package com.hebca.crypto.imp.pkcs11;

import com.hebca.crypto.AsymCrypter;
import com.hebca.crypto.Cert;
import com.hebca.crypto.Container;
import com.hebca.crypto.Device;
import com.hebca.crypto.SKey;
import com.hebca.crypto.Signer;
import com.hebca.crypto.exception.AsymCryptException;
import com.hebca.crypto.exception.ConnectionException;
import com.hebca.crypto.exception.ContainerException;
import com.hebca.crypto.exception.DeviceException;
import com.hebca.crypto.exception.GenKeyPairException;
import com.hebca.crypto.exception.ImportCertException;
import com.hebca.crypto.exception.ImportKeyPairException;
import com.hebca.crypto.exception.KeyException;
import com.hebca.crypto.exception.LoginException;
import com.hebca.crypto.exception.SignException;
import com.hebca.crypto.exception.SymCryptException;
import com.hebca.crypto.imp.CertImp;
import com.hebca.crypto.imp.ContainerBase;
import com.longmai.security.plugin.util.DigestUtil;
import iaik.pkcs.pkcs11.Mechanism;
import iaik.pkcs.pkcs11.Session;
import iaik.pkcs.pkcs11.TokenException;
import iaik.pkcs.pkcs11.objects.ByteArrayAttribute;
import iaik.pkcs.pkcs11.objects.KeyPair;
import iaik.pkcs.pkcs11.objects.Object;
import iaik.pkcs.pkcs11.objects.PrivateKey;
import iaik.pkcs.pkcs11.objects.PublicKey;
import iaik.pkcs.pkcs11.objects.RSAPrivateKey;
import iaik.pkcs.pkcs11.objects.RSAPublicKey;
import iaik.pkcs.pkcs11.objects.X509PublicKeyCertificate;
import java.math.BigInteger;
import java.nio.ByteBuffer;
import java.security.KeyFactory;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.RSAPublicKeySpec;
import java.util.Date;
import java.util.Enumeration;
import org2.bouncycastle.asn1.ASN1Sequence;
import org2.bouncycastle.asn1.DERInteger;
import org2.bouncycastle.asn1.DEROctetString;
import org2.bouncycastle.asn1.pkcs.RSAPrivateKeyStructure;
import org2.bouncycastle.asn1.x509.AlgorithmIdentifier;

/* loaded from: classes2.dex */
public class ContainerPkcs11 extends ContainerBase {
    private static final int AT_KEYEXCHANGE = 1;
    private static final int AT_SIGNATURE = 2;
    private Cert cryptCert;
    private PrivateKey cryptPriKey;
    private PublicKey cryptPubKey;
    private X509PublicKeyCertificate cryptX509Cert;
    private Date d;
    private Cert signCert;
    private PrivateKey signPriKey;
    private PublicKey signPubKey;
    private X509PublicKeyCertificate signX509Cert;
    private String type;

    public ContainerPkcs11(DevicePkcs11 devicePkcs11) {
        super(devicePkcs11);
        this.d = new Date();
        this.type = Container.TYPE_RSA;
    }

    public ContainerPkcs11(DevicePkcs11 devicePkcs11, String str) {
        super(devicePkcs11);
        this.d = new Date();
        this.type = str;
    }

    private void createCertOnToken(boolean z, Cert cert) throws ImportCertException {
        Session session = ((DevicePkcs11) getDevice()).getSession();
        try {
            X509PublicKeyCertificate x509PublicKeyCertificate = new X509PublicKeyCertificate();
            x509PublicKeyCertificate.getToken().setBooleanValue(true);
            x509PublicKeyCertificate.getValue().setByteArrayValue(cert.getX509Certificate().getEncoded());
            x509PublicKeyCertificate.getSerialNumber().setByteArrayValue(cert.getX509Certificate().getSerialNumber().toByteArray());
            x509PublicKeyCertificate.getSubject().setByteArrayValue(cert.getX509Certificate().getSubjectX500Principal().getEncoded());
            x509PublicKeyCertificate.getLabel().setCharArrayValue("HebcaLabel".toCharArray());
            ByteBuffer allocate = ByteBuffer.allocate(8);
            allocate.putLong(this.d.getTime());
            byte[] array = allocate.array();
            if (z && getDevice().getProvider().getConfig().getName().equals("gx-sdkey")) {
                x509PublicKeyCertificate.getId().setByteArrayValue(intToByte(2));
            } else if (z || !getDevice().getProvider().getConfig().getName().equals("gx-sdkey")) {
                x509PublicKeyCertificate.getId().setByteArrayValue(array);
            } else {
                x509PublicKeyCertificate.getId().setByteArrayValue(intToByte(1));
            }
            if (z) {
                setSignX509Cert((X509PublicKeyCertificate) session.createObject(x509PublicKeyCertificate));
            } else {
                setCryptX509Cert((X509PublicKeyCertificate) session.createObject(x509PublicKeyCertificate));
            }
        } catch (Exception e) {
            throw new ImportCertException(e);
        }
    }

    private java.security.PublicKey createPubKey(byte[] bArr, byte[] bArr2) throws InvalidKeySpecException, NoSuchAlgorithmException {
        return KeyFactory.getInstance(Container.TYPE_RSA).generatePublic(new RSAPublicKeySpec(new BigInteger(1, bArr), new BigInteger(bArr2)));
    }

    private byte[] decryptWappedSymKey(byte[] bArr) throws AsymCryptException {
        try {
            Session session = ((DevicePkcs11) getDevice()).getSession();
            session.decryptInit(Mechanism.RSA_PKCS, getSignPriKey());
            return new AsymCrypterPkcs11(session, false).crypt(bArr);
        } catch (Exception e) {
            throw new AsymCryptException(e);
        }
    }

    private RSAPrivateKey findPrivateKeyByCert(X509PublicKeyCertificate x509PublicKeyCertificate) throws DeviceException {
        Session session = ((DevicePkcs11) getDevice()).getSession();
        try {
            try {
                RSAPrivateKey rSAPrivateKey = new RSAPrivateKey();
                ByteArrayAttribute id = x509PublicKeyCertificate.getId();
                if (id == null) {
                    try {
                        session.findObjectsFinal();
                        return null;
                    } catch (TokenException e) {
                        throw new DeviceException(e);
                    }
                }
                rSAPrivateKey.getId().setByteArrayValue(id.getByteArrayValue());
                session.findObjectsInit(rSAPrivateKey);
                Object[] findObjects = session.findObjects(128);
                if (findObjects == null || findObjects.length < 1) {
                    try {
                        session.findObjectsFinal();
                        return null;
                    } catch (TokenException e2) {
                        throw new DeviceException(e2);
                    }
                }
                RSAPrivateKey rSAPrivateKey2 = (RSAPrivateKey) findObjects[0];
                try {
                    session.findObjectsFinal();
                    return rSAPrivateKey2;
                } catch (TokenException e3) {
                    throw new DeviceException(e3);
                }
            } catch (TokenException e4) {
                throw new DeviceException(e4);
            }
        } catch (Throwable th) {
            try {
                session.findObjectsFinal();
                throw th;
            } catch (TokenException e5) {
                throw new DeviceException(e5);
            }
        }
    }

    private byte[] getCertId(Cert cert) throws NoSuchAlgorithmException {
        X509Certificate x509Certificate = cert.getX509Certificate();
        byte[] extensionValue = x509Certificate.getExtensionValue("1.2.5.29.14");
        if (extensionValue != null) {
            return extensionValue;
        }
        return MessageDigest.getInstance(DigestUtil.SHA1).digest(x509Certificate.getPublicKey().getEncoded());
    }

    private void updatePubKeyAndPriKeyId(boolean z, byte[] bArr) throws TokenException {
        Session session = ((DevicePkcs11) getDevice()).getSession();
        if (z) {
            if (this.signPubKey != null) {
                this.signPubKey.getId().setByteArrayValue(bArr);
                session.setAttributeValues(this.signPubKey, this.signPubKey);
            }
            if (this.signPriKey != null) {
                this.signPriKey.getId().setByteArrayValue(bArr);
                session.setAttributeValues(this.signPriKey, this.signPriKey);
                return;
            }
            return;
        }
        if (this.cryptPubKey != null) {
            this.cryptPubKey.getId().setByteArrayValue(bArr);
            session.setAttributeValues(this.cryptPubKey, this.cryptPubKey);
        }
        if (this.cryptPriKey != null) {
            this.cryptPriKey.getId().setByteArrayValue(bArr);
            session.setAttributeValues(this.cryptPriKey, this.cryptPriKey);
        }
    }

    @Override // com.hebca.crypto.imp.ContainerBase, com.hebca.crypto.Container
    public AsymCrypter createAsymCrypter(boolean z) throws AsymCryptException, LoginException, ConnectionException {
        if (!getDevice().isLogined()) {
            login();
        }
        try {
            Session session = ((DevicePkcs11) getDevice()).getSession();
            Mechanism mechanism = Mechanism.RSA_PKCS;
            if (z) {
                session.encryptInit(mechanism, getCryptPubKey());
            } else {
                session.decryptInit(mechanism, getCryptPriKey());
            }
            return new AsymCrypterPkcs11(session, z);
        } catch (Exception e) {
            throw new AsymCryptException(e);
        }
    }

    @Override // com.hebca.crypto.imp.ContainerBase, com.hebca.crypto.Container
    public Signer createSigner(String str) throws SignException, LoginException, ConnectionException {
        if (!getDevice().isLogined()) {
            login();
        }
        try {
            Session session = ((DevicePkcs11) getDevice()).getSession();
            session.signInit(Mechanism.SHA1_RSA_PKCS, getSignPriKey());
            return new SignerPkcs11(session);
        } catch (Exception e) {
            throw new SignException(e);
        }
    }

    @Override // com.hebca.crypto.imp.ContainerBase, com.hebca.crypto.Container
    public void generateKeyPair(int i) throws GenKeyPairException, LoginException, ConnectionException, ConnectionException {
        DevicePkcs11 devicePkcs11 = (DevicePkcs11) getDevice();
        if (!devicePkcs11.isLogined()) {
            login();
        }
        Session session = devicePkcs11.getSession();
        if (!getType().equals(Container.TYPE_RSA)) {
            throw new GenKeyPairException();
        }
        byte[] bytes = "123456".getBytes();
        this.d = new Date();
        ByteBuffer allocate = ByteBuffer.allocate(8);
        allocate.putLong(this.d.getTime());
        byte[] array = allocate.array();
        RSAPublicKey rSAPublicKey = new RSAPublicKey();
        rSAPublicKey.getModulusBits().setLongValue(new Long(i));
        rSAPublicKey.getToken().setBooleanValue(true);
        rSAPublicKey.getEncrypt().setBooleanValue(true);
        rSAPublicKey.getWrap().setBooleanValue(true);
        rSAPublicKey.getSubject().setByteArrayValue(bytes);
        if (getDevice().getProvider().getConfig().getName().equals("gx-sdkey")) {
            rSAPublicKey.getId().setByteArrayValue(intToByte(2));
            rSAPublicKey.getLabel().setCharArrayValue("HebcaLabel".toCharArray());
            rSAPublicKey.getVerify().setBooleanValue(true);
            rSAPublicKey.getVerifyRecover().setBooleanValue(true);
        } else {
            rSAPublicKey.getId().setByteArrayValue(array);
        }
        RSAPrivateKey rSAPrivateKey = new RSAPrivateKey();
        rSAPrivateKey.getPrivate().setBooleanValue(true);
        rSAPrivateKey.getToken().setBooleanValue(true);
        rSAPrivateKey.getSubject().setByteArrayValue(bytes);
        rSAPrivateKey.getDecrypt().setBooleanValue(true);
        rSAPrivateKey.getSensitive().setBooleanValue(true);
        rSAPrivateKey.getExtractable().setBooleanValue(true);
        rSAPrivateKey.getUnwrap().setBooleanValue(true);
        if (getDevice().getProvider().getConfig().getName().equals("gx-sdkey")) {
            rSAPrivateKey.getId().setByteArrayValue(intToByte(2));
            rSAPrivateKey.getLabel().setCharArrayValue("HebcaLabel".toCharArray());
            rSAPrivateKey.getSign().setBooleanValue(true);
            rSAPrivateKey.getSignRecover().setBooleanValue(true);
            rSAPrivateKey.getNeverExtractable().setBooleanValue(false);
        } else {
            rSAPrivateKey.getId().setByteArrayValue(array);
        }
        try {
            KeyPair generateKeyPair = session.generateKeyPair(Mechanism.RSA_PKCS_KEY_PAIR_GEN, rSAPublicKey, rSAPrivateKey);
            this.signPubKey = generateKeyPair.getPublicKey();
            this.signPriKey = generateKeyPair.getPrivateKey();
        } catch (Exception e) {
            throw new GenKeyPairException(e);
        }
    }

    @Override // com.hebca.crypto.imp.ContainerBase, com.hebca.crypto.Container
    public Cert getCert(boolean z) {
        if (z) {
            if (this.signCert == null) {
                return null;
            }
            return this.signCert;
        }
        if (this.cryptCert == null) {
            return null;
        }
        return this.cryptCert;
    }

    public String getContainerSubjectName() {
        return this.signCert != null ? this.signCert.getSubject() : this.cryptCert != null ? this.cryptCert.getSubject() : "";
    }

    public PrivateKey getCryptPriKey() throws DeviceException {
        if (this.cryptPriKey == null) {
            this.cryptPriKey = findPrivateKeyByCert(this.cryptX509Cert);
        }
        return this.cryptPriKey;
    }

    public PublicKey getCryptPubKey() {
        return this.cryptPubKey;
    }

    public X509PublicKeyCertificate getCryptX509Cert() {
        return this.cryptX509Cert;
    }

    @Override // com.hebca.crypto.imp.ContainerBase
    public byte[] getPubKey(boolean z) throws ContainerException {
        if (z) {
            if (this.signPubKey == null) {
                ContainerException containerException = new ContainerException();
                containerException.setDetailMessage("公钥不存在");
                throw containerException;
            }
            RSAPublicKey rSAPublicKey = (RSAPublicKey) this.signPubKey;
            try {
                return createPubKey(rSAPublicKey.getModulus().getByteArrayValue(), rSAPublicKey.getPublicExponent().getByteArrayValue()).getEncoded();
            } catch (Exception e) {
                throw new ContainerException(e);
            }
        }
        if (this.cryptPubKey == null) {
            ContainerException containerException2 = new ContainerException();
            containerException2.setDetailMessage("公钥不存在");
            throw containerException2;
        }
        RSAPublicKey rSAPublicKey2 = (RSAPublicKey) this.cryptPubKey;
        try {
            return createPubKey(rSAPublicKey2.getModulus().getByteArrayValue(), rSAPublicKey2.getPublicExponent().getByteArrayValue()).getEncoded();
        } catch (Exception e2) {
            throw new ContainerException(e2);
        }
    }

    public PrivateKey getSignPriKey() throws DeviceException {
        if (this.signPriKey == null) {
            this.signPriKey = findPrivateKeyByCert(this.signX509Cert);
        }
        return this.signPriKey;
    }

    public PublicKey getSignPubKey() {
        return this.signPubKey;
    }

    public X509PublicKeyCertificate getSignX509Cert() {
        return this.signX509Cert;
    }

    @Override // com.hebca.crypto.imp.ContainerBase, com.hebca.crypto.Container
    public String getType() {
        return this.type;
    }

    @Override // com.hebca.crypto.imp.ContainerBase
    public void importKeyPair(byte[] bArr, byte[] bArr2) throws ImportKeyPairException, LoginException {
        String type = getType();
        Session session = ((DevicePkcs11) getDevice()).getSession();
        this.d = new Date();
        ByteBuffer allocate = ByteBuffer.allocate(8);
        allocate.putLong(this.d.getTime());
        byte[] array = allocate.array();
        try {
            if (type.equals(Container.TYPE_RSA)) {
                Enumeration objects = ASN1Sequence.getInstance(bArr).getObjects();
                BigInteger value = ((DERInteger) objects.nextElement()).getValue();
                if (value.intValue() != 0 && value.intValue() != 1) {
                    throw new IllegalArgumentException("wrong version for RSA private key");
                }
                if (AlgorithmIdentifier.getInstance(objects.nextElement()).getAlgorithm().toString().equals("1.2.840.113549.1.1.1")) {
                    RSAPrivateKeyStructure rSAPrivateKeyStructure = new RSAPrivateKeyStructure(ASN1Sequence.getInstance(((DEROctetString) objects.nextElement()).getOctets()));
                    RSAPublicKey rSAPublicKey = new RSAPublicKey();
                    rSAPublicKey.getEncrypt().setBooleanValue(true);
                    rSAPublicKey.getToken().setBooleanValue(true);
                    rSAPublicKey.getPublicExponent().setByteArrayValue(rSAPrivateKeyStructure.getPublicExponent().toByteArray());
                    rSAPublicKey.getModulus().setByteArrayValue(rSAPrivateKeyStructure.getModulus().toByteArray());
                    if (getDevice().getProvider().getConfig().getName().equals("gx-sdkey")) {
                        rSAPublicKey.getId().setByteArrayValue(intToByte(1));
                        rSAPublicKey.getLabel().setCharArrayValue("HebcaLabel".toCharArray());
                    } else {
                        rSAPublicKey.getId().setByteArrayValue(array);
                    }
                    RSAPrivateKey rSAPrivateKey = new RSAPrivateKey();
                    rSAPrivateKey.getDecrypt().setBooleanValue(true);
                    rSAPrivateKey.getPrivate().setBooleanValue(true);
                    rSAPrivateKey.getToken().setBooleanValue(true);
                    rSAPrivateKey.getModifiable().setBooleanValue(false);
                    rSAPrivateKey.getModulus().setByteArrayValue(rSAPrivateKeyStructure.getModulus().toByteArray());
                    rSAPrivateKey.getPublicExponent().setByteArrayValue(rSAPrivateKeyStructure.getPublicExponent().toByteArray());
                    rSAPrivateKey.getPrivateExponent().setByteArrayValue(rSAPrivateKeyStructure.getPrivateExponent().toByteArray());
                    rSAPrivateKey.getPrime1().setByteArrayValue(rSAPrivateKeyStructure.getPrime1().toByteArray());
                    rSAPrivateKey.getPrime2().setByteArrayValue(rSAPrivateKeyStructure.getPrime2().toByteArray());
                    rSAPrivateKey.getExponent1().setByteArrayValue(rSAPrivateKeyStructure.getExponent1().toByteArray());
                    rSAPrivateKey.getExponent2().setByteArrayValue(rSAPrivateKeyStructure.getExponent2().toByteArray());
                    rSAPrivateKey.getCoefficient().setByteArrayValue(rSAPrivateKeyStructure.getCoefficient().toByteArray());
                    if (getDevice().getProvider().getConfig().getName().equals("gx-sdkey")) {
                        rSAPrivateKey.getId().setByteArrayValue(intToByte(1));
                        rSAPrivateKey.getLabel().setCharArrayValue("HebcaLabel".toCharArray());
                    } else {
                        rSAPrivateKey.getId().setByteArrayValue(array);
                    }
                    this.cryptPubKey = (PublicKey) session.createObject(rSAPublicKey);
                    this.cryptPriKey = (PrivateKey) session.createObject(rSAPrivateKey);
                }
            }
        } catch (Exception e) {
            throw new ImportKeyPairException(e);
        }
    }

    @Override // com.hebca.crypto.imp.ContainerBase
    public void importWappedKeyPair(String str, byte[] bArr, byte[] bArr2, byte[] bArr3) throws ImportKeyPairException, AsymCryptException, SymCryptException, LoginException, ConnectionException {
        if (!getDevice().isLogined()) {
            login();
        }
        Device device = getDevice();
        SKey sKey = null;
        try {
            try {
                try {
                    sKey = device.importKey("_tmp_importCert", str, decryptWappedSymKey(bArr));
                    importKeyPair(device.createSymCrypter(str, false, sKey).symCrypt(bArr2), bArr3);
                    if (sKey != null) {
                        try {
                            device.deleteKey(sKey);
                        } catch (Exception e) {
                        }
                    }
                } catch (Throwable th) {
                    if (sKey != null) {
                        try {
                            device.deleteKey(sKey);
                        } catch (Exception e2) {
                        }
                    }
                    throw th;
                }
            } catch (DeviceException e3) {
                throw new ImportKeyPairException(e3);
            }
        } catch (KeyException e4) {
            throw new ImportKeyPairException(e4);
        }
    }

    public byte[] intToByte(int i) {
        return new byte[]{(byte) (i & 255), (byte) ((65280 & i) >> 8), (byte) ((16711680 & i) >> 16), (byte) (((-16777216) & i) >> 24)};
    }

    @Override // com.hebca.crypto.imp.ContainerBase, com.hebca.crypto.Container
    public void setCert(boolean z, Cert cert) throws ImportCertException, LoginException, ConnectionException {
        DevicePkcs11 devicePkcs11 = (DevicePkcs11) getDevice();
        Session session = devicePkcs11.getSession();
        if (!devicePkcs11.isLogined()) {
            devicePkcs11.login();
        }
        try {
            if (z) {
                if (this.signX509Cert == null) {
                    createCertOnToken(z, cert);
                    return;
                }
                this.signX509Cert.getValue().setByteArrayValue(cert.getX509Certificate().getEncoded());
                this.signX509Cert.getSerialNumber().setByteArrayValue(cert.getX509Certificate().getSerialNumber().toByteArray());
                this.signX509Cert.getSubject().setByteArrayValue(cert.getX509Certificate().getSubjectX500Principal().getEncoded());
                ByteBuffer allocate = ByteBuffer.allocate(8);
                allocate.putLong(this.d.getTime());
                this.signX509Cert.getId().setByteArrayValue(getDevice().getProvider().getConfig().getName().equals("gx-sdkey") ? intToByte(2) : allocate.array());
                session.setAttributeValues(this.signX509Cert, this.signX509Cert);
                return;
            }
            if (this.cryptX509Cert == null) {
                createCertOnToken(z, cert);
                return;
            }
            this.cryptX509Cert.getValue().setByteArrayValue(cert.getX509Certificate().getEncoded());
            this.cryptX509Cert.getSerialNumber().setByteArrayValue(cert.getX509Certificate().getSerialNumber().toByteArray());
            this.cryptX509Cert.getSubject().setByteArrayValue(cert.getX509Certificate().getSubjectX500Principal().getEncoded());
            ByteBuffer allocate2 = ByteBuffer.allocate(8);
            allocate2.putLong(this.d.getTime());
            this.cryptX509Cert.getId().setByteArrayValue(getDevice().getProvider().getConfig().getName().equals("gx-sdkey") ? intToByte(1) : allocate2.array());
            session.setAttributeValues(this.cryptX509Cert, this.cryptX509Cert);
        } catch (Exception e) {
            throw new ImportCertException(e);
        }
    }

    public void setCryptPubKey(RSAPublicKey rSAPublicKey) {
        this.cryptPubKey = rSAPublicKey;
    }

    public void setCryptX509Cert(X509PublicKeyCertificate x509PublicKeyCertificate) {
        this.cryptX509Cert = x509PublicKeyCertificate;
        try {
            this.cryptCert = new CertImp(this, this.cryptX509Cert.getValue().getByteArrayValue());
        } catch (Exception e) {
        }
    }

    public void setSignPubKey(RSAPublicKey rSAPublicKey) {
        this.signPubKey = rSAPublicKey;
    }

    public void setSignX509Cert(X509PublicKeyCertificate x509PublicKeyCertificate) {
        this.signX509Cert = x509PublicKeyCertificate;
        try {
            this.signCert = new CertImp(this, this.signX509Cert.getValue().getByteArrayValue());
        } catch (Exception e) {
        }
    }

    @Override // com.hebca.crypto.imp.ContainerBase, com.hebca.crypto.Container
    public String[] supportSignAlgs() {
        return new String[]{"SHA1WithRSA"};
    }
}
