package pl.unizeto.android.cryptoapi.keystore;

import iaik.cms.SecurityProvider;
import iaik.pkcs.pkcs11.TokenException;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.KeyStoreSpi;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.NoSuchElementException;
import java.util.Set;
import org.apache.commons.io.FilenameUtils;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import pl.unizeto.android.commons.lang.exception.FaultUtils;
import pl.unizeto.android.cryptoapi.pkcs11.CertificateEntry;
import pl.unizeto.android.cryptoapi.pkcs11.MultiDriverUniPkcs11;
import pl.unizeto.android.cryptoapi.pkcs11.Pkcs11Utils;
import pl.unizeto.android.cryptoapi.provider.UniSecurityProvider;
import pl.unizeto.android.cryptoapi.util.cert.CertificateInfoUtil;

/* loaded from: classes.dex */
public class FileAndPkcs11KeyStoreSpi extends KeyStoreSpi {
    private static final Logger log = LoggerFactory.getLogger(FileAndPkcs11KeyStoreSpi.class.getSimpleName());
    private MultiDriverUniPkcs11 pkcs11;
    private List<CertificateEntry> cardCertificates = new ArrayList();
    private List<CertificateEntry> fileKeystoreCertificates = new ArrayList();
    private Set<CertificateEntry> allCerts = new HashSet();
    private boolean fileKeyStoreEnabled = false;
    private boolean pkcs11Enabled = false;
    private List<String> pkcs11DriversList = new ArrayList();
    private List<String> fileKeyStoreList = new ArrayList();
    protected Map<String, KeyStore> fileKeyStoreCache = new LinkedHashMap();

    public FileAndPkcs11KeyStoreSpi(String[] strArr, String[] strArr2) {
        if (strArr != null) {
            this.fileKeyStoreList.addAll(Arrays.asList(strArr));
        }
        if (strArr2 != null) {
            this.pkcs11DriversList.addAll(Arrays.asList(strArr2));
        }
        if (!(SecurityProvider.getSecurityProvider() instanceof UniSecurityProvider)) {
            SecurityProvider.setSecurityProvider(new UniSecurityProvider());
        }
        setFileKeyStoreEnabled(!this.fileKeyStoreList.isEmpty());
        setPkcs11Enabled(this.pkcs11DriversList.isEmpty() ? false : true);
    }

    private void deinitializeFileKeystore() {
        if (this.fileKeyStoreEnabled) {
            this.fileKeyStoreCache.clear();
            this.fileKeyStoreEnabled = false;
        }
    }

    private void deinitializePKCS11() {
        if (this.pkcs11Enabled) {
            this.pkcs11.finalize(null);
            this.pkcs11 = null;
            this.pkcs11Enabled = false;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public String getCertificateAliasName(X509Certificate x509Certificate) {
        return CertificateInfoUtil.getSubjectAndSerialNumberString(x509Certificate);
    }

    private void initializeFileKeystore() {
        File file;
        String extension;
        FileInputStream fileInputStream;
        KeyStore keyStore;
        if (this.fileKeyStoreEnabled ? false : true) {
            try {
                for (String str : this.fileKeyStoreList) {
                    log.debug("Inicjowanie magazynu {}", str);
                    FileInputStream fileInputStream2 = null;
                    try {
                        file = new File(str);
                        extension = FilenameUtils.getExtension(file.getName());
                        fileInputStream = new FileInputStream(file);
                    } catch (Throwable th) {
                        th = th;
                    }
                    try {
                        if ("BKS".equalsIgnoreCase(extension)) {
                            log.debug("Inicjowanie magazynu BKS: {}", file.getName());
                            keyStore = KeyStore.getInstance("BKS");
                        } else {
                            log.debug("Inicjowanie magazynu PKCS12: {}", file.getName());
                            keyStore = KeyStore.getInstance("PKCS12");
                        }
                        keyStore.load(fileInputStream, null);
                        this.fileKeyStoreCache.put(str, keyStore);
                        IOUtils.closeQuietly((InputStream) fileInputStream);
                    } catch (Throwable th2) {
                        th = th2;
                        fileInputStream2 = fileInputStream;
                        IOUtils.closeQuietly((InputStream) fileInputStream2);
                        throw th;
                    }
                }
                this.fileKeyStoreEnabled = true;
            } catch (KeyStoreException e) {
                log.error("Nie mozna wczytac certyfikatow z magazynu", (Throwable) e);
            } catch (NoSuchAlgorithmException e2) {
                log.error("Nie mozna odnalezc wymaganych algorytmow", (Throwable) e2);
            } catch (CertificateException e3) {
                log.error("Nie mozna wczytac certyfikatow", (Throwable) e3);
            } catch (Exception e4) {
                log.error("", (Throwable) e4);
            }
        }
    }

    private void initializePKCS11() {
        if (!this.pkcs11Enabled) {
            this.pkcs11 = new MultiDriverUniPkcs11((String[]) Pkcs11Utils.getOnlyExistingDrivers(this.pkcs11DriversList).toArray(new String[0]));
            this.pkcs11.setCachePkcs11Instances(true);
            this.pkcs11Enabled = true;
        }
    }

    @Override // java.security.KeyStoreSpi
    public Enumeration<String> engineAliases() {
        final CertificateEntry[] certificateEntryArr = (CertificateEntry[]) this.allCerts.toArray(new CertificateEntry[0]);
        return new Enumeration<String>() { // from class: pl.unizeto.android.cryptoapi.keystore.FileAndPkcs11KeyStoreSpi.1
            int count = 0;

            @Override // java.util.Enumeration
            public boolean hasMoreElements() {
                return this.count < FileAndPkcs11KeyStoreSpi.this.allCerts.size();
            }

            @Override // java.util.Enumeration
            public String nextElement() {
                synchronized (FileAndPkcs11KeyStoreSpi.this) {
                    if (this.count >= FileAndPkcs11KeyStoreSpi.this.allCerts.size()) {
                        throw new NoSuchElementException("WindowsAndPkcs11KeyStoreSpi enumeration");
                    }
                    FileAndPkcs11KeyStoreSpi fileAndPkcs11KeyStoreSpi = FileAndPkcs11KeyStoreSpi.this;
                    CertificateEntry[] certificateEntryArr2 = certificateEntryArr;
                    int i = this.count;
                    this.count = i + 1;
                    return fileAndPkcs11KeyStoreSpi.getCertificateAliasName(certificateEntryArr2[i].getCertificate());
                }
            }
        };
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineContainsAlias(String str) {
        return false;
    }

    @Override // java.security.KeyStoreSpi
    public void engineDeleteEntry(String str) throws KeyStoreException {
    }

    @Override // java.security.KeyStoreSpi
    public Certificate engineGetCertificate(String str) {
        for (CertificateEntry certificateEntry : this.allCerts) {
            if (getCertificateAliasName(certificateEntry.getCertificate()).equalsIgnoreCase(str)) {
                return certificateEntry.getCertificate();
            }
        }
        return null;
    }

    @Override // java.security.KeyStoreSpi
    public String engineGetCertificateAlias(Certificate certificate) {
        for (CertificateEntry certificateEntry : this.allCerts) {
            if (certificateEntry.getCertificate().equals(certificate)) {
                return getCertificateAliasName(certificateEntry.getCertificate());
            }
        }
        return null;
    }

    @Override // java.security.KeyStoreSpi
    public Certificate[] engineGetCertificateChain(String str) {
        return null;
    }

    @Override // java.security.KeyStoreSpi
    public Date engineGetCreationDate(String str) {
        return null;
    }

    @Override // java.security.KeyStoreSpi
    public Key engineGetKey(String str, char[] cArr) throws NoSuchAlgorithmException, UnrecoverableKeyException {
        try {
            return getPrivateKey(new CertificateEntry((X509Certificate) engineGetCertificate(str), null), cArr);
        } catch (Exception e) {
            throw new UnrecoverableKeyException(FaultUtils.getFaultString(e));
        }
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineIsCertificateEntry(String str) {
        return false;
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineIsKeyEntry(String str) {
        return false;
    }

    @Override // java.security.KeyStoreSpi
    public void engineLoad(InputStream inputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
        log.debug("Pobieranie certyfikatow");
        this.cardCertificates.clear();
        if (this.pkcs11Enabled) {
            try {
                log.debug("Pobieranie certyfikatów z kart...");
                this.cardCertificates.addAll(this.pkcs11.getCertificatesExt());
                if (log.isDebugEnabled()) {
                    Iterator<CertificateEntry> it = this.cardCertificates.iterator();
                    while (it.hasNext()) {
                        log.debug(it.next().getCertificate().getSubjectDN().toString());
                    }
                }
                log.debug("Pobrano " + this.cardCertificates.size() + " certyfikatow z kart");
            } catch (TokenException e) {
                log.error("Błąd podczas pobierania certyfikatów z kart", (Throwable) e);
                throw new IOException(e.getMessage());
            }
        }
        this.fileKeystoreCertificates.clear();
        if (this.fileKeyStoreEnabled) {
            try {
                for (String str : this.fileKeyStoreCache.keySet()) {
                    KeyStore keyStore = this.fileKeyStoreCache.get(str);
                    log.debug("Pobieranie certyfikatów z magazynu plikowego {}", str);
                    Enumeration<String> aliases = keyStore.aliases();
                    while (aliases.hasMoreElements()) {
                        Certificate certificate = keyStore.getCertificate(aliases.nextElement());
                        if (certificate instanceof X509Certificate) {
                            this.fileKeystoreCertificates.add(new CertificateEntry((X509Certificate) certificate, null));
                        }
                    }
                }
                if (log.isDebugEnabled()) {
                    Iterator<CertificateEntry> it2 = this.fileKeystoreCertificates.iterator();
                    while (it2.hasNext()) {
                        log.debug(it2.next().getCertificate().getSubjectDN().toString());
                    }
                }
                log.debug("Pobrano " + this.fileKeystoreCertificates.size() + " certyfikatow z magazynów plikowych");
            } catch (Exception e2) {
                log.error("Błąd podczas pobierania certyfikatów z magazynów plikowych", (Throwable) e2);
            }
        }
        this.allCerts.clear();
        this.allCerts.addAll(this.cardCertificates);
        this.allCerts.addAll(this.fileKeystoreCertificates);
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetCertificateEntry(String str, Certificate certificate) throws KeyStoreException {
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetKeyEntry(String str, Key key, char[] cArr, Certificate[] certificateArr) throws KeyStoreException {
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetKeyEntry(String str, byte[] bArr, Certificate[] certificateArr) throws KeyStoreException {
    }

    @Override // java.security.KeyStoreSpi
    public int engineSize() {
        return this.allCerts.size();
    }

    @Override // java.security.KeyStoreSpi
    public void engineStore(OutputStream outputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
        logout();
    }

    @Override // java.security.KeyStoreSpi
    public void engineStore(KeyStore.LoadStoreParameter loadStoreParameter) throws IOException, NoSuchAlgorithmException, CertificateException {
        logout();
    }

    public Collection<CertificateEntry> getCertificates() throws CertificateException, TokenException, IOException {
        Set<CertificateEntry> set;
        synchronized (FileAndPkcs11KeyStoreSpi.class) {
            set = this.allCerts;
        }
        return set;
    }

    public PrivateKey getPrivateKey(X509Certificate x509Certificate, char[] cArr) throws Exception {
        return getPrivateKey(new CertificateEntry(x509Certificate, null), cArr);
    }

    public PrivateKey getPrivateKey(CertificateEntry certificateEntry, char[] cArr) throws Exception {
        synchronized (FileAndPkcs11KeyStoreSpi.class) {
            log.info("Pobieranie referencji do klucza prywatnego dla certyfikatu " + certificateEntry.getCertificate().getSubjectDN().toString());
            PrivateKey privateKey = null;
            boolean contains = this.pkcs11Enabled ? this.cardCertificates.contains(certificateEntry) : false;
            boolean contains2 = this.fileKeyStoreEnabled ? this.fileKeystoreCertificates.contains(certificateEntry) : false;
            if (contains) {
                log.debug("Pobieranie referencji do klucza prywatnego z karty");
                privateKey = this.pkcs11.getPrivateKey(certificateEntry.getCertificate(), cArr);
            } else if (contains2) {
                log.debug("Pobieranie referencji do klucza prywatnego z plikowego magazynu");
                Iterator<String> it = this.fileKeyStoreCache.keySet().iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    String next = it.next();
                    KeyStore keyStore = this.fileKeyStoreCache.get(next);
                    log.debug("Pobieranie certyfikatów z magazynu {}", next);
                    String certificateAlias = keyStore.getCertificateAlias(certificateEntry.getCertificate());
                    if (StringUtils.isNotBlank(certificateAlias)) {
                        Key key = keyStore.getKey(certificateAlias, cArr);
                        if (key instanceof PrivateKey) {
                            privateKey = (PrivateKey) key;
                            break;
                        }
                    }
                }
            } else {
                log.error("Certyfikat nie został odnaleziony w magazynach" + certificateEntry.getCertificate());
            }
            if (privateKey != null) {
                return privateKey;
            }
            log.debug("Klucz prywatny skojarzony z tym certyfikatem nie został odnaleziony: " + certificateEntry.getCertificate());
            return null;
        }
    }

    public boolean isFileKeyStoreEnabled() {
        return this.fileKeyStoreEnabled;
    }

    public boolean isPkcs11Enabled() {
        return this.pkcs11Enabled;
    }

    public void logout() {
        setFileKeyStoreEnabled(false);
        setPkcs11Enabled(false);
    }

    public void setFileKeyStoreEnabled(boolean z) {
        if (z) {
            initializeFileKeystore();
        } else {
            deinitializeFileKeystore();
        }
    }

    public void setPkcs11Enabled(boolean z) {
        if (z) {
            initializePKCS11();
        } else {
            deinitializePKCS11();
        }
    }
}
