package io.intino.alexandria.restful.core;

import java.net.URL;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Security;
import java.security.Signature;
import java.security.SignatureException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertStore;
import java.security.cert.Certificate;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Map;
import org.bouncycastle.cms.CMSProcessableByteArray;
import org.bouncycastle.cms.CMSSignedDataGenerator;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.util.encoders.Base64;

/* loaded from: input_file:io/intino/alexandria/restful/core/Signer.class */
class Signer {
    private static final String ParameterMask = "%s=%s";

    /* JADX INFO: Access modifiers changed from: package-private */
    public String hash(Map<String, String> map, long j) {
        StringBuilder sb = new StringBuilder();
        for (Map.Entry<String, String> entry : map.entrySet()) {
            sb.append(String.format(ParameterMask, entry.getKey(), entry.getValue()));
            sb.append("&");
        }
        sb.append(String.format(ParameterMask, "timestamp", String.valueOf(j)));
        return sb.toString();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String sign(String str, URL url, String str2) throws Exception {
        return new String(Base64.encode(signText(str.getBytes(), url, str2)));
    }

    private byte[] signText(byte[] bArr, URL url, String str) throws Exception {
        KeyStore keyStore = KeyStore.getInstance("PKCS12");
        keyStore.load(url.openStream(), str.toCharArray());
        String nextElement = keyStore.aliases().nextElement();
        return createSignature(bArr, nextElement, keyStore, new X509Certificate[]{(X509Certificate) keyStore.getCertificate(nextElement)}, str.toCharArray());
    }

    private byte[] createSignature(byte[] bArr, String str, KeyStore keyStore, X509Certificate[] x509CertificateArr, char[] cArr) throws Exception {
        ExternalSignatureCMSSignedDataGenerator externalSignatureCMSSignedDataGenerator = new ExternalSignatureCMSSignedDataGenerator();
        ExternalSignatureSignerInfoGenerator externalSignatureSignerInfoGenerator = new ExternalSignatureSignerInfoGenerator(CMSSignedDataGenerator.DIGEST_SHA1, CMSSignedDataGenerator.ENCRYPTION_RSA);
        byte[] signMessage = signMessage(bArr, keyStore, str, cArr);
        externalSignatureSignerInfoGenerator.setCertificate(x509CertificateArr[0]);
        externalSignatureSignerInfoGenerator.setSignedBytes(signMessage);
        externalSignatureCMSSignedDataGenerator.addSignerInf(externalSignatureSignerInfoGenerator);
        externalSignatureCMSSignedDataGenerator.addCertificatesAndCRLs(getCertStore(x509CertificateArr));
        return externalSignatureCMSSignedDataGenerator.generate(new CMSProcessableByteArray(bArr), true).getEncoded();
    }

    private CertStore getCertStore(Certificate[] certificateArr) throws GeneralSecurityException {
        ArrayList arrayList = new ArrayList();
        int length = certificateArr == null ? 0 : certificateArr.length;
        for (int i = 0; i < length; i++) {
            arrayList.add(certificateArr[i]);
        }
        return CertStore.getInstance("Collection", new CollectionCertStoreParameters(arrayList), "BC");
    }

    private byte[] signMessage(byte[] bArr, KeyStore keyStore, String str, char[] cArr) throws UnrecoverableKeyException, KeyStoreException, NoSuchAlgorithmException, InvalidKeyException, SignatureException {
        PrivateKey privateKey = (PrivateKey) keyStore.getKey(str, cArr);
        if (privateKey == null) {
            return null;
        }
        Signature signature = Signature.getInstance("SHA1withRSA", keyStore.getProvider());
        signature.initSign(privateKey);
        signature.update(bArr);
        return signature.sign();
    }

    static {
        Security.addProvider(new BouncyCastleProvider());
    }
}
