package de.cardcontact.smartcardhsmprovider;

import de.cardcontact.opencard.service.smartcardhsm.CertificateDescription;
import de.cardcontact.opencard.service.smartcardhsm.KeyDescription;
import de.cardcontact.opencard.service.smartcardhsm.SmartCardHSMCardService;
import de.cardcontact.opencard.service.smartcardhsm.SmartCardHSMEntry;
import de.cardcontact.opencard.service.smartcardhsm.SmartCardHSMKey;
import de.cardcontact.opencard.service.smartcardhsm.SmartCardHSMRSAKey;
import de.cardcontact.tlv.TLVEncodingException;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.Key;
import java.security.KeyStoreException;
import java.security.KeyStoreSpi;
import java.security.NoSuchAlgorithmException;
import java.security.ProviderException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Date;
import java.util.Enumeration;
import javax.security.auth.x500.X500Principal;
import opencard.core.OpenCardException;
import opencard.core.service.CardServiceException;
import opencard.core.terminal.CardTerminalException;
import opencard.core.util.HexString;
import opencard.opt.iso.fs.CardFilePath;
import opencard.opt.iso.fs.CardIOException;
import opencard.opt.security.SecurityDomain;
import opencard.opt.service.CardServiceResourceNotFoundException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:de/cardcontact/smartcardhsmprovider/SmartCardHSMKeyStore.class */
public class SmartCardHSMKeyStore extends KeyStoreSpi {
    private static final Logger log = LoggerFactory.getLogger(SmartCardHSMKeyStore.class);
    private SmartCardHSMProvider provider;

    public SmartCardHSMKeyStore(SmartCardHSMProvider smartCardHSMProvider, String str) {
        this.provider = smartCardHSMProvider;
    }

    @Override // java.security.KeyStoreSpi
    public Enumeration<String> engineAliases() {
        try {
            return this.provider.getSmartCardHSMCardService().getAliases().elements();
        } catch (TLVEncodingException e) {
            log.error(e.getLocalizedMessage(), e);
            throw new ProviderException((Throwable) e);
        } catch (CertificateException e2) {
            log.error(e2.getLocalizedMessage(), e2);
            throw new ProviderException(e2);
        } catch (OpenCardException e3) {
            log.error(e3.getLocalizedMessage(), e3);
            throw new ProviderException((Throwable) e3);
        }
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineContainsAlias(String str) {
        try {
            return this.provider.getSmartCardHSMCardService().containsLabel(str);
        } catch (OpenCardException e) {
            log.error(e.getLocalizedMessage(), e);
            throw new ProviderException((Throwable) e);
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineDeleteEntry(String str) throws KeyStoreException {
        if (!this.provider.isVerified()) {
            throw new ProviderException("Login required.");
        }
        try {
            this.provider.getSmartCardHSMCardService().removeEntry(str);
        } catch (CardServiceException e) {
            log.error(e.getLocalizedMessage(), e);
            throw new ProviderException((Throwable) e);
        } catch (CardTerminalException e2) {
            log.error(e2.getLocalizedMessage(), e2);
            throw new ProviderException((Throwable) e2);
        } catch (CardIOException e3) {
            log.error(e3.getLocalizedMessage(), e3);
            throw new ProviderException((Throwable) e3);
        } catch (CardServiceResourceNotFoundException e4) {
            log.error(e4.getLocalizedMessage(), e4);
            throw new KeyStoreException(str + " not found.");
        }
    }

    @Override // java.security.KeyStoreSpi
    public Certificate engineGetCertificate(String str) {
        SmartCardHSMEntry smartCardHSMEntry = this.provider.getSmartCardHSMCardService().getSmartCardHSMEntry(str);
        if (smartCardHSMEntry == null) {
            return null;
        }
        return smartCardHSMEntry.getCert();
    }

    @Override // java.security.KeyStoreSpi
    public String engineGetCertificateAlias(Certificate certificate) {
        return null;
    }

    @Override // java.security.KeyStoreSpi
    public Certificate[] engineGetCertificateChain(String str) {
        boolean z;
        Certificate engineGetCertificate;
        ArrayList arrayList = new ArrayList();
        Certificate engineGetCertificate2 = engineGetCertificate(str);
        if (engineGetCertificate2 instanceof X509Certificate) {
            X500Principal issuerX500Principal = ((X509Certificate) engineGetCertificate2).getIssuerX500Principal();
            arrayList.add(engineGetCertificate2);
            do {
                z = true;
                Enumeration<String> engineAliases = engineAliases();
                while (engineAliases.hasMoreElements()) {
                    String nextElement = engineAliases.nextElement();
                    if (!nextElement.equals(str) && (engineGetCertificate = engineGetCertificate(nextElement)) != null && (engineGetCertificate instanceof X509Certificate)) {
                        X509Certificate x509Certificate = (X509Certificate) engineGetCertificate;
                        if (!x509Certificate.getSubjectX500Principal().equals(x509Certificate.getIssuerX500Principal()) && x509Certificate.getSubjectX500Principal().equals(issuerX500Principal)) {
                            arrayList.add(x509Certificate);
                            issuerX500Principal = x509Certificate.getIssuerX500Principal();
                            z = false;
                        }
                    }
                }
            } while (!z);
        }
        Certificate[] certificateArr = new Certificate[arrayList.size()];
        arrayList.toArray(certificateArr);
        return certificateArr;
    }

    @Override // java.security.KeyStoreSpi
    public Date engineGetCreationDate(String str) {
        return new Date();
    }

    private byte[] toByteArray(char[] cArr) {
        byte[] bArr = new byte[cArr.length];
        for (int i = 0; i < cArr.length; i++) {
            bArr[i] = (byte) cArr[i];
        }
        return bArr;
    }

    @Override // java.security.KeyStoreSpi
    public Key engineGetKey(String str, char[] cArr) throws NoSuchAlgorithmException, UnrecoverableKeyException {
        SmartCardHSMCardService smartCardHSMCardService = this.provider.getSmartCardHSMCardService();
        if (cArr != null && cArr.length > 0) {
            byte[] byteArray = toByteArray(cArr);
            try {
                try {
                    if (!smartCardHSMCardService.verifyPassword((SecurityDomain) null, 0, byteArray)) {
                        log.error("Login failed. Wrong PIN?");
                        throw new UnrecoverableKeyException("User authentication failed");
                    }
                } catch (CardServiceException e) {
                    log.error(e.getLocalizedMessage(), e);
                    throw new ProviderException((Throwable) e);
                } catch (CardTerminalException e2) {
                    log.error(e2.getLocalizedMessage(), e2);
                    throw new ProviderException((Throwable) e2);
                }
            } finally {
                Arrays.fill(byteArray, (byte) 0);
            }
        }
        SmartCardHSMEntry smartCardHSMEntry = smartCardHSMCardService.getSmartCardHSMEntry(str);
        if (smartCardHSMEntry == null) {
            return null;
        }
        return smartCardHSMEntry.getKey();
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineIsCertificateEntry(String str) {
        SmartCardHSMEntry smartCardHSMEntry = this.provider.getSmartCardHSMCardService().getSmartCardHSMEntry(str);
        return (smartCardHSMEntry == null || smartCardHSMEntry.isEECertificate()) ? false : true;
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineIsKeyEntry(String str) {
        SmartCardHSMEntry smartCardHSMEntry = this.provider.getSmartCardHSMCardService().getSmartCardHSMEntry(str);
        if (smartCardHSMEntry == null) {
            return false;
        }
        return smartCardHSMEntry.isKeyEntry();
    }

    @Override // java.security.KeyStoreSpi
    public void engineLoad(InputStream inputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
        SmartCardHSMCardService smartCardHSMCardService = this.provider.getSmartCardHSMCardService();
        if (cArr != null) {
            byte[] byteArray = toByteArray(cArr);
            try {
                if (smartCardHSMCardService.verifyPassword((SecurityDomain) null, 0, byteArray)) {
                    return;
                }
                log.error("Login failed. Wrong PIN?");
                throw new IOException("Login failed. Wrong PIN?");
            } finally {
                Arrays.fill(byteArray, (byte) 0);
            }
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetCertificateEntry(String str, Certificate certificate) throws KeyStoreException {
        SmartCardHSMCardService smartCardHSMCardService = this.provider.getSmartCardHSMCardService();
        SmartCardHSMEntry smartCardHSMEntry = smartCardHSMCardService.getSmartCardHSMEntry(str);
        if (!this.provider.isVerified()) {
            throw new ProviderException("Login required.");
        }
        try {
            if (smartCardHSMEntry != null) {
                SmartCardHSMKey key = smartCardHSMEntry.getKey();
                if (key != null) {
                    CardFilePath cardFilePath = new CardFilePath(":CE" + HexString.hexify(key.getKeyRef()));
                    smartCardHSMCardService.delete(cardFilePath);
                    smartCardHSMCardService.write(cardFilePath, 0, certificate.getEncoded());
                    smartCardHSMCardService.addCertToMap(certificate, true, key.getKeyRef(), str);
                } else {
                    byte id = smartCardHSMEntry.getId();
                    CardFilePath cardFilePath2 = new CardFilePath(":CA" + HexString.hexify(id));
                    smartCardHSMCardService.delete(cardFilePath2);
                    smartCardHSMCardService.write(cardFilePath2, 0, certificate.getEncoded());
                    smartCardHSMCardService.addCertToMap(certificate, false, id, str);
                }
            } else {
                byte determineFreeCAId = smartCardHSMCardService.determineFreeCAId();
                if (determineFreeCAId == -1) {
                    throw new KeyStoreException("Storage limit for CA Certificates reached.");
                }
                smartCardHSMCardService.write(new CardFilePath(":CA" + HexString.hexify(determineFreeCAId)), 0, certificate.getEncoded());
                smartCardHSMCardService.write(new CardFilePath(":C8" + HexString.hexify(determineFreeCAId)), 0, CertificateDescription.buildCertDescription(str, certificate.getPublicKey(), new byte[]{-54, determineFreeCAId}));
                smartCardHSMCardService.addCertToMap(certificate, false, determineFreeCAId, str);
            }
        } catch (CertificateException e) {
            log.error(e.getLocalizedMessage(), e);
            throw new ProviderException(e);
        } catch (TLVEncodingException e2) {
            log.error(e2.getLocalizedMessage(), e2);
            throw new ProviderException((Throwable) e2);
        } catch (OpenCardException e3) {
            log.error(e3.getLocalizedMessage(), e3);
            throw new ProviderException((Throwable) e3);
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetKeyEntry(String str, byte[] bArr, Certificate[] certificateArr) throws KeyStoreException {
        throw new UnsupportedOperationException();
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetKeyEntry(String str, Key key, char[] cArr, Certificate[] certificateArr) throws KeyStoreException {
        SmartCardHSMKey smartCardHSMKey = (SmartCardHSMKey) key;
        SmartCardHSMCardService smartCardHSMCardService = this.provider.getSmartCardHSMCardService();
        if (!this.provider.isVerified()) {
            throw new ProviderException("Login required.");
        }
        String label = smartCardHSMKey.getLabel();
        smartCardHSMKey.setLabel(str);
        try {
            byte[] bArr = {smartCardHSMKey.getKeyRef()};
            smartCardHSMCardService.storePRKD(smartCardHSMKey.getKeyRef(), key instanceof SmartCardHSMRSAKey ? new KeyDescription(bArr, str, smartCardHSMKey.getKeySize(), KeyDescription.KeyTypes.RSA) : new KeyDescription(bArr, str, smartCardHSMKey.getKeySize(), KeyDescription.KeyTypes.EC));
            if (label != null) {
                smartCardHSMCardService.renameEntry(label, str);
            } else {
                smartCardHSMCardService.addKeyToMap(smartCardHSMKey);
            }
            if (certificateArr.length >= 1) {
                smartCardHSMCardService.write(new CardFilePath(":CE" + HexString.hexify(smartCardHSMKey.getKeyRef())), 0, certificateArr[0].getEncoded());
                smartCardHSMCardService.addCertToMap(certificateArr[0], true, smartCardHSMKey.getKeyRef(), str);
            }
        } catch (CertificateEncodingException e) {
            log.error(e.getLocalizedMessage(), e);
            throw new ProviderException(e);
        } catch (CardTerminalException e2) {
            log.error(e2.getLocalizedMessage(), e2);
            throw new ProviderException((Throwable) e2);
        } catch (CardServiceException e3) {
            log.error(e3.getLocalizedMessage(), e3);
            throw new ProviderException((Throwable) e3);
        }
    }

    @Override // java.security.KeyStoreSpi
    public int engineSize() {
        try {
            return this.provider.getSmartCardHSMCardService().getAliases().size();
        } catch (Exception e) {
            log.error(e.getLocalizedMessage(), e);
            return 0;
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineStore(OutputStream outputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
    }
}
