package xades4j.providers.impl;

import java.io.IOException;
import java.security.KeyStore;
import java.security.Provider;
import java.security.ProviderException;
import java.security.Security;
import java.security.cert.X509Certificate;
import javax.security.auth.callback.PasswordCallback;
import xades4j.providers.impl.KeyStoreKeyingDataProvider;
import xades4j.utils.FileUtils;

/* loaded from: input_file:xades4j/providers/impl/PKCS11KeyStoreKeyingDataProvider.class */
public final class PKCS11KeyStoreKeyingDataProvider extends KeyStoreKeyingDataProvider {
    private static final String SUN_PKCS11_PROVIDER = "SunPKCS11";

    /* loaded from: input_file:xades4j/providers/impl/PKCS11KeyStoreKeyingDataProvider$Builder.class */
    public static final class Builder {
        private final String nativeLibraryPath;
        private final KeyStoreKeyingDataProvider.SigningCertificateSelector certificateSelector;
        private String providerName;
        private boolean fullChain = false;
        private Integer slotId;
        private KeyStoreKeyingDataProvider.KeyStorePasswordProvider storePasswordProvider;
        private KeyStoreKeyingDataProvider.KeyEntryPasswordProvider entryPasswordProvider;

        private Builder(String str, KeyStoreKeyingDataProvider.SigningCertificateSelector signingCertificateSelector) {
            this.nativeLibraryPath = str;
            this.certificateSelector = signingCertificateSelector;
            this.providerName = "xades4j-" + str;
        }

        public PKCS11KeyStoreKeyingDataProvider build() {
            return new PKCS11KeyStoreKeyingDataProvider(this);
        }

        public Builder providerName(String str) {
            this.providerName = str;
            return this;
        }

        public Builder slot(int i) {
            this.slotId = Integer.valueOf(i);
            return this;
        }

        public Builder storePassword(KeyStoreKeyingDataProvider.KeyStorePasswordProvider keyStorePasswordProvider) {
            this.storePasswordProvider = keyStorePasswordProvider;
            return this;
        }

        public Builder entryPassword(KeyStoreKeyingDataProvider.KeyEntryPasswordProvider keyEntryPasswordProvider) {
            this.entryPasswordProvider = keyEntryPasswordProvider;
            return this;
        }

        public Builder fullChain(boolean z) {
            this.fullChain = z;
            return this;
        }
    }

    public static Builder builder(String str, KeyStoreKeyingDataProvider.SigningCertificateSelector signingCertificateSelector) {
        return new Builder(str, signingCertificateSelector);
    }

    private PKCS11KeyStoreKeyingDataProvider(Builder builder) {
        super(protectionParameter -> {
            Provider createProvider = createProvider(serializeConfiguration(builder.providerName, builder.nativeLibraryPath, builder.slotId));
            if (Security.addProvider(createProvider) == -1) {
                throw new ProviderException("PKCS11 provider already installed");
            }
            return KeyStore.Builder.newInstance("PKCS11", createProvider, protectionParameter);
        }, builder.certificateSelector, builder.storePasswordProvider, builder.entryPasswordProvider, builder.fullChain);
    }

    private static String serializeConfiguration(String str, String str2, Integer num) {
        String property = System.getProperty("line.separator");
        StringBuilder append = new StringBuilder().append("name = ").append(str).append(property).append("library = ").append(str2).append(property);
        if (num != null) {
            append.append("slot = ").append(num).append(property);
        }
        return append.toString();
    }

    private static Provider createProvider(String str) {
        try {
            Provider provider = Security.getProvider(SUN_PKCS11_PROVIDER);
            if (provider == null) {
                throw new ProviderException("PKCS11 provider not available");
            }
            return provider.configure(FileUtils.writeTempFile(str));
        } catch (IOException e) {
            throw new ProviderException("Cannot configure PKCS11 provider", e);
        }
    }

    @Override // xades4j.providers.impl.KeyStoreKeyingDataProvider
    protected KeyStore.ProtectionParameter getKeyProtection(String str, X509Certificate x509Certificate, KeyStoreKeyingDataProvider.KeyEntryPasswordProvider keyEntryPasswordProvider) {
        if (null == keyEntryPasswordProvider) {
            return null;
        }
        return new KeyStore.CallbackHandlerProtection(callbackArr -> {
            ((PasswordCallback) callbackArr[0]).setPassword(keyEntryPasswordProvider.getPassword(str, x509Certificate));
        });
    }

    public static boolean isProviderAvailable() {
        return Security.getProvider(SUN_PKCS11_PROVIDER) != null;
    }
}
