package com.baltimore.jpkiplus.vaults;

import com.baltimore.jcrypto.asn1.ASN1Exception;
import com.baltimore.jcrypto.asn1.ASN1Null;
import com.baltimore.jcrypto.asn1.ASN1ObjectIdentifier;
import com.baltimore.jcrypto.coders.Base64Coder;
import com.baltimore.jcrypto.mpa.mpa_num;
import com.baltimore.jcrypto.pkcs.AlgorithmIdentifier;
import com.baltimore.jcrypto.pkcs.Attributes;
import com.baltimore.jcrypto.provider.crypto.keygen.PBEKey;
import com.baltimore.jcrypto.provider.crypto.messageformat.MessageFormatException;
import com.baltimore.jcrypto.provider.crypto.messageformat.OAEPSHA1MessageFormat;
import com.baltimore.jcrypto.provider.spec.NoDigestwithX509RSASignatureSpec;
import com.baltimore.jcrypto.provider.spec.NullwithRSASignatureSpec;
import com.baltimore.jcrypto.utils.ByteArray;
import com.baltimore.jcrypto.utils.JCRYPTOException;
import com.baltimore.jcrypto.utils.OIDs;
import com.baltimore.jcrypto.utils.PartList;
import com.baltimore.jcrypto.utils.Utils;
import com.baltimore.jcrypto.utils.XORSplitter;
import com.baltimore.jpkiplus.pkcs7.CertificateChain;
import com.baltimore.jpkiplus.pkidevice.DataProvider;
import com.baltimore.jpkiplus.pkidevice.KeyProvider;
import com.baltimore.jpkiplus.pkidevice.PKIDevice;
import com.baltimore.jpkiplus.pkidevice.PKIDeviceCallback;
import com.baltimore.jpkiplus.pkidevice.PKIDeviceException;
import com.baltimore.jpkiplus.pkidevice.PKIDeviceGUIDs;
import com.baltimore.jpkiplus.pkidevice.PKIDeviceID;
import com.baltimore.jpkiplus.pkidevice.PKIDeviceManager;
import com.baltimore.jpkiplus.pkidevice.PKIProviderException;
import com.baltimore.jpkiplus.pkidevice.StorageDevice;
import com.baltimore.jpkiplus.policies.PKIPolicy;
import com.baltimore.jpkiplus.policies.PolicyException;
import com.baltimore.jpkiplus.policy.DefaultPolicyContext;
import com.baltimore.jpkiplus.policy.GenericExtension;
import com.baltimore.jpkiplus.policy.GenericExtensionsRule;
import com.baltimore.jpkiplus.policy.GenericSecurityServiceUsageRule;
import com.baltimore.jpkiplus.policy.GenericSecurityServiceUsageRules;
import com.baltimore.jpkiplus.policy.InitialCycle;
import com.baltimore.jpkiplus.policy.KeyManagementRules;
import com.baltimore.jpkiplus.policy.KeyProperties;
import com.baltimore.jpkiplus.policy.PolicyContext;
import com.baltimore.jpkiplus.policy.SigningServiceUsageRule;
import com.baltimore.jpkiplus.policy.XMLPolicyException;
import com.baltimore.jpkiplus.utils.SymmetricCiphers;
import com.baltimore.jpkiplus.x509.JCRYPTO_X509CertRequest;
import com.baltimore.jpkiplus.x509.JCRYPTO_X509Certificate;
import com.baltimore.jpkiplus.x509.JCRYPTO_X509Extensions;
import com.baltimore.jpkiplus.x509.Name;
import com.baltimore.jpkiplus.x509.Signable;
import com.baltimore.jpkiplus.x509.Wrappable;
import com.baltimore.jpkiplus.x509.extensions.Extension;
import com.baltimore.jpkiplus.x509.extensions.KeyUsage;
import com.baltimore.jpkiplus.x509.utils.SubjectPublicKeyInfo;
import com.baltimore.jpkiplus.x509.utils.TBSCertificate;
import com.baltimore.jpkiplus.x509.utils.Validity;
import com.baltimore.pkcs11.provider.cipher.JCRYPTO_PKCS11_RSAKeyWrapper;
import java.io.ByteArrayOutputStream;
import java.io.PrintWriter;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.security.AlgorithmParameterGenerator;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.InvalidParameterException;
import java.security.Key;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Signature;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.security.interfaces.DSAPrivateKey;
import java.security.interfaces.DSAPublicKey;
import java.security.spec.AlgorithmParameterSpec;
import java.util.Calendar;
import java.util.Date;
import java.util.Enumeration;
import java.util.Stack;
import java.util.Vector;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.Mac;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.ShortBufferException;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.PBEParameterSpec;
import javax.crypto.spec.RC2ParameterSpec;
import javax.crypto.spec.SecretKeySpec;

/* compiled from: [DashoPro-V1.3-013000] */
/* loaded from: input_file:com/baltimore/jpkiplus/vaults/Vault.class */
public class Vault {
    private PKIPolicy a;
    private boolean b;
    private PKIDeviceID c;
    private VaultCallback d;
    private Stack e;
    private Vector f;
    private Provider g;
    private Provider h;
    private KeyProvider i;
    private KeyProvider j;
    private DataProvider k;
    private DataProvider l;
    protected SecureRandom m;
    private PolicyContext n;
    private int o;
    private int p;
    static Class q;
    static Class r;
    static Class s;
    static Class t;
    static Class u;
    static Class v;
    static Class w;

    private Vault() {
        this.o = 1;
        this.p = 0;
        this.e = new Stack();
        this.f = new Vector();
        this.b = false;
        this.n = new DefaultPolicyContext();
    }

    public Vault(PKIPolicy pKIPolicy, VaultCallback vaultCallback) throws VaultException, PKIDeviceException {
        this();
        if (pKIPolicy == null) {
            throw new VaultException("A Policy is required to create a Vault", VaultException.eNullPolicyCreate);
        }
        this.a = pKIPolicy;
        if (vaultCallback == null) {
            this.d = new DefaultVaultCallback(this);
        } else {
            vaultCallback.setVault(this);
            this.d = vaultCallback;
        }
        pushVaultCallback(this.d);
        this.c = new PKIDeviceID(PKIDeviceGUIDs.BCRYPTO, "BCrypto Device");
        a(this.c, this.d, false);
        a();
    }

    public void checkCertificate(X509Certificate x509Certificate) throws VaultException, CertificateException {
        a(x509Certificate);
        ((JCRYPTO_X509Certificate) x509Certificate).exceptIfNotValid(this.d.giveCertValidityDate(x509Certificate));
    }

    public byte[] checkFormattedMessage(byte[] bArr, AlgorithmIdentifier algorithmIdentifier) throws VaultException, MessageFormatException {
        try {
            byte[] bArr2 = new byte[20];
            byte[] unFormatMessage = unFormatMessage(bArr, bArr2, algorithmIdentifier);
            if (Utils.cmpByteArrays(digest(unFormatMessage, OIDs.sha1), bArr2)) {
                return unFormatMessage;
            }
            throw new MessageFormatException();
        } catch (ShortBufferException unused) {
            return null;
        }
    }

    boolean a(ASN1ObjectIdentifier aSN1ObjectIdentifier, boolean z) {
        try {
            GenericSecurityServiceUsageRule genericSecurityServiceUsageRule = this.a.getSecurityServiceUsageRules().getGenericSecurityServiceUsageRule(new DefaultPolicyContext());
            if (!z) {
                int numDecryptionAlgorithmOIDs = genericSecurityServiceUsageRule.getConfidentialityServiceUsageRule().numDecryptionAlgorithmOIDs();
                for (int i = 0; i < numDecryptionAlgorithmOIDs; i++) {
                    if (aSN1ObjectIdentifier.toString().equals(genericSecurityServiceUsageRule.getConfidentialityServiceUsageRule().getDecryptionAlgorithmOID(i))) {
                        return true;
                    }
                }
            }
            if (!z && (z || genericSecurityServiceUsageRule.getConfidentialityServiceUsageRule().numDecryptionAlgorithmOIDs() != 0)) {
                return false;
            }
            int numEncryptionAlgorithmOIDs = genericSecurityServiceUsageRule.getConfidentialityServiceUsageRule().numEncryptionAlgorithmOIDs();
            for (int i2 = 0; i2 < numEncryptionAlgorithmOIDs; i2++) {
                if (aSN1ObjectIdentifier.toString().equals(genericSecurityServiceUsageRule.getConfidentialityServiceUsageRule().getEncryptionAlgorithmOID(i2))) {
                    return true;
                }
            }
            return false;
        } catch (Exception unused) {
            return false;
        }
    }

    public boolean checkPolicyForSigningAlgorithm(ASN1ObjectIdentifier aSN1ObjectIdentifier, boolean z) {
        try {
            GenericSecurityServiceUsageRule genericSecurityServiceUsageRule = this.a.getSecurityServiceUsageRules().getGenericSecurityServiceUsageRule(new DefaultPolicyContext());
            if (!z) {
                int numVerifyingAlgorithmOIDs = genericSecurityServiceUsageRule.getSigningServiceUsageRule().numVerifyingAlgorithmOIDs();
                for (int i = 0; i < numVerifyingAlgorithmOIDs; i++) {
                    if (aSN1ObjectIdentifier.toString().equals(genericSecurityServiceUsageRule.getSigningServiceUsageRule().getVerifyingAlgorithmOID(i))) {
                        return true;
                    }
                }
            }
            if (!z && (z || genericSecurityServiceUsageRule.getSigningServiceUsageRule().numVerifyingAlgorithmOIDs() != 0)) {
                return false;
            }
            int numSigningAlgorithmOIDs = genericSecurityServiceUsageRule.getSigningServiceUsageRule().numSigningAlgorithmOIDs();
            for (int i2 = 0; i2 < numSigningAlgorithmOIDs; i2++) {
                if (aSN1ObjectIdentifier.toString().equals(genericSecurityServiceUsageRule.getSigningServiceUsageRule().getSigningAlgorithmOID(i2))) {
                    return true;
                }
            }
            return false;
        } catch (Exception unused) {
            return false;
        }
    }

    public byte[] cipher(boolean z, byte[] bArr, SecretKey secretKey, ASN1ObjectIdentifier aSN1ObjectIdentifier, byte[] bArr2) throws VaultException {
        if (bArr == null || bArr.length == 0) {
            throw new NullPointerException("Data to en/decipher is null");
        }
        return finishCipherSession(startCipherSession(z, secretKey, aSN1ObjectIdentifier, bArr2), bArr);
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }

    public boolean closeVault(String str) throws VaultException {
        boolean closeVault;
        try {
            VaultCallback currentCallback = getCurrentCallback();
            if (currentCallback instanceof DefaultVaultCallback) {
                ((DefaultVaultCallback) currentCallback).usepassword(str);
                closeVault = closeVault(true);
            } else {
                DefaultVaultCallback defaultVaultCallback = new DefaultVaultCallback();
                defaultVaultCallback.usepassword(str);
                pushVaultCallback(defaultVaultCallback);
                closeVault = closeVault(true);
                popVaultCallback();
            }
            return closeVault;
        } catch (PKIDeviceException e) {
            throw new VaultException("Wrapped PKIDeviceException", e);
        }
    }

    public boolean closeVault(boolean z) throws VaultException, PKIDeviceException {
        if (!this.b) {
            throw new VaultException("Vault.closeVault() - Vault not open");
        }
        Vector vector = new Vector();
        Enumeration elements = this.f.elements();
        while (elements.hasMoreElements()) {
            PKIDevice pKIDevice = (PKIDevice) elements.nextElement();
            if (pKIDevice instanceof StorageDevice) {
                vector.addElement(pKIDevice);
            }
        }
        Enumeration elements2 = this.f.elements();
        while (elements2.hasMoreElements()) {
            PKIDevice pKIDevice2 = (PKIDevice) elements2.nextElement();
            pKIDevice2.deviceInstanceID();
            vector.addElement(pKIDevice2);
        }
        for (int i = 0; i < vector.size(); i++) {
            PKIDevice pKIDevice3 = (PKIDevice) vector.elementAt(i);
            this.f.removeElement(pKIDevice3);
            PKIDeviceManager.getPKIDeviceManager().closePKIDevice(pKIDevice3.deviceInstanceID(), z ? this.d : null);
        }
        this.g = null;
        this.i = null;
        this.k = null;
        this.h = null;
        this.j = null;
        this.l = null;
        this.b = false;
        this.c = new PKIDeviceID(PKIDeviceGUIDs.BCRYPTO, "BCrypto Device");
        a(this.c, this.d, false);
        a();
        return true;
    }

    public byte[] digest(byte[] bArr, ASN1ObjectIdentifier aSN1ObjectIdentifier) throws VaultException {
        try {
            if (aSN1ObjectIdentifier == null) {
                throw new NullPointerException("Don't use null to get the default, pass in 'new ASN1ObjectIdentifier()' instead.");
            }
            if (aSN1ObjectIdentifier.toString().length() == 0) {
                aSN1ObjectIdentifier = OIDs.hashOIDFromSignatureOID(getSignatureAlgorithm(d().getAlgorithm()));
            }
            MessageDigest startDigestSession = startDigestSession(aSN1ObjectIdentifier);
            updateDigestSession(startDigestSession, bArr);
            return finishDigestSession(startDigestSession);
        } catch (Exception e) {
            throw new VaultException("Vault.digest() - No digest algorithm can be extracted from Policy", e);
        }
    }

    public static byte[] exportCertificateRequest(PublicKey publicKey, PrivateKey privateKey, Name name, Attributes attributes, Extension[] extensionArr, boolean z) throws VaultException {
        try {
            JCRYPTO_X509CertRequest jCRYPTO_X509CertRequest = new JCRYPTO_X509CertRequest(name, publicKey, attributes);
            if (extensionArr != null) {
                for (Extension extension : extensionArr) {
                    jCRYPTO_X509CertRequest.addExtension(extension);
                }
            }
            jCRYPTO_X509CertRequest.sign(privateKey);
            return z ? jCRYPTO_X509CertRequest.toPEM() : jCRYPTO_X509CertRequest.toDER();
        } catch (Exception e) {
            throw new VaultException("Error while building certificate request", e);
        }
    }

    public byte[] exportCertificateRequest(X509Certificate x509Certificate, Attributes attributes, Extension[] extensionArr, boolean z) throws VaultException, PKIProviderException {
        Extension[] extensionArr2;
        try {
            PrivateKey privateKeyForCert = this.i.getPrivateKeyForCert(x509Certificate);
            if (extensionArr == null) {
                JCRYPTO_X509Extensions extensions = JCRYPTO_X509Certificate.cast(x509Certificate).getASNTBSCertificate().getExtensions();
                extensionArr2 = new Extension[extensions.getNumberExtensions()];
                for (int i = 0; i < extensionArr2.length; i++) {
                    extensionArr2[i] = extensions.getExtension(i);
                }
            } else {
                extensionArr2 = extensionArr;
            }
            return exportCertificateRequest(x509Certificate.getPublicKey(), privateKeyForCert, Name.cast(x509Certificate.getSubjectDN()), attributes, extensionArr2, z);
        } catch (CertificateException e) {
            throw new VaultException("Name conversion failed", e);
        }
    }

    protected void finalize() throws Throwable {
        try {
            if (!System.getProperties().getProperty("PKIDevice.ShowFinalizer", "no").equalsIgnoreCase("no")) {
                System.err.println("Finalizing Vault\n{");
                System.err.println(new StringBuffer("primaryCryptoProvider = ").append(this.g).toString());
                System.err.println(new StringBuffer("secondaryCryptoProvider = ").append(this.h).toString());
                System.err.println(new StringBuffer("primaryDataProvider = ").append(this.k).toString());
                System.err.println(new StringBuffer("secondaryDataProvider = ").append(this.l).toString());
                System.err.println(new StringBuffer("primaryKeyProvider = ").append(this.i).toString());
                System.err.println(new StringBuffer("secondaryKeyProvider = ").append(this.j).toString());
                System.err.println(new StringBuffer("isOpen = ").append(this.b).toString());
                System.err.println("}");
            }
        } catch (Exception unused) {
        }
        if (this.c != null) {
            PKIDeviceManager.getPKIDeviceManager().closePKIDevice(this.c, null);
        }
        super.finalize();
    }

    public byte[] finishCipherSession(Cipher cipher, byte[] bArr) throws VaultException {
        try {
            return cipher.doFinal(bArr);
        } catch (IllegalStateException e) {
            throw new VaultException("Cipher not ready to finish", e);
        } catch (Exception e2) {
            throw new VaultException("Vault.finishCipherSession()", e2);
        }
    }

    public byte[] finishDigestSession(MessageDigest messageDigest) throws VaultException {
        if (messageDigest == null) {
            throw new VaultException("Vault.finishDigestSession() - The MessageDigest is null.");
        }
        return messageDigest.digest();
    }

    public byte[] finishMacSession(Mac mac) {
        return mac.doFinal();
    }

    public byte[] formatMessage(byte[] bArr, AlgorithmIdentifier algorithmIdentifier) throws VaultException {
        try {
            if (algorithmIdentifier.getAlgorithm().equals(OIDs.baltimore_format_oaepsha1)) {
                return OAEPSHA1MessageFormat.formatMessage(bArr);
            }
            throw new VaultException("Expected OIDs.baltimore_format_oaepsha1 (1.2.372.980001.4.1) as algID");
        } catch (NoSuchAlgorithmException e) {
            throw new VaultException("Error while formatting", e);
        }
    }

    public void generateIdentity(AlgorithmParameterSpec algorithmParameterSpec, Name name) throws VaultException {
        throw new VaultException("Only implemented in KeyperVault");
    }

    public void generateIdentity(byte[] bArr) throws VaultException, PolicyException, PKIDeviceException, PKIProviderException, CertificateException {
        try {
            generateIdentity(bArr, new Name("KeyTools Vault Identity", "IE", "39/41 Parkgate Street", "Dublin 8", "Development", "KeyTools Java"));
        } catch (ASN1Exception unused) {
        }
    }

    public void generateIdentity(byte[] bArr, Name name) throws VaultException, PolicyException, PKIDeviceException, PKIProviderException, CertificateException {
        boolean z;
        if (!this.b) {
            throw new VaultException("Vault.generateIdentity() - Vault is not opened yet");
        }
        GenericSecurityServiceUsageRules genericSecurityServiceUsageRules = null;
        KeyManagementRules keyManagementRules = null;
        int i = 0;
        try {
            genericSecurityServiceUsageRules = this.a.getSecurityServiceUsageRules();
            keyManagementRules = this.a.getKeyManagementRules();
            i = keyManagementRules.getInitialCycle(0).numPrivateKeySetups();
            if (i == 0) {
                throw new VaultException("Vault.generateIdentity() - No keys specified in Policy");
            }
        } catch (XMLPolicyException unused) {
        }
        if (name != null) {
            try {
                if (name.toString().length() != 0) {
                    f();
                    for (int i2 = 0; i2 < i; i2++) {
                        KeyPair generateKeyPair = generateKeyPair(i2, bArr);
                        PrivateKey privateKey = generateKeyPair.getPrivate();
                        PublicKey publicKey = generateKeyPair.getPublic();
                        InitialCycle initialCycle = keyManagementRules.getInitialCycle(new DefaultPolicyContext());
                        if (initialCycle.getPrivateKeySetup(i2).getKeyProperties().hasRSAKeyValue()) {
                            z = false;
                        } else {
                            if (!initialCycle.getPrivateKeySetup(i2).getKeyProperties().hasDSAKeyValue()) {
                                throw new VaultException("Vault.generateIdentity() - unknown alg OID in KeyProfile for new key");
                            }
                            z = true;
                        }
                        Validity validity = new Validity(1);
                        AlgorithmIdentifier algorithmIdentifier = null;
                        SigningServiceUsageRule signingServiceUsageRule = genericSecurityServiceUsageRules.getGenericSecurityServiceUsageRule(0).getSigningServiceUsageRule();
                        new ASN1ObjectIdentifier(signingServiceUsageRule.getSigningAlgorithmOID(0));
                        if (z) {
                            int i3 = 0;
                            while (true) {
                                if (i3 >= signingServiceUsageRule.numSigningAlgorithmOIDs()) {
                                    break;
                                }
                                ASN1ObjectIdentifier aSN1ObjectIdentifier = new ASN1ObjectIdentifier(signingServiceUsageRule.getSigningAlgorithmOID(i3));
                                if (aSN1ObjectIdentifier.equals(OIDs.dsaWithSha1)) {
                                    algorithmIdentifier = new AlgorithmIdentifier(aSN1ObjectIdentifier, new ASN1Null());
                                    break;
                                }
                                i3++;
                            }
                        } else {
                            int i4 = 0;
                            while (true) {
                                if (i4 >= signingServiceUsageRule.numSigningAlgorithmOIDs()) {
                                    break;
                                }
                                ASN1ObjectIdentifier aSN1ObjectIdentifier2 = new ASN1ObjectIdentifier(signingServiceUsageRule.getSigningAlgorithmOID(i4));
                                if (aSN1ObjectIdentifier2.equals(OIDs.sha_1WithRSAEncryption)) {
                                    algorithmIdentifier = new AlgorithmIdentifier(aSN1ObjectIdentifier2, new ASN1Null());
                                    break;
                                } else {
                                    if (aSN1ObjectIdentifier2.equals(OIDs.md5WithRSAEncryption)) {
                                        algorithmIdentifier = new AlgorithmIdentifier(aSN1ObjectIdentifier2, new ASN1Null());
                                        break;
                                    }
                                    i4++;
                                }
                            }
                        }
                        byte[] bArr2 = new byte[8];
                        this.m.nextBytes(bArr2);
                        TBSCertificate tBSCertificate = new TBSCertificate(2, new mpa_num(bArr2), algorithmIdentifier, name, validity, name, new SubjectPublicKeyInfo(publicKey), null, null, null);
                        JCRYPTO_X509Extensions jCRYPTO_X509Extensions = new JCRYPTO_X509Extensions();
                        KeyUsage keyUsage = new KeyUsage();
                        KeyProperties keyProperties = keyManagementRules.getInitialCycle(0).getPrivateKeySetup(i2).getKeyProperties();
                        int numKeyUsages = keyProperties.numKeyUsages();
                        for (int i5 = 0; i5 < numKeyUsages; i5++) {
                            String keyUsage2 = keyProperties.getKeyUsage(i5).toString();
                            if (keyUsage2.equals("DigitalSignature")) {
                                keyUsage.setField(0, true);
                            }
                            if (keyUsage2.equals("CertificateSigning")) {
                                keyUsage.setField(5, true);
                            }
                            if (keyUsage2.equals("CRLSigning")) {
                                keyUsage.setField(6, true);
                            }
                            if (keyUsage2.equals("DataEncipherment")) {
                                keyUsage.setField(3, true);
                            }
                            if (keyUsage2.equals("KeyAgreement")) {
                                keyUsage.setField(4, true);
                            }
                            if (keyUsage2.equals("KeyEncipherment")) {
                                keyUsage.setField(2, true);
                            }
                            if (keyUsage2.equals("NonRepudiation")) {
                                keyUsage.setField(1, true);
                            }
                        }
                        jCRYPTO_X509Extensions.addExtension(keyUsage);
                        tBSCertificate.setExtensions(jCRYPTO_X509Extensions);
                        JCRYPTO_X509Certificate jCRYPTO_X509Certificate = new JCRYPTO_X509Certificate(tBSCertificate, algorithmIdentifier);
                        jCRYPTO_X509Certificate.setSignatureAlgorithm(algorithmIdentifier, null);
                        jCRYPTO_X509Certificate.sign(privateKey);
                        if (this.i != null) {
                            this.i.addCertChainToKey(privateKey, new CertificateChain(jCRYPTO_X509Certificate));
                        }
                        if (this.j != null) {
                            this.j.addCertChainToKey(privateKey, new CertificateChain(jCRYPTO_X509Certificate));
                        }
                    }
                    return;
                }
            } catch (JCRYPTOException e) {
                throw new VaultException("JCryptoException", e);
            }
        }
        throw new VaultException("Distinguished Name passed in is null");
    }

    public KeyPair generateKeyPair(int i, byte[] bArr) throws VaultException {
        f();
        try {
            return a(this.a.getKeyManagementRules().getInitialCycle(new DefaultPolicyContext()).getPrivateKeySetup(i).getKeyProperties(), bArr);
        } catch (Exception e) {
            throw new VaultException("Vault.generateKeyPair() - ", e);
        }
    }

    public KeyPair generateKeyPair(KeyProperties keyProperties) throws XMLPolicyException, VaultException, PKIDeviceException, PKIProviderException {
        return a(keyProperties, (byte[]) null);
    }

    private KeyPair a(KeyProperties keyProperties, byte[] bArr) throws XMLPolicyException, VaultException, PKIDeviceException, PKIProviderException {
        int i;
        int pLength;
        if (keyProperties.hasRSAKeyValue()) {
            i = this.p;
            pLength = keyProperties.getRSAKeyValue().getAllowedKeyBitLength();
        } else {
            if (!keyProperties.hasDSAKeyValue()) {
                throw new VaultException("Vault.generateKeyPair() - unknown alg OID in KeyProfile for new key");
            }
            i = this.o;
            pLength = keyProperties.getDSAKeyValue().getPLength();
            if (keyProperties.getDSAKeyValue().hasCommunity()) {
                try {
                    bArr = Base64Coder.decode(keyProperties.getDSAKeyValue().getCommunity().getBytes());
                    this.d.notifyWarning(this.i.parentDevice(), 10, "Using DSA Community from XML Policy");
                } catch (Exception unused) {
                    bArr = null;
                }
            }
        }
        ASN1ObjectIdentifier aSN1ObjectIdentifier = i == this.o ? OIDs.dsaANSI : OIDs.rsaEncryption;
        byte[] bArr2 = null;
        if (bArr == null && i == this.o) {
            try {
                AlgorithmParameterGenerator a = a(OIDs.getStringFromOID(aSN1ObjectIdentifier));
                a.init(pLength, this.m);
                bArr2 = a.generateParameters().getEncoded();
            } catch (Exception unused2) {
            }
        } else {
            bArr2 = bArr;
        }
        KeyPair generateKeyPair = a(aSN1ObjectIdentifier, pLength, bArr2, this.m).generateKeyPair();
        PrivateKey privateKey = generateKeyPair.getPrivate();
        String string = this.d.getString(null, 2, "FriendlyName for Key", true);
        if (string == null) {
            string = "None Supplied";
        }
        if (this.i != null) {
            this.i.addPrivateKey(privateKey, string);
        }
        if (this.j != null) {
            this.j.addPrivateKey(privateKey, string);
        }
        return generateKeyPair;
    }

    public byte[] generateMACDigest(String str, String str2, SecretKey secretKey, byte[] bArr) throws Exception {
        Mac startMacSession = startMacSession(OIDs.getOIDFromString(str), secretKey);
        updateMacSession(startMacSession, bArr);
        return finishMacSession(startMacSession);
    }

    public byte[] generateMACDigest(String str, String str2, byte[] bArr, byte[] bArr2) throws Exception {
        Mac startMacSession = startMacSession(OIDs.getOIDFromString(str));
        startMacSession.init(new SecretKeySpec(bArr, str2));
        updateMacSession(startMacSession, bArr2);
        return finishMacSession(startMacSession);
    }

    public SecretKey generatePBESessionKey(String str, AlgorithmIdentifier algorithmIdentifier) throws VaultException {
        Key key = null;
        try {
            if (!a(algorithmIdentifier.getAlgorithm(), true)) {
                throw new VaultException(new StringBuffer("SessionKey Algorithm ").append(key.getAlgorithm()).append("/").append(algorithmIdentifier.getAlgorithm().toString()).append(" not allowed by policy").toString());
            }
            return SecretKeyFactory.getInstance(OIDs.getStringFromOID(algorithmIdentifier.getAlgorithm())).generateSecret(new PBEKeySpec(str.toCharArray()));
        } catch (Exception e) {
            throw new VaultException(new StringBuffer("Failed to generate PBESessionKey ").append(e).toString());
        }
    }

    public SecretKey generateSessionKey(int i, ASN1ObjectIdentifier aSN1ObjectIdentifier) throws VaultException, NoSuchAlgorithmException {
        try {
            f();
            if (aSN1ObjectIdentifier == null) {
                throw new NullPointerException("Don't use null to get the default, pass in 'new ASN1ObjectIdentifier()' instead.");
            }
            if (aSN1ObjectIdentifier.toString().length() == 0) {
                aSN1ObjectIdentifier.setValue(a(true));
            }
            String keyFromCipher = SymmetricCiphers.getKeyFromCipher(SymmetricCiphers.getCipherFromOID(aSN1ObjectIdentifier.toString()));
            KeyGenerator a = a(keyFromCipher, this.m);
            if (keyFromCipher.equals("DES")) {
                a.init(56);
            } else if (keyFromCipher.equals("DESede") || keyFromCipher.equals("Triple-DES") || keyFromCipher.equals("DES3")) {
                a.init(168);
            } else {
                a.init(i * 8);
            }
            return a.generateKey();
        } catch (Exception e) {
            throw new VaultException("Vault.generateSessionKey()", e);
        }
    }

    public X509Certificate getCertificate(KeyUsage keyUsage) throws VaultException, PKIProviderException, CertificateExpiredException, CertificateNotYetValidException {
        JCRYPTO_X509Certificate jCRYPTO_X509Certificate = (JCRYPTO_X509Certificate) e().getCertificate(keyUsage, this.d);
        Date giveCertValidityDate = this.d.giveCertValidityDate(jCRYPTO_X509Certificate);
        if (jCRYPTO_X509Certificate == null) {
            throw new VaultException("A certificate with that keyusage does not exist.");
        }
        Calendar calendar = Calendar.getInstance();
        a(jCRYPTO_X509Certificate);
        jCRYPTO_X509Certificate.exceptIfNotValid(giveCertValidityDate == null ? calendar.getTime() : giveCertValidityDate);
        return jCRYPTO_X509Certificate;
    }

    public PolicyContext getContext() {
        return this.n;
    }

    public VaultCallback getCurrentCallback() {
        return this.d;
    }

    private PrivateKey c() throws PKIProviderException, VaultException {
        KeyUsage keyUsage = new KeyUsage();
        keyUsage.setField(3, true);
        return e().getPrivateKey(keyUsage, this.d);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String a(boolean z) throws NoSuchAlgorithmException {
        GenericSecurityServiceUsageRule genericSecurityServiceUsageRule;
        String str = null;
        try {
            genericSecurityServiceUsageRule = this.a.getSecurityServiceUsageRules().getGenericSecurityServiceUsageRule(new DefaultPolicyContext());
            str = genericSecurityServiceUsageRule.getConfidentialityServiceUsageRule().toString();
        } catch (XMLPolicyException unused) {
        }
        if (!z && genericSecurityServiceUsageRule.getConfidentialityServiceUsageRule().numDecryptionAlgorithmOIDs() > 0) {
            return genericSecurityServiceUsageRule.getConfidentialityServiceUsageRule().getDecryptionAlgorithmOID(0);
        }
        if ((z || (!z && genericSecurityServiceUsageRule.getConfidentialityServiceUsageRule().numDecryptionAlgorithmOIDs() == 0)) && genericSecurityServiceUsageRule.getConfidentialityServiceUsageRule().numEncryptionAlgorithmOIDs() > 0) {
            return genericSecurityServiceUsageRule.getConfidentialityServiceUsageRule().getEncryptionAlgorithmOID(0);
        }
        throw new NoSuchAlgorithmException(new StringBuffer("No Symmetric Encryption/Decryption OIDs in Policy \n{").append(str).append("}").toString());
    }

    public Vector getDeviceList() {
        return this.f;
    }

    private PrivateKey d() throws PKIProviderException, VaultException {
        KeyUsage keyUsage = new KeyUsage();
        keyUsage.setField(0, true);
        return e().getPrivateKey(keyUsage, this.d);
    }

    protected MessageDigest a(ASN1ObjectIdentifier aSN1ObjectIdentifier) throws VaultException {
        try {
            return MessageDigest.getInstance(OIDs.getStringFromOID(aSN1ObjectIdentifier));
        } catch (NoSuchAlgorithmException e) {
            throw new VaultException(e.getMessage());
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Object a(Class cls, String str) throws VaultException {
        Class<?> class$;
        Class<?> class$2;
        if (str == null) {
            return null;
        }
        boolean z = false;
        if (System.getProperty("KeyTools.supressBBSWarningForPrimaryProvider", "true").equalsIgnoreCase("true")) {
            z = true;
        }
        try {
            Object obj = null;
            Class<?>[] clsArr = new Class[2];
            if (w != null) {
                class$ = w;
            } else {
                class$ = class$("java.lang.String");
                w = class$;
            }
            clsArr[0] = class$;
            if (w != null) {
                class$2 = w;
            } else {
                class$2 = class$("java.lang.String");
                w = class$2;
            }
            clsArr[1] = class$2;
            try {
                try {
                    Method method = cls.getMethod("getInstance", clsArr);
                    Object[] objArr = new Object[2];
                    objArr[0] = str;
                    if (this.g != null) {
                        objArr[1] = this.g.getName();
                        try {
                            try {
                                try {
                                    obj = method.invoke(null, objArr);
                                    if (obj != null) {
                                        return obj;
                                    }
                                } catch (IllegalArgumentException e) {
                                    ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                                    PrintWriter printWriter = new PrintWriter(byteArrayOutputStream);
                                    printWriter.println(new StringBuffer(String.valueOf(cls.getName())).append("{").append(this.g).append("*/").append(this.h).append("}").toString());
                                    e.printStackTrace(printWriter);
                                    printWriter.flush();
                                    this.d.notifyWarning(null, 10, new String(byteArrayOutputStream.toByteArray()), e);
                                }
                            } catch (InvocationTargetException e2) {
                                ByteArrayOutputStream byteArrayOutputStream2 = new ByteArrayOutputStream();
                                PrintWriter printWriter2 = new PrintWriter(byteArrayOutputStream2);
                                printWriter2.println(new StringBuffer(String.valueOf(cls.getName())).append("{").append(this.g).append("*/").append(this.h).append("}").toString());
                                e2.getTargetException().printStackTrace(printWriter2);
                                printWriter2.flush();
                                if (!(e2.getTargetException() instanceof NoSuchAlgorithmException) || !str.equalsIgnoreCase("BBS") || !z) {
                                    this.d.notifyWarning(null, 10, new String(byteArrayOutputStream2.toByteArray()), e2);
                                }
                            }
                        } catch (IllegalAccessException e3) {
                            ByteArrayOutputStream byteArrayOutputStream3 = new ByteArrayOutputStream();
                            PrintWriter printWriter3 = new PrintWriter(byteArrayOutputStream3);
                            printWriter3.println(new StringBuffer(String.valueOf(cls.getName())).append("{").append(this.g).append("*/").append(this.h).append("}").toString());
                            e3.printStackTrace(printWriter3);
                            printWriter3.flush();
                            this.d.notifyWarning(null, 10, new String(byteArrayOutputStream3.toByteArray()), e3);
                        }
                    }
                    if (obj == null && this.h != null) {
                        objArr[1] = this.h.getName();
                        try {
                            try {
                                try {
                                    Object invoke = method.invoke(null, objArr);
                                    if (invoke != null) {
                                        return invoke;
                                    }
                                } catch (IllegalAccessException e4) {
                                    ByteArrayOutputStream byteArrayOutputStream4 = new ByteArrayOutputStream();
                                    PrintWriter printWriter4 = new PrintWriter(byteArrayOutputStream4);
                                    printWriter4.println(new StringBuffer(String.valueOf(cls.getName())).append("{").append(this.g).append("/*").append(this.h).append("}").toString());
                                    e4.printStackTrace(printWriter4);
                                    printWriter4.flush();
                                    this.d.notifyWarning(null, 10, new String(byteArrayOutputStream4.toByteArray()), e4);
                                }
                            } catch (IllegalArgumentException e5) {
                                ByteArrayOutputStream byteArrayOutputStream5 = new ByteArrayOutputStream();
                                PrintWriter printWriter5 = new PrintWriter(byteArrayOutputStream5);
                                printWriter5.println(new StringBuffer(String.valueOf(cls.getName())).append("{").append(this.g).append("/*").append(this.h).append("}").toString());
                                e5.printStackTrace(printWriter5);
                                printWriter5.flush();
                                this.d.notifyWarning(null, 10, new String(byteArrayOutputStream5.toByteArray()), e5);
                            }
                        } catch (InvocationTargetException e6) {
                            ByteArrayOutputStream byteArrayOutputStream6 = new ByteArrayOutputStream();
                            PrintWriter printWriter6 = new PrintWriter(byteArrayOutputStream6);
                            printWriter6.println(new StringBuffer(String.valueOf(cls.getName())).append("{").append(this.g).append("/*").append(this.h).append("}").toString());
                            e6.printStackTrace(printWriter6);
                            printWriter6.flush();
                            this.d.notifyWarning(null, 10, new String(byteArrayOutputStream6.toByteArray()), e6);
                        }
                    }
                    throw new VaultException(new StringBuffer(String.valueOf(cls.toString())).append(" for ").append(str).append(" was not found in primary or secondary providers").toString());
                } catch (NoSuchMethodException unused) {
                    throw new VaultException(new StringBuffer("Method getInstance(String,String) not found in ").append(cls.toString()).toString());
                }
            } catch (SecurityException unused2) {
                throw new VaultException(new StringBuffer("Method getInstance(String,String) could not be accessed in ").append(cls.toString()).toString());
            }
        } catch (Exception e7) {
            if (e7 instanceof VaultException) {
                throw ((VaultException) e7);
            }
            throw new VaultException(new StringBuffer("Failed to instantiate ").append(cls.toString()).append(" with ").append(str).append(" [").append(e7.getMessage()).append("]").toString(), e7);
        }
    }

    protected KeyPairGenerator a(ASN1ObjectIdentifier aSN1ObjectIdentifier, int i, byte[] bArr, SecureRandom secureRandom) throws VaultException {
        Class class$;
        String stringFromOID = OIDs.getStringFromOID(aSN1ObjectIdentifier);
        int indexOf = stringFromOID.indexOf(47);
        if (indexOf >= 0) {
            stringFromOID = stringFromOID.substring(0, indexOf);
        }
        if (r != null) {
            class$ = r;
        } else {
            class$ = class$("java.security.KeyPairGenerator");
            r = class$;
        }
        KeyPairGenerator keyPairGenerator = (KeyPairGenerator) a(class$, stringFromOID);
        keyPairGenerator.initialize(i, secureRandom);
        return keyPairGenerator;
    }

    private KeyProvider e() throws VaultException {
        if (this.i != null) {
            return this.i;
        }
        if (this.j != null) {
            return this.j;
        }
        throw new VaultException("Vault.getKeyProvider() - KeyProvider not available.");
    }

    private PKIDevice a(PKIDeviceID pKIDeviceID, PKIDeviceCallback pKIDeviceCallback, boolean z) throws VaultException, PKIDeviceException {
        if (pKIDeviceID.getClassID().length() == 0) {
            return null;
        }
        PKIDevice pKIDevice = PKIDeviceManager.getPKIDeviceManager().getPKIDevice(pKIDeviceID, pKIDeviceCallback);
        for (int i = 0; i < this.f.size(); i++) {
            PKIDevice pKIDevice2 = (PKIDevice) this.f.elementAt(i);
            if (pKIDevice2 == null || pKIDevice == null) {
                throw new VaultException("Vault:-> received a bad device....");
            }
            if (pKIDevice.equals(pKIDevice2)) {
                return pKIDevice;
            }
        }
        if (z) {
            useHighPriorityDevice(pKIDevice);
        } else {
            useLowPriorityDevice(pKIDevice);
        }
        return pKIDevice;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public AlgorithmParameterGenerator a(String str) throws VaultException {
        Class class$;
        if (q != null) {
            class$ = q;
        } else {
            class$ = class$("java.security.AlgorithmParameterGenerator");
            q = class$;
        }
        return (AlgorithmParameterGenerator) a(class$, str);
    }

    public PKIPolicy getPolicy() {
        return this.a;
    }

    public byte[] getRandomData(int i) throws VaultException {
        f();
        byte[] bArr = new byte[i];
        this.m.nextBytes(bArr);
        return bArr;
    }

    protected KeyGenerator a(String str, SecureRandom secureRandom) throws VaultException {
        Class class$;
        if (u != null) {
            class$ = u;
        } else {
            class$ = class$("javax.crypto.KeyGenerator");
            u = class$;
        }
        KeyGenerator keyGenerator = (KeyGenerator) a(class$, str);
        if (keyGenerator == null) {
            throw new VaultException(new StringBuffer("Could not create a KeyPairGenerator for ").append(str).toString());
        }
        keyGenerator.init(secureRandom);
        return keyGenerator;
    }

    protected Signature b(ASN1ObjectIdentifier aSN1ObjectIdentifier) throws VaultException {
        Class class$;
        if (s != null) {
            class$ = s;
        } else {
            class$ = class$("java.security.Signature");
            s = class$;
        }
        return (Signature) a(class$, OIDs.getStringFromOID(aSN1ObjectIdentifier));
    }

    private ASN1ObjectIdentifier e(ASN1ObjectIdentifier aSN1ObjectIdentifier) {
        try {
            SigningServiceUsageRule signingServiceUsageRule = this.a.getSecurityServiceUsageRules().getGenericSecurityServiceUsageRule(new DefaultPolicyContext()).getSigningServiceUsageRule();
            if (signingServiceUsageRule.numSigningAlgorithmOIDs() > 0) {
                return new ASN1ObjectIdentifier(signingServiceUsageRule.getSigningAlgorithmOID(0));
            }
            return null;
        } catch (XMLPolicyException unused) {
            return null;
        }
    }

    public ASN1ObjectIdentifier getSignatureAlgorithm(String str) throws VaultException {
        ASN1ObjectIdentifier aSN1ObjectIdentifier;
        if (str.equals("RSA")) {
            aSN1ObjectIdentifier = OIDs.sha_1WithRSAEncryption;
        } else {
            if (!str.equals("DSA")) {
                throw new VaultException(new StringBuffer("Vault.getSignatureAlgorithm(String) - Unknown algorithm identifier ").append(str).toString());
            }
            aSN1ObjectIdentifier = OIDs.dsaWithSha1;
        }
        return e(aSN1ObjectIdentifier);
    }

    public ASN1ObjectIdentifier getSignatureAlgorithm(X509Certificate x509Certificate) throws VaultException, CertificateExpiredException, CertificateNotYetValidException {
        a(x509Certificate);
        ((JCRYPTO_X509Certificate) x509Certificate).exceptIfNotValid(this.d.giveCertValidityDate(x509Certificate));
        return getSignatureAlgorithm(x509Certificate.getPublicKey().getAlgorithm());
    }

    protected Cipher c(ASN1ObjectIdentifier aSN1ObjectIdentifier) throws VaultException {
        Class class$;
        String cipherFromOID = SymmetricCiphers.getCipherFromOID(aSN1ObjectIdentifier.toString());
        this.d.notifyWarning(null, 10, new StringBuffer("getSymmetricCipher(").append(aSN1ObjectIdentifier).append("): ").append(cipherFromOID).toString());
        if (t != null) {
            class$ = t;
        } else {
            class$ = class$("javax.crypto.Cipher");
            t = class$;
        }
        return (Cipher) a(class$, cipherFromOID);
    }

    protected Cipher d(ASN1ObjectIdentifier aSN1ObjectIdentifier) throws VaultException {
        Class class$;
        String stringFromOID = OIDs.getStringFromOID(aSN1ObjectIdentifier);
        int indexOf = stringFromOID.indexOf(47);
        if (indexOf >= 0) {
            stringFromOID = stringFromOID.substring(0, indexOf);
        }
        if (t != null) {
            class$ = t;
        } else {
            class$ = class$("javax.crypto.Cipher");
            t = class$;
        }
        return (Cipher) a(class$, stringFromOID);
    }

    public boolean hasIdentity() throws VaultException {
        return this.b && e().getNumberOfKeys() != 0;
    }

    public void initialiseDevice(String str, PKIDeviceID pKIDeviceID) throws VaultException, PKIDeviceException {
        PKIDevice pKIDevice;
        if (str == null) {
            str = new String("__USE_CALLBACK__");
        }
        if (pKIDeviceID == null) {
            pKIDeviceID = e().parentDevice().deviceInstanceID();
        }
        InternalCryptoCallback internalCryptoCallback = new InternalCryptoCallback(this, this.d) { // from class: com.baltimore.jpkiplus.vaults.Vault.1
            @Override // com.baltimore.jpkiplus.vaults.InternalCryptoCallback, com.baltimore.jpkiplus.pkidevice.PKIDeviceCallback
            public boolean getBoolean(PKIDevice pKIDevice2, int i, String str2, boolean z) throws PKIDeviceException {
                if (i == 20) {
                    return true;
                }
                return super.getBoolean(pKIDevice2, i, str2, z);
            }
        };
        if (!str.equals("__USE_CALLBACK__")) {
            internalCryptoCallback.respondToPassphaseRequest(str);
        }
        try {
            pKIDevice = PKIDeviceManager.getPKIDeviceManager().getPKIDevice(pKIDeviceID, internalCryptoCallback);
        } catch (PKIDeviceException e) {
            internalCryptoCallback.notifyWarning(null, 14, "Exception while getting PKIDevice", e);
            pKIDevice = null;
        }
        if (pKIDevice == null) {
            throw new VaultException("Vault.initialiseDevice() - No Device for that ID");
        }
        if (!pKIDevice.checkStatusForOperation(4, this.d)) {
            throw new VaultException("Device not ready for init.");
        }
        pKIDevice.wipeDevice(str, internalCryptoCallback);
        if (pKIDevice instanceof StorageDevice) {
            PKIDeviceManager.getPKIDeviceManager().closePKIDevice(pKIDeviceID, this.d);
            this.b = false;
        }
    }

    public boolean isOpen() {
        return this.b;
    }

    public byte[] join(PartList partList) throws VaultException {
        f();
        try {
            return new XORSplitter(this.m, null).join(partList);
        } catch (Exception e) {
            throw new VaultException("Vault.split()", e);
        }
    }

    public boolean openVault(PKIDeviceID pKIDeviceID) throws VaultException, PKIDeviceException {
        if (this.b) {
            throw new VaultException("Vault.openVault() - The Vault is already open !");
        }
        if (!a(pKIDeviceID, this.d, true).checkStatusForOperation(0, this.d)) {
            this.b = false;
            return this.b;
        }
        a();
        b();
        this.b = true;
        return true;
    }

    public boolean openVault(PKIDeviceID pKIDeviceID, String str) throws VaultException {
        boolean openVault;
        try {
            VaultCallback currentCallback = getCurrentCallback();
            if (currentCallback instanceof DefaultVaultCallback) {
                ((DefaultVaultCallback) currentCallback).usepassword(str);
                openVault = openVault(pKIDeviceID);
            } else {
                DefaultVaultCallback defaultVaultCallback = new DefaultVaultCallback();
                defaultVaultCallback.usepassword(str);
                pushVaultCallback(defaultVaultCallback);
                openVault = openVault(pKIDeviceID);
                popVaultCallback();
            }
            return openVault;
        } catch (PKIDeviceException e) {
            throw new VaultException("Wrapped PKIDeviceException", e);
        }
    }

    public Enumeration peekCallbackStack() {
        return this.e.elements();
    }

    public VaultCallback popVaultCallback() {
        if (this.e.isEmpty()) {
            return null;
        }
        VaultCallback vaultCallback = (VaultCallback) this.e.pop();
        if (this.e.isEmpty()) {
            this.d = null;
        } else {
            this.d = (VaultCallback) this.e.peek();
        }
        return vaultCallback;
    }

    private void f() throws VaultException {
        Class class$;
        if (this.m != null) {
            this.m.setSeed(this.d.subsequentSeed());
            return;
        }
        try {
            if (v != null) {
                class$ = v;
            } else {
                class$ = class$("java.security.SecureRandom");
                v = class$;
            }
            this.m = (SecureRandom) a(class$, "BBS");
            if (this.m == null) {
                throw new VaultException("Vault.prepareRNG() - No Crypto Providers have been set.");
            }
            this.m.setSeed(this.d.firstSeedRNG());
        } catch (Exception e) {
            throw new VaultException("Vault.prepareRNG()", e);
        }
    }

    public Provider primaryCryptoProvider() {
        return this.g;
    }

    public DataProvider primaryDataProvider() {
        return this.k;
    }

    public KeyProvider primaryKeyProvider() {
        return this.i;
    }

    public VaultCallback pushVaultCallback(VaultCallback vaultCallback) {
        VaultCallback vaultCallback2 = null;
        if (!this.e.isEmpty()) {
            vaultCallback2 = (VaultCallback) this.e.peek();
        }
        if (vaultCallback == null) {
            return null;
        }
        this.d = vaultCallback;
        this.e.push(this.d);
        return vaultCallback2;
    }

    public boolean removeAndCloseDevice(PKIDeviceID pKIDeviceID, PKIDeviceCallback pKIDeviceCallback) throws VaultException, PKIDeviceException {
        for (int i = 0; i < this.f.size(); i++) {
            PKIDevice pKIDevice = (PKIDevice) this.f.elementAt(i);
            if (pKIDevice.deviceInstanceID().equals(pKIDeviceID)) {
                PKIDeviceManager.getPKIDeviceManager().closePKIDevice(pKIDevice.deviceInstanceID(), pKIDeviceCallback);
                this.f.removeElementAt(i);
                return true;
            }
        }
        return false;
    }

    public Provider secondaryCryptoProvider() {
        return this.h;
    }

    public DataProvider secondaryDataProvider() {
        return this.l;
    }

    public KeyProvider secondaryKeyProvider() {
        return this.j;
    }

    public void setContext(PolicyContext policyContext) {
        this.n = policyContext;
    }

    protected void a() {
        this.g = null;
        this.h = null;
        Vector vector = new Vector();
        Enumeration elements = this.f.elements();
        while (elements.hasMoreElements()) {
            PKIDevice pKIDevice = (PKIDevice) elements.nextElement();
            if (pKIDevice.hasCryptoProvider()) {
                vector.addElement(pKIDevice.getCryptoProvider());
            }
        }
        int size = vector.size();
        if (size >= 2) {
            this.h = (Provider) vector.elementAt(1);
        }
        if (size >= 1) {
            this.g = (Provider) vector.elementAt(0);
        }
    }

    public void setDeviceList(Vector vector) {
        this.f.removeAllElements();
        this.f = vector;
        a();
        b();
    }

    protected void b() {
        this.j = null;
        this.i = null;
        this.l = null;
        this.k = null;
        for (int i = 0; i < this.f.size(); i++) {
            PKIDevice pKIDevice = (PKIDevice) this.f.elementAt(i);
            if (this.i == null) {
                this.i = pKIDevice.getKeyProvider();
            } else if (this.j == null) {
                this.j = pKIDevice.getKeyProvider();
            }
            if (this.k == null) {
                this.k = pKIDevice.getDataProvider();
            } else if (this.l == null) {
                this.l = pKIDevice.getDataProvider();
            }
        }
    }

    public void sign(Signable signable, String str, byte[] bArr) throws VaultException, PKIProviderException {
        KeyProvider e = e();
        PrivateKey d = (str == null || str.length() <= 0) ? (bArr == null || bArr.length <= 0) ? d() : e.getPrivateKey(bArr) : e.getPrivateKey(str);
        if (d == null) {
            throw new VaultException("No DigitalSignature Key found in primary KeyProvider");
        }
        a(signable, d);
    }

    private void a(Signable signable, PrivateKey privateKey) throws VaultException {
        if (privateKey == null) {
            throw new InvalidParameterException("Null PrivateKey was passed in.");
        }
        try {
            JCRYPTO_X509Certificate jCRYPTO_X509Certificate = (JCRYPTO_X509Certificate) e().getCertificateForKey(privateKey, this.d);
            if (jCRYPTO_X509Certificate != null) {
                a(jCRYPTO_X509Certificate);
                jCRYPTO_X509Certificate.exceptIfNotValid(Calendar.getInstance().getTime());
            }
            ASN1ObjectIdentifier signatureAlgorithm = getSignatureAlgorithm(privateKey.getAlgorithm());
            signable.setSignatureAlgorithm(new AlgorithmIdentifier(signatureAlgorithm, new ASN1Null()), jCRYPTO_X509Certificate);
            MessageDigest startDigestSession = startDigestSession(OIDs.hashOIDFromSignatureOID(signatureAlgorithm));
            boolean z = false;
            ByteArray byteArray = new ByteArray();
            while (!z) {
                z = signable.getChunkToDigestForSigning(byteArray, jCRYPTO_X509Certificate);
                updateDigestSession(startDigestSession, byteArray.getBytes());
            }
            signable.setSignature(signDigest(finishDigestSession(startDigestSession), signatureAlgorithm, privateKey, null, null), jCRYPTO_X509Certificate);
        } catch (VaultException e) {
            throw e;
        } catch (Exception e2) {
            throw new VaultException("Vault.sign(Signable, PrivateKey)", e2);
        }
    }

    public byte[] sign(byte[] bArr, ASN1ObjectIdentifier aSN1ObjectIdentifier, String str, byte[] bArr2) throws VaultException, PKIProviderException {
        KeyProvider e = e();
        return sign(bArr, (str == null || str.length() <= 0) ? (bArr2 == null || bArr2.length <= 0) ? d() : e.getPrivateKey(bArr2) : e.getPrivateKey(str), aSN1ObjectIdentifier);
    }

    public byte[] sign(byte[] bArr, PrivateKey privateKey, ASN1ObjectIdentifier aSN1ObjectIdentifier) throws VaultException {
        if (bArr == null || bArr.length == 0) {
            throw new VaultException("Vault.sign() - No data supplied");
        }
        if (privateKey == null) {
            try {
                privateKey = d();
            } catch (VaultException e) {
                throw e;
            } catch (Exception e2) {
                throw new VaultException("Vault.sign()", e2);
            }
        }
        GenericSecurityServiceUsageRules securityServiceUsageRules = this.a.getSecurityServiceUsageRules();
        if (aSN1ObjectIdentifier == null) {
            throw new NullPointerException("Don't use null to get the default, pass in 'new ASN1ObjectIdentifier()' instead.");
        }
        if (aSN1ObjectIdentifier.toString().length() == 0) {
            aSN1ObjectIdentifier = getSignatureAlgorithm(privateKey.getAlgorithm());
        }
        if (securityServiceUsageRules != null && !checkPolicyForSigningAlgorithm(aSN1ObjectIdentifier, true)) {
            throw new VaultException("Algorithm specified is not one of the algoritms permitted by Policy");
        }
        Signature b = b(aSN1ObjectIdentifier);
        b.initSign(privateKey);
        if (privateKey.getAlgorithm().equalsIgnoreCase("DSA")) {
            Object params = ((DSAPrivateKey) privateKey).getParams();
            if (params == null) {
                params = ((DSAPublicKey) e().getCertificateForKey(privateKey, this.d).getPublicKey()).getParams();
            }
            b.setParameter((AlgorithmParameterSpec) params);
        }
        b.update(bArr);
        return b.sign();
    }

    public byte[] signDigest(byte[] bArr, ASN1ObjectIdentifier aSN1ObjectIdentifier, PrivateKey privateKey, String str, byte[] bArr2) throws VaultException {
        ASN1ObjectIdentifier aSN1ObjectIdentifier2;
        KeyProvider e = e();
        if (privateKey == null) {
            if (str != null) {
                try {
                    if (str.length() > 0) {
                        privateKey = e.getPrivateKey(str);
                    }
                } catch (VaultException e2) {
                    throw e2;
                } catch (Exception e3) {
                    throw new VaultException("Vault.signDigest()", e3);
                }
            }
            privateKey = (bArr2 == null || bArr2.length <= 0) ? d() : e.getPrivateKey(bArr2);
        }
        if (bArr.length == 0 || privateKey == null) {
            throw new VaultException("Vault.signDigest() - No data supplied or key was null");
        }
        if (aSN1ObjectIdentifier == null) {
            aSN1ObjectIdentifier = new ASN1ObjectIdentifier();
        }
        if (aSN1ObjectIdentifier.toString().length() == 0) {
            aSN1ObjectIdentifier = getSignatureAlgorithm(privateKey.getAlgorithm());
        }
        if (privateKey.getAlgorithm() == null) {
            ASN1ObjectIdentifier aSN1ObjectIdentifier3 = OIDs.nullWithRSASignature;
        }
        if (privateKey.getAlgorithm().equals("RSA")) {
            aSN1ObjectIdentifier2 = OIDs.nullWithRSASignature;
        } else {
            if (!privateKey.getAlgorithm().equals("DSA")) {
                throw new VaultException("Vault.signDigest() - Key type must be RSA or DSA.");
            }
            aSN1ObjectIdentifier2 = OIDs.nullWithDSASignature;
        }
        ASN1ObjectIdentifier hashOIDFromSignatureOID = OIDs.isDigestAlgorithm(aSN1ObjectIdentifier) ? aSN1ObjectIdentifier : OIDs.hashOIDFromSignatureOID(aSN1ObjectIdentifier);
        Signature b = b(aSN1ObjectIdentifier2);
        if (b.getAlgorithm().equalsIgnoreCase("NoDigestwithX509RSA")) {
            b.setParameter(new NoDigestwithX509RSASignatureSpec(hashOIDFromSignatureOID));
        }
        b.initSign(privateKey);
        if (privateKey.getAlgorithm().equalsIgnoreCase("DSA")) {
            Object params = ((DSAPrivateKey) privateKey).getParams();
            if (params == null) {
                params = ((DSAPublicKey) e().getCertificateForKey(privateKey, this.d).getPublicKey()).getParams();
            }
            b.setParameter((AlgorithmParameterSpec) params);
            b.update(bArr);
        } else {
            b.update(bArr);
        }
        return b.sign();
    }

    public void split(byte[] bArr, int i, int i2, PartList partList) throws VaultException {
        if (bArr.length == 0) {
            throw new VaultException("Vault.split() - No data to split.");
        }
        f();
        try {
            new XORSplitter(this.m, null).split(bArr, i, i2, partList, null);
        } catch (Exception e) {
            throw new VaultException("Vault.split()", e);
        }
    }

    public Cipher startCipherSession(boolean z, SecretKey secretKey, ASN1ObjectIdentifier aSN1ObjectIdentifier, AlgorithmParameterSpec algorithmParameterSpec) throws VaultException {
        if (secretKey != null) {
            try {
                if (!secretKey.getAlgorithm().equals("")) {
                    if (aSN1ObjectIdentifier == null) {
                        throw new NullPointerException("Don't use null to get the default, pass in 'new ASN1ObjectIdentifier()' instead.");
                    }
                    if (aSN1ObjectIdentifier.toString().length() == 0) {
                        aSN1ObjectIdentifier.setValue(a(true));
                    }
                    if (!a(aSN1ObjectIdentifier, z)) {
                        throw new VaultException(new StringBuffer("SessionKey Algorithm ").append(secretKey.getAlgorithm()).append("/").append(aSN1ObjectIdentifier).append(" not allowed by policy").toString());
                    }
                    AlgorithmParameterSpec algorithmParameterSpec2 = null;
                    Cipher c = c(aSN1ObjectIdentifier);
                    int i = 56;
                    if (aSN1ObjectIdentifier.equals(OIDs.rc2CBC) || aSN1ObjectIdentifier.equals(OIDs.rc2ECB)) {
                        int numGenericExtensionsRules = this.a.getPolicyExtensions().numGenericExtensionsRules();
                        for (int i2 = 0; i2 < numGenericExtensionsRules; i2++) {
                            GenericExtensionsRule genericExtensionsRule = this.a.getPolicyExtensions().getGenericExtensionsRule(i2);
                            for (int i3 = 0; i3 < genericExtensionsRule.numGenericExtensions(); i3++) {
                                String customPolicyExtensionOID = genericExtensionsRule.getGenericExtension(i3).getCustomPolicyExtensionOID();
                                if (customPolicyExtensionOID.equals("1.2.840.113549.3.2") || customPolicyExtensionOID.equals("1.2.840.113549.3.3")) {
                                    i = genericExtensionsRule.getGenericExtension(i3).getIntegerSet().getIntegerSpecification(0);
                                }
                            }
                        }
                        if (algorithmParameterSpec instanceof RC2ParameterSpec) {
                            RC2ParameterSpec rC2ParameterSpec = (RC2ParameterSpec) algorithmParameterSpec;
                            if (rC2ParameterSpec.getEffectiveKeyBits() != i) {
                                algorithmParameterSpec2 = new RC2ParameterSpec(i, rC2ParameterSpec.getIV());
                            }
                        } else if (algorithmParameterSpec instanceof IvParameterSpec) {
                            algorithmParameterSpec2 = new RC2ParameterSpec(i, ((IvParameterSpec) algorithmParameterSpec).getIV());
                        }
                    } else {
                        algorithmParameterSpec2 = algorithmParameterSpec;
                    }
                    if (z) {
                        if (algorithmParameterSpec2 != null) {
                            c.init(1, secretKey, algorithmParameterSpec2);
                        } else {
                            c.init(1, secretKey, this.m);
                        }
                    } else if (algorithmParameterSpec2 != null) {
                        c.init(2, secretKey, algorithmParameterSpec2);
                    } else {
                        c.init(2, secretKey, this.m);
                    }
                    return c;
                }
            } catch (VaultException e) {
                throw e;
            } catch (Exception e2) {
                throw new VaultException("Vault.startCipherSession()", e2);
            }
        }
        throw new VaultException("Vault.startCipherSession() - must provide a valid SessionKey");
    }

    public Cipher startCipherSession(boolean z, SecretKey secretKey, ASN1ObjectIdentifier aSN1ObjectIdentifier, byte[] bArr) throws VaultException {
        return secretKey instanceof PBEKey ? startCipherSession(z, secretKey, aSN1ObjectIdentifier, new PBEParameterSpec(bArr, 20)) : bArr != null ? startCipherSession(z, secretKey, aSN1ObjectIdentifier, new IvParameterSpec(bArr)) : startCipherSession(z, secretKey, aSN1ObjectIdentifier, (AlgorithmParameterSpec) null);
    }

    public MessageDigest startDigestSession(ASN1ObjectIdentifier aSN1ObjectIdentifier) throws VaultException {
        try {
            if (aSN1ObjectIdentifier == null) {
                throw new NullPointerException("Don't use null to get the default, pass in 'new ASN1ObjectIdentifier()' instead.");
            }
            if (aSN1ObjectIdentifier.toString().length() == 0) {
                aSN1ObjectIdentifier = OIDs.hashOIDFromSignatureOID(getSignatureAlgorithm(d().getAlgorithm()));
            }
            return a(aSN1ObjectIdentifier);
        } catch (Exception e) {
            throw new VaultException("Vault.digest() - No digest algorithm can be extracted from Policy", e);
        }
    }

    public Mac startMacSession(ASN1ObjectIdentifier aSN1ObjectIdentifier) throws NoSuchAlgorithmException {
        return Mac.getInstance(OIDs.getStringFromOID(aSN1ObjectIdentifier));
    }

    public Mac startMacSession(ASN1ObjectIdentifier aSN1ObjectIdentifier, SecretKey secretKey) throws NoSuchAlgorithmException, InvalidKeyException {
        Mac mac = Mac.getInstance(OIDs.getStringFromOID(aSN1ObjectIdentifier));
        mac.init(secretKey);
        return mac;
    }

    public Mac startMacSession(ASN1ObjectIdentifier aSN1ObjectIdentifier, SecretKey secretKey, AlgorithmParameterSpec algorithmParameterSpec) throws VaultException {
        try {
            Mac mac = Mac.getInstance(OIDs.getStringFromOID(aSN1ObjectIdentifier));
            mac.init(secretKey, algorithmParameterSpec);
            return mac;
        } catch (InvalidAlgorithmParameterException e) {
            throw new VaultException(new StringBuffer("vault.startMacSession()  ").append(e).toString());
        } catch (InvalidKeyException e2) {
            throw new VaultException(new StringBuffer("vault.startMacSession()  ").append(e2).toString());
        } catch (NoSuchAlgorithmException e3) {
            throw new VaultException(new StringBuffer("vault.startMacSession()  ").append(e3).toString());
        }
    }

    public byte[] unFormatMessage(byte[] bArr, byte[] bArr2, AlgorithmIdentifier algorithmIdentifier) throws VaultException, ShortBufferException {
        try {
            if (algorithmIdentifier.getAlgorithm().equals(OIDs.baltimore_format_oaepsha1)) {
                return OAEPSHA1MessageFormat.unFormatMessage(bArr, bArr2);
            }
            throw new VaultException("Expected OIDs.baltimore_format_oaepsha1 (1.2.372.980001.4.1) as algID");
        } catch (NoSuchAlgorithmException e) {
            throw new VaultException("Error while unformatting", e);
        }
    }

    public void unwrap(Wrappable wrappable, String str) throws VaultException {
        wrappable.setPassphrase(str);
        wrappable.openEnvelope(this);
    }

    public void unwrap(Wrappable wrappable, X509Certificate x509Certificate) throws VaultException {
        wrappable.openEnvelope(this);
    }

    public byte[] unwrap(byte[] bArr, ASN1ObjectIdentifier aSN1ObjectIdentifier, X509Certificate x509Certificate) throws VaultException {
        if (bArr.length == 0) {
            throw new VaultException("Vault.unwrap(byte[], ASN1ObjectIdentifier, X509Certificate) - data required.");
        }
        try {
            PrivateKey privateKeyForCert = x509Certificate != null ? e().getPrivateKeyForCert(x509Certificate) : c();
            if (privateKeyForCert == null) {
                throw new VaultException("Vault.unwrap(byte[], ASN1ObjectIdentifier, X509Certificate) - Could not find a data cipher usage private key.");
            }
            if (privateKeyForCert.getAlgorithm().equals("DSA")) {
                throw new VaultException("Vault.wrap(byte[], X509Certificate, AlgorithmIdentifier) - Cannot use DSA Keys for unwrapping.");
            }
            try {
                GenericSecurityServiceUsageRules securityServiceUsageRules = this.a.getSecurityServiceUsageRules();
                boolean z = securityServiceUsageRules != null;
                if (aSN1ObjectIdentifier == null) {
                    throw new NullPointerException("Don't use null to get the default, pass in 'new ASN1ObjectIdentifier()' instead.");
                }
                if (aSN1ObjectIdentifier.toString().length() == 0) {
                    aSN1ObjectIdentifier = z ? new ASN1ObjectIdentifier(securityServiceUsageRules.getGenericSecurityServiceUsageRule(0).getKeyWrappingServiceUsageRule().getKeyUnwrappingAlgorithmOID(0)) : OIDs.rsaEncryptionOAEP;
                } else if (z) {
                    int numKeyUnwrappingAlgorithmOIDs = securityServiceUsageRules.getGenericSecurityServiceUsageRule(new DefaultPolicyContext()).getKeyWrappingServiceUsageRule().numKeyUnwrappingAlgorithmOIDs();
                    boolean z2 = true;
                    for (int i = 0; i < numKeyUnwrappingAlgorithmOIDs; i++) {
                        if (new ASN1ObjectIdentifier(securityServiceUsageRules.getGenericSecurityServiceUsageRule(0).getKeyWrappingServiceUsageRule().getKeyUnwrappingAlgorithmOID(i)).equals(aSN1ObjectIdentifier)) {
                            z2 = false;
                        }
                    }
                    if (z2) {
                        throw new VaultException("Vault.unwrap(byte[], X509Certificate, AlgorithmIdentifier) - Unwrapping algorithm not permitted by the policy.");
                    }
                    if (!OIDs.rsaEncryptionOAEP.equals(aSN1ObjectIdentifier)) {
                        throw new VaultException("Vault:unwrap(byte[], X509Certificate, AlgorithmIdentifier) - Unwrapping algorithm not permitted by the policy.");
                    }
                }
                Cipher d = d(aSN1ObjectIdentifier);
                d.init(2, privateKeyForCert, this.m);
                return d.doFinal(bArr);
            } catch (Exception e) {
                throw new VaultException("Vault.wrap(byte[], X509Certificate, AlgorithmIdentifier)", e);
            }
        } catch (PKIProviderException e2) {
            throw new VaultException("Vault.unwrap(byte[], ASN1ObjectIdentifier, X509Certificate)", e2);
        }
    }

    public SecretKey unwrapKey(byte[] bArr, ASN1ObjectIdentifier aSN1ObjectIdentifier, X509Certificate x509Certificate, ASN1ObjectIdentifier aSN1ObjectIdentifier2) throws VaultException {
        if (bArr.length == 0) {
            throw new VaultException("Vault.unwrapKey() - No data provided.");
        }
        KeyProvider e = e();
        try {
            KeyUsage keyUsage = new KeyUsage();
            keyUsage.setField(2, true);
            PrivateKey privateKeyForCert = x509Certificate != null ? e.getPrivateKeyForCert(x509Certificate) : e.getPrivateKey(keyUsage, this.d);
            if (privateKeyForCert == null) {
                throw new VaultException("Vault.unwrapKey() - Could not find a keycipher usage private key.");
            }
            if (privateKeyForCert.getAlgorithm().equals("DSA")) {
                throw new VaultException("Vault.unwrapKey() - Cannot use DSA Keys for unwrapping.");
            }
            if (privateKeyForCert.getClass().getName().equalsIgnoreCase("com.baltimore.pkcs11.provider.PKCS11_RSA_PrivateKeyHolder")) {
                try {
                    return new JCRYPTO_PKCS11_RSAKeyWrapper().unWrapKey(privateKeyForCert, bArr, aSN1ObjectIdentifier2);
                } catch (Exception e2) {
                    throw new VaultException("Vault.unwrapKey()", e2);
                }
            }
            try {
                GenericSecurityServiceUsageRules securityServiceUsageRules = this.a.getSecurityServiceUsageRules();
                boolean z = securityServiceUsageRules != null;
                if (aSN1ObjectIdentifier == null) {
                    throw new NullPointerException("Don't use null to get the default, pass in 'new ASN1ObjectIdentifier()' instead.");
                }
                if (aSN1ObjectIdentifier.toString().length() == 0) {
                    aSN1ObjectIdentifier = z ? new ASN1ObjectIdentifier(securityServiceUsageRules.getGenericSecurityServiceUsageRule(0).getKeyWrappingServiceUsageRule().getKeyUnwrappingAlgorithmOID(0)) : OIDs.rsaEncryptionOAEP;
                } else if (z) {
                    int numKeyUnwrappingAlgorithmOIDs = securityServiceUsageRules.getGenericSecurityServiceUsageRule(new DefaultPolicyContext()).getKeyWrappingServiceUsageRule().numKeyUnwrappingAlgorithmOIDs();
                    boolean z2 = true;
                    for (int i = 0; i < numKeyUnwrappingAlgorithmOIDs; i++) {
                        if (new ASN1ObjectIdentifier(securityServiceUsageRules.getGenericSecurityServiceUsageRule(0).getKeyWrappingServiceUsageRule().getKeyUnwrappingAlgorithmOID(i)).equals(aSN1ObjectIdentifier)) {
                            z2 = false;
                        }
                    }
                    if (z2) {
                        throw new VaultException("Vault.unwrapKey(byte[] wrappedSessionKey, ASN1ObjectIdentifier howToUnwrap, X509Certificate recipient, ASN1ObjectIdentifier keyOID) - Unwrapping algorithm not permitted by the policy.");
                    }
                } else if (!OIDs.rsaEncryptionOAEP.equals(aSN1ObjectIdentifier)) {
                    throw new VaultException("Vault:unwrapKey(byte[] wrappedSessionKey, ASN1ObjectIdentifier howToUnwrap, X509Certificate recipient, ASN1ObjectIdentifier keyOID) - Unwrapping algorithm not permitted by the policy.");
                }
                Cipher d = d(aSN1ObjectIdentifier);
                d.init(2, privateKeyForCert, this.m);
                String stringFromOID = OIDs.getStringFromOID(aSN1ObjectIdentifier2);
                return stringFromOID.indexOf("/") != -1 ? new SecretKeySpec(d.doFinal(bArr), stringFromOID.substring(0, stringFromOID.indexOf("/"))) : new SecretKeySpec(d.doFinal(bArr), stringFromOID);
            } catch (Exception e3) {
                throw new VaultException("Vault.unwrapKey()", e3);
            }
        } catch (PKIProviderException e4) {
            throw new VaultException("Vault.unwrapKey()", e4);
        }
    }

    public byte[] updateCipherSession(Cipher cipher, byte[] bArr) throws VaultException {
        try {
            return cipher.update(bArr);
        } catch (IllegalStateException e) {
            throw new VaultException("Cipher not ready to be updated", e);
        }
    }

    public void updateDigestSession(MessageDigest messageDigest, byte[] bArr) throws VaultException {
        if (messageDigest == null) {
            throw new VaultException("Vault.updateDigestSession() - The MessageDigest is null.");
        }
        if (bArr.length == 0) {
            throw new VaultException("Vault.updateDigestSession() - No data provided.");
        }
        messageDigest.update(bArr);
    }

    public void updateMacSession(Mac mac, byte[] bArr) {
        mac.update(bArr);
    }

    public void updateSelfSignedCert(CertificateChain certificateChain) throws VaultException, PKIProviderException, CertificateException {
        JCRYPTO_X509Certificate jCRYPTO_X509Certificate;
        certificateChain.getCertificate().exceptIfNotValid(this.d.giveCertValidityDate(certificateChain.getCertificate()));
        KeyProvider e = e();
        for (String str : e.getFriendlyNames()) {
            PrivateKey privateKey = e.getPrivateKey(str);
            if (privateKey != null && (jCRYPTO_X509Certificate = (JCRYPTO_X509Certificate) e.getCertificateForKey(privateKey, null)) != null) {
                JCRYPTO_X509Certificate certificate = certificateChain.getCertificate();
                CertificateChain certificateChain2 = new CertificateChain();
                certificateChain2.addCertificate(jCRYPTO_X509Certificate);
                if (jCRYPTO_X509Certificate.isSelfSigned() && Utils.cmpByteArrays(jCRYPTO_X509Certificate.getPublicKey().getEncoded(), certificate.getPublicKey().getEncoded())) {
                    this.i.removeCertChainFromKey(privateKey, certificateChain2);
                    this.i.addCertChainToKey(privateKey, certificateChain);
                    return;
                }
            }
        }
        throw new VaultException("Vault.updateSelfSignedCert() - Self signed Certificate not found.");
    }

    public void useHighPriorityDevice(PKIDevice pKIDevice) {
        if (this.f.contains(pKIDevice)) {
            this.f.removeElement(pKIDevice);
        }
        this.f.insertElementAt(pKIDevice, 0);
        a();
    }

    public void useLowPriorityDevice(PKIDevice pKIDevice) {
        if (this.f.contains(pKIDevice)) {
            this.f.removeElement(pKIDevice);
        }
        this.f.addElement(pKIDevice);
        a();
    }

    public boolean verify(Signable signable, X509Certificate x509Certificate) throws VaultException {
        if (x509Certificate == null) {
            try {
                x509Certificate = e().getCertificateForKey(d(), this.d);
            } catch (Exception e) {
                throw new VaultException("Vault.verify(Signable, X509Certificate)", e);
            }
        }
        if (!(x509Certificate instanceof JCRYPTO_X509Certificate)) {
            x509Certificate = new JCRYPTO_X509Certificate(x509Certificate.getEncoded());
        }
        checkCertificate(x509Certificate);
        AlgorithmIdentifier signatureAlgorithm = signable.getSignatureAlgorithm(x509Certificate);
        MessageDigest startDigestSession = startDigestSession(OIDs.hashOIDFromSignatureOID(signatureAlgorithm.getAlgorithm()));
        ByteArray byteArray = new ByteArray();
        boolean z = false;
        while (!z) {
            z = signable.getChunkToDigestForSigning(byteArray, x509Certificate);
            updateDigestSession(startDigestSession, byteArray.getBytes());
        }
        return verifyDigest(finishDigestSession(startDigestSession), signable.getSignature(x509Certificate), x509Certificate, signatureAlgorithm);
    }

    public boolean verify(byte[] bArr, byte[] bArr2, X509Certificate x509Certificate, ASN1ObjectIdentifier aSN1ObjectIdentifier) throws VaultException, PKIProviderException {
        return a(bArr, bArr2, x509Certificate, aSN1ObjectIdentifier, null);
    }

    private boolean a(byte[] bArr, byte[] bArr2, X509Certificate x509Certificate, ASN1ObjectIdentifier aSN1ObjectIdentifier, ASN1ObjectIdentifier aSN1ObjectIdentifier2) throws VaultException, PKIProviderException {
        if (x509Certificate == null) {
            x509Certificate = e().getCertificateForKey(d(), this.d);
        }
        PublicKey publicKey = x509Certificate.getPublicKey();
        if (publicKey.getEncoded().length == 0 || bArr.length == 0 || bArr2.length == 0) {
            throw new VaultException("Vault.verify(byte[], byte[], X509Certificate, AlgorithmIdentifier) - Empty key, data or signature supplied");
        }
        try {
            if (aSN1ObjectIdentifier == null) {
                throw new NullPointerException("Don't use null to get the default, pass in 'new ASN1ObjectIdentifier()' instead.");
            }
            if (aSN1ObjectIdentifier.toString().length() == 0) {
                aSN1ObjectIdentifier = getSignatureAlgorithm(publicKey.getAlgorithm());
            }
            if (!checkPolicyForSigningAlgorithm(aSN1ObjectIdentifier2 == null ? aSN1ObjectIdentifier : aSN1ObjectIdentifier2, false)) {
                throw new VaultException(new StringBuffer("Signing algorithm is not permitted by Policy: ").append(aSN1ObjectIdentifier).toString());
            }
            Signature b = b(aSN1ObjectIdentifier);
            if (b.getAlgorithm().equalsIgnoreCase("NoDigestwithX509RSA")) {
                b.setParameter(new NullwithRSASignatureSpec(OIDs.hashOIDFromSignatureOID(aSN1ObjectIdentifier2)));
            }
            b.initVerify(publicKey);
            b.update(bArr);
            return b.verify(bArr2);
        } catch (Exception e) {
            throw new VaultException("Vault.verify(byte[], byte[], X509Certificate, AlgorithmIdentifier)", e);
        }
    }

    public boolean verifyDigest(byte[] bArr, byte[] bArr2, X509Certificate x509Certificate, AlgorithmIdentifier algorithmIdentifier) throws VaultException {
        if (x509Certificate == null) {
            try {
                x509Certificate = e().getCertificateForKey(d(), this.d);
            } catch (VaultException e) {
                throw e;
            } catch (Exception e2) {
                throw new VaultException("Vault.verifyDigest() - ", e2);
            }
        }
        if (algorithmIdentifier == null) {
            throw new NullPointerException("Don't use null to get the default, pass in 'new AlgorithmIdentifier()' instead.");
        }
        if (algorithmIdentifier.getAlgorithm().toString().length() == 0) {
            algorithmIdentifier.setAlgorithm(getSignatureAlgorithm(x509Certificate.getPublicKey().getAlgorithm()));
        }
        checkCertificate(x509Certificate);
        if (x509Certificate.getPublicKey().getAlgorithm().equals("RSA")) {
            return a(bArr, bArr2, x509Certificate, OIDs.nullWithRSASignature, algorithmIdentifier.getAlgorithm());
        }
        if (x509Certificate.getPublicKey().getAlgorithm().equals("DSA")) {
            return a(bArr, bArr2, x509Certificate, OIDs.nullWithDSASignature, algorithmIdentifier.getAlgorithm());
        }
        throw new VaultException("Vault.verifyDigest() - Unknown Key Algorithm type.");
    }

    private boolean a(X509Certificate x509Certificate) throws VaultException {
        int i = 0;
        try {
            GenericExtensionsRule genericExtensionsRule = this.a.getPolicyExtensions().getGenericExtensionsRule(new DefaultPolicyContext());
            int numGenericExtensions = genericExtensionsRule == null ? 0 : genericExtensionsRule.numGenericExtensions();
            for (int i2 = 0; i2 < numGenericExtensions; i2++) {
                GenericExtension genericExtension = genericExtensionsRule.getGenericExtension(i2);
                if (genericExtension.getCustomPolicyExtensionOID().equals(OIDs.pkiPlusConfigurationKeyExpiryWarning.toString())) {
                    if (!genericExtension.hasIntegerSet()) {
                        throw new VaultException("KeyExpirationCheck", new XMLPolicyException("KeyExpiryWarning does not contain an IntegerValue"));
                    }
                    int integerSpecification = genericExtension.getIntegerSet().getIntegerSpecification(0);
                    i = integerSpecification > 0 ? integerSpecification : 0;
                }
            }
        } catch (XMLPolicyException e) {
            e.printStackTrace();
        }
        Calendar calendar = Calendar.getInstance();
        int abs = Math.abs(i / 365);
        for (int i3 = 0; i3 < abs; i3++) {
            calendar.roll(1, true);
        }
        for (int i4 = 0; i4 < i % 365; i4++) {
            calendar.roll(6, true);
        }
        try {
            x509Certificate.checkValidity(calendar.getTime());
            return true;
        } catch (CertificateExpiredException unused) {
            String stringBuffer = new StringBuffer(String.valueOf(x509Certificate.getSubjectDN().toString())).append(" will have expired in less than ").append(i).append(" days").toString();
            this.d.notifyWarning(null, 4, stringBuffer);
            this.d.notifyKeyExpiry(4, stringBuffer, x509Certificate);
            return false;
        } catch (CertificateNotYetValidException unused2) {
            return false;
        }
    }

    public void wrap(Wrappable wrappable, String str) throws VaultException {
        wrappable.setPassphrase(str);
        wrappable.envelope(this);
    }

    public void wrap(Wrappable wrappable, Vector vector) throws VaultException {
        for (int i = 0; i < vector.size(); i++) {
            X509Certificate x509Certificate = (X509Certificate) vector.elementAt(i);
            boolean[] keyUsage = x509Certificate.getKeyUsage();
            if (keyUsage != null && !keyUsage[2]) {
                throw new VaultException("Vault.wrap() - Cant use a non keyEncipherment usage cert for a key wrap operation");
            }
            try {
                a(x509Certificate);
                ((JCRYPTO_X509Certificate) x509Certificate).exceptIfNotValid(new Date());
                wrappable.addRecipient(x509Certificate);
            } catch (Exception e) {
                throw new VaultException("Vault.wrap()", e);
            }
        }
        wrappable.envelope(this);
    }

    public byte[] wrap(byte[] bArr, X509Certificate x509Certificate, ASN1ObjectIdentifier aSN1ObjectIdentifier) throws VaultException, PKIProviderException, CertificateException {
        try {
            GenericSecurityServiceUsageRules securityServiceUsageRules = this.a.getSecurityServiceUsageRules();
            boolean z = securityServiceUsageRules != null;
            if (x509Certificate == null) {
                KeyUsage keyUsage = new KeyUsage();
                keyUsage.setField(3, true);
                x509Certificate = getCertificate(keyUsage);
                if (x509Certificate == null) {
                    throw new VaultException("Vault.wrap() - Could not find a datacipher usage certificate.");
                }
            }
            PublicKey publicKey = x509Certificate.getPublicKey();
            if (bArr.length == 0 || publicKey.getEncoded().length == 0 || publicKey.getAlgorithm().equals("")) {
                throw new VaultException("Vault.wrap(byte[], X509Certificate, AlgorithmIdentifier) - Both data and key required.");
            }
            f();
            try {
                if (publicKey.getAlgorithm().equals("DSA")) {
                    throw new VaultException("Vault.wrap(byte[], X509Certificate, AlgorithmIdentifier) - Cannot use DSA Keys for wrapping.");
                }
                if (aSN1ObjectIdentifier == null) {
                    throw new NullPointerException("Don't use null to get the default, pass in 'new ASN1ObjectIdentifier()' instead.");
                }
                if (aSN1ObjectIdentifier.toString().length() == 0) {
                    aSN1ObjectIdentifier = z ? new ASN1ObjectIdentifier(securityServiceUsageRules.getGenericSecurityServiceUsageRule(0).getKeyWrappingServiceUsageRule().getKeyWrappingAlgorithmOID(0)) : OIDs.rsaEncryptionOAEP;
                } else if (z) {
                    int numKeyWrappingAlgorithmOIDs = securityServiceUsageRules.getGenericSecurityServiceUsageRule(new DefaultPolicyContext()).getKeyWrappingServiceUsageRule().numKeyWrappingAlgorithmOIDs();
                    boolean z2 = true;
                    for (int i = 0; i < numKeyWrappingAlgorithmOIDs; i++) {
                        if (new ASN1ObjectIdentifier(securityServiceUsageRules.getGenericSecurityServiceUsageRule(0).getKeyWrappingServiceUsageRule().getKeyWrappingAlgorithmOID(i)).equals(aSN1ObjectIdentifier)) {
                            z2 = false;
                        }
                    }
                    if (z2) {
                        throw new VaultException("Vault.wrap(byte[], X509Certificate, AlgorithmIdentifier) - Wrapping algorithm not permitted by the policy.");
                    }
                } else if (!OIDs.rsaEncryptionOAEP.equals(aSN1ObjectIdentifier)) {
                    throw new VaultException("Vault:wrap(byte[], X509Certificate, AlgorithmIdentifier) - Wrapping algorithm not permitted by the policy.");
                }
                Cipher d = d(aSN1ObjectIdentifier);
                d.init(1, publicKey, this.m);
                return d.doFinal(bArr);
            } catch (Exception e) {
                throw new VaultException("Vault.wrap(byte[], X509Certificate, AlgorithmIdentifier)", e);
            }
        } catch (XMLPolicyException e2) {
            throw new VaultException("Vault.wrap(byte[], X509Certificate, AlgorithmIdentifier)", e2);
        }
    }

    public byte[] wrapKey(SecretKey secretKey, X509Certificate x509Certificate, ASN1ObjectIdentifier aSN1ObjectIdentifier) throws VaultException, PKIProviderException, CertificateException {
        if (x509Certificate == null) {
            KeyUsage keyUsage = new KeyUsage();
            keyUsage.setField(2, true);
            x509Certificate = getCertificate(keyUsage);
            if (x509Certificate == null) {
                throw new VaultException("Vault.wrapKey() - Could not find a keycipher usage certificate.");
            }
        }
        boolean[] keyUsage2 = x509Certificate.getKeyUsage();
        if (keyUsage2 != null && !keyUsage2[2]) {
            throw new VaultException("Vault.wrapKey() - Cant use a non keyEncipherment usage cert for a key wrap operation");
        }
        checkCertificate(x509Certificate);
        if (!secretKey.getClass().getName().equalsIgnoreCase("com.baltimore.pkcs11.provider.PKCS11_SecretKeySpec")) {
            return wrap(secretKey.getEncoded(), x509Certificate, aSN1ObjectIdentifier);
        }
        try {
            return new JCRYPTO_PKCS11_RSAKeyWrapper().wrapKey(x509Certificate.getPublicKey(), secretKey);
        } catch (Exception e) {
            throw new VaultException("Vault.wrapKey()", e);
        }
    }
}
