package org.xipki.security.pkcs11;

import java.io.IOException;
import java.io.OutputStream;
import java.math.BigInteger;
import java.nio.charset.StandardCharsets;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.interfaces.DSAPublicKey;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.DSAPublicKeySpec;
import java.security.spec.InvalidKeySpecException;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicLong;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1Integer;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1Set;
import org.bouncycastle.asn1.DERBitString;
import org.bouncycastle.asn1.DERNull;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.gm.GMObjectIdentifiers;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
import org.bouncycastle.asn1.pkcs.RSAPrivateKey;
import org.bouncycastle.asn1.sec.ECPrivateKey;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.DSAParameter;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
import org.bouncycastle.util.encoders.Hex;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.xipki.pkcs11.wrapper.AttributeVector;
import org.xipki.pkcs11.wrapper.KeyPairTemplate;
import org.xipki.pkcs11.wrapper.Mechanism;
import org.xipki.pkcs11.wrapper.PKCS11Constants;
import org.xipki.pkcs11.wrapper.PKCS11Exception;
import org.xipki.pkcs11.wrapper.PKCS11KeyPair;
import org.xipki.pkcs11.wrapper.Session;
import org.xipki.pkcs11.wrapper.Slot;
import org.xipki.pkcs11.wrapper.TokenException;
import org.xipki.security.EdECConstants;
import org.xipki.security.pkcs11.P11ModuleConf;
import org.xipki.security.pkcs11.P11Slot;
import org.xipki.security.util.AlgorithmUtil;
import org.xipki.security.util.KeyUtil;
import org.xipki.util.Args;
import org.xipki.util.CollectionUtil;
import org.xipki.util.LogUtil;
import org.xipki.util.StringUtil;
import org.xipki.util.concurrent.ConcurrentBag;
import org.xipki.util.concurrent.ConcurrentBagEntry;

/* loaded from: input_file:WEB-INF/lib/security-6.1.0.jar:org/xipki/security/pkcs11/NativeP11Slot.class */
class NativeP11Slot extends P11Slot {
    public static final AlgorithmIdentifier ALGID_RSA = new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption, DERNull.INSTANCE);
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) NativeP11Slot.class);
    private static final long DEFAULT_MAX_COUNT_SESSION = 32;
    private final int maxMessageSize;
    private Slot slot;
    private final long userType;
    private List<char[]> password;
    private final int maxSessionCount;
    private final long timeOutWaitNewSession = 10000;
    private final AtomicLong countSessions;
    private final SecureRandom random;
    private final ConcurrentBag<ConcurrentBagEntry<Session>> sessions;
    private final long rsaKeyPairGenMech;
    private String libDesc;

    /* JADX INFO: Access modifiers changed from: package-private */
    public NativeP11Slot(String str, P11SlotId p11SlotId, Slot slot, boolean z, long j, List<char[]> list, int i, P11ModuleConf.P11MechanismFilter p11MechanismFilter, P11ModuleConf.P11NewObjectConf p11NewObjectConf, Integer num, List<Long> list2, List<Long> list3) throws TokenException {
        super(str, p11SlotId, z, list2, list3, p11NewObjectConf);
        this.timeOutWaitNewSession = 10000L;
        this.countSessions = new AtomicLong(0L);
        this.random = new SecureRandom();
        this.sessions = new ConcurrentBag<>();
        this.slot = (Slot) Args.notNull(slot, "slot");
        this.maxMessageSize = Args.positive(i, "maxMessageSize");
        this.userType = j;
        this.password = list;
        boolean z2 = false;
        this.libDesc = slot.getModule().getInfo().getLibraryDescription();
        if (this.libDesc == null) {
            this.libDesc = "";
        }
        initMechanisms(getSupportedMechanisms(), p11MechanismFilter);
        try {
            Session openSession = openSession();
            firstLogin(openSession, list);
            long maxSessionCount = this.slot.getToken().getTokenInfo().getMaxSessionCount();
            long j2 = maxSessionCount <= 0 ? 32L : maxSessionCount < 3 ? 1L : maxSessionCount - 2;
            this.maxSessionCount = (int) (num != null ? Math.min(num.intValue(), j2) : j2);
            LOG.info("maxSessionCount: {}", Integer.valueOf(this.maxSessionCount));
            this.sessions.add(new ConcurrentBagEntry<>(openSession));
            this.rsaKeyPairGenMech = supportsMechanism(10L) ? 10L : 0L;
            z2 = true;
            if (1 == 0) {
                close();
            }
        } catch (Throwable th) {
            if (!z2) {
                close();
            }
            throw th;
        }
    }

    private long[] getSupportedMechanisms() throws TokenException {
        long[] mechanismList = this.slot.getToken().getMechanismList();
        ArrayList arrayList = new ArrayList(mechanismList.length);
        StringBuilder sb = new StringBuilder();
        boolean contains = this.libDesc.toLowerCase().contains("smartcard");
        for (long j : mechanismList) {
            if (!contains) {
                arrayList.add(Long.valueOf(j));
            } else if (j == PKCS11Constants.CKM_ECDSA_SHA1 || j == PKCS11Constants.CKM_ECDSA_SHA224 || j == PKCS11Constants.CKM_ECDSA_SHA256 || j == PKCS11Constants.CKM_ECDSA_SHA384 || j == PKCS11Constants.CKM_ECDSA_SHA512 || j == PKCS11Constants.CKM_ECDSA_SHA3_224 || j == PKCS11Constants.CKM_ECDSA_SHA3_256 || j == PKCS11Constants.CKM_ECDSA_SHA3_384 || j == PKCS11Constants.CKM_ECDSA_SHA3_512) {
                sb.append(PKCS11Constants.ckmCodeToName(j)).append(", ");
            } else {
                arrayList.add(Long.valueOf(j));
            }
        }
        if (sb.length() > 0) {
            LOG.info("Ignore mechanisms in smartcard-based HSM: {}", sb.substring(0, sb.length() - 2));
        }
        if (sb.length() == 0) {
            return mechanismList;
        }
        long[] jArr = new long[arrayList.size()];
        int i = 0;
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            int i2 = i;
            i++;
            jArr[i2] = ((Long) it.next()).longValue();
        }
        return jArr;
    }

    @Override // org.xipki.security.pkcs11.P11Slot, java.io.Closeable, java.lang.AutoCloseable
    public final void close() {
        if (this.slot != null) {
            try {
                LOG.info("close all sessions on token: {}", Long.valueOf(this.slot.getSlotID()));
                Iterator<ConcurrentBagEntry<Session>> it = this.sessions.values().iterator();
                while (it.hasNext()) {
                    it.next().value().closeSession();
                }
            } catch (Throwable th) {
                LogUtil.error(LOG, th, "could not slot.getToken().closeAllSessions()");
            }
            this.slot = null;
        }
        this.sessions.close();
        this.countSessions.lazySet(0L);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public byte[] digestSecretKey(long j, NativeP11Identity nativeP11Identity) throws TokenException {
        if (!nativeP11Identity.isSecretKey()) {
            throw new TokenException("digestSecretKey could not be applied to non-SecretKey");
        }
        long handle = ((NativeP11Identity) Args.notNull(nativeP11Identity, "identity")).getId().getKeyId().getHandle();
        assertMechanismSupported(j);
        if (LOG.isTraceEnabled()) {
            LOG.debug("digest (init, digestKey, then finish) secret key {}", nativeP11Identity.getId());
        }
        int i = 544 == j ? 20 : (597 == j || 693 == j) ? 28 : (592 == j || 688 == j) ? 32 : (608 == j || 704 == j) ? 48 : (624 == j || 720 == j) ? 64 : -1;
        if (i == -1) {
            throw new TokenException("unsupported mechanism " + j);
        }
        ConcurrentBagEntry<Session> borrowSession = borrowSession();
        Mechanism mechanism = new Mechanism(j);
        try {
            Session value = borrowSession.value();
            try {
                byte[] digestKey = NativeP11SlotUtil.digestKey(value, i, mechanism, handle);
                this.sessions.requite(borrowSession);
                return digestKey;
            } catch (PKCS11Exception e) {
                if (e.getErrorCode() != 257) {
                    throw e;
                }
                LOG.info("digestKey ended with ERROR CKR_USER_NOT_LOGGED_IN, login and then retry it");
                forceLogin(value);
                byte[] digestKey2 = NativeP11SlotUtil.digestKey(value, i, mechanism, handle);
                this.sessions.requite(borrowSession);
                return digestKey2;
            }
        } catch (Throwable th) {
            this.sessions.requite(borrowSession);
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public byte[] sign(long j, P11Params p11Params, byte[] bArr, NativeP11Identity nativeP11Identity) throws TokenException {
        Args.notNull(bArr, "content");
        assertMechanismSupported(j);
        Mechanism mechanism = NativeP11SlotUtil.getMechanism(j, p11Params);
        long handle = nativeP11Identity.getId().getKeyId().getHandle();
        ConcurrentBagEntry<Session> borrowSession = borrowSession();
        Session value = borrowSession.value();
        try {
            try {
                byte[] sign0 = sign0(value, mechanism, bArr, handle);
                this.sessions.requite(borrowSession);
                return sign0;
            } catch (PKCS11Exception e) {
                if (e.getErrorCode() != 257) {
                    throw e;
                }
                LOG.info("sign ended with ERROR CKR_USER_NOT_LOGGED_IN, login and then retry it");
                forceLogin(value);
                byte[] sign02 = sign0(value, mechanism, bArr, handle);
                this.sessions.requite(borrowSession);
                return sign02;
            }
        } catch (Throwable th) {
            this.sessions.requite(borrowSession);
            throw th;
        }
    }

    private byte[] sign0(Session session, Mechanism mechanism, byte[] bArr, long j) throws PKCS11Exception {
        byte[] signFinal;
        int length = bArr.length;
        if (length <= this.maxMessageSize) {
            signFinal = singleSign(session, mechanism, bArr, j);
        } else {
            LOG.debug("sign (init, update, then finish)");
            session.signInit(mechanism, j);
            int i = 0;
            while (true) {
                int i2 = i;
                if (i2 >= length) {
                    break;
                }
                session.signUpdate(bArr, i2, Math.min(this.maxMessageSize, length - i2));
                i = i2 + this.maxMessageSize;
            }
            signFinal = session.signFinal();
        }
        return signFinal;
    }

    private byte[] singleSign(Session session, Mechanism mechanism, byte[] bArr, long j) throws PKCS11Exception {
        LOG.debug("single sign");
        session.signInit(mechanism, j);
        return session.sign(bArr);
    }

    private Session openSession() throws TokenException {
        Session openSession = this.slot.getToken().openSession(!isReadOnly());
        this.countSessions.incrementAndGet();
        return openSession;
    }

    private ConcurrentBagEntry<Session> borrowSession() throws TokenException {
        ConcurrentBagEntry<Session> concurrentBagEntry = null;
        synchronized (this.sessions) {
            if (this.countSessions.get() < this.maxSessionCount) {
                try {
                    concurrentBagEntry = this.sessions.borrow(1L, TimeUnit.NANOSECONDS);
                } catch (InterruptedException e) {
                }
                if (concurrentBagEntry == null) {
                    this.sessions.add(new ConcurrentBagEntry<>(openSession()));
                }
            }
        }
        if (concurrentBagEntry == null) {
            try {
                concurrentBagEntry = this.sessions.borrow(10000L, TimeUnit.MILLISECONDS);
            } catch (InterruptedException e2) {
            }
        }
        if (concurrentBagEntry == null) {
            throw new TokenException("no idle session");
        }
        login(concurrentBagEntry.value());
        return concurrentBagEntry;
    }

    private void firstLogin(Session session, List<char[]> list) throws TokenException {
        try {
            if (session.getToken().getTokenInfo().isProtectedAuthenticationPath() || CollectionUtil.isEmpty(list)) {
                LOG.info("verify on PKCS11Module with PROTECTED_AUTHENTICATION_PATH");
                NativeP11SlotUtil.singleLogin(session, this.userType, null);
            } else {
                LOG.info("verify on PKCS11Module with PIN");
                Iterator<char[]> it = list.iterator();
                while (it.hasNext()) {
                    NativeP11SlotUtil.singleLogin(session, this.userType, it.next());
                }
                this.password = list;
            }
        } catch (PKCS11Exception e) {
            if (e.getErrorCode() != 256) {
                throw e;
            }
        }
    }

    private void login(Session session) throws TokenException {
        boolean z;
        if (NativeP11SlotUtil.checkSessionLoggedIn(session, this.userType)) {
            return;
        }
        try {
            z = session.getToken().getTokenInfo().isLoginRequired();
        } catch (PKCS11Exception e) {
            LogUtil.error(LOG, e, "could not check isLoginRequired of token");
            z = true;
        }
        LOG.debug("loginRequired: {}", Boolean.valueOf(z));
        if (z) {
            if (CollectionUtil.isEmpty(this.password)) {
                NativeP11SlotUtil.singleLogin(session, this.userType, null);
                return;
            }
            Iterator<char[]> it = this.password.iterator();
            while (it.hasNext()) {
                NativeP11SlotUtil.singleLogin(session, this.userType, it.next());
            }
        }
    }

    private void forceLogin(Session session) throws TokenException {
        if (CollectionUtil.isEmpty(this.password)) {
            LOG.info("verify on PKCS11Module with NULL PIN");
            NativeP11SlotUtil.singleLogin(session, this.userType, null);
            return;
        }
        LOG.info("verify on PKCS11Module with PIN");
        Iterator<char[]> it = this.password.iterator();
        while (it.hasNext()) {
            NativeP11SlotUtil.singleLogin(session, this.userType, it.next());
        }
    }

    @Override // org.xipki.security.pkcs11.P11Slot
    public P11Identity getIdentity(P11IdentityId p11IdentityId) throws TokenException {
        ConcurrentBagEntry<Session> borrowSession = borrowSession();
        try {
            Session value = borrowSession.value();
            long handle = p11IdentityId.getKeyId().getHandle();
            AttributeVector attrValues = value.getAttrValues(handle, 0, 256);
            long longValue = attrValues.keyType().longValue();
            long longValue2 = attrValues.class_().longValue();
            NativeP11Identity nativeP11Identity = new NativeP11Identity(this, p11IdentityId);
            if (longValue2 != 3) {
                throw new IllegalStateException("unknown object class " + PKCS11Constants.ckoCodeToName(longValue2));
            }
            if (longValue == 0) {
                AttributeVector attrValues2 = value.getAttrValues(handle, 288, 290);
                nativeP11Identity.setRsaMParameters(attrValues2.modulus(), attrValues2.publicExponent());
            } else if (longValue == 1) {
                nativeP11Identity.setDsaQ(value.getBigIntAttrValue(handle, 305L));
            } else {
                if (longValue != 3 && longValue != 4294963201L && longValue != 64 && longValue != 65) {
                    throw new IllegalStateException("unknown key type " + PKCS11Constants.ckkCodeToName(longValue));
                }
                ASN1ObjectIdentifier detectCurveOid = detectCurveOid(value.getByteArrayAttrValue(handle, 384L));
                if (detectCurveOid == null && p11IdentityId.getPublicKeyHandle() != null) {
                    detectCurveOid = detectCurveOid(value.getByteArrayAttrValue(p11IdentityId.getPublicKeyHandle().longValue(), 384L));
                }
                if (detectCurveOid != null) {
                    nativeP11Identity.setEcParams(detectCurveOid);
                }
            }
            return nativeP11Identity;
        } finally {
            this.sessions.requite(borrowSession);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.xipki.security.pkcs11.P11Slot
    public PublicKey getPublicKey(P11Identity p11Identity) throws TokenException {
        long keyType;
        Session value;
        Long publicKeyHandle = p11Identity.getId().getPublicKeyHandle();
        if (publicKeyHandle == null) {
            return null;
        }
        ConcurrentBagEntry<Session> borrowSession = borrowSession();
        try {
            keyType = p11Identity.getKeyType();
            value = borrowSession.value();
        } catch (Throwable th) {
            this.sessions.requite(borrowSession);
            throw th;
        }
        if (keyType == 0) {
            RSAPublicKey buildRSAKey = NativeP11SlotUtil.buildRSAKey(p11Identity.getRsaModulus(), p11Identity.getRsaPublicExponent());
            this.sessions.requite(borrowSession);
            return buildRSAKey;
        }
        if (keyType == 1) {
            BigInteger dsaQ = p11Identity.getDsaQ();
            AttributeVector attrValues = value.getAttrValues(publicKeyHandle.longValue(), 304, 17, 306);
            try {
                DSAPublicKey generateDSAPublicKey = KeyUtil.generateDSAPublicKey(new DSAPublicKeySpec(new BigInteger(1, attrValues.value()), attrValues.prime(), dsaQ, attrValues.base()));
                this.sessions.requite(borrowSession);
                return generateDSAPublicKey;
            } catch (InvalidKeySpecException e) {
                throw new TokenException(e.getMessage(), e);
            }
        }
        if (keyType != 3 && keyType != 4294963201L && keyType != 64 && keyType != 65) {
            throw new TokenException("unknown key type " + PKCS11Constants.ckkCodeToName(keyType));
        }
        byte[] byteArrayAttrValue = value.getByteArrayAttrValue(publicKeyHandle.longValue(), 385L);
        ASN1ObjectIdentifier ecParams = p11Identity.getEcParams();
        byte[] octets = DEROctetString.getInstance(byteArrayAttrValue).getOctets();
        if (keyType != 64 && keyType != 65) {
            try {
                ECPublicKey createECPublicKey = KeyUtil.createECPublicKey(ecParams, octets);
                this.sessions.requite(borrowSession);
                return createECPublicKey;
            } catch (InvalidKeySpecException e2) {
                throw new TokenException(e2.getMessage(), e2);
            }
        }
        if (keyType == 64) {
            if (!EdECConstants.isEdwardsCurve(ecParams)) {
                throw new TokenException("unknown Edwards curve OID " + ecParams);
            }
        } else if (!EdECConstants.isMontgomeryCurve(ecParams)) {
            throw new TokenException("unknown Montgomery curve OID " + ecParams);
        }
        try {
            PublicKey generatePublicKey = KeyUtil.generatePublicKey(new SubjectPublicKeyInfo(new AlgorithmIdentifier(ecParams), octets));
            this.sessions.requite(borrowSession);
            return generatePublicKey;
        } catch (InvalidKeySpecException e3) {
            throw new TokenException(e3.getMessage(), e3);
        }
        this.sessions.requite(borrowSession);
        throw th;
    }

    @Override // org.xipki.security.pkcs11.P11Slot
    public boolean objectExistsByIdLabel(byte[] bArr, String str) throws TokenException {
        if ((bArr == null || bArr.length == 0) && StringUtil.isBlank(str)) {
            return false;
        }
        AttributeVector attributeVector = new AttributeVector();
        if (bArr != null && bArr.length > 0) {
            attributeVector.id(bArr);
        }
        if (!StringUtil.isBlank(str)) {
            attributeVector.label(str);
        }
        ConcurrentBagEntry<Session> borrowSession = borrowSession();
        try {
            return !NativeP11SlotUtil.getObjects(borrowSession.value(), attributeVector, 1).isEmpty();
        } finally {
            this.sessions.requite(borrowSession);
        }
    }

    @Override // org.xipki.security.pkcs11.P11Slot
    public int destroyAllObjects() {
        int i = 0;
        ConcurrentBagEntry<Session> concurrentBagEntry = null;
        try {
            try {
                concurrentBagEntry = borrowSession();
                Session value = concurrentBagEntry.value();
                Iterator<Long> it = NativeP11SlotUtil.getObjects(value, null, 9999).iterator();
                while (it.hasNext()) {
                    long longValue = it.next().longValue();
                    try {
                        value.destroyObject(longValue);
                        i++;
                    } catch (PKCS11Exception e) {
                        LOG.warn("error destroying object with handle " + longValue + ": " + e.getMessage());
                    }
                }
                if (concurrentBagEntry != null) {
                    this.sessions.requite(concurrentBagEntry);
                }
            } catch (TokenException e2) {
                LogUtil.warn(LOG, e2, "error destroyAllObjects()");
                if (concurrentBagEntry != null) {
                    this.sessions.requite(concurrentBagEntry);
                }
            }
            return i;
        } catch (Throwable th) {
            if (concurrentBagEntry != null) {
                this.sessions.requite(concurrentBagEntry);
            }
            throw th;
        }
    }

    @Override // org.xipki.security.pkcs11.P11Slot
    public long[] destroyObjectsByHandle(long[] jArr) {
        ConcurrentBagEntry<Session> concurrentBagEntry = null;
        ArrayList arrayList = new ArrayList(jArr.length);
        try {
            try {
                concurrentBagEntry = borrowSession();
                for (long j : jArr) {
                    try {
                        concurrentBagEntry.value().destroyObject(j);
                        arrayList.add(Long.valueOf(j));
                    } catch (PKCS11Exception e) {
                        LOG.warn("error destroying object with handle " + j + ": " + e.getMessage());
                    }
                }
                if (concurrentBagEntry != null) {
                    this.sessions.requite(concurrentBagEntry);
                }
            } catch (Throwable th) {
                if (concurrentBagEntry != null) {
                    this.sessions.requite(concurrentBagEntry);
                }
                throw th;
            }
        } catch (TokenException e2) {
            LogUtil.warn(LOG, e2, "error borrowSession()");
            if (concurrentBagEntry != null) {
                this.sessions.requite(concurrentBagEntry);
            }
        }
        if (jArr.length == arrayList.size()) {
            return new long[0];
        }
        long[] jArr2 = new long[jArr.length - arrayList.size()];
        int i = 0;
        for (long j2 : jArr) {
            if (!arrayList.contains(Long.valueOf(j2))) {
                int i2 = i;
                i++;
                jArr2[i2] = j2;
            }
        }
        return jArr2;
    }

    @Override // org.xipki.security.pkcs11.P11Slot
    public int destroyObjectsByIdLabel(byte[] bArr, String str) throws TokenException {
        if ((bArr == null || bArr.length == 0) && StringUtil.isBlank(str)) {
            throw new IllegalArgumentException("at least one of id and label may not be null");
        }
        AttributeVector attributeVector = new AttributeVector();
        if (bArr != null && bArr.length > 0) {
            attributeVector.id(bArr);
        }
        if (str != null && !str.isEmpty()) {
            attributeVector.label(str);
        }
        ConcurrentBagEntry<Session> borrowSession = borrowSession();
        try {
            int removeObjects0 = NativeP11SlotUtil.removeObjects0(borrowSession.value(), attributeVector, "objects " + getDescription(bArr, str));
            this.sessions.requite(borrowSession);
            return removeObjects0;
        } catch (Throwable th) {
            this.sessions.requite(borrowSession);
            throw th;
        }
    }

    @Override // org.xipki.security.pkcs11.P11Slot
    protected P11IdentityId doGenerateSecretKey(long j, Integer num, P11Slot.P11NewKeyControl p11NewKeyControl) throws TokenException {
        long j2;
        String label;
        if (num != null && num.intValue() % 8 != 0) {
            throw new IllegalArgumentException("keysize is not multiple of 8: " + num);
        }
        boolean z = true;
        if (31 == j) {
            j2 = 4224;
        } else if (21 == j) {
            j2 = 305;
            z = false;
        } else if (16 == j) {
            j2 = 848;
        } else {
            if (40 != j && 46 != j && 43 != j && 44 != j && 45 != j && 54 != j && 55 != j && 56 != j && 57 != j) {
                throw new IllegalArgumentException("unsupported key type 0x" + PKCS11Constants.codeToName(PKCS11Constants.Category.CKK, j));
            }
            j2 = 848;
        }
        assertMechanismSupported(j2);
        if (this.newObjectConf.isIgnoreLabel()) {
            if (p11NewKeyControl.getLabel() != null) {
                LOG.warn("label is set, but ignored: '{}'", p11NewKeyControl.getLabel());
            }
            label = null;
        } else {
            label = p11NewKeyControl.getLabel();
        }
        byte[] id = p11NewKeyControl.getId();
        AttributeVector newSecretKey = AttributeVector.newSecretKey(j);
        NativeP11SlotUtil.setKeyAttributes(p11NewKeyControl, newSecretKey, label);
        if (z) {
            if (num == null) {
                throw new IllegalArgumentException("keysize must not be null");
            }
            newSecretKey.valueLen(Integer.valueOf(num.intValue() / 8));
        }
        Mechanism mechanism = new Mechanism(j2);
        ConcurrentBagEntry<Session> borrowSession = borrowSession();
        try {
            Session value = borrowSession.value();
            if (label != null && labelExists(value, label)) {
                throw new IllegalArgumentException("label " + p11NewKeyControl.getLabel() + " exists, please specify another one");
            }
            if (id == null) {
                id = generateId(value);
            }
            newSecretKey.id(id);
            long generateKey = value.generateKey(mechanism, newSecretKey);
            P11IdentityId p11IdentityId = new P11IdentityId(this.slotId, new P11ObjectId(generateKey, 4L, j, id, value.getCkaLabel(generateKey)), null);
            this.sessions.requite(borrowSession);
            return p11IdentityId;
        } catch (Throwable th) {
            this.sessions.requite(borrowSession);
            throw th;
        }
    }

    @Override // org.xipki.security.pkcs11.P11Slot
    protected P11IdentityId doImportSecretKey(long j, byte[] bArr, P11Slot.P11NewKeyControl p11NewKeyControl) throws TokenException {
        String label;
        AttributeVector newSecretKey = AttributeVector.newSecretKey(j);
        if (this.newObjectConf.isIgnoreLabel()) {
            if (p11NewKeyControl.getLabel() != null) {
                LOG.warn("label is set, but ignored: '{}'", p11NewKeyControl.getLabel());
            }
            label = null;
        } else {
            label = p11NewKeyControl.getLabel();
        }
        NativeP11SlotUtil.setKeyAttributes(p11NewKeyControl, newSecretKey, label);
        newSecretKey.value(bArr);
        ConcurrentBagEntry<Session> borrowSession = borrowSession();
        try {
            Session value = borrowSession.value();
            if (label != null && labelExists(value, label)) {
                throw new IllegalArgumentException("label " + p11NewKeyControl.getLabel() + " exists, please specify another one");
            }
            byte[] id = p11NewKeyControl.getId();
            if (id == null) {
                id = generateId(value);
            }
            newSecretKey.id(id);
            long createObject = value.createObject(newSecretKey);
            try {
                label = value.getCkaLabel(createObject);
            } catch (PKCS11Exception e) {
            }
            P11IdentityId p11IdentityId = new P11IdentityId(this.slotId, new P11ObjectId(createObject, 4L, j, id, label), null);
            this.sessions.requite(borrowSession);
            return p11IdentityId;
        } catch (Throwable th) {
            this.sessions.requite(borrowSession);
            throw th;
        }
    }

    @Override // org.xipki.security.pkcs11.P11Slot
    protected P11IdentityId doGenerateRSAKeypair(int i, BigInteger bigInteger, P11Slot.P11NewKeyControl p11NewKeyControl) throws TokenException {
        KeyPairTemplate keyPairTemplate = new KeyPairTemplate(0L);
        keyPairTemplate.publicKey().modulusBits(Integer.valueOf(i));
        if (bigInteger != null) {
            keyPairTemplate.publicKey().publicExponent(bigInteger);
        }
        NativeP11SlotUtil.setKeyPairAttributes(p11NewKeyControl, keyPairTemplate, this.newObjectConf);
        return doGenerateKeyPair(this.rsaKeyPairGenMech, p11NewKeyControl.getId(), keyPairTemplate);
    }

    @Override // org.xipki.security.pkcs11.P11Slot
    protected PrivateKeyInfo doGenerateRSAKeypairOtf(int i, BigInteger bigInteger) throws TokenException {
        KeyPairTemplate keyPairTemplate = new KeyPairTemplate(0L);
        keyPairTemplate.publicKey().modulusBits(Integer.valueOf(i));
        if (bigInteger != null) {
            keyPairTemplate.publicKey().publicExponent(bigInteger);
        }
        setPrivateKeyAttrsOtf(keyPairTemplate.privateKey());
        long j = this.rsaKeyPairGenMech;
        ConcurrentBagEntry<Session> borrowSession = borrowSession();
        try {
            Session value = borrowSession.value();
            try {
                try {
                    PKCS11KeyPair generateKeyPair = value.generateKeyPair(new Mechanism(j), keyPairTemplate);
                    AttributeVector attrValues = value.getAttrValues(generateKeyPair.getPrivateKey(), 288, 290, 291, 292, 293, 294, 295, 296);
                    PrivateKeyInfo privateKeyInfo = new PrivateKeyInfo(ALGID_RSA, new RSAPrivateKey(attrValues.modulus(), attrValues.publicExponent(), attrValues.privateExponent(), attrValues.prime1(), attrValues.prime2(), attrValues.exponent1(), attrValues.exponent2(), attrValues.coefficient()));
                    destroyKeyPairQuietly(value, generateKeyPair);
                    this.sessions.requite(borrowSession);
                    return privateKeyInfo;
                } catch (Throwable th) {
                    destroyKeyPairQuietly(value, null);
                    throw th;
                }
            } catch (IOException | PKCS11Exception e) {
                throw new TokenException("could not generate keypair " + PKCS11Constants.ckmCodeToName(j), e);
            }
        } catch (Throwable th2) {
            this.sessions.requite(borrowSession);
            throw th2;
        }
    }

    @Override // org.xipki.security.pkcs11.P11Slot
    protected P11IdentityId doGenerateDSAKeypair(BigInteger bigInteger, BigInteger bigInteger2, BigInteger bigInteger3, P11Slot.P11NewKeyControl p11NewKeyControl) throws TokenException {
        KeyPairTemplate keyPairTemplate = new KeyPairTemplate(1L);
        keyPairTemplate.publicKey().prime(bigInteger).subprime(bigInteger2).base(bigInteger3);
        NativeP11SlotUtil.setKeyPairAttributes(p11NewKeyControl, keyPairTemplate, this.newObjectConf);
        return doGenerateKeyPair(16L, p11NewKeyControl.getId(), keyPairTemplate);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.xipki.security.pkcs11.P11Slot
    public PrivateKeyInfo generateDSAKeypairOtf0(BigInteger bigInteger, BigInteger bigInteger2, BigInteger bigInteger3) throws TokenException {
        KeyPairTemplate keyPairTemplate = new KeyPairTemplate(1L);
        setPrivateKeyAttrsOtf(keyPairTemplate.privateKey());
        keyPairTemplate.publicKey().prime(bigInteger).subprime(bigInteger2).base(bigInteger3);
        ConcurrentBagEntry<Session> borrowSession = borrowSession();
        try {
            Session value = borrowSession.value();
            PKCS11KeyPair pKCS11KeyPair = null;
            try {
                try {
                    AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(X9ObjectIdentifiers.id_dsa, new DSAParameter(bigInteger, bigInteger2, bigInteger3));
                    pKCS11KeyPair = value.generateKeyPair(new Mechanism(16L), keyPairTemplate);
                    long privateKey = pKCS11KeyPair.getPrivateKey();
                    BigInteger bigIntAttrValue = value.getBigIntAttrValue(pKCS11KeyPair.getPublicKey(), 17L);
                    PrivateKeyInfo privateKeyInfo = new PrivateKeyInfo(algorithmIdentifier, new ASN1Integer(value.getBigIntAttrValue(privateKey, 17L)), (ASN1Set) null, new ASN1Integer(bigIntAttrValue).getEncoded());
                    destroyKeyPairQuietly(value, pKCS11KeyPair);
                    this.sessions.requite(borrowSession);
                    return privateKeyInfo;
                } catch (IOException | PKCS11Exception e) {
                    throw new TokenException("could not generate keypair " + PKCS11Constants.ckmCodeToName(16L), e);
                }
            } catch (Throwable th) {
                destroyKeyPairQuietly(value, pKCS11KeyPair);
                throw th;
            }
        } catch (Throwable th2) {
            this.sessions.requite(borrowSession);
            throw th2;
        }
    }

    @Override // org.xipki.security.pkcs11.P11Slot
    protected P11IdentityId doGenerateECEdwardsKeypair(ASN1ObjectIdentifier aSN1ObjectIdentifier, P11Slot.P11NewKeyControl p11NewKeyControl) throws TokenException {
        KeyPairTemplate keyPairTemplate = new KeyPairTemplate(64L);
        NativeP11SlotUtil.setKeyPairAttributes(p11NewKeyControl, keyPairTemplate, this.newObjectConf);
        try {
            keyPairTemplate.publicKey().ecParams(aSN1ObjectIdentifier.getEncoded());
            return doGenerateKeyPair(PKCS11Constants.CKM_EC_EDWARDS_KEY_PAIR_GEN, p11NewKeyControl.getId(), keyPairTemplate);
        } catch (IOException e) {
            throw new TokenException(e.getMessage(), e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.xipki.security.pkcs11.P11Slot
    public PrivateKeyInfo doGenerateECEdwardsKeypairOtf(ASN1ObjectIdentifier aSN1ObjectIdentifier) throws TokenException {
        return doGenerateECKeypairOtf(64L, PKCS11Constants.CKM_EC_EDWARDS_KEY_PAIR_GEN, aSN1ObjectIdentifier);
    }

    @Override // org.xipki.security.pkcs11.P11Slot
    protected P11IdentityId doGenerateECMontgomeryKeypair(ASN1ObjectIdentifier aSN1ObjectIdentifier, P11Slot.P11NewKeyControl p11NewKeyControl) throws TokenException {
        KeyPairTemplate keyPairTemplate = new KeyPairTemplate(65L);
        NativeP11SlotUtil.setKeyPairAttributes(p11NewKeyControl, keyPairTemplate, this.newObjectConf);
        try {
            keyPairTemplate.publicKey().ecParams(aSN1ObjectIdentifier.getEncoded());
            return doGenerateKeyPair(PKCS11Constants.CKM_EC_MONTGOMERY_KEY_PAIR_GEN, p11NewKeyControl.getId(), keyPairTemplate);
        } catch (IOException e) {
            throw new TokenException(e.getMessage(), e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.xipki.security.pkcs11.P11Slot
    public PrivateKeyInfo doGenerateECMontgomeryKeypairOtf(ASN1ObjectIdentifier aSN1ObjectIdentifier) throws TokenException {
        return doGenerateECKeypairOtf(65L, PKCS11Constants.CKM_EC_MONTGOMERY_KEY_PAIR_GEN, aSN1ObjectIdentifier);
    }

    @Override // org.xipki.security.pkcs11.P11Slot
    protected P11IdentityId doGenerateECKeypair(ASN1ObjectIdentifier aSN1ObjectIdentifier, P11Slot.P11NewKeyControl p11NewKeyControl) throws TokenException {
        KeyPairTemplate keyPairTemplate = new KeyPairTemplate(3L);
        NativeP11SlotUtil.setKeyPairAttributes(p11NewKeyControl, keyPairTemplate, this.newObjectConf);
        try {
            keyPairTemplate.publicKey().ecParams(aSN1ObjectIdentifier.getEncoded());
            return doGenerateKeyPair(4160L, p11NewKeyControl.getId(), keyPairTemplate);
        } catch (IOException e) {
            throw new TokenException(e.getMessage(), e);
        }
    }

    @Override // org.xipki.security.pkcs11.P11Slot
    protected PrivateKeyInfo doGenerateECKeypairOtf(ASN1ObjectIdentifier aSN1ObjectIdentifier) throws TokenException {
        return doGenerateECKeypairOtf(3L, 4160L, aSN1ObjectIdentifier);
    }

    /* JADX WARN: Failed to calculate best type for var: r19v0 ??
    java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.calculateFromBounds(FixTypesVisitor.java:156)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.setBestType(FixTypesVisitor.java:133)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.deduceType(FixTypesVisitor.java:238)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.tryDeduceTypes(FixTypesVisitor.java:221)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.visit(FixTypesVisitor.java:91)
     */
    /* JADX WARN: Failed to calculate best type for var: r19v0 ??
    java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.calculateFromBounds(TypeInferenceVisitor.java:145)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.setBestType(TypeInferenceVisitor.java:123)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.lambda$runTypePropagation$2(TypeInferenceVisitor.java:101)
    	at java.base/java.util.ArrayList.forEach(ArrayList.java:1596)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.runTypePropagation(TypeInferenceVisitor.java:101)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.visit(TypeInferenceVisitor.java:75)
     */
    /* JADX WARN: Failed to calculate best type for var: r20v0 ??
    java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.calculateFromBounds(FixTypesVisitor.java:156)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.setBestType(FixTypesVisitor.java:133)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.deduceType(FixTypesVisitor.java:238)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.tryDeduceTypes(FixTypesVisitor.java:221)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.visit(FixTypesVisitor.java:91)
     */
    /* JADX WARN: Failed to calculate best type for var: r20v0 ??
    java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.calculateFromBounds(TypeInferenceVisitor.java:145)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.setBestType(TypeInferenceVisitor.java:123)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.lambda$runTypePropagation$2(TypeInferenceVisitor.java:101)
    	at java.base/java.util.ArrayList.forEach(ArrayList.java:1596)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.runTypePropagation(TypeInferenceVisitor.java:101)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.visit(TypeInferenceVisitor.java:75)
     */
    /* JADX WARN: Multi-variable type inference failed. Error: java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.applyWithWiderIgnSame(TypeUpdate.java:70)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.applyResolvedVars(TypeSearch.java:100)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.run(TypeSearch.java:76)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.runMultiVariableSearch(FixTypesVisitor.java:116)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.visit(FixTypesVisitor.java:91)
     */
    /* JADX WARN: Not initialized variable reg: 19, insn: 0x0170: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r19 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) A[TRY_LEAVE], block:B:39:0x0170 */
    /* JADX WARN: Not initialized variable reg: 20, insn: 0x0172: MOVE (r1 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r20 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]), block:B:40:0x0172 */
    private PrivateKeyInfo doGenerateECKeypairOtf(long j, long j2, ASN1ObjectIdentifier aSN1ObjectIdentifier) throws TokenException {
        Session session;
        PKCS11KeyPair pKCS11KeyPair;
        if (j == 4294963201L && !GMObjectIdentifiers.sm2p256v1.equals(aSN1ObjectIdentifier)) {
            throw new TokenException("keyType and curveId do not match.");
        }
        KeyPairTemplate keyPairTemplate = new KeyPairTemplate(j);
        setPrivateKeyAttrsOtf(keyPairTemplate.privateKey());
        try {
            keyPairTemplate.publicKey().ecParams(aSN1ObjectIdentifier.getEncoded());
            ConcurrentBagEntry<Session> borrowSession = borrowSession();
            try {
                try {
                    Session value = borrowSession.value();
                    try {
                        PKCS11KeyPair generateKeyPair = value.generateKeyPair(new Mechanism(j2), keyPairTemplate);
                        byte[] octets = DEROctetString.getInstance(value.getByteArrayAttrValue(generateKeyPair.getPublicKey(), 385L)).getOctets();
                        byte[] byteArrayAttrValue = value.getByteArrayAttrValue(generateKeyPair.getPrivateKey(), 17L);
                        if (64 == j || 65 == j) {
                            PrivateKeyInfo privateKeyInfo = new PrivateKeyInfo(new AlgorithmIdentifier(aSN1ObjectIdentifier), new DEROctetString(byteArrayAttrValue), (ASN1Set) null, octets);
                            destroyKeyPairQuietly(value, generateKeyPair);
                            this.sessions.requite(borrowSession);
                            return privateKeyInfo;
                        }
                        AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(X9ObjectIdentifiers.id_ecPublicKey, aSN1ObjectIdentifier);
                        if (octets[0] != 4) {
                            throw new TokenException("EcPoint does not start with 0x04");
                        }
                        PrivateKeyInfo privateKeyInfo2 = new PrivateKeyInfo(algorithmIdentifier, new ECPrivateKey(((octets.length - 1) / 2) * 8, new BigInteger(1, byteArrayAttrValue), new DERBitString(octets), (ASN1Encodable) null));
                        destroyKeyPairQuietly(value, generateKeyPair);
                        this.sessions.requite(borrowSession);
                        return privateKeyInfo2;
                    } catch (IOException | PKCS11Exception e) {
                        throw new TokenException("could not generate keypair " + PKCS11Constants.ckmCodeToName(j2), e);
                    }
                } catch (Throwable th) {
                    destroyKeyPairQuietly(session, pKCS11KeyPair);
                    throw th;
                }
            } catch (Throwable th2) {
                this.sessions.requite(borrowSession);
                throw th2;
            }
        } catch (IOException e2) {
            throw new TokenException(e2.getMessage(), e2);
        }
    }

    @Override // org.xipki.security.pkcs11.P11Slot
    protected P11IdentityId doGenerateSM2Keypair(P11Slot.P11NewKeyControl p11NewKeyControl) throws TokenException {
        if (!supportsMechanism(4294963201L)) {
            return doGenerateECKeypair(GMObjectIdentifiers.sm2p256v1, p11NewKeyControl);
        }
        KeyPairTemplate keyPairTemplate = new KeyPairTemplate(4294963201L);
        keyPairTemplate.publicKey().ecParams(Hex.decode("06082A811CCF5501822D"));
        NativeP11SlotUtil.setKeyPairAttributes(p11NewKeyControl, keyPairTemplate, this.newObjectConf);
        return doGenerateKeyPair(4294963201L, p11NewKeyControl.getId(), keyPairTemplate);
    }

    @Override // org.xipki.security.pkcs11.P11Slot
    protected PrivateKeyInfo doGenerateSM2KeypairOtf() throws TokenException {
        return supportsMechanism(4294963201L) ? doGenerateECKeypairOtf(4294963201L, 4294963201L, GMObjectIdentifiers.sm2p256v1) : doGenerateECKeypairOtf(GMObjectIdentifiers.sm2p256v1);
    }

    private P11IdentityId doGenerateKeyPair(long j, byte[] bArr, KeyPairTemplate keyPairTemplate) throws TokenException {
        long longValue = keyPairTemplate.privateKey().keyType().longValue();
        String label = keyPairTemplate.privateKey().label();
        try {
            ConcurrentBagEntry<Session> borrowSession = borrowSession();
            try {
                Session value = borrowSession.value();
                if (label != null && labelExists(value, label)) {
                    throw new IllegalArgumentException("label " + label + " exists, please specify another one");
                }
                if (bArr == null) {
                    bArr = generateId(value);
                }
                keyPairTemplate.id(bArr);
                try {
                    PKCS11KeyPair generateKeyPair = value.generateKeyPair(new Mechanism(j), keyPairTemplate);
                    P11IdentityId p11IdentityId = new P11IdentityId(this.slotId, new P11ObjectId(generateKeyPair.getPrivateKey(), 3L, longValue, bArr, label), Long.valueOf(generateKeyPair.getPublicKey()));
                    this.sessions.requite(borrowSession);
                    if (1 == 0 && bArr != null) {
                        try {
                            destroyObjectsByIdLabel(bArr, label);
                        } catch (Throwable th) {
                            LogUtil.error(LOG, th, "could not remove objects");
                        }
                    }
                    return p11IdentityId;
                } catch (PKCS11Exception e) {
                    throw new TokenException("could not generate keypair " + PKCS11Constants.ckmCodeToName(j), e);
                }
            } catch (Throwable th2) {
                this.sessions.requite(borrowSession);
                throw th2;
            }
        } catch (Throwable th3) {
            if (0 == 0 && bArr != null) {
                try {
                    destroyObjectsByIdLabel(bArr, label);
                } catch (Throwable th4) {
                    LogUtil.error(LOG, th4, "could not remove objects");
                }
            }
            throw th3;
        }
    }

    @Override // org.xipki.security.pkcs11.P11Slot
    public P11IdentityId getIdentityId(byte[] bArr, String str) throws TokenException {
        AttributeVector attrValues;
        if ((bArr == null || bArr.length == 0) && StringUtil.isBlank(str)) {
            return null;
        }
        ConcurrentBagEntry<Session> borrowSession = borrowSession();
        try {
            Session value = borrowSession.value();
            if (bArr != null) {
                AttributeVector id = new AttributeVector().id(bArr);
                if (str != null) {
                    id.label(str);
                }
                long j = 3;
                List<Long> objects = NativeP11SlotUtil.getObjects(value, id.class_(3L), 2);
                if (objects.isEmpty()) {
                    j = 4;
                    objects = NativeP11SlotUtil.getObjects(value, id.class_(4L), 2);
                }
                if (objects.isEmpty()) {
                    this.sessions.requite(borrowSession);
                    return null;
                }
                if (objects.size() > 1) {
                    throw new TokenException("found more than 1 " + PKCS11Constants.ckoCodeToName(j).substring(4) + " with " + getDescription(bArr, str));
                }
                long longValue = objects.get(0).longValue();
                if (str == null) {
                    attrValues = value.getAttrValues(longValue, 256, 3);
                    str = attrValues.label();
                } else {
                    attrValues = value.getAttrValues(longValue, 256);
                }
                P11ObjectId p11ObjectId = new P11ObjectId(longValue, j, attrValues.keyType().longValue(), bArr, str);
                Long l = null;
                if (j == 3) {
                    List<Long> objects2 = NativeP11SlotUtil.getObjects(value, AttributeVector.newPublicKey().id(bArr), 2);
                    if (objects2.isEmpty()) {
                        LOG.warn("found no public key with ID {}.", hex(bArr));
                    } else if (objects2.size() > 1) {
                        LOG.warn("found more than 1 public key with ID {}, ignore them", hex(bArr));
                    } else {
                        l = objects2.get(0);
                    }
                }
                P11IdentityId p11IdentityId = new P11IdentityId(this.slotId, p11ObjectId, l);
                this.sessions.requite(borrowSession);
                return p11IdentityId;
            }
            AttributeVector label = new AttributeVector().label(str);
            long j2 = 3;
            List<Long> objects3 = NativeP11SlotUtil.getObjects(value, label.class_(3L), 2);
            if (objects3.isEmpty()) {
                j2 = 4;
                objects3 = NativeP11SlotUtil.getObjects(value, label.class_(4L), 2);
            }
            if (objects3.isEmpty()) {
                return null;
            }
            if (objects3.size() > 1) {
                throw new TokenException("found more than 1 " + PKCS11Constants.ckkCodeToName(j2).substring(4) + " with label=" + str);
            }
            long longValue2 = objects3.get(0).longValue();
            AttributeVector attrValues2 = value.getAttrValues(longValue2, 258, 256);
            long longValue3 = attrValues2.keyType().longValue();
            byte[] id2 = attrValues2.id();
            P11ObjectId p11ObjectId2 = new P11ObjectId(longValue2, j2, longValue3, id2, str);
            Long l2 = null;
            if (j2 == 3) {
                if (id2 == null) {
                    List<Long> objects4 = NativeP11SlotUtil.getObjects(value, AttributeVector.newPublicKey().label(str), 2);
                    if (objects4.size() > 1) {
                        LOG.warn("found more than 1 public key with label={}, ignore them", str);
                    } else if (objects4.size() == 1) {
                        l2 = objects4.get(0);
                    }
                } else {
                    List<Long> objects5 = NativeP11SlotUtil.getObjects(value, AttributeVector.newPublicKey().id(id2), 2);
                    if (objects5.size() > 1) {
                        LOG.warn("found more than 1 public key with id={}, ignore them", Hex.encode(id2));
                    } else if (objects5.size() == 1) {
                        l2 = objects5.get(0);
                    }
                }
            }
            P11IdentityId p11IdentityId2 = new P11IdentityId(this.slotId, p11ObjectId2, l2);
            this.sessions.requite(borrowSession);
            return p11IdentityId2;
        } finally {
            this.sessions.requite(borrowSession);
        }
    }

    /* JADX WARN: Finally extract failed */
    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r10v0, types: [org.xipki.pkcs11.wrapper.PKCS11Exception] */
    /* JADX WARN: Type inference failed for: r10v2 */
    /* JADX WARN: Type inference failed for: r10v3, types: [org.xipki.util.concurrent.ConcurrentBagEntry] */
    @Override // org.xipki.security.pkcs11.P11Slot
    public void showDetails(OutputStream outputStream, boolean z) throws IOException {
        String str;
        String str2;
        long[] findObjects;
        String str3;
        try {
            str = this.slot.getToken().getTokenInfo().toString("  ");
        } catch (PKCS11Exception e) {
            str = "  ERROR";
        }
        try {
            str2 = this.slot.getSlotInfo().toString("  ");
        } catch (PKCS11Exception e2) {
            e = e2;
            str2 = "  ERROR";
        }
        outputStream.write(("\nToken information:\n" + str).getBytes(StandardCharsets.UTF_8));
        outputStream.write(("\n\nSlot information:\n" + str2).getBytes(StandardCharsets.UTF_8));
        outputStream.write(10);
        if (z) {
            printSupportedMechanism(outputStream);
        }
        outputStream.write("\nList of objects:\n".getBytes(StandardCharsets.UTF_8));
        try {
            try {
                e = borrowSession();
                try {
                    Session session = (Session) e.value();
                    session.findObjectsInit(null);
                    LinkedList linkedList = new LinkedList();
                    do {
                        try {
                            findObjects = session.findObjects(10);
                            for (long j : findObjects) {
                                linkedList.add(Long.valueOf(j));
                            }
                        } catch (Throwable th) {
                            session.findObjectsFinal();
                            throw th;
                        }
                    } while (findObjects.length >= 10);
                    session.findObjectsFinal();
                    int i = 0;
                    Iterator it = linkedList.iterator();
                    while (it.hasNext()) {
                        long longValue = ((Long) it.next()).longValue();
                        try {
                            i++;
                            str3 = formatNumber(i, 3) + ". " + objectToString(session, longValue);
                        } catch (Exception e3) {
                            str3 = formatNumber(i, 3) + ". Error reading object with handle " + longValue;
                            LOG.debug(str3, (Throwable) e3);
                        }
                        outputStream.write(("  " + str3 + "\n").getBytes(StandardCharsets.UTF_8));
                        if (i % 10 == 0) {
                            outputStream.flush();
                        }
                    }
                    this.sessions.requite(e);
                } catch (PKCS11Exception e4) {
                    String str4 = "error finding objects: " + e4.getMessage();
                    outputStream.write(str4.getBytes(StandardCharsets.UTF_8));
                    LogUtil.warn(LOG, e4, str4);
                    this.sessions.requite(e);
                }
                outputStream.flush();
            } catch (TokenException e5) {
                throw new RuntimeException(e5);
            }
        } catch (Throwable th2) {
            this.sessions.requite(e);
            throw th2;
        }
    }

    private String objectToString(Session session, long j) throws PKCS11Exception {
        int intValue;
        AttributeVector attrValues = session.getAttrValues(j, 258, 3, 0);
        long longValue = attrValues.class_().longValue();
        byte[] id = attrValues.id();
        String label = attrValues.label();
        String str = null;
        if (longValue == 3 || longValue == 2 || longValue == 4) {
            long longValue2 = session.getCkaKeyType(j).longValue();
            if (longValue == 4) {
                if (longValue2 == 21) {
                    intValue = 24;
                } else {
                    Integer intAttrValue = session.getIntAttrValue(j, 353L);
                    intValue = intAttrValue == null ? 0 : intAttrValue.intValue();
                }
                str = PKCS11Constants.ckkCodeToName(longValue2).substring(4) + "/" + (intValue * 8);
            } else if (longValue2 == 0) {
                BigInteger bigIntAttrValue = session.getBigIntAttrValue(j, 288L);
                str = "RSA/" + (bigIntAttrValue == null ? "<N/A>" : Integer.valueOf(bigIntAttrValue.bitLength()));
            } else if (longValue2 == 3 || longValue2 == 64 || longValue2 == 65) {
                byte[] byteArrayAttrValue = session.getByteArrayAttrValue(j, 384L);
                String str2 = null;
                if (byteArrayAttrValue == null) {
                    str2 = "<N/A>";
                } else {
                    ASN1ObjectIdentifier detectCurveOid = detectCurveOid(byteArrayAttrValue);
                    if (detectCurveOid != null) {
                        str2 = AlgorithmUtil.getCurveName(detectCurveOid);
                        if (str2 == null) {
                            str2 = detectCurveOid.getId();
                        }
                    }
                    if (str2 == null) {
                        str2 = "0x" + hex(byteArrayAttrValue);
                    }
                }
                str = PKCS11Constants.ckkCodeToName(longValue2).substring(4) + "/" + str2;
            } else if (longValue2 == 4294963201L) {
                str = "SM2";
            } else if (longValue2 == 1) {
                BigInteger bigIntAttrValue2 = session.getBigIntAttrValue(j, 304L);
                str = "DSA/" + (bigIntAttrValue2 == null ? 0 : bigIntAttrValue2.bitLength());
            } else {
                str = PKCS11Constants.ckkCodeToName(longValue2).substring(4);
            }
        }
        String str3 = "handle=" + j + ", id=" + (id == null ? "<N/A>" : hex(id)) + ", label=" + (label == null ? "<N/A>" : label) + ", " + PKCS11Constants.ckoCodeToName(longValue).substring(4);
        if (str != null) {
            str3 = str3 + ": " + str;
        }
        return str3;
    }

    private byte[] generateId(Session session) throws TokenException {
        byte[] bArr;
        do {
            bArr = new byte[this.newObjectConf.getIdLength()];
            this.random.nextBytes(bArr);
        } while (!CollectionUtil.isEmpty(NativeP11SlotUtil.getObjects(session, new AttributeVector().id(bArr), 1)));
        return bArr;
    }

    private boolean labelExists(Session session, String str) throws TokenException {
        Args.notNull(str, "keyLabel");
        return !CollectionUtil.isEmpty(NativeP11SlotUtil.getObjects(session, new AttributeVector().label(str), 1));
    }

    private static void setPrivateKeyAttrsOtf(AttributeVector attributeVector) {
        attributeVector.sensitive(false).extractable(true).token(false);
    }

    private static void destroyKeyPairQuietly(Session session, PKCS11KeyPair pKCS11KeyPair) {
        if (pKCS11KeyPair != null) {
            try {
                session.destroyObject(pKCS11KeyPair.getPrivateKey());
            } catch (PKCS11Exception e) {
                LogUtil.warn(LOG, e, "error destroying private key " + pKCS11KeyPair.getPrivateKey());
            }
            try {
                session.destroyObject(pKCS11KeyPair.getPublicKey());
            } catch (PKCS11Exception e2) {
                LogUtil.warn(LOG, e2, "error destroying public key " + pKCS11KeyPair.getPublicKey());
            }
        }
    }

    private static ASN1ObjectIdentifier detectCurveOid(byte[] bArr) {
        if (bArr[0] != 6 || (255 & bArr[1]) != bArr.length - 2) {
            return null;
        }
        try {
            return ASN1ObjectIdentifier.getInstance(bArr);
        } catch (Exception e) {
            return null;
        }
    }
}
