package com.dyadicsec.provider;

import com.dyadicsec.cryptoki.CK;
import com.dyadicsec.pkcs11.CKCertificate;
import com.dyadicsec.pkcs11.CKECPrivateKey;
import com.dyadicsec.pkcs11.CKEDDSAPrivateKey;
import com.dyadicsec.pkcs11.CKException;
import com.dyadicsec.pkcs11.CKKey;
import com.dyadicsec.pkcs11.CKLIMAPrivateKey;
import com.dyadicsec.pkcs11.CKObject;
import com.dyadicsec.pkcs11.CKRSAPrivateKey;
import com.dyadicsec.pkcs11.CKSecretKey;
import com.dyadicsec.pkcs11.CK_ATTRIBUTE;
import com.dyadicsec.pkcs11.Policy;
import com.dyadicsec.pkcs11.Slot;
import com.dyadicsec.provider.DYCryptoProvider;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.KeyStoreSpi;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.ProviderException;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateCrtKey;
import java.util.ArrayList;
import java.util.Date;
import java.util.Enumeration;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.StringTokenizer;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: input_file:ekm-java-provider-2.0.jar:com/dyadicsec/provider/KeyStore.class */
public final class KeyStore extends KeyStoreSpi {
    Slot slot;
    private boolean loggedInSO = false;
    private Hashtable<String, Entry> map = new Hashtable<>();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:ekm-java-provider-2.0.jar:com/dyadicsec/provider/KeyStore$Entry.class */
    public static class Entry {
        Key key;
        CKCertificate cert = null;

        Entry(Key key) {
            this.key = null;
            this.key = key;
        }
    }

    private synchronized void removeMapAlias(String str) {
        this.map.remove(str);
    }

    public KeyStore(Slot slot) {
        this.slot = null;
        this.slot = slot;
    }

    public Slot getSlot() {
        return this.slot;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void register(Key key, String str) {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public synchronized void setAlias(Key key, String str) throws KeyStoreException {
        if (str == null || key == null) {
            return;
        }
        try {
            CKKey pkcs11Key = getPkcs11Key(key);
            if (pkcs11Key == null) {
                return;
            }
            String name = pkcs11Key.getName();
            if (str.equals(name)) {
                return;
            }
            pkcs11Key.setName(str);
            removeMapAlias(name);
            removeMapAlias(str);
        } catch (CKException e) {
            throw new KeyStoreException(e);
        }
    }

    private synchronized Entry findKeyEntry(String str) {
        Entry entry = this.map.get(str);
        if (entry == null) {
            Entry findPrivateKeyEntry = findPrivateKeyEntry(str);
            return findPrivateKeyEntry != null ? findPrivateKeyEntry : findSecretKeyEntry(str);
        }
        if (entry.key != null) {
            return entry;
        }
        return null;
    }

    private synchronized Entry findAnyEntry(String str) {
        Entry entry = this.map.get(str);
        if (entry != null) {
            return entry;
        }
        Entry findKeyEntry = findKeyEntry(str);
        return findKeyEntry != null ? findKeyEntry : findCertEntry(str);
    }

    private synchronized Entry findSecretKeyEntry(String str) {
        if (!isPrintableAlias(str)) {
            return null;
        }
        Entry entry = this.map.get(str);
        if (entry != null) {
            if (entry.cert == null && (entry.key instanceof SecretKey)) {
                return entry;
            }
            return null;
        }
        CKSecretKey find = CKSecretKey.find(this.slot, str);
        if (find == null) {
            return null;
        }
        Entry entry2 = new Entry(new SecretKey(find));
        this.map.put(str, entry2);
        return entry2;
    }

    private synchronized Entry findPrivateKeyEntry(String str) {
        Key eDDSAPrivateKey;
        if (!isPrintableAlias(str)) {
            return null;
        }
        Entry entry = this.map.get(str);
        if (entry != null) {
            if (entry.key instanceof PrivateKey) {
                return entry;
            }
            return null;
        }
        CKObject findObject = this.slot.findObject(3, -1, str);
        if (findObject == null) {
            return null;
        }
        if (findObject instanceof CKRSAPrivateKey) {
            eDDSAPrivateKey = new RSAPrivateKey((CKRSAPrivateKey) findObject);
        } else if (findObject instanceof CKECPrivateKey) {
            eDDSAPrivateKey = new ECPrivateKey((CKECPrivateKey) findObject);
        } else if (findObject instanceof CKLIMAPrivateKey) {
            eDDSAPrivateKey = new LIMAPrivateKey((CKLIMAPrivateKey) findObject);
        } else {
            if (!(findObject instanceof CKEDDSAPrivateKey)) {
                return null;
            }
            eDDSAPrivateKey = new EDDSAPrivateKey((CKEDDSAPrivateKey) findObject);
        }
        try {
            long uid = findObject.getUID();
            Entry entry2 = new Entry(eDDSAPrivateKey);
            entry2.cert = CKCertificate.findCertByPrivateKeyUID(this.slot, uid);
            this.map.put(str, entry2);
            return entry2;
        } catch (CKException e) {
            return null;
        }
    }

    private synchronized Entry findCertEntry(String str) {
        if (!isPrintableAlias(str)) {
            return null;
        }
        Entry entry = this.map.get(str);
        if (entry != null) {
            if (entry.key == null) {
                return entry;
            }
            return null;
        }
        CKCertificate find = CKCertificate.find(this.slot, str);
        if (find == null) {
            return null;
        }
        try {
            if (0 != this.slot.findObjectHandle(find.getPrivateKeyUID())) {
                return null;
            }
            Entry entry2 = new Entry(null);
            entry2.cert = find;
            this.map.put(str, entry2);
            return entry2;
        } catch (CKException e) {
            return null;
        }
    }

    @Override // java.security.KeyStoreSpi
    public KeyStore.Entry engineGetEntry(String str, KeyStore.ProtectionParameter protectionParameter) {
        Entry findAnyEntry = findAnyEntry(str);
        if (findAnyEntry == null) {
            return null;
        }
        if (findAnyEntry.key == null) {
            return new KeyStore.TrustedCertificateEntry(getX509(findAnyEntry));
        }
        if (findAnyEntry.key instanceof SecretKey) {
            return new KeyStore.SecretKeyEntry((SecretKey) findAnyEntry.key);
        }
        if (findAnyEntry.key instanceof PrivateKey) {
            return findAnyEntry.cert == null ? new DYCryptoProvider.KeyEntry((PrivateKey) findAnyEntry.key) : new KeyStore.PrivateKeyEntry((PrivateKey) findAnyEntry.key, getChain(findAnyEntry));
        }
        return null;
    }

    @Override // java.security.KeyStoreSpi
    public Key engineGetKey(String str, char[] cArr) throws ProviderException {
        try {
            login(cArr);
            Entry findKeyEntry = findKeyEntry(str);
            if (findKeyEntry == null) {
                return null;
            }
            return findKeyEntry.key;
        } catch (KeyStoreException e) {
            throw new ProviderException(e);
        }
    }

    private X509Certificate getX509(Entry entry) {
        if (entry == null || entry.cert == null) {
            return null;
        }
        try {
            return entry.cert.getX509();
        } catch (CKException e) {
            return null;
        } catch (CertificateException e2) {
            return null;
        }
    }

    private X509Certificate[] getChain(Entry entry) {
        if (entry == null) {
            return null;
        }
        X509Certificate x509 = getX509(entry);
        if (x509 == null) {
            return new X509Certificate[]{null};
        }
        if (x509.getSubjectX500Principal().equals(x509.getIssuerX500Principal())) {
            return new X509Certificate[]{x509};
        }
        ArrayList arrayList = new ArrayList();
        arrayList.add(x509);
        do {
            CKCertificate cKCertificate = (CKCertificate) this.slot.findObject(CKCertificate.class, new CK_ATTRIBUTE[]{new CK_ATTRIBUTE(1, true), new CK_ATTRIBUTE(0, 1), new CK_ATTRIBUTE(257, x509.getIssuerX500Principal().getEncoded())});
            if (cKCertificate == null) {
                break;
            }
            try {
                x509 = cKCertificate.getX509();
                arrayList.add(x509);
            } catch (CKException e) {
            } catch (CertificateException e2) {
            }
        } while (!x509.getSubjectX500Principal().equals(x509.getIssuerX500Principal()));
        return (X509Certificate[]) arrayList.toArray(new X509Certificate[arrayList.size()]);
    }

    @Override // java.security.KeyStoreSpi
    public Certificate[] engineGetCertificateChain(String str) {
        return getChain(findPrivateKeyEntry(str));
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineContainsAlias(String str) {
        return findAnyEntry(str) != null;
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineIsKeyEntry(String str) {
        return findKeyEntry(str) != null;
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineIsCertificateEntry(String str) {
        return findCertEntry(str) != null;
    }

    @Override // java.security.KeyStoreSpi
    public Certificate engineGetCertificate(String str) {
        return getX509(findAnyEntry(str));
    }

    @Override // java.security.KeyStoreSpi
    public int engineSize() {
        return 0;
    }

    @Override // java.security.KeyStoreSpi
    public String engineGetCertificateAlias(Certificate certificate) {
        try {
            CKCertificate cKCertificate = (CKCertificate) this.slot.findObject(CKCertificate.class, new CK_ATTRIBUTE[]{new CK_ATTRIBUTE(1, true), new CK_ATTRIBUTE(0, 1), new CK_ATTRIBUTE(17, certificate.getEncoded())});
            if (cKCertificate == null) {
                return null;
            }
            try {
                return cKCertificate.getName();
            } catch (CKException e) {
                return null;
            }
        } catch (CertificateEncodingException e2) {
            return null;
        }
    }

    private Key newKey(CKObject cKObject) {
        if (cKObject instanceof CKRSAPrivateKey) {
            return new RSAPrivateKey((CKRSAPrivateKey) cKObject);
        }
        if (cKObject instanceof CKECPrivateKey) {
            return new ECPrivateKey((CKECPrivateKey) cKObject);
        }
        if (cKObject instanceof CKLIMAPrivateKey) {
            return new LIMAPrivateKey((CKLIMAPrivateKey) cKObject);
        }
        if (cKObject instanceof CKEDDSAPrivateKey) {
            return new EDDSAPrivateKey((CKEDDSAPrivateKey) cKObject);
        }
        if (cKObject instanceof CKSecretKey) {
            return new SecretKey((CKSecretKey) cKObject);
        }
        return null;
    }

    @Override // java.security.KeyStoreSpi
    public Enumeration<String> engineAliases() {
        Key newKey;
        Key newKey2;
        Hashtable<String, Entry> hashtable = new Hashtable<>();
        Iterator<CKObject> it = this.slot.findObjects(3, -1).iterator();
        while (it.hasNext()) {
            CKObject next = it.next();
            try {
                String name = next.getName();
                if (!name.isEmpty() && (newKey2 = newKey(next)) != null) {
                    hashtable.put(name, new Entry(newKey2));
                }
            } catch (CKException e) {
            }
        }
        Iterator<CKObject> it2 = this.slot.findObjects(4, -1).iterator();
        while (it2.hasNext()) {
            CKObject next2 = it2.next();
            try {
                String name2 = next2.getName();
                if (!name2.isEmpty() && (newKey = newKey(next2)) != null) {
                    hashtable.put(name2, new Entry(newKey));
                }
            } catch (CKException e2) {
            }
        }
        Iterator<CKObject> it3 = this.slot.findObjects(1, -1).iterator();
        while (it3.hasNext()) {
            CKObject next3 = it3.next();
            try {
                String name3 = next3.getName();
                if (!name3.isEmpty()) {
                    Entry entry = hashtable.get(name3);
                    if (entry == null) {
                        entry = new Entry(null);
                        hashtable.put(name3, entry);
                    }
                    entry.cert = (CKCertificate) next3;
                }
            } catch (CKException e3) {
            }
        }
        synchronized (this) {
            this.map = hashtable;
        }
        return hashtable.keys();
    }

    @Override // java.security.KeyStoreSpi
    public void engineStore(OutputStream outputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
    }

    private void login(char[] cArr) throws KeyStoreException {
        int login;
        if (cArr == null || cArr.length == 0) {
            if (this.loggedInSO) {
                this.slot.logout();
            }
            this.loggedInSO = false;
            return;
        }
        this.loggedInSO = false;
        StringTokenizer stringTokenizer = new StringTokenizer(new String(cArr), "\t\n\r\f\" :,{}");
        String[] strArr = new String[stringTokenizer.countTokens()];
        for (int i = 0; i < strArr.length; i++) {
            strArr[i] = stringTokenizer.nextToken();
        }
        boolean z = strArr.length > 2 && strArr[0].equalsIgnoreCase("USERNAME") && strArr[1].equalsIgnoreCase("SO");
        if (z || this.slot.isUserLoginRequired()) {
            if (z) {
                this.slot.logout();
                login = this.slot.login(0, cArr);
            } else {
                login = this.slot.login(CK.DYCKU_USER_CHECK, cArr);
            }
            if (login != 0) {
                throw new KeyStoreException("Login failed");
            }
            this.loggedInSO = z;
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineLoad(InputStream inputStream, char[] cArr) throws ProviderException {
        try {
            login(cArr);
        } catch (KeyStoreException e) {
            throw new ProviderException(e);
        }
    }

    private CKKey getPkcs11Key(Key key) throws KeyStoreException {
        if (key == null) {
            return null;
        }
        if (key instanceof DYKey) {
            return ((DYKey) key).getPkcs11Key();
        }
        throw new KeyStoreException("Unsupported key type");
    }

    private void destroyKey(Key key) throws KeyStoreException {
        if (key == null) {
            return;
        }
        try {
            getPkcs11Key(key).destroy();
        } catch (CKException e) {
            throw new KeyStoreException(e);
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineDeleteEntry(String str) throws KeyStoreException {
        Entry findAnyEntry = findAnyEntry(str);
        if (findAnyEntry == null) {
            return;
        }
        removeMapAlias(str);
        destroyKey(findAnyEntry.key);
        if (findAnyEntry.cert != null) {
            try {
                findAnyEntry.cert.destroy();
            } catch (CKException e) {
                throw new KeyStoreException(e);
            }
        }
    }

    private CKCertificate createCert(String str, X509Certificate x509Certificate) throws KeyStoreException {
        try {
            return CKCertificate.create(this.slot, str, (Policy) null, x509Certificate);
        } catch (CKException e) {
            throw new KeyStoreException(e);
        } catch (CertificateEncodingException e2) {
            throw new KeyStoreException(e2);
        }
    }

    @Override // java.security.KeyStoreSpi
    public synchronized void engineSetCertificateEntry(String str, Certificate certificate) throws KeyStoreException {
        setCertificateEntry(str, certificate, null);
    }

    private void createTrustedPublicKeyFromCert(String str, X509Certificate x509Certificate) throws KeyStoreException {
        PublicKey publicKey = x509Certificate.getPublicKey();
        if (publicKey instanceof java.security.interfaces.RSAPublicKey) {
            new RSAPublicKey((java.security.interfaces.RSAPublicKey) publicKey).createTrusted(this, str);
        }
    }

    private synchronized void setCertificateEntry(String str, Certificate certificate, char[] cArr) throws KeyStoreException {
        login(cArr);
        if (findCertEntry(str) != null) {
            engineDeleteEntry(str);
            createCert(str, (X509Certificate) certificate);
            return;
        }
        Entry findPrivateKeyEntry = findPrivateKeyEntry(str);
        if (findPrivateKeyEntry != null) {
            if (findPrivateKeyEntry.cert != null) {
                try {
                    findPrivateKeyEntry.cert.destroy();
                } catch (CKException e) {
                }
                findPrivateKeyEntry.cert = null;
            }
            createCert(str, (X509Certificate) certificate);
        } else {
            createCert(str, (X509Certificate) certificate);
        }
        if (this.loggedInSO) {
            createTrustedPublicKeyFromCert(str, (X509Certificate) certificate);
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetKeyEntry(String str, byte[] bArr, Certificate[] certificateArr) throws KeyStoreException {
        throw new KeyStoreException("Not supported");
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetEntry(String str, KeyStore.Entry entry, KeyStore.ProtectionParameter protectionParameter) throws KeyStoreException {
        char[] cArr = null;
        if (protectionParameter != null && (protectionParameter instanceof KeyStore.PasswordProtection)) {
            cArr = ((KeyStore.PasswordProtection) protectionParameter).getPassword();
        }
        removeMapAlias(str);
        if (entry instanceof KeyStore.PrivateKeyEntry) {
            KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) entry;
            engineSetKeyEntry(str, privateKeyEntry.getPrivateKey(), cArr, privateKeyEntry.getCertificateChain());
        } else if (entry instanceof KeyStore.SecretKeyEntry) {
            engineSetKeyEntry(str, ((KeyStore.SecretKeyEntry) entry).getSecretKey(), cArr, null);
        } else if (entry instanceof KeyStore.TrustedCertificateEntry) {
            setCertificateEntry(str, ((KeyStore.TrustedCertificateEntry) entry).getTrustedCertificate(), cArr);
        } else {
            if (!(entry instanceof DYCryptoProvider.KeyEntry)) {
                throw new KeyStoreException(new UnsupportedOperationException("unsupported entry type: " + entry.getClass().getName()));
            }
            engineSetKeyEntry(str, ((DYCryptoProvider.KeyEntry) entry).key, cArr, null);
        }
    }

    private void saveChain(CKKey cKKey, String str, Certificate[] certificateArr) throws KeyStoreException {
        if (certificateArr == null) {
            return;
        }
        try {
            ArrayList<CKCertificate> findCertsByPrivateKeyUID = CKCertificate.findCertsByPrivateKeyUID(this.slot, cKKey.getUID());
            for (int i = 0; i < findCertsByPrivateKeyUID.size(); i++) {
                findCertsByPrivateKeyUID.get(i).destroy();
            }
        } catch (CKException e) {
        }
        createCert(str, (X509Certificate) certificateArr[0]);
        for (int i2 = 1; i2 < certificateArr.length; i2++) {
            try {
                createCert(null, (X509Certificate) certificateArr[i2]);
            } catch (KeyStoreException e2) {
            }
        }
    }

    @Override // java.security.KeyStoreSpi
    public synchronized void engineSetKeyEntry(String str, Key key, char[] cArr, Certificate[] certificateArr) throws KeyStoreException {
        if (!isPrintableAlias(str)) {
            throw new KeyStoreException("invalid entry name " + str);
        }
        login(cArr);
        removeMapAlias(str);
        if (key instanceof DYKey) {
            ((DYKey) key).save(this, str);
            if ((key instanceof RSAPrivateKey) || (key instanceof ECPrivateKey)) {
                saveChain(((DYKey) key).getPkcs11Key(), str, certificateArr);
                return;
            }
            return;
        }
        if (key instanceof RSAPrivateCrtKey) {
            engineDeleteEntry(str);
            RSAPrivateKey initForImport = new RSAPrivateKey().initForImport((RSAPrivateCrtKey) key);
            initForImport.save(this, str);
            saveChain(initForImport.pkcs11Key, str, certificateArr);
            return;
        }
        if (key instanceof java.security.interfaces.ECPrivateKey) {
            engineDeleteEntry(str);
            ECPrivateKey initForImport2 = new ECPrivateKey().initForImport((java.security.interfaces.ECPrivateKey) key);
            initForImport2.save(this, str);
            saveChain(initForImport2.pkcs11Key, str, certificateArr);
            return;
        }
        if (!(key instanceof SecretKeySpec)) {
            throw new KeyStoreException("Unsupported key type");
        }
        engineDeleteEntry(str);
        new SecretKey().initForImport(null, -1, (SecretKeySpec) key);
    }

    private static boolean isPrintableAlias(String str) {
        return str != null;
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineEntryInstanceOf(String str, Class<? extends KeyStore.Entry> cls) {
        return cls == KeyStore.TrustedCertificateEntry.class ? findCertEntry(str) != null : cls == KeyStore.PrivateKeyEntry.class ? findPrivateKeyEntry(str) != null : cls == KeyStore.SecretKeyEntry.class && findSecretKeyEntry(str) != null;
    }

    @Override // java.security.KeyStoreSpi
    public Date engineGetCreationDate(String str) {
        if (str == null) {
            return null;
        }
        return new Date();
    }
}
