package org.cesecore.keys.token;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Provider;
import java.security.cert.CertificateException;
import java.security.spec.AlgorithmParameterSpec;
import java.util.Properties;
import javax.security.auth.DestroyFailedException;
import org.apache.commons.lang.StringUtils;
import org.apache.log4j.Logger;
import org.cesecore.internal.InternalResources;
import org.cesecore.keys.token.p11.P11Slot;
import org.cesecore.keys.token.p11.P11SlotUser;
import org.cesecore.keys.token.p11.Pkcs11SlotLabel;
import org.cesecore.keys.token.p11.Pkcs11SlotLabelType;
import org.cesecore.keys.token.p11.exception.NoSuchSlotException;
import org.cesecore.keys.util.KeyStoreTools;

/* loaded from: input_file:org/cesecore/keys/token/PKCS11CryptoToken.class */
public class PKCS11CryptoToken extends BaseCryptoToken implements P11SlotUser {
    private static final long serialVersionUID = 7719014139640717867L;
    private static final Logger log = Logger.getLogger(PKCS11CryptoToken.class);
    private static final InternalResources intres = InternalResources.getInstance();
    public static final String SLOT_LABEL_VALUE = "slotLabelValue";
    public static final String SLOT_LABEL_TYPE = "slotLabelType";
    public static final String SHLIB_LABEL_KEY = "sharedLibrary";
    public static final String ATTRIB_LABEL_KEY = "attributesFile";
    public static final String PASSWORD_LABEL_KEY = "pin";

    @Deprecated
    public static final String SLOT_LIST_INDEX_KEY = "slotListIndex";

    @Deprecated
    public static final String SLOT_LABEL_KEY = "slot";
    public static final String TOKEN_FRIENDLY_NAME = "tokenFriendlyName";
    private transient P11Slot p11slot;
    private String sSlotLabel = null;

    public PKCS11CryptoToken() throws InstantiationException {
        try {
            Thread.currentThread().getContextClassLoader().loadClass(Pkcs11SlotLabel.SUN_PKCS11_CLASS);
        } catch (ClassNotFoundException e) {
            throw new InstantiationException("PKCS11 provider class sun.security.pkcs11.SunPKCS11 not found.");
        }
    }

    @Override // org.cesecore.keys.token.CryptoToken
    public void init(Properties properties, byte[] bArr, int i) throws CryptoTokenOfflineException, NoSuchSlotException {
        setProperties(properties);
        init(properties, false, i);
        this.sSlotLabel = getSlotLabel(SLOT_LABEL_VALUE, properties);
        Pkcs11SlotLabelType fromKey = Pkcs11SlotLabelType.getFromKey(getSlotLabel(SLOT_LABEL_TYPE, properties));
        String property = properties.getProperty(SHLIB_LABEL_KEY);
        String property2 = properties.getProperty(ATTRIB_LABEL_KEY);
        String property3 = properties.getProperty(TOKEN_FRIENDLY_NAME);
        if (property3 != null) {
            this.p11slot = P11Slot.getInstance(property3, this.sSlotLabel, property, fromKey, property2, this, i);
        } else {
            this.p11slot = P11Slot.getInstance(this.sSlotLabel, property, fromKey, property2, this, i);
        }
        setJCAProvider(this.p11slot.getProvider());
    }

    @Override // org.cesecore.keys.token.p11.P11SlotUser
    public boolean isActive() {
        return getTokenStatus() == 1;
    }

    @Override // org.cesecore.keys.token.CryptoToken
    public void activate(char[] cArr) throws CryptoTokenOfflineException, CryptoTokenAuthenticationFailedException {
        if (this.p11slot == null) {
            throw new CryptoTokenOfflineException("Slot not initialized.");
        }
        try {
            setKeyStore(createKeyStore(cArr));
            log.info(intres.getLocalizedMessage("token.activated", Integer.valueOf(getId())));
        } catch (Throwable th) {
            log.warn("Failed to initialize PKCS11 provider slot '" + this.sSlotLabel + "'.", th);
            CryptoTokenAuthenticationFailedException cryptoTokenAuthenticationFailedException = new CryptoTokenAuthenticationFailedException("Failed to initialize PKCS11 provider slot '" + this.sSlotLabel + "'.");
            cryptoTokenAuthenticationFailedException.initCause(th);
            throw cryptoTokenAuthenticationFailedException;
        }
    }

    private KeyStore createKeyStore(char[] cArr) throws NoSuchAlgorithmException, CertificateException, UnsupportedEncodingException, IOException, KeyStoreException {
        KeyStore.PasswordProtection passwordProtection = new KeyStore.PasswordProtection(cArr);
        Provider provider = this.p11slot.getProvider();
        KeyStore keyStore = KeyStore.Builder.newInstance("PKCS11", provider, passwordProtection).getKeyStore();
        log.debug("Loading key from slot '" + this.sSlotLabel + "' using pin.");
        if (provider.getClass().getName().equals(Pkcs11SlotLabel.IAIK_PKCS11_CLASS)) {
            keyStore.load(new ByteArrayInputStream(getSignProviderName().getBytes("UTF-8")), cArr);
        } else {
            keyStore.load(null, null);
        }
        try {
            passwordProtection.destroy();
        } catch (DestroyFailedException e) {
            log.info("Detroy failed: ", e);
        }
        return keyStore;
    }

    @Override // org.cesecore.keys.token.CryptoToken
    public void deactivate() {
        setKeyStore(null);
        this.p11slot.logoutFromSlotIfNoTokensActive();
        log.info(intres.getLocalizedMessage("token.deactivate", Integer.valueOf(getId())));
    }

    @Override // org.cesecore.keys.token.BaseCryptoToken, org.cesecore.keys.token.CryptoToken
    public void reset() {
        if (this.p11slot != null) {
            this.p11slot.reset();
        }
    }

    @Override // org.cesecore.keys.token.CryptoToken
    public void deleteEntry(String str) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException, CryptoTokenOfflineException {
        if (!StringUtils.isNotEmpty(str)) {
            log.debug("Trying to delete keystore entry with empty alias.");
        } else {
            new KeyStoreTools(getKeyStore(), getSignProviderName()).deleteEntry(str);
            log.info(intres.getLocalizedMessage("token.deleteentry", str, Integer.valueOf(getId())));
        }
    }

    @Override // org.cesecore.keys.token.CryptoToken
    public void generateKeyPair(String str, String str2) throws InvalidAlgorithmParameterException, CryptoTokenOfflineException {
        if (StringUtils.isNotEmpty(str2)) {
            new KeyStoreTools(getKeyStore(), getSignProviderName()).generateKeyPair(str, str2);
        } else {
            log.debug("Trying to generate keys with empty alias.");
        }
    }

    @Override // org.cesecore.keys.token.CryptoToken
    public void generateKeyPair(AlgorithmParameterSpec algorithmParameterSpec, String str) throws InvalidAlgorithmParameterException, CertificateException, IOException, CryptoTokenOfflineException {
        if (StringUtils.isNotEmpty(str)) {
            new KeyStoreTools(getKeyStore(), getSignProviderName()).generateKeyPair(algorithmParameterSpec, str);
        } else {
            log.debug("Trying to generate keys with empty alias.");
        }
    }

    @Override // org.cesecore.keys.token.CryptoToken
    public void generateKey(String str, int i, String str2) throws NoSuchAlgorithmException, NoSuchProviderException, KeyStoreException, CryptoTokenOfflineException {
        if (log.isDebugEnabled()) {
            log.debug("Generate key, " + str + ", " + i + ", " + str2);
        }
        if (StringUtils.isNotEmpty(str2)) {
            new KeyStoreTools(getKeyStore(), getSignProviderName()).generateKey(str, i, str2);
        } else {
            log.debug("Trying to generate keys with empty alias.");
        }
    }

    @Override // org.cesecore.keys.token.CryptoToken
    public byte[] getTokenData() {
        return null;
    }

    protected P11Slot getP11slot() {
        return this.p11slot;
    }

    private static String getSlotLabel(String str, Properties properties) {
        String str2 = null;
        if (str != null && properties != null) {
            str2 = properties.getProperty(str);
            if (str2 != null) {
                str2 = str2.trim();
            }
        }
        return str2;
    }

    @Deprecated
    public static Properties upgradePropertiesFileFrom5_0_x(Properties properties) {
        Properties properties2 = new Properties();
        for (Object obj : properties.keySet()) {
            String str = (String) obj;
            if (str.equals(SLOT_LABEL_KEY)) {
                String property = properties.getProperty(str);
                if (Pkcs11SlotLabelType.SLOT_NUMBER.validate(property)) {
                    properties2.setProperty(SLOT_LABEL_VALUE, property);
                    properties2.setProperty(SLOT_LABEL_TYPE, Pkcs11SlotLabelType.SLOT_NUMBER.getKey());
                } else if (property.startsWith("SLOT_ID:")) {
                    properties2.setProperty(SLOT_LABEL_VALUE, property.split(":", 2)[1]);
                    properties2.setProperty(SLOT_LABEL_TYPE, Pkcs11SlotLabelType.SLOT_NUMBER.getKey());
                } else if (property.startsWith("SLOT_LIST_IX:")) {
                    properties2.setProperty(SLOT_LABEL_VALUE, property.split(":", 2)[1]);
                    properties2.setProperty(SLOT_LABEL_TYPE, Pkcs11SlotLabelType.SLOT_INDEX.getKey());
                } else if (property.startsWith("TOKEN_LABEL:")) {
                    properties2.setProperty(SLOT_LABEL_VALUE, property.split(":", 2)[1]);
                    properties2.setProperty(SLOT_LABEL_TYPE, Pkcs11SlotLabelType.SLOT_LABEL.getKey());
                } else if (property.startsWith("SUN_FILE:")) {
                    properties2.setProperty(SLOT_LABEL_TYPE, Pkcs11SlotLabelType.SUN_FILE.getKey());
                }
            } else if (((String) obj).equals(SLOT_LIST_INDEX_KEY)) {
                String property2 = properties.getProperty(str);
                if (property2.charAt(0) != 'i') {
                    property2 = "i" + property2;
                }
                properties2.setProperty(SLOT_LABEL_VALUE, property2);
                properties2.setProperty(SLOT_LABEL_TYPE, Pkcs11SlotLabelType.SLOT_INDEX.getKey());
            } else {
                properties2.setProperty(str, properties.getProperty(str));
            }
        }
        return properties2;
    }

    @Override // org.cesecore.keys.token.BaseCryptoToken
    public boolean permitExtractablePrivateKeyForTest() {
        return doPermitExtractablePrivateKey();
    }
}
