package org.xipki.security.pkcs11;

import iaik.pkcs.pkcs11.wrapper.Functions;
import iaik.pkcs.pkcs11.wrapper.PKCS11Constants;
import java.io.Closeable;
import java.io.IOException;
import java.io.OutputStream;
import java.math.BigInteger;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.interfaces.DSAPublicKey;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.DSAParameterSpec;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.xipki.security.EdECConstants;
import org.xipki.security.HashAlgo;
import org.xipki.security.X509Cert;
import org.xipki.security.pkcs11.P11ModuleConf;
import org.xipki.security.util.AlgorithmUtil;
import org.xipki.security.util.DSAParameterCache;
import org.xipki.security.util.KeyUtil;
import org.xipki.security.util.X509Util;
import org.xipki.util.Args;
import org.xipki.util.Hex;
import org.xipki.util.StringUtil;

/* loaded from: input_file:WEB-INF/lib/security-5.3.15.jar:org/xipki/security/pkcs11/P11Slot.class */
public abstract class P11Slot implements Closeable {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) P11Slot.class);
    protected final String moduleName;
    protected final P11SlotIdentifier slotId;
    private final boolean readOnly;
    private final SecureRandom random = new SecureRandom();
    private final ConcurrentHashMap<P11ObjectIdentifier, P11Identity> identities = new ConcurrentHashMap<>();
    private final ConcurrentHashMap<P11ObjectIdentifier, X509Cert> certificates = new ConcurrentHashMap<>();
    private final Set<Long> mechanisms = new HashSet();
    private final P11ModuleConf.P11MechanismFilter mechanismFilter;
    protected final Integer numSessions;
    protected final List<Long> secretKeyTypes;
    protected final List<Long> keyPairTypes;

    /* loaded from: input_file:WEB-INF/lib/security-5.3.15.jar:org/xipki/security/pkcs11/P11Slot$P11KeyUsage.class */
    public enum P11KeyUsage {
        DECRYPT,
        DERIVE,
        SIGN,
        SIGN_RECOVER,
        UNWRAP
    }

    /* loaded from: input_file:WEB-INF/lib/security-5.3.15.jar:org/xipki/security/pkcs11/P11Slot$P11NewKeyControl.class */
    public static class P11NewKeyControl extends P11NewObjectControl {
        private Boolean extractable;
        private Boolean sensitive;
        private Set<P11KeyUsage> usages;

        public P11NewKeyControl(byte[] bArr, String str) {
            super(bArr, str);
        }

        public Boolean getExtractable() {
            return this.extractable;
        }

        public void setExtractable(Boolean bool) {
            this.extractable = bool;
        }

        public Boolean getSensitive() {
            return this.sensitive;
        }

        public void setSensitive(Boolean bool) {
            this.sensitive = bool;
        }

        public Set<P11KeyUsage> getUsages() {
            if (this.usages == null) {
                this.usages = new HashSet();
            }
            return this.usages;
        }

        public void setUsages(Set<P11KeyUsage> set) {
            this.usages = set;
        }
    }

    /* loaded from: input_file:WEB-INF/lib/security-5.3.15.jar:org/xipki/security/pkcs11/P11Slot$P11NewObjectControl.class */
    public static class P11NewObjectControl {
        private final byte[] id;
        private final String label;

        public P11NewObjectControl(byte[] bArr, String str) {
            this.id = bArr;
            this.label = Args.notBlank(str, "label");
        }

        public byte[] getId() {
            return this.id;
        }

        public String getLabel() {
            return this.label;
        }
    }

    /* loaded from: input_file:WEB-INF/lib/security-5.3.15.jar:org/xipki/security/pkcs11/P11Slot$P11SlotRefreshResult.class */
    public static class P11SlotRefreshResult {
        private final Map<P11ObjectIdentifier, P11Identity> identities = new HashMap();
        private final Map<P11ObjectIdentifier, X509Cert> certificates = new HashMap();
        private final Set<Long> mechanisms = new HashSet();

        public Map<P11ObjectIdentifier, P11Identity> getIdentities() {
            return this.identities;
        }

        public Map<P11ObjectIdentifier, X509Cert> getCertificates() {
            return this.certificates;
        }

        public Set<Long> getMechanisms() {
            return this.mechanisms;
        }

        public void addIdentity(P11Identity p11Identity) {
            Args.notNull(p11Identity, "identity");
            this.identities.put(p11Identity.getId().getKeyId(), p11Identity);
        }

        public void addMechanism(long j) {
            this.mechanisms.add(Long.valueOf(j));
        }

        public void addCertificate(P11ObjectIdentifier p11ObjectIdentifier, X509Cert x509Cert) {
            Args.notNull(p11ObjectIdentifier, "objectId");
            Args.notNull(x509Cert, "certificate");
            this.certificates.put(p11ObjectIdentifier, x509Cert);
        }

        public X509Cert getCertForId(byte[] bArr) {
            for (Map.Entry<P11ObjectIdentifier, X509Cert> entry : this.certificates.entrySet()) {
                if (entry.getKey().matchesId(bArr)) {
                    return entry.getValue();
                }
            }
            return null;
        }

        public String getCertLabelForId(byte[] bArr) {
            for (P11ObjectIdentifier p11ObjectIdentifier : this.certificates.keySet()) {
                if (p11ObjectIdentifier.matchesId(bArr)) {
                    return p11ObjectIdentifier.getLabel();
                }
            }
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public P11Slot(String str, P11SlotIdentifier p11SlotIdentifier, boolean z, P11ModuleConf.P11MechanismFilter p11MechanismFilter, Integer num, List<Long> list, List<Long> list2) throws P11TokenException {
        this.mechanismFilter = (P11ModuleConf.P11MechanismFilter) Args.notNull(p11MechanismFilter, "mechanismFilter");
        this.moduleName = Args.notBlank(str, "moduleName");
        this.slotId = (P11SlotIdentifier) Args.notNull(p11SlotIdentifier, "slotId");
        this.readOnly = z;
        this.numSessions = num;
        this.secretKeyTypes = list;
        this.keyPairTypes = list2;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static String hex(byte[] bArr) {
        return Hex.encode(bArr);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static byte[] decodeHex(String str) {
        return Hex.decode(str);
    }

    public static String getDescription(byte[] bArr, char[] cArr) {
        String[] strArr = new String[3];
        strArr[0] = bArr == null ? "null" : hex(bArr);
        strArr[1] = " and label ";
        strArr[2] = cArr == null ? "null" : new String(cArr);
        return StringUtil.concat("id ", strArr);
    }

    public static String getDescription(byte[] bArr, String str) {
        String[] strArr = new String[3];
        strArr[0] = bArr == null ? "null" : hex(bArr);
        strArr[1] = " and label ";
        strArr[2] = str;
        return StringUtil.concat("id ", strArr);
    }

    protected abstract void updateCertificate0(P11ObjectIdentifier p11ObjectIdentifier, X509Cert x509Cert) throws P11TokenException, CertificateException;

    protected abstract void removeIdentity0(P11IdentityId p11IdentityId) throws P11TokenException;

    protected abstract P11ObjectIdentifier addCert0(X509Cert x509Cert, P11NewObjectControl p11NewObjectControl) throws P11TokenException, CertificateException;

    protected abstract P11Identity generateSecretKey0(long j, int i, P11NewKeyControl p11NewKeyControl) throws P11TokenException;

    protected abstract P11Identity importSecretKey0(long j, byte[] bArr, P11NewKeyControl p11NewKeyControl) throws P11TokenException;

    protected abstract P11Identity generateDSAKeypair0(BigInteger bigInteger, BigInteger bigInteger2, BigInteger bigInteger3, P11NewKeyControl p11NewKeyControl) throws P11TokenException;

    protected abstract P11Identity generateECEdwardsKeypair0(ASN1ObjectIdentifier aSN1ObjectIdentifier, P11NewKeyControl p11NewKeyControl) throws P11TokenException;

    protected abstract P11Identity generateECMontgomeryKeypair0(ASN1ObjectIdentifier aSN1ObjectIdentifier, P11NewKeyControl p11NewKeyControl) throws P11TokenException;

    protected abstract P11Identity generateECKeypair0(ASN1ObjectIdentifier aSN1ObjectIdentifier, P11NewKeyControl p11NewKeyControl) throws P11TokenException;

    protected abstract P11Identity generateSM2Keypair0(P11NewKeyControl p11NewKeyControl) throws P11TokenException;

    protected abstract P11Identity generateRSAKeypair0(int i, BigInteger bigInteger, P11NewKeyControl p11NewKeyControl) throws P11TokenException;

    protected abstract P11SlotRefreshResult refresh0() throws P11TokenException;

    protected abstract void removeCerts0(P11ObjectIdentifier p11ObjectIdentifier) throws P11TokenException;

    @Override // java.io.Closeable, java.lang.AutoCloseable
    public abstract void close();

    public abstract int removeObjects(byte[] bArr, String str) throws P11TokenException;

    public X509Cert getCertForId(byte[] bArr) {
        Iterator it = this.certificates.keySet().iterator();
        while (it.hasNext()) {
            P11ObjectIdentifier p11ObjectIdentifier = (P11ObjectIdentifier) it.next();
            if (p11ObjectIdentifier.matchesId(bArr)) {
                return this.certificates.get(p11ObjectIdentifier);
            }
        }
        return null;
    }

    public X509Cert getCert(P11ObjectIdentifier p11ObjectIdentifier) {
        return this.certificates.get(p11ObjectIdentifier);
    }

    private void updateCaCertsOfIdentities() {
        Iterator<P11Identity> it = this.identities.values().iterator();
        while (it.hasNext()) {
            updateCaCertsOfIdentity(it.next());
        }
    }

    private void updateCaCertsOfIdentity(P11Identity p11Identity) {
        X509Cert[] certificateChain = p11Identity.certificateChain();
        if (certificateChain == null || certificateChain.length == 0) {
            return;
        }
        X509Cert[] buildCertPath = buildCertPath(certificateChain[0]);
        if (Arrays.equals(certificateChain, buildCertPath)) {
            return;
        }
        try {
            p11Identity.setCertificates(buildCertPath);
        } catch (P11TokenException e) {
            LOG.warn("could not set certificates for identity {}", p11Identity.getId());
        }
    }

    private X509Cert[] buildCertPath(X509Cert x509Cert) {
        LinkedList linkedList = new LinkedList();
        X509Cert x509Cert2 = x509Cert;
        while (true) {
            X509Cert x509Cert3 = x509Cert2;
            if (x509Cert3 == null) {
                return (X509Cert[]) linkedList.toArray(new X509Cert[0]);
            }
            linkedList.add(x509Cert3);
            x509Cert2 = getIssuerForCert(x509Cert3);
        }
    }

    private X509Cert getIssuerForCert(X509Cert x509Cert) {
        try {
            if (x509Cert.isSelfSigned()) {
                return null;
            }
            for (X509Cert x509Cert2 : this.certificates.values()) {
                if (x509Cert2 != x509Cert && X509Util.issues(x509Cert2, x509Cert)) {
                    return x509Cert2;
                }
            }
            return null;
        } catch (CertificateEncodingException e) {
            LOG.warn("invalid encoding of certificate {}", e.getMessage());
            return null;
        }
    }

    public void refresh() throws P11TokenException {
        P11SlotRefreshResult refresh0 = refresh0();
        this.mechanisms.clear();
        this.certificates.clear();
        this.identities.clear();
        ArrayList arrayList = new ArrayList();
        for (Long l : refresh0.getMechanisms()) {
            if (this.mechanismFilter.isMechanismPermitted(this.slotId, l.longValue())) {
                this.mechanisms.add(l);
            } else {
                arrayList.add(l);
            }
        }
        this.certificates.putAll(refresh0.getCertificates());
        this.identities.putAll(refresh0.getIdentities());
        updateCaCertsOfIdentities();
        if (LOG.isInfoEnabled()) {
            StringBuilder sb = new StringBuilder();
            sb.append("initialized module ").append(this.moduleName).append(", slot ").append(this.slotId);
            sb.append("\nsupported mechanisms:\n");
            ArrayList arrayList2 = new ArrayList(this.mechanisms);
            Collections.sort(arrayList2);
            Iterator it = arrayList2.iterator();
            while (it.hasNext()) {
                sb.append("\t").append(Functions.getMechanismDescription(((Long) it.next()).longValue())).append("\n");
            }
            sb.append("\nsupported by device but ignored mechanisms:\n");
            if (arrayList.isEmpty()) {
                sb.append("\tNONE\n");
            } else {
                Collections.sort(arrayList);
                Iterator it2 = arrayList.iterator();
                while (it2.hasNext()) {
                    sb.append("\t").append(Functions.getMechanismDescription(((Long) it2.next()).longValue())).append("\n");
                }
            }
            List<P11ObjectIdentifier> sortedObjectIds = getSortedObjectIds(this.certificates.keySet());
            sb.append(sortedObjectIds.size()).append(" certificates:\n");
            for (P11ObjectIdentifier p11ObjectIdentifier : sortedObjectIds) {
                X509Cert x509Cert = this.certificates.get(p11ObjectIdentifier);
                sb.append("\t").append(p11ObjectIdentifier);
                sb.append(", subject='").append(x509Cert.getSubjectRfc4519Text()).append("'\n");
            }
            List<P11ObjectIdentifier> sortedObjectIds2 = getSortedObjectIds(this.identities.keySet());
            sb.append(sortedObjectIds2.size()).append(" identities:\n");
            for (P11ObjectIdentifier p11ObjectIdentifier2 : sortedObjectIds2) {
                P11Identity p11Identity = this.identities.get(p11ObjectIdentifier2);
                sb.append("\t").append(p11ObjectIdentifier2);
                PublicKey publicKey = p11Identity.getPublicKey();
                if (publicKey != null) {
                    sb.append(", algo=").append(getAlgorithmDesc(publicKey));
                    if (p11Identity.getCertificate() != null) {
                        sb.append(", subject='").append(p11Identity.getCertificate().getSubjectRfc4519Text()).append("'");
                    }
                } else {
                    sb.append(", algo=<symmetric>");
                }
                sb.append("\n");
            }
            LOG.info(sb.toString());
        }
    }

    protected void addIdentity(P11Identity p11Identity) throws P11DuplicateEntityException {
        if (!this.slotId.equals(p11Identity.getId().getSlotId())) {
            throw new IllegalArgumentException("invalid identity");
        }
        P11ObjectIdentifier keyId = p11Identity.getId().getKeyId();
        if (hasIdentity(keyId)) {
            throw new P11DuplicateEntityException(this.slotId, keyId);
        }
        this.identities.put(keyId, p11Identity);
        updateCaCertsOfIdentity(p11Identity);
    }

    public boolean hasIdentity(P11ObjectIdentifier p11ObjectIdentifier) {
        return this.identities.containsKey(p11ObjectIdentifier);
    }

    public Set<Long> getMechanisms() {
        return Collections.unmodifiableSet(this.mechanisms);
    }

    public boolean supportsMechanism(long j) {
        return this.mechanisms.contains(Long.valueOf(j));
    }

    public void assertMechanismSupported(long j) throws P11UnsupportedMechanismException {
        if (!this.mechanisms.contains(Long.valueOf(j))) {
            throw new P11UnsupportedMechanismException(j, this.slotId);
        }
    }

    public Set<P11ObjectIdentifier> getIdentityKeyIds() {
        return Collections.unmodifiableSet(this.identities.keySet());
    }

    public Set<P11ObjectIdentifier> getCertIds() {
        return Collections.unmodifiableSet(this.certificates.keySet());
    }

    public String getModuleName() {
        return this.moduleName;
    }

    public P11SlotIdentifier getSlotId() {
        return this.slotId;
    }

    public boolean isReadOnly() {
        return this.readOnly;
    }

    public P11Identity getIdentity(P11ObjectIdentifier p11ObjectIdentifier) throws P11UnknownEntityException {
        P11Identity p11Identity = this.identities.get(p11ObjectIdentifier);
        if (p11Identity == null) {
            throw new P11UnknownEntityException(this.slotId, p11ObjectIdentifier);
        }
        return p11Identity;
    }

    protected void assertNoIdentityAndCert(byte[] bArr, String str) throws P11DuplicateEntityException {
        if (bArr == null && str == null) {
            return;
        }
        HashSet<P11ObjectIdentifier> hashSet = new HashSet(this.identities.keySet());
        hashSet.addAll(this.certificates.keySet());
        for (P11ObjectIdentifier p11ObjectIdentifier : hashSet) {
            boolean z = bArr != null && p11ObjectIdentifier.matchesId(bArr);
            boolean z2 = str != null && str.equals(p11ObjectIdentifier.getLabel());
            if (z || z2) {
                StringBuilder sb = new StringBuilder("Identity or Certificate with ");
                if (z) {
                    sb.append("id=0x").append(Hex.encodeUpper(bArr));
                    if (z2) {
                        sb.append(" and ");
                    }
                }
                if (z2) {
                    sb.append("label=").append(str);
                }
                sb.append(" already exists");
                throw new P11DuplicateEntityException(sb.toString());
            }
        }
    }

    public P11ObjectIdentifier getObjectId(byte[] bArr, String str) {
        if (bArr == null && str == null) {
            return null;
        }
        Iterator it = this.identities.keySet().iterator();
        while (it.hasNext()) {
            P11ObjectIdentifier p11ObjectIdentifier = (P11ObjectIdentifier) it.next();
            boolean z = true;
            if (bArr != null) {
                z = p11ObjectIdentifier.matchesId(bArr);
            }
            if (str != null) {
                z = str.equals(p11ObjectIdentifier.getLabel());
            }
            if (z) {
                return p11ObjectIdentifier;
            }
        }
        Iterator it2 = this.certificates.keySet().iterator();
        while (it2.hasNext()) {
            P11ObjectIdentifier p11ObjectIdentifier2 = (P11ObjectIdentifier) it2.next();
            boolean z2 = true;
            if (bArr != null) {
                z2 = p11ObjectIdentifier2.matchesId(bArr);
            }
            if (str != null) {
                z2 = str.equals(p11ObjectIdentifier2.getLabel());
            }
            if (z2) {
                return p11ObjectIdentifier2;
            }
        }
        return null;
    }

    public P11IdentityId getIdentityId(byte[] bArr, String str) {
        if (bArr == null && str == null) {
            return null;
        }
        Iterator it = this.identities.keySet().iterator();
        while (it.hasNext()) {
            P11ObjectIdentifier p11ObjectIdentifier = (P11ObjectIdentifier) it.next();
            boolean z = true;
            if (bArr != null) {
                z = p11ObjectIdentifier.matchesId(bArr);
            }
            if (str != null) {
                z = str.equals(p11ObjectIdentifier.getLabel());
            }
            if (z) {
                return this.identities.get(p11ObjectIdentifier).getId();
            }
        }
        return null;
    }

    public X509Cert exportCert(P11ObjectIdentifier p11ObjectIdentifier) throws P11TokenException {
        Args.notNull(p11ObjectIdentifier, "objectId");
        try {
            return getIdentity(p11ObjectIdentifier).getCertificate();
        } catch (P11UnknownEntityException e) {
            X509Cert x509Cert = this.certificates.get(p11ObjectIdentifier);
            if (x509Cert == null) {
                throw new P11UnknownEntityException(this.slotId, p11ObjectIdentifier);
            }
            return x509Cert;
        }
    }

    public void removeCerts(P11ObjectIdentifier p11ObjectIdentifier) throws P11TokenException {
        Args.notNull(p11ObjectIdentifier, "objectId");
        assertWritable("removeCerts");
        P11ObjectIdentifier p11ObjectIdentifier2 = null;
        Iterator it = this.identities.keySet().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            P11ObjectIdentifier p11ObjectIdentifier3 = (P11ObjectIdentifier) it.next();
            if (p11ObjectIdentifier.equals(this.identities.get(p11ObjectIdentifier3).getId().getCertId())) {
                p11ObjectIdentifier2 = p11ObjectIdentifier3;
                break;
            }
        }
        if (p11ObjectIdentifier2 != null) {
            this.certificates.remove(p11ObjectIdentifier);
            this.identities.get(p11ObjectIdentifier2).setCertificates(null);
        } else {
            if (!this.certificates.containsKey(p11ObjectIdentifier)) {
                throw new P11UnknownEntityException(this.slotId, p11ObjectIdentifier);
            }
            this.certificates.remove(p11ObjectIdentifier);
        }
        updateCaCertsOfIdentities();
        removeCerts0(p11ObjectIdentifier);
    }

    public void removeIdentity(P11IdentityId p11IdentityId) throws P11TokenException {
        Args.notNull(p11IdentityId, "identityId");
        assertWritable("removeIdentity");
        P11ObjectIdentifier keyId = p11IdentityId.getKeyId();
        if (this.identities.containsKey(keyId)) {
            if (p11IdentityId.getCertId() != null) {
                this.certificates.remove(p11IdentityId.getCertId());
            }
            this.identities.get(keyId).setCertificates(null);
            this.identities.remove(keyId);
            updateCaCertsOfIdentities();
        }
        removeIdentity0(p11IdentityId);
    }

    public void removeIdentityByKeyId(P11ObjectIdentifier p11ObjectIdentifier) throws P11TokenException {
        Args.notNull(p11ObjectIdentifier, "keyId");
        assertWritable("removeIdentityByKeyId");
        if (this.identities.containsKey(p11ObjectIdentifier)) {
            P11IdentityId id = this.identities.get(p11ObjectIdentifier).getId();
            if (id.getCertId() != null) {
                this.certificates.remove(id.getCertId());
            }
            this.identities.get(p11ObjectIdentifier).setCertificates(null);
            this.identities.remove(p11ObjectIdentifier);
            updateCaCertsOfIdentities();
            removeIdentity0(id);
        }
    }

    public P11ObjectIdentifier addCert(X509Cert x509Cert, P11NewObjectControl p11NewObjectControl) throws P11TokenException, CertificateException {
        Args.notNull(x509Cert, "cert");
        Args.notNull(p11NewObjectControl, "control");
        assertWritable("addCert");
        if (p11NewObjectControl.getLabel() == null) {
            p11NewObjectControl = new P11NewObjectControl(p11NewObjectControl.getId(), generateLabel(x509Cert.getCommonName()));
        }
        P11ObjectIdentifier addCert0 = addCert0(x509Cert, p11NewObjectControl);
        this.certificates.put(addCert0, x509Cert);
        updateCaCertsOfIdentities();
        LOG.info("added certificate {}", addCert0);
        return addCert0;
    }

    protected String generateLabel(String str) {
        String str2 = str;
        int i = 0;
        while (true) {
            boolean z = false;
            Iterator it = this.identities.keySet().iterator();
            while (it.hasNext()) {
                P11ObjectIdentifier p11ObjectIdentifier = (P11ObjectIdentifier) it.next();
                P11IdentityId id = this.identities.get(p11ObjectIdentifier).getId();
                P11ObjectIdentifier publicKeyId = id.getPublicKeyId();
                P11ObjectIdentifier certId = id.getCertId();
                if (str.equals(p11ObjectIdentifier.getLabel()) || ((publicKeyId != null && str.equals(publicKeyId.getLabel())) || (certId != null && str.equals(certId.getLabel())))) {
                    z = true;
                    break;
                }
            }
            if (!z) {
                Iterator it2 = this.certificates.keySet().iterator();
                while (true) {
                    if (!it2.hasNext()) {
                        break;
                    }
                    if (((P11ObjectIdentifier) it2.next()).getLabel().equals(str)) {
                        z = true;
                        break;
                    }
                }
            }
            if (!z) {
                return str2;
            }
            i++;
            str2 = str + "-" + i;
        }
    }

    public P11IdentityId generateSecretKey(long j, int i, P11NewKeyControl p11NewKeyControl) throws P11TokenException {
        assertWritable("generateSecretKey");
        Args.notNull(p11NewKeyControl, "control");
        assertNoIdentityAndCert(p11NewKeyControl.getId(), p11NewKeyControl.getLabel());
        assertSecretKeyAllowed(j);
        P11Identity generateSecretKey0 = generateSecretKey0(j, i, p11NewKeyControl);
        addIdentity(generateSecretKey0);
        P11IdentityId id = generateSecretKey0.getId();
        LOG.info("generated secret key {}", id);
        return id;
    }

    public P11ObjectIdentifier importSecretKey(long j, byte[] bArr, P11NewKeyControl p11NewKeyControl) throws P11TokenException {
        Args.notNull(p11NewKeyControl, "control");
        assertWritable("createSecretKey");
        assertNoIdentityAndCert(p11NewKeyControl.getId(), p11NewKeyControl.getLabel());
        assertSecretKeyAllowed(j);
        P11Identity importSecretKey0 = importSecretKey0(j, bArr, p11NewKeyControl);
        addIdentity(importSecretKey0);
        P11ObjectIdentifier keyId = importSecretKey0.getId().getKeyId();
        LOG.info("created secret key {}", keyId);
        return keyId;
    }

    private void assertSecretKeyAllowed(long j) throws P11TokenException {
        if (this.secretKeyTypes != null && !this.secretKeyTypes.contains(Long.valueOf(j))) {
            throw new P11TokenException("secret key type 0x" + Long.toHexString(j) + "unsupported");
        }
    }

    public P11IdentityId generateRSAKeypair(int i, BigInteger bigInteger, P11NewKeyControl p11NewKeyControl) throws P11TokenException {
        Args.min(i, "keysize", 1024);
        if (i % 1024 != 0) {
            throw new IllegalArgumentException("key size is not multiple of 1024: " + i);
        }
        assertCanGenKeypair("generateRSAKeypair", 0L, p11NewKeyControl);
        BigInteger bigInteger2 = bigInteger;
        if (bigInteger2 == null) {
            bigInteger2 = BigInteger.valueOf(65537L);
        }
        P11Identity generateRSAKeypair0 = generateRSAKeypair0(i, bigInteger2, p11NewKeyControl);
        addIdentity(generateRSAKeypair0);
        P11IdentityId id = generateRSAKeypair0.getId();
        LOG.info("generated RSA keypair {}", id);
        return id;
    }

    public P11IdentityId generateDSAKeypair(int i, int i2, P11NewKeyControl p11NewKeyControl) throws P11TokenException {
        Args.min(i, "plength", 1024);
        if (i % 1024 != 0) {
            throw new IllegalArgumentException("key size is not multiple of 1024: " + i);
        }
        assertCanGenKeypair("generateDSAKeypair", 16L, p11NewKeyControl);
        DSAParameterSpec dSAParameterSpec = DSAParameterCache.getDSAParameterSpec(i, i2, this.random);
        P11Identity generateDSAKeypair0 = generateDSAKeypair0(dSAParameterSpec.getP(), dSAParameterSpec.getQ(), dSAParameterSpec.getG(), p11NewKeyControl);
        addIdentity(generateDSAKeypair0);
        P11IdentityId id = generateDSAKeypair0.getId();
        LOG.info("generated DSA keypair {}", id);
        return id;
    }

    public P11IdentityId generateDSAKeypair(BigInteger bigInteger, BigInteger bigInteger2, BigInteger bigInteger3, P11NewKeyControl p11NewKeyControl) throws P11TokenException {
        Args.notNull(bigInteger, "p");
        Args.notNull(bigInteger2, "q");
        Args.notNull(bigInteger3, "g");
        assertCanGenKeypair("generateDSAKeypair", 16L, p11NewKeyControl);
        P11Identity generateDSAKeypair0 = generateDSAKeypair0(bigInteger, bigInteger2, bigInteger3, p11NewKeyControl);
        addIdentity(generateDSAKeypair0);
        P11IdentityId id = generateDSAKeypair0.getId();
        LOG.info("generated DSA keypair {}", id);
        return id;
    }

    public P11IdentityId generateECKeypair(ASN1ObjectIdentifier aSN1ObjectIdentifier, P11NewKeyControl p11NewKeyControl) throws P11TokenException {
        P11Identity generateECKeypair0;
        Args.notNull(aSN1ObjectIdentifier, "curveOid");
        if (EdECConstants.isEdwardsCurve(aSN1ObjectIdentifier)) {
            assertCanGenKeypair("generateECKeypair", PKCS11Constants.CKM_EC_EDWARDS_KEY_PAIR_GEN, p11NewKeyControl);
            generateECKeypair0 = generateECEdwardsKeypair0(aSN1ObjectIdentifier, p11NewKeyControl);
        } else if (EdECConstants.isMontgomeryCurve(aSN1ObjectIdentifier)) {
            assertCanGenKeypair("generateECKeypair", PKCS11Constants.CKM_EC_MONTGOMERY_KEY_PAIR_GEN, p11NewKeyControl);
            generateECKeypair0 = generateECMontgomeryKeypair0(aSN1ObjectIdentifier, p11NewKeyControl);
        } else {
            assertCanGenKeypair("generateECKeypair", 4160L, p11NewKeyControl);
            generateECKeypair0 = generateECKeypair0(aSN1ObjectIdentifier, p11NewKeyControl);
        }
        addIdentity(generateECKeypair0);
        P11IdentityId id = generateECKeypair0.getId();
        LOG.info("generated EC keypair {}", id);
        return id;
    }

    public P11IdentityId generateECEdwardsKeypair(ASN1ObjectIdentifier aSN1ObjectIdentifier, P11NewKeyControl p11NewKeyControl) throws P11TokenException {
        Args.notNull(aSN1ObjectIdentifier, "curveOid");
        assertCanGenKeypair("generateECEdwardsKeypair0", PKCS11Constants.CKM_EC_EDWARDS_KEY_PAIR_GEN, p11NewKeyControl);
        P11Identity generateECEdwardsKeypair0 = generateECEdwardsKeypair0(aSN1ObjectIdentifier, p11NewKeyControl);
        addIdentity(generateECEdwardsKeypair0);
        P11IdentityId id = generateECEdwardsKeypair0.getId();
        LOG.info("generated EC Edwards keypair {}", id);
        return id;
    }

    public P11IdentityId generateECMontgomeryKeypair(ASN1ObjectIdentifier aSN1ObjectIdentifier, P11NewKeyControl p11NewKeyControl) throws P11TokenException {
        Args.notNull(aSN1ObjectIdentifier, "curveOid");
        assertCanGenKeypair("generateECMontgomeryKeypair", PKCS11Constants.CKM_EC_MONTGOMERY_KEY_PAIR_GEN, p11NewKeyControl);
        P11Identity generateECMontgomeryKeypair0 = generateECMontgomeryKeypair0(aSN1ObjectIdentifier, p11NewKeyControl);
        addIdentity(generateECMontgomeryKeypair0);
        P11IdentityId id = generateECMontgomeryKeypair0.getId();
        LOG.info("generated EC Montgomery keypair {}", id);
        return id;
    }

    public P11IdentityId generateSM2Keypair(P11NewKeyControl p11NewKeyControl) throws P11TokenException {
        assertCanGenKeypair("generateSM2Keypair", 4294963201L, p11NewKeyControl);
        P11Identity generateSM2Keypair0 = generateSM2Keypair0(p11NewKeyControl);
        addIdentity(generateSM2Keypair0);
        P11IdentityId id = generateSM2Keypair0.getId();
        LOG.info("generated SM2 keypair {}", id);
        return id;
    }

    private void assertCanGenKeypair(String str, long j, P11NewKeyControl p11NewKeyControl) throws P11UnsupportedMechanismException, P11PermissionException, P11DuplicateEntityException {
        long j2;
        Args.notNull(p11NewKeyControl, "control");
        assertWritable(str);
        assertMechanismSupported(j);
        assertNoIdentityAndCert(p11NewKeyControl.getId(), p11NewKeyControl.getLabel());
        if (this.keyPairTypes == null) {
            return;
        }
        if (0 == j) {
            j2 = 0;
        } else if (4160 == j) {
            j2 = 3;
        } else if (PKCS11Constants.CKM_EC_EDWARDS_KEY_PAIR_GEN == j) {
            j2 = 64;
        } else if (PKCS11Constants.CKM_EC_MONTGOMERY_KEY_PAIR_GEN == j) {
            j2 = 65;
        } else if (16 == j) {
            j2 = 1;
        } else {
            if (4294963201L != j) {
                throw new IllegalStateException("unknown KeyPair generation mechanism " + j);
            }
            j2 = 4294963201L;
        }
        if (this.keyPairTypes.contains(Long.valueOf(j2))) {
            return;
        }
        LOG.error("Keypair of key type 0x{} unsupported", Long.toHexString(j2));
        throw new P11UnsupportedMechanismException(j, this.slotId);
    }

    public void updateCertificate(P11ObjectIdentifier p11ObjectIdentifier, X509Cert x509Cert) throws P11TokenException, CertificateException {
        Args.notNull(p11ObjectIdentifier, "keyId");
        Args.notNull(x509Cert, "newCert");
        assertWritable("updateCertificate");
        P11Identity p11Identity = this.identities.get(p11ObjectIdentifier);
        if (p11Identity == null) {
            throw new P11UnknownEntityException("could not find private key " + p11ObjectIdentifier);
        }
        if (!p11Identity.getPublicKey().equals(x509Cert.getPublicKey())) {
            throw new P11TokenException("the given certificate is not for key " + p11ObjectIdentifier);
        }
        updateCertificate0(p11ObjectIdentifier, x509Cert);
        this.certificates.put(p11ObjectIdentifier, x509Cert);
        p11Identity.getId().setCertLabel(p11ObjectIdentifier.getLabel());
        p11Identity.setCertificates(new X509Cert[]{x509Cert});
        updateCaCertsOfIdentities();
        LOG.info("updated certificate for key {}", p11ObjectIdentifier);
    }

    public void showDetails(OutputStream outputStream, boolean z) throws IOException {
        Args.notNull(outputStream, "stream");
        List<P11ObjectIdentifier> sortedObjectIds = getSortedObjectIds(this.identities.keySet());
        int size = sortedObjectIds.size();
        StringBuilder sb = new StringBuilder();
        for (int i = 0; i < size; i++) {
            P11ObjectIdentifier p11ObjectIdentifier = sortedObjectIds.get(i);
            P11Identity p11Identity = this.identities.get(p11ObjectIdentifier);
            sb.append("\t").append(i + 1).append(". ").append(p11ObjectIdentifier.getLabel());
            sb.append(" (").append("id: ").append(p11ObjectIdentifier.getIdHex());
            P11IdentityId id = p11Identity.getId();
            P11ObjectIdentifier certId = id.getCertId();
            if (certId != null && !certId.equals(p11ObjectIdentifier)) {
                sb.append(", certificate label: ").append(id.getCertId().getLabel());
            }
            P11ObjectIdentifier publicKeyId = id.getPublicKeyId();
            if (publicKeyId != null && !publicKeyId.equals(p11ObjectIdentifier)) {
                sb.append(", publicKey label: ").append(publicKeyId.getLabel());
            }
            sb.append(")\n");
            if (p11Identity.getPublicKey() != null) {
                sb.append("\t\tAlgorithm: ").append(getAlgorithmDesc(p11Identity.getPublicKey())).append("\n");
                X509Cert[] certificateChain = p11Identity.certificateChain();
                if (certificateChain == null || certificateChain.length == 0) {
                    sb.append("\t\tCertificate: NONE\n");
                } else {
                    for (int i2 = 0; i2 < certificateChain.length; i2++) {
                        formatString(Integer.valueOf(i2), z, sb, certificateChain[i2]);
                    }
                }
            } else {
                sb.append("\t\tSymmetric key\n");
            }
        }
        sortedObjectIds.clear();
        Iterator it = this.certificates.keySet().iterator();
        while (it.hasNext()) {
            P11ObjectIdentifier p11ObjectIdentifier2 = (P11ObjectIdentifier) it.next();
            if (!this.identities.containsKey(p11ObjectIdentifier2)) {
                sortedObjectIds.add(p11ObjectIdentifier2);
            }
        }
        Collections.sort(sortedObjectIds);
        if (!sortedObjectIds.isEmpty()) {
            Collections.sort(sortedObjectIds);
            int size2 = sortedObjectIds.size();
            for (int i3 = 0; i3 < size2; i3++) {
                P11ObjectIdentifier p11ObjectIdentifier3 = sortedObjectIds.get(i3);
                sb.append("\tCert-").append(i3 + 1).append(". ").append(p11ObjectIdentifier3.getLabel());
                sb.append(" (").append("id: ").append(p11ObjectIdentifier3.getIdHex()).append(", label: ").append(p11ObjectIdentifier3.getLabel()).append(")\n");
                formatString(null, z, sb, this.certificates.get(p11ObjectIdentifier3));
            }
        }
        if (sb.length() > 0) {
            outputStream.write(StringUtil.toUtf8Bytes(sb.toString()));
        }
    }

    protected void assertWritable(String str) throws P11PermissionException {
        if (this.readOnly) {
            throw new P11PermissionException("Writable operation " + str + " is not permitted");
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean existsIdentityForId(byte[] bArr) {
        Iterator it = this.identities.keySet().iterator();
        while (it.hasNext()) {
            if (((P11ObjectIdentifier) it.next()).matchesId(bArr)) {
                return true;
            }
        }
        return false;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean existsIdentityForLabel(String str) {
        Iterator it = this.identities.keySet().iterator();
        while (it.hasNext()) {
            if (((P11ObjectIdentifier) it.next()).matchesLabel(str)) {
                return true;
            }
        }
        return false;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean existsCertForId(byte[] bArr) {
        Iterator it = this.certificates.keySet().iterator();
        while (it.hasNext()) {
            if (((P11ObjectIdentifier) it.next()).matchesId(bArr)) {
                return true;
            }
        }
        return false;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean existsCertForLabel(String str) {
        Iterator it = this.certificates.keySet().iterator();
        while (it.hasNext()) {
            if (((P11ObjectIdentifier) it.next()).matchesLabel(str)) {
                return true;
            }
        }
        return false;
    }

    private static String getAlgorithmDesc(PublicKey publicKey) {
        String algorithm = publicKey.getAlgorithm();
        if (publicKey instanceof ECPublicKey) {
            String str = "UNKNOWN";
            ASN1ObjectIdentifier detectCurveOid = KeyUtil.detectCurveOid(((ECPublicKey) publicKey).getParams());
            if (detectCurveOid != null) {
                String curveName = AlgorithmUtil.getCurveName(detectCurveOid);
                str = curveName == null ? detectCurveOid.getId() : curveName;
            }
            algorithm = algorithm + "/" + str;
        } else if (publicKey instanceof RSAPublicKey) {
            algorithm = algorithm + "/" + ((RSAPublicKey) publicKey).getModulus().bitLength();
        } else if (publicKey instanceof DSAPublicKey) {
            algorithm = algorithm + "/" + ((DSAPublicKey) publicKey).getParams().getP().bitLength();
        }
        return algorithm;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r2v1, types: [byte[], byte[][]] */
    private static void formatString(Integer num, boolean z, StringBuilder sb, X509Cert x509Cert) {
        String subjectRfc4519Text = x509Cert.getSubjectRfc4519Text();
        sb.append("\t\tCertificate");
        if (num != null) {
            sb.append("[").append(num).append("]");
        }
        sb.append(": ");
        if (!z) {
            sb.append(subjectRfc4519Text).append("\n");
            return;
        }
        sb.append("\n\t\t\tSubject: ").append(subjectRfc4519Text);
        sb.append("\n\t\t\tIssuer: ").append(x509Cert.getIssuerRfc4519Text());
        sb.append("\n\t\t\tSerial: ").append(x509Cert.getSerialNumberHex());
        sb.append("\n\t\t\tStart time: ").append(x509Cert.getNotBefore());
        sb.append("\n\t\t\tEnd time: ").append(x509Cert.getNotAfter());
        sb.append("\n\t\t\tSHA1 Sum: ");
        sb.append(HashAlgo.SHA1.hexHash(new byte[]{x509Cert.getEncoded()}));
        sb.append("\n");
    }

    private List<P11ObjectIdentifier> getSortedObjectIds(Set<P11ObjectIdentifier> set) {
        ArrayList arrayList = new ArrayList(set);
        Collections.sort(arrayList);
        return arrayList;
    }
}
