package com.bfo.netkeystore.client;

import com.bfo.json.Json;
import com.bfo.netkeystore.client.OAuth2;
import java.io.IOException;
import java.io.InputStream;
import java.net.HttpURLConnection;
import java.net.URI;
import java.security.AlgorithmParameters;
import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Base64;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:com/bfo/netkeystore/client/CSCServer.class */
public class CSCServer implements Server {
    private static final int TIMEOUT = 15;
    private final Core core;
    private boolean auto;
    private Collection<SignatureAlgorithm> acceptedAlgorithms = new HashSet();
    private String name;
    private Json config;
    private Json info;
    private int version;
    private String url;
    private SSLContext clientssl;
    private SSLContext serverssl;
    private Authentication auth;
    private HostnameVerifier hostnameVerifier;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/bfo/netkeystore/client/CSCServer$Authentication.class */
    public interface Authentication {
        String type();

        void login() throws IOException;

        default void shutdown() {
        }

        String getAuthorization() throws IOException;
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/bfo/netkeystore/client/CSCServer$BasicAuthentication.class */
    public final class BasicAuthentication implements Authentication {
        private final CallbackHandler callbackHandler;
        private String username;
        private char[] password;
        private String accessToken;
        private String refreshToken;
        private long expiry;

        BasicAuthentication(String str, char[] cArr, CallbackHandler callbackHandler) {
            this.username = str;
            this.password = cArr;
            this.callbackHandler = callbackHandler;
        }

        @Override // com.bfo.netkeystore.client.CSCServer.Authentication
        public String type() {
            return "basic";
        }

        @Override // com.bfo.netkeystore.client.CSCServer.Authentication
        public void login() throws IOException {
            if (System.currentTimeMillis() > this.expiry) {
                this.accessToken = null;
            }
            if (this.accessToken == null) {
                Json read = Json.read("{}");
                if (0 != 0) {
                    read.put("rememberMe", true);
                }
                Reply send = CSCServer.this.send("POST", CSCServer.this.baseurl() + "auth/login", read, this);
                if (send.code != 200) {
                    throw new IOException(send.url + " returned " + send.code + ": " + send.json);
                }
                this.accessToken = send.json.stringValue("access_token");
                this.refreshToken = send.json.stringValue("refresh_token");
                this.expiry = (System.currentTimeMillis() + ((send.json.has("expires_in") ? send.json.intValue("expires_in") : 3600) * 1000)) - 5000;
            }
        }

        @Override // com.bfo.netkeystore.client.CSCServer.Authentication
        public String getAuthorization() throws IOException {
            if (this.accessToken != null) {
                return "Bearer " + this.accessToken;
            }
            if (this.callbackHandler != null && (this.username == null || this.password == null)) {
                NameCallback nameCallback = this.username == null ? new NameCallback("Name: ") : null;
                PasswordCallback passwordCallback = this.password == null ? new PasswordCallback("Password: ", false) : null;
                try {
                    this.callbackHandler.handle((nameCallback == null || passwordCallback == null) ? nameCallback != null ? new Callback[]{nameCallback} : new Callback[]{passwordCallback} : new Callback[]{nameCallback, passwordCallback});
                    if (nameCallback != null) {
                        this.username = nameCallback.getName();
                    }
                    if (passwordCallback != null) {
                        this.password = passwordCallback.getPassword();
                    }
                } catch (UnsupportedCallbackException e) {
                    throw ((IOException) new IOException("Can't authorize").initCause(e));
                }
            }
            if (this.username == null || this.password == null) {
                return null;
            }
            return "Basic " + Base64.getEncoder().encodeToString((this.username + ":" + new String(this.password)).getBytes("UTF-8"));
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/bfo/netkeystore/client/CSCServer$OAuth2Authentication.class */
    public final class OAuth2Authentication implements Authentication {
        private final OAuth2 oauth2;
        private String accessToken;

        OAuth2Authentication(OAuth2 oAuth2) {
            this.oauth2 = oAuth2;
        }

        @Override // com.bfo.netkeystore.client.CSCServer.Authentication
        public String type() {
            return "oauth2code";
        }

        @Override // com.bfo.netkeystore.client.CSCServer.Authentication
        public void login() throws IOException {
            this.accessToken = this.oauth2.getAccessToken();
        }

        @Override // com.bfo.netkeystore.client.CSCServer.Authentication
        public void shutdown() {
        }

        @Override // com.bfo.netkeystore.client.CSCServer.Authentication
        public String getAuthorization() throws IOException {
            if (this.accessToken == null) {
                return null;
            }
            return "Bearer " + this.accessToken;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/bfo/netkeystore/client/CSCServer$Reply.class */
    public static final class Reply {
        final String url;
        final int code;
        final Map<String, List<String>> headers;
        final Json json;

        Reply(String str, int i, Map<String, List<String>> map, Json json) {
            this.url = str;
            this.code = i;
            this.headers = map;
            this.json = json;
        }

        public String toString() {
            Json read = Json.read("{}");
            read.put("url", this.url);
            read.put("code", Integer.valueOf(this.code));
            read.put("headers", this.headers);
            if (this.json != null) {
                read.put("body", this.json);
            }
            return read.toString();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public CSCServer(Core core) {
        this.core = core;
    }

    @Override // com.bfo.netkeystore.client.Server
    public void configure(String str, Json json, boolean z) throws Exception {
        int indexOf;
        this.auto = z;
        this.name = str;
        this.config = json;
        this.url = json.stringValue("url");
        this.version = -1;
        if (this.url == null) {
            throw new IllegalArgumentException("URL is null");
        }
        if (this.url.endsWith("/")) {
            this.url = this.url.substring(0, this.url.length() - 1);
        }
        if (this.version < 0 && (indexOf = this.url.indexOf("/csc/v")) > 0) {
            try {
                this.version = Integer.parseInt(this.url.substring(indexOf + 6));
                this.url = this.url.substring(0, indexOf);
            } catch (Exception e) {
            }
        }
        String stringValue = json.isMap("client") ? json.get("client").stringValue("keystore") : null;
        String stringValue2 = json.isMap("client") ? json.get("client").stringValue("password") : null;
        if (z || "insecure".equals(stringValue)) {
            this.clientssl = SSLContext.getInstance("TLS");
            this.clientssl.init(null, new TrustManager[]{new X509TrustManager() { // from class: com.bfo.netkeystore.client.CSCServer.1
                @Override // javax.net.ssl.X509TrustManager
                public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str2) {
                }

                @Override // javax.net.ssl.X509TrustManager
                public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str2) {
                }

                @Override // javax.net.ssl.X509TrustManager
                public X509Certificate[] getAcceptedIssuers() {
                    return null;
                }
            }}, null);
            this.hostnameVerifier = new HostnameVerifier() { // from class: com.bfo.netkeystore.client.CSCServer.2
                @Override // javax.net.ssl.HostnameVerifier
                public boolean verify(String str2, SSLSession sSLSession) {
                    return true;
                }
            };
        } else if (stringValue != null) {
            KeyStore loadKeyStore = this.core.loadKeyStore(stringValue, stringValue2);
            this.clientssl = SSLContext.getInstance("TLS");
            KeyManagerFactory keyManagerFactory = null;
            if (stringValue2 != null) {
                keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
                keyManagerFactory.init(loadKeyStore, stringValue2.toCharArray());
            }
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("SunX509");
            trustManagerFactory.init(loadKeyStore);
            this.clientssl.init(keyManagerFactory != null ? keyManagerFactory.getKeyManagers() : null, trustManagerFactory.getTrustManagers(), null);
        }
    }

    @Override // com.bfo.netkeystore.client.Server
    public boolean shutdown(boolean z) {
        if (z && !this.auto) {
            return false;
        }
        if (this.auth == null) {
            return true;
        }
        this.auth.shutdown();
        return true;
    }

    @Override // com.bfo.netkeystore.client.Server
    public SignatureAlgorithm getSignatureAlgorithm(String str) {
        for (SignatureAlgorithm signatureAlgorithm : this.acceptedAlgorithms) {
            if (signatureAlgorithm.isName(str)) {
                return signatureAlgorithm;
            }
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public String baseurl() {
        if (this.url == null) {
            throw new IllegalArgumentException("URL not set");
        }
        StringBuilder sb = new StringBuilder();
        sb.append(this.url);
        if (!this.url.endsWith("/")) {
            sb.append("/");
        }
        sb.append("csc/v");
        sb.append(Integer.toString(this.version < 0 ? 1 : this.version));
        sb.append('/');
        return sb.toString();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Reply send(String str, String str2, Json json, Authentication authentication) throws IOException {
        Json json2;
        Json read;
        String authorization;
        String str3 = "";
        String str4 = "";
        String str5 = "";
        byte[] bArr = null;
        try {
            if (str2 == null) {
                throw new IllegalArgumentException("URL is null");
            }
            if (!"GET".equals(str) && !"POST".equals(str) && !"OPTIONS".equals(str) && !"HEAD".equals(str) && !"DELETE".equals(str)) {
                throw new IllegalArgumentException("Invalid method");
            }
            HttpURLConnection httpURLConnection = (HttpURLConnection) new URI(str2).toURL().openConnection();
            if ((httpURLConnection instanceof HttpsURLConnection) && this.clientssl != null) {
                ((HttpsURLConnection) httpURLConnection).setSSLSocketFactory(this.clientssl.getSocketFactory());
                if (this.hostnameVerifier != null) {
                    ((HttpsURLConnection) httpURLConnection).setHostnameVerifier(this.hostnameVerifier);
                }
            }
            int intValue = this.config.isNumber("timeout") ? this.config.numberValue("timeout").intValue() : 0;
            if (intValue < 1) {
                intValue = TIMEOUT;
            }
            httpURLConnection.setConnectTimeout(intValue * 1000);
            httpURLConnection.setReadTimeout(intValue * 1000);
            httpURLConnection.setInstanceFollowRedirects(false);
            if ("POST".equals(str)) {
                httpURLConnection.setDoOutput(true);
                httpURLConnection.setRequestMethod("POST");
                String json3 = json.toString();
                bArr = json3.getBytes("UTF-8");
                str5 = " " + json3;
            } else if ("DELETE".equals(str)) {
                httpURLConnection.setRequestMethod("DELETE");
            }
            httpURLConnection.setRequestProperty("Accept", "*/*");
            httpURLConnection.setRequestProperty("Content-Type", "application/json;charset=utf-8");
            if (bArr != null) {
                httpURLConnection.setRequestProperty("Content-Length", Integer.toString(bArr.length));
            }
            if (authentication != null && (authorization = authentication.getAuthorization()) != null) {
                httpURLConnection.setRequestProperty("Authorization", authorization);
            }
            if (this.core.isDebug()) {
                for (Map.Entry<String, List<String>> entry : httpURLConnection.getRequestProperties().entrySet()) {
                    if (str3.length() > 0) {
                        str3 = str3 + "; ";
                    }
                    str3 = str3 + entry.getKey() + ": " + (entry.getValue().size() == 1 ? entry.getValue().get(0) : entry.getValue().toString());
                }
                String str6 = " [" + str3 + "]";
            }
            if (bArr != null) {
                httpURLConnection.getOutputStream().write(bArr);
            }
            int responseCode = httpURLConnection.getResponseCode();
            InputStream errorStream = httpURLConnection.getErrorStream();
            if (errorStream == null) {
                errorStream = httpURLConnection.getInputStream();
            }
            if (responseCode == 201) {
                read = null;
            } else {
                try {
                    read = Json.read(errorStream);
                } catch (Exception e) {
                    json2 = null;
                }
            }
            json2 = read;
            errorStream.close();
            if (this.core.isDebug()) {
                for (Map.Entry<String, List<String>> entry2 : httpURLConnection.getHeaderFields().entrySet()) {
                    if (str4.length() > 0) {
                        str4 = str4 + "; ";
                    }
                    str4 = str4 + entry2.getKey() + ": " + (entry2.getValue().size() == 1 ? entry2.getValue().get(0) : entry2.getValue().toString());
                }
                String str7 = " [" + str4 + "]";
                this.core.debug(str + " " + str2 + "" + str5 + " -> " + responseCode + ": " + json2);
            }
            LinkedHashMap linkedHashMap = new LinkedHashMap();
            for (Map.Entry<String, List<String>> entry3 : httpURLConnection.getHeaderFields().entrySet()) {
                linkedHashMap.put(entry3.getKey() == null ? null : entry3.getKey().toLowerCase(), entry3.getValue());
            }
            return new Reply(str2, responseCode, linkedHashMap, json2);
        } catch (Exception e2) {
            throw ((IOException) new IOException("Exception from \"" + str2 + "\"").initCause(e2));
        }
    }

    private CallbackHandler createCallbackHandler(final KeyStore.ProtectionParameter protectionParameter) {
        if (protectionParameter instanceof KeyStore.CallbackHandlerProtection) {
            return ((KeyStore.CallbackHandlerProtection) protectionParameter).getCallbackHandler();
        }
        if (protectionParameter instanceof KeyStore.PasswordProtection) {
            return new CallbackHandler() { // from class: com.bfo.netkeystore.client.CSCServer.3
                @Override // javax.security.auth.callback.CallbackHandler
                public void handle(Callback[] callbackArr) throws UnsupportedCallbackException {
                    for (Callback callback : callbackArr) {
                        if (!(callback instanceof PasswordCallback)) {
                            throw new UnsupportedCallbackException(callback);
                        }
                        ((PasswordCallback) callback).setPassword(((KeyStore.PasswordProtection) protectionParameter).getPassword());
                    }
                }
            };
        }
        return null;
    }

    private Authentication createAuth(String str, KeyStore.ProtectionParameter protectionParameter, Json json) throws IOException {
        Json json2;
        CallbackHandler createCallbackHandler = createCallbackHandler(protectionParameter);
        Authentication authentication = null;
        if ("none".equals(str)) {
            authentication = new Authentication() { // from class: com.bfo.netkeystore.client.CSCServer.4
                @Override // com.bfo.netkeystore.client.CSCServer.Authentication
                public String type() {
                    return "none";
                }

                @Override // com.bfo.netkeystore.client.CSCServer.Authentication
                public void login() {
                }

                @Override // com.bfo.netkeystore.client.CSCServer.Authentication
                public String getAuthorization() {
                    return null;
                }
            };
        } else if ("basic".equals(str)) {
            String str2 = null;
            String str3 = null;
            if (this.config.isMap("basic")) {
                str2 = this.config.get("basic").stringValue("username");
                str3 = this.config.get("basic").stringValue("password");
            }
            authentication = new BasicAuthentication(str2, str3 != null ? str3.toCharArray() : null, createCallbackHandler);
        } else {
            if (!"oauth2code".equals(str)) {
                throw new IllegalArgumentException("Unknown authorization type \"" + str + "\"");
            }
            LinkedHashMap linkedHashMap = new LinkedHashMap();
            String stringValue = json != null ? json.stringValue("oauth2") : null;
            String stringValue2 = json != null ? json.stringValue("oauth2Issuer") : null;
            if (this.config.isMap("oauth2")) {
                for (Map.Entry<Object, Json> entry : this.config.mapValue("oauth2").entrySet()) {
                    if (entry.getKey() instanceof String) {
                        String str4 = (String) entry.getKey();
                        Json value = entry.getValue();
                        if ("url".equals(str4)) {
                            if (value.isString() && stringValue == null) {
                                stringValue = value.stringValue();
                            }
                        } else if ((!"client_id".equals(str4) && !"client_secret".equals(str4)) || value.isString()) {
                            if (!"url".equals(str4)) {
                                if (value.isString() || value.isNumber() || value.isBoolean()) {
                                    linkedHashMap.put(str4, entry.getValue().objectValue());
                                } else if (value.isMap()) {
                                    for (Map.Entry<Object, Json> entry2 : value.mapValue().entrySet()) {
                                        if ((entry2.getKey() instanceof String) && (entry2.getValue().isString() || entry2.getValue().isNumber() || entry2.getValue().isBoolean())) {
                                            linkedHashMap.put(str4 + "." + entry2.getKey(), entry2.getValue().objectValue());
                                        }
                                    }
                                }
                            }
                        }
                    }
                }
            }
            if (stringValue != null) {
                OAuth2 oAuth2 = new OAuth2() { // from class: com.bfo.netkeystore.client.CSCServer.5
                    @Override // com.bfo.netkeystore.client.OAuth2
                    public boolean setAuthorization(Map<String, ?> map) {
                        if (!super.setAuthorization(map)) {
                            return false;
                        }
                        Json authorization = CSCServer.this.core.getAuthorization(CSCServer.this.name);
                        if (authorization == null) {
                            authorization = Json.read("{}");
                        }
                        authorization.put("oauth2", new Json(map));
                        CSCServer.this.core.setAuthorization(CSCServer.this.name, authorization);
                        return true;
                    }
                };
                if (stringValue.endsWith("oauth2/authorize")) {
                    stringValue = stringValue.substring(0, stringValue.length() - 16);
                }
                if (!stringValue.endsWith("/")) {
                    stringValue = stringValue + "/";
                }
                linkedHashMap.put("debug", Boolean.valueOf(this.core.isDebug()));
                linkedHashMap.put("authorization_endpoint", stringValue + "oauth2/authorize");
                linkedHashMap.put("token_endpoint", stringValue + "oauth2/token");
                if (!linkedHashMap.containsKey("scope")) {
                    linkedHashMap.put("scope", "service");
                }
                oAuth2.setProperties(linkedHashMap);
                if (this.core.getAuthorization(this.name) != null && (json2 = this.core.getAuthorization(this.name).get("oauth2")) != null) {
                    LinkedHashMap linkedHashMap2 = new LinkedHashMap();
                    for (Map.Entry<Object, Json> entry3 : json2.mapValue().entrySet()) {
                        if ((entry3.getKey() instanceof String) && !entry3.getValue().isMap() && !entry3.getValue().isList()) {
                            linkedHashMap2.put((String) entry3.getKey(), entry3.getValue().objectValue());
                        }
                    }
                    oAuth2.setAuthorization(linkedHashMap2);
                }
                oAuth2.setCallbackHandler(createCallbackHandler);
                oAuth2.setSSLContext(this.clientssl);
                if (this.serverssl == null && this.config.isMap("oauth2") && this.config.get("oauth2").isMap("redirect_server")) {
                    String stringValue3 = this.config.get("oauth2").get("redirect_server").stringValue("keystore");
                    String stringValue4 = this.config.get("oauth2").get("redirect_server").stringValue("password");
                    if (stringValue3 != null && stringValue4 != null) {
                        try {
                            KeyStore loadKeyStore = this.core.loadKeyStore(stringValue3, stringValue4);
                            this.serverssl = SSLContext.getInstance("TLS");
                            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
                            keyManagerFactory.init(loadKeyStore, stringValue4.toCharArray());
                            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("SunX509");
                            trustManagerFactory.init(loadKeyStore);
                            this.serverssl.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null);
                        } catch (IOException e) {
                            throw e;
                        } catch (RuntimeException e2) {
                            throw e2;
                        } catch (Exception e3) {
                            throw ((IOException) new IOException().initCause(e3));
                        }
                    }
                    oAuth2.setRedirectURLHandler(new OAuth2.SimpleRedirectURLHandler(this.serverssl));
                } else {
                    oAuth2.setRedirectURLHandler(new OAuth2.SimpleRedirectURLHandler());
                }
                authentication = new OAuth2Authentication(oAuth2);
            }
        }
        return authentication;
    }

    @Override // com.bfo.netkeystore.client.Server
    public void login(Subject subject, KeyStore.ProtectionParameter protectionParameter) throws IOException {
        Json read = Json.read("{}");
        if (this.core.getLang() != null) {
            read.put("lang", this.core.getLang());
        }
        Reply send = send("POST", baseurl() + "info", read, null);
        if (send.code != 200) {
            throw new IOException(send.url + " returned " + send.code + ": " + send.json);
        }
        this.info = send.json;
        if (this.info.isList("authType")) {
            for (String str : new String[]{".basic", ".oauth2code", "basic", "oauth2code"}) {
                if (str.charAt(0) == '.') {
                    str = str.substring(1);
                    if (str.equals("oauth2code")) {
                        if (!this.config.isMap("oauth2")) {
                            continue;
                        }
                    } else if (str.equals("basic") && !this.config.isMap("basic")) {
                    }
                }
                int i = 0;
                while (true) {
                    if (i >= this.info.get("authType").size()) {
                        break;
                    }
                    if (str.equals(this.info.get("authType").stringValue(Integer.valueOf(i)))) {
                        this.auth = createAuth(str, protectionParameter, this.info);
                        if (this.auth == null) {
                            this.auth = createAuth("none", protectionParameter, this.info);
                        }
                    } else {
                        i++;
                    }
                }
                if (this.auth != null) {
                    break;
                }
            }
        }
        if (this.auth == null) {
            this.auth = createAuth("none", protectionParameter, this.info);
        }
    }

    @Override // com.bfo.netkeystore.client.Server
    public void logout() throws IOException {
    }

    @Override // com.bfo.netkeystore.client.Server
    public void load() throws IOException {
        if (this.auth == null) {
            throw new IllegalStateException("Not connected");
        }
        this.auth.login();
        Reply send = send("POST", baseurl() + "credentials/list", Json.read("{}"), this.auth);
        if (send.code != 200 || !send.json.isList("credentialIDs")) {
            if (send.code != 401) {
                throw new IOException(send.url + " returned " + send.code + ": " + send.json);
            }
            throw ((IOException) new IOException(send.url + " returned " + send.code + ": " + send.json).initCause(new UnrecoverableKeyException("Authentication \"" + this.auth.type() + "\" failed (options were " + this.info.get("authType") + ")")));
        }
        Json json = send.json.get("credentialIDs");
        for (int i = 0; i < json.size(); i++) {
            String stringValue = json.stringValue(Integer.valueOf(i));
            Json read = Json.read("{}");
            read.put("credentialID", stringValue);
            read.put("certificates", "chain");
            read.put("certInfo", true);
            read.put("authInfo", true);
            if (this.core.getLang() != null) {
                read.put("lang", this.core.getLang());
            }
            Reply send2 = send("POST", baseurl() + "credentials/info", read, this.auth);
            Json json2 = send2.json;
            if (send2.code != 200 || !json2.isMap("key") || !json2.isMap("cert")) {
                throw new IOException(send2.url + " returned " + send2.code + ": " + send2.json);
            }
            if ("enabled".equals(json2.get("key").stringValue("status"))) {
                Json json3 = json2.get("key").get("algo");
                String str = null;
                for (int i2 = 0; i2 < json3.size(); i2++) {
                    SignatureAlgorithm signatureAlgorithm = SignatureAlgorithm.get(json3.stringValue(Integer.valueOf(i2)));
                    if (signatureAlgorithm != null && signatureAlgorithm.keyAlgorithm() != null) {
                        this.acceptedAlgorithms.add(signatureAlgorithm);
                        this.core.addSignatureAlgorithm(signatureAlgorithm);
                        str = signatureAlgorithm.keyAlgorithm();
                    }
                }
                if (str != null) {
                    Json json4 = json2.get("cert").get("certificates");
                    Certificate[] certificateArr = new Certificate[json4.size()];
                    for (int i3 = 0; i3 < json4.size(); i3++) {
                        certificateArr[i3] = this.core.decodeCertificate(json4.stringValue(Integer.valueOf(i3)));
                    }
                    json2.get("cert").remove("certificates");
                    if (json2.get("cert").size() == 0) {
                        json2.remove("cert");
                    }
                    this.core.addKey(this.name + "/" + stringValue, new KeyStore.PrivateKeyEntry(new NetPrivateKey(this, stringValue, str, json2), certificateArr));
                } else {
                    this.core.warning("Ignoring key \"" + stringValue + "\": unrecognised algorithms " + json2.get("key").get("algo"));
                }
            }
        }
    }

    @Override // com.bfo.netkeystore.client.Server
    public void canSign(NetPrivateKey netPrivateKey, SignatureAlgorithm signatureAlgorithm) throws InvalidKeyException {
        String oid = signatureAlgorithm.oid();
        Json json = netPrivateKey.getJson().get("key").get("algo");
        if (json != null) {
            for (int i = 0; i < json.size(); i++) {
                if (oid.equals(json.stringValue(Integer.valueOf(i)))) {
                    return;
                }
            }
        }
        throw new InvalidKeyException("Key \"" + netPrivateKey.getName() + "\" is not suitable for \"" + signatureAlgorithm.name() + "\": allowed values are " + json);
    }

    @Override // com.bfo.netkeystore.client.Server
    public byte[] sign(NetPrivateKey netPrivateKey, SignatureAlgorithm signatureAlgorithm, AlgorithmParameters algorithmParameters, byte[] bArr) throws UnrecoverableKeyException, IOException {
        CallbackHandler createCallbackHandler;
        Authentication authentication = this.auth;
        KeyStore.ProtectionParameter protectionParameter = netPrivateKey.getProtectionParameter();
        Json json = netPrivateKey.getJson();
        Json read = Json.read("{}");
        if (this.core.getLang() != null) {
            read.put("lang", this.core.getLang());
        }
        if ("implicit".equals(json.stringValue("authMode"))) {
            read.put("credentialID", netPrivateKey.getName());
        } else if ("oauth2code".equals(json.stringValue("authMode"))) {
            OAuth2 m11clone = ((OAuth2Authentication) authentication).oauth2.m11clone();
            Map<String, Object> properties = m11clone.getProperties();
            properties.put("scope", "credentials");
            m11clone.setProperties(properties);
            m11clone.setCallbackHandler(createCallbackHandler(protectionParameter));
            authentication = new OAuth2Authentication(m11clone);
        } else {
            read.put("credentialID", netPrivateKey.getName());
            String str = null;
            String str2 = null;
            boolean z = false;
            if (json.isMap("PIN") && !"false".equals(json.get("PIN").stringValue("presence"))) {
                str = "PIN";
                str2 = json.get("PIN").stringValue("label");
            } else if (json.isMap("OTP") && !"false".equals(json.get("OTP").stringValue("presence"))) {
                Json json2 = json.get("OTP");
                str = "OTP";
                str2 = json2.stringValue("label");
                if (json2.isString("type")) {
                    z = "online".equals(json2.stringValue("type"));
                }
            }
            if (z) {
                send("POST", baseurl() + "credentials/sendOTP", read, authentication);
            }
            if (str != null && (createCallbackHandler = createCallbackHandler(protectionParameter)) != null) {
                if (str2 == null) {
                    str2 = str;
                }
                PasswordCallback passwordCallback = new PasswordCallback(str2 + ": ", "OTP".equals(str));
                try {
                    createCallbackHandler.handle(new Callback[]{passwordCallback});
                } catch (UnsupportedCallbackException e) {
                }
                if (passwordCallback.getPassword() != null) {
                    read.put(str, new String(passwordCallback.getPassword()));
                }
            }
        }
        read.put("hash", new String[]{Base64.getEncoder().encodeToString(bArr)});
        read.put("numSignatures", 1);
        authentication.login();
        Reply send = send("POST", baseurl() + "credentials/authorize", read, authentication);
        if (send.code != 200 || !send.json.isString("SAD")) {
            if (send.code == 200) {
                throw new IOException("Unexpected response to " + send.url + ": " + send.json);
            }
            throw new UnrecoverableKeyException(send.json.stringValue("error") + ": " + send.json.stringValue("error_description"));
        }
        Object stringValue = send.json.stringValue("SAD");
        Iterator it = new ArrayList(read.mapValue().keySet()).iterator();
        while (it.hasNext()) {
            Object next = it.next();
            if (!"credentialID".equals(next) && !"hash".equals(next)) {
                read.remove(next);
            }
        }
        read.put("SAD", stringValue);
        read.put("signAlgo", signatureAlgorithm.oid());
        if (algorithmParameters != null) {
            read.put("signAlgoParams", Base64.getEncoder().encodeToString(algorithmParameters.getEncoded()));
        }
        Reply send2 = send("POST", baseurl() + "signatures/signHash", read, authentication);
        if (send2.code == 200 && send2.json.isList("signatures") && send2.json.get("signatures").isString(0)) {
            try {
                return Base64.getDecoder().decode(send2.json.get("signatures").stringValue(0));
            } catch (Exception e2) {
                throw ((IOException) new IOException("Unexpected response to " + send2.url + ": " + send2.json).initCause(e2));
            }
        }
        if (send2.code == 200) {
            throw new IOException("Unexpected response to " + send2.url + ": " + send2.json);
        }
        throw new UnrecoverableKeyException(send2.json.stringValue("error") + ": " + send2.json.stringValue("error_description"));
    }
}
