package com.gss.eid.common.pdf;

import ay.e;
import java.io.IOException;
import java.io.InputStream;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import ob.c;
import ty.a;
import zx.g;
import zx.n;
import zx.o;

/* loaded from: classes2.dex */
public abstract class CreateSignatureBase implements c {
    String alias = "gss_eid";
    private Certificate[] certificateChain;
    private boolean externalSigning;
    private PrivateKey privateKey;
    private String tsaUrl;

    public CreateSignatureBase(KeyStore keyStore, char[] cArr) {
        Certificate certificate;
        keyStore.aliases();
        setPrivateKey((PrivateKey) keyStore.getKey(this.alias, cArr));
        Certificate[] certificateChain = keyStore.getCertificateChain(this.alias);
        if (certificateChain != null) {
            setCertificateChain(certificateChain);
            certificate = certificateChain[0];
            if (certificate instanceof X509Certificate) {
                X509Certificate x509Certificate = (X509Certificate) certificate;
                x509Certificate.checkValidity();
                SigUtils.checkCertificateUsage(x509Certificate);
            }
        } else {
            certificate = null;
        }
        if (certificate == null) {
            throw new IOException("Could not find certificate");
        }
    }

    public Certificate[] getCertificateChain() {
        return this.certificateChain;
    }

    public boolean isExternalSigning() {
        return this.externalSigning;
    }

    public final void setCertificateChain(Certificate[] certificateArr) {
        this.certificateChain = certificateArr;
    }

    public void setExternalSigning(boolean z10) {
        this.externalSigning = z10;
    }

    public final void setPrivateKey(PrivateKey privateKey) {
        this.privateKey = privateKey;
    }

    public void setTsaUrl(String str) {
        this.tsaUrl = str;
    }

    @Override // ob.c
    public byte[] sign(InputStream inputStream) {
        try {
            o oVar = new o();
            X509Certificate x509Certificate = (X509Certificate) this.certificateChain[0];
            oVar.b(new e(new ty.c().b()).a(new a("SHA256WithRSA").b(this.privateKey), x509Certificate));
            oVar.a(new xx.c(Arrays.asList(this.certificateChain)));
            n c11 = oVar.c(new CMSProcessableInputStream(inputStream), false);
            String str = this.tsaUrl;
            if (str != null && str.length() > 0) {
                c11 = new ValidationTimeStamp(this.tsaUrl).addSignedTimeStamp(c11);
            }
            return c11.getEncoded();
        } catch (GeneralSecurityException e11) {
            throw new IOException(e11);
        } catch (sy.o e12) {
            throw new IOException(e12);
        } catch (g e13) {
            throw new IOException(e13);
        }
    }
}
