package org.xipki.security;

import java.security.cert.X509Certificate;
import java.util.List;
import org.xipki.security.util.X509Util;
import org.xipki.util.Args;
import org.xipki.util.CollectionUtil;
import org.xipki.util.ConfPairs;
import org.xipki.util.StringUtil;

/* loaded from: input_file:WEB-INF/lib/security-5.3.7.jar:org/xipki/security/SignerConf.class */
public class SignerConf {
    private final ConfPairs confPairs;
    private final HashAlgo hashAlgo;
    private final SignatureAlgoControl signatureAlgoControl;
    private List<X509Certificate> peerCertificates;

    public SignerConf(String str) {
        this.hashAlgo = null;
        this.signatureAlgoControl = null;
        this.confPairs = new ConfPairs(Args.notBlank(str, "conf"));
        if (getConfValue("algo") == null) {
            throw new IllegalArgumentException("conf must contain the entry 'algo'");
        }
    }

    public SignerConf(String str, HashAlgo hashAlgo, SignatureAlgoControl signatureAlgoControl) {
        this.hashAlgo = (HashAlgo) Args.notNull(hashAlgo, "hashAlgo");
        this.signatureAlgoControl = signatureAlgoControl;
        this.confPairs = new ConfPairs(Args.notBlank(str, "confWithoutAlgo"));
        if (getConfValue("algo") != null) {
            throw new IllegalArgumentException("confWithoutAlgo may not contain the entry 'algo'");
        }
    }

    public HashAlgo getHashAlgo() {
        return this.hashAlgo;
    }

    public SignatureAlgoControl getSignatureAlgoControl() {
        return this.signatureAlgoControl;
    }

    public void putConfEntry(String str, String str2) {
        this.confPairs.putPair(str, str2);
    }

    public void removeConfEntry(String str) {
        this.confPairs.removePair(str);
    }

    public String getConfValue(String str) {
        return this.confPairs.value(str);
    }

    public String getConf() {
        return this.confPairs.getEncoded();
    }

    public List<X509Certificate> getPeerCertificates() {
        return this.peerCertificates;
    }

    public void setPeerCertificates(List<X509Certificate> list) {
        this.peerCertificates = list;
    }

    public ConfPairs getConfPairs() {
        return this.confPairs;
    }

    public String toString() {
        return toString(true, true);
    }

    public String toString(boolean z, boolean z2) {
        String conf = getConf();
        if (z2) {
            conf = eraseSensitiveData(conf);
        }
        StringBuilder sb = new StringBuilder(conf.length() + 50);
        sb.append("conf: ");
        sb.append(conf);
        if (this.hashAlgo != null) {
            sb.append("\nhash algo: ").append(this.hashAlgo.getName());
        }
        if (this.signatureAlgoControl != null) {
            sb.append("\nsiganture algo control: ").append(this.signatureAlgoControl);
        }
        sb.append("\npeerCertificates: ");
        if (CollectionUtil.isEmpty(this.peerCertificates)) {
            sb.append("null");
        } else {
            for (int i = 0; i < this.peerCertificates.size(); i++) {
                sb.append("\ncert[").append(i).append("]:\n");
                sb.append(X509Util.formatCert(this.peerCertificates.get(i), z));
            }
        }
        return sb.toString();
    }

    public static String eraseSensitiveData(String str) {
        String value;
        if (str == null || !str.toLowerCase().contains("password")) {
            return str;
        }
        try {
            ConfPairs confPairs = new ConfPairs(str);
            for (String str2 : confPairs.names()) {
                if (str2.toLowerCase().contains("password") && (value = confPairs.value(str2)) != null && !StringUtil.startsWithIgnoreCase(value, "PBE:")) {
                    confPairs.putPair(str2, "<sensitive>");
                }
            }
            return confPairs.getEncoded();
        } catch (Exception e) {
            return str;
        }
    }
}
