package org.xipki.security.pkcs11;

import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.util.Arrays;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.crypto.RuntimeCryptoException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.xipki.security.XiContentSigner;
import org.xipki.security.exception.XiSecurityException;
import org.xipki.security.pkcs11.exception.P11TokenException;
import org.xipki.util.LogUtil;
import org.xipki.util.ParamUtil;

/* loaded from: input_file:org/xipki/security/pkcs11/P11MacContentSigner.class */
class P11MacContentSigner implements XiContentSigner {
    private static final Logger LOG = LoggerFactory.getLogger(P11MacContentSigner.class);
    private final P11CryptService cryptService;
    private final P11IdentityId identityId;
    private final AlgorithmIdentifier algorithmIdentifier;
    private final byte[] encodedAlgorithmIdentifier;
    private final long mechanism;
    private final ByteArrayOutputStream outputStream;

    /* JADX INFO: Access modifiers changed from: package-private */
    public P11MacContentSigner(P11CryptService p11CryptService, P11IdentityId p11IdentityId, AlgorithmIdentifier algorithmIdentifier) throws XiSecurityException, P11TokenException {
        this.identityId = (P11IdentityId) ParamUtil.requireNonNull("identityId", p11IdentityId);
        this.cryptService = (P11CryptService) ParamUtil.requireNonNull("cryptService", p11CryptService);
        this.algorithmIdentifier = (AlgorithmIdentifier) ParamUtil.requireNonNull("macAlgId", algorithmIdentifier);
        try {
            this.encodedAlgorithmIdentifier = this.algorithmIdentifier.getEncoded();
            ASN1ObjectIdentifier algorithm = algorithmIdentifier.getAlgorithm();
            if (PKCSObjectIdentifiers.id_hmacWithSHA1.equals(algorithm)) {
                this.mechanism = 545L;
            } else if (PKCSObjectIdentifiers.id_hmacWithSHA224.equals(algorithm)) {
                this.mechanism = 598L;
            } else if (PKCSObjectIdentifiers.id_hmacWithSHA256.equals(algorithm)) {
                this.mechanism = 593L;
            } else if (PKCSObjectIdentifiers.id_hmacWithSHA384.equals(algorithm)) {
                this.mechanism = 609L;
            } else if (PKCSObjectIdentifiers.id_hmacWithSHA512.equals(algorithm)) {
                this.mechanism = 625L;
            } else if (NISTObjectIdentifiers.id_hmacWithSHA3_224.equals(algorithm)) {
                this.mechanism = 694L;
            } else if (NISTObjectIdentifiers.id_hmacWithSHA3_256.equals(algorithm)) {
                this.mechanism = 689L;
            } else if (NISTObjectIdentifiers.id_hmacWithSHA3_384.equals(algorithm)) {
                this.mechanism = 705L;
            } else {
                if (!NISTObjectIdentifiers.id_hmacWithSHA3_512.equals(algorithm)) {
                    throw new IllegalArgumentException("unknown algorithm identifier " + algorithm.getId());
                }
                this.mechanism = 721L;
            }
            this.outputStream = new ByteArrayOutputStream();
        } catch (IOException e) {
            throw new XiSecurityException("could not encode AlgorithmIdentifier", e);
        }
    }

    public AlgorithmIdentifier getAlgorithmIdentifier() {
        return this.algorithmIdentifier;
    }

    public byte[] getEncodedAlgorithmIdentifier() {
        return Arrays.copyOf(this.encodedAlgorithmIdentifier, this.encodedAlgorithmIdentifier.length);
    }

    public OutputStream getOutputStream() {
        this.outputStream.reset();
        return this.outputStream;
    }

    public byte[] getSignature() {
        try {
            byte[] byteArray = this.outputStream.toByteArray();
            this.outputStream.reset();
            return this.cryptService.getIdentity(this.identityId).sign(this.mechanism, null, byteArray);
        } catch (P11TokenException e) {
            LogUtil.warn(LOG, e);
            throw new RuntimeCryptoException("P11TokenException: " + e.getMessage());
        } catch (Throwable th) {
            LogUtil.warn(LOG, th);
            throw new RuntimeCryptoException(th.getClass().getName() + ": " + th.getMessage());
        }
    }
}
