package org.xipki.security.pkcs11.emulator;

import iaik.pkcs.pkcs11.wrapper.Functions;
import iaik.pkcs.pkcs11.wrapper.PKCS11Constants;
import java.io.File;
import java.io.FilenameFilter;
import java.io.IOException;
import java.io.InputStream;
import java.math.BigInteger;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.interfaces.DSAPublicKey;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.DSAPublicKeySpec;
import java.security.spec.ECParameterSpec;
import java.security.spec.ECPoint;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.RSAPublicKeySpec;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.Properties;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.gm.GMObjectIdentifiers;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.asn1.x9.ECNamedCurveTable;
import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
import org.bouncycastle.crypto.params.DSAParameters;
import org.bouncycastle.jcajce.interfaces.EdDSAKey;
import org.bouncycastle.jcajce.interfaces.XDHKey;
import org.bouncycastle.jcajce.provider.asymmetric.util.EC5Util;
import org.bouncycastle.jcajce.provider.asymmetric.util.ECUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.xipki.security.EdECConstants;
import org.xipki.security.HashAlgo;
import org.xipki.security.X509Cert;
import org.xipki.security.pkcs11.P11Identity;
import org.xipki.security.pkcs11.P11IdentityId;
import org.xipki.security.pkcs11.P11ModuleConf;
import org.xipki.security.pkcs11.P11ObjectIdentifier;
import org.xipki.security.pkcs11.P11Slot;
import org.xipki.security.pkcs11.P11SlotIdentifier;
import org.xipki.security.pkcs11.P11TokenException;
import org.xipki.security.pkcs11.P11UnknownEntityException;
import org.xipki.security.util.KeyUtil;
import org.xipki.security.util.X509Util;
import org.xipki.util.Args;
import org.xipki.util.IoUtil;
import org.xipki.util.LogUtil;
import org.xipki.util.StringUtil;

/* loaded from: input_file:WEB-INF/lib/security-extra-5.3.13.jar:org/xipki/security/pkcs11/emulator/EmulatorP11Slot.class */
class EmulatorP11Slot extends P11Slot {
    private static final String FILE_SLOTINFO = "slot.info";
    private static final String PROP_NAMED_CURVE_SUPPORTED = "namedCurveSupported";
    private static final String DIR_PRIV_KEY = "privkey";
    private static final String DIR_PUB_KEY = "pubkey";
    private static final String DIR_SEC_KEY = "seckey";
    private static final String DIR_CERT = "cert";
    private static final String INFO_FILE_SUFFIX = ".info";
    private static final String VALUE_FILE_SUFFIX = ".value";
    private static final String PROP_ID = "id";
    private static final String PROP_LABEL = "label";
    private static final String PROP_SHA1SUM = "sha1";
    private static final String PROP_ALGO = "algo";
    private static final String PROP_ALGORITHM = "algorithm";
    private static final String PROP_RSA_MODUS = "modus";
    private static final String PROP_RSA_PUBLIC_EXPONENT = "publicExponent";
    private static final String PROP_DSA_PRIME = "prime";
    private static final String PROP_DSA_SUBPRIME = "subprime";
    private static final String PROP_DSA_BASE = "base";
    private static final String PROP_DSA_VALUE = "value";
    private static final String PROP_EC_ECDSA_PARAMS = "ecdsaParams";
    private static final String PROP_EC_EC_POINT = "ecPoint";
    private final boolean namedCurveSupported;
    private final File slotDir;
    private final File privKeyDir;
    private final File pubKeyDir;
    private final File secKeyDir;
    private final File certDir;
    private final char[] password;
    private final KeyCryptor keyCryptor;
    private final SecureRandom random;
    private final int maxSessions;
    private final P11ModuleConf.P11NewObjectConf newObjectConf;
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) EmulatorP11Slot.class);
    private static final long[] supportedMechs = {16, 0, 4160, PKCS11Constants.CKM_EC_EDWARDS_KEY_PAIR_GEN, PKCS11Constants.CKM_EC_MONTGOMERY_KEY_PAIR_GEN, 848, 544, 597, 592, 608, 624, 693, 688, 704, 720, 545, 598, 593, 609, 625, 694, 689, 705, 721, 3, 1, 6, 70, 64, 65, 66, 102, 96, 97, 98, 13, 14, 71, 67, 68, 69, 103, 99, 100, 101, 17, 18, 19, 20, 21, 22, 24, 25, 26, 27, PKCS11Constants.CKM_ECDSA, PKCS11Constants.CKM_ECDSA_SHA1, PKCS11Constants.CKM_ECDSA_SHA224, PKCS11Constants.CKM_ECDSA_SHA256, PKCS11Constants.CKM_ECDSA_SHA384, PKCS11Constants.CKM_ECDSA_SHA512, PKCS11Constants.CKM_ECDSA_SHA3_224, PKCS11Constants.CKM_ECDSA_SHA3_256, PKCS11Constants.CKM_ECDSA_SHA3_384, PKCS11Constants.CKM_ECDSA_SHA3_512, PKCS11Constants.CKM_EDDSA, PKCS11Constants.CKM_VENDOR_SM2_KEY_PAIR_GEN, PKCS11Constants.CKM_VENDOR_SM2_SM3, PKCS11Constants.CKM_VENDOR_SM2};
    private static final FilenameFilter INFO_FILENAME_FILTER = new InfoFilenameFilter();

    /* loaded from: input_file:WEB-INF/lib/security-extra-5.3.13.jar:org/xipki/security/pkcs11/emulator/EmulatorP11Slot$InfoFilenameFilter.class */
    private static class InfoFilenameFilter implements FilenameFilter {
        private InfoFilenameFilter() {
        }

        @Override // java.io.FilenameFilter
        public boolean accept(File file, String str) {
            return str.endsWith(EmulatorP11Slot.INFO_FILE_SUFFIX);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public EmulatorP11Slot(String str, File file, P11SlotIdentifier p11SlotIdentifier, boolean z, char[] cArr, KeyCryptor keyCryptor, P11ModuleConf.P11MechanismFilter p11MechanismFilter, P11ModuleConf.P11NewObjectConf p11NewObjectConf, int i) throws P11TokenException {
        super(str, p11SlotIdentifier, z, p11MechanismFilter);
        this.random = new SecureRandom();
        this.newObjectConf = (P11ModuleConf.P11NewObjectConf) Args.notNull(p11NewObjectConf, "newObjectConf");
        this.slotDir = (File) Args.notNull(file, "slotDir");
        this.password = (char[]) Args.notNull(cArr, "password");
        this.keyCryptor = (KeyCryptor) Args.notNull(keyCryptor, "privateKeyCryptor");
        this.maxSessions = Args.positive(i, "maxSessions");
        this.privKeyDir = new File(file, DIR_PRIV_KEY);
        if (!this.privKeyDir.exists()) {
            this.privKeyDir.mkdirs();
        }
        this.pubKeyDir = new File(file, DIR_PUB_KEY);
        if (!this.pubKeyDir.exists()) {
            this.pubKeyDir.mkdirs();
        }
        this.secKeyDir = new File(file, DIR_SEC_KEY);
        if (!this.secKeyDir.exists()) {
            this.secKeyDir.mkdirs();
        }
        this.certDir = new File(file, DIR_CERT);
        if (!this.certDir.exists()) {
            this.certDir.mkdirs();
        }
        File file2 = new File(file, FILE_SLOTINFO);
        if (file2.exists()) {
            this.namedCurveSupported = Boolean.parseBoolean(loadProperties(file2).getProperty(PROP_NAMED_CURVE_SUPPORTED, "true"));
        } else {
            this.namedCurveSupported = true;
        }
        refresh();
    }

    @Override // org.xipki.security.pkcs11.P11Slot
    protected P11Slot.P11SlotRefreshResult refresh0() throws P11TokenException {
        P11Slot.P11SlotRefreshResult p11SlotRefreshResult = new P11Slot.P11SlotRefreshResult();
        for (long j : supportedMechs) {
            p11SlotRefreshResult.addMechanism(j);
        }
        File[] listFiles = this.secKeyDir.listFiles(INFO_FILENAME_FILTER);
        if (listFiles != null && listFiles.length != 0) {
            for (File file : listFiles) {
                byte[] keyIdFromInfoFilename = getKeyIdFromInfoFilename(file.getName());
                String hex = hex(keyIdFromInfoFilename);
                try {
                    Properties loadProperties = loadProperties(file);
                    String property = loadProperties.getProperty(PROP_LABEL);
                    String property2 = loadProperties.getProperty(PROP_ALGO);
                    P11ObjectIdentifier p11ObjectIdentifier = new P11ObjectIdentifier(keyIdFromInfoFilename, property);
                    EmulatorP11Identity emulatorP11Identity = new EmulatorP11Identity(this, new P11IdentityId(this.slotId, p11ObjectIdentifier, null, null), new SecretKeySpec(this.keyCryptor.decrypt(IoUtil.read(new File(this.secKeyDir, hex + VALUE_FILE_SUFFIX))), property2), this.maxSessions, this.random);
                    LOG.info("added PKCS#11 secret key {}", p11ObjectIdentifier);
                    p11SlotRefreshResult.addIdentity(emulatorP11Identity);
                } catch (ClassCastException e) {
                    LogUtil.warn(LOG, e, "InvalidKeyException while initializing key with key-id " + hex);
                } catch (Throwable th) {
                    LOG.error("unexpected exception while initializing key with key-id " + hex, th);
                }
            }
        }
        File[] listFiles2 = this.certDir.listFiles(INFO_FILENAME_FILTER);
        if (listFiles2 != null) {
            for (File file2 : listFiles2) {
                byte[] keyIdFromInfoFilename2 = getKeyIdFromInfoFilename(file2.getName());
                P11ObjectIdentifier p11ObjectIdentifier2 = new P11ObjectIdentifier(keyIdFromInfoFilename2, loadProperties(file2).getProperty(PROP_LABEL));
                try {
                    p11SlotRefreshResult.addCertificate(p11ObjectIdentifier2, readCertificate(keyIdFromInfoFilename2));
                } catch (IOException | CertificateException e2) {
                    LOG.warn("could not parse certificate " + p11ObjectIdentifier2);
                }
            }
        }
        File[] listFiles3 = this.privKeyDir.listFiles(INFO_FILENAME_FILTER);
        if (listFiles3 != null && listFiles3.length != 0) {
            for (File file3 : listFiles3) {
                byte[] keyIdFromInfoFilename3 = getKeyIdFromInfoFilename(file3.getName());
                String hex2 = hex(keyIdFromInfoFilename3);
                try {
                    String property3 = loadProperties(file3).getProperty(PROP_LABEL);
                    if (property3 != null) {
                        P11ObjectIdentifier p11ObjectIdentifier3 = new P11ObjectIdentifier(keyIdFromInfoFilename3, property3);
                        X509Cert certForId = p11SlotRefreshResult.getCertForId(keyIdFromInfoFilename3);
                        PublicKey readPublicKey = certForId == null ? readPublicKey(keyIdFromInfoFilename3) : certForId.getPublicKey();
                        if (readPublicKey == null) {
                            LOG.warn("Neither public key nor certificate is associated with private key {}", p11ObjectIdentifier3);
                        } else {
                            EmulatorP11Identity emulatorP11Identity2 = new EmulatorP11Identity(this, new P11IdentityId(this.slotId, p11ObjectIdentifier3, property3, property3), this.keyCryptor.decryptPrivateKey(IoUtil.read(new File(this.privKeyDir, hex2 + VALUE_FILE_SUFFIX))), readPublicKey, certForId == null ? null : new X509Cert[]{certForId}, this.maxSessions, this.random);
                            LOG.info("added PKCS#11 key {}", p11ObjectIdentifier3);
                            p11SlotRefreshResult.addIdentity(emulatorP11Identity2);
                        }
                    }
                } catch (InvalidKeyException e3) {
                    LogUtil.warn(LOG, e3, "InvalidKeyException while initializing key with key-id " + hex2);
                } catch (Throwable th2) {
                    LOG.error("unexpected exception while initializing key with key-id " + hex2, th2);
                }
            }
        }
        return p11SlotRefreshResult;
    }

    File slotDir() {
        return this.slotDir;
    }

    private PublicKey readPublicKey(byte[] bArr) throws P11TokenException {
        Properties loadProperties = loadProperties(new File(this.pubKeyDir, hex(bArr) + INFO_FILE_SUFFIX));
        String property = loadProperties.getProperty(PROP_ALGORITHM);
        if (PKCSObjectIdentifiers.rsaEncryption.getId().equals(property)) {
            try {
                return KeyUtil.generateRSAPublicKey(new RSAPublicKeySpec(new BigInteger(loadProperties.getProperty(PROP_RSA_MODUS), 16), new BigInteger(loadProperties.getProperty(PROP_RSA_PUBLIC_EXPONENT), 16)));
            } catch (InvalidKeySpecException e) {
                throw new P11TokenException(e.getMessage(), e);
            }
        }
        if (X9ObjectIdentifiers.id_dsa.getId().equals(property)) {
            try {
                return KeyUtil.generateDSAPublicKey(new DSAPublicKeySpec(new BigInteger(loadProperties.getProperty(PROP_DSA_VALUE), 16), new BigInteger(loadProperties.getProperty(PROP_DSA_PRIME), 16), new BigInteger(loadProperties.getProperty(PROP_DSA_SUBPRIME), 16), new BigInteger(loadProperties.getProperty(PROP_DSA_BASE), 16)));
            } catch (InvalidKeySpecException e2) {
                throw new P11TokenException(e2.getMessage(), e2);
            }
        }
        if (X9ObjectIdentifiers.id_ecPublicKey.getId().equals(property)) {
            try {
                return KeyUtil.createECPublicKey(decodeHex(loadProperties.getProperty(PROP_EC_ECDSA_PARAMS)), DEROctetString.getInstance(decodeHex(loadProperties.getProperty(PROP_EC_EC_POINT))).getOctets());
            } catch (InvalidKeySpecException e3) {
                throw new P11TokenException(e3.getMessage(), e3);
            }
        }
        if (!EdECConstants.id_X25519.getId().equals(property) && !EdECConstants.id_ED25519.getId().equals(property) && !EdECConstants.id_X448.getId().equals(property) && !EdECConstants.id_ED448.getId().equals(property)) {
            throw new P11TokenException("unknown key algorithm " + property);
        }
        try {
            return KeyUtil.generatePublicKey(new SubjectPublicKeyInfo(new AlgorithmIdentifier(new ASN1ObjectIdentifier(property)), decodeHex(loadProperties.getProperty(PROP_EC_EC_POINT))));
        } catch (InvalidKeySpecException e4) {
            throw new P11TokenException("error  key algorithm " + property);
        }
    }

    private X509Cert readCertificate(byte[] bArr) throws CertificateException, IOException {
        return X509Util.parseCert(IoUtil.read(new File(this.certDir, hex(bArr) + VALUE_FILE_SUFFIX)));
    }

    private Properties loadProperties(File file) throws P11TokenException {
        try {
            InputStream newInputStream = Files.newInputStream(file.toPath(), new OpenOption[0]);
            Throwable th = null;
            try {
                try {
                    Properties properties = new Properties();
                    properties.load(newInputStream);
                    if (newInputStream != null) {
                        if (0 != 0) {
                            try {
                                newInputStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            newInputStream.close();
                        }
                    }
                    return properties;
                } finally {
                }
            } finally {
            }
        } catch (IOException e) {
            throw new P11TokenException("could not load properties from the file " + file.getPath(), e);
        }
    }

    private static byte[] getKeyIdFromInfoFilename(String str) {
        return decodeHex(str.substring(0, str.length() - INFO_FILE_SUFFIX.length()));
    }

    @Override // org.xipki.security.pkcs11.P11Slot, java.io.Closeable, java.lang.AutoCloseable
    public void close() {
        LOG.info("close slot " + this.slotId);
    }

    private boolean removePkcs11Cert(P11ObjectIdentifier p11ObjectIdentifier) throws P11TokenException {
        return removePkcs11Entry(this.certDir, p11ObjectIdentifier);
    }

    private boolean removePkcs11Entry(File file, P11ObjectIdentifier p11ObjectIdentifier) throws P11TokenException {
        byte[] id = p11ObjectIdentifier.getId();
        String label = p11ObjectIdentifier.getLabel();
        if (id != null) {
            File file2 = new File(file, hex(id) + INFO_FILE_SUFFIX);
            if (file2.exists()) {
                return StringUtil.isBlank(label) ? deletePkcs11Entry(file, id) : label.equals(loadProperties(file2).getProperty(PROP_LABEL)) && deletePkcs11Entry(file, id);
            }
            return false;
        }
        boolean z = false;
        File[] listFiles = file.listFiles(INFO_FILENAME_FILTER);
        if (listFiles != null) {
            for (File file3 : listFiles) {
                if (file3.isFile() && label.equals(loadProperties(file3).getProperty(PROP_LABEL)) && deletePkcs11Entry(file, getKeyIdFromInfoFilename(file3.getName()))) {
                    z = true;
                }
            }
        }
        return z;
    }

    private static boolean deletePkcs11Entry(File file, byte[] bArr) {
        String hex = hex(bArr);
        File file2 = new File(file, hex + INFO_FILE_SUFFIX);
        boolean z = true;
        if (file2.exists()) {
            z = file2.delete();
        }
        File file3 = new File(file, hex + VALUE_FILE_SUFFIX);
        boolean z2 = true;
        if (file3.exists()) {
            z2 = file3.delete();
        }
        return z || z2;
    }

    private int deletePkcs11Entry(File file, byte[] bArr, String str) throws P11TokenException {
        if (StringUtil.isBlank(str)) {
            return deletePkcs11Entry(file, bArr) ? 1 : 0;
        }
        if (bArr != null && bArr.length > 0) {
            File file2 = new File(file, hex(bArr) + INFO_FILE_SUFFIX);
            return (file2.exists() && str.equals(loadProperties(file2).get(PROP_LABEL)) && deletePkcs11Entry(file, bArr)) ? 1 : 0;
        }
        File[] listFiles = file.listFiles(INFO_FILENAME_FILTER);
        if (listFiles == null || listFiles.length == 0) {
            return 0;
        }
        LinkedList linkedList = new LinkedList();
        for (File file3 : listFiles) {
            if (str.equals(loadProperties(file3).getProperty(PROP_LABEL))) {
                linkedList.add(getKeyIdFromInfoFilename(file3.getName()));
            }
        }
        if (linkedList.isEmpty()) {
            return 0;
        }
        Iterator it = linkedList.iterator();
        while (it.hasNext()) {
            deletePkcs11Entry(file, (byte[]) it.next());
        }
        return linkedList.size();
    }

    private String savePkcs11SecretKey(byte[] bArr, String str, SecretKey secretKey) throws P11TokenException {
        savePkcs11Entry(this.secKeyDir, bArr, str, secretKey.getAlgorithm(), this.keyCryptor.encrypt(secretKey));
        return str;
    }

    private String savePkcs11PrivateKey(byte[] bArr, String str, PrivateKey privateKey) throws P11TokenException {
        savePkcs11Entry(this.privKeyDir, bArr, str, privateKey.getAlgorithm(), this.keyCryptor.encrypt(privateKey));
        return str;
    }

    private String savePkcs11PublicKey(byte[] bArr, String str, PublicKey publicKey) throws P11TokenException {
        String hex = hex(bArr);
        StringBuilder sb = new StringBuilder(100);
        sb.append(PROP_ID).append('=').append(hex).append('\n');
        sb.append(PROP_LABEL).append('=').append(str).append('\n');
        if (publicKey instanceof RSAPublicKey) {
            sb.append(PROP_ALGORITHM).append('=').append(PKCSObjectIdentifiers.rsaEncryption.getId()).append('\n');
            RSAPublicKey rSAPublicKey = (RSAPublicKey) publicKey;
            sb.append(PROP_RSA_MODUS).append('=').append(hex(rSAPublicKey.getModulus().toByteArray())).append('\n');
            sb.append(PROP_RSA_PUBLIC_EXPONENT).append('=').append(hex(rSAPublicKey.getPublicExponent().toByteArray())).append('\n');
        } else if (publicKey instanceof DSAPublicKey) {
            sb.append(PROP_ALGORITHM).append('=').append(X9ObjectIdentifiers.id_dsa.getId()).append('\n');
            DSAPublicKey dSAPublicKey = (DSAPublicKey) publicKey;
            sb.append(PROP_DSA_PRIME).append('=').append(hex(dSAPublicKey.getParams().getP().toByteArray())).append('\n');
            sb.append(PROP_DSA_SUBPRIME).append('=').append(hex(dSAPublicKey.getParams().getQ().toByteArray())).append('\n');
            sb.append(PROP_DSA_BASE).append('=').append(hex(dSAPublicKey.getParams().getG().toByteArray())).append('\n');
            sb.append(PROP_DSA_VALUE).append('=').append(hex(dSAPublicKey.getY().toByteArray())).append('\n');
        } else if (publicKey instanceof ECPublicKey) {
            sb.append(PROP_ALGORITHM).append('=').append(X9ObjectIdentifiers.id_ecPublicKey.getId()).append('\n');
            ECPublicKey eCPublicKey = (ECPublicKey) publicKey;
            ECParameterSpec params = eCPublicKey.getParams();
            ASN1ObjectIdentifier namedCurveOid = ECUtil.getNamedCurveOid(EC5Util.convertSpec(params));
            if (namedCurveOid == null) {
                throw new P11TokenException("EC public key is not of namedCurve");
            }
            try {
                sb.append(PROP_EC_ECDSA_PARAMS).append('=').append(hex(this.namedCurveSupported ? namedCurveOid.getEncoded() : ECNamedCurveTable.getByOID(namedCurveOid).getEncoded())).append('\n');
                ECPoint w = eCPublicKey.getW();
                int bitLength = (params.getOrder().bitLength() + 7) / 8;
                byte[] bArr2 = new byte[1 + (bitLength * 2)];
                bArr2[0] = 4;
                bigIntToBytes("Wx", w.getAffineX(), bArr2, 1, bitLength);
                bigIntToBytes("Wy", w.getAffineY(), bArr2, 1 + bitLength, bitLength);
                try {
                    sb.append(PROP_EC_EC_POINT).append('=').append(hex(new DEROctetString(bArr2).getEncoded())).append('\n');
                } catch (IOException e) {
                    throw new P11TokenException("could not ASN.1 encode the ECPoint");
                }
            } catch (IOException | NullPointerException e2) {
                throw new P11TokenException(e2.getMessage(), e2);
            }
        } else {
            if (!(publicKey instanceof EdDSAKey) && !(publicKey instanceof XDHKey)) {
                throw new IllegalArgumentException("unsupported public key " + publicKey.getClass().getName());
            }
            String algorithm = publicKey.getAlgorithm();
            ASN1ObjectIdentifier curveOid = EdECConstants.getCurveOid(algorithm);
            if (curveOid == null) {
                throw new P11TokenException("Invalid EdDSA key algorithm " + algorithm);
            }
            sb.append(PROP_ALGORITHM).append('=').append(curveOid.getId()).append('\n');
            try {
                sb.append(PROP_EC_ECDSA_PARAMS).append('=').append(hex(curveOid.getEncoded())).append('\n');
                sb.append(PROP_EC_EC_POINT).append('=').append(hex(SubjectPublicKeyInfo.getInstance(publicKey.getEncoded()).getPublicKeyData().getOctets())).append('\n');
            } catch (IOException | NullPointerException e3) {
                throw new P11TokenException(e3.getMessage(), e3);
            }
        }
        try {
            IoUtil.save(new File(this.pubKeyDir, hex + INFO_FILE_SUFFIX), StringUtil.toUtf8Bytes(sb.toString()));
            return str;
        } catch (IOException e4) {
            throw new P11TokenException(e4.getMessage(), e4);
        }
    }

    private static void bigIntToBytes(String str, BigInteger bigInteger, byte[] bArr, int i, int i2) throws P11TokenException {
        if (bigInteger.signum() != 1) {
            throw new P11TokenException(str + " is not positive");
        }
        byte[] byteArray = bigInteger.toByteArray();
        if (byteArray.length == i2) {
            System.arraycopy(byteArray, 0, bArr, i, i2);
        } else if (byteArray.length < i2) {
            System.arraycopy(byteArray, 0, bArr, (i + i2) - byteArray.length, byteArray.length);
        } else {
            System.arraycopy(byteArray, byteArray.length - i2, bArr, i, i2);
        }
    }

    private void savePkcs11Cert(byte[] bArr, String str, X509Cert x509Cert) throws P11TokenException {
        savePkcs11Entry(this.certDir, bArr, str, null, x509Cert.getEncoded());
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r5v1, types: [byte[], byte[][]] */
    private void savePkcs11Entry(File file, byte[] bArr, String str, String str2, byte[] bArr2) throws P11TokenException {
        Args.notNull(file, "dir");
        Args.notNull(bArr, PROP_ID);
        Args.notBlank(str, PROP_LABEL);
        Args.notNull(bArr2, PROP_DSA_VALUE);
        String hex = hex(bArr);
        String concat = StringUtil.concat(PROP_ID, "=", hex, "\n", PROP_LABEL, "=", str, "\n");
        if (str2 != null) {
            concat = StringUtil.concat(concat, PROP_ALGO, "=", str2, "\n");
        }
        try {
            IoUtil.save(new File(file, hex + INFO_FILE_SUFFIX), StringUtil.toUtf8Bytes(StringUtil.concat(concat, PROP_SHA1SUM, "=", HashAlgo.SHA1.hexHash(new byte[]{bArr2}), "\n")));
            IoUtil.save(new File(file, hex + VALUE_FILE_SUFFIX), bArr2);
        } catch (IOException e) {
            throw new P11TokenException("could not save certificate");
        }
    }

    @Override // org.xipki.security.pkcs11.P11Slot
    public int removeObjects(byte[] bArr, String str) throws P11TokenException {
        if ((bArr == null || bArr.length == 0) && StringUtil.isBlank(str)) {
            throw new IllegalArgumentException("at least one of id and label may not be null");
        }
        return deletePkcs11Entry(this.privKeyDir, bArr, str) + deletePkcs11Entry(this.pubKeyDir, bArr, str) + deletePkcs11Entry(this.certDir, bArr, str) + deletePkcs11Entry(this.secKeyDir, bArr, str);
    }

    @Override // org.xipki.security.pkcs11.P11Slot
    protected void removeIdentity0(P11IdentityId p11IdentityId) throws P11TokenException {
        P11ObjectIdentifier keyId = p11IdentityId.getKeyId();
        boolean z = true;
        if (p11IdentityId.getCertId() != null) {
            z = removePkcs11Entry(this.certDir, p11IdentityId.getCertId());
        }
        boolean removePkcs11Entry = removePkcs11Entry(this.privKeyDir, keyId);
        boolean z2 = true;
        if (p11IdentityId.getPublicKeyId() != null) {
            z2 = removePkcs11Entry(this.pubKeyDir, p11IdentityId.getPublicKeyId());
        }
        boolean removePkcs11Entry2 = removePkcs11Entry(this.secKeyDir, keyId);
        if (!z && !removePkcs11Entry && !z2 && !removePkcs11Entry2) {
            throw new P11UnknownEntityException(this.slotId, keyId);
        }
    }

    @Override // org.xipki.security.pkcs11.P11Slot
    protected void removeCerts0(P11ObjectIdentifier p11ObjectIdentifier) throws P11TokenException {
        deletePkcs11Entry(this.certDir, p11ObjectIdentifier.getId());
    }

    @Override // org.xipki.security.pkcs11.P11Slot
    protected P11ObjectIdentifier addCert0(X509Cert x509Cert, P11Slot.P11NewObjectControl p11NewObjectControl) throws P11TokenException, CertificateException {
        byte[] id = p11NewObjectControl.getId();
        if (id == null) {
            id = generateId();
        }
        String label = p11NewObjectControl.getLabel();
        savePkcs11Cert(id, label, x509Cert);
        return new P11ObjectIdentifier(id, label);
    }

    @Override // org.xipki.security.pkcs11.P11Slot
    protected P11Identity generateSecretKey0(long j, int i, P11Slot.P11NewKeyControl p11NewKeyControl) throws P11TokenException {
        long j2;
        if (i % 8 != 0) {
            throw new IllegalArgumentException("keysize is not multiple of 8: " + i);
        }
        if (31 == j) {
            j2 = 4224;
        } else if (21 == j) {
            j2 = 305;
        } else if (16 == j) {
            j2 = 848;
        } else {
            if (40 != j && 46 != j && 43 != j && 44 != j && 45 != j && 54 != j && 55 != j && 56 != j && 57 != j) {
                throw new IllegalArgumentException("unsupported key type 0x" + Functions.toFullHex((int) j));
            }
            j2 = 848;
        }
        assertMechanismSupported(j2);
        byte[] bArr = new byte[i / 8];
        this.random.nextBytes(bArr);
        return saveP11Entity(new SecretKeySpec(bArr, getSecretKeyAlgorithm(j)), p11NewKeyControl);
    }

    @Override // org.xipki.security.pkcs11.P11Slot
    protected P11Identity importSecretKey0(long j, byte[] bArr, P11Slot.P11NewKeyControl p11NewKeyControl) throws P11TokenException {
        return saveP11Entity(new SecretKeySpec(bArr, getSecretKeyAlgorithm(j)), p11NewKeyControl);
    }

    private static String getSecretKeyAlgorithm(long j) {
        String str;
        if (16 == j) {
            str = "generic";
        } else if (31 == j) {
            str = "AES";
        } else if (40 == j) {
            str = "HMACSHA1";
        } else if (46 == j) {
            str = "HMACSHA224";
        } else if (43 == j) {
            str = "HMACSHA256";
        } else if (44 == j) {
            str = "HMACSHA384";
        } else if (45 == j) {
            str = "HMACSHA512";
        } else if (54 == j) {
            str = "HMACSHA3-224";
        } else if (55 == j) {
            str = "HMACSHA3-256";
        } else if (56 == j) {
            str = "HMACSHA3-384";
        } else {
            if (57 != j) {
                throw new IllegalArgumentException("unsupported keyType " + j);
            }
            str = "HMACSHA3-512";
        }
        return str;
    }

    @Override // org.xipki.security.pkcs11.P11Slot
    protected P11Identity generateRSAKeypair0(int i, BigInteger bigInteger, P11Slot.P11NewKeyControl p11NewKeyControl) throws P11TokenException {
        try {
            return saveP11Entity(KeyUtil.generateRSAKeypair(i, bigInteger, this.random), p11NewKeyControl);
        } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException | NoSuchProviderException e) {
            throw new P11TokenException(e.getMessage(), e);
        }
    }

    @Override // org.xipki.security.pkcs11.P11Slot
    protected P11Identity generateDSAKeypair0(BigInteger bigInteger, BigInteger bigInteger2, BigInteger bigInteger3, P11Slot.P11NewKeyControl p11NewKeyControl) throws P11TokenException {
        try {
            return saveP11Entity(KeyUtil.generateDSAKeypair(new DSAParameters(bigInteger, bigInteger2, bigInteger3), this.random), p11NewKeyControl);
        } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException | NoSuchProviderException e) {
            throw new P11TokenException(e.getMessage(), e);
        }
    }

    @Override // org.xipki.security.pkcs11.P11Slot
    protected P11Identity generateSM2Keypair0(P11Slot.P11NewKeyControl p11NewKeyControl) throws P11TokenException {
        return generateECKeypair0(GMObjectIdentifiers.sm2p256v1, p11NewKeyControl);
    }

    @Override // org.xipki.security.pkcs11.P11Slot
    protected P11Identity generateECEdwardsKeypair0(ASN1ObjectIdentifier aSN1ObjectIdentifier, P11Slot.P11NewKeyControl p11NewKeyControl) throws P11TokenException {
        try {
            if (EdECConstants.isEdwardsCurve(aSN1ObjectIdentifier)) {
                return saveP11Entity(KeyUtil.generateEdECKeypair(aSN1ObjectIdentifier, this.random), p11NewKeyControl);
            }
            throw new P11TokenException("unknown curve  " + aSN1ObjectIdentifier.getId());
        } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException | NoSuchProviderException e) {
            throw new P11TokenException(e.getMessage(), e);
        }
    }

    @Override // org.xipki.security.pkcs11.P11Slot
    protected P11Identity generateECMontgomeryKeypair0(ASN1ObjectIdentifier aSN1ObjectIdentifier, P11Slot.P11NewKeyControl p11NewKeyControl) throws P11TokenException {
        try {
            if (EdECConstants.isMontgomeryCurve(aSN1ObjectIdentifier)) {
                return saveP11Entity(KeyUtil.generateEdECKeypair(aSN1ObjectIdentifier, this.random), p11NewKeyControl);
            }
            throw new P11TokenException("unknown curve  " + aSN1ObjectIdentifier.getId());
        } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException | NoSuchProviderException e) {
            throw new P11TokenException(e.getMessage(), e);
        }
    }

    @Override // org.xipki.security.pkcs11.P11Slot
    protected P11Identity generateECKeypair0(ASN1ObjectIdentifier aSN1ObjectIdentifier, P11Slot.P11NewKeyControl p11NewKeyControl) throws P11TokenException {
        try {
            return saveP11Entity(KeyUtil.generateECKeypair(aSN1ObjectIdentifier, this.random), p11NewKeyControl);
        } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException | NoSuchProviderException e) {
            throw new P11TokenException(e.getMessage(), e);
        }
    }

    private P11Identity saveP11Entity(KeyPair keyPair, P11Slot.P11NewObjectControl p11NewObjectControl) throws P11TokenException {
        byte[] id = p11NewObjectControl.getId();
        if (id == null) {
            id = generateId();
        }
        String label = p11NewObjectControl.getLabel();
        long currentTimeMillis = System.currentTimeMillis();
        String savePkcs11PrivateKey = savePkcs11PrivateKey(id, label, keyPair.getPrivate());
        long currentTimeMillis2 = System.currentTimeMillis();
        String savePkcs11PublicKey = savePkcs11PublicKey(id, label, keyPair.getPublic());
        long currentTimeMillis3 = System.currentTimeMillis();
        P11IdentityId p11IdentityId = new P11IdentityId(this.slotId, new P11ObjectIdentifier(id, savePkcs11PrivateKey), savePkcs11PublicKey, null);
        long currentTimeMillis4 = System.currentTimeMillis();
        try {
            EmulatorP11Identity emulatorP11Identity = new EmulatorP11Identity(this, p11IdentityId, keyPair.getPrivate(), keyPair.getPublic(), null, this.maxSessions, this.random);
            LOG.info("duration: t1: {}ms t2: {}ms t3 {}ms t4 {}ms t5", Long.valueOf(currentTimeMillis2 - currentTimeMillis), Long.valueOf(currentTimeMillis3 - currentTimeMillis2), Long.valueOf(currentTimeMillis4 - currentTimeMillis3), Long.valueOf(System.currentTimeMillis() - currentTimeMillis4));
            return emulatorP11Identity;
        } catch (InvalidKeyException | NoSuchAlgorithmException | NoSuchProviderException e) {
            throw new P11TokenException("could not construct KeyStoreP11Identity: " + e.getMessage(), e);
        }
    }

    private P11Identity saveP11Entity(SecretKey secretKey, P11Slot.P11NewObjectControl p11NewObjectControl) throws P11TokenException {
        byte[] id = p11NewObjectControl.getId();
        if (id == null) {
            id = generateId();
        }
        String label = p11NewObjectControl.getLabel();
        savePkcs11SecretKey(id, label, secretKey);
        return new EmulatorP11Identity(this, new P11IdentityId(this.slotId, new P11ObjectIdentifier(id, label), null, null), secretKey, this.maxSessions, this.random);
    }

    @Override // org.xipki.security.pkcs11.P11Slot
    protected void updateCertificate0(P11ObjectIdentifier p11ObjectIdentifier, X509Cert x509Cert) throws P11TokenException, CertificateException {
        removePkcs11Cert(p11ObjectIdentifier);
        savePkcs11Cert(p11ObjectIdentifier.getId(), p11ObjectIdentifier.getLabel(), x509Cert);
    }

    private byte[] generateId() {
        byte[] bArr;
        do {
            bArr = new byte[this.newObjectConf.getIdLength()];
            this.random.nextBytes(bArr);
        } while (existsIdentityForId(bArr) || existsCertForId(bArr));
        return bArr;
    }
}
