package com.logica.security.device;

import com.baltimore.jcrypto.utils.Buffer;
import com.baltimore.jcrypto.utils.Utils;
import com.baltimore.jpkiplus.exception.EncodingException;
import com.baltimore.jpkiplus.exception.IncorrectPassphraseException;
import com.baltimore.jpkiplus.pkcs12.PFX;
import com.baltimore.jpkiplus.pse.KeyCertPair;
import com.baltimore.jpkiplus.pse.PSEFactory;
import com.baltimore.jpkiplus.pse.v3.PSE;
import com.baltimore.jpkiplus.pse.v3.PSEKeyPair;
import com.logica.apps.ivs.client.manager.PKIMgrConstants;
import com.logica.apps.ivs.client.manager.PKIMgrError;
import com.logica.asn1.nist.NISTObjectIdentifiers;
import com.logica.asn1.pkcs.PKCSObjectIdentifiers;
import com.logica.asn1.x509.X509ObjectIdentifiers;
import com.logica.common.logging.LLogger;
import com.logica.common.logging.LLoggerFactory;
import com.logica.common.util.LUtils;
import com.logica.security.pkcs11.provider.signatureEngines.p11RSA_Signature;
import java.io.IOException;
import java.security.KeyFactory;
import java.security.MessageDigest;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Signature;
import java.security.cert.X509Certificate;
import java.security.spec.X509EncodedKeySpec;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: input_file:com/logica/security/device/BaltPFXDevice.class */
public class BaltPFXDevice extends PrivateKeyCryptoDevice {
    public static final int E_INVALID_KP_POSITION = 10;
    protected PrivateKey privateKey;
    protected X509Certificate signCert;
    protected X509Certificate[] certChain;
    protected static SecureRandom rand;
    private static final LLogger logger;
    static Class class$com$logica$security$device$BaltPFXDevice;

    public void setVaultInfo(String str, String str2) throws Exception {
        setVaultInfo(str, str2, 0);
    }

    public void setVaultInfo(String str, String str2, int i) throws Exception {
        if (!str.endsWith(".pse")) {
            try {
                PFX pfx = new PFX(new Buffer(str2), LUtils.loadMessage(str));
                PrivateKey[] privateKeys = pfx.getPrivateKeys();
                if (i >= privateKeys.length || i < 0) {
                    throw new CryptoDevException("invalid keypair/certificate position in store", 10);
                }
                this.certChain = pfx.getCertificateChain(privateKeys[i]).getCertificates();
                this.signCert = pfx.getCertificate(privateKeys[i]);
                this.privateKey = privateKeys[i];
                return;
            } catch (CryptoDevException e) {
                throw e;
            } catch (IOException e2) {
                throw new CryptoDevException(new StringBuffer().append("There was problem reading PKCS#12 file. Check filename. (").append(e2).append(").").toString(), 1);
            } catch (Exception e3) {
                logger.logApp(1, "PFX open failed", e3);
                throw new CryptoDevException(new StringBuffer().append("There was problem reading PKCS#12 file. Check password. (").append(e3).append(").").toString(), 2);
            }
        }
        try {
            KeyCertPair[] keyPairs = PSEFactory.openPSE(Utils.loadMessage(str), str2).getKeyPairs();
            if (i >= keyPairs.length || i < 0) {
                throw new CryptoDevException("invalid keypair/certificate position in store", 10);
            }
            KeyCertPair keyCertPair = keyPairs[i];
            this.certChain = keyCertPair.getCertificateChain().getCertificates();
            this.signCert = keyCertPair.getCertificateChain().getCertificate();
            this.privateKey = KeyFactory.getInstance(this.signCert.getPublicKey().getAlgorithm()).generatePrivate(new X509EncodedKeySpec(keyCertPair.getPrivateKey().getEncoded()));
        } catch (EncodingException e4) {
            try {
                PSE pse = new PSE(new Buffer(str2), Utils.loadMessage(str));
                if (i >= pse.getNumberOfKeyPairs() || i < 0) {
                    throw new CryptoDevException("invalid keypair/certificate position in store", 10);
                }
                PSEKeyPair keyPair = pse.getKeyPair(i);
                this.certChain = pse.getCertChain().getCertificates();
                this.signCert = (X509Certificate) keyPair.getCertificate();
                this.privateKey = KeyFactory.getInstance(this.signCert.getPublicKey().getAlgorithm()).generatePrivate(new X509EncodedKeySpec(keyPair.getSecret()));
            } catch (CryptoDevException e5) {
                throw e5;
            } catch (Exception e6) {
                logger.logApp(1, "PSE open failed", e6);
                throw new IncorrectPassphraseException(e6.toString());
            }
        } catch (CryptoDevException e7) {
            throw e7;
        } catch (IOException e8) {
            throw new CryptoDevException(new StringBuffer().append("There was problem reading PSE file. Check filename. (").append(e8).append(").").toString(), 1);
        } catch (Exception e9) {
            logger.logApp(1, "PSE open failed", e9);
            throw new CryptoDevException(new StringBuffer().append("There was problem reading PSE file. Check password. (").append(e9).append(").").toString(), 2);
        }
    }

    @Override // com.logica.security.device.CryptoDevice
    public byte[] signData(byte[] bArr, String str) throws Exception {
        try {
            Signature signature = PKCSObjectIdentifiers.sha1WithRSAEncryption.getId().equals(str) ? Signature.getInstance("SHA1withRSA", PKIMgrConstants.PKIMGR_SECURITY_PROVIDER) : PKCSObjectIdentifiers.md5WithRSAEncryption.getId().equals(str) ? Signature.getInstance("MD5withRSA", PKIMgrConstants.PKIMGR_SECURITY_PROVIDER) : PKCSObjectIdentifiers.md2WithRSAEncryption.getId().equals(str) ? Signature.getInstance("MD2withRSA", PKIMgrConstants.PKIMGR_SECURITY_PROVIDER) : X509ObjectIdentifiers.ripemd160WithRSAEncryption.getId().equals(str) ? Signature.getInstance("RIPEMD160withRSA", PKIMgrConstants.PKIMGR_SECURITY_PROVIDER) : PKCSObjectIdentifiers.sha256WithRSAEncryption.getId().equals(str) ? Signature.getInstance(p11RSA_Signature.SHA256WITHRSA, PKIMgrConstants.PKIMGR_SECURITY_PROVIDER) : PKCSObjectIdentifiers.sha384WithRSAEncryption.getId().equals(str) ? Signature.getInstance("SHA384withRSA", PKIMgrConstants.PKIMGR_SECURITY_PROVIDER) : PKCSObjectIdentifiers.sha512WithRSAEncryption.getId().equals(str) ? Signature.getInstance(p11RSA_Signature.SHA512WITHRSA, PKIMgrConstants.PKIMGR_SECURITY_PROVIDER) : Signature.getInstance(str, PKIMgrConstants.PKIMGR_SECURITY_PROVIDER);
            signature.initSign(this.privateKey);
            signature.update(bArr);
            return signature.sign();
        } catch (Exception e) {
            logger.logApp(1, "signData() failed", e);
            throw new CryptoDevException(e.getMessage());
        }
    }

    @Override // com.logica.security.device.CryptoDevice
    public boolean verifyData(byte[] bArr, PublicKey publicKey, byte[] bArr2, String str) throws Exception {
        try {
            Signature signature = PKCSObjectIdentifiers.sha1WithRSAEncryption.getId().equals(str) ? Signature.getInstance("SHA1withRSA", PKIMgrConstants.PKIMGR_SECURITY_PROVIDER) : PKCSObjectIdentifiers.md5WithRSAEncryption.getId().equals(str) ? Signature.getInstance("MD5withRSA", PKIMgrConstants.PKIMGR_SECURITY_PROVIDER) : PKCSObjectIdentifiers.md2WithRSAEncryption.getId().equals(str) ? Signature.getInstance("MD2withRSA", PKIMgrConstants.PKIMGR_SECURITY_PROVIDER) : X509ObjectIdentifiers.ripemd160WithRSAEncryption.getId().equals(str) ? Signature.getInstance("RIPEMD160withRSA", PKIMgrConstants.PKIMGR_SECURITY_PROVIDER) : PKCSObjectIdentifiers.sha256WithRSAEncryption.getId().equals(str) ? Signature.getInstance(p11RSA_Signature.SHA256WITHRSA, PKIMgrConstants.PKIMGR_SECURITY_PROVIDER) : PKCSObjectIdentifiers.sha384WithRSAEncryption.getId().equals(str) ? Signature.getInstance("SHA384withRSA", PKIMgrConstants.PKIMGR_SECURITY_PROVIDER) : PKCSObjectIdentifiers.sha512WithRSAEncryption.getId().equals(str) ? Signature.getInstance(p11RSA_Signature.SHA512WITHRSA, PKIMgrConstants.PKIMGR_SECURITY_PROVIDER) : Signature.getInstance(str, PKIMgrConstants.PKIMGR_SECURITY_PROVIDER);
            signature.initVerify(publicKey);
            signature.update(bArr);
            return signature.verify(bArr2);
        } catch (Exception e) {
            logger.logApp(1, "verifyData() failed", e);
            throw new CryptoDevException(e.getMessage());
        }
    }

    @Override // com.logica.security.device.CryptoDevice
    public byte[] digestData(byte[] bArr, String str) throws Exception {
        try {
            MessageDigest messageDigest = X509ObjectIdentifiers.id_SHA1.getId().equals(str) ? MessageDigest.getInstance("SHA1", PKIMgrConstants.PKIMGR_SECURITY_PROVIDER) : PKCSObjectIdentifiers.md5.getId().equals(str) ? MessageDigest.getInstance("MD5", PKIMgrConstants.PKIMGR_SECURITY_PROVIDER) : PKCSObjectIdentifiers.md2.getId().equals(str) ? MessageDigest.getInstance("MD2", PKIMgrConstants.PKIMGR_SECURITY_PROVIDER) : X509ObjectIdentifiers.ripemd160.getId().equals(str) ? MessageDigest.getInstance("RIPEMD160", PKIMgrConstants.PKIMGR_SECURITY_PROVIDER) : NISTObjectIdentifiers.id_sha256.getId().equals(str) ? MessageDigest.getInstance("SHA-256", PKIMgrConstants.PKIMGR_SECURITY_PROVIDER) : NISTObjectIdentifiers.id_sha384.getId().equals(str) ? MessageDigest.getInstance("SHA-384", PKIMgrConstants.PKIMGR_SECURITY_PROVIDER) : NISTObjectIdentifiers.id_sha512.getId().equals(str) ? MessageDigest.getInstance("SHA-512", PKIMgrConstants.PKIMGR_SECURITY_PROVIDER) : MessageDigest.getInstance(str, PKIMgrConstants.PKIMGR_SECURITY_PROVIDER);
            messageDigest.update(bArr);
            return messageDigest.digest();
        } catch (Exception e) {
            logger.logApp(1, "digestData() failed", e);
            throw new CryptoDevException(e.getMessage());
        }
    }

    @Override // com.logica.security.device.CryptoDevice
    public byte[] generateIV() throws Exception {
        return generateIV(null);
    }

    @Override // com.logica.security.device.CryptoDevice
    public byte[] generateIV(String str) throws CryptoDevException {
        if (rand == null) {
            throw new IllegalStateException("random number generator not initialized for VirtualDevice");
        }
        byte[] bArr = (str == null || !str.startsWith(NISTObjectIdentifiers.aes)) ? new byte[8] : new byte[16];
        rand.nextBytes(bArr);
        return bArr;
    }

    @Override // com.logica.security.device.CryptoDevice
    public byte[] encryptData(SecretKey secretKey, byte[] bArr, byte[] bArr2, String str) throws Exception {
        try {
            Cipher cipher = PKCSObjectIdentifiers.des_EDE3_CBC.getId().equals(str) ? Cipher.getInstance("DESede/CBC/PKCS5Padding", PKIMgrConstants.PKIMGR_SECURITY_PROVIDER) : Cipher.getInstance(str);
            if (bArr == null) {
                throw new Exception("inicialization vector not set");
            }
            cipher.init(1, secretKey, new IvParameterSpec(bArr));
            return cipher.doFinal(bArr2);
        } catch (Exception e) {
            logger.logApp(1, "encryptData() failed", e);
            throw new CryptoDevException(e.getMessage());
        }
    }

    @Override // com.logica.security.device.CryptoDevice
    public byte[] decryptData(byte[] bArr, byte[] bArr2, byte[] bArr3, String str) throws Exception {
        Cipher cipher;
        SecretKeySpec secretKeySpec;
        try {
            if (PKCSObjectIdentifiers.des_EDE3_CBC.getId().equals(str)) {
                cipher = Cipher.getInstance("DESede/CBC/PKCS5Padding", PKIMgrConstants.PKIMGR_SECURITY_PROVIDER);
                secretKeySpec = new SecretKeySpec(bArr, "DESede");
            } else if (PKCSObjectIdentifiers.idea_CBC.getId().equals(str)) {
                cipher = Cipher.getInstance("IDEA");
                secretKeySpec = new SecretKeySpec(bArr, "IDEA");
            } else {
                cipher = Cipher.getInstance(str);
                secretKeySpec = new SecretKeySpec(bArr, str);
            }
            if (bArr2 == null) {
                throw new IllegalArgumentException("inicialization vector not set");
            }
            cipher.init(2, secretKeySpec, new IvParameterSpec(bArr2));
            return cipher.doFinal(bArr3);
        } catch (Exception e) {
            logger.logApp(1, "decryptData() failed", e);
            throw new CryptoDevException(e.getMessage());
        }
    }

    @Override // com.logica.security.device.CryptoDevice
    public byte[] wrapKey(SecretKey secretKey, PublicKey publicKey, String str) throws Exception {
        try {
            Cipher cipher = PKCSObjectIdentifiers.rsaEncryption.getId().equals(str) ? Cipher.getInstance("RSA", PKIMgrConstants.PKIMGR_SECURITY_PROVIDER) : Cipher.getInstance(str);
            cipher.init(1, publicKey);
            return cipher.doFinal(secretKey.getEncoded());
        } catch (Exception e) {
            logger.logApp(1, "wrapKey() failed", e);
            throw new CryptoDevException(e.getMessage());
        }
    }

    @Override // com.logica.security.device.CryptoDevice
    public byte[] unwrapKey(byte[] bArr, String str) throws Exception {
        try {
            Cipher cipher = PKCSObjectIdentifiers.rsaEncryption.getId().equals(str) ? Cipher.getInstance("RSA", PKIMgrConstants.PKIMGR_SECURITY_PROVIDER) : Cipher.getInstance(str, PKIMgrConstants.PKIMGR_SECURITY_PROVIDER);
            cipher.init(2, this.privateKey);
            return cipher.doFinal(bArr);
        } catch (Exception e) {
            logger.logApp(1, "unwrapKey() failed", e);
            throw new CryptoDevException(e.getMessage());
        }
    }

    @Override // com.logica.security.device.PrivateKeyCryptoDevice
    public PrivateKey getPrivateKey() {
        return this.privateKey;
    }

    @Override // com.logica.security.device.CryptoDevice
    public X509Certificate getCert() {
        return this.signCert;
    }

    @Override // com.logica.security.device.CryptoDevice
    public X509Certificate[] getCertChain() {
        return this.certChain;
    }

    @Override // com.logica.security.device.CryptoDevice
    public void close() throws Exception {
        this.privateKey = null;
        this.signCert = null;
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static {
        Class cls;
        if (class$com$logica$security$device$BaltPFXDevice == null) {
            cls = class$("com.logica.security.device.BaltPFXDevice");
            class$com$logica$security$device$BaltPFXDevice = cls;
        } else {
            cls = class$com$logica$security$device$BaltPFXDevice;
        }
        logger = LLoggerFactory.getLogger(cls);
        try {
            rand = SecureRandom.getInstance("BBS");
            rand.setSeed(new String(new StringBuffer().append(PKIMgrError.NO_ERROR_MESSAGE).append(System.currentTimeMillis()).append(rand).toString()).getBytes());
        } catch (Exception e) {
            logger.logApp(1, "static initializer failed", e);
            rand = null;
        }
    }
}
