu.europa.esig.dss.validation.CommonCertificateVerifier;
import eu.europa.esig.dss.x509.CertificateSource;
import eu.europa.esig.dss.x509.CertificateToken;
import eu.europa.esig.dss.x509.CommonTrustedCertificateSource;
import eu.europa.esig.dss.x509.KeyStoreCertificateSource;
import eu.europa.esig.dss.x509.tsp.CompositeTSPSource;
import eu.europa.esig.dss.x509.tsp.TSPSource;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.InputStream;
import java.security.KeyStore;
import java.util.HashMap;
import java.util.Properties;

/* loaded from: input_file:eu/europa/esig/dss/signature/PKIFactoryAccess.class */
public abstract class PKIFactoryAccess {
    private static final String PKI_FACTORY_HOST;
    private static final String PKI_FACTORY_KEYSTORE_PASSWORD;
    private static final String KEYSTORE_ROOT_PATH = "/keystore/";
    private static final String TSA_ROOT_PATH = "/tsa/";
    private static final String GOOD_TSA = "good-tsa";
    private static final String EE_GOOD_TSA = "ee-good-tsa";
    private static final String GOOD_TSA_CROSS_CERTIF = "cc-good-tsa-crossed";
    private static final String FAIL_GOOD_TSA = "fail/good-tsa";
    private static final String ERROR500_GOOD_TSA = "error-500/good-tsa";
    private static final String KEYSTORE_TYPE = "PKCS12";
    private static final String TRUSTSTORE_TYPE = "JKS";
    protected static final String GOOD_USER = "good-user";
    protected static final String UNTRUSTED_USER = "untrusted-user";
    protected static final String GOOD_USER_WRONG_AIA = "good-user-wrong-aia";
    protected static final String GOOD_USER_OCSP_ERROR_500 = "good-user-ocsp-error-500";
    protected static final String GOOD_USER_OCSP_FAIL = "good-user-ocsp-fail";
    protected static final String GOOD_USER_CROSS_CERTIF = "cc-good-user-crossed";
    protected static final String REVOKED_USER = "revoked-user";
    protected static final String EXPIRED_USER = "expired-user";
    protected static final String DSA_USER = "good-dsa-user";
    protected static final String ECDSA_USER = "good-ecdsa-user";
    protected static final String RSA_SHA3_USER = "sha3-good-user";
    protected static final String SELF_SIGNED_USER = "self-signed";

    protected abstract String getSigningAlias();

    protected CertificateVerifier getEmptyCertificateVerifier() {
        return new CommonCertificateVerifier();
    }

    protected CertificateVerifier getCompleteCertificateVerifier() {
        CommonCertificateVerifier commonCertificateVerifier = new CommonCertificateVerifier();
        commonCertificateVerifier.setDataLoader(getFileCacheDataLoader());
        commonCertificateVerifier.setCrlSource(onlineCrlSource());
        commonCertificateVerifier.setOcspSource(onlineOcspSource());
        commonCertificateVerifier.setTrustedCertSource(getTrustedCertificateSource());
        return commonCertificateVerifier;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public CertificateVerifier getOfflineCertificateVerifier() {
        CommonCertificateVerifier commonCertificateVerifier = new CommonCertificateVerifier();
        commonCertificateVerifier.setDataLoader(new IgnoreDataLoader());
        commonCertificateVerifier.setTrustedCertSource(getTrustedCertificateSource());
        return commonCertificateVerifier;
    }

    private OnlineCRLSource onlineCrlSource() {
        OnlineCRLSource onlineCRLSource = new OnlineCRLSource();
        onlineCRLSource.setDataLoader(getFileCacheDataLoader());
        return onlineCRLSource;
    }

    protected CertificateToken getSigningCert() {
        return getPrivateKeyEntry().getCertificate();
    }

    protected CertificateToken[] getCertificateChain() {
        return getPrivateKeyEntry().getCertificateChain();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public KSPrivateKeyEntry getPrivateKeyEntry() {
        return getToken().getKey(getSigningAlias());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public AbstractKeyStoreTokenConnection getToken() {
        return new KeyStoreSignatureTokenConnection(getKeystoreContent(getSigningAlias() + ".p12"), KEYSTORE_TYPE, new KeyStore.PasswordProtection(PKI_FACTORY_KEYSTORE_PASSWORD.toCharArray()));
    }

    private byte[] getKeystoreContent(String str) {
        return getFileCacheDataLoader().get(PKI_FACTORY_HOST + KEYSTORE_ROOT_PATH + str);
    }

    protected CertificateSource getTrustedCertificateSource() {
        CommonTrustedCertificateSource commonTrustedCertificateSource = new CommonTrustedCertificateSource();
        commonTrustedCertificateSource.importAsTrusted(getTrustAnchors());
        return commonTrustedCertificateSource;
    }

    private KeyStoreCertificateSource getTrustAnchors() {
        return new KeyStoreCertificateSource(new ByteArrayInputStream(getKeystoreContent("trust-anchors.jks")), TRUSTSTORE_TYPE, PKI_FACTORY_KEYSTORE_PASSWORD);
    }

    private OnlineOCSPSource onlineOcspSource() {
        OnlineOCSPSource onlineOCSPSource = new OnlineOCSPSource();
        OCSPDataLoader oCSPDataLoader = new OCSPDataLoader();
        oCSPDataLoader.setProxyConfig(getProxyConfig());
        onlineOCSPSource.setDataLoader(oCSPDataLoader);
        return onlineOCSPSource;
    }

    private DataLoader getFileCacheDataLoader() {
        FileCacheDataLoader fileCacheDataLoader = new FileCacheDataLoader();
        CommonsDataLoader commonsDataLoader = new CommonsDataLoader();
        commonsDataLoader.setProxyConfig(getProxyConfig());
        fileCacheDataLoader.setDataLoader(commonsDataLoader);
        fileCacheDataLoader.setFileCacheDirectory(new File("target"));
        fileCacheDataLoader.setCacheExpirationTime(3600000L);
        return fileCacheDataLoader;
    }

    protected TSPSource getCompositeTsa() {
        CompositeTSPSource compositeTSPSource = new CompositeTSPSource();
        HashMap hashMap = new HashMap();
        hashMap.put(FAIL_GOOD_TSA, getFailGoodTsa());
        hashMap.put(GOOD_TSA, getGoodTsa());
        hashMap.put(EE_GOOD_TSA, getAlternateGoodTsa());
        compositeTSPSource.setTspSources(hashMap);
        return compositeTSPSource;
    }

    protected TSPSource getGoodTsa() {
        return getOnlineTSPSource(GOOD_TSA);
    }

    protected TSPSource getFailGoodTsa() {
        return getOnlineTSPSource(FAIL_GOOD_TSA);
    }

    protected TSPSource getError500GoodTsa() {
        return getOnlineTSPSource(ERROR500_GOOD_TSA);
    }

    protected TSPSource getAlternateGoodTsa() {
        return getOnlineTSPSource(EE_GOOD_TSA);
    }

    protected TSPSource getGoodTsaCrossCertification() {
        return getOnlineTSPSource(GOOD_TSA_CROSS_CERTIF);
    }

    private OnlineTSPSource getOnlineTSPSource(String str) {
        OnlineTSPSource onlineTSPSource = new OnlineTSPSource(getTsaUrl(str));
        TimestampDataLoader timestampDataLoader = new TimestampDataLoader();
        timestampDataLoader.setProxyConfig(getProxyConfig());
        onlineTSPSource.setDataLoader(timestampDataLoader);
        return onlineTSPSource;
    }

    private String getTsaUrl(String str) {
        return PKI_FACTORY_HOST + TSA_ROOT_PATH + str;
    }

    protected ProxyConfig getProxyConfig() {
        return null;
    }

    static {
        try {
            InputStream resourceAsStream = PKIFactoryAccess.class.getResourceAsStream("/pki-factory.properties");
            Throwable th = null;
            try {
                Properties properties = new Properties();
                properties.load(resourceAsStream);
                PKI_FACTORY_HOST = properties.getProperty("pki.factory.host");
                PKI_FACTORY_KEYSTORE_PASSWORD = properties.getProperty("pki.factory.keystore.password");
                if (resourceAsStream != null) {
                    if (0 != 0) {
                        try {
                            resourceAsStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        resourceAsStream.close();
                    }
                }
            } finally {
            }
        } catch (Exception e) {
            throw new RuntimeException("Unable to initialize from pki-factory.properties", e);
        }
    }
}
