package org.xipki.security.pkcs11.provider;

import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.Key;
import java.security.KeyStoreException;
import java.security.KeyStoreSpi;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.xipki.security.XiSecurityException;
import org.xipki.security.pkcs11.P11CryptService;
import org.xipki.security.pkcs11.P11CryptServiceFactory;
import org.xipki.security.pkcs11.P11Identity;
import org.xipki.security.pkcs11.P11Module;
import org.xipki.security.pkcs11.P11ObjectIdentifier;
import org.xipki.security.pkcs11.P11PrivateKey;
import org.xipki.security.pkcs11.P11Slot;
import org.xipki.security.pkcs11.P11SlotIdentifier;
import org.xipki.security.pkcs11.P11TokenException;
import org.xipki.util.Args;
import org.xipki.util.LogUtil;

/* loaded from: input_file:org/xipki/security/pkcs11/provider/XiKeyStoreSpi.class */
public class XiKeyStoreSpi extends KeyStoreSpi {
    private static final Logger LOG = LoggerFactory.getLogger(XiKeyStoreSpi.class);
    private static P11CryptServiceFactory p11CryptServiceFactory;
    private Date creationDate;
    private Map<String, KeyCertEntry> keyCerts = new HashMap();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/xipki/security/pkcs11/provider/XiKeyStoreSpi$KeyCertEntry.class */
    public static class KeyCertEntry {
        private PrivateKey key;
        private Certificate[] chain;

        KeyCertEntry(PrivateKey privateKey, Certificate[] certificateArr) {
            this.key = (PrivateKey) Args.notNull(privateKey, "key");
            this.chain = (Certificate[]) Args.notNull(certificateArr, "chain");
            if (certificateArr.length < 1) {
                throw new IllegalArgumentException("chain does not contain any certificate");
            }
        }

        PrivateKey getKey() {
            return this.key;
        }

        Certificate[] getCertificateChain() {
            return (Certificate[]) Arrays.copyOf(this.chain, this.chain.length);
        }

        Certificate getCertificate() {
            return this.chain[0];
        }
    }

    /* loaded from: input_file:org/xipki/security/pkcs11/provider/XiKeyStoreSpi$MyEnumeration.class */
    private static class MyEnumeration<E> implements Enumeration<E> {
        private Iterator<E> iter;

        MyEnumeration(Iterator<E> it) {
            this.iter = it;
        }

        @Override // java.util.Enumeration
        public boolean hasMoreElements() {
            return this.iter.hasNext();
        }

        @Override // java.util.Enumeration
        public E nextElement() {
            return this.iter.next();
        }
    }

    public static void setP11CryptServiceFactory(P11CryptServiceFactory p11CryptServiceFactory2) {
        p11CryptServiceFactory = p11CryptServiceFactory2;
    }

    @Override // java.security.KeyStoreSpi
    public void engineLoad(InputStream inputStream, char[] cArr) {
        this.creationDate = new Date();
        for (String str : p11CryptServiceFactory.getModuleNames()) {
            try {
                engineLoad(str);
            } catch (XiSecurityException | P11TokenException e) {
                LogUtil.error(LOG, e, "could not load PKCS#11 module " + str);
            }
        }
        if (LOG.isErrorEnabled()) {
            LOG.info("loaded key entries {}", this.keyCerts.keySet());
        }
    }

    private void engineLoad(String str) throws P11TokenException, XiSecurityException {
        P11CryptService p11CryptService = p11CryptServiceFactory.getP11CryptService(str);
        P11Module module = p11CryptService.getModule();
        for (P11SlotIdentifier p11SlotIdentifier : module.getSlotIds()) {
            P11Slot slot = module.getSlot(p11SlotIdentifier);
            for (P11ObjectIdentifier p11ObjectIdentifier : slot.getIdentityKeyIds()) {
                P11Identity identity = slot.getIdentity(p11ObjectIdentifier);
                X509Certificate[] certificateChain = identity.certificateChain();
                if (certificateChain != null && certificateChain.length != 0) {
                    KeyCertEntry keyCertEntry = new KeyCertEntry(new P11PrivateKey(p11CryptService, identity.getId()), certificateChain);
                    this.keyCerts.put(str + "#slotid-" + p11SlotIdentifier.getId() + "#keyid-" + p11ObjectIdentifier.getIdHex(), keyCertEntry);
                    this.keyCerts.put(str + "#slotid-" + p11SlotIdentifier.getId() + "#keylabel-" + p11ObjectIdentifier.getLabel(), keyCertEntry);
                    this.keyCerts.put(str + "#slotindex-" + p11SlotIdentifier.getIndex() + "#keyid-" + p11ObjectIdentifier.getIdHex(), keyCertEntry);
                    this.keyCerts.put(str + "#slotindex-" + p11SlotIdentifier.getIndex() + "#keylabel-" + p11ObjectIdentifier.getLabel(), keyCertEntry);
                }
            }
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineStore(OutputStream outputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
    }

    @Override // java.security.KeyStoreSpi
    public Key engineGetKey(String str, char[] cArr) throws NoSuchAlgorithmException, UnrecoverableKeyException {
        if (this.keyCerts.containsKey(str)) {
            return this.keyCerts.get(str).getKey();
        }
        return null;
    }

    @Override // java.security.KeyStoreSpi
    public Certificate[] engineGetCertificateChain(String str) {
        if (this.keyCerts.containsKey(str)) {
            return this.keyCerts.get(str).getCertificateChain();
        }
        return null;
    }

    @Override // java.security.KeyStoreSpi
    public Certificate engineGetCertificate(String str) {
        if (this.keyCerts.containsKey(str)) {
            return this.keyCerts.get(str).getCertificate();
        }
        return null;
    }

    @Override // java.security.KeyStoreSpi
    public Date engineGetCreationDate(String str) {
        if (this.keyCerts.containsKey(str)) {
            return this.creationDate;
        }
        return null;
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetKeyEntry(String str, Key key, char[] cArr, Certificate[] certificateArr) throws KeyStoreException {
        throw new KeyStoreException("keystore is read only");
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetKeyEntry(String str, byte[] bArr, Certificate[] certificateArr) throws KeyStoreException {
        throw new KeyStoreException("keystore is read only");
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetCertificateEntry(String str, Certificate certificate) throws KeyStoreException {
        throw new KeyStoreException("keystore is read only");
    }

    @Override // java.security.KeyStoreSpi
    public void engineDeleteEntry(String str) throws KeyStoreException {
        throw new KeyStoreException("keystore is read only");
    }

    @Override // java.security.KeyStoreSpi
    public Enumeration<String> engineAliases() {
        return new MyEnumeration(this.keyCerts.keySet().iterator());
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineContainsAlias(String str) {
        return this.keyCerts.containsKey(str);
    }

    @Override // java.security.KeyStoreSpi
    public int engineSize() {
        return this.keyCerts.size();
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineIsKeyEntry(String str) {
        return this.keyCerts.containsKey(str) && this.keyCerts.get(str).key != null;
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineIsCertificateEntry(String str) {
        return this.keyCerts.containsKey(str) && this.keyCerts.get(str).key == null;
    }

    @Override // java.security.KeyStoreSpi
    public String engineGetCertificateAlias(Certificate certificate) {
        for (String str : this.keyCerts.keySet()) {
            if (this.keyCerts.get(str).getCertificate().equals(certificate)) {
                return str;
            }
        }
        return null;
    }
}
