package org.posper.fiscal.at;

import java.io.IOException;
import java.nio.charset.Charset;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.ProviderException;
import java.security.Security;
import java.security.Signature;
import java.security.SignatureException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import org.apache.log4j.Level;
import org.apache.log4j.Logger;
import org.posper.tpv.forms.AppConfig;
import org.posper.tpv.util.AltEncrypter;
import org.posper.tpv.util.Base64;
import sun.security.pkcs11.SunPKCS11;

/* loaded from: input_file:org/posper/fiscal/at/PKCS11JWSModule.class */
public class PKCS11JWSModule extends AbstractJWSModule {
    private final String KEY_PIN;
    private KeyStore ks;
    protected List<Certificate> certificateChain;
    protected X509Certificate signingCertificate;
    protected String pin;
    private final String KEY_ALIAS = AppConfig.getInstance().getProperty("fiscal.at.pkcs11.key");
    private final String CFG_FILE = AppConfig.getInstance().getProperty("fiscal.at.pkcs11.cfgfile");

    public PKCS11JWSModule() throws GeneralSecurityException {
        String property = AppConfig.getInstance().getProperty("fiscal.at.pkcs11.pin");
        if (this.KEY_ALIAS != null && property != null && property.startsWith("crypt:")) {
            property = new AltEncrypter("posper" + this.KEY_ALIAS).decrypt(property.substring(6));
        }
        this.KEY_PIN = property;
        try {
            Security.addProvider(new SunPKCS11(this.CFG_FILE));
            this.ks = KeyStore.getInstance("PKCS11");
            if (this.KEY_PIN == null || this.KEY_PIN.isEmpty()) {
                this.ks.load(null, null);
            } else {
                this.ks.load(null, this.KEY_PIN.toCharArray());
            }
            this.signingCertificate = (X509Certificate) this.ks.getCertificate(this.KEY_ALIAS);
            Logger.getLogger(getClass().getName()).log(Level.INFO, "Using certificate Subject: " + this.signingCertificate.getSubjectX500Principal().getName() + " SerNo: " + this.signingCertificate.getSerialNumber().toString());
        } catch (IOException | GeneralSecurityException | ProviderException e) {
            Logger.getLogger(getClass().getName()).log(Level.ERROR, "Cannot initialize smart card", e);
            throw new GeneralSecurityException("Cannot initialize smart card", e);
        }
    }

    private PrivateKey getSigningKey() throws GeneralSecurityException {
        try {
            return (PrivateKey) this.ks.getKey(this.KEY_ALIAS, null);
        } catch (KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException e) {
            Logger.getLogger(getClass().getName()).log(Level.ERROR, "Cannot get signing key", e);
            throw new GeneralSecurityException(e);
        }
    }

    @Override // org.posper.fiscal.at.JWSModule
    public Certificate getSigningCertificate() throws GeneralSecurityException {
        try {
            return this.ks.getCertificate(this.KEY_ALIAS);
        } catch (KeyStoreException e) {
            Logger.getLogger(getClass().getName()).log(Level.ERROR, "Cannot get certificate");
            throw new GeneralSecurityException(e);
        }
    }

    @Override // org.posper.fiscal.at.JWSModule
    public List<Certificate> getCertificateChain() throws GeneralSecurityException {
        try {
            return new ArrayList(Arrays.asList(this.ks.getCertificateChain(this.KEY_ALIAS)));
        } catch (KeyStoreException e) {
            Logger.getLogger(getClass().getName()).log(Level.ERROR, "Cannot get certificate chain");
            throw new GeneralSecurityException(e);
        }
    }

    @Override // org.posper.fiscal.at.AbstractJWSModule
    protected String sign(String str) throws GeneralSecurityException {
        try {
            Signature signature = Signature.getInstance("SHA256withECDSA");
            signature.initSign(getSigningKey());
            signature.update(str.getBytes(Charset.forName("UTF-8")));
            return Base64.encodeUrl(CashBoxUtils.convertDerToConcatenated(signature.sign(), 64));
        } catch (IOException | InvalidKeyException | NoSuchAlgorithmException | SignatureException e) {
            Logger.getLogger(getClass().getName()).log(Level.WARN, "Cannot sign");
            Logger.getLogger(getClass().getName()).log(Level.DEBUG, "Cannot sign", e);
            throw new GeneralSecurityException(e);
        }
    }
}
