package com.sun.messaging.smime.security.pkcs11;

import com.sun.messaging.smime.security.cardapi.CardException;
import com.sun.messaging.smime.security.pkcs11.wrapper.CK_ATTRIBUTE;
import com.sun.messaging.smime.security.pkcs11.wrapper.PKCS11Constants;
import com.sun.messaging.smime.security.pkcs11.wrapper.PKCS11Exception;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.PrivateKey;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import javax.security.auth.x500.X500Principal;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:com/sun/messaging/smime/security/pkcs11/P11Store.class */
public class P11Store implements PKCS11Constants {
    private static final boolean DEBUG = false;
    private final Token token;
    private final CertificateFactory factory = CertificateFactory.getInstance("X.509");
    private final List certInfos = new ArrayList();
    private final boolean supportsTrusted;
    private static final int MAX_OBJECTS = 128;
    private static final X509Certificate[] X0 = new X509Certificate[0];
    private static final byte[] B0 = new byte[0];
    private static final CK_ATTRIBUTE[] CERT_ATTRS = {new CK_ATTRIBUTE(1L, true), new CK_ATTRIBUTE(0, 1), new CK_ATTRIBUTE(128, 0), new CK_ATTRIBUTE(134L, true)};
    private static final CK_ATTRIBUTE[] ALL_CERT_ATTRS = {new CK_ATTRIBUTE(1L, true), new CK_ATTRIBUTE(0, 1), new CK_ATTRIBUTE(128, 0)};
    private static final CK_ATTRIBUTE[] KEY_ATTRS = {new CK_ATTRIBUTE(1L, true), new CK_ATTRIBUTE(0, 3), new CK_ATTRIBUTE(256, 0)};
    private static final CK_ATTRIBUTE[] EMPTY_ATTRS = new CK_ATTRIBUTE[0];
    private static final String BUG_VENDOR = "Litronic";

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/sun/messaging/smime/security/pkcs11/P11Store$CertificateInfo.class */
    public static class CertificateInfo {
        final long handle;
        final X509Certificate cert;
        final byte[] id;

        CertificateInfo(long j, X509Certificate x509Certificate, byte[] bArr) {
            this.handle = j;
            this.cert = x509Certificate;
            this.id = bArr;
        }

        boolean matches(byte[] bArr) {
            return bArr != null && Arrays.equals(this.id, bArr);
        }

        public String toString() {
            return "Certificate " + P11Util.toString(this.id) + "\r\n  " + this.cert.getSubjectX500Principal();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public P11Store(Token token) throws GeneralSecurityException {
        this.token = token;
        this.supportsTrusted = (token.provider.p11Info.cryptokiVersion.minor & 255) > 11;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public X509Certificate[] getTrustedCertificates() throws PKCS11Exception {
        if (!this.supportsTrusted) {
            return X0;
        }
        try {
            Session opSession = this.token.getOpSession();
            this.token.p11.C_FindObjectsInit(opSession.id(), CERT_ATTRS);
            long[] C_FindObjects = this.token.p11.C_FindObjects(opSession.id(), 128L);
            this.token.p11.C_FindObjectsFinal(opSession.id());
            if (C_FindObjects.length == 0) {
                X509Certificate[] x509CertificateArr = X0;
                this.token.releaseSession(opSession);
                return x509CertificateArr;
            }
            ArrayList arrayList = new ArrayList(C_FindObjects.length);
            for (long j : C_FindObjects) {
                CK_ATTRIBUTE[] ck_attributeArr = {new CK_ATTRIBUTE(17L)};
                this.token.p11.C_GetAttributeValue(opSession.id(), j, ck_attributeArr);
                try {
                    arrayList.add((X509Certificate) this.factory.generateCertificate(new ByteArrayInputStream(ck_attributeArr[0].getByteArray())));
                } catch (CertificateException e) {
                }
            }
            X509Certificate[] x509CertificateArr2 = (X509Certificate[]) arrayList.toArray(X0);
            this.token.releaseSession(opSession);
            return x509CertificateArr2;
        } catch (Throwable th) {
            this.token.releaseSession(null);
            throw th;
        }
    }

    byte[][] getIssuers() throws PKCS11Exception {
        return getAttributes(new CK_ATTRIBUTE(129L));
    }

    byte[][] getSerialNumbers() throws PKCS11Exception {
        return getAttributes(new CK_ATTRIBUTE(130L));
    }

    byte[][] getSubjectKeyIds() throws PKCS11Exception {
        return getAttributes(new CK_ATTRIBUTE(258L));
    }

    /* JADX WARN: Type inference failed for: r0v22, types: [byte[], byte[][]] */
    private byte[][] getAttributes(CK_ATTRIBUTE ck_attribute) throws PKCS11Exception {
        try {
            Session opSession = this.token.getOpSession();
            this.token.p11.C_FindObjectsInit(opSession.id(), ALL_CERT_ATTRS);
            long[] C_FindObjects = this.token.p11.C_FindObjects(opSession.id(), 128L);
            this.token.p11.C_FindObjectsFinal(opSession.id());
            if (C_FindObjects.length == 0) {
                byte[][] bArr = (byte[][]) null;
                this.token.releaseSession(opSession);
                return bArr;
            }
            ?? r0 = new byte[C_FindObjects.length];
            new ArrayList(C_FindObjects.length);
            for (int i = 0; i < C_FindObjects.length; i++) {
                CK_ATTRIBUTE[] ck_attributeArr = {ck_attribute};
                this.token.p11.C_GetAttributeValue(opSession.id(), C_FindObjects[i], ck_attributeArr);
                r0[i] = ck_attributeArr[0].getByteArray();
            }
            this.token.releaseSession(opSession);
            return r0;
        } catch (Throwable th) {
            this.token.releaseSession(null);
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public X509Certificate[] getX509Certificates() throws PKCS11Exception {
        return new String(this.token.p11.C_GetInfo().manufacturerID).indexOf(BUG_VENDOR) != -1 ? getCertificates(EMPTY_ATTRS) : getCertificates(ALL_CERT_ATTRS);
    }

    private X509Certificate[] getCertificates(CK_ATTRIBUTE[] ck_attributeArr) throws PKCS11Exception {
        Session session = null;
        try {
            session = this.token.getOpSession();
            this.token.p11.C_FindObjectsInit(session.id(), ck_attributeArr);
            long[] C_FindObjects = this.token.p11.C_FindObjects(session.id(), 128L);
            this.token.p11.C_FindObjectsFinal(session.id());
            if (C_FindObjects.length == 0) {
                X509Certificate[] x509CertificateArr = X0;
                this.token.releaseSession(session);
                return x509CertificateArr;
            }
            ArrayList arrayList = new ArrayList(C_FindObjects.length);
            for (long j : C_FindObjects) {
                CK_ATTRIBUTE[] ck_attributeArr2 = {new CK_ATTRIBUTE(17L)};
                try {
                    this.token.p11.C_GetAttributeValue(session.id(), j, ck_attributeArr2);
                    arrayList.add((X509Certificate) this.factory.generateCertificate(new ByteArrayInputStream(ck_attributeArr2[0].getByteArray())));
                } catch (PKCS11Exception e) {
                    if (new String(this.token.p11.C_GetInfo().manufacturerID).indexOf(BUG_VENDOR) == -1) {
                        throw e;
                    }
                } catch (CertificateException e2) {
                }
            }
            X509Certificate[] x509CertificateArr2 = (X509Certificate[]) arrayList.toArray(X0);
            this.token.releaseSession(session);
            return x509CertificateArr2;
        } catch (Throwable th) {
            this.token.releaseSession(session);
            throw th;
        }
    }

    private void findAllCertificates() throws PKCS11Exception {
        Session session = null;
        try {
            this.certInfos.clear();
            session = this.token.getOpSession();
            this.token.p11.C_FindObjectsInit(session.id(), ALL_CERT_ATTRS);
            long[] C_FindObjects = this.token.p11.C_FindObjects(session.id(), 128L);
            this.token.p11.C_FindObjectsFinal(session.id());
            for (long j : C_FindObjects) {
                try {
                    CK_ATTRIBUTE[] ck_attributeArr = {new CK_ATTRIBUTE(17L), new CK_ATTRIBUTE(258L)};
                    this.token.p11.C_GetAttributeValue(session.id(), j, ck_attributeArr);
                    X509Certificate x509Certificate = (X509Certificate) this.factory.generateCertificate(new ByteArrayInputStream(ck_attributeArr[0].getByteArray()));
                    Object obj = ck_attributeArr[1].pValue;
                    this.certInfos.add(new CertificateInfo(j, x509Certificate, obj == null ? B0 : (byte[]) obj));
                } catch (PKCS11Exception e) {
                    e.printStackTrace();
                } catch (CertificateException e2) {
                    e2.printStackTrace();
                }
            }
            this.token.releaseSession(session);
        } catch (Throwable th) {
            this.token.releaseSession(session);
            throw th;
        }
    }

    private X509Certificate[] getCertificateChain(byte[] bArr) {
        r5 = null;
        for (CertificateInfo certificateInfo : this.certInfos) {
            if (certificateInfo.matches(bArr)) {
                break;
            }
            certificateInfo = null;
        }
        if (certificateInfo == null) {
            return null;
        }
        ArrayList arrayList = new ArrayList();
        loop1: while (true) {
            X509Certificate x509Certificate = certificateInfo.cert;
            arrayList.add(x509Certificate);
            X500Principal subjectX500Principal = x509Certificate.getSubjectX500Principal();
            X500Principal issuerX500Principal = x509Certificate.getIssuerX500Principal();
            if (!subjectX500Principal.equals(issuerX500Principal)) {
                for (CertificateInfo certificateInfo2 : this.certInfos) {
                    if (issuerX500Principal.equals(certificateInfo2.cert.getSubjectX500Principal())) {
                        break;
                    }
                }
                break loop1;
            }
            break;
            certificateInfo = certificateInfo2;
        }
        return (X509Certificate[]) arrayList.toArray(X0);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public PrivateKey getPrivateKey(X509Certificate x509Certificate) throws PKCS11Exception, CardException {
        if (new String(this.token.p11.C_GetInfo().manufacturerID).indexOf(BUG_VENDOR) != -1) {
            return getPrivateKeyX(x509Certificate);
        }
        try {
            try {
                CK_ATTRIBUTE[] ck_attributeArr = {new CK_ATTRIBUTE(17L, x509Certificate.getEncoded())};
                Session opSession = this.token.getOpSession();
                this.token.p11.C_FindObjectsInit(opSession.id(), ck_attributeArr);
                long[] C_FindObjects = this.token.p11.C_FindObjects(opSession.id(), 1L);
                this.token.p11.C_FindObjectsFinal(opSession.id());
                if (C_FindObjects.length == 0) {
                    throw new CardException("No such certificate");
                }
                CK_ATTRIBUTE[] ck_attributeArr2 = {new CK_ATTRIBUTE(258L)};
                this.token.p11.C_GetAttributeValue(opSession.id(), C_FindObjects[0], ck_attributeArr2);
                this.token.p11.C_FindObjectsInit(opSession.id(), new CK_ATTRIBUTE[]{new CK_ATTRIBUTE(1L, true), new CK_ATTRIBUTE(0L, 3L), new CK_ATTRIBUTE(256L, 0L), new CK_ATTRIBUTE(258L, ck_attributeArr2[0].getByteArray())});
                long[] C_FindObjects2 = this.token.p11.C_FindObjects(opSession.id(), 128L);
                this.token.p11.C_FindObjectsFinal(opSession.id());
                if (C_FindObjects2.length == 0) {
                    throw new CardException("Cannot find matching key");
                }
                if (C_FindObjects2.length > 1) {
                    throw new CardException("Key pair identifier not unique");
                }
                CK_ATTRIBUTE[] ck_attributeArr3 = {new CK_ATTRIBUTE(288L), new CK_ATTRIBUTE(258L)};
                this.token.p11.C_GetAttributeValue(opSession.id(), C_FindObjects2[0], ck_attributeArr3);
                PrivateKey privateKey = P11Key.privateKey(opSession, C_FindObjects2[0], "RSA", ck_attributeArr3[0].getBigInteger().bitLength(), ck_attributeArr3);
                this.token.releaseSession(opSession);
                return privateKey;
            } catch (CertificateEncodingException e) {
                throw new CardException("Certificate error", e);
            }
        } catch (Throwable th) {
            this.token.releaseSession(null);
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public X509Certificate[] getCertificateChain(X509Certificate x509Certificate) throws PKCS11Exception, CardException {
        try {
            try {
                findAllCertificates();
                CK_ATTRIBUTE[] ck_attributeArr = {new CK_ATTRIBUTE(17L, x509Certificate.getEncoded())};
                Session opSession = this.token.getOpSession();
                this.token.p11.C_FindObjectsInit(opSession.id(), ck_attributeArr);
                long[] C_FindObjects = this.token.p11.C_FindObjects(opSession.id(), 1L);
                this.token.p11.C_FindObjectsFinal(opSession.id());
                if (C_FindObjects.length == 0) {
                    throw new CardException("No such certificate");
                }
                new CK_ATTRIBUTE[1][0] = new CK_ATTRIBUTE(258L);
                this.token.p11.C_GetAttributeValue(opSession.id(), C_FindObjects[0], ck_attributeArr);
                X509Certificate[] certificateChain = getCertificateChain(ck_attributeArr[1].getByteArray());
                if (certificateChain == null) {
                    certificateChain = new X509Certificate[]{x509Certificate};
                }
                X509Certificate[] x509CertificateArr = certificateChain;
                this.token.releaseSession(opSession);
                return x509CertificateArr;
            } catch (CertificateEncodingException e) {
                throw new CardException("Certificate error", e);
            }
        } catch (Throwable th) {
            this.token.releaseSession(null);
            throw th;
        }
    }

    private PrivateKey getPrivateKeyX(X509Certificate x509Certificate) throws PKCS11Exception, CardException {
        Session session = null;
        PrivateKey privateKey = null;
        try {
            session = this.token.getOpSession();
            this.token.p11.C_FindObjectsInit(session.id(), EMPTY_ATTRS);
            long[] C_FindObjects = this.token.p11.C_FindObjects(session.id(), 128L);
            this.token.p11.C_FindObjectsFinal(session.id());
            if (C_FindObjects.length == 0) {
                this.token.releaseSession(session);
                return null;
            }
            byte[] bArr = null;
            X509CertSelector x509CertSelector = new X509CertSelector();
            try {
                x509CertSelector.setIssuer(x509Certificate.getIssuerX500Principal().getEncoded());
                x509CertSelector.setSerialNumber(x509Certificate.getSerialNumber());
                for (int i = 0; i < C_FindObjects.length; i++) {
                    CK_ATTRIBUTE[] ck_attributeArr = {new CK_ATTRIBUTE(17L)};
                    try {
                        this.token.p11.C_GetAttributeValue(session.id(), C_FindObjects[i], ck_attributeArr);
                        if (x509CertSelector.match((X509Certificate) this.factory.generateCertificate(new ByteArrayInputStream(ck_attributeArr[0].getByteArray())))) {
                            CK_ATTRIBUTE[] ck_attributeArr2 = {new CK_ATTRIBUTE(258L)};
                            this.token.p11.C_GetAttributeValue(session.id(), C_FindObjects[i], ck_attributeArr2);
                            bArr = ck_attributeArr2[0].getByteArray();
                        }
                    } catch (Throwable th) {
                    }
                }
                if (bArr == null) {
                    this.token.releaseSession(session);
                    return null;
                }
                for (int i2 = 0; i2 < C_FindObjects.length; i2++) {
                    CK_ATTRIBUTE[] ck_attributeArr3 = {new CK_ATTRIBUTE(258L)};
                    try {
                        this.token.p11.C_GetAttributeValue(session.id(), C_FindObjects[i2], ck_attributeArr3);
                    } catch (Throwable th2) {
                    }
                    if (Arrays.equals(bArr, ck_attributeArr3[0].getByteArray())) {
                        CK_ATTRIBUTE[] ck_attributeArr4 = {new CK_ATTRIBUTE(288L), new CK_ATTRIBUTE(258L)};
                        this.token.p11.C_GetAttributeValue(session.id(), C_FindObjects[i2], ck_attributeArr4);
                        privateKey = P11Key.privateKey(session, C_FindObjects[i2], "RSA", ck_attributeArr4[0].getBigInteger().bitLength(), ck_attributeArr4);
                        break;
                    }
                }
                this.token.releaseSession(session);
                return privateKey;
            } catch (IOException e) {
                throw new CardException("Error setting X509CertSelector: " + e.toString());
            }
        } catch (Throwable th3) {
            this.token.releaseSession(session);
            throw th3;
        }
    }
}
