package ee.sk.digidoc.factory;

import ee.sk.digidoc.DigiDocException;
import ee.sk.digidoc.TokenKeyInfo;
import ee.sk.utils.ConfigManager;
import ee.sk.utils.ConvertUtils;
import java.io.FileInputStream;
import java.security.Key;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.Security;
import java.security.Signature;
import java.security.cert.X509Certificate;
import java.security.interfaces.ECPrivateKey;
import java.util.Enumeration;
import java.util.Vector;
import javax.crypto.Cipher;
import org.apache.log4j.Logger;

/* loaded from: input_file:ee/sk/digidoc/factory/Pkcs12SignatureFactory.class */
public class Pkcs12SignatureFactory implements SignatureFactory {
    private KeyStore m_keyStore;
    private static Logger m_logger = Logger.getLogger(Pkcs12SignatureFactory.class);
    private Provider m_secProvider;

    @Override // ee.sk.digidoc.factory.SignatureFactory
    public void init() throws DigiDocException {
        initProvider();
        if (this.m_keyStore == null) {
            ConfigManager instance = ConfigManager.instance();
            String property = instance.getProperty("DIGIDOC_KEYSTORE_FILE");
            String property2 = instance.getProperty("DIGIDOC_KEYSTORE_TYPE");
            String property3 = instance.getProperty("DIGIDOC_KEYSTORE_PASSWD");
            if (property == null || property2 == null || property3 == null) {
                return;
            }
            load(property, property2, property3);
        }
    }

    public boolean load(String str, String str2, String str3) throws DigiDocException {
        FileInputStream fileInputStream = null;
        try {
            try {
                if (m_logger.isDebugEnabled()) {
                    m_logger.debug("Load store: " + str + " type: " + str2);
                }
                this.m_keyStore = KeyStore.getInstance(str2);
                if (this.m_keyStore == null) {
                    if (0 == 0) {
                        return false;
                    }
                    try {
                        fileInputStream.close();
                        return false;
                    } catch (Exception e) {
                        m_logger.error("Error closing pkcs12: " + str + " - " + e);
                        return false;
                    }
                }
                KeyStore keyStore = this.m_keyStore;
                FileInputStream fileInputStream2 = new FileInputStream(str);
                fileInputStream = fileInputStream2;
                keyStore.load(fileInputStream2, str3.toCharArray());
                if (fileInputStream != null) {
                    try {
                        fileInputStream.close();
                    } catch (Exception e2) {
                        m_logger.error("Error closing pkcs12: " + str + " - " + e2);
                    }
                }
                return true;
            } catch (Throwable th) {
                if (fileInputStream != null) {
                    try {
                        fileInputStream.close();
                    } catch (Exception e3) {
                        m_logger.error("Error closing pkcs12: " + str + " - " + e3);
                    }
                }
                throw th;
            }
        } catch (Exception e4) {
            m_logger.error("Error loading store: " + str + " - " + e4);
            if (fileInputStream == null) {
                return false;
            }
            try {
                fileInputStream.close();
                return false;
            } catch (Exception e5) {
                m_logger.error("Error closing pkcs12: " + str + " - " + e5);
                return false;
            }
        }
    }

    private void initProvider() throws DigiDocException {
        try {
            this.m_secProvider = (Provider) Class.forName(ConfigManager.instance().getProperty("DIGIDOC_SECURITY_PROVIDER")).newInstance();
            Security.addProvider(this.m_secProvider);
        } catch (Exception e) {
            this.m_secProvider = null;
            DigiDocException.handleException(e, 58);
        }
    }

    @Override // ee.sk.digidoc.factory.SignatureFactory
    public TokenKeyInfo[] getTokenKeys() throws DigiDocException {
        return null;
    }

    @Override // ee.sk.digidoc.factory.SignatureFactory
    public TokenKeyInfo[] getTokensOfType(boolean z) {
        return null;
    }

    @Override // ee.sk.digidoc.factory.SignatureFactory
    public String[] getAvailableTokenNames() throws DigiDocException {
        Vector vector = new Vector();
        try {
            if (this.m_keyStore != null) {
                Enumeration<String> aliases = this.m_keyStore.aliases();
                while (aliases.hasMoreElements()) {
                    vector.add(aliases.nextElement());
                }
            }
        } catch (Exception e) {
            m_logger.error("Error reading store aliases: " + e);
        }
        String[] strArr = new String[vector.size()];
        for (int i = 0; vector != null && i < vector.size(); i++) {
            strArr[i] = (String) vector.elementAt(i);
        }
        return strArr;
    }

    private String getTokenName(int i) {
        try {
            if (this.m_keyStore != null) {
                Enumeration<String> aliases = this.m_keyStore.aliases();
                int i2 = 0;
                while (aliases.hasMoreElements()) {
                    String nextElement = aliases.nextElement();
                    if (i2 == i) {
                        return nextElement;
                    }
                    i2++;
                }
            }
            return null;
        } catch (Exception e) {
            m_logger.error("Error reading store aliases: " + e);
            return null;
        }
    }

    public static Signature sigMeth2SigSignatureInstance(ee.sk.digidoc.Signature signature, Key key) throws DigiDocException {
        Signature signature2 = null;
        String str = null;
        if (signature != null) {
            try {
                if (signature.getSignedInfo() != null && signature.getSignedInfo().getSignatureMethod() != null) {
                    str = signature.getSignedInfo().getSignatureMethod();
                }
            } catch (Exception e) {
                m_logger.error("Error constructing signature instance: " + e);
            }
        }
        ConfigManager.instance();
        String sigMeth2SigType = ConfigManager.sigMeth2SigType(str, true);
        if (m_logger.isDebugEnabled()) {
            m_logger.debug("Key: " + (key != null ? "OK, algorithm: " + key.getAlgorithm() : "NULL") + " method: " + str + " type: " + sigMeth2SigType);
        }
        if (sigMeth2SigType == null) {
            throw new DigiDocException(24, "SignatureMethod not specified!", null);
        }
        signature2 = Signature.getInstance(sigMeth2SigType, ConfigManager.addProvider());
        return signature2;
    }

    private boolean isCvcEcKey(ee.sk.digidoc.Signature signature) {
        String signatureMethod = signature.getSignedInfo().getSignatureMethod();
        ConfigManager.instance();
        return ConfigManager.isEcdsaCvcAlgorithm(ConfigManager.sigMeth2SigType(signatureMethod, true));
    }

    @Override // ee.sk.digidoc.factory.SignatureFactory
    public byte[] sign(byte[] bArr, int i, String str, ee.sk.digidoc.Signature signature) throws DigiDocException {
        try {
            if (this.m_keyStore == null) {
                throw new DigiDocException(16, "Keystore not initialized", null);
            }
            String tokenName = getTokenName(i);
            if (tokenName == null) {
                throw new DigiDocException(60, "Invalid token nr: " + i, null);
            }
            if (m_logger.isDebugEnabled()) {
                m_logger.debug("loading key: " + tokenName + " passwd-len: " + (str != null ? str.length() : 0));
            }
            Key key = this.m_keyStore.getKey(tokenName, str.toCharArray());
            if (m_logger.isDebugEnabled()) {
                m_logger.debug("Key: " + (key != null ? "OK, algorithm: " + key.getAlgorithm() : "NULL"));
            }
            if (key == null) {
                throw new DigiDocException(60, "Invalid password for token nr: " + i, null);
            }
            String str2 = null;
            if (signature != null && signature.getSignedInfo() != null && signature.getSignedInfo().getSignatureMethod() != null) {
                str2 = signature.getSignedInfo().getSignatureMethod();
            }
            if (m_logger.isDebugEnabled()) {
                m_logger.debug("Signing\n---\n" + new String(bArr) + "\n---\n method: " + str2);
            }
            Signature sigMeth2SigSignatureInstance = sigMeth2SigSignatureInstance(signature, key);
            if (m_logger.isDebugEnabled()) {
                m_logger.debug("Signature instance: " + (sigMeth2SigSignatureInstance != null ? "OK" : "NULL"));
            }
            sigMeth2SigSignatureInstance.initSign((PrivateKey) key);
            sigMeth2SigSignatureInstance.update(bArr);
            byte[] sign = sigMeth2SigSignatureInstance.sign();
            boolean isCvcEcKey = isCvcEcKey(signature);
            if (m_logger.isDebugEnabled()) {
                m_logger.debug("Signature algorithm: " + key.getAlgorithm() + " siglen: " + sign.length + " ec-key: " + isCvcEcKey);
            }
            if (isCvcEcKey) {
                int ceil = ((int) Math.ceil(((ECPrivateKey) key).getParams().getCurve().getField().getFieldSize() / 8.0d)) * 2;
                int length = sign.length;
                if (m_logger.isDebugEnabled()) {
                    m_logger.debug("EC Signature length: " + length + " required: " + ceil);
                }
                if (length < ceil) {
                    if (m_logger.isDebugEnabled()) {
                        m_logger.debug("Padding EC signature length: " + length + " to required: " + ceil);
                    }
                    byte[] bArr2 = new byte[ceil];
                    System.arraycopy(sign, 0, bArr2, (ceil - length) / 2, length / 2);
                    System.arraycopy(sign, length / 2, bArr2, (ceil / 2) + ((ceil - length) / 2), length / 2);
                    sign = bArr2;
                }
            }
            if (m_logger.isDebugEnabled() && sign != null) {
                m_logger.debug("Signature len: " + sign.length + "\n---\n sig: " + ConvertUtils.bin2hex(sign));
            }
            return sign;
        } catch (DigiDocException e) {
            m_logger.error("DigiDoc Error signing: " + e);
            throw e;
        } catch (Exception e2) {
            m_logger.error("Error signing: " + e2);
            return null;
        }
    }

    @Override // ee.sk.digidoc.factory.SignatureFactory
    public X509Certificate getCertificate(int i, String str) throws DigiDocException {
        if (this.m_keyStore == null) {
            throw new DigiDocException(16, "Keystore not initialized", null);
        }
        String tokenName = getTokenName(i);
        if (tokenName == null) {
            throw new DigiDocException(60, "Invalid token nr: " + i, null);
        }
        try {
            return (X509Certificate) this.m_keyStore.getCertificate(tokenName);
        } catch (Exception e) {
            m_logger.error("Error reading cert for alias: " + tokenName + " - " + e);
            return null;
        }
    }

    @Override // ee.sk.digidoc.factory.SignatureFactory
    public X509Certificate getAuthCertificate(int i, String str) throws DigiDocException {
        return getCertificate(i, str);
    }

    @Override // ee.sk.digidoc.factory.SignatureFactory
    public void reset() throws DigiDocException {
        this.m_keyStore = null;
    }

    @Override // ee.sk.digidoc.factory.SignatureFactory
    public void closeSession() throws DigiDocException {
        reset();
    }

    @Override // ee.sk.digidoc.factory.SignatureFactory
    public byte[] decrypt(byte[] bArr, int i, String str) throws DigiDocException {
        try {
            if (this.m_keyStore == null) {
                throw new DigiDocException(16, "Keystore not initialized", null);
            }
            String tokenName = getTokenName(i);
            if (tokenName == null) {
                throw new DigiDocException(60, "Invalid token nr: " + i, null);
            }
            if (m_logger.isDebugEnabled()) {
                m_logger.debug("loading key: " + tokenName + " passwd-len: " + (str != null ? str.length() : 0));
            }
            Key key = this.m_keyStore.getKey(tokenName, str.toCharArray());
            if (m_logger.isDebugEnabled()) {
                m_logger.debug("Key: " + (key != null ? "OK, algorithm: " + key.getAlgorithm() : "NULL"));
            }
            if (key == null) {
                throw new DigiDocException(60, "Invalid password for token: " + tokenName, null);
            }
            Cipher cipher = Cipher.getInstance("RSA");
            cipher.init(2, key);
            byte[] doFinal = cipher.doFinal(bArr);
            if (m_logger.isDebugEnabled()) {
                m_logger.debug("Decrypted len: " + (doFinal != null ? doFinal.length : 0));
            }
            return doFinal;
        } catch (Exception e) {
            m_logger.error("Error decrypting: " + e);
            return null;
        }
    }

    @Override // ee.sk.digidoc.factory.SignatureFactory
    public String getType() {
        return SignatureFactory.SIGFAC_TYPE_PKCS12;
    }
}
