package de.governikus.signer.toolbox.remotesigning;

import java.io.IOException;
import java.net.URI;
import java.net.http.HttpClient;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.SignatureException;
import java.util.List;
import java.util.stream.Collectors;
import org.bouncycastle.asn1.ASN1Encodable;

/* loaded from: input_file:de/governikus/signer/toolbox/remotesigning/RemoteSigner.class */
public class RemoteSigner {
    private final URI remoteSignatureServiceUrl;
    private final String uuid;
    private final byte[] augmentedToken;
    private final PrivateKey sadSigningKey;
    private final HttpClient httpClient;

    public List<byte[]> sign(HashAlgorithm hashAlgorithm, String str, List<byte[]> list) {
        SadTbs sadTbs = new SadTbs(this.augmentedToken, str, hashAlgorithm.toAlgorithmIdentifier(), list);
        return Remote.remoteSign(this.remoteSignatureServiceUrl, encode(new SignatureActivationData(sadTbs, signSad(encode(sadTbs), this.sadSigningKey))), this.httpClient);
    }

    public List<byte[]> sign(HashAlgorithm hashAlgorithm, RemoteSignatureKey remoteSignatureKey, List<byte[]> list) {
        return sign(hashAlgorithm, remoteSignatureKey.getKeyId(), list);
    }

    public List<RemoteSignatureKey> listKeys(URI uri) {
        return (List) Remote.listKeys(uri, this.uuid, this.augmentedToken, this.httpClient).stream().map((v0) -> {
            return v0.toRemoteSignatureKey();
        }).collect(Collectors.toList());
    }

    private static byte[] encode(ASN1Encodable aSN1Encodable) {
        try {
            return aSN1Encodable.toASN1Primitive().getEncoded("DER");
        } catch (IOException e) {
            throw new RemoteSignatureException("failed to encode IdentityToken", e);
        }
    }

    private static byte[] signSad(byte[] bArr, PrivateKey privateKey) {
        try {
            Signature signature = Signature.getInstance("SHA256withECDSA");
            signature.initSign(privateKey);
            signature.update(bArr);
            return signature.sign();
        } catch (InvalidKeyException | NoSuchAlgorithmException | SignatureException e) {
            throw new RemoteSignatureException("failed to sign SAD", e);
        }
    }

    public RemoteSigner(URI uri, String str, byte[] bArr, PrivateKey privateKey, HttpClient httpClient) {
        this.remoteSignatureServiceUrl = uri;
        this.uuid = str;
        this.augmentedToken = bArr;
        this.sadSigningKey = privateKey;
        this.httpClient = httpClient;
    }
}
