package net.jsign.jca;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyStoreException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.util.Base64;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import net.jsign.DigestAlgorithm;

/* loaded from: input_file:net/jsign/jca/AzureTrustedSigningService.class */
public class AzureTrustedSigningService implements SigningService {
    private final RESTClient client;
    private final Map<String, Certificate[]> certificates = new HashMap();
    private long timeout = 60;
    private final Map<String, String> algorithmMapping = new HashMap();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:net/jsign/jca/AzureTrustedSigningService$SignStatus.class */
    public static class SignStatus {
        public byte[] signature;
        public String signingCertificate;

        private SignStatus() {
        }

        public Collection<? extends Certificate> getCertificateChain() throws CertificateException {
            return CertificateFactory.getInstance("X.509").generateCertificates(new ByteArrayInputStream(Base64.getMimeDecoder().decode(this.signingCertificate)));
        }
    }

    public AzureTrustedSigningService(String str, String str2) {
        this.algorithmMapping.put("SHA256withRSA", "RS256");
        this.algorithmMapping.put("SHA384withRSA", "RS384");
        this.algorithmMapping.put("SHA512withRSA", "RS512");
        this.algorithmMapping.put("SHA256withECDSA", "ES256");
        this.algorithmMapping.put("SHA384withECDSA", "ES384");
        this.algorithmMapping.put("SHA512withECDSA", "ES512");
        this.algorithmMapping.put("SHA256withRSA/PSS", "PS256");
        this.algorithmMapping.put("SHA384withRSA/PSS", "PS384");
        this.algorithmMapping.put("SHA512withRSA/PSS", "PS512");
        this.client = new RESTClient(str.startsWith("http") ? str : "https://" + str).authentication(httpURLConnection -> {
            httpURLConnection.setRequestProperty("Authorization", "Bearer " + str2);
        }).errorHandler(map -> {
            if (map.containsKey("errorDetail")) {
                Map map = (Map) map.get("errorDetail");
                return map.get("code") + " - " + map.get("message");
            }
            return map.get("status") + " - " + map.get("title") + ": " + JsonWriter.format(map.get("errors"));
        });
    }

    void setTimeout(int i) {
        this.timeout = i;
    }

    @Override // net.jsign.jca.SigningService
    public String getName() {
        return "TrustedSigning";
    }

    @Override // net.jsign.jca.SigningService
    public List<String> aliases() throws KeyStoreException {
        return Collections.emptyList();
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // net.jsign.jca.SigningService
    public Certificate[] getCertificateChain(String str) throws KeyStoreException {
        if (!this.certificates.containsKey(str)) {
            try {
                this.certificates.put(str, sign(str.substring(0, str.indexOf(47)), str.substring(str.indexOf(47) + 1), "RS256", new byte[32]).getCertificateChain().toArray(new Certificate[0]));
            } catch (Exception e) {
                throw new KeyStoreException("Unable to retrieve the certificate chain '" + str + "'", e);
            }
        }
        return this.certificates.get(str);
    }

    @Override // net.jsign.jca.SigningService
    public SigningServicePrivateKey getPrivateKey(String str, char[] cArr) throws UnrecoverableKeyException {
        return new SigningServicePrivateKey(str, "RSA", this);
    }

    @Override // net.jsign.jca.SigningService
    public byte[] sign(SigningServicePrivateKey signingServicePrivateKey, String str, byte[] bArr) throws GeneralSecurityException {
        String str2 = this.algorithmMapping.get(str);
        if (str2 == null) {
            throw new InvalidAlgorithmParameterException("Unsupported signing algorithm: " + str);
        }
        byte[] digest = DigestAlgorithm.of(str.substring(0, str.toLowerCase().indexOf("with"))).getMessageDigest().digest(bArr);
        String id = signingServicePrivateKey.getId();
        try {
            return sign(id.substring(0, id.indexOf(47)), id.substring(id.indexOf(47) + 1), str2, digest).signature;
        } catch (IOException e) {
            throw new GeneralSecurityException(e);
        }
    }

    private SignStatus sign(String str, String str2, String str3, byte[] bArr) throws IOException {
        HashMap hashMap = new HashMap();
        hashMap.put("signatureAlgorithm", str3);
        hashMap.put("digest", Base64.getEncoder().encodeToString(bArr));
        Map<String, ?> post = this.client.post("/codesigningaccounts/" + str + "/certificateprofiles/" + str2 + "/sign?api-version=2022-06-15-preview", JsonWriter.format(hashMap));
        String str4 = (String) post.get("operationId");
        long currentTimeMillis = System.currentTimeMillis();
        int i = 0;
        while (true) {
            if (System.currentTimeMillis() - currentTimeMillis >= this.timeout * 1000) {
                break;
            }
            try {
                int i2 = i;
                i++;
                Thread.sleep(Math.min(1000, 50 + (10 * i2)));
                post = this.client.get("/codesigningaccounts/" + str + "/certificateprofiles/" + str2 + "/sign/" + str4 + "?api-version=2022-06-15-preview");
                String str5 = (String) post.get("status");
                if (!"InProgress".equals(str5)) {
                    if (!"Succeeded".equals(str5)) {
                        throw new IOException("Signing operation " + str4 + " failed: " + str5);
                    }
                }
            } catch (InterruptedException e) {
            }
        }
        if (!"Succeeded".equals(post.get("status"))) {
            throw new IOException("Signing operation " + str4 + " timed out");
        }
        SignStatus signStatus = new SignStatus();
        signStatus.signature = Base64.getDecoder().decode((String) post.get("signature"));
        signStatus.signingCertificate = new String(Base64.getDecoder().decode((String) post.get("signingCertificate")));
        return signStatus;
    }
}
