package org.openscdp.pkidm.signer;

import de.cardcontact.opencard.service.isocard.CHVCardServiceWithControl;
import de.cardcontact.opencard.service.smartcardhsm.SmartCardHSMKey;
import de.cardcontact.smartcardhsmprovider.SmartCardHSMProvider;
import java.security.Key;
import java.security.KeyStore;
import java.security.Provider;
import java.util.ArrayList;
import opencard.core.OpenCardException;
import opencard.core.service.InvalidCardChannelException;
import opencard.opt.security.SecurityDomain;
import org.openscdp.pkidb.dto.SignerDTO;
import org.openscdp.pkidm.PKIDMContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/openscdp/pkidm/signer/HSMSigner.class */
public class HSMSigner extends SignerBase {
    private final Logger logger;
    private String label;
    private SmartCardHSMProvider provider;

    /* loaded from: input_file:org/openscdp/pkidm/signer/HSMSigner$Status.class */
    public enum Status {
        OFFLINE,
        ONLINE,
        READY,
        EXPIRED
    }

    public HSMSigner(SignerDTO signerDTO) {
        super(signerDTO);
        this.logger = LoggerFactory.getLogger(HSMSigner.class);
    }

    public void setLabel(String str) {
        this.label = str;
    }

    public String getLabel() {
        return this.label;
    }

    public SmartCardHSMProvider getProvider() {
        return this.provider;
    }

    private Key getKey(byte[] bArr) {
        try {
            KeyStore keyStore = KeyStore.getInstance("SmartCardHSMKeyStore", (Provider) this.provider);
            keyStore.load(null, null);
            if (this.label == null) {
                this.label = this.provider.getSmartCardHSMCardService().getAliasForKeyId(bArr);
                Key key = keyStore.getKey(this.label, null);
                if (key != null) {
                    return key;
                }
                this.label = this.dto.getName();
            }
            return keyStore.getKey(this.label, null);
        } catch (Exception e) {
            throw new RuntimeException("get key failed with", e);
        }
    }

    public Key getKey(boolean z) {
        ArrayList provider = PKIDMContext.getHSMService().getProvider(this.dto.getKeyDomain());
        if (provider == null || provider.size() == 0) {
            return null;
        }
        int size = (int) (provider.size() * Math.random());
        int i = size;
        do {
            this.provider = (SmartCardHSMProvider) provider.get(i);
            SmartCardHSMKey key = getKey(this.dto.getKeyId());
            if (key != null) {
                if (!z) {
                    return key;
                }
                SmartCardHSMKey smartCardHSMKey = key;
                try {
                    if (smartCardHSMKey.getUseCounter() != 0 && smartCardHSMKey.getCardService().getPasswordStatus((SecurityDomain) null, 129) == CHVCardServiceWithControl.PasswordStatus.VERIFIED) {
                        return key;
                    }
                } catch (OpenCardException e) {
                    this.logger.error("Could not access token", e);
                }
            }
            i++;
            if (i >= provider.size()) {
                i = 0;
            }
        } while (i != size);
        return null;
    }

    public Key getKey() {
        return getKey(true);
    }

    public Status getStatus() {
        SmartCardHSMKey key = getKey(false);
        if (key == null) {
            return Status.OFFLINE;
        }
        SmartCardHSMKey smartCardHSMKey = key;
        try {
            return smartCardHSMKey.getCardService().getPasswordStatus((SecurityDomain) null, 1) != CHVCardServiceWithControl.PasswordStatus.VERIFIED ? Status.ONLINE : smartCardHSMKey.getUseCounter() == 0 ? Status.EXPIRED : Status.READY;
        } catch (OpenCardException | InvalidCardChannelException e) {
            this.logger.error("Could not access token", e);
            return Status.OFFLINE;
        }
    }
}
