package com.baltimore.jpkiplus.pkidevice;

import com.baltimore.jcrypto.asn1.ASN1OctetString;
import com.baltimore.jcrypto.provider.crypto.keygen.RSAPublicKeyHolder;
import com.baltimore.jcrypto.utils.Buffer;
import com.baltimore.jcrypto.utils.OIDs;
import com.baltimore.jcrypto.utils.Utils;
import com.baltimore.jpkiplus.pkcs12.PFX;
import com.baltimore.jpkiplus.pkcs12.SafeBag;
import com.baltimore.jpkiplus.pkcs12.safebagcontent.CertBag;
import com.baltimore.jpkiplus.pkcs12.safebagcontent.SecretBag;
import com.baltimore.jpkiplus.pkcs7.CertificateChain;
import com.baltimore.jpkiplus.pkidevice.KeyProviderCallback;
import com.baltimore.jpkiplus.utils.CertificateEncoder4PKCS11;
import com.baltimore.jpkiplus.x509.JCRYPTO_X509Certificate;
import com.baltimore.jpkiplus.x509.extensions.KeyUsage;
import com.baltimore.pkcs11.exception.PKCS11Exception;
import com.baltimore.pkcs11.provider.PKCS11X509Certificate;
import com.baltimore.pkcs11.provider.dataprovider.CertificateProvider;
import com.baltimore.pkcs11.provider.session.pkcs11Session;
import com.baltimore.pkcs11.util.PKCS11RSAPrivateKeyTemplate;
import com.baltimore.pkcs11.util.PKCS11Utils;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.Enumeration;
import java.util.Vector;

/* JADX INFO: Access modifiers changed from: package-private */
/* compiled from: [DashoPro-V1.3-013000] */
/* loaded from: input_file:com/baltimore/jpkiplus/pkidevice/PKCS11KeyProvider.class */
public class PKCS11KeyProvider implements KeyProvider {
    private pkcs11Session a;
    private CertificateProvider b;
    private com.baltimore.pkcs11.provider.dataprovider.KeyProvider c;
    private PKCS11Device d;
    private boolean e;

    /* JADX INFO: Access modifiers changed from: package-private */
    public PKCS11KeyProvider(PKCS11Device pKCS11Device, pkcs11Session pkcs11session) {
        this.a = null;
        this.b = null;
        this.c = null;
        this.d = null;
        this.e = false;
        this.a = pkcs11session;
        this.d = pKCS11Device;
        this.c = this.a.getKeyProvider();
        this.b = this.a.getCertProvider();
        this.e = false;
    }

    @Override // com.baltimore.jpkiplus.pkidevice.KeyProvider
    public void addCertChainToKey(PrivateKey privateKey, CertificateChain certificateChain) throws PKIProviderException {
        if (certificateChain == null) {
            return;
        }
        try {
            a();
            this.e = true;
            for (JCRYPTO_X509Certificate jCRYPTO_X509Certificate : certificateChain.getCertificates()) {
                CertificateEncoder4PKCS11 certificateEncoder4PKCS11 = new CertificateEncoder4PKCS11(jCRYPTO_X509Certificate);
                String string = this.d.getCurrentCallback().getString(this.d, 2, "Provide Friendly Name for Certificate", true);
                if (string == null) {
                    string = jCRYPTO_X509Certificate.getSubjectDN().toString();
                }
                this.b.storeCertificate(jCRYPTO_X509Certificate.getEncoded(), certificateEncoder4PKCS11.getIDForCertificate(), certificateEncoder4PKCS11.getSubjectDN(), certificateEncoder4PKCS11.getIssuerDN(), certificateEncoder4PKCS11.getSerialNumber(), string, true);
            }
        } catch (Exception e) {
            throw new PKIProviderException("addCertChainToKey()", e);
        }
    }

    @Override // com.baltimore.jpkiplus.pkidevice.KeyProvider
    public void addPrivateKey(PrivateKey privateKey) throws PKIProviderException {
        throw new PKIProviderException("Key Download Unsupported in 5.2");
    }

    @Override // com.baltimore.jpkiplus.pkidevice.KeyProvider
    public void addPrivateKey(PrivateKey privateKey, String str) throws PKIProviderException {
        addPrivateKey(privateKey, str, null);
    }

    @Override // com.baltimore.jpkiplus.pkidevice.KeyProvider
    public void addPrivateKey(PrivateKey privateKey, String str, byte[] bArr) throws PKIProviderException {
        try {
            b();
            this.c.addPrivateKey(privateKey, str, (Date) null, (Date) null);
        } catch (PKCS11Exception e) {
            throw new PKCS11PKIProviderException(e.getMessage(), (Throwable) e);
        } catch (InvalidKeyException e2) {
            throw new PKIProviderException(e2.getMessage(), e2);
        }
    }

    @Override // com.baltimore.jpkiplus.pkidevice.KeyProvider
    public void addPrivateKey(PrivateKey privateKey, byte[] bArr) throws PKIProviderException {
    }

    private void a() throws PKCS11Exception {
        if (this.b == null) {
            this.b = this.a.getCertProvider();
        } else {
            this.b.refresh();
        }
    }

    private void b() throws PKCS11Exception {
        if (this.c == null) {
            this.c = this.a.getKeyProvider();
        } else {
            this.c.refresh();
        }
    }

    @Override // com.baltimore.jpkiplus.pkidevice.KeyProvider
    public byte[] exportKeyToPKCS12(PrivateKey privateKey, Buffer buffer) throws PKIProviderException {
        throw new PKIProviderException("Key Export Unsupported in 5.2");
    }

    @Override // com.baltimore.jpkiplus.pkidevice.KeyProvider
    public CertificateChain getCertChainForCert(PrivateKey privateKey, X509Certificate x509Certificate) throws PKIProviderException {
        return new CertificateChain(x509Certificate);
    }

    @Override // com.baltimore.jpkiplus.pkidevice.KeyProvider
    public Vector getCertChains(PrivateKey privateKey) throws PKIProviderException {
        try {
            a();
            Vector vector = new Vector();
            vector.addElement(new JCRYPTO_X509Certificate(this.b.getCertificateForPrivateKey(privateKey)));
            return vector;
        } catch (Exception e) {
            throw new PKIProviderException("getCertChains()", e);
        }
    }

    @Override // com.baltimore.jpkiplus.pkidevice.KeyProvider
    public X509Certificate getCertificate(KeyUsage keyUsage, KeyProviderCallback keyProviderCallback) throws PKIProviderException {
        try {
            Vector selectedCerts = PKIDeviceUtils.getSelectedCerts(c(), keyUsage, this);
            if (selectedCerts.size() == 0) {
                return null;
            }
            if (selectedCerts.size() == 1) {
                return (JCRYPTO_X509Certificate) ((KeyProviderCallback.CertKeyPair) selectedCerts.elementAt(0)).cert;
            }
            if (keyProviderCallback == null) {
                return null;
            }
            return (JCRYPTO_X509Certificate) keyProviderCallback.chooseCertificate(selectedCerts);
        } catch (PKCS11Exception e) {
            throw new PKCS11PKIProviderException("getCertificate(KeyUsage)", (Throwable) e);
        }
    }

    @Override // com.baltimore.jpkiplus.pkidevice.KeyProvider
    public X509Certificate getCertificateForKey(PrivateKey privateKey, KeyProviderCallback keyProviderCallback) throws PKIProviderException {
        try {
            a();
            return new JCRYPTO_X509Certificate(this.b.getCertificateForPrivateKey(privateKey));
        } catch (Exception e) {
            throw new PKIProviderException("getCertificateForKey", e);
        } catch (PKCS11Exception e2) {
            throw new PKCS11PKIProviderException("getCertificateForKey", (Throwable) e2);
        }
    }

    @Override // com.baltimore.jpkiplus.pkidevice.KeyProvider
    public String[] getFriendlyNames() {
        try {
            b();
            return this.c.getPrivateKeyLabels();
        } catch (Exception unused) {
            return null;
        }
    }

    @Override // com.baltimore.jpkiplus.pkidevice.KeyProvider
    public int getNumberOfKeys() {
        try {
            b();
            return this.c.size();
        } catch (PKCS11Exception unused) {
            return 0;
        }
    }

    @Override // com.baltimore.jpkiplus.pkidevice.KeyProvider
    public PrivateKey getPrivateKey(KeyUsage keyUsage, KeyProviderCallback keyProviderCallback) throws PKIProviderException {
        try {
            Vector selectedCerts = PKIDeviceUtils.getSelectedCerts(c(), keyUsage, this);
            if (selectedCerts.size() == 0) {
                return null;
            }
            if (selectedCerts.size() == 1) {
                return ((KeyProviderCallback.CertKeyPair) selectedCerts.elementAt(0)).key;
            }
            if (keyProviderCallback == null) {
                return null;
            }
            return keyProviderCallback.choosePrivateKey(selectedCerts);
        } catch (PKCS11Exception e) {
            throw new PKIProviderException("getPrivateKey(KeyUsage)", (Throwable) e);
        }
    }

    @Override // com.baltimore.jpkiplus.pkidevice.KeyProvider
    public PrivateKey getPrivateKey(String str) throws PKIProviderException {
        try {
            b();
            return this.c.getKey(str);
        } catch (PKCS11Exception unused) {
            return null;
        }
    }

    @Override // com.baltimore.jpkiplus.pkidevice.KeyProvider
    public PrivateKey getPrivateKey(byte[] bArr) throws PKIProviderException {
        try {
            b();
            return this.c.getKey(bArr);
        } catch (PKCS11Exception e) {
            throw new PKIProviderException("Excpetion while retrieving key", (Throwable) e);
        }
    }

    @Override // com.baltimore.jpkiplus.pkidevice.KeyProvider
    public PrivateKey getPrivateKeyForCert(X509Certificate x509Certificate) throws PKIProviderException {
        int i;
        if (x509Certificate == null) {
            throw new PKIProviderException("getPrivateKeyForCert() - X509Certificate is null.");
        }
        try {
            b();
            MessageDigest messageDigest = MessageDigest.getInstance("SHA1");
            messageDigest.update(x509Certificate.getEncoded());
            byte[] digest = messageDigest.digest();
            MessageDigest messageDigest2 = MessageDigest.getInstance("SHA1");
            messageDigest2.update(x509Certificate.getPublicKey().getEncoded());
            byte[] digest2 = messageDigest2.digest();
            MessageDigest messageDigest3 = MessageDigest.getInstance("SHA1");
            messageDigest3.update(((RSAPublicKeyHolder) x509Certificate.getPublicKey()).getModulus().toByteArray());
            byte[] digest3 = messageDigest3.digest();
            MessageDigest messageDigest4 = MessageDigest.getInstance("SHA1");
            messageDigest4.update(PKCS11Utils.stripSignedBit(((RSAPublicKeyHolder) x509Certificate.getPublicKey()).getModulus().toByteArray()));
            byte[] digest4 = messageDigest4.digest();
            for (0; i < this.c.size(); i + 1) {
                PrivateKey privateKeyAt = this.c.getPrivateKeyAt(i);
                i = (Utils.cmpByteArrays(privateKeyAt.getEncoded(), digest) || Utils.cmpByteArrays(privateKeyAt.getEncoded(), digest2) || Utils.cmpByteArrays(privateKeyAt.getEncoded(), digest3) || Utils.cmpByteArrays(privateKeyAt.getEncoded(), digest4)) ? 0 : i + 1;
                return privateKeyAt;
            }
            return null;
        } catch (PKCS11Exception e) {
            throw new PKIProviderException("getPrivateKeyForCert()", (Throwable) e);
        } catch (NoSuchAlgorithmException e2) {
            throw new PKIProviderException("getPrivateKeyForCert() - SHA-1 MessageDigest not found.", e2);
        } catch (CertificateEncodingException e3) {
            throw new PKIProviderException("getPrivateKeyForCert() - SHA-1 MessageDigest not found.", e3);
        }
    }

    @Override // com.baltimore.jpkiplus.pkidevice.KeyProvider
    public Vector getPrivateKeys() throws PKIProviderException {
        try {
            b();
            Vector vector = new Vector();
            int size = this.c.size();
            for (int i = 0; i < size; i++) {
                try {
                    vector.addElement(this.c.getPrivateKeyAt(i));
                } catch (Exception unused) {
                }
            }
            return vector;
        } catch (Exception e) {
            throw new PKIProviderException("", e);
        }
    }

    private X509Certificate[] c() throws PKCS11Exception {
        a();
        Vector allCertificates = this.b.getAllCertificates();
        Vector vector = new Vector(allCertificates.size());
        Enumeration elements = allCertificates.elements();
        while (elements.hasMoreElements()) {
            try {
                vector.addElement(new JCRYPTO_X509Certificate(((PKCS11X509Certificate) elements.nextElement()).getEncoded()));
            } catch (Exception unused) {
            }
        }
        X509Certificate[] x509CertificateArr = new X509Certificate[vector.size()];
        vector.copyInto(x509CertificateArr);
        return x509CertificateArr;
    }

    @Override // com.baltimore.jpkiplus.pkidevice.KeyProvider
    public PrivateKey importKeyFromPKCS12(byte[] bArr, Buffer buffer) throws PKIProviderException {
        try {
            PFX pfx = new PFX(buffer, bArr);
            SafeBag[] safeBags = pfx.getSafeBags();
            PrivateKey privateKey = null;
            for (int i = 0; i < safeBags.length; i++) {
                String friendlyName = safeBags[i].getFriendlyName();
                String trim = friendlyName != null ? friendlyName.trim() : "No friendly name available";
                byte[] localKeyID = safeBags[i].getLocalKeyID();
                SafeBag safeBag = safeBags[i];
                if (localKeyID != null) {
                    if (safeBag.getBagType().equals(OIDs.certBag)) {
                        CertBag certBag = (CertBag) safeBag;
                        PrivateKey privateKey2 = pfx.getPrivateKey(localKeyID);
                        if (privateKey2 == null) {
                            this.b.storeCertificate(certBag.getCert(), trim);
                        } else {
                            JCRYPTO_X509Certificate cert = certBag.getCert();
                            CertificateEncoder4PKCS11 certificateEncoder4PKCS11 = new CertificateEncoder4PKCS11(cert);
                            KeyPair keyPair = new KeyPair(cert.getPublicKey(), privateKey2);
                            byte[] iDForCertificate = certificateEncoder4PKCS11.getIDForCertificate();
                            PKCS11RSAPrivateKeyTemplate pKCS11RSAPrivateKeyTemplate = new PKCS11RSAPrivateKeyTemplate();
                            pKCS11RSAPrivateKeyTemplate.addLabel(trim);
                            pKCS11RSAPrivateKeyTemplate.addSign(true);
                            pKCS11RSAPrivateKeyTemplate.removeModifiable();
                            privateKey = this.c.injectPrivateKey(keyPair, pKCS11RSAPrivateKeyTemplate);
                            this.b.storeCertificate(cert.getEncoded(), iDForCertificate, certificateEncoder4PKCS11.getSubjectDN(), certificateEncoder4PKCS11.getIssuerDN(), certificateEncoder4PKCS11.getSerialNumber(), trim, true, true);
                        }
                    }
                } else if (safeBag instanceof CertBag) {
                    this.b.storeCertificate(((CertBag) safeBag).getCert(), trim);
                } else if (safeBag instanceof SecretBag) {
                    this.b.storeCertificate(new JCRYPTO_X509Certificate(((ASN1OctetString) ((SecretBag) safeBag).getSecret()).getValue()), trim);
                }
            }
            return privateKey;
        } catch (Exception e) {
            throw new PKIProviderException("Exception while migrating pkcs12", e);
        }
    }

    @Override // com.baltimore.jpkiplus.pkidevice.StorageDevice
    public PKIDevice parentDevice() {
        return this.d;
    }

    @Override // com.baltimore.jpkiplus.pkidevice.KeyProvider
    public void removeAll() {
        try {
            a();
            Enumeration elements = this.b.getAllCertificates().elements();
            while (elements.hasMoreElements()) {
                this.b.deleteCertificate((PKCS11X509Certificate) elements.nextElement());
            }
            b();
            Enumeration elements2 = this.c.elements();
            while (elements2.hasMoreElements()) {
                PrivateKey privateKey = (PrivateKey) elements2.nextElement();
                this.c.deletePublicKey(this.c.getPublicKey(privateKey));
                this.c.deletePrivateKey(privateKey);
            }
        } catch (Exception unused) {
        }
    }

    @Override // com.baltimore.jpkiplus.pkidevice.KeyProvider
    public void removeCertChainFromKey(PrivateKey privateKey, CertificateChain certificateChain) throws PKIProviderException {
        if (certificateChain == null) {
            throw new PKIProviderException("removeCertChainFromKey() - Certificate Chain is null.");
        }
        try {
            JCRYPTO_X509Certificate certificate = certificateChain.getCertificate();
            if (certificate == null) {
                return;
            }
            a();
            Enumeration elements = this.b.getAllCertificates().elements();
            while (elements.hasMoreElements()) {
                PKCS11X509Certificate pKCS11X509Certificate = (PKCS11X509Certificate) elements.nextElement();
                if (pKCS11X509Certificate != null && Utils.cmpByteArrays(pKCS11X509Certificate.getEncoded(), certificate.getEncoded())) {
                    this.b.deleteCertificate(pKCS11X509Certificate);
                }
            }
        } catch (Exception e) {
            throw new PKIProviderException("removeCertChainFromKey()", e);
        }
    }

    @Override // com.baltimore.jpkiplus.pkidevice.KeyProvider
    public void removePrivateKey(PrivateKey privateKey) throws PKIProviderException {
        try {
            b();
            this.c.deletePrivateKey(privateKey);
        } catch (PKCS11Exception e) {
            throw new PKIProviderException("PKCS#11 Exception:", (Throwable) e);
        } catch (InvalidKeyException e2) {
            throw new PKIProviderException("Invalid Key Exception:", e2);
        }
    }

    public String toString() {
        return new StringBuffer("PKCS#11 KeyProvider (Keys").append(this.c.size()).append(") Certs (").append(this.b.size()).append(")").toString();
    }
}
