package org.xipki.security.pkcs11.iaik;

import iaik.pkcs.pkcs11.Mechanism;
import iaik.pkcs.pkcs11.Session;
import iaik.pkcs.pkcs11.SessionInfo;
import iaik.pkcs.pkcs11.State;
import iaik.pkcs.pkcs11.TokenException;
import iaik.pkcs.pkcs11.objects.Attribute;
import iaik.pkcs.pkcs11.objects.ByteArrayAttribute;
import iaik.pkcs.pkcs11.objects.CharArrayAttribute;
import iaik.pkcs.pkcs11.objects.DSAPublicKey;
import iaik.pkcs.pkcs11.objects.ECPublicKey;
import iaik.pkcs.pkcs11.objects.PKCS11Object;
import iaik.pkcs.pkcs11.objects.RSAPublicKey;
import iaik.pkcs.pkcs11.objects.SecretKey;
import iaik.pkcs.pkcs11.objects.Storage;
import iaik.pkcs.pkcs11.objects.X509PublicKeyCertificate;
import iaik.pkcs.pkcs11.parameters.InitializationVectorParameters;
import iaik.pkcs.pkcs11.parameters.OpaqueParameters;
import iaik.pkcs.pkcs11.parameters.Parameters;
import iaik.pkcs.pkcs11.parameters.RSAPkcsPssParameters;
import iaik.pkcs.pkcs11.wrapper.PKCS11Exception;
import java.math.BigInteger;
import java.security.PublicKey;
import java.security.cert.CertificateException;
import java.security.spec.DSAPublicKeySpec;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.RSAPublicKeySpec;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Set;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.gm.GMObjectIdentifiers;
import org.bouncycastle.asn1.sec.SECObjectIdentifiers;
import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.xipki.security.EdECConstants;
import org.xipki.security.X509Cert;
import org.xipki.security.XiSecurityException;
import org.xipki.security.pkcs11.P11Params;
import org.xipki.security.pkcs11.P11Slot;
import org.xipki.security.pkcs11.P11TokenException;
import org.xipki.security.util.KeyUtil;
import org.xipki.security.util.X509Util;
import org.xipki.util.CollectionUtil;
import org.xipki.util.Hex;
import org.xipki.util.LogUtil;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:WEB-INF/lib/security-6.0.0.jar:org/xipki/security/pkcs11/iaik/IaikP11SlotUtil.class */
public class IaikP11SlotUtil {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) IaikP11SlotUtil.class);

    IaikP11SlotUtil() {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void singleLogin(Session session, long j, char[] cArr) throws P11TokenException {
        char[] cArr2 = cArr;
        if (cArr == null) {
            cArr2 = new char[0];
        }
        String userTypeText = getUserTypeText(j);
        try {
            session.login(j, cArr2);
            LOG.info("login successful as user " + userTypeText);
        } catch (TokenException e) {
            if ((e instanceof PKCS11Exception) && ((PKCS11Exception) e).getErrorCode() == 256) {
                LOG.info("user already logged in");
            } else {
                LOG.info("login failed as user " + userTypeText);
                throw new P11TokenException("login failed as user " + userTypeText + ": " + e.getMessage(), e);
            }
        }
    }

    private static String getUserTypeText(long j) {
        return j == 0 ? "CKU_SO" : j == 1 ? "CKU_USER" : j == 2 ? "CKU_CONTEXT_SPECIFIC" : "VENDOR_" + j;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static byte[] digestKey(Session session, int i, Mechanism mechanism, SecretKey secretKey) throws TokenException {
        session.digestInit(mechanism);
        session.digestKey(secretKey);
        byte[] bArr = new byte[i];
        session.digestFinal(bArr, 0, i);
        return bArr;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Mechanism getMechanism(long j, P11Params p11Params) throws P11TokenException {
        Parameters initializationVectorParameters;
        Mechanism mechanism = Mechanism.get(j);
        if (p11Params == null) {
            return mechanism;
        }
        if (p11Params instanceof P11Params.P11RSAPkcsPssParams) {
            P11Params.P11RSAPkcsPssParams p11RSAPkcsPssParams = (P11Params.P11RSAPkcsPssParams) p11Params;
            initializationVectorParameters = new RSAPkcsPssParameters(p11RSAPkcsPssParams.getHashAlgorithm(), p11RSAPkcsPssParams.getMaskGenerationFunction(), p11RSAPkcsPssParams.getSaltLength());
        } else if (p11Params instanceof P11Params.P11ByteArrayParams) {
            initializationVectorParameters = new OpaqueParameters(((P11Params.P11ByteArrayParams) p11Params).getBytes());
        } else {
            if (!(p11Params instanceof P11Params.P11IVParams)) {
                throw new P11TokenException("unknown P11Parameters " + p11Params.getClass().getName());
            }
            initializationVectorParameters = new InitializationVectorParameters(((P11Params.P11IVParams) p11Params).getIV());
        }
        mechanism.setParameters(initializationVectorParameters);
        return mechanism;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static X509PublicKeyCertificate getCertificateObject(Session session, byte[] bArr, char[] cArr) throws P11TokenException {
        X509PublicKeyCertificate[] certificateObjects = getCertificateObjects(session, bArr, cArr);
        if (CollectionUtil.isEmpty(certificateObjects)) {
            LOG.info("found no certificate identified by {}", P11Slot.getDescription(bArr, cArr));
            return null;
        }
        int length = certificateObjects.length;
        if (length > 1) {
            LOG.warn("found {} public key identified by {}, use the first one", Integer.valueOf(length), P11Slot.getDescription(bArr, cArr));
        }
        return certificateObjects[0];
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean checkSessionLoggedIn(Session session, long j) throws P11TokenException {
        boolean z;
        try {
            SessionInfo sessionInfo = session.getSessionInfo();
            if (LOG.isTraceEnabled()) {
                LOG.debug("SessionInfo: {}", sessionInfo);
            }
            State state = sessionInfo.getState();
            long deviceError = sessionInfo.getDeviceError();
            LOG.debug("to be verified PKCS11Module: state = {}, deviceError: {}", state, Long.valueOf(deviceError));
            if (deviceError != 0) {
                LOG.error("deviceError {}", Long.valueOf(deviceError));
                return false;
            }
            if (j == 0) {
                z = state.equals(State.RW_SO_FUNCTIONS);
            } else {
                z = state.equals(State.RW_USER_FUNCTIONS) || state.equals(State.RO_USER_FUNCTIONS);
            }
            LOG.debug("sessionLoggedIn: {}", Boolean.valueOf(z));
            return z;
        } catch (TokenException e) {
            throw new P11TokenException(e.getMessage(), e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static byte[] value(ByteArrayAttribute byteArrayAttribute) {
        if (byteArrayAttribute == null) {
            return null;
        }
        return byteArrayAttribute.getByteArrayValue();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static char[] value(CharArrayAttribute charArrayAttribute) {
        if (charArrayAttribute == null) {
            return null;
        }
        return charArrayAttribute.getCharArrayValue();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String valueStr(CharArrayAttribute charArrayAttribute) {
        char[] charArrayValue = charArrayAttribute == null ? null : charArrayAttribute.getCharArrayValue();
        if (charArrayValue == null) {
            return null;
        }
        return new String(charArrayValue);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static List<Storage> getObjects(Session session, Storage storage) throws P11TokenException {
        return getObjects(session, storage, 9999);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static List<Storage> getObjects(Session session, Storage storage, int i) throws P11TokenException {
        PKCS11Object[] findObjects;
        LinkedList linkedList = new LinkedList();
        try {
            try {
                session.findObjectsInit(storage);
                while (linkedList.size() < i && (findObjects = session.findObjects(1)) != null && findObjects.length != 0) {
                    for (PKCS11Object pKCS11Object : findObjects) {
                        logPkcs11ObjectAttributes("found object: ", pKCS11Object);
                        linkedList.add((Storage) pKCS11Object);
                    }
                }
                return linkedList;
            } catch (TokenException e) {
                throw new P11TokenException(e.getMessage(), e);
            }
        } finally {
            try {
                session.findObjectsFinal();
            } catch (Exception e2) {
                LogUtil.error(LOG, e2, "session.findObjectsFinal() failed");
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static PublicKey generatePublicKey(iaik.pkcs.pkcs11.objects.PublicKey publicKey) throws XiSecurityException {
        int i;
        if (publicKey instanceof RSAPublicKey) {
            RSAPublicKey rSAPublicKey = (RSAPublicKey) publicKey;
            return buildRSAKey(new BigInteger(1, value(rSAPublicKey.getModulus())), new BigInteger(1, value(rSAPublicKey.getPublicExponent())));
        }
        if (publicKey instanceof DSAPublicKey) {
            DSAPublicKey dSAPublicKey = (DSAPublicKey) publicKey;
            try {
                return KeyUtil.generateDSAPublicKey(new DSAPublicKeySpec(new BigInteger(1, value(dSAPublicKey.getValue())), new BigInteger(1, value(dSAPublicKey.getPrime())), new BigInteger(1, value(dSAPublicKey.getSubprime())), new BigInteger(1, value(dSAPublicKey.getBase()))));
            } catch (InvalidKeySpecException e) {
                throw new XiSecurityException(e.getMessage(), e);
            }
        }
        if (!(publicKey instanceof ECPublicKey)) {
            throw new XiSecurityException("unknown publicKey class " + publicKey.getClass().getName());
        }
        ECPublicKey eCPublicKey = (ECPublicKey) publicKey;
        long longValue = eCPublicKey.getKeyType().getLongValue().longValue();
        byte[] value = value(eCPublicKey.getEcdsaParams());
        byte[] value2 = value(eCPublicKey.getEcPoint());
        byte[] bArr = null;
        if (longValue == 4294963201L && value == null) {
            value = Hex.decode("06082a811ccf5501822d");
        }
        ASN1ObjectIdentifier aSN1ObjectIdentifier = ASN1ObjectIdentifier.getInstance(value);
        if (longValue == 4294963201L || longValue == 3) {
            if (GMObjectIdentifiers.sm2p256v1.equals(aSN1ObjectIdentifier) || SECObjectIdentifiers.secp256r1.equals(aSN1ObjectIdentifier) || TeleTrusTObjectIdentifiers.brainpoolP256r1.equals(aSN1ObjectIdentifier)) {
                i = 32;
            } else if (SECObjectIdentifiers.secp384r1.equals(aSN1ObjectIdentifier) || TeleTrusTObjectIdentifiers.brainpoolP384r1.equals(aSN1ObjectIdentifier)) {
                i = 48;
            } else if (SECObjectIdentifiers.secp521r1.equals(aSN1ObjectIdentifier)) {
                i = 66;
            } else {
                if (!TeleTrusTObjectIdentifiers.brainpoolP512r1.equals(aSN1ObjectIdentifier)) {
                    throw new XiSecurityException("unknown curve " + aSN1ObjectIdentifier.getId());
                }
                i = 64;
            }
            if (value2.length == 2 * i) {
                bArr = new byte[1 + (2 * i)];
                bArr[0] = 4;
                System.arraycopy(value2, 0, bArr, 1, value2.length);
            } else if (value2.length == 1 + (2 * i)) {
                bArr = value2;
            }
        }
        if (bArr == null) {
            bArr = DEROctetString.getInstance(value2).getOctets();
        }
        if (longValue != 64 && longValue != 65) {
            try {
                return KeyUtil.createECPublicKey(value, bArr);
            } catch (InvalidKeySpecException e2) {
                throw new XiSecurityException(e2.getMessage(), e2);
            }
        }
        if (longValue == 64) {
            if (!EdECConstants.isEdwardsCurve(aSN1ObjectIdentifier)) {
                throw new XiSecurityException("unknown Edwards curve OID " + aSN1ObjectIdentifier);
            }
        } else if (!EdECConstants.isMontgomeryCurve(aSN1ObjectIdentifier)) {
            throw new XiSecurityException("unknown Montgomery curve OID " + aSN1ObjectIdentifier);
        }
        try {
            return KeyUtil.generatePublicKey(new SubjectPublicKeyInfo(new AlgorithmIdentifier(aSN1ObjectIdentifier), bArr));
        } catch (InvalidKeySpecException e3) {
            throw new XiSecurityException(e3.getMessage(), e3);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static java.security.interfaces.RSAPublicKey buildRSAKey(BigInteger bigInteger, BigInteger bigInteger2) throws XiSecurityException {
        try {
            return KeyUtil.generateRSAPublicKey(new RSAPublicKeySpec(bigInteger, bigInteger2));
        } catch (InvalidKeySpecException e) {
            throw new XiSecurityException(e.getMessage(), e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static X509Cert parseCert(X509PublicKeyCertificate x509PublicKeyCertificate) throws P11TokenException {
        try {
            return X509Util.parseCert(value(x509PublicKeyCertificate.getValue()));
        } catch (CertificateException e) {
            throw new P11TokenException("could not parse certificate: " + e.getMessage(), e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static List<X509PublicKeyCertificate> getAllCertificateObjects(Session session) throws P11TokenException {
        List<Storage> objects = getObjects(session, new X509PublicKeyCertificate());
        ArrayList arrayList = new ArrayList(objects.size());
        Iterator<Storage> it = objects.iterator();
        while (it.hasNext()) {
            arrayList.add((X509PublicKeyCertificate) it.next());
        }
        return arrayList;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static int removeObjects0(Session session, Storage storage, String str) throws P11TokenException {
        try {
            List<Storage> objects = getObjects(session, storage);
            Iterator<Storage> it = objects.iterator();
            while (it.hasNext()) {
                session.destroyObject(it.next());
            }
            return objects.size();
        } catch (TokenException e) {
            LogUtil.error(LOG, e, "could not remove " + str);
            throw new P11TokenException(e.getMessage(), e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void setKeyAttributes(P11Slot.P11NewKeyControl p11NewKeyControl, SecretKey secretKey, char[] cArr) {
        secretKey.getToken().setBooleanValue(true);
        if (cArr != null) {
            secretKey.getLabel().setCharArrayValue(cArr);
        }
        if (p11NewKeyControl.getExtractable() != null) {
            secretKey.getExtractable().setBooleanValue(p11NewKeyControl.getExtractable());
        }
        if (p11NewKeyControl.getSensitive() != null) {
            secretKey.getSensitive().setBooleanValue(p11NewKeyControl.getSensitive());
        }
        Set<P11Slot.P11KeyUsage> usages = p11NewKeyControl.getUsages();
        Boolean bool = Boolean.TRUE;
        if (CollectionUtil.isNotEmpty(usages)) {
            for (P11Slot.P11KeyUsage p11KeyUsage : usages) {
                if (p11KeyUsage == P11Slot.P11KeyUsage.DECRYPT) {
                    secretKey.getDecrypt().setBooleanValue(bool);
                } else if (p11KeyUsage == P11Slot.P11KeyUsage.DERIVE) {
                    secretKey.getDerive().setBooleanValue(bool);
                } else if (p11KeyUsage == P11Slot.P11KeyUsage.SIGN) {
                    secretKey.getSign().setBooleanValue(bool);
                } else if (p11KeyUsage == P11Slot.P11KeyUsage.UNWRAP) {
                    secretKey.getUnwrap().setBooleanValue(bool);
                }
            }
        }
    }

    static X509PublicKeyCertificate[] getCertificateObjectsForId(Session session, byte[] bArr) throws P11TokenException {
        return getCertificateObjects0(session, bArr, true, null);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static X509PublicKeyCertificate[] getCertificateObjects(Session session, byte[] bArr, char[] cArr) throws P11TokenException {
        return getCertificateObjects0(session, bArr, false, cArr);
    }

    private static X509PublicKeyCertificate[] getCertificateObjects0(Session session, byte[] bArr, boolean z, char[] cArr) throws P11TokenException {
        X509PublicKeyCertificate x509PublicKeyCertificate = new X509PublicKeyCertificate();
        if (bArr != null) {
            x509PublicKeyCertificate.getId().setByteArrayValue(bArr);
        }
        if (!z) {
            x509PublicKeyCertificate.getLabel().setCharArrayValue(cArr);
        }
        List<Storage> objects = getObjects(session, x509PublicKeyCertificate);
        if (CollectionUtil.isEmpty(objects)) {
            LOG.info("found no certificate identified by {}", P11Slot.getDescription(bArr, cArr));
            return null;
        }
        int size = objects.size();
        X509PublicKeyCertificate[] x509PublicKeyCertificateArr = new X509PublicKeyCertificate[size];
        for (int i = 0; i < size; i++) {
            x509PublicKeyCertificateArr[i] = (X509PublicKeyCertificate) objects.get(i);
        }
        return x509PublicKeyCertificateArr;
    }

    static void logPkcs11ObjectAttributes(String str, PKCS11Object pKCS11Object) {
        if (LOG.isDebugEnabled()) {
            Hashtable<Long, Attribute> attributeTable = pKCS11Object.getAttributeTable();
            StringBuilder sb = new StringBuilder();
            if (str != null) {
                sb.append(str);
            }
            Enumeration<Long> keys = attributeTable.keys();
            while (keys.hasMoreElements()) {
                sb.append("\n  ").append(pKCS11Object.getAttribute(keys.nextElement().longValue()).toString(true));
            }
            LOG.debug(sb.toString());
        }
    }
}
