package net.named_data.jndn.security;

import java.io.IOException;
import java.nio.ByteBuffer;
import java.util.HashMap;
import java.util.Iterator;
import java.util.logging.Level;
import java.util.logging.Logger;
import net.named_data.jndn.ContentType;
import net.named_data.jndn.Data;
import net.named_data.jndn.DigestSha256Signature;
import net.named_data.jndn.Face;
import net.named_data.jndn.HmacWithSha256Signature;
import net.named_data.jndn.Interest;
import net.named_data.jndn.KeyLocator;
import net.named_data.jndn.KeyLocatorType;
import net.named_data.jndn.Name;
import net.named_data.jndn.OnData;
import net.named_data.jndn.OnTimeout;
import net.named_data.jndn.Sha256WithEcdsaSignature;
import net.named_data.jndn.Sha256WithRsaSignature;
import net.named_data.jndn.Signature;
import net.named_data.jndn.encoding.EncodingException;
import net.named_data.jndn.encoding.WireFormat;
import net.named_data.jndn.encoding.der.DerDecodingException;
import net.named_data.jndn.security.SigningInfo;
import net.named_data.jndn.security.certificate.IdentityCertificate;
import net.named_data.jndn.security.certificate.PublicKey;
import net.named_data.jndn.security.identity.BasicIdentityStorage;
import net.named_data.jndn.security.identity.IdentityManager;
import net.named_data.jndn.security.pib.Pib;
import net.named_data.jndn.security.pib.PibIdentity;
import net.named_data.jndn.security.pib.PibImpl;
import net.named_data.jndn.security.pib.PibKey;
import net.named_data.jndn.security.pib.PibMemory;
import net.named_data.jndn.security.pib.PibSqlite3;
import net.named_data.jndn.security.policy.NoVerifyPolicyManager;
import net.named_data.jndn.security.policy.PolicyManager;
import net.named_data.jndn.security.tpm.Tpm;
import net.named_data.jndn.security.tpm.TpmBackEnd;
import net.named_data.jndn.security.tpm.TpmBackEndFile;
import net.named_data.jndn.security.tpm.TpmBackEndMemory;
import net.named_data.jndn.security.v2.CertificateV2;
import net.named_data.jndn.util.Blob;
import net.named_data.jndn.util.Common;
import net.named_data.jndn.util.ConfigFile;

/* loaded from: input_file:net/named_data/jndn/security/KeyChain.class */
public class KeyChain {
    private boolean isSecurityV1_;
    private IdentityManager identityManager_;
    private PolicyManager policyManager_;
    private Face face_;
    private Pib pib_;
    private Tpm tpm_;
    public static final RsaKeyParams DEFAULT_KEY_PARAMS = new RsaKeyParams();
    private static String defaultPibLocator_ = null;
    private static String defaultTpmLocator_ = null;
    private static HashMap<String, MakePibImpl> pibFactories_ = null;
    private static HashMap<String, MakeTpmBackEnd> tpmFactories_ = null;
    private static final SigningInfo defaultSigningInfo_ = new SigningInfo();
    private static final KeyParams defaultKeyParams_ = new RsaKeyParams();
    private static final Logger logger_ = Logger.getLogger(KeyChain.class.getName());

    /* loaded from: input_file:net/named_data/jndn/security/KeyChain$Error.class */
    public static class Error extends Exception {
        public Error(String str) {
            super(str);
        }
    }

    /* loaded from: input_file:net/named_data/jndn/security/KeyChain$InvalidSigningInfoError.class */
    public static class InvalidSigningInfoError extends Error {
        public InvalidSigningInfoError(String str) {
            super(str);
        }
    }

    /* loaded from: input_file:net/named_data/jndn/security/KeyChain$LocatorMismatchError.class */
    public static class LocatorMismatchError extends Error {
        public LocatorMismatchError(String str) {
            super(str);
        }
    }

    /* loaded from: input_file:net/named_data/jndn/security/KeyChain$MakePibImpl.class */
    public interface MakePibImpl {
        PibImpl makePibImpl(String str) throws PibImpl.Error;
    }

    /* loaded from: input_file:net/named_data/jndn/security/KeyChain$MakeTpmBackEnd.class */
    public interface MakeTpmBackEnd {
        TpmBackEnd makeTpmBackEnd(String str);
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:net/named_data/jndn/security/KeyChain$VerifyCallbacks.class */
    public class VerifyCallbacks implements OnData, OnTimeout {
        private final ValidationRequest nextStep_;
        private final int retry_;
        private final OnDataValidationFailed onValidationFailed_;
        private final Data originalData_;

        public VerifyCallbacks(ValidationRequest validationRequest, int i, OnDataValidationFailed onDataValidationFailed, Data data) {
            this.nextStep_ = validationRequest;
            this.retry_ = i;
            this.onValidationFailed_ = onDataValidationFailed;
            this.originalData_ = data;
        }

        @Override // net.named_data.jndn.OnData
        public final void onData(Interest interest, Data data) {
            try {
                KeyChain.this.verifyData(data, this.nextStep_.onVerified_, this.nextStep_.onValidationFailed_, this.nextStep_.stepCount_);
            } catch (SecurityException e) {
                Logger.getLogger(KeyChain.class.getName()).log(Level.SEVERE, (String) null, (Throwable) e);
            }
        }

        @Override // net.named_data.jndn.OnTimeout
        public final void onTimeout(Interest interest) {
            if (this.retry_ <= 0) {
                try {
                    this.onValidationFailed_.onDataValidationFailed(this.originalData_, "The retry count is zero after timeout for fetching " + interest.getName().toUri());
                    return;
                } catch (Throwable th) {
                    KeyChain.logger_.log(Level.SEVERE, "Error in onDataValidationFailed", th);
                    return;
                }
            }
            VerifyCallbacks verifyCallbacks = new VerifyCallbacks(this.nextStep_, this.retry_ - 1, this.onValidationFailed_, this.originalData_);
            try {
                KeyChain.this.face_.expressInterest(interest, verifyCallbacks, verifyCallbacks);
            } catch (IOException e) {
                try {
                    this.onValidationFailed_.onDataValidationFailed(this.originalData_, "Error in expressInterest to retry after timeout for fetching " + interest.getName().toUri() + ": " + e);
                } catch (Throwable th2) {
                    KeyChain.logger_.log(Level.SEVERE, "Error in onDataValidationFailed", th2);
                }
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:net/named_data/jndn/security/KeyChain$VerifyCallbacksForVerifyInterest.class */
    public class VerifyCallbacksForVerifyInterest implements OnData, OnTimeout {
        private final ValidationRequest nextStep_;
        private final int retry_;
        private final OnInterestValidationFailed onValidationFailed_;
        private final Interest originalInterest_;

        public VerifyCallbacksForVerifyInterest(ValidationRequest validationRequest, int i, OnInterestValidationFailed onInterestValidationFailed, Interest interest) {
            this.nextStep_ = validationRequest;
            this.retry_ = i;
            this.onValidationFailed_ = onInterestValidationFailed;
            this.originalInterest_ = interest;
        }

        @Override // net.named_data.jndn.OnData
        public final void onData(Interest interest, Data data) {
            try {
                KeyChain.this.verifyData(data, this.nextStep_.onVerified_, this.nextStep_.onValidationFailed_, this.nextStep_.stepCount_);
            } catch (SecurityException e) {
                Logger.getLogger(KeyChain.class.getName()).log(Level.SEVERE, (String) null, (Throwable) e);
            }
        }

        @Override // net.named_data.jndn.OnTimeout
        public final void onTimeout(Interest interest) {
            if (this.retry_ <= 0) {
                try {
                    this.onValidationFailed_.onInterestValidationFailed(this.originalInterest_, "The retry count is zero after timeout for fetching " + interest.getName().toUri());
                    return;
                } catch (Throwable th) {
                    KeyChain.logger_.log(Level.SEVERE, "Error in onInterestValidationFailed", th);
                    return;
                }
            }
            VerifyCallbacksForVerifyInterest verifyCallbacksForVerifyInterest = new VerifyCallbacksForVerifyInterest(this.nextStep_, this.retry_ - 1, this.onValidationFailed_, this.originalInterest_);
            try {
                KeyChain.this.face_.expressInterest(interest, verifyCallbacksForVerifyInterest, verifyCallbacksForVerifyInterest);
            } catch (IOException e) {
                try {
                    this.onValidationFailed_.onInterestValidationFailed(this.originalInterest_, "Error in expressInterest to retry after timeout for fetching " + interest.getName().toUri() + ": " + e);
                } catch (Throwable th2) {
                    KeyChain.logger_.log(Level.SEVERE, "Error in onInterestValidationFailed", th2);
                }
            }
        }
    }

    public KeyChain(String str, String str2, boolean z) throws Error, PibImpl.Error, SecurityException, IOException {
        this.face_ = null;
        this.isSecurityV1_ = false;
        construct(str, str2, z);
    }

    public KeyChain(String str, String str2) throws Error, PibImpl.Error, SecurityException, IOException {
        this.face_ = null;
        this.isSecurityV1_ = false;
        construct(str, str2, false);
    }

    public KeyChain(PibImpl pibImpl, TpmBackEnd tpmBackEnd, PolicyManager policyManager) throws PibImpl.Error {
        this.face_ = null;
        this.isSecurityV1_ = false;
        this.policyManager_ = policyManager;
        this.pib_ = new Pib("", "", pibImpl);
        this.tpm_ = new Tpm("", "", tpmBackEnd);
    }

    public KeyChain(PibImpl pibImpl, TpmBackEnd tpmBackEnd) throws PibImpl.Error {
        this.face_ = null;
        this.isSecurityV1_ = false;
        this.policyManager_ = new NoVerifyPolicyManager();
        this.pib_ = new Pib("", "", pibImpl);
        this.tpm_ = new Tpm("", "", tpmBackEnd);
    }

    public KeyChain(IdentityManager identityManager, PolicyManager policyManager) {
        this.face_ = null;
        this.isSecurityV1_ = true;
        this.identityManager_ = identityManager;
        this.policyManager_ = policyManager;
    }

    public KeyChain(IdentityManager identityManager) {
        this.face_ = null;
        this.isSecurityV1_ = true;
        this.identityManager_ = identityManager;
        this.policyManager_ = new NoVerifyPolicyManager();
    }

    public KeyChain() throws SecurityException, Error, PibImpl.Error, IOException {
        this.face_ = null;
        this.isSecurityV1_ = false;
        if (!BasicIdentityStorage.getDefaultDatabaseFilePath().exists() || PibSqlite3.getDefaultDatabaseFilePath().exists()) {
            construct("", "", true);
            return;
        }
        this.isSecurityV1_ = true;
        this.identityManager_ = new IdentityManager();
        this.policyManager_ = new NoVerifyPolicyManager();
    }

    public final Pib getPib() {
        if (this.isSecurityV1_) {
            throw new AssertionError("getPib is not supported for security v1");
        }
        return this.pib_;
    }

    public final Tpm getTpm() {
        if (this.isSecurityV1_) {
            throw new AssertionError("getTpm is not supported for security v1");
        }
        return this.tpm_;
    }

    public final boolean getIsSecurityV1() {
        return this.isSecurityV1_;
    }

    public final PibIdentity createIdentityV2(Name name, KeyParams keyParams) throws PibImpl.Error, Pib.Error, Tpm.Error, TpmBackEnd.Error, Error {
        PibKey createKey;
        PibIdentity addIdentity_ = this.pib_.addIdentity_(name);
        try {
            createKey = addIdentity_.getDefaultKey();
        } catch (Pib.Error e) {
            createKey = createKey(addIdentity_, keyParams);
        }
        try {
            createKey.getDefaultCertificate();
        } catch (Pib.Error e2) {
            Logger.getLogger(getClass().getName()).log(Level.INFO, "No default cert for " + createKey.getName() + ", requesting self-signing");
            selfSign(createKey);
        }
        return addIdentity_;
    }

    public final PibIdentity createIdentityV2(Name name) throws PibImpl.Error, Pib.Error, Tpm.Error, TpmBackEnd.Error, Error {
        return createIdentityV2(name, getDefaultKeyParams());
    }

    public final void deleteIdentity(PibIdentity pibIdentity) throws PibImpl.Error, TpmBackEnd.Error {
        Name name = pibIdentity.getName();
        Iterator<Name> it = pibIdentity.getKeys_().getKeyNames().iterator();
        while (it.hasNext()) {
            this.tpm_.deleteKey_(it.next());
        }
        this.pib_.removeIdentity_(name);
    }

    public final void setDefaultIdentity(PibIdentity pibIdentity) throws PibImpl.Error, Pib.Error {
        this.pib_.setDefaultIdentity_(pibIdentity.getName());
    }

    public final PibKey createKey(PibIdentity pibIdentity, KeyParams keyParams) throws Tpm.Error, TpmBackEnd.Error, PibImpl.Error, Pib.Error, Error {
        Name createKey_ = this.tpm_.createKey_(pibIdentity.getName(), keyParams);
        PibKey addKey_ = pibIdentity.addKey_(this.tpm_.getPublicKey(createKey_).buf(), createKey_);
        Logger.getLogger(getClass().getName()).log(Level.INFO, "Requesting self-signing for newly created key " + addKey_.getName().toUri());
        selfSign(addKey_);
        return addKey_;
    }

    public final PibKey createKey(PibIdentity pibIdentity) throws Tpm.Error, TpmBackEnd.Error, PibImpl.Error, Pib.Error, Error {
        return createKey(pibIdentity, getDefaultKeyParams());
    }

    public final void deleteKey(PibIdentity pibIdentity, PibKey pibKey) throws PibImpl.Error, TpmBackEnd.Error {
        Name name = pibKey.getName();
        if (!pibIdentity.getName().equals(pibKey.getIdentityName())) {
            throw new IllegalArgumentException("Identity `" + pibIdentity.getName().toUri() + "` does not match key `" + name.toUri() + "`");
        }
        pibIdentity.removeKey_(name);
        this.tpm_.deleteKey_(name);
    }

    public final void setDefaultKey(PibIdentity pibIdentity, PibKey pibKey) throws Pib.Error, PibImpl.Error {
        if (!pibIdentity.getName().equals(pibKey.getIdentityName())) {
            throw new IllegalArgumentException("Identity `" + pibIdentity.getName().toUri() + "` does not match key `" + pibKey.getName().toUri() + "`");
        }
        pibIdentity.setDefaultKey_(pibKey.getName());
    }

    public final void addCertificate(PibKey pibKey, CertificateV2 certificateV2) throws CertificateV2.Error, PibImpl.Error {
        if (!pibKey.getName().equals(certificateV2.getKeyName()) || !certificateV2.getContent().equals(pibKey.getPublicKey())) {
            throw new IllegalArgumentException("Key `" + pibKey.getName().toUri() + "` does not match certificate `" + certificateV2.getKeyName().toUri() + "`");
        }
        pibKey.addCertificate_(certificateV2);
    }

    public final void deleteCertificate(PibKey pibKey, Name name) throws PibImpl.Error {
        if (!CertificateV2.isValidName(name)) {
            throw new IllegalArgumentException("Wrong certificate name `" + name.toUri() + "`");
        }
        pibKey.removeCertificate_(name);
    }

    public final void setDefaultCertificate(PibKey pibKey, CertificateV2 certificateV2) throws PibImpl.Error, CertificateV2.Error, Pib.Error {
        addCertificate(pibKey, certificateV2);
        pibKey.setDefaultCertificate_(certificateV2.getName());
    }

    public final void sign(Data data, SigningInfo signingInfo, WireFormat wireFormat) throws TpmBackEnd.Error, PibImpl.Error, Error {
        Name[] nameArr = new Name[1];
        data.setSignature(prepareSignatureInfo(signingInfo, nameArr));
        data.getSignature().setSignature(sign(data.wireEncode(wireFormat).signedBuf(), nameArr[0], signingInfo.getDigestAlgorithm()));
        data.wireEncode(wireFormat);
    }

    public final void sign(Data data, SigningInfo signingInfo) throws TpmBackEnd.Error, PibImpl.Error, Error {
        sign(data, signingInfo, WireFormat.getDefaultWireFormat());
    }

    public final void sign(Data data, WireFormat wireFormat) throws SecurityException, TpmBackEnd.Error, PibImpl.Error, Error {
        if (this.isSecurityV1_) {
            this.identityManager_.signByCertificate(data, prepareDefaultCertificateName(), wireFormat);
        } else {
            sign(data, defaultSigningInfo_, wireFormat);
        }
    }

    public final void sign(Data data) throws SecurityException, TpmBackEnd.Error, PibImpl.Error, Error {
        sign(data, WireFormat.getDefaultWireFormat());
    }

    public final void sign(Interest interest, SigningInfo signingInfo, WireFormat wireFormat) throws PibImpl.Error, Error, TpmBackEnd.Error {
        Name[] nameArr = new Name[1];
        Signature prepareSignatureInfo = prepareSignatureInfo(signingInfo, nameArr);
        interest.getName().append(wireFormat.encodeSignatureInfo(prepareSignatureInfo));
        interest.getName().append(new Name.Component());
        prepareSignatureInfo.setSignature(sign(interest.wireEncode(wireFormat).signedBuf(), nameArr[0], signingInfo.getDigestAlgorithm()));
        interest.setName(interest.getName().getPrefix(-1).append(wireFormat.encodeSignatureValue(prepareSignatureInfo)));
    }

    public final void sign(Interest interest, SigningInfo signingInfo) throws PibImpl.Error, Error, TpmBackEnd.Error {
        sign(interest, signingInfo, WireFormat.getDefaultWireFormat());
    }

    public final void sign(Interest interest, WireFormat wireFormat) throws PibImpl.Error, Error, TpmBackEnd.Error, SecurityException {
        if (this.isSecurityV1_) {
            this.identityManager_.signInterestByCertificate(interest, prepareDefaultCertificateName(), wireFormat);
        } else {
            sign(interest, defaultSigningInfo_, wireFormat);
        }
    }

    public final void sign(Interest interest) throws PibImpl.Error, Error, TpmBackEnd.Error, SecurityException {
        sign(interest, WireFormat.getDefaultWireFormat());
    }

    public final Blob sign(ByteBuffer byteBuffer, SigningInfo signingInfo) throws PibImpl.Error, Error, TpmBackEnd.Error {
        Name[] nameArr = new Name[1];
        prepareSignatureInfo(signingInfo, nameArr);
        return sign(byteBuffer, nameArr[0], signingInfo.getDigestAlgorithm());
    }

    public final Blob sign(ByteBuffer byteBuffer) throws PibImpl.Error, Error, TpmBackEnd.Error {
        return sign(byteBuffer, defaultSigningInfo_);
    }

    public final CertificateV2 selfSign(PibKey pibKey, WireFormat wireFormat) throws PibImpl.Error, Error, TpmBackEnd.Error {
        CertificateV2 certificateV2 = new CertificateV2();
        double nowMilliseconds = Common.getNowMilliseconds();
        Name name = new Name(pibKey.getName());
        name.append("self").appendVersion((long) nowMilliseconds);
        certificateV2.setName(name);
        certificateV2.getMetaInfo().setType(ContentType.KEY);
        certificateV2.getMetaInfo().setFreshnessPeriod(3600000.0d);
        certificateV2.setContent(pibKey.getPublicKey());
        SigningInfo signingInfo = new SigningInfo(pibKey);
        signingInfo.setValidityPeriod(new ValidityPeriod(nowMilliseconds, nowMilliseconds + 6.3072E11d));
        sign(certificateV2, signingInfo, wireFormat);
        try {
            pibKey.addCertificate_(certificateV2);
            return certificateV2;
        } catch (CertificateV2.Error e) {
            throw new Error("Error encoding certificate: " + e);
        }
    }

    public final CertificateV2 selfSign(PibKey pibKey) throws PibImpl.Error, Error, TpmBackEnd.Error {
        return selfSign(pibKey, WireFormat.getDefaultWireFormat());
    }

    public final SafeBag exportSafeBag(CertificateV2 certificateV2, ByteBuffer byteBuffer) throws Error {
        Name keyName = certificateV2.getKeyName();
        try {
            return new SafeBag(certificateV2, this.tpm_.exportPrivateKey_(keyName, byteBuffer));
        } catch (Throwable th) {
            throw new Error("Failed to export private key `" + keyName.toUri() + "`: " + th);
        }
    }

    public final SafeBag exportSafeBag(CertificateV2 certificateV2) throws Error {
        return exportSafeBag(certificateV2, null);
    }

    public final void importSafeBag(SafeBag safeBag, ByteBuffer byteBuffer) throws Error, CertificateV2.Error, TpmBackEnd.Error, PibImpl.Error, Pib.Error {
        CertificateV2 certificateV2 = new CertificateV2(safeBag.getCertificate());
        Name identity = certificateV2.getIdentity();
        Name keyName = certificateV2.getKeyName();
        Blob publicKey = certificateV2.getPublicKey();
        if (this.tpm_.hasKey(keyName)) {
            throw new Error("Private key `" + keyName.toUri() + "` already exists");
        }
        try {
            this.pib_.getIdentity(identity).getKey(keyName);
            throw new Error("Public key `" + keyName.toUri() + "` already exists");
        } catch (Pib.Error e) {
            try {
                this.tpm_.importPrivateKey_(keyName, safeBag.getPrivateKeyBag().buf(), byteBuffer);
                Blob blob = new Blob(new int[]{1, 2, 3, 4});
                try {
                    try {
                        if (VerificationHelpers.verifySignature(blob, this.tpm_.sign(blob.buf(), keyName, DigestAlgorithm.SHA256), new PublicKey(publicKey))) {
                            this.pib_.addIdentity_(identity).addKey_(certificateV2.getPublicKey().buf(), keyName).addCertificate_(certificateV2);
                        } else {
                            this.tpm_.deleteKey_(keyName);
                            throw new Error("Certificate `" + certificateV2.getName().toUri() + "` and private key `" + keyName.toUri() + "` do not match");
                        }
                    } catch (UnrecognizedKeyFormatException e2) {
                        this.tpm_.deleteKey_(keyName);
                        throw new Error("Error decoding public key " + e2);
                    }
                } catch (Exception e3) {
                    this.tpm_.deleteKey_(keyName);
                    throw new Error("Invalid private key `" + keyName.toUri() + "`");
                }
            } catch (Exception e4) {
                throw new Error("Failed to import private key `" + keyName.toUri() + "`: " + e4);
            }
        }
    }

    public final void importSafeBag(SafeBag safeBag) throws Error, CertificateV2.Error, TpmBackEnd.Error, PibImpl.Error, Pib.Error {
        importSafeBag(safeBag, null);
    }

    public static void registerPibBackend(String str, MakePibImpl makePibImpl) {
        getPibFactories().put(str, makePibImpl);
    }

    public static void registerTpmBackend(String str, MakeTpmBackEnd makeTpmBackEnd) {
        getTpmFactories().put(str, makeTpmBackEnd);
    }

    public final Name createIdentityAndCertificate(Name name, KeyParams keyParams) throws SecurityException {
        return this.identityManager_.createIdentityAndCertificate(name, keyParams);
    }

    public final Name createIdentityAndCertificate(Name name) throws SecurityException {
        return createIdentityAndCertificate(name, getDefaultKeyParams());
    }

    public final Name createIdentity(Name name, KeyParams keyParams) throws SecurityException {
        return IdentityCertificate.certificateNameToPublicKeyName(createIdentityAndCertificate(name, keyParams));
    }

    public final Name createIdentity(Name name) throws SecurityException {
        return IdentityCertificate.certificateNameToPublicKeyName(createIdentityAndCertificate(name));
    }

    public final void deleteIdentity(Name name) throws SecurityException {
        if (this.isSecurityV1_) {
            this.identityManager_.deleteIdentity(name);
            return;
        }
        try {
            deleteIdentity(this.pib_.getIdentity(name));
        } catch (Pib.Error e) {
        } catch (PibImpl.Error e2) {
        } catch (TpmBackEnd.Error e3) {
        }
    }

    public final Name getDefaultIdentity() throws SecurityException {
        if (this.isSecurityV1_) {
            return this.identityManager_.getDefaultIdentity();
        }
        try {
            return this.pib_.getDefaultIdentity().getName();
        } catch (Pib.Error e) {
            throw new SecurityException("Error in getDefaultIdentity: " + e);
        } catch (PibImpl.Error e2) {
            throw new SecurityException("Error in getDefaultIdentity: " + e2);
        }
    }

    public final Name getDefaultCertificateName() throws SecurityException {
        if (this.isSecurityV1_) {
            return this.identityManager_.getDefaultCertificateName();
        }
        try {
            return this.pib_.getDefaultIdentity().getDefaultKey().getDefaultCertificate().getName();
        } catch (Pib.Error e) {
            throw new SecurityException("Error in getDefaultCertificate: " + e);
        } catch (PibImpl.Error e2) {
            throw new SecurityException("Error in getDefaultCertificate: " + e2);
        }
    }

    public final Name generateRSAKeyPair(Name name, boolean z, int i) throws SecurityException {
        if (this.isSecurityV1_) {
            return this.identityManager_.generateRSAKeyPair(name, z, i);
        }
        throw new SecurityException("generateRSAKeyPair is not supported for security v2. Use createIdentityV2.");
    }

    public final Name generateRSAKeyPair(Name name, boolean z) throws SecurityException {
        if (this.isSecurityV1_) {
            return this.identityManager_.generateRSAKeyPair(name, z);
        }
        throw new SecurityException("generateRSAKeyPair is not supported for security v2. Use createIdentityV2.");
    }

    public final Name generateRSAKeyPair(Name name) throws SecurityException {
        if (this.isSecurityV1_) {
            return this.identityManager_.generateRSAKeyPair(name);
        }
        throw new SecurityException("generateRSAKeyPair is not supported for security v2. Use createIdentityV2.");
    }

    public final Name generateEcdsaKeyPair(Name name, boolean z, int i) throws SecurityException {
        if (this.isSecurityV1_) {
            return this.identityManager_.generateEcdsaKeyPair(name, z, i);
        }
        throw new SecurityException("generateEcdsaKeyPair is not supported for security v2. Use createIdentityV2.");
    }

    public final Name generateEcdsaKeyPair(Name name, boolean z) throws SecurityException {
        if (this.isSecurityV1_) {
            return this.identityManager_.generateEcdsaKeyPair(name, z);
        }
        throw new SecurityException("generateEcdsaKeyPair is not supported for security v2. Use createIdentityV2.");
    }

    public final Name generateEcdsaKeyPair(Name name) throws SecurityException {
        if (this.isSecurityV1_) {
            return this.identityManager_.generateEcdsaKeyPair(name);
        }
        throw new SecurityException("generateEcdsaKeyPair is not supported for security v2. Use createIdentityV2.");
    }

    public final void setDefaultKeyForIdentity(Name name, Name name2) throws SecurityException {
        if (!this.isSecurityV1_) {
            throw new SecurityException("setDefaultKeyForIdentity is not supported for security v2. Use getPib() methods.");
        }
        this.identityManager_.setDefaultKeyForIdentity(name, name2);
    }

    public final void setDefaultKeyForIdentity(Name name) throws SecurityException {
        if (!this.isSecurityV1_) {
            throw new SecurityException("setDefaultKeyForIdentity is not supported for security v2. Use getPib() methods.");
        }
        this.identityManager_.setDefaultKeyForIdentity(name);
    }

    public final Name generateRSAKeyPairAsDefault(Name name, boolean z, int i) throws SecurityException {
        if (this.isSecurityV1_) {
            return this.identityManager_.generateRSAKeyPairAsDefault(name, z, i);
        }
        throw new SecurityException("generateRSAKeyPairAsDefault is not supported for security v2. Use createIdentityV2.");
    }

    public final Name generateRSAKeyPairAsDefault(Name name, boolean z) throws SecurityException {
        if (this.isSecurityV1_) {
            return this.identityManager_.generateRSAKeyPairAsDefault(name, z);
        }
        throw new SecurityException("generateRSAKeyPairAsDefault is not supported for security v2. Use createIdentityV2.");
    }

    public final Name generateRSAKeyPairAsDefault(Name name) throws SecurityException {
        if (this.isSecurityV1_) {
            return this.identityManager_.generateRSAKeyPairAsDefault(name);
        }
        throw new SecurityException("generateRSAKeyPairAsDefault is not supported for security v2. Use createIdentityV2.");
    }

    public final Name generateEcdsaKeyPairAsDefault(Name name, boolean z, int i) throws SecurityException {
        if (this.isSecurityV1_) {
            return this.identityManager_.generateEcdsaKeyPairAsDefault(name, z, i);
        }
        throw new SecurityException("generateEcdsaKeyPairAsDefault is not supported for security v2. Use createIdentityV2.");
    }

    public final Name generateEcdsaKeyPairAsDefault(Name name, boolean z) throws SecurityException {
        if (this.isSecurityV1_) {
            return this.identityManager_.generateEcdsaKeyPairAsDefault(name, z);
        }
        throw new SecurityException("generateEcdsaKeyPairAsDefault is not supported for security v2. Use createIdentityV2.");
    }

    public final Name generateEcdsaKeyPairAsDefault(Name name) throws SecurityException {
        if (this.isSecurityV1_) {
            return this.identityManager_.generateEcdsaKeyPairAsDefault(name);
        }
        throw new SecurityException("generateEcdsaKeyPairAsDefault is not supported for security v2. Use createIdentityV2.");
    }

    public final Blob createSigningRequest(Name name) throws SecurityException {
        if (this.isSecurityV1_) {
            return this.identityManager_.getPublicKey(name).getKeyDer();
        }
        try {
            return this.pib_.getIdentity(PibKey.extractIdentityFromKeyName(name)).getKey(name).getPublicKey();
        } catch (Pib.Error e) {
            throw new SecurityException("Error in getKey: " + e);
        } catch (PibImpl.Error e2) {
            throw new SecurityException("Error in getKey: " + e2);
        }
    }

    public final void installIdentityCertificate(IdentityCertificate identityCertificate) throws SecurityException {
        if (!this.isSecurityV1_) {
            throw new SecurityException("installIdentityCertificate is not supported for security v2. Use getPib() methods.");
        }
        this.identityManager_.addCertificate(identityCertificate);
    }

    public final void setDefaultCertificateForKey(IdentityCertificate identityCertificate) throws SecurityException {
        if (!this.isSecurityV1_) {
            throw new SecurityException("setDefaultCertificateForKey is not supported for security v2. Use getPib() methods.");
        }
        this.identityManager_.setDefaultCertificateForKey(identityCertificate);
    }

    public final IdentityCertificate getCertificate(Name name) throws SecurityException, DerDecodingException {
        if (this.isSecurityV1_) {
            return this.identityManager_.getCertificate(name);
        }
        throw new SecurityException("getCertificate is not supported for security v2. Use getPib() methods.");
    }

    public final IdentityCertificate getIdentityCertificate(Name name) throws SecurityException, DerDecodingException {
        if (this.isSecurityV1_) {
            return this.identityManager_.getCertificate(name);
        }
        throw new SecurityException("getIdentityCertificate is not supported for security v2. Use getPib() methods.");
    }

    public final void revokeKey(Name name) {
    }

    public final void revokeCertificate(Name name) {
    }

    public final IdentityManager getIdentityManager() {
        if (this.isSecurityV1_) {
            return this.identityManager_;
        }
        throw new AssertionError("getIdentityManager is not supported for security v2");
    }

    public final void sign(Data data, Name name, WireFormat wireFormat) throws SecurityException {
        if (this.isSecurityV1_) {
            this.identityManager_.signByCertificate(data, name, wireFormat);
            return;
        }
        SigningInfo signingInfo = new SigningInfo();
        signingInfo.setSigningCertificateName(name);
        try {
            sign(data, signingInfo, wireFormat);
        } catch (Error e) {
            throw new SecurityException("Error in sign: " + e);
        } catch (PibImpl.Error e2) {
            throw new SecurityException("Error in sign: " + e2);
        } catch (TpmBackEnd.Error e3) {
            throw new SecurityException("Error in sign: " + e3);
        }
    }

    public final void sign(Data data, Name name) throws SecurityException {
        sign(data, name, WireFormat.getDefaultWireFormat());
    }

    public final void sign(Interest interest, Name name, WireFormat wireFormat) throws SecurityException {
        if (this.isSecurityV1_) {
            this.identityManager_.signInterestByCertificate(interest, name, wireFormat);
            return;
        }
        SigningInfo signingInfo = new SigningInfo();
        signingInfo.setSigningCertificateName(name);
        try {
            sign(interest, signingInfo, wireFormat);
        } catch (Error e) {
            throw new SecurityException("Error in sign: " + e);
        } catch (PibImpl.Error e2) {
            throw new SecurityException("Error in sign: " + e2);
        } catch (TpmBackEnd.Error e3) {
            throw new SecurityException("Error in sign: " + e3);
        }
    }

    public final void sign(Interest interest, Name name) throws SecurityException {
        sign(interest, name, WireFormat.getDefaultWireFormat());
    }

    public Signature sign(ByteBuffer byteBuffer, Name name) throws SecurityException {
        if (this.isSecurityV1_) {
            return this.identityManager_.signByCertificate(byteBuffer, name);
        }
        throw new SecurityException("sign(buffer, certificateName) is not supported for security v2. Use sign with SigningInfo.");
    }

    public final void signByIdentity(Data data, Name name, WireFormat wireFormat) throws SecurityException {
        Name defaultCertificateNameForIdentity;
        if (this.isSecurityV1_) {
            if (name.size() == 0) {
                Name inferSigningIdentity = this.policyManager_.inferSigningIdentity(data.getName());
                defaultCertificateNameForIdentity = inferSigningIdentity.size() == 0 ? this.identityManager_.getDefaultCertificateName() : this.identityManager_.getDefaultCertificateNameForIdentity(inferSigningIdentity);
            } else {
                defaultCertificateNameForIdentity = this.identityManager_.getDefaultCertificateNameForIdentity(name);
            }
            if (defaultCertificateNameForIdentity.size() == 0) {
                throw new SecurityException("No qualified certificate name found!");
            }
            if (!this.policyManager_.checkSigningPolicy(data.getName(), defaultCertificateNameForIdentity)) {
                throw new SecurityException("Signing Cert name does not comply with signing policy");
            }
            this.identityManager_.signByCertificate(data, defaultCertificateNameForIdentity, wireFormat);
            return;
        }
        SigningInfo signingInfo = new SigningInfo();
        signingInfo.setSigningIdentity(name);
        try {
            sign(data, signingInfo, wireFormat);
        } catch (Error e) {
            throw new SecurityException("Error in sign: " + e);
        } catch (PibImpl.Error e2) {
            throw new SecurityException("Error in sign: " + e2);
        } catch (TpmBackEnd.Error e3) {
            throw new SecurityException("Error in sign: " + e3);
        }
    }

    public final void signByIdentity(Data data, Name name) throws SecurityException {
        signByIdentity(data, name, WireFormat.getDefaultWireFormat());
    }

    public final void signByIdentity(Data data) throws SecurityException {
        signByIdentity(data, new Name(), WireFormat.getDefaultWireFormat());
    }

    public Signature signByIdentity(ByteBuffer byteBuffer, Name name) throws SecurityException {
        if (!this.isSecurityV1_) {
            throw new SecurityException("signByIdentity(buffer, identityName) is not supported for security v2. Use sign with SigningInfo.");
        }
        Name defaultCertificateNameForIdentity = this.identityManager_.getDefaultCertificateNameForIdentity(name);
        if (defaultCertificateNameForIdentity.size() == 0) {
            throw new SecurityException("No qualified certificate name found!");
        }
        return this.identityManager_.signByCertificate(byteBuffer, defaultCertificateNameForIdentity);
    }

    public final void signWithSha256(Data data, WireFormat wireFormat) throws SecurityException {
        if (this.isSecurityV1_) {
            this.identityManager_.signWithSha256(data, wireFormat);
            return;
        }
        SigningInfo signingInfo = new SigningInfo();
        signingInfo.setSha256Signing();
        try {
            sign(data, signingInfo, wireFormat);
        } catch (Error e) {
            throw new SecurityException("Error in sign: " + e);
        } catch (PibImpl.Error e2) {
            throw new SecurityException("Error in sign: " + e2);
        } catch (TpmBackEnd.Error e3) {
            throw new SecurityException("Error in sign: " + e3);
        }
    }

    public final void signWithSha256(Data data) throws SecurityException {
        signWithSha256(data, WireFormat.getDefaultWireFormat());
    }

    public final void signWithSha256(Interest interest, WireFormat wireFormat) throws SecurityException {
        if (this.isSecurityV1_) {
            this.identityManager_.signInterestWithSha256(interest, wireFormat);
            return;
        }
        SigningInfo signingInfo = new SigningInfo();
        signingInfo.setSha256Signing();
        try {
            sign(interest, signingInfo, wireFormat);
        } catch (Error e) {
            throw new SecurityException("Error in sign: " + e);
        } catch (PibImpl.Error e2) {
            throw new SecurityException("Error in sign: " + e2);
        } catch (TpmBackEnd.Error e3) {
            throw new SecurityException("Error in sign: " + e3);
        }
    }

    public final void signWithSha256(Interest interest) throws SecurityException {
        signWithSha256(interest, WireFormat.getDefaultWireFormat());
    }

    public final void verifyData(Data data, OnVerified onVerified, OnDataValidationFailed onDataValidationFailed, int i) throws SecurityException {
        Logger.getLogger(getClass().getName()).log(Level.INFO, "Enter Verify");
        if (!this.policyManager_.requireVerify(data)) {
            if (this.policyManager_.skipVerifyAndTrust(data)) {
                try {
                    onVerified.onVerified(data);
                    return;
                } catch (Throwable th) {
                    logger_.log(Level.SEVERE, "Error in onVerified", th);
                    return;
                }
            }
            try {
                onDataValidationFailed.onDataValidationFailed(data, "The packet has no verify rule but skipVerifyAndTrust is false");
                return;
            } catch (Throwable th2) {
                logger_.log(Level.SEVERE, "Error in onDataValidationFailed", th2);
                return;
            }
        }
        ValidationRequest checkVerificationPolicy = this.policyManager_.checkVerificationPolicy(data, i, onVerified, onDataValidationFailed);
        if (checkVerificationPolicy != null) {
            VerifyCallbacks verifyCallbacks = new VerifyCallbacks(checkVerificationPolicy, checkVerificationPolicy.retry_, onDataValidationFailed, data);
            try {
                this.face_.expressInterest(checkVerificationPolicy.interest_, verifyCallbacks, verifyCallbacks);
            } catch (IOException e) {
                try {
                    onDataValidationFailed.onDataValidationFailed(data, "Error calling expressInterest " + e);
                } catch (Throwable th3) {
                    logger_.log(Level.SEVERE, "Error in onDataValidationFailed", th3);
                }
            }
        }
    }

    public final void verifyData(Data data, OnVerified onVerified, OnDataValidationFailed onDataValidationFailed) throws SecurityException {
        verifyData(data, onVerified, onDataValidationFailed, 0);
    }

    public final void verifyData(Data data, OnVerified onVerified, final OnVerifyFailed onVerifyFailed) throws SecurityException {
        verifyData(data, onVerified, new OnDataValidationFailed() { // from class: net.named_data.jndn.security.KeyChain.1
            @Override // net.named_data.jndn.security.OnDataValidationFailed
            public void onDataValidationFailed(Data data2, String str) {
                onVerifyFailed.onVerifyFailed(data2);
            }
        });
    }

    public final void verifyInterest(Interest interest, OnVerifiedInterest onVerifiedInterest, OnInterestValidationFailed onInterestValidationFailed, int i) throws SecurityException {
        Logger.getLogger(getClass().getName()).log(Level.INFO, "Enter Verify");
        if (!this.policyManager_.requireVerify(interest)) {
            if (this.policyManager_.skipVerifyAndTrust(interest)) {
                try {
                    onVerifiedInterest.onVerifiedInterest(interest);
                    return;
                } catch (Throwable th) {
                    logger_.log(Level.SEVERE, "Error in onVerifiedInterest", th);
                    return;
                }
            }
            try {
                onInterestValidationFailed.onInterestValidationFailed(interest, "The packet has no verify rule but skipVerifyAndTrust is false");
                return;
            } catch (Throwable th2) {
                logger_.log(Level.SEVERE, "Error in onInterestValidationFailed", th2);
                return;
            }
        }
        ValidationRequest checkVerificationPolicy = this.policyManager_.checkVerificationPolicy(interest, i, onVerifiedInterest, onInterestValidationFailed);
        if (checkVerificationPolicy != null) {
            VerifyCallbacksForVerifyInterest verifyCallbacksForVerifyInterest = new VerifyCallbacksForVerifyInterest(checkVerificationPolicy, checkVerificationPolicy.retry_, onInterestValidationFailed, interest);
            try {
                this.face_.expressInterest(checkVerificationPolicy.interest_, verifyCallbacksForVerifyInterest, verifyCallbacksForVerifyInterest);
            } catch (IOException e) {
                try {
                    onInterestValidationFailed.onInterestValidationFailed(interest, "Error calling expressInterest " + e);
                } catch (Throwable th3) {
                    logger_.log(Level.SEVERE, "Error in onInterestValidationFailed", th3);
                }
            }
        }
    }

    public final void verifyInterest(Interest interest, OnVerifiedInterest onVerifiedInterest, OnInterestValidationFailed onInterestValidationFailed) throws SecurityException {
        verifyInterest(interest, onVerifiedInterest, onInterestValidationFailed, 0);
    }

    public final void verifyInterest(Interest interest, OnVerifiedInterest onVerifiedInterest, final OnVerifyInterestFailed onVerifyInterestFailed) throws SecurityException {
        verifyInterest(interest, onVerifiedInterest, new OnInterestValidationFailed() { // from class: net.named_data.jndn.security.KeyChain.2
            @Override // net.named_data.jndn.security.OnInterestValidationFailed
            public void onInterestValidationFailed(Interest interest2, String str) {
                onVerifyInterestFailed.onVerifyInterestFailed(interest2);
            }
        });
    }

    public final void setFace(Face face) {
        this.face_ = face;
    }

    public static void signWithHmacWithSha256(Data data, Blob blob, WireFormat wireFormat) {
        data.getSignature().setSignature(new Blob(Common.computeHmacWithSha256(blob.getImmutableArray(), data.wireEncode(wireFormat).signedBuf()), false));
    }

    public static void signWithHmacWithSha256(Data data, Blob blob) {
        signWithHmacWithSha256(data, blob, WireFormat.getDefaultWireFormat());
    }

    public static void signWithHmacWithSha256(Interest interest, Blob blob, Name name, WireFormat wireFormat) {
        HmacWithSha256Signature hmacWithSha256Signature = new HmacWithSha256Signature();
        hmacWithSha256Signature.getKeyLocator().setType(KeyLocatorType.KEYNAME);
        hmacWithSha256Signature.getKeyLocator().setKeyName(name);
        interest.getName().append(wireFormat.encodeSignatureInfo(hmacWithSha256Signature));
        interest.getName().append(new Name.Component());
        hmacWithSha256Signature.setSignature(new Blob(Common.computeHmacWithSha256(blob.getImmutableArray(), interest.wireEncode(wireFormat).signedBuf()), false));
        interest.setName(interest.getName().getPrefix(-1).append(wireFormat.encodeSignatureValue(hmacWithSha256Signature)));
    }

    public static void signWithHmacWithSha256(Interest interest, Blob blob, Name name) {
        signWithHmacWithSha256(interest, blob, name, WireFormat.getDefaultWireFormat());
    }

    public static boolean verifyDataWithHmacWithSha256(Data data, Blob blob, WireFormat wireFormat) {
        return ByteBuffer.wrap(Common.computeHmacWithSha256(blob.getImmutableArray(), data.wireEncode(wireFormat).signedBuf())).equals(data.getSignature().getSignature().buf());
    }

    public static boolean verifyDataWithHmacWithSha256(Data data, Blob blob) {
        return verifyDataWithHmacWithSha256(data, blob, WireFormat.getDefaultWireFormat());
    }

    public static boolean verifyInterestWithHmacWithSha256(Interest interest, Blob blob, WireFormat wireFormat) {
        try {
            Signature decodeSignatureInfoAndValue = wireFormat.decodeSignatureInfoAndValue(interest.getName().get(-2).getValue().buf(), interest.getName().get(-1).getValue().buf());
            return ByteBuffer.wrap(Common.computeHmacWithSha256(blob.getImmutableArray(), interest.wireEncode(wireFormat).signedBuf())).equals(decodeSignatureInfoAndValue.getSignature().buf());
        } catch (EncodingException e) {
            return false;
        }
    }

    public static boolean verifyInterestWithHmacWithSha256(Interest interest, Blob blob) {
        return verifyInterestWithHmacWithSha256(interest, blob, WireFormat.getDefaultWireFormat());
    }

    public static KeyParams getDefaultKeyParams() {
        return defaultKeyParams_;
    }

    private void construct(String str, String str2, boolean z) throws Error, PibImpl.Error, SecurityException, IOException {
        String[] strArr = new String[1];
        String[] strArr2 = new String[1];
        parseAndCheckPibLocator(str, strArr, strArr2);
        String str3 = strArr[0] + ":" + strArr2[0];
        this.pib_ = createPib(str3);
        String str4 = "";
        try {
            str4 = this.pib_.getTpmLocator();
        } catch (Pib.Error e) {
        }
        String[] strArr3 = new String[1];
        String[] strArr4 = new String[1];
        parseAndCheckTpmLocator(str2, strArr3, strArr4);
        String str5 = strArr3[0] + ":" + strArr4[0];
        ConfigFile configFile = new ConfigFile();
        if (str3.equals(getDefaultPibLocator(configFile))) {
            if (!str4.equals("") && !str4.equals(getDefaultTpmLocator(configFile))) {
                this.pib_.reset_();
                str5 = getDefaultTpmLocator(configFile);
            }
        } else if (!str4.equals("") && !str4.equals(str5)) {
            if (!z) {
                throw new LocatorMismatchError("The supplied TPM locator does not match the TPM locator in the PIB: " + str4 + " != " + str5);
            }
            this.pib_.reset_();
        }
        this.tpm_ = createTpm(str5);
        this.pib_.setTpmLocator(str5);
    }

    private static HashMap<String, MakePibImpl> getPibFactories() {
        if (pibFactories_ == null) {
            pibFactories_ = new HashMap<>();
            pibFactories_.put(PibSqlite3.getScheme(), new MakePibImpl() { // from class: net.named_data.jndn.security.KeyChain.3
                @Override // net.named_data.jndn.security.KeyChain.MakePibImpl
                public PibImpl makePibImpl(String str) throws PibImpl.Error {
                    return new PibSqlite3(str);
                }
            });
            pibFactories_.put(PibMemory.getScheme(), new MakePibImpl() { // from class: net.named_data.jndn.security.KeyChain.4
                @Override // net.named_data.jndn.security.KeyChain.MakePibImpl
                public PibImpl makePibImpl(String str) throws PibImpl.Error {
                    return new PibMemory();
                }
            });
        }
        return pibFactories_;
    }

    private static HashMap<String, MakeTpmBackEnd> getTpmFactories() {
        if (tpmFactories_ == null) {
            tpmFactories_ = new HashMap<>();
            tpmFactories_.put(TpmBackEndFile.getScheme(), new MakeTpmBackEnd() { // from class: net.named_data.jndn.security.KeyChain.5
                @Override // net.named_data.jndn.security.KeyChain.MakeTpmBackEnd
                public TpmBackEnd makeTpmBackEnd(String str) {
                    return new TpmBackEndFile(str);
                }
            });
            tpmFactories_.put(TpmBackEndMemory.getScheme(), new MakeTpmBackEnd() { // from class: net.named_data.jndn.security.KeyChain.6
                @Override // net.named_data.jndn.security.KeyChain.MakeTpmBackEnd
                public TpmBackEnd makeTpmBackEnd(String str) {
                    return new TpmBackEndMemory();
                }
            });
        }
        return tpmFactories_;
    }

    private static void parseLocatorUri(String str, String[] strArr, String[] strArr2) {
        int indexOf = str.indexOf(58);
        if (indexOf >= 0) {
            strArr[0] = str.substring(0, indexOf);
            strArr2[0] = str.substring(indexOf + 1);
        } else {
            strArr[0] = str;
            strArr2[0] = "";
        }
    }

    private static void parseAndCheckPibLocator(String str, String[] strArr, String[] strArr2) throws Error {
        parseLocatorUri(str, strArr, strArr2);
        if (strArr[0].equals("")) {
            strArr[0] = getDefaultPibScheme();
        }
        if (!getPibFactories().containsKey(strArr[0])) {
            throw new Error("PIB scheme `" + strArr[0] + "` is not supported");
        }
    }

    private static void parseAndCheckTpmLocator(String str, String[] strArr, String[] strArr2) throws SecurityException, Error {
        parseLocatorUri(str, strArr, strArr2);
        if (strArr[0].equals("")) {
            strArr[0] = getDefaultTpmScheme();
        }
        if (!getTpmFactories().containsKey(strArr[0])) {
            throw new Error("TPM scheme `" + strArr[0] + "` is not supported");
        }
    }

    private static String getDefaultPibScheme() {
        return PibSqlite3.getScheme();
    }

    private static String getDefaultTpmScheme() throws SecurityException {
        if (Common.platformIsOSX()) {
            throw new SecurityException("TpmBackEndOsx is not implemented yet. You must use tpm-file.");
        }
        return TpmBackEndFile.getScheme();
    }

    private static Pib createPib(String str) throws Error, PibImpl.Error {
        String[] strArr = new String[1];
        String[] strArr2 = new String[1];
        parseAndCheckPibLocator(str, strArr, strArr2);
        return new Pib(strArr[0], strArr2[0], getPibFactories().get(strArr[0]).makePibImpl(strArr2[0]));
    }

    private static Tpm createTpm(String str) throws SecurityException, Error {
        String[] strArr = new String[1];
        String[] strArr2 = new String[1];
        parseAndCheckTpmLocator(str, strArr, strArr2);
        return new Tpm(strArr[0], strArr2[0], getTpmFactories().get(strArr[0]).makeTpmBackEnd(strArr2[0]));
    }

    private static String getDefaultPibLocator(ConfigFile configFile) {
        if (defaultPibLocator_ != null) {
            return defaultPibLocator_;
        }
        String str = System.getenv("NDN_CLIENT_PIB");
        if (str == null || str == "") {
            defaultPibLocator_ = configFile.get("pib", getDefaultPibScheme() + ":");
        } else {
            defaultPibLocator_ = str;
        }
        return defaultPibLocator_;
    }

    private static String getDefaultTpmLocator(ConfigFile configFile) throws SecurityException {
        if (defaultTpmLocator_ != null) {
            return defaultTpmLocator_;
        }
        String str = System.getenv("NDN_CLIENT_TPM");
        if (str == null || str == "") {
            defaultTpmLocator_ = configFile.get("tpm", getDefaultTpmScheme() + ":");
        } else {
            defaultTpmLocator_ = str;
        }
        return defaultTpmLocator_;
    }

    private Signature prepareSignatureInfo(SigningInfo signingInfo, Name[] nameArr) throws PibImpl.Error, InvalidSigningInfoError, Error {
        Signature sha256WithEcdsaSignature;
        PibIdentity pibIdentity = null;
        PibKey pibKey = null;
        if (signingInfo.getSignerType() == SigningInfo.SignerType.NULL) {
            try {
                pibIdentity = this.pib_.getDefaultIdentity();
            } catch (Pib.Error e) {
                nameArr[0] = SigningInfo.getDigestSha256Identity();
                return new DigestSha256Signature();
            }
        } else if (signingInfo.getSignerType() == SigningInfo.SignerType.ID) {
            pibIdentity = signingInfo.getPibIdentity();
            if (pibIdentity == null) {
                try {
                    pibIdentity = this.pib_.getIdentity(signingInfo.getSignerName());
                } catch (Pib.Error e2) {
                    throw new InvalidSigningInfoError("Signing identity `" + signingInfo.getSignerName().toUri() + "` does not exist");
                }
            }
        } else if (signingInfo.getSignerType() == SigningInfo.SignerType.KEY) {
            pibKey = signingInfo.getPibKey();
            if (pibKey == null) {
                try {
                    pibKey = this.pib_.getIdentity(PibKey.extractIdentityFromKeyName(signingInfo.getSignerName())).getKey(signingInfo.getSignerName());
                    pibIdentity = null;
                } catch (Pib.Error e3) {
                    throw new InvalidSigningInfoError("Signing key `" + signingInfo.getSignerName().toUri() + "` does not exist");
                }
            }
        } else {
            if (signingInfo.getSignerType() != SigningInfo.SignerType.CERT) {
                if (signingInfo.getSignerType() != SigningInfo.SignerType.SHA256) {
                    throw new InvalidSigningInfoError("Unrecognized signer type");
                }
                nameArr[0] = SigningInfo.getDigestSha256Identity();
                return new DigestSha256Signature();
            }
            try {
                pibIdentity = this.pib_.getIdentity(CertificateV2.extractIdentityFromCertName(signingInfo.getSignerName()));
                pibKey = pibIdentity.getKey(CertificateV2.extractKeyNameFromCertName(signingInfo.getSignerName()));
            } catch (Pib.Error e4) {
                throw new InvalidSigningInfoError("Signing certificate `" + signingInfo.getSignerName().toUri() + "` does not exist");
            }
        }
        if (pibIdentity == null && pibKey == null) {
            throw new InvalidSigningInfoError("Cannot determine signing parameters");
        }
        if (pibIdentity != null && pibKey == null) {
            try {
                pibKey = pibIdentity.getDefaultKey();
            } catch (Pib.Error e5) {
                throw new InvalidSigningInfoError("Signing identity `" + pibIdentity.getName().toUri() + "` does not have default certificate");
            }
        }
        if (pibKey.getKeyType() == KeyType.RSA && signingInfo.getDigestAlgorithm() == DigestAlgorithm.SHA256) {
            sha256WithEcdsaSignature = new Sha256WithRsaSignature();
        } else {
            if (pibKey.getKeyType() != KeyType.EC || signingInfo.getDigestAlgorithm() != DigestAlgorithm.SHA256) {
                throw new Error("Unsupported key type");
            }
            sha256WithEcdsaSignature = new Sha256WithEcdsaSignature();
        }
        if (signingInfo.getValidityPeriod().hasPeriod() && ValidityPeriod.canGetFromSignature(sha256WithEcdsaSignature)) {
            ValidityPeriod.getFromSignature(sha256WithEcdsaSignature).setPeriod(signingInfo.getValidityPeriod().getNotBefore(), signingInfo.getValidityPeriod().getNotAfter());
        }
        KeyLocator fromSignature = KeyLocator.getFromSignature(sha256WithEcdsaSignature);
        fromSignature.setType(KeyLocatorType.KEYNAME);
        fromSignature.setKeyName(pibKey.getName());
        nameArr[0] = pibKey.getName();
        return sha256WithEcdsaSignature;
    }

    private Blob sign(ByteBuffer byteBuffer, Name name, DigestAlgorithm digestAlgorithm) throws TpmBackEnd.Error {
        return name.equals(SigningInfo.getDigestSha256Identity()) ? new Blob(Common.digestSha256(byteBuffer)) : this.tpm_.sign(byteBuffer, name, digestAlgorithm);
    }

    private Name prepareDefaultCertificateName() throws SecurityException {
        IdentityCertificate defaultCertificate = this.identityManager_.getDefaultCertificate();
        if (defaultCertificate == null) {
            setDefaultCertificate();
            defaultCertificate = this.identityManager_.getDefaultCertificate();
        }
        return defaultCertificate.getName();
    }

    private void setDefaultCertificate() throws SecurityException {
        Name append;
        if (this.identityManager_.getDefaultCertificate() == null) {
            try {
                append = this.identityManager_.getDefaultIdentity();
            } catch (SecurityException e) {
                ByteBuffer allocate = ByteBuffer.allocate(4);
                Common.getRandom().nextBytes(allocate.array());
                append = new Name().append("tmp-identity").append(new Blob(allocate, false));
            }
            createIdentityAndCertificate(append);
            this.identityManager_.setDefaultIdentity(append);
        }
    }
}
