package ru.infotech24.apk23main.security.oauth;

import java.io.FileInputStream;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.Security;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Enumeration;
import org.apache.commons.codec.binary.Base64;
import org.bouncycastle.cert.jcajce.JcaCertStore;
import org.bouncycastle.cms.CMSProcessableByteArray;
import org.bouncycastle.cms.CMSSignedDataGenerator;
import org.bouncycastle.cms.CMSTypedData;
import org.bouncycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Service;

@Service
/* loaded from: input_file:BOOT-INF/classes/ru/infotech24/apk23main/security/oauth/SignatureService.class */
public class SignatureService {

    @Value("${esia.keystore-path}")
    private String pathToKeystore;

    @Value("${esia.keystore-password}")
    private String keystorePassword;
    private static final String providerName = "BC";

    public String sign(String str) throws Exception {
        return Base64.encodeBase64URLSafeString(signPkcs7(str.getBytes()));
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v2, types: [org.bouncycastle.cms.CMSTypedData, org.bouncycastle.cms.CMSProcessableByteArray] */
    private byte[] signPkcs7(byte[] bArr) throws Exception {
        return createGenerator().generate((CMSTypedData) new CMSProcessableByteArray(bArr), true).getEncoded();
    }

    private CMSSignedDataGenerator createGenerator() throws Exception {
        boolean z = this.pathToKeystore.endsWith(".pfx") || this.pathToKeystore.endsWith(".p12");
        String str = z ? "pkcs12" : "jks";
        KeyStore keyStore = z ? KeyStore.getInstance(str, providerName) : KeyStore.getInstance(str);
        char[] charArray = this.keystorePassword.toCharArray();
        FileInputStream fileInputStream = new FileInputStream(this.pathToKeystore);
        Throwable th = null;
        try {
            try {
                keyStore.load(fileInputStream, charArray);
                if (fileInputStream != null) {
                    if (0 != 0) {
                        try {
                            fileInputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        fileInputStream.close();
                    }
                }
                String str2 = null;
                Enumeration<String> aliases = keyStore.aliases();
                while (true) {
                    if (!aliases.hasMoreElements()) {
                        break;
                    }
                    String nextElement = aliases.nextElement();
                    if (keyStore.isKeyEntry(nextElement)) {
                        str2 = nextElement;
                        break;
                    }
                }
                if (str2 == null) {
                    throw new Exception("Не найден keyAlias в контейнере сертификата для ЕСИА");
                }
                Certificate[] certificateChain = keyStore.getCertificateChain(str2);
                ArrayList arrayList = new ArrayList();
                Collections.addAll(arrayList, certificateChain);
                X509Certificate x509Certificate = (X509Certificate) keyStore.getCertificate(str2);
                ContentSigner build = new JcaContentSignerBuilder(x509Certificate.getSigAlgName()).setProvider(providerName).build((PrivateKey) keyStore.getKey(str2, charArray));
                CMSSignedDataGenerator cMSSignedDataGenerator = new CMSSignedDataGenerator();
                cMSSignedDataGenerator.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().setProvider(providerName).build()).build(build, x509Certificate));
                cMSSignedDataGenerator.addCertificates(new JcaCertStore(arrayList));
                return cMSSignedDataGenerator;
            } finally {
            }
        } catch (Throwable th3) {
            if (fileInputStream != null) {
                if (th != null) {
                    try {
                        fileInputStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    fileInputStream.close();
                }
            }
            throw th3;
        }
    }

    static {
        BouncyCastleProvider bouncyCastleProvider = new BouncyCastleProvider();
        Security.removeProvider(bouncyCastleProvider.getName());
        Security.addProvider(bouncyCastleProvider);
    }
}
