package de.governikus.signer.toolbox.remotesigning;

import de.governikus.signer.toolbox.IdTokenParser;
import java.net.URI;
import java.net.http.HttpClient;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.spec.ECGenParameterSpec;

/* loaded from: input_file:de/governikus/signer/toolbox/remotesigning/RemoteSignatureAPI.class */
public class RemoteSignatureAPI {
    private final URI tokenAugmentationUrl;
    private final URI remoteSignatureServiceUrl;
    private final HttpClient httpClient;
    private final IdTokenParser idTokenParser = new IdTokenParser();

    public RemoteSignatureAPI(URI uri, URI uri2, HttpClient httpClient) {
        this.tokenAugmentationUrl = uri.normalize();
        this.remoteSignatureServiceUrl = uri2.normalize();
        this.httpClient = httpClient;
    }

    public RemoteSigner login(byte[] bArr) {
        KeyPair generateSadKeyPair = generateSadKeyPair();
        byte[] augmentToken = Remote.augmentToken(this.tokenAugmentationUrl, generateSadKeyPair.getPublic(), bArr, this.httpClient);
        return new RemoteSigner(this.remoteSignatureServiceUrl, this.idTokenParser.uuid(bArr), augmentToken, generateSadKeyPair.getPrivate(), this.httpClient);
    }

    private static KeyPair generateSadKeyPair() {
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC");
            keyPairGenerator.initialize(new ECGenParameterSpec("secp521r1"));
            return keyPairGenerator.generateKeyPair();
        } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException e) {
            throw new RemoteSignatureException("failed to generate SAD keypair", e);
        }
    }
}
