package org.cesecore.audit.audit;

import java.io.File;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.util.Map;
import org.apache.commons.io.FileUtils;
import org.apache.commons.io.FilenameUtils;
import org.cesecore.keys.token.CryptoToken;
import org.cesecore.keys.token.CryptoTokenOfflineException;
import org.cesecore.util.Base64;

/* loaded from: input_file:org/cesecore/audit/audit/SigningFileOutputStream.class */
public class SigningFileOutputStream extends FileOutputStream {
    public static final String EXPORT_SIGN_CERT = "cert";
    public static final String EXPORT_SIGN_ALG = "alg";
    public static final String EXPORT_SIGN_KEYALIAS = "key";
    final Signature signature;
    final Signature signValidate;
    final String signatureFilename;

    public SigningFileOutputStream(File file, CryptoToken cryptoToken, Map<String, Object> map) throws FileNotFoundException, CryptoTokenOfflineException, NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException {
        super(file);
        this.signatureFilename = String.format("%s.sig", FilenameUtils.removeExtension(file.getAbsolutePath()));
        String str = (String) map.get(EXPORT_SIGN_KEYALIAS);
        PrivateKey privateKey = cryptoToken.getPrivateKey(str);
        PublicKey publicKey = cryptoToken.getPublicKey(str);
        String str2 = (String) map.get(EXPORT_SIGN_ALG);
        this.signature = Signature.getInstance(str2, cryptoToken.getSignProviderName());
        this.signature.initSign(privateKey);
        this.signValidate = Signature.getInstance(str2, cryptoToken.getSignProviderName());
        Certificate certificate = (Certificate) map.get(EXPORT_SIGN_CERT);
        if (certificate != null) {
            this.signValidate.initVerify(certificate);
        } else {
            this.signValidate.initVerify(publicKey);
        }
    }

    @Override // java.io.FileOutputStream, java.io.OutputStream
    public void write(byte[] bArr) throws IOException {
        super.write(bArr);
        try {
            this.signature.update(bArr);
            this.signValidate.update(bArr);
        } catch (SignatureException e) {
            throw new IOException(e);
        }
    }

    @Override // java.io.FileOutputStream, java.io.OutputStream
    public void write(int i) throws IOException {
        super.write(i);
        try {
            this.signature.update((byte) i);
            this.signValidate.update((byte) i);
        } catch (SignatureException e) {
            throw new IOException(e);
        }
    }

    @Override // java.io.FileOutputStream, java.io.OutputStream
    public void write(byte[] bArr, int i, int i2) throws IOException {
        super.write(bArr, i, i2);
        try {
            this.signature.update(bArr, i, i2);
            this.signValidate.update(bArr, i, i2);
        } catch (SignatureException e) {
            throw new IOException(e);
        }
    }

    public String writeSignature() throws SignatureException, AuditLogExporterException, IOException {
        byte[] sign = this.signature.sign();
        if (!this.signValidate.verify(sign)) {
            throw new AuditLogExporterException("export file signature mismatch");
        }
        FileUtils.writeStringToFile(new File(this.signatureFilename), new String(Base64.encode(sign)));
        return this.signatureFilename;
    }
}
