package com.dyadicsec.pkcs11;

import com.dyadicsec.cryptoki.CK;
import java.io.ByteArrayInputStream;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Date;
import java.util.Map;

/* loaded from: input_file:com/dyadicsec/pkcs11/CKCertificate.class */
public final class CKCertificate extends CKObject {
    byte[] value = null;
    X509Certificate cert = null;
    long privateKeyUID = 0;

    /* JADX INFO: Access modifiers changed from: package-private */
    public CKCertificate() {
        this.clazz = 1;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // com.dyadicsec.pkcs11.CKObject
    public void prepareReadTemplate(Map<Integer, CK_ATTRIBUTE> map) {
        super.prepareReadTemplate(map);
        addReadTemplate(map, 17);
        addReadTemplate(map, CK.CKA_CERTIFICATE_CATEGORY);
        addReadTemplate(map, CK.KMIP_PRIVATE_KEY_UID);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // com.dyadicsec.pkcs11.CKObject
    public void saveReadTemplate(Map<Integer, CK_ATTRIBUTE> map) throws CKException {
        super.saveReadTemplate(map);
        this.value = map.get(17).getValue();
        this.policy.cka_trusted = map.get(Integer.valueOf(CK.CKA_CERTIFICATE_CATEGORY)).toInt() == 2;
        this.privateKeyUID = map.get(Integer.valueOf(CK.KMIP_PRIVATE_KEY_UID)).toLong();
        this.policy.cka_extractable = true;
        Policy policy = this.policy;
        Policy policy2 = this.policy;
        Policy policy3 = this.policy;
        Policy policy4 = this.policy;
        Policy policy5 = this.policy;
        Policy policy6 = this.policy;
        Policy policy7 = this.policy;
        Policy policy8 = this.policy;
        this.policy.cka_derive = false;
        policy8.cka_unwrap = false;
        policy7.cka_wrap = false;
        policy6.cka_verify = false;
        policy5.cka_sign = false;
        policy4.cka_decrypt = false;
        policy3.cka_encrypt = false;
        policy2.cka_private = false;
        policy.cka_sensitive = false;
    }

    public byte[] getValue() throws CKException {
        if (this.value == null) {
            read();
        }
        return this.value;
    }

    public X509Certificate getX509() throws CKException, CertificateException {
        if (this.cert == null) {
            this.cert = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(getValue()));
        }
        return this.cert;
    }

    public static CKCertificate create(Slot slot, String str, Policy policy, byte[] bArr) throws CKException, CertificateException, CertificateEncodingException {
        return create(slot, str, policy, (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(bArr)));
    }

    public static CKCertificate create(Slot slot, String str, Policy policy, X509Certificate x509Certificate) throws CKException, CertificateEncodingException {
        if (policy == null) {
            policy = new Policy();
        }
        CKCertificate cKCertificate = new CKCertificate();
        cKCertificate.create(slot, new CK_ATTRIBUTE[]{new CK_ATTRIBUTE(1, policy.cka_token), new CK_ATTRIBUTE(0, 1), new CK_ATTRIBUTE(128, 0), new CK_ATTRIBUTE(257, x509Certificate.getSubjectX500Principal().getEncoded()), new CK_ATTRIBUTE(CK.CKA_ISSUER, x509Certificate.getIssuerX500Principal().getEncoded()), new CK_ATTRIBUTE(130, x509Certificate.getSerialNumber().toByteArray()), new CK_ATTRIBUTE(17, x509Certificate.getEncoded()), new CK_ATTRIBUTE(258, Utils.name2id(str))});
        cKCertificate.policy = policy;
        cKCertificate.name = str;
        return cKCertificate;
    }

    public static CKCertificate find(Slot slot, String str) {
        return (CKCertificate) CKObject.find(slot, 1, -1, str);
    }

    public static CKCertificate find(Slot slot, long j) {
        return (CKCertificate) CKObject.find(slot, CKCertificate.class, j);
    }

    public static ArrayList<CKCertificate> list(Slot slot) {
        return CKObject.list(slot, CKCertificate.class, 1, -1);
    }

    public static ArrayList<CKCertificate> findCertsByPrivateKeyUID(Slot slot, long j) {
        CKCertificate cKCertificate = (CKCertificate) CKObject.find(slot, CKCertificate.class, j ^ (-1));
        ArrayList<CKCertificate> list = CKObject.list(slot, CKCertificate.class, new CK_ATTRIBUTE[]{new CK_ATTRIBUTE(1, true), new CK_ATTRIBUTE(0, 1), new CK_ATTRIBUTE(CK.KMIP_PRIVATE_KEY_UID, j)});
        if (cKCertificate != null) {
            int i = 0;
            while (true) {
                if (i >= list.size()) {
                    break;
                }
                if (list.get(i).handle == cKCertificate.handle) {
                    cKCertificate = null;
                    break;
                }
                i++;
            }
            if (cKCertificate != null) {
                list.add(cKCertificate);
            }
        }
        return list;
    }

    public static CKCertificate findCertByPrivateKeyUID(Slot slot, long j) {
        ArrayList<CKCertificate> findCertsByPrivateKeyUID = findCertsByPrivateKeyUID(slot, j);
        int size = findCertsByPrivateKeyUID.size();
        if (size == 0) {
            return null;
        }
        if (size == 1) {
            return findCertsByPrivateKeyUID.get(0);
        }
        CKCertificate cKCertificate = null;
        Date date = null;
        for (int i = 0; i < size; i++) {
            CKCertificate cKCertificate2 = findCertsByPrivateKeyUID.get(i);
            Date date2 = null;
            try {
                date2 = cKCertificate2.getX509().getNotAfter();
            } catch (CKException e) {
            } catch (CertificateException e2) {
            }
            if (date == null) {
                date = date2;
                cKCertificate = cKCertificate2;
            } else if (date2 != null && date2.after(date)) {
                date = date2;
                cKCertificate = cKCertificate2;
            }
        }
        return cKCertificate;
    }

    public long getPrivateKeyUID() throws CKException {
        if (this.privateKeyUID == 0) {
            read();
        }
        return this.privateKeyUID;
    }
}
