package com.baltimore.jpkiplus.vaults;

import com.baltimore.jcrypto.asn1.ASN1Null;
import com.baltimore.jcrypto.asn1.ASN1ObjectIdentifier;
import com.baltimore.jcrypto.coders.Base64Coder;
import com.baltimore.jcrypto.coders.DERCoder;
import com.baltimore.jcrypto.mpa.mpa_num;
import com.baltimore.jcrypto.pkcs.AlgorithmIdentifier;
import com.baltimore.jcrypto.utils.OIDs;
import com.baltimore.jcrypto.utils.Utils;
import com.baltimore.jcryptoki.Exceptions.ckException;
import com.baltimore.jcryptoki.Objects.ckDESKey;
import com.baltimore.jcryptoki.Objects.ckRSAPrivateKey;
import com.baltimore.jcryptoki.Parameter.ckParameter;
import com.baltimore.jcryptoki.Query.ckMechanism;
import com.baltimore.jcryptoki.Templates.ckDESKeyTemplate;
import com.baltimore.jcryptoki.Templates.ckKeyTemplate;
import com.baltimore.jcryptoki.Templates.ckObjectTemplate;
import com.baltimore.jcryptoki.Templates.ckRSAPrivateKeyTemplate;
import com.baltimore.jcryptoki.ckSession;
import com.baltimore.jpkiplus.pkcs7.CertificateChain;
import com.baltimore.jpkiplus.pkidevice.KeyProvider;
import com.baltimore.jpkiplus.pkidevice.PKIDevice;
import com.baltimore.jpkiplus.pkidevice.PKIDeviceException;
import com.baltimore.jpkiplus.pkidevice.PKIProviderException;
import com.baltimore.jpkiplus.policies.PKIPolicy;
import com.baltimore.jpkiplus.policy.GenericSecurityServiceUsageRules;
import com.baltimore.jpkiplus.policy.KeyManagementRules;
import com.baltimore.jpkiplus.policy.KeyProperties;
import com.baltimore.jpkiplus.policy.PrivateKeySetup;
import com.baltimore.jpkiplus.policy.SigningServiceUsageRule;
import com.baltimore.jpkiplus.policy.XMLPolicyException;
import com.baltimore.jpkiplus.utils.SymmetricCiphers;
import com.baltimore.jpkiplus.x509.JCRYPTO_X509Certificate;
import com.baltimore.jpkiplus.x509.JCRYPTO_X509Extensions;
import com.baltimore.jpkiplus.x509.Name;
import com.baltimore.jpkiplus.x509.extensions.KeyUsage;
import com.baltimore.jpkiplus.x509.utils.SubjectPublicKeyInfo;
import com.baltimore.jpkiplus.x509.utils.TBSCertificate;
import com.baltimore.jpkiplus.x509.utils.Validity;
import com.baltimore.pkcs11.exception.PKCS11Exception;
import com.baltimore.pkcs11.provider.JCRYPTO_PKCS11;
import com.baltimore.pkcs11.provider.capability.MechanismList;
import com.baltimore.pkcs11.provider.keygen.PKCS11_RSA_KeyPairGenerationSpec;
import com.baltimore.pkcs11.provider.keygen.profile.GenericProfile;
import com.baltimore.pkcs11.provider.keygen.profile.ProfileException;
import com.baltimore.pkcs11.provider.keygen.profile.SureWareProfile;
import com.baltimore.pkcs11.util.PKCS11RSAPrivateKeyTemplate;
import com.baltimore.pkcs11.util.PKCS11RSAPublicKeyTemplate;
import com.baltimore.pkcs11.util.skp;
import java.security.AlgorithmParameterGenerator;
import java.security.AlgorithmParameters;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Security;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.DSAParameterSpec;
import java.security.spec.InvalidParameterSpecException;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;

/* compiled from: [DashoPro-V1.3-013000] */
/* loaded from: input_file:com/baltimore/jpkiplus/vaults/KeyperVault.class */
public class KeyperVault extends Vault {
    static Class a;
    static Class b;

    public KeyperVault(PKIPolicy pKIPolicy, VaultCallback vaultCallback) throws VaultException, PKIDeviceException {
        super(pKIPolicy, vaultCallback);
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }

    @Override // com.baltimore.jpkiplus.vaults.Vault
    public void generateIdentity(AlgorithmParameterSpec algorithmParameterSpec, Name name) throws VaultException {
        Class class$;
        Class class$2;
        String str;
        Class class$3;
        PKIPolicy policy = getPolicy();
        super.getRandomData(1);
        VaultCallback currentCallback = getCurrentCallback();
        KeyProvider primaryKeyProvider = primaryKeyProvider();
        JCRYPTO_PKCS11 primaryCryptoProvider = primaryCryptoProvider();
        KeyProvider secondaryKeyProvider = secondaryKeyProvider();
        boolean z = false;
        try {
            GenericSecurityServiceUsageRules securityServiceUsageRules = policy.getSecurityServiceUsageRules();
            KeyManagementRules keyManagementRules = policy.getKeyManagementRules();
            int numPrivateKeySetups = keyManagementRules.getInitialCycle(0).numPrivateKeySetups();
            if (numPrivateKeySetups == 0) {
                throw new VaultException("Vault.generateIdentity() - No PrivateKey Setups specified in Policy");
            }
            AlgorithmParameterSpec algorithmParameterSpec2 = null;
            for (int i = 0; i < numPrivateKeySetups; i++) {
                PKIDevice parentDevice = primaryKeyProvider == null ? null : primaryKeyProvider.parentDevice();
                currentCallback.notifyWarning(parentDevice, 10, new StringBuffer("KeyProfile #").append(i).toString());
                String str2 = "RSA";
                int i2 = 0;
                KeyUsage keyUsage = new KeyUsage();
                PrivateKeySetup privateKeySetup = keyManagementRules.getInitialCycle(getContext()).getPrivateKeySetup(i);
                KeyProperties keyProperties = privateKeySetup.getKeyProperties();
                if (keyProperties.hasRSAKeyValue()) {
                    str2 = "RSA";
                    i2 = keyProperties.getRSAKeyValue().getAllowedKeyBitLength();
                } else if (privateKeySetup.getKeyProperties().hasDSAKeyValue()) {
                    str2 = "RSA";
                    i2 = keyProperties.getDSAKeyValue().getPLength();
                    if (algorithmParameterSpec instanceof DSAParameterSpec) {
                        algorithmParameterSpec2 = algorithmParameterSpec;
                        currentCallback.notifyWarning(primaryKeyProvider.parentDevice(), 10, "Using DSA Community supplied.");
                    }
                    if (algorithmParameterSpec2 != null && privateKeySetup.getKeyProperties().getDSAKeyValue().hasCommunity()) {
                        try {
                            byte[] decode = Base64Coder.decode(privateKeySetup.getKeyProperties().getDSAKeyValue().getCommunity().getBytes());
                            AlgorithmParameters algorithmParameters = AlgorithmParameters.getInstance("DSA");
                            algorithmParameters.init(decode);
                            if (a != null) {
                                class$2 = a;
                            } else {
                                class$2 = class$("java.security.spec.DSAParameterSpec");
                                a = class$2;
                            }
                            algorithmParameterSpec2 = algorithmParameters.getParameterSpec(class$2);
                            currentCallback.notifyWarning(primaryKeyProvider.parentDevice(), 10, "Using DSA Community from XML Policy");
                        } catch (Exception unused) {
                            currentCallback.notifyWarning(primaryKeyProvider.parentDevice(), 13, "Failed to parse/decode DSA Community from XML Policy");
                        }
                    }
                    if (algorithmParameterSpec2 == null) {
                        try {
                            AlgorithmParameterGenerator a2 = a("DSA");
                            a2.init(i2, this.m);
                            AlgorithmParameters generateParameters = a2.generateParameters();
                            if (a != null) {
                                class$ = a;
                            } else {
                                class$ = class$("java.security.spec.DSAParameterSpec");
                                a = class$;
                            }
                            algorithmParameterSpec2 = generateParameters.getParameterSpec(class$);
                            currentCallback.notifyWarning(primaryKeyProvider.parentDevice(), 10, "Generating DSA Community");
                        } catch (InvalidParameterSpecException unused2) {
                            throw new VaultException("Failed to generate DSA parameters");
                        }
                    }
                }
                int numKeyUsages = keyProperties.numKeyUsages();
                for (int i3 = 0; i3 < numKeyUsages; i3++) {
                    String keyUsage2 = keyProperties.getKeyUsage(i3).toString();
                    if (keyUsage2.equals("DigitalSignature")) {
                        keyUsage.setField(0, true);
                    }
                    if (keyUsage2.equals("CertificateSigning")) {
                        keyUsage.setField(5, true);
                    }
                    if (keyUsage2.equals("CRLSigning")) {
                        keyUsage.setField(6, true);
                    }
                    if (keyUsage2.equals("DataEncipherment")) {
                        keyUsage.setField(3, true);
                    }
                    if (keyUsage2.equals("KeyAgreement")) {
                        keyUsage.setField(4, true);
                    }
                    if (keyUsage2.equals("KeyEncipherment")) {
                        keyUsage.setField(2, true);
                    }
                    if (keyUsage2.equals("NonRepudiation")) {
                        keyUsage.setField(1, true);
                    }
                }
                currentCallback.notifyWarning(parentDevice, 10, new StringBuffer("KeyUsage: ").append(keyUsage).toString());
                try {
                    str = currentCallback.getString(null, 2, "FriendlyName for Key", true);
                } catch (PKIDeviceException unused3) {
                    str = "Default Name";
                }
                boolean z2 = false;
                PKCS11_RSA_KeyPairGenerationSpec pKCS11_RSA_KeyPairGenerationSpec = null;
                if (primaryCryptoProvider.getName().equalsIgnoreCase("JCRYPTO_PKCS11")) {
                    currentCallback.notifyWarning(parentDevice, 12, "Preparing PKCS#11 Templates for KeyGeneration");
                    if (algorithmParameterSpec instanceof PKCS11_RSA_KeyPairGenerationSpec) {
                        if (str2.equalsIgnoreCase("DSA")) {
                            throw new VaultException("Cannot generate DSA keys on PKCS11 Devices");
                        }
                        if (algorithmParameterSpec instanceof SureWareProfile) {
                            z = true;
                        }
                        pKCS11_RSA_KeyPairGenerationSpec = algorithmParameterSpec != null ? (PKCS11_RSA_KeyPairGenerationSpec) algorithmParameterSpec.getClass().newInstance() : new GenericProfile();
                        PKCS11RSAPrivateKeyTemplate privateTemplate = ((PKCS11_RSA_KeyPairGenerationSpec) algorithmParameterSpec).getPrivateTemplate();
                        PKCS11RSAPublicKeyTemplate publicTemplate = ((PKCS11_RSA_KeyPairGenerationSpec) algorithmParameterSpec).getPublicTemplate();
                        publicTemplate.addModulusBits(i2);
                        publicTemplate.addLabel(str);
                        privateTemplate.addLabel(str);
                        if (name != null) {
                            try {
                                byte[] encode = DERCoder.encode(name);
                                privateTemplate.addSubject(encode);
                                publicTemplate.addSubject(encode);
                            } catch (Exception unused4) {
                            }
                        }
                        pKCS11_RSA_KeyPairGenerationSpec.setTemplates(publicTemplate, privateTemplate);
                        try {
                            pKCS11_RSA_KeyPairGenerationSpec.configureFromIntendedKeyUsage(keyUsage);
                        } catch (ProfileException e) {
                            try {
                                try {
                                    System.getProperties().getProperty("line.separator");
                                } catch (Exception unused5) {
                                }
                            } catch (Exception unused6) {
                            }
                            StringBuffer stringBuffer = new StringBuffer("There was a problem generating a Template for PKCS11 KeyGeneration");
                            stringBuffer.append("\r\n");
                            stringBuffer.append("This was due to the KeyUsage in the policy conflicting with the abilities of the device");
                            stringBuffer.append("\r\n");
                            stringBuffer.append(e.getMessage());
                        }
                    }
                    z2 = true;
                }
                try {
                    if (b != null) {
                        class$3 = b;
                    } else {
                        class$3 = class$("java.security.KeyPairGenerator");
                        b = class$3;
                    }
                    KeyPairGenerator keyPairGenerator = (KeyPairGenerator) a(class$3, str2);
                    if (!str2.equalsIgnoreCase("RSA")) {
                        currentCallback.notifyWarning(parentDevice, 10, "Generating DSA KeyPair in Software");
                        keyPairGenerator.initialize(algorithmParameterSpec2);
                    } else if (z2) {
                        currentCallback.notifyWarning(parentDevice, 10, "Generating RSA KeyPair in Hardware");
                        keyPairGenerator.initialize((AlgorithmParameterSpec) pKCS11_RSA_KeyPairGenerationSpec);
                    } else {
                        currentCallback.notifyWarning(parentDevice, 10, "Generating RSA KeyPair in Software");
                        keyPairGenerator.initialize(i2);
                    }
                    KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
                    if (generateKeyPair == null) {
                        throw new VaultException("Returned KeyPair was null");
                    }
                    try {
                        currentCallback.notifyWarning(parentDevice, 10, "Adding PrivateKey to KeyProvider(s)");
                        if (primaryKeyProvider != null) {
                            primaryKeyProvider.addPrivateKey(generateKeyPair.getPrivate(), str);
                        }
                        if (secondaryKeyProvider != null) {
                            secondaryKeyProvider.addPrivateKey(generateKeyPair.getPrivate(), str);
                        }
                    } catch (Exception unused7) {
                    }
                    if (name == null) {
                        currentCallback.notifyWarning(parentDevice, 10, "No Distinguished Name specified, stopping after KeyGen");
                        return;
                    }
                    Validity validity = new Validity(1);
                    AlgorithmIdentifier algorithmIdentifier = null;
                    SigningServiceUsageRule signingServiceUsageRule = securityServiceUsageRules.getGenericSecurityServiceUsageRule(0).getSigningServiceUsageRule();
                    new ASN1ObjectIdentifier(signingServiceUsageRule.getSigningAlgorithmOID(0));
                    if (str2.equalsIgnoreCase("DSA")) {
                        int i4 = 0;
                        while (true) {
                            if (i4 >= signingServiceUsageRule.numSigningAlgorithmOIDs()) {
                                break;
                            }
                            ASN1ObjectIdentifier aSN1ObjectIdentifier = new ASN1ObjectIdentifier(signingServiceUsageRule.getSigningAlgorithmOID(i4));
                            if (aSN1ObjectIdentifier.equals(OIDs.dsaWithSha1)) {
                                algorithmIdentifier = new AlgorithmIdentifier(aSN1ObjectIdentifier, new ASN1Null());
                                break;
                            }
                            i4++;
                        }
                    }
                    if (str2.equalsIgnoreCase("RSA")) {
                        int i5 = 0;
                        while (true) {
                            if (i5 >= signingServiceUsageRule.numSigningAlgorithmOIDs()) {
                                break;
                            }
                            ASN1ObjectIdentifier aSN1ObjectIdentifier2 = new ASN1ObjectIdentifier(signingServiceUsageRule.getSigningAlgorithmOID(i5));
                            if (aSN1ObjectIdentifier2.equals(OIDs.sha_1WithRSAEncryption)) {
                                algorithmIdentifier = new AlgorithmIdentifier(aSN1ObjectIdentifier2, new ASN1Null());
                                break;
                            } else {
                                if (aSN1ObjectIdentifier2.equals(OIDs.md5WithRSAEncryption)) {
                                    algorithmIdentifier = new AlgorithmIdentifier(aSN1ObjectIdentifier2, new ASN1Null());
                                    break;
                                }
                                i5++;
                            }
                        }
                    }
                    byte[] bArr = new byte[8];
                    this.m.nextBytes(bArr);
                    currentCallback.notifyWarning(parentDevice, 10, "Preparing Certificate for Signature");
                    TBSCertificate tBSCertificate = new TBSCertificate(2, new mpa_num(bArr), algorithmIdentifier, name, validity, name, new SubjectPublicKeyInfo(generateKeyPair.getPublic()), null, null, null);
                    JCRYPTO_X509Extensions jCRYPTO_X509Extensions = new JCRYPTO_X509Extensions();
                    jCRYPTO_X509Extensions.addExtension(keyUsage);
                    tBSCertificate.setExtensions(jCRYPTO_X509Extensions);
                    try {
                        JCRYPTO_X509Certificate jCRYPTO_X509Certificate = new JCRYPTO_X509Certificate(tBSCertificate, algorithmIdentifier);
                        jCRYPTO_X509Certificate.setSignatureAlgorithm(algorithmIdentifier, null);
                        currentCallback.notifyWarning(parentDevice, 10, "Signing Certificate");
                        KeyUsage keyUsage3 = new KeyUsage();
                        keyUsage3.setField(2, true);
                        if (z && z2 && keyUsage3.equals(keyUsage)) {
                            skp.createSignatureCopy(primaryCryptoProvider.getCurrentSession(), generateKeyPair.getPrivate(), this.m);
                        }
                        jCRYPTO_X509Certificate.sign(generateKeyPair.getPrivate());
                        currentCallback.notifyWarning(parentDevice, 10, "Adding Certificate to KeyProvider(s)");
                        if (primaryKeyProvider != null) {
                            primaryKeyProvider.addCertChainToKey(generateKeyPair.getPrivate(), new CertificateChain(jCRYPTO_X509Certificate));
                        }
                        if (secondaryKeyProvider != null) {
                            secondaryKeyProvider.addCertChainToKey(generateKeyPair.getPrivate(), new CertificateChain(jCRYPTO_X509Certificate));
                        }
                    } catch (CertificateException e2) {
                        throw new VaultException("Error creating Certificate", e2);
                    }
                } catch (InvalidAlgorithmParameterException e3) {
                    throw new VaultException(e3.getMessage());
                }
            }
        } catch (XMLPolicyException unused8) {
        } catch (Exception e4) {
            throw new VaultException("", e4);
        }
    }

    @Override // com.baltimore.jpkiplus.vaults.Vault
    public SecretKey generateSessionKey(int i, ASN1ObjectIdentifier aSN1ObjectIdentifier) throws VaultException, NoSuchAlgorithmException {
        getPolicy();
        super.getRandomData(1);
        getCurrentCallback();
        primaryKeyProvider();
        JCRYPTO_PKCS11 primaryCryptoProvider = primaryCryptoProvider();
        secondaryKeyProvider();
        if (aSN1ObjectIdentifier == null) {
            throw new NullPointerException("Don't use null to get the default, pass in 'new ASN1ObjectIdentifier()' instead.");
        }
        if (aSN1ObjectIdentifier.toString().length() == 0) {
            aSN1ObjectIdentifier.setValue(a(true));
        }
        if (primaryCryptoProvider instanceof JCRYPTO_PKCS11) {
            MechanismList mechanismList = primaryCryptoProvider.getCurrentSession().getTokenCapabilities().getMechanismList();
            String keyFromCipher = SymmetricCiphers.getKeyFromCipher(SymmetricCiphers.getCipherFromOID(aSN1ObjectIdentifier.toString()));
            if (keyFromCipher.equalsIgnoreCase("Triple-DES") || keyFromCipher.equalsIgnoreCase("DESede")) {
                keyFromCipher = "DES3";
            }
            String stringBuffer = new StringBuffer("CKM_").append(keyFromCipher).append("_KEY_GEN").toString();
            try {
                if (!mechanismList.isSupported(stringBuffer)) {
                    throw new NoSuchAlgorithmException(new StringBuffer("There is no mechanism ").append(stringBuffer).append("available").toString());
                }
            } catch (PKCS11Exception e) {
                throw new VaultException("Error while checking mechanisms", (Throwable) e);
            }
        }
        return super.generateSessionKey(i, aSN1ObjectIdentifier);
    }

    @Override // com.baltimore.jpkiplus.vaults.Vault
    public SecretKey unwrapKey(byte[] bArr, ASN1ObjectIdentifier aSN1ObjectIdentifier, X509Certificate x509Certificate, ASN1ObjectIdentifier aSN1ObjectIdentifier2) throws VaultException {
        ckKeyTemplate ckdeskeytemplate;
        if (bArr == null || bArr.length == 0) {
            throw new VaultException("Vault.unwrapKey() - No data provided.");
        }
        try {
            PrivateKey privateKeyForCert = primaryKeyProvider().getPrivateKeyForCert(x509Certificate);
            if (privateKeyForCert == null) {
                throw new VaultException("Vault.unwrapKey() - Could not find a keyEncipherment usage PrivateKey.");
            }
            if (!privateKeyForCert.getClass().getName().equalsIgnoreCase("com.baltimore.pkcs11.provider.PKCS11_RSA_PrivateKeyHolder")) {
                return super.unwrapKey(bArr, aSN1ObjectIdentifier, x509Certificate, aSN1ObjectIdentifier2);
            }
            try {
                ckSession cksession = Security.getProvider("JCRYPTO_PKCS11").getCurrentSession().getckSession();
                cksession.findInit(new ckObjectTemplate());
                ckRSAPrivateKey ckrsaprivatekey = null;
                while (true) {
                    ckRSAPrivateKey findNext = cksession.findNext();
                    if (findNext == null) {
                        break;
                    }
                    if (findNext instanceof ckRSAPrivateKey) {
                        ckRSAPrivateKeyTemplate ckrsaprivatekeytemplate = new ckRSAPrivateKeyTemplate(false);
                        ckrsaprivatekeytemplate.addID(new byte[0]);
                        ckrsaprivatekeytemplate.addUnwrap(true);
                        findNext.getAttributes(ckrsaprivatekeytemplate);
                        if (Utils.cmpByteArrays(ckrsaprivatekeytemplate.getID(), privateKeyForCert.getEncoded()) && ckrsaprivatekeytemplate.getUnwrap()) {
                            ckrsaprivatekey = findNext;
                        }
                    }
                }
                cksession.findFinal();
                if (ckrsaprivatekey == null) {
                    throw new InvalidKeyException("PrivateKey does not match any found on the token.");
                }
                if (aSN1ObjectIdentifier2.equals(OIDs.desCBC) || aSN1ObjectIdentifier2.equals(OIDs.desCBCPad) || aSN1ObjectIdentifier2.equals(OIDs.desECBPad)) {
                    ckdeskeytemplate = new ckDESKeyTemplate(false);
                    ckdeskeytemplate.addKeyType(19);
                } else {
                    if (!aSN1ObjectIdentifier2.equals(OIDs.des3CBC) && !aSN1ObjectIdentifier2.equals(OIDs.des_3ECBPad) && !aSN1ObjectIdentifier2.equals(OIDs.DES_EDE3_CBC) && !aSN1ObjectIdentifier2.equals(OIDs.DES_EDE3_CBC_x942) && !aSN1ObjectIdentifier2.equals(OIDs.DES3_EDE3_CBC_x942)) {
                        throw new NullPointerException(new StringBuffer("The OID passed in to unWrapKey() was not a known OID.  The OID is: ").append(aSN1ObjectIdentifier2.getDescription()).append(" ").append(aSN1ObjectIdentifier2.toString()).toString());
                    }
                    ckdeskeytemplate = new ckDESKeyTemplate(false);
                    ckdeskeytemplate.addKeyType(21);
                }
                ckdeskeytemplate.addClass();
                ckdeskeytemplate.addPrivate(true);
                ckdeskeytemplate.addEncrypt(true);
                ckdeskeytemplate.addDecrypt(true);
                ckdeskeytemplate.addExtractable(true);
                ckdeskeytemplate.addModifiable(true);
                ckDESKey unwrap = ckrsaprivatekey.unwrap(new ckMechanism(1, (ckParameter) null), bArr, ckdeskeytemplate);
                ckDESKeyTemplate ckdeskeytemplate2 = new ckDESKeyTemplate(false);
                ckdeskeytemplate2.addValue(new byte[0]);
                try {
                    unwrap.getAttributes(ckdeskeytemplate2);
                    SecretKeySpec secretKeySpec = new SecretKeySpec(ckdeskeytemplate2.getValue(), SymmetricCiphers.getKeyFromCipher(SymmetricCiphers.getCipherFromOID(aSN1ObjectIdentifier2.toString())));
                    try {
                        if (System.getProperties().getProperty("KeyperVault.unwrapkey.deleteHWKey", "true").equalsIgnoreCase("true")) {
                            unwrap.destroy();
                        }
                    } catch (Exception unused) {
                    }
                    return secretKeySpec;
                } catch (ckException e) {
                    if (e.getErrorCode() == 17) {
                        throw new VaultException("The SecretKey is marked Sensitive and cannot be extracted");
                    }
                    throw new VaultException("Error while extracting SecretKey", (Throwable) e);
                }
            } catch (NullPointerException e2) {
                e2.printStackTrace();
                return null;
            } catch (ckException e3) {
                e3.printStackTrace();
                return null;
            } catch (InvalidKeyException e4) {
                e4.printStackTrace();
                return null;
            }
        } catch (PKIProviderException e5) {
            throw new VaultException("Vault.unwrapKey()", e5);
        }
    }
}
