package org.xipki.security.pkcs11.proxy;

import java.math.BigInteger;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import org.bouncycastle.asn1.ASN1Integer;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.xipki.security.BadAsn1ObjectException;
import org.xipki.security.X509Cert;
import org.xipki.security.pkcs11.P11Identity;
import org.xipki.security.pkcs11.P11IdentityId;
import org.xipki.security.pkcs11.P11ModuleConf;
import org.xipki.security.pkcs11.P11ObjectIdentifier;
import org.xipki.security.pkcs11.P11Slot;
import org.xipki.security.pkcs11.P11SlotIdentifier;
import org.xipki.security.pkcs11.P11TokenException;
import org.xipki.security.pkcs11.P11UnknownEntityException;
import org.xipki.security.pkcs11.proxy.ProxyMessage;
import org.xipki.security.util.KeyUtil;
import org.xipki.security.util.X509Util;
import org.xipki.util.StringUtil;

/* loaded from: input_file:WEB-INF/lib/security-5.0.1.jar:org/xipki/security/pkcs11/proxy/ProxyP11Slot.class */
public class ProxyP11Slot extends P11Slot {
    private final ProxyP11Module module;
    private final P11SlotIdentifier slotId;
    private final ProxyMessage.SlotIdentifier asn1SlotId;

    /* JADX INFO: Access modifiers changed from: package-private */
    public ProxyP11Slot(ProxyP11Module proxyP11Module, P11SlotIdentifier p11SlotIdentifier, boolean z, P11ModuleConf.P11MechanismFilter p11MechanismFilter) throws P11TokenException {
        super(proxyP11Module.getName(), p11SlotIdentifier, z, p11MechanismFilter);
        this.module = proxyP11Module;
        this.slotId = p11SlotIdentifier;
        this.asn1SlotId = new ProxyMessage.SlotIdentifier(p11SlotIdentifier);
        refresh();
    }

    @Override // org.xipki.security.pkcs11.P11Slot
    protected P11Slot.P11SlotRefreshResult refresh0() throws P11TokenException {
        P11Slot.P11SlotRefreshResult p11SlotRefreshResult = new P11Slot.P11SlotRefreshResult();
        Iterator<Long> it = getMechanismsFromServer().iterator();
        while (it.hasNext()) {
            p11SlotRefreshResult.addMechanism(it.next().longValue());
        }
        for (P11ObjectIdentifier p11ObjectIdentifier : getObjectIdsFromServer((short) 261)) {
            X509Cert certificate = getCertificate(p11ObjectIdentifier);
            if (certificate != null) {
                p11SlotRefreshResult.addCertificate(p11ObjectIdentifier, certificate);
            }
        }
        List<P11ObjectIdentifier> objectIdsFromServer = getObjectIdsFromServer((short) 262);
        for (P11ObjectIdentifier p11ObjectIdentifier2 : getObjectIdsFromServer((short) 260)) {
            byte[] id = p11ObjectIdentifier2.getId();
            P11ObjectIdentifier p11ObjectIdentifier3 = null;
            Iterator<P11ObjectIdentifier> it2 = objectIdsFromServer.iterator();
            while (true) {
                if (!it2.hasNext()) {
                    break;
                }
                P11ObjectIdentifier next = it2.next();
                if (next.matchesId(id)) {
                    p11ObjectIdentifier3 = next;
                    break;
                }
            }
            X509Cert certForId = p11SlotRefreshResult.getCertForId(id);
            PublicKey publicKey = certForId != null ? certForId.getCert().getPublicKey() : getPublicKey(p11ObjectIdentifier2);
            P11IdentityId p11IdentityId = new P11IdentityId(this.slotId, p11ObjectIdentifier2, p11ObjectIdentifier3 == null ? null : p11ObjectIdentifier3.getLabel(), p11SlotRefreshResult.getCertLabelForId(id));
            p11SlotRefreshResult.addIdentity(publicKey == null ? new ProxyP11Identity(this, p11IdentityId) : new ProxyP11Identity(this, p11IdentityId, publicKey, certForId == null ? null : new X509Certificate[]{certForId.getCert()}));
        }
        return p11SlotRefreshResult;
    }

    @Override // org.xipki.security.pkcs11.P11Slot, java.io.Closeable, java.lang.AutoCloseable
    public void close() {
    }

    private PublicKey getPublicKey(P11ObjectIdentifier p11ObjectIdentifier) throws P11UnknownEntityException, P11TokenException {
        byte[] send = this.module.send((short) 257, new ProxyMessage.SlotIdAndObjectId(this.asn1SlotId, new ProxyMessage.ObjectIdentifier(p11ObjectIdentifier)));
        if (send == null) {
            return null;
        }
        try {
            return KeyUtil.generatePublicKey(SubjectPublicKeyInfo.getInstance(send));
        } catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
            throw new P11TokenException("could not generate Public Key from SubjectPublicKeyInfo:" + e.getMessage(), e);
        }
    }

    private X509Cert getCertificate(P11ObjectIdentifier p11ObjectIdentifier) throws P11TokenException {
        byte[] send = this.module.send((short) 258, new ProxyMessage.SlotIdAndObjectId(this.asn1SlotId, new ProxyMessage.ObjectIdentifier(p11ObjectIdentifier)));
        if (send == null) {
            return null;
        }
        try {
            return new X509Cert(X509Util.parseCert(send), send);
        } catch (CertificateException e) {
            throw new P11TokenException("could not parse certificate:" + e.getMessage(), e);
        }
    }

    @Override // org.xipki.security.pkcs11.P11Slot
    public int removeObjects(byte[] bArr, String str) throws P11TokenException {
        if ((bArr == null || bArr.length == 0) && StringUtil.isBlank(str)) {
            throw new IllegalArgumentException("at least one of id and label must not be null");
        }
        try {
            return ASN1Integer.getInstance(this.module.send((short) 324, new ProxyMessage.RemoveObjectsParams(this.slotId, bArr, str))).getValue().intValue();
        } catch (IllegalArgumentException e) {
            throw new P11TokenException(e.getMessage(), e);
        }
    }

    @Override // org.xipki.security.pkcs11.P11Slot
    protected void removeIdentity0(P11IdentityId p11IdentityId) throws P11TokenException {
        this.module.send((short) 321, new ProxyMessage.SlotIdAndObjectId(this.asn1SlotId, new ProxyMessage.ObjectIdentifier(p11IdentityId.getKeyId())));
    }

    @Override // org.xipki.security.pkcs11.P11Slot
    protected P11ObjectIdentifier addCert0(X509Certificate x509Certificate, P11Slot.P11NewObjectControl p11NewObjectControl) throws P11TokenException, CertificateException {
        byte[] send = this.module.send((short) 320, new ProxyMessage.AddCertParams(this.slotId, p11NewObjectControl, x509Certificate));
        if (send == null) {
            return null;
        }
        try {
            return ProxyMessage.ObjectIdentifier.getInstance(send).getValue();
        } catch (BadAsn1ObjectException e) {
            throw new P11TokenException("invalid ASN1 object Asn1P11ObjectIdentifier: " + e.getMessage(), e);
        }
    }

    @Override // org.xipki.security.pkcs11.P11Slot
    protected void removeCerts0(P11ObjectIdentifier p11ObjectIdentifier) throws P11TokenException {
        this.module.send((short) 322, new ProxyMessage.SlotIdAndObjectId(this.asn1SlotId, new ProxyMessage.ObjectIdentifier(p11ObjectIdentifier)));
    }

    @Override // org.xipki.security.pkcs11.P11Slot
    protected P11Identity generateSecretKey0(long j, int i, P11Slot.P11NewKeyControl p11NewKeyControl) throws P11TokenException {
        return parseGenerateSecretKeyResult(this.module.send((short) 309, new ProxyMessage.GenSecretKeyParams(this.slotId, p11NewKeyControl, j, i)));
    }

    @Override // org.xipki.security.pkcs11.P11Slot
    protected P11Identity importSecretKey0(long j, byte[] bArr, P11Slot.P11NewKeyControl p11NewKeyControl) throws P11TokenException {
        return parseGenerateSecretKeyResult(this.module.send((short) 310, new ProxyMessage.ImportSecretKeyParams(this.slotId, p11NewKeyControl, j, bArr)));
    }

    @Override // org.xipki.security.pkcs11.P11Slot
    protected P11Identity generateRSAKeypair0(int i, BigInteger bigInteger, P11Slot.P11NewKeyControl p11NewKeyControl) throws P11TokenException {
        return parseGenerateKeypairResult(this.module.send((short) 304, new ProxyMessage.GenRSAKeypairParams(this.slotId, p11NewKeyControl, i, bigInteger)));
    }

    @Override // org.xipki.security.pkcs11.P11Slot
    protected P11Identity generateDSAKeypair0(BigInteger bigInteger, BigInteger bigInteger2, BigInteger bigInteger3, P11Slot.P11NewKeyControl p11NewKeyControl) throws P11TokenException {
        return parseGenerateKeypairResult(this.module.send((short) 305, new ProxyMessage.GenDSAKeypairParams(this.slotId, p11NewKeyControl, bigInteger, bigInteger2, bigInteger3)));
    }

    @Override // org.xipki.security.pkcs11.P11Slot
    protected P11Identity generateECKeypair0(ASN1ObjectIdentifier aSN1ObjectIdentifier, P11Slot.P11NewKeyControl p11NewKeyControl) throws P11TokenException {
        return parseGenerateKeypairResult(this.module.send((short) 307, new ProxyMessage.GenECKeypairParams(this.slotId, p11NewKeyControl, aSN1ObjectIdentifier)));
    }

    @Override // org.xipki.security.pkcs11.P11Slot
    protected P11Identity generateSM2Keypair0(P11Slot.P11NewKeyControl p11NewKeyControl) throws P11TokenException {
        return parseGenerateKeypairResult(this.module.send((short) 325, new ProxyMessage.GenSM2KeypairParams(this.slotId, p11NewKeyControl)));
    }

    private P11Identity parseGenerateKeypairResult(byte[] bArr) throws P11TokenException {
        return parseGenerateKeyResult(bArr, true);
    }

    private P11Identity parseGenerateSecretKeyResult(byte[] bArr) throws P11TokenException {
        return parseGenerateKeyResult(bArr, false);
    }

    private P11Identity parseGenerateKeyResult(byte[] bArr, boolean z) throws P11TokenException {
        if (bArr == null) {
            throw new P11TokenException("server returned no result");
        }
        try {
            ProxyMessage.IdentityId identityId = ProxyMessage.IdentityId.getInstance(bArr);
            if (!this.slotId.equals(identityId.getValue().getSlotId())) {
                throw new P11TokenException("returned identity has different slodId");
            }
            P11IdentityId value = identityId.getValue();
            return z ? new ProxyP11Identity(this, value, getPublicKey(value.getPublicKeyId()), null) : new ProxyP11Identity(this, value);
        } catch (BadAsn1ObjectException e) {
            throw new P11TokenException("invalid ASN1 object Asn1P11EntityIdentifier: " + e.getMessage(), e);
        }
    }

    @Override // org.xipki.security.pkcs11.P11Slot
    protected void updateCertificate0(P11ObjectIdentifier p11ObjectIdentifier, X509Certificate x509Certificate) throws P11TokenException, CertificateException {
        this.module.send((short) 323, new ProxyMessage.ObjectIdAndCert(this.asn1SlotId, new ProxyMessage.ObjectIdentifier(p11ObjectIdentifier), x509Certificate));
    }

    private List<Long> getMechanismsFromServer() throws P11TokenException {
        ASN1Sequence requireSequence = requireSequence(this.module.send((short) 2, new ProxyMessage.SlotIdentifier(this.slotId)));
        int size = requireSequence.size();
        ArrayList arrayList = new ArrayList(size);
        for (int i = 0; i < size; i++) {
            arrayList.add(Long.valueOf(ASN1Integer.getInstance(requireSequence.getObjectAt(i)).getValue().longValue()));
        }
        return arrayList;
    }

    private List<P11ObjectIdentifier> getObjectIdsFromServer(short s) throws P11TokenException {
        try {
            List<ProxyMessage.ObjectIdentifier> objectIds = ProxyMessage.ObjectIdentifiers.getInstance(this.module.send(s, new ProxyMessage.SlotIdentifier(this.slotId))).getObjectIds();
            ArrayList arrayList = new ArrayList(objectIds.size());
            Iterator<ProxyMessage.ObjectIdentifier> it = objectIds.iterator();
            while (it.hasNext()) {
                arrayList.add(it.next().getValue());
            }
            return arrayList;
        } catch (BadAsn1ObjectException e) {
            throw new P11TokenException("bad ASN1 object: " + e.getMessage(), e);
        }
    }

    private ASN1Sequence requireSequence(byte[] bArr) throws P11TokenException {
        try {
            return ASN1Sequence.getInstance(bArr);
        } catch (IllegalArgumentException e) {
            throw new P11TokenException("response is not ASN1Sequence", e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ProxyP11Module getModule() {
        return this.module;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ProxyMessage.SlotIdentifier getAsn1SlotId() {
        return this.asn1SlotId;
    }
}
