package es.mityc.javasign.pkstore.mozilla;

import es.mityc.javasign.i18n.I18nFactory;
import es.mityc.javasign.i18n.II18nManager;
import es.mityc.javasign.pkstore.CertStoreException;
import es.mityc.javasign.pkstore.ConstantsCert;
import es.mityc.javasign.pkstore.IPKStoreManager;
import es.mityc.javasign.pkstore.mozilla.IPINDialogConfigurable;
import es.mityc.javasign.pkstore.mozilla.MozillaStoreUtils;
import es.mityc.javasign.utils.OSTool;
import iaik.pkcs.pkcs11.DefaultInitializeArgs;
import iaik.pkcs.pkcs11.Module;
import iaik.pkcs.pkcs11.PkProxyProvider;
import iaik.pkcs.pkcs11.PkcsProvider;
import iaik.pkcs.pkcs11.Session;
import iaik.pkcs.pkcs11.Slot;
import iaik.pkcs.pkcs11.Token;
import iaik.pkcs.pkcs11.objects.Object;
import iaik.pkcs.pkcs11.objects.PublicKey;
import iaik.pkcs.pkcs11.objects.RSAPrivateKey;
import iaik.pkcs.pkcs11.objects.X509PublicKeyCertificate;
import java.io.File;
import java.math.BigInteger;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.cert.CertPath;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPublicKey;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.mozilla.jss.util.Password;
import org.mozilla.jss.util.PasswordCallbackInfo;

/* loaded from: input_file:es/mityc/javasign/pkstore/mozilla/MozillaStorePKCS11.class */
public class MozillaStorePKCS11 implements IPKStoreManager {
    private static final Log LOG = LogFactory.getLog(MozillaStorePKCS11.class);
    private static final II18nManager I18N = I18nFactory.getI18nManager(ConstantsCert.LIB_NAME);
    private static Module cmNss = null;

    public MozillaStorePKCS11(String str) throws CertStoreException {
        this(str, MozillaStoreUtils.LIB_MODE.ONLY_PKCS11);
    }

    public MozillaStorePKCS11(String str, MozillaStoreUtils.LIB_MODE lib_mode) throws CertStoreException {
        if (cmNss == null) {
            initialize(str, lib_mode);
        }
    }

    @Override // es.mityc.javasign.pkstore.IPKStoreManager
    public CertPath getCertPath(X509Certificate x509Certificate) throws CertStoreException {
        throw new UnsupportedOperationException("Not implemented yet");
    }

    @Override // es.mityc.javasign.pkstore.IPKStoreManager
    public PrivateKey getPrivateKey(X509Certificate x509Certificate) throws CertStoreException {
        if (cmNss == null) {
            throw new CertStoreException("No se pudo acceder al repositorio de certificados de Firefox");
        }
        try {
            Slot[] slotList = cmNss.getSlotList(false);
            if (slotList.length == 0) {
                LOG.error("No se puede acceder a Firefox, no se han encontrado slots libres.");
                return null;
            }
            for (int i = 0; i < slotList.length; i++) {
                if (LOG.isDebugEnabled()) {
                    LOG.debug("Procesando slot " + i);
                }
                Token token = slotList[i].getToken();
                Session openSession = token.openSession(true, false, null, null);
                if (LOG.isDebugEnabled()) {
                    LOG.debug("Session: " + openSession.getSessionInfo());
                }
                if (token.getTokenInfo().isLoginRequired()) {
                    if (LOG.isDebugEnabled()) {
                        LOG.debug("Solicitando contraseña de acceso");
                    }
                    Password passwordFirstAttempt = MozillaStoreUtils.getPassHandler(IPINDialogConfigurable.MESSAGES_MODE.AUTO_TOKEN, null, I18N.getLocalMessage(ConstantsCert.I18N_CERT_MOZILLA_8)).getPasswordFirstAttempt(new PasswordCallbackInfo("Firefox", 1));
                    if (LOG.isDebugEnabled()) {
                        LOG.debug("PIN obtenido, Autenticando");
                    }
                    try {
                        openSession.login(true, passwordFirstAttempt.getCharCopy());
                    } catch (Exception e) {
                        throw new CertStoreException("Contraseña incorrecta", e);
                    }
                }
                if (LOG.isDebugEnabled()) {
                    LOG.debug("Resolviendo alias del certificado");
                }
                openSession.findObjectsInit(new X509PublicKeyCertificate());
                Object[] findObjects = openSession.findObjects(100);
                LOG.debug("Se han encontrado " + findObjects.length + " certificados en el almacén de Firefox");
                openSession.findObjectsFinal();
                String str = null;
                int i2 = 0;
                while (true) {
                    if (i2 >= findObjects.length) {
                        break;
                    }
                    if (Arrays.equals(x509Certificate.getIssuerX500Principal().getEncoded(), ((X509PublicKeyCertificate) findObjects[i2]).getIssuer().getByteArrayValue())) {
                        byte[] byteArrayValue = ((X509PublicKeyCertificate) findObjects[i2]).getSerialNumber().getByteArrayValue();
                        if (Arrays.equals(x509Certificate.getSerialNumber().toByteArray(), Arrays.copyOfRange(byteArrayValue, 2, byteArrayValue.length))) {
                            str = ((X509PublicKeyCertificate) findObjects[i2]).getLabel().toString();
                            break;
                        }
                    }
                    i2++;
                }
                if (LOG.isDebugEnabled()) {
                    LOG.debug("Buscando clave privada asociada al alias " + str);
                }
                RSAPrivateKey rSAPrivateKey = new RSAPrivateKey();
                rSAPrivateKey.getSign().setBooleanValue(Boolean.TRUE);
                openSession.findObjectsInit(rSAPrivateKey);
                Object[] findObjects2 = openSession.findObjects(100);
                openSession.findObjectsFinal();
                LOG.debug("Encontradas " + findObjects2.length + " claves privadas");
                if (findObjects2 != null && findObjects2.length > 0) {
                    for (int i3 = 0; i3 < findObjects2.length; i3++) {
                        if (str.equals(new String(((RSAPrivateKey) findObjects2[i3]).getLabel().getCharArrayValue()))) {
                            if (LOG.isDebugEnabled()) {
                                LOG.debug("Devolviendo pasarela a la clave privada");
                            }
                            return new PkProxyProvider(x509Certificate, (RSAPrivateKey) findObjects2[i3], openSession);
                        }
                    }
                    if (!LOG.isDebugEnabled()) {
                        return null;
                    }
                    LOG.debug("Clave privada no encontrada");
                    return null;
                }
            }
            if (!LOG.isDebugEnabled()) {
                return null;
            }
            LOG.debug("Clave privada no encontrada");
            return null;
        } catch (Exception e2) {
            throw new CertStoreException("No se pudo acceder al repositorio de certificados de Firefox", e2);
        }
    }

    @Override // es.mityc.javasign.pkstore.IPKStoreManager
    public Provider getProvider(X509Certificate x509Certificate) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("Devolviendo instancia del proveedor criptográfico PKCS11Wrapper+NSS");
        }
        return new PkcsProvider();
    }

    @Override // es.mityc.javasign.pkstore.IPKStoreManager
    public List<X509Certificate> getSignCertificates() throws CertStoreException {
        return getCertificates(true);
    }

    @Override // es.mityc.javasign.pkstore.IPKStoreManager
    public List<X509Certificate> getPublicCertificates() throws CertStoreException {
        return getCertificates(false);
    }

    private List<X509Certificate> getCertificates(boolean z) throws CertStoreException {
        if (cmNss == null) {
            LOG.error("No se ha cargado el módulo CSP-PKCS11 para Mozilla");
            throw new CertStoreException(I18N.getLocalMessage(ConstantsCert.I18N_CERT_MOZILLA_9));
        }
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        int i = 0;
        try {
            Slot[] slotList = cmNss.getSlotList(false);
            if (slotList.length == 0) {
                LOG.error("No se puede acceder a Firefox, no se han encontrado slots libres.");
                return null;
            }
            if (LOG.isDebugEnabled()) {
                LOG.debug("Slots disponibles: " + slotList.length);
            }
            for (int i2 = 0; i2 < slotList.length; i2++) {
                if (LOG.isTraceEnabled()) {
                    LOG.trace("Procesando slot " + i2);
                }
                Token token = slotList[i2].getToken();
                Session openSession = token.openSession(true, false, null, null);
                if (LOG.isTraceEnabled()) {
                    LOG.trace("Session: " + openSession.getSessionInfo());
                }
                if (token.getTokenInfo().isLoginRequired()) {
                    if (LOG.isDebugEnabled()) {
                        LOG.debug("Solicitando contraseña de acceso");
                    }
                    Password passwordFirstAttempt = MozillaStoreUtils.getPassHandler(IPINDialogConfigurable.MESSAGES_MODE.AUTO_TOKEN, null, I18N.getLocalMessage(ConstantsCert.I18N_CERT_MOZILLA_8)).getPasswordFirstAttempt(new PasswordCallbackInfo("Firefox", 1));
                    if (LOG.isDebugEnabled()) {
                        LOG.debug("PIN obtenido, Autenticando");
                    }
                    try {
                        openSession.login(true, passwordFirstAttempt.getCharCopy());
                    } catch (Exception e) {
                        LOG.error("Contraseña incorrecta", e);
                    }
                }
                openSession.findObjectsInit(new X509PublicKeyCertificate());
                Object[] findObjects = openSession.findObjects(100);
                LOG.debug("Se han encontrado " + findObjects.length + " certificados");
                i += findObjects.length;
                openSession.findObjectsFinal();
                if (z) {
                    openSession.findObjectsInit(new iaik.pkcs.pkcs11.objects.PrivateKey());
                    Object[] findObjects2 = openSession.findObjects(100);
                    LOG.debug("Encontradas " + findObjects2.length + " claves privadas");
                    openSession.findObjectsFinal();
                    openSession.findObjectsInit(new PublicKey());
                    Object[] findObjects3 = openSession.findObjects(100);
                    LOG.debug("Encontradas " + findObjects3.length + " claves publicas");
                    openSession.findObjectsFinal();
                    for (Object object : findObjects) {
                        X509Certificate convert = MozillaStoreUtils.convert((X509PublicKeyCertificate) object);
                        boolean[] keyUsage = convert.getKeyUsage();
                        if (convert != null && (keyUsage == null || keyUsage[0] || keyUsage[1])) {
                            if ("RSA".equals(convert.getPublicKey().getAlgorithm())) {
                                java.security.PublicKey publicKey = convert.getPublicKey();
                                if (publicKey instanceof RSAPublicKey) {
                                    BigInteger modulus = ((RSAPublicKey) publicKey).getModulus();
                                    BigInteger publicExponent = ((RSAPublicKey) publicKey).getPublicExponent();
                                    iaik.pkcs.pkcs11.objects.RSAPublicKey rSAPublicKey = null;
                                    int i3 = 0;
                                    while (true) {
                                        if (i3 >= findObjects3.length) {
                                            break;
                                        }
                                        if (findObjects3[i3] != null && modulus.equals(new BigInteger(((iaik.pkcs.pkcs11.objects.RSAPublicKey) findObjects3[i3]).getModulus().toString(), 16)) && publicExponent.equals(new BigInteger(((iaik.pkcs.pkcs11.objects.RSAPublicKey) findObjects3[i3]).getPublicExponent().toString(), 16))) {
                                            rSAPublicKey = (iaik.pkcs.pkcs11.objects.RSAPublicKey) findObjects3[i3];
                                            findObjects3[i3] = null;
                                            break;
                                        }
                                        i3++;
                                    }
                                    if (rSAPublicKey != null) {
                                        int i4 = 0;
                                        while (true) {
                                            if (i4 < findObjects2.length) {
                                                if (findObjects2[i4] != null) {
                                                    iaik.pkcs.pkcs11.objects.PrivateKey privateKey = (iaik.pkcs.pkcs11.objects.PrivateKey) findObjects2[i4];
                                                    if (privateKey.getId() != null && privateKey.getId().equals(rSAPublicKey.getId())) {
                                                        if (LOG.isDebugEnabled()) {
                                                            LOG.debug("Se ha encontrado un certificado asociado a una clave privada presente");
                                                        }
                                                        findObjects2[i4] = null;
                                                        arrayList2.add(convert);
                                                    }
                                                }
                                                i4++;
                                            }
                                        }
                                    }
                                } else if (LOG.isDebugEnabled()) {
                                    LOG.debug("Encontrado certificado incompatible: " + convert.getSubjectDN().getName());
                                    LOG.debug("Clave pública incompatible de tipo: " + publicKey.getClass());
                                }
                            } else if (LOG.isDebugEnabled()) {
                                LOG.debug("Encontrado certificado incompatible: " + convert.getSubjectDN().getName());
                                LOG.debug("Algoritmo incompatible de tipo: " + convert.getPublicKey().getAlgorithm());
                            }
                        }
                    }
                } else {
                    for (Object object2 : findObjects) {
                        arrayList.add(MozillaStoreUtils.convert((X509PublicKeyCertificate) object2));
                    }
                }
            }
            if (LOG.isTraceEnabled()) {
                LOG.trace("Modulo P11 procesado");
            }
            if (!z) {
                return arrayList;
            }
            if (LOG.isDebugEnabled()) {
                LOG.debug("Se devuelven " + arrayList2.size() + " certificados privados de un total de " + i);
            }
            return arrayList2;
        } catch (Exception e2) {
            LOG.error(I18N.getLocalMessage(ConstantsCert.I18N_CERT_MOZILLA_9), e2);
            throw new CertStoreException(I18N.getLocalMessage(ConstantsCert.I18N_CERT_MOZILLA_9), e2);
        }
    }

    @Override // es.mityc.javasign.pkstore.IPKStoreManager
    public List<X509Certificate> getTrustCertificates() throws CertStoreException {
        throw new UnsupportedOperationException("Not implemented yet");
    }

    private synchronized void initialize(String str, MozillaStoreUtils.LIB_MODE lib_mode) throws CertStoreException {
        String initialize = MozillaStoreUtils.initialize(str, lib_mode);
        try {
            if (LOG.isDebugEnabled()) {
                LOG.debug("Se levanta el proveedor PKCS11Wrapper+NSS");
            }
            if (initialize != null && !initialize.endsWith(File.separator)) {
                initialize = String.valueOf(initialize) + File.separator;
            }
            if (OSTool.getSO().isMacOsX()) {
                MozillaStoreUtils.configureMacNSS(initialize);
            }
            cmNss = Module.getInstance("softokn3.dll");
            DefaultInitializeArgs defaultInitializeArgs = new DefaultInitializeArgs();
            byte[] bytes = MozillaStoreUtils.createPKCS11NSSConfigFile(str, initialize).getBytes();
            byte[] bArr = new byte[bytes.length + 5];
            System.arraycopy(bytes, 0, bArr, 0, bytes.length);
            defaultInitializeArgs.setReserved(bArr);
            if (LOG.isDebugEnabled()) {
                LOG.debug("Módulo instanciado. Incializando con " + new String(bytes));
            }
            cmNss.initialize(defaultInitializeArgs);
        } catch (Throwable th) {
            LOG.error("No se pudo cargar la instancia de la librería NSS: " + th.getMessage(), th);
        }
    }
}
