package com.gss.eid.common.pdf;

import java.io.IOException;
import java.io.InputStream;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import okio.getConfig;
import org.spongycastle.cert.jcajce.JcaCertStore;
import org.spongycastle.cms.CMSException;
import org.spongycastle.cms.CMSSignedData;
import org.spongycastle.cms.CMSSignedDataGenerator;
import org.spongycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder;
import org.spongycastle.operator.OperatorCreationException;
import org.spongycastle.operator.jcajce.JcaContentSignerBuilder;
import org.spongycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;

/* loaded from: classes.dex */
public abstract class CreateSignatureBase implements getConfig {
    private Certificate[] certificateChain;
    private boolean externalSigning;
    private PrivateKey privateKey;
    private String tsaUrl;

    public CreateSignatureBase(KeyStore keyStore, char[] cArr) {
        Certificate certificate;
        keyStore.aliases();
        setPrivateKey((PrivateKey) keyStore.getKey("gss_eid", cArr));
        Certificate[] certificateChain = keyStore.getCertificateChain("gss_eid");
        if (certificateChain != null) {
            setCertificateChain(certificateChain);
            certificate = certificateChain[0];
            if (certificate instanceof X509Certificate) {
                X509Certificate x509Certificate = (X509Certificate) certificate;
                x509Certificate.checkValidity();
                SigUtils.checkCertificateUsage(x509Certificate);
            }
        } else {
            certificate = null;
        }
        if (certificate == null) {
            throw new IOException("Could not find certificate");
        }
    }

    public Certificate[] getCertificateChain() {
        return this.certificateChain;
    }

    public boolean isExternalSigning() {
        return this.externalSigning;
    }

    public final void setCertificateChain(Certificate[] certificateArr) {
        this.certificateChain = certificateArr;
    }

    public void setExternalSigning(boolean z) {
        this.externalSigning = z;
    }

    public final void setPrivateKey(PrivateKey privateKey) {
        this.privateKey = privateKey;
    }

    public void setTsaUrl(String str) {
        this.tsaUrl = str;
    }

    @Override // okio.getConfig
    public byte[] sign(InputStream inputStream) {
        try {
            CMSSignedDataGenerator cMSSignedDataGenerator = new CMSSignedDataGenerator();
            X509Certificate x509Certificate = (X509Certificate) this.certificateChain[0];
            cMSSignedDataGenerator.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().build()).build(new JcaContentSignerBuilder("SHA256WithRSA").build(this.privateKey), x509Certificate));
            cMSSignedDataGenerator.addCertificates(new JcaCertStore(Arrays.asList(this.certificateChain)));
            CMSSignedData generate = cMSSignedDataGenerator.generate(new CMSProcessableInputStream(inputStream), false);
            String str = this.tsaUrl;
            if (str != null && str.length() > 0) {
                generate = new ValidationTimeStamp(this.tsaUrl).addSignedTimeStamp(generate);
            }
            return generate.getEncoded();
        } catch (GeneralSecurityException e) {
            throw new IOException(e);
        } catch (CMSException e2) {
            throw new IOException(e2);
        } catch (OperatorCreationException e3) {
            throw new IOException(e3);
        }
    }
}
