package com.logica.security.device;

import com.logica.apps.ivs.client.manager.PKIMgrError;
import com.logica.asn1.DERConstructedSequence;
import com.logica.asn1.DEROctetString;
import com.logica.asn1.DEROutputStream;
import com.logica.asn1.nist.NISTObjectIdentifiers;
import com.logica.asn1.pkcs.PKCSObjectIdentifiers;
import com.logica.asn1.x509.AlgorithmIdentifier;
import com.logica.asn1.x509.X509ObjectIdentifiers;
import com.logica.common.logging.LLogger;
import com.logica.common.logging.LLoggerFactory;
import com.logica.security.device.CertIDCryptoDevice;
import com.logica.security.pkcs11.ckCore.ckSession;
import com.logica.security.pkcs11.exceptions.ckException;
import com.logica.security.pkcs11.exceptions.p11Exception;
import com.logica.security.pkcs11.objects.ckObject;
import com.logica.security.pkcs11.objects.ckRSAPrivateKey;
import com.logica.security.pkcs11.parameter.ckPINPolicyParameter;
import com.logica.security.pkcs11.provider.LCPROVIDER_PKCS11;
import com.logica.security.pkcs11.provider.dataprovider.CertificateProvider;
import com.logica.security.pkcs11.provider.dataprovider.KeyProvider;
import com.logica.security.pkcs11.provider.keys.p11RSA_PrivateKeyHolder;
import com.logica.security.pkcs11.provider.p11Session;
import com.logica.security.pkcs11.query.ckMechanism;
import com.logica.security.pkcs11.query.ckMechanismInfo;
import com.logica.security.pkcs11.templates.ckObjectTemplate;
import com.logica.security.pkcs11.templates.ckRSAPrivateKeyTemplate;
import com.logica.security.util.X509Utils;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.SignatureException;
import java.security.cert.X509Certificate;

/* loaded from: input_file:com/logica/security/device/PKCS11Device.class */
public class PKCS11Device extends CertIDCryptoDevice {
    private PrivateKey m_privateKey;
    private X509Certificate m_certificate;
    private String m_szPkcs11DllName;
    private String m_szPkcs11PIN;
    private String m_szCertID;
    private String m_szLabel;
    public static final String SHA256WITHRSA_OID = PKCSObjectIdentifiers.sha256WithRSAEncryption.getId();
    public static final String SHA384WITHRSA_OID = PKCSObjectIdentifiers.sha384WithRSAEncryption.getId();
    public static final String SHA512WITHRSA_OID = PKCSObjectIdentifiers.sha512WithRSAEncryption.getId();
    public static final String SHAWITHRSA_OID = PKCSObjectIdentifiers.sha1WithRSAEncryption.getId();
    public static final String MD5WITHRSA_OID = PKCSObjectIdentifiers.md5WithRSAEncryption.getId();
    public static final String RIPEMD160WITHRSA_OID = X509ObjectIdentifiers.ripemd160WithRSAEncryption.getId();
    public static final int E_INCORRECT_PIN = 3;
    public static final int E_NOT_ACCEPTABLE_CERTID = 4;
    public static final int E_NOT_ACCEPTABLE_PRIV_KEY = 5;
    public static final int E_NOT_ACCEPTABLE_LABEL = 6;
    private static SecureRandom rand;
    private static final LLogger logger;
    static Class class$com$logica$security$device$PKCS11Device;
    private boolean m_AllowNullCert = false;
    private p11Session m_session = null;
    LCPROVIDER_PKCS11 m_jPkcs11 = null;
    private int m_ckMech = -1;
    private ckRSAPrivateKey m_rsaPrivateKey = null;
    private byte[] m_PrivateKeyID = null;
    private int m_nSlot = 0;
    private String m_szSecurityProvider = "BC";
    private boolean m_bWysiwysMode = false;
    private boolean m_bConfirmPIN = false;
    private String m_locale = "cz";
    private int m_dlgTimeout = 0;
    private String m_dlgStyle = "corp";
    private boolean m_cryptoPlusSupport = false;
    private boolean m_bBatchOper = false;
    private byte[] m_pinPolicyBytes = null;

    public void setVaultInfo(String str, String str2, int i, String str3) throws Exception {
        this.m_szPkcs11DllName = str;
        this.m_szPkcs11PIN = str2;
        this.m_nSlot = i;
        this.m_szCertID = str3;
        try {
            open();
            findCertAndKey();
            mapKey();
        } catch (CryptoDevException e) {
            int errorCode = e.getErrorCode();
            if (errorCode == 0) {
                errorCode = 2;
            }
            throw new CryptoDevException(e.getMessage(), errorCode);
        }
    }

    public void setVaultInfoByLabel(String str, String str2, int i, String str3) throws Exception {
        this.m_szPkcs11DllName = str;
        this.m_szPkcs11PIN = str2;
        this.m_nSlot = i;
        this.m_szLabel = str3;
        try {
            open();
            findLabelAndKey();
            mapKey();
        } catch (CryptoDevException e) {
            int errorCode = e.getErrorCode();
            if (errorCode == 0) {
                errorCode = 2;
            }
            throw new CryptoDevException(e.getMessage(), errorCode);
        }
    }

    public void setVaultInfo(String str, String str2, int i, byte[] bArr) throws Exception {
        this.m_szPkcs11DllName = str;
        this.m_szPkcs11PIN = str2;
        this.m_nSlot = i;
        this.m_PrivateKeyID = bArr;
        try {
            open();
            findPrivateKey();
            mapKey();
        } catch (CryptoDevException e) {
            int errorCode = e.getErrorCode();
            if (errorCode == 0) {
                errorCode = 2;
            }
            throw new CryptoDevException(e.getMessage(), errorCode);
        }
    }

    public void setSecurityProvider(String str) {
        this.m_szSecurityProvider = str;
    }

    private void open() throws CryptoDevException {
        try {
            logger.logApp(2, "*** Smart Card Logon ***", null);
            File file = new File(this.m_szPkcs11DllName);
            if (!file.exists()) {
                throw new CryptoDevException(new StringBuffer().append("Invalid DLL location: ").append(this.m_szPkcs11DllName).toString(), 1);
            }
            this.m_jPkcs11 = LCPROVIDER_PKCS11.getInstance(false);
            if (this.m_jPkcs11 == null) {
                throw new CryptoDevException("Critical: smart card libraries have not been correctly initialized.", 1);
            }
            this.m_session = this.m_jPkcs11.startSession(file.toString(), this.m_nSlot);
            this.m_session.openSession();
            try {
                if (isCryptoPlusSupport()) {
                    logger.logApp(1, "CryptoPlus support ON - going to run setConfirmPIN etc.", null);
                    this.m_session.setConfirmPIN(this.m_bConfirmPIN);
                    this.m_session.setLocale(this.m_locale);
                    this.m_session.setDlgStyle(this.m_dlgStyle);
                    this.m_session.setDlgTimeout(this.m_dlgTimeout);
                } else {
                    logger.logApp(1, "CryptoPlus support OFF", null);
                }
                this.m_session.login(this.m_szPkcs11PIN, false);
                logger.logApp(2, "Logged in OK", null);
            } catch (Exception e) {
                try {
                    this.m_jPkcs11.terminateSession(this.m_session);
                    this.m_session = null;
                } catch (Exception e2) {
                    logger.logApp(4, "Terminal session failed, proceeding.", e2);
                }
                int i = 3;
                if (e instanceof p11Exception) {
                    i = ((p11Exception) e).getCkErrorCode();
                } else if (e instanceof ckException) {
                    i = ((ckException) e).getErrorCode();
                }
                throw new CryptoDevException(new StringBuffer().append("Failed to log on to the smart card. Check your DLL, slot and PIN. ").append(e.getMessage()).toString(), i);
            }
        } catch (Exception e3) {
            if (e3 instanceof CryptoDevException) {
                throw new CryptoDevException(((CryptoDevException) e3).getMessage(), ((CryptoDevException) e3).getErrorCode());
            }
            if (!(e3 instanceof p11Exception)) {
                throw new CryptoDevException(e3.getMessage());
            }
            throw new CryptoDevException(((p11Exception) e3).getCkErrorMessage());
        }
    }

    private void mapKey() throws CryptoDevException {
        try {
            ckSession cksession = this.m_session.getckSession();
            if (!(this.m_privateKey instanceof p11RSA_PrivateKeyHolder)) {
                throw new InvalidKeyException("Need a H/W Key");
            }
            try {
                ckRSAPrivateKeyTemplate ckrsaprivatekeytemplate = new ckRSAPrivateKeyTemplate(false);
                ckrsaprivatekeytemplate.addSign(true);
                ckrsaprivatekeytemplate.addID(new byte[0]);
                cksession.findInit(new ckObjectTemplate());
                while (true) {
                    ckObject findNext = cksession.findNext();
                    if (findNext != null) {
                        if (findNext instanceof ckRSAPrivateKey) {
                            findNext.getAttributes(ckrsaprivatekeytemplate);
                            if (ckrsaprivatekeytemplate.getSign() && MessageDigest.isEqual(ckrsaprivatekeytemplate.getID(), this.m_privateKey.getEncoded())) {
                                this.m_rsaPrivateKey = (ckRSAPrivateKey) findNext;
                                break;
                            }
                        }
                    } else {
                        break;
                    }
                }
                cksession.findFinal();
            } catch (ckException e) {
                e.printStackTrace();
            }
            if (this.m_rsaPrivateKey == null) {
                throw new InvalidKeyException("Passed key does not match any found on device");
            }
        } catch (Exception e2) {
            e2.printStackTrace();
            throw new CryptoDevException(e2.getMessage());
        }
    }

    @Override // com.logica.security.device.CryptoDevice
    public void close() throws Exception {
        logger.logApp(2, "Disconnecting from the device", null);
        try {
            if (this.m_session != null) {
                if (this.m_session.isLoggedIn()) {
                    this.m_session.logout();
                }
                if (this.m_session.hasOpenSession()) {
                    this.m_session.closeSession();
                }
                this.m_jPkcs11.finishSession(this.m_session);
                this.m_session = null;
            }
        } catch (p11Exception e) {
            throw new CryptoDevException(new StringBuffer().append("Error occurred while logging off the smart card. ").append(e.getCkErrorMessage()).toString());
        }
    }

    private void reconnect() throws Exception {
        logger.logApp(2, "Reconnecting to the device", null);
        open();
        if (this.m_szCertID != null) {
            findCertAndKey();
        } else {
            findPrivateKey();
        }
        mapKey();
    }

    private boolean isValidSession() {
        boolean z = true;
        logger.logApp(2, "Checking the session validity", null);
        try {
            this.m_session.getCertificateProvider().refresh();
        } catch (Exception e) {
            logger.logApp(3, "Error while checking the active session, switching to a logoff state.", null);
            z = false;
            this.m_session = null;
        }
        return z;
    }

    public void setWysiwysMode(boolean z) throws p11Exception {
        this.m_bWysiwysMode = z;
        if (this.m_session.getMechanismInfo().isSupported(ckMechanismInfo.CKM_WYSIWYS_S_SHA1_RSA_PKCS) && this.m_session.getMechanismInfo().isSupported(ckMechanismInfo.CKM_WYSIWYS_B_SHA1_RSA_PKCS) && this.m_session.getMechanismInfo().isSupported(ckMechanismInfo.CKM_WYSIWYS_S_SHA256_RSA_PKCS) && this.m_session.getMechanismInfo().isSupported(ckMechanismInfo.CKM_WYSIWYS_B_SHA256_RSA_PKCS)) {
            return;
        }
        logger.logApp(4, "WARNING: At least one of the CKM_WYSIWYS_* mechanisms is unsupported!", null);
    }

    public boolean isWysiwysMode() {
        return this.m_bWysiwysMode;
    }

    public void setPinPolicyBytes(byte[] bArr) {
        this.m_pinPolicyBytes = bArr;
    }

    public void clearPINPolicy() {
        this.m_pinPolicyBytes = null;
    }

    public void setConfirmPIN(boolean z) {
        if (!isCryptoPlusSupport()) {
            logger.logApp(4, "Warning: CryptoPlus support OFF, but setConfirmPIN invoked. Programming error?", null);
        }
        this.m_bConfirmPIN = z;
        this.m_session.setConfirmPIN(z);
    }

    public boolean isConfirmPIN() {
        return this.m_bConfirmPIN;
    }

    public void setCryptoPlusSupport(boolean z) {
        LLogger lLogger = logger;
        Object[] objArr = new Object[1];
        objArr[0] = z ? "true" : "false";
        lLogger.logApp(1, String.format("Switching CryptoPlus support to %s", objArr), null);
        this.m_cryptoPlusSupport = z;
    }

    public boolean isCryptoPlusSupport() {
        return this.m_cryptoPlusSupport;
    }

    public String getLocale() {
        return this.m_locale;
    }

    public void setLocale(String str) {
        if (!isCryptoPlusSupport()) {
            logger.logApp(4, "Warning: CryptoPlus support OFF, but setLocale invoked. Programming error?", null);
        }
        if (!str.equals("cz") && !str.equals("cs") && !str.equals("en") && !str.equals("sk")) {
            throw new IllegalArgumentException(new StringBuffer().append("Wrong locale value - ").append(str).toString());
        }
        this.m_locale = str;
        if (this.m_session != null) {
            this.m_session.setLocale(str);
        }
    }

    public int getDlgTimeout() {
        return this.m_dlgTimeout;
    }

    public void setDlgTimeout(int i) {
        if (!isCryptoPlusSupport()) {
            logger.logApp(4, "Warning: CryptoPlus support OFF, but setDlgTimeout invoked. Programming error?", null);
        }
        if (i != 0 && (i < 30 || i > 60)) {
            throw new IllegalArgumentException(new StringBuffer().append("Wrong timeout value - ").append(i).toString());
        }
        this.m_dlgTimeout = i;
        if (this.m_session != null) {
            this.m_session.setDlgTimeout(i);
        }
    }

    public String getDlgStyle() {
        return this.m_dlgStyle;
    }

    public void setDlgStyle(String str) {
        if (!isCryptoPlusSupport()) {
            logger.logApp(4, "Warning: CryptoPlus support OFF, but setDlgStyle invoked. Programming error?", null);
        }
        if (!str.equals("corp") && !str.equals("dc") && !str.equals("kb") && !str.equals("profi")) {
            throw new IllegalArgumentException(new StringBuffer().append("Wrong dlgStyle value - ").append(str).toString());
        }
        this.m_dlgStyle = str;
        if (this.m_session != null) {
            this.m_session.setDlgStyle(str);
        }
    }

    public void setBatchOper(boolean z) throws p11Exception {
        this.m_bBatchOper = z;
        if (this.m_session.getMechanismInfo().isSupported(ckMechanismInfo.CKM_WYSIWYS_B_SHA1_RSA_PKCS) && this.m_session.getMechanismInfo().isSupported(ckMechanismInfo.CKM_WYSIWYS_B_SHA256_RSA_PKCS)) {
            return;
        }
        logger.logApp(4, "WARNING: At least one of the CKM_WYSIWYS_B_* mechanisms is unsupported!", null);
    }

    public boolean isBatchOper() {
        return this.m_bBatchOper;
    }

    private void mechanismsTest() throws InstantiationException, p11Exception {
        if (!this.m_session.getMechanismInfo().isSupported(1)) {
            logger.logApp(2, "CKM_RSA_PKCS unsupported, trying WYSIWYS mechs", null);
            if (!this.m_session.getMechanismInfo().isSupported(ckMechanismInfo.CKM_WYSIWYS_S_SHA1_RSA_PKCS) && !this.m_session.getMechanismInfo().isSupported(ckMechanismInfo.CKM_WYSIWYS_B_SHA1_RSA_PKCS)) {
                throw new InstantiationException("Neither RSA nor CKM_WYSIWYS_* mechanisms are supported !");
            }
            logger.logApp(2, "At least 1 WYSIWYS mechanism is supported, proceeding.", null);
        }
        this.m_ckMech = 1;
    }

    private void findCertAndKey() throws CryptoDevException {
        this.m_privateKey = null;
        this.m_certificate = null;
        try {
            try {
                mechanismsTest();
                KeyProvider keyProvider = this.m_session.getKeyProvider();
                keyProvider.refresh();
                CertificateProvider certificateProvider = this.m_session.getCertificateProvider();
                certificateProvider.refresh();
                logger.logApp(2, new StringBuffer().append("There are ").append(keyProvider.size()).append(" private keys on the smart card").toString(), null);
                CertIDCryptoDevice.CertIdKeyPairFinder<PrivateKey> certIdKeyPairFinder = new CertIDCryptoDevice.CertIdKeyPairFinder<PrivateKey>(this, keyProvider, certificateProvider) { // from class: com.logica.security.device.PKCS11Device.1
                    int i;
                    private final KeyProvider val$keyProvider;
                    private final CertificateProvider val$certProvider;
                    private final PKCS11Device this$0;

                    /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
                    {
                        super(this);
                        this.this$0 = this;
                        this.val$keyProvider = keyProvider;
                        this.val$certProvider = certificateProvider;
                        this.i = 0;
                    }

                    @Override // com.logica.security.device.CryptoDevice.KeyPairFinder
                    public boolean hasNext() {
                        return this.i < this.val$keyProvider.size();
                    }

                    @Override // com.logica.security.device.CryptoDevice.KeyPairFinder
                    public PrivateKey next() {
                        KeyProvider keyProvider2 = this.val$keyProvider;
                        int i = this.i;
                        this.i = i + 1;
                        return keyProvider2.getPrivateKeyAt(i);
                    }

                    public X509Certificate matcher(PrivateKey privateKey) throws Exception {
                        byte[] certificateForPrivateKey = this.val$certProvider.getCertificateForPrivateKey(privateKey);
                        if (certificateForPrivateKey == null || certificateForPrivateKey.length <= 0) {
                            PKCS11Device.logger.logApp(1, "skipping container at index ''{0}'', no certificate", new Object[]{String.valueOf(this.i - 1)}, null);
                            return null;
                        }
                        try {
                            X509Certificate buildX509Certificate = X509Utils.buildX509Certificate(certificateForPrivateKey, this.this$0.m_szSecurityProvider);
                            String matchCertId = this.this$0.matchCertId(this.this$0.m_szCertID, buildX509Certificate);
                            if (matchCertId != null) {
                                PKCS11Device.logger.logApp(2, new StringBuffer().append("Found certificate ID: ").append(matchCertId).toString(), null);
                                return buildX509Certificate;
                            }
                            PKCS11Device.logger.logApp(2, "Skipping key with certificate ID - ''{0}''", new Object[]{CertIDCryptoDevice.getCertId(buildX509Certificate)}, null);
                            return null;
                        } catch (Exception e) {
                            throw new InstantiationException(e.getMessage());
                        }
                    }

                    @Override // com.logica.security.device.CryptoDevice.KeyPairFinder
                    public X509Certificate matcher(Object obj) throws Exception {
                        return matcher((PrivateKey) obj);
                    }

                    @Override // com.logica.security.device.CryptoDevice.KeyPairFinder
                    public Object next() {
                        return next();
                    }
                };
                PrivateKey privateKey = (PrivateKey) findKeyPair(certIdKeyPairFinder);
                if (privateKey != null) {
                    this.m_privateKey = privateKey;
                    this.m_PrivateKeyID = privateKey.getEncoded();
                    this.m_certificate = certIdKeyPairFinder.getMatcher();
                }
                if (this.m_privateKey == null || this.m_certificate == null) {
                    throw new CryptoDevException(new StringBuffer().append("No private key found for certificate ID : ").append(this.m_szCertID).toString(), 4);
                }
            } catch (Exception e) {
                throw new InstantiationException(e.getMessage());
            }
        } catch (Exception e2) {
            if (!(e2 instanceof p11Exception)) {
                throw new CryptoDevException(e2.getMessage());
            }
            throw new CryptoDevException(((p11Exception) e2).getCkErrorMessage());
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:11:0x007d, code lost:
    
        r5.m_privateKey = r0;
        r0 = r0.getCertificateForPrivateKey(r0);
     */
    /* JADX WARN: Code restructure failed: missing block: B:12:0x008d, code lost:
    
        if (r0 == null) goto L20;
     */
    /* JADX WARN: Code restructure failed: missing block: B:14:0x0093, code lost:
    
        if (r0.length <= 0) goto L20;
     */
    /* JADX WARN: Code restructure failed: missing block: B:16:0x0096, code lost:
    
        r5.m_certificate = com.logica.security.util.X509Utils.buildX509Certificate(r0, r5.m_szSecurityProvider);
     */
    /* JADX WARN: Code restructure failed: missing block: B:19:0x00f6, code lost:
    
        if (r5.m_AllowNullCert != false) goto L41;
     */
    /* JADX WARN: Code restructure failed: missing block: B:21:0x00fd, code lost:
    
        if (r5.m_privateKey == null) goto L39;
     */
    /* JADX WARN: Code restructure failed: missing block: B:23:0x0104, code lost:
    
        if (r5.m_certificate != null) goto L48;
     */
    /* JADX WARN: Code restructure failed: missing block: B:24:?, code lost:
    
        return;
     */
    /* JADX WARN: Code restructure failed: missing block: B:27:0x0111, code lost:
    
        throw new com.logica.security.device.CryptoDevException("No certificate found for private key", 5);
     */
    /* JADX WARN: Code restructure failed: missing block: B:28:0x0112, code lost:
    
        return;
     */
    /* JADX WARN: Code restructure failed: missing block: B:30:0x00a6, code lost:
    
        r11 = move-exception;
     */
    /* JADX WARN: Code restructure failed: missing block: B:32:0x00b4, code lost:
    
        throw new java.lang.InstantiationException(r11.getMessage());
     */
    /* JADX WARN: Code restructure failed: missing block: B:34:0x00b9, code lost:
    
        if (r5.m_AllowNullCert != false) goto L25;
     */
    /* JADX WARN: Code restructure failed: missing block: B:36:0x00c5, code lost:
    
        throw new java.lang.InstantiationException("NO certificate found for existing private key");
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private void findPrivateKey() throws com.logica.security.device.CryptoDevException {
        /*
            Method dump skipped, instructions count: 275
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.logica.security.device.PKCS11Device.findPrivateKey():void");
    }

    /* JADX WARN: Code restructure failed: missing block: B:11:0x007b, code lost:
    
        r5.m_privateKey = r0;
        r0 = r0.getCertificateForPrivateKey(r0);
     */
    /* JADX WARN: Code restructure failed: missing block: B:12:0x008b, code lost:
    
        if (r0 == null) goto L20;
     */
    /* JADX WARN: Code restructure failed: missing block: B:14:0x0091, code lost:
    
        if (r0.length <= 0) goto L20;
     */
    /* JADX WARN: Code restructure failed: missing block: B:16:0x0094, code lost:
    
        r5.m_certificate = com.logica.security.util.X509Utils.buildX509Certificate(r0, r5.m_szSecurityProvider);
     */
    /* JADX WARN: Code restructure failed: missing block: B:19:0x00f4, code lost:
    
        if (r5.m_AllowNullCert != false) goto L41;
     */
    /* JADX WARN: Code restructure failed: missing block: B:21:0x00fb, code lost:
    
        if (r5.m_privateKey == null) goto L39;
     */
    /* JADX WARN: Code restructure failed: missing block: B:23:0x0102, code lost:
    
        if (r5.m_certificate != null) goto L48;
     */
    /* JADX WARN: Code restructure failed: missing block: B:24:?, code lost:
    
        return;
     */
    /* JADX WARN: Code restructure failed: missing block: B:27:0x0124, code lost:
    
        throw new com.logica.security.device.CryptoDevException(new java.lang.StringBuffer().append("No private key and certificate found for label : ").append(r5.m_szLabel).toString(), 6);
     */
    /* JADX WARN: Code restructure failed: missing block: B:28:0x0125, code lost:
    
        return;
     */
    /* JADX WARN: Code restructure failed: missing block: B:30:0x00a4, code lost:
    
        r11 = move-exception;
     */
    /* JADX WARN: Code restructure failed: missing block: B:32:0x00b2, code lost:
    
        throw new java.lang.InstantiationException(r11.getMessage());
     */
    /* JADX WARN: Code restructure failed: missing block: B:34:0x00b7, code lost:
    
        if (r5.m_AllowNullCert != false) goto L25;
     */
    /* JADX WARN: Code restructure failed: missing block: B:36:0x00c3, code lost:
    
        throw new java.lang.InstantiationException("NO certificate found for existing private key");
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private void findLabelAndKey() throws com.logica.security.device.CryptoDevException {
        /*
            Method dump skipped, instructions count: 294
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.logica.security.device.PKCS11Device.findLabelAndKey():void");
    }

    @Override // com.logica.security.device.CryptoDevice
    public byte[] generateIV() throws Exception {
        return generateIV(null);
    }

    @Override // com.logica.security.device.CryptoDevice
    public byte[] generateIV(String str) throws CryptoDevException {
        if (rand == null) {
            throw new IllegalStateException("random number generator not initialized for VirtualDevice");
        }
        byte[] bArr = (str == null || !str.startsWith(NISTObjectIdentifiers.aes)) ? new byte[8] : new byte[16];
        rand.nextBytes(bArr);
        return bArr;
    }

    private MessageDigest prepareMessageDigest(String str) throws SignatureException {
        MessageDigest messageDigest;
        if (str.equals(SHAWITHRSA_OID)) {
            try {
                messageDigest = MessageDigest.getInstance("SHA1", this.m_szSecurityProvider);
            } catch (NoSuchAlgorithmException e) {
                throw new SignatureException("SHA1 could not be found");
            } catch (NoSuchProviderException e2) {
                throw new SignatureException("SHA1 could not be found");
            }
        } else if (str.equals(MD5WITHRSA_OID)) {
            try {
                messageDigest = MessageDigest.getInstance("MD5", this.m_szSecurityProvider);
            } catch (NoSuchAlgorithmException e3) {
                throw new SignatureException("MD5 could not be found");
            } catch (NoSuchProviderException e4) {
                throw new SignatureException("MD5 could not be found");
            }
        } else if (str.equals(RIPEMD160WITHRSA_OID)) {
            try {
                messageDigest = MessageDigest.getInstance("RIPEMD160", this.m_szSecurityProvider);
            } catch (NoSuchAlgorithmException e5) {
                throw new SignatureException("RIPEMD160 could not be found");
            } catch (NoSuchProviderException e6) {
                throw new SignatureException("RIPEMD160 could not be found");
            }
        } else if (str.equals(SHA256WITHRSA_OID)) {
            try {
                messageDigest = MessageDigest.getInstance("SHA-256", this.m_szSecurityProvider);
            } catch (NoSuchAlgorithmException e7) {
                throw new SignatureException("SHA256 could not be found");
            } catch (NoSuchProviderException e8) {
                throw new SignatureException("SHA256 could not be found");
            }
        } else if (str.equals(SHA384WITHRSA_OID)) {
            try {
                messageDigest = MessageDigest.getInstance("SHA-384", this.m_szSecurityProvider);
            } catch (NoSuchAlgorithmException e9) {
                throw new SignatureException("SHA384 could not be found");
            } catch (NoSuchProviderException e10) {
                throw new SignatureException("SHA384 could not be found");
            }
        } else if (str.equals(SHA512WITHRSA_OID)) {
            try {
                messageDigest = MessageDigest.getInstance("SHA-512", this.m_szSecurityProvider);
            } catch (NoSuchAlgorithmException e11) {
                throw new SignatureException("SHA512 could not be found");
            } catch (NoSuchProviderException e12) {
                throw new SignatureException("SHA512 could not be found");
            }
        } else {
            messageDigest = null;
        }
        return messageDigest;
    }

    private byte[] digestToDigestInfoBytes(byte[] bArr, String str) throws Exception {
        AlgorithmIdentifier algorithmIdentifier;
        DERConstructedSequence dERConstructedSequence = new DERConstructedSequence();
        DEROctetString dEROctetString = new DEROctetString(bArr);
        if (str.equals(SHAWITHRSA_OID)) {
            algorithmIdentifier = new AlgorithmIdentifier(X509ObjectIdentifiers.id_SHA1, null);
        } else if (str.equals(SHA256WITHRSA_OID)) {
            algorithmIdentifier = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha256, null);
        } else if (str.equals(SHA384WITHRSA_OID)) {
            algorithmIdentifier = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha384, null);
        } else if (str.equals(SHA512WITHRSA_OID)) {
            algorithmIdentifier = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha512, null);
        } else if (str.equals(MD5WITHRSA_OID)) {
            algorithmIdentifier = new AlgorithmIdentifier(PKCSObjectIdentifiers.md5, null);
        } else {
            if (!str.equals(RIPEMD160WITHRSA_OID)) {
                throw new Exception(new StringBuffer().append("Message digest algorithm not supported: ").append(str).toString());
            }
            algorithmIdentifier = new AlgorithmIdentifier(X509ObjectIdentifiers.ripemd160, null);
        }
        dERConstructedSequence.addObject(algorithmIdentifier);
        dERConstructedSequence.addObject(dEROctetString);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        new DEROutputStream(byteArrayOutputStream).writeObject(dERConstructedSequence);
        return byteArrayOutputStream.toByteArray();
    }

    int translateWysiwysSignMechanism(String str, boolean z) {
        if (str.equals(SHAWITHRSA_OID)) {
            return z ? ckMechanismInfo.CKM_WYSIWYS_B_SHA1_RSA_PKCS : ckMechanismInfo.CKM_WYSIWYS_S_SHA1_RSA_PKCS;
        }
        if (str.equals(SHA256WITHRSA_OID)) {
            return z ? ckMechanismInfo.CKM_WYSIWYS_B_SHA256_RSA_PKCS : ckMechanismInfo.CKM_WYSIWYS_S_SHA256_RSA_PKCS;
        }
        if (str.equals(SHA256WITHRSA_OID)) {
            return z ? ckMechanismInfo.CKM_WYSIWYS_B_SHA256_RSA_PKCS : ckMechanismInfo.CKM_WYSIWYS_S_SHA256_RSA_PKCS;
        }
        throw new IllegalStateException(new StringBuffer().append("Unsupported WYSIWYS mechanism - ").append(str).append(". Batch required: ").append(z ? "true" : "false").toString());
    }

    int translatePinPolicyMechanism(String str) {
        if (str.equals(SHAWITHRSA_OID)) {
            return 6;
        }
        if (str.equals(SHA256WITHRSA_OID)) {
            return 64;
        }
        throw new IllegalStateException(new StringBuffer().append("Unsupported PIN policy mechanism - ").append(str).toString());
    }

    @Override // com.logica.security.device.CryptoDevice
    public byte[] signData(byte[] bArr, String str) throws Exception {
        byte[] sign;
        try {
            if (!str.equals(SHAWITHRSA_OID) && !str.equals(SHA256WITHRSA_OID) && !str.equals(SHA384WITHRSA_OID) && !str.equals(SHA512WITHRSA_OID) && !str.equals(MD5WITHRSA_OID) && !str.equals(RIPEMD160WITHRSA_OID)) {
                throw new Exception(new StringBuffer().append("Algorithm not supported. OID: ").append(str).toString());
            }
            if (!isValidSession()) {
                reconnect();
            }
            if (this.m_bWysiwysMode) {
                logger.logApp(2, "WYSIWYS mode, not calculating the message digest", null);
                sign = this.m_rsaPrivateKey.sign(new ckMechanism(translateWysiwysSignMechanism(str, this.m_bBatchOper), null), bArr);
            } else {
                logger.logApp(2, "non-WYSIWYS mode, calculating the message digest", null);
                if (this.m_pinPolicyBytes != null) {
                    sign = this.m_rsaPrivateKey.sign(new ckMechanism(translatePinPolicyMechanism(str), new ckPINPolicyParameter(this.m_pinPolicyBytes)), bArr);
                } else {
                    ckMechanism ckmechanism = new ckMechanism(this.m_ckMech, null);
                    MessageDigest prepareMessageDigest = prepareMessageDigest(str);
                    prepareMessageDigest.update(bArr, 0, bArr.length);
                    sign = this.m_rsaPrivateKey.sign(ckmechanism, digestToDigestInfoBytes(prepareMessageDigest.digest(), str));
                }
            }
            logger.logApp(2, "Signature successful", null);
            return sign;
        } catch (Exception e) {
            if (e instanceof CryptoDevException) {
                throw new CryptoDevException(((CryptoDevException) e).getMessage(), ((CryptoDevException) e).getErrorCode());
            }
            if (e instanceof ckException) {
                throw new CryptoDevException(e.getMessage(), ((ckException) e).getErrorCode());
            }
            throw new CryptoDevException(e.getMessage());
        }
    }

    @Override // com.logica.security.device.CryptoDevice
    public boolean verifyData(byte[] bArr, PublicKey publicKey, byte[] bArr2, String str) throws Exception {
        try {
            return super.verifyData(bArr, publicKey, bArr2, str);
        } catch (Exception e) {
            throw new CryptoDevException(e.getMessage());
        }
    }

    @Override // com.logica.security.device.CryptoDevice
    public X509Certificate getCert() {
        return this.m_certificate;
    }

    public void setCert(X509Certificate x509Certificate) {
        if (this.m_certificate != null) {
            throw new IllegalArgumentException("PKCS11Device: certificate already set");
        }
        this.m_certificate = x509Certificate;
    }

    public void setAllowNullCert(boolean z) {
        this.m_AllowNullCert = z;
    }

    @Override // com.logica.security.device.CryptoDevice
    public byte[] unwrapKey(byte[] bArr, String str) throws Exception {
        try {
            byte[] decrypt = this.m_rsaPrivateKey.decrypt(new ckMechanism(this.m_ckMech, null), bArr);
            logger.logApp(2, "Key successfully unwrapped", null);
            return decrypt;
        } catch (ckException e) {
            throw new CryptoDevException(e.getErrorMsg());
        }
    }

    @Override // com.logica.security.device.CryptoDevice
    public boolean isReady(boolean z) throws CryptoDevException {
        try {
            if (isValidSession()) {
                return true;
            }
            reconnect();
            return true;
        } catch (Exception e) {
            if (!z) {
                logger.logApp(1, new StringBuffer().append("device not ready due to - ").append(e).toString(), e);
                return false;
            }
            if (e instanceof CryptoDevException) {
                throw ((CryptoDevException) e);
            }
            throw new CryptoDevException("unable to reconnect", 1, e);
        }
    }

    @Override // com.logica.security.device.PrivateKeyCryptoDevice
    protected PrivateKey getPrivateKey() {
        return this.m_privateKey;
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static {
        Class cls;
        try {
            try {
                rand = SecureRandom.getInstance("SHA1PRNG");
            } catch (Exception e) {
                rand = SecureRandom.getInstance("BBS");
            }
            rand.setSeed(new String(new StringBuffer().append(PKIMgrError.NO_ERROR_MESSAGE).append(System.currentTimeMillis()).append(rand).toString()).getBytes());
        } catch (Exception e2) {
            e2.printStackTrace();
            rand = null;
        }
        if (class$com$logica$security$device$PKCS11Device == null) {
            cls = class$("com.logica.security.device.PKCS11Device");
            class$com$logica$security$device$PKCS11Device = cls;
        } else {
            cls = class$com$logica$security$device$PKCS11Device;
        }
        logger = LLoggerFactory.getLogger(cls);
    }
}
