package es.mityc.javasign.pkstore.mozilla;

import es.mityc.javasign.i18n.I18nFactory;
import es.mityc.javasign.i18n.II18nManager;
import es.mityc.javasign.pkstore.CertStoreException;
import es.mityc.javasign.pkstore.ConstantsCert;
import es.mityc.javasign.pkstore.IPKStoreManager;
import es.mityc.javasign.pkstore.mozilla.IPINDialogConfigurable;
import es.mityc.javasign.pkstore.mozilla.MozillaStoreUtils;
import java.security.GeneralSecurityException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.cert.CertPath;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.List;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.mozilla.jss.CertDatabaseException;
import org.mozilla.jss.CryptoManager;
import org.mozilla.jss.JSSProvider;
import org.mozilla.jss.KeyDatabaseException;
import org.mozilla.jss.asn1.INTEGER;
import org.mozilla.jss.crypto.AlreadyInitializedException;
import org.mozilla.jss.crypto.ObjectNotFoundException;
import org.mozilla.jss.crypto.TokenException;
import org.mozilla.jss.pkcs11.PK11Module;
import org.mozilla.jss.pkcs11.PK11Token;
import org.mozilla.jss.util.IncorrectPasswordException;

/* loaded from: input_file:es/mityc/javasign/pkstore/mozilla/MozillaStoreJSS.class */
public class MozillaStoreJSS implements IPKStoreManager {
    private static final String STR_FIX_JSS_BUILT_IN = "Builtin Object Token";
    private MozillaTokenLoginModeEnum loginMode;
    private int loginTimeoutMinutes;
    private static final Log LOG = LogFactory.getLog(MozillaStoreJSS.class);
    private static final II18nManager I18N = I18nFactory.getI18nManager(ConstantsCert.LIB_NAME);
    private static CryptoManager cm = null;

    public MozillaStoreJSS(String str) throws CertStoreException {
        this(str, MozillaStoreUtils.LIB_MODE.ONLY_JSS);
    }

    public MozillaStoreJSS(String str, MozillaStoreUtils.LIB_MODE lib_mode) throws CertStoreException {
        this.loginMode = MozillaTokenLoginModeEnum.getDefault();
        this.loginTimeoutMinutes = 5;
        if (cm == null) {
            initialize(str, lib_mode);
        }
    }

    public CertPath getCertPath(X509Certificate x509Certificate) throws CertStoreException {
        throw new UnsupportedOperationException("Not implemented yet");
    }

    public PrivateKey getPrivateKey(X509Certificate x509Certificate) throws CertStoreException {
        byte[] bArr = null;
        INTEGER integer = null;
        try {
            if (LOG.isDebugEnabled()) {
                LOG.debug("Cargando JSS con el manager ");
                LOG.debug(cm != null ? cm.getClass() : "Nulo");
            }
            bArr = x509Certificate.getIssuerX500Principal().getEncoded();
            integer = new INTEGER(x509Certificate.getSerialNumber());
            if (LOG.isDebugEnabled()) {
                LOG.debug("Buscando en el almacén el certificado expedido por " + new String(bArr) + " y serial " + integer);
            }
            org.mozilla.jss.crypto.X509Certificate findCertByIssuerAndSerialNumber = cm.findCertByIssuerAndSerialNumber(bArr, integer);
            if (LOG.isDebugEnabled()) {
                LOG.debug("Certificado encontrado en el almacén: " + findCertByIssuerAndSerialNumber.getSubjectDN());
            }
            org.mozilla.jss.crypto.PrivateKey findPrivKeyByCert = cm.findPrivKeyByCert(findCertByIssuerAndSerialNumber);
            if (LOG.isDebugEnabled()) {
                LOG.debug(new StringBuilder("Clave privada asociada encontrada:").append(findPrivKeyByCert).toString() != null ? findPrivKeyByCert.toString() : "No encontrada");
            }
            String replaceAll = x509Certificate.getIssuerDN().getName().replaceAll(" ", "");
            Enumeration modules = cm.getModules();
            boolean hasMoreElements = modules.hasMoreElements();
            while (hasMoreElements) {
                PK11Module pK11Module = (PK11Module) modules.nextElement();
                if (LOG.isTraceEnabled()) {
                    LOG.trace("Modulo: " + pK11Module.getName());
                }
                hasMoreElements = modules.hasMoreElements();
                Enumeration tokens = pK11Module.getTokens();
                boolean hasMoreElements2 = tokens.hasMoreElements();
                while (true) {
                    if (!hasMoreElements2) {
                        break;
                    }
                    PK11Token pK11Token = (PK11Token) tokens.nextElement();
                    if (LOG.isTraceEnabled()) {
                        LOG.trace("Token: " + pK11Token.getName());
                    }
                    hasMoreElements2 = tokens.hasMoreElements();
                    try {
                        org.mozilla.jss.crypto.X509Certificate[] certificates = pK11Token.getCryptoStore().getCertificates();
                        int length = certificates.length;
                        int i = 0;
                        while (true) {
                            if (i >= length) {
                                break;
                            }
                            org.mozilla.jss.crypto.X509Certificate x509Certificate2 = certificates[i];
                            if (x509Certificate2.getIssuerDN().getName().replaceAll(" ", "").equals(replaceAll) && x509Certificate2.getSerialNumber().equals(x509Certificate.getSerialNumber())) {
                                if (LOG.isTraceEnabled()) {
                                    LOG.trace("Se ha encontrado coincidencia en el token " + pK11Token.getName());
                                }
                                cm.setThreadToken(cm.getTokenByName(pK11Token.getName()));
                            } else {
                                i++;
                            }
                        }
                    } catch (Exception e) {
                        if (LOG.isTraceEnabled()) {
                            LOG.error(e);
                        }
                    }
                }
            }
            return findPrivKeyByCert;
        } catch (Exception e2) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("Error al acceder al token criptográfico. Reintentando logarse", e2);
            }
            try {
                if (LOG.isTraceEnabled()) {
                    LOG.trace("Procesando modulos");
                }
                Enumeration modules2 = cm.getModules();
                boolean hasMoreElements3 = modules2.hasMoreElements();
                while (hasMoreElements3) {
                    if (LOG.isTraceEnabled()) {
                        LOG.trace("Procesando modulo PK11 de mozilla");
                    }
                    PK11Module pK11Module2 = (PK11Module) modules2.nextElement();
                    hasMoreElements3 = modules2.hasMoreElements();
                    pK11Module2.reloadTokens();
                    Enumeration tokens2 = pK11Module2.getTokens();
                    boolean hasMoreElements4 = tokens2.hasMoreElements();
                    while (hasMoreElements4) {
                        if (LOG.isTraceEnabled()) {
                            LOG.trace("Procesando token");
                        }
                        PK11Token pK11Token2 = (PK11Token) tokens2.nextElement();
                        if (LOG.isTraceEnabled()) {
                            LOG.trace("Token: " + pK11Token2.getName());
                        }
                        hasMoreElements4 = tokens2.hasMoreElements();
                        if (!STR_FIX_JSS_BUILT_IN.equals(pK11Token2.getName()) && !pK11Token2.isInternalCryptoToken() && !pK11Token2.isInternalKeyStorageToken()) {
                            if (LOG.isTraceEnabled()) {
                                LOG.trace("Procesando token externo");
                            }
                            if (pK11Token2.isPresent()) {
                                if (pK11Token2.isLoggedIn()) {
                                    pK11Token2.logout();
                                }
                                if (LOG.isTraceEnabled()) {
                                    LOG.trace("Loggin de token...");
                                }
                                int i2 = 0;
                                while (i2 < 3) {
                                    try {
                                        pK11Token2.setLoginMode(this.loginMode.getInteger());
                                        if (this.loginMode == MozillaTokenLoginModeEnum.TIMEOUT) {
                                            pK11Token2.setLoginTimeoutMinutes(this.loginTimeoutMinutes);
                                        }
                                        pK11Token2.login(MozillaStoreUtils.getPassHandler(IPINDialogConfigurable.MESSAGES_MODE.AUTO_TOKEN, null, I18N.getLocalMessage(ConstantsCert.I18N_CERT_MOZILLA_8)));
                                        i2 += 3;
                                        if (LOG.isTraceEnabled()) {
                                            LOG.trace("Loggin de token correcto!");
                                        }
                                    } catch (TokenException e3) {
                                        LOG.error(I18N.getLocalMessage(ConstantsCert.I18N_CERT_MOZILLA_7, new Object[]{pK11Token2.getName()}), e3);
                                        i2++;
                                    } catch (IncorrectPasswordException e4) {
                                        LOG.info(I18N.getLocalMessage(ConstantsCert.I18N_CERT_MOZILLA_6));
                                        i2++;
                                    }
                                }
                            }
                            if (pK11Token2.isLoggedIn()) {
                                if (LOG.isTraceEnabled()) {
                                    LOG.trace("Accediendo a token...");
                                }
                                org.mozilla.jss.crypto.X509Certificate[] certificates2 = pK11Token2.getCryptoStore().getCertificates();
                                boolean z = false;
                                int i3 = 0;
                                while (true) {
                                    if (i3 >= certificates2.length) {
                                        break;
                                    }
                                    org.mozilla.jss.crypto.X509Certificate x509Certificate3 = certificates2[i3];
                                    if (LOG.isTraceEnabled()) {
                                        LOG.trace("Certificado candidato: " + x509Certificate3.getNickname());
                                    }
                                    try {
                                    } catch (CertificateEncodingException e5) {
                                        LOG.error("No se pudo recuperar el certificado:" + x509Certificate3.getNickname());
                                    }
                                    if (new String(x509Certificate3.getEncoded()).equals(new String(x509Certificate.getEncoded()))) {
                                        if (LOG.isDebugEnabled()) {
                                            LOG.debug("Correspondencia encontrada");
                                        }
                                        z = true;
                                    } else {
                                        i3++;
                                    }
                                }
                                if (z) {
                                    org.mozilla.jss.crypto.X509Certificate findCertByIssuerAndSerialNumber2 = cm.findCertByIssuerAndSerialNumber(bArr, integer);
                                    if (LOG.isDebugEnabled()) {
                                        LOG.debug("Certificado encontrado en el almacén: " + findCertByIssuerAndSerialNumber2.getSubjectDN());
                                    }
                                    org.mozilla.jss.crypto.PrivateKey findPrivKeyByCert2 = cm.findPrivKeyByCert(findCertByIssuerAndSerialNumber2);
                                    if (LOG.isDebugEnabled()) {
                                        LOG.debug(new StringBuilder("Clave privada asociada encontrada:").append(findPrivKeyByCert2).toString() != null ? findPrivKeyByCert2.toString() : "No encontrada");
                                    }
                                    return findPrivKeyByCert2;
                                }
                                if (LOG.isDebugEnabled()) {
                                    LOG.debug("No se han encontrado correspondencias en este token. Se continua");
                                }
                            } else {
                                continue;
                            }
                        }
                    }
                }
                if (LOG.isDebugEnabled()) {
                    LOG.debug("Modulos procesados sin encontrar correspondencia");
                }
                throw new CertStoreException("No se encuentra la clave privada", e2);
            } catch (SecurityException e6) {
                LOG.error(I18N.getLocalMessage(ConstantsCert.I18N_CERT_MOZILLA_9), e6);
                throw new CertStoreException(I18N.getLocalMessage(ConstantsCert.I18N_CERT_MOZILLA_9), e6);
            } catch (ObjectNotFoundException e7) {
                if (LOG.isDebugEnabled()) {
                    LOG.debug("Error al buscar la clave privada", e2);
                }
                throw new CertStoreException(e2);
            } catch (TokenException e8) {
                LOG.error(I18N.getLocalMessage(ConstantsCert.I18N_CERT_MOZILLA_9), e8);
                throw new CertStoreException(I18N.getLocalMessage(ConstantsCert.I18N_CERT_MOZILLA_9), e8);
            }
        }
    }

    public Provider getProvider(X509Certificate x509Certificate) {
        return new JSSProvider();
    }

    public List<X509Certificate> getSignCertificates() throws CertStoreException {
        return getCertificates(true);
    }

    public List<X509Certificate> getPublicCertificates() throws CertStoreException {
        return getCertificates(false);
    }

    private List<X509Certificate> getCertificates(boolean z) throws CertStoreException {
        if (cm == null) {
            LOG.error("No se ha cargado el módulo CSP para Mozilla");
            throw new CertStoreException(I18N.getLocalMessage(ConstantsCert.I18N_CERT_MOZILLA_9));
        }
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        try {
            if (LOG.isTraceEnabled()) {
                LOG.trace("Procesando modulos");
            }
            Enumeration modules = cm.getModules();
            boolean hasMoreElements = modules.hasMoreElements();
            while (hasMoreElements) {
                if (LOG.isTraceEnabled()) {
                    LOG.trace("Procesando modulo PK11 de mozilla");
                }
                PK11Module pK11Module = (PK11Module) modules.nextElement();
                if (LOG.isTraceEnabled()) {
                    LOG.trace("Modulo: " + pK11Module.getName());
                }
                hasMoreElements = modules.hasMoreElements();
                if (LOG.isTraceEnabled()) {
                    LOG.trace("Recargando tokens");
                }
                pK11Module.reloadTokens();
                if (LOG.isTraceEnabled()) {
                    LOG.trace("Tokens recargados");
                }
                Enumeration tokens = pK11Module.getTokens();
                if (LOG.isTraceEnabled()) {
                    LOG.trace("Tokens del módulo obtenidos: " + tokens.hasMoreElements());
                }
                boolean hasMoreElements2 = tokens.hasMoreElements();
                while (hasMoreElements2) {
                    if (LOG.isTraceEnabled()) {
                        LOG.trace("Procesando token");
                    }
                    PK11Token pK11Token = (PK11Token) tokens.nextElement();
                    if (LOG.isTraceEnabled()) {
                        LOG.trace("Token: " + pK11Token.getName());
                    }
                    hasMoreElements2 = tokens.hasMoreElements();
                    if (!STR_FIX_JSS_BUILT_IN.equals(pK11Token.getName()) && !pK11Token.isInternalCryptoToken() && !pK11Token.isInternalKeyStorageToken()) {
                        if (LOG.isTraceEnabled()) {
                            LOG.trace("Procesando token externo");
                        }
                        if (pK11Token.isPresent()) {
                            if (pK11Token.isLoggedIn()) {
                                boolean z2 = this.loginMode != MozillaTokenLoginModeEnum.getLoginMode(pK11Token.getLoginMode());
                                if (!z2 && this.loginMode == MozillaTokenLoginModeEnum.TIMEOUT) {
                                    z2 = this.loginTimeoutMinutes != pK11Token.getLoginTimeoutMinutes();
                                }
                                if (z2) {
                                    pK11Token.logout();
                                }
                            }
                            if (!pK11Token.isLoggedIn()) {
                                if (LOG.isTraceEnabled()) {
                                    LOG.trace("Loggin de token...");
                                }
                                int i = 0;
                                while (i < 3) {
                                    try {
                                        pK11Token.setLoginMode(this.loginMode.getInteger());
                                        if (this.loginMode == MozillaTokenLoginModeEnum.TIMEOUT) {
                                            pK11Token.setLoginTimeoutMinutes(this.loginTimeoutMinutes);
                                        }
                                        pK11Token.login(MozillaStoreUtils.getPassHandler(IPINDialogConfigurable.MESSAGES_MODE.AUTO_TOKEN, null, I18N.getLocalMessage(ConstantsCert.I18N_CERT_MOZILLA_8)));
                                        i += 3;
                                        if (LOG.isTraceEnabled()) {
                                            LOG.trace("Loggin de token correcto!");
                                        }
                                        cm.setThreadToken(pK11Token);
                                    } catch (TokenException e) {
                                        LOG.error(I18N.getLocalMessage(ConstantsCert.I18N_CERT_MOZILLA_7, new Object[]{pK11Token.getName()}), e);
                                        i++;
                                    } catch (IncorrectPasswordException e2) {
                                        LOG.info(I18N.getLocalMessage(ConstantsCert.I18N_CERT_MOZILLA_6));
                                        i++;
                                    }
                                }
                            }
                            if (pK11Token.isLoggedIn()) {
                                if (LOG.isTraceEnabled()) {
                                    LOG.trace("Accediendo a token...");
                                }
                                for (org.mozilla.jss.crypto.X509Certificate x509Certificate : pK11Token.getCryptoStore().getCertificates()) {
                                    X509Certificate convert = MozillaStoreUtils.convert(x509Certificate);
                                    boolean[] keyUsage = convert.getKeyUsage();
                                    if (convert == null || !(keyUsage == null || keyUsage[0] || keyUsage[1])) {
                                        arrayList.add(convert);
                                    } else {
                                        arrayList2.add(convert);
                                    }
                                }
                            }
                        }
                    }
                }
                if (LOG.isTraceEnabled()) {
                    LOG.trace("Modulo P11 procesado");
                }
            }
            if (LOG.isTraceEnabled()) {
                LOG.trace("Pide certificados");
            }
            org.mozilla.jss.crypto.X509Certificate[] certificates = cm.getInternalKeyStorageToken().getCryptoStore().getCertificates();
            if (LOG.isTraceEnabled()) {
                if (certificates != null) {
                    LOG.trace("Se han obtenido " + certificates.length + " certificados");
                } else {
                    LOG.trace("No hay certificados disponibles");
                }
            }
            for (int i2 = 0; i2 < certificates.length; i2++) {
                try {
                    if (LOG.isTraceEnabled()) {
                        LOG.trace("Buscando clave privada para: " + certificates[i2]);
                    }
                    if (cm.findPrivKeyByCert(certificates[i2]) != null) {
                        arrayList2.add(MozillaStoreUtils.convert(certificates[i2]));
                    } else {
                        arrayList.add(MozillaStoreUtils.convert(certificates[i2]));
                    }
                } catch (ObjectNotFoundException e3) {
                    if (LOG.isTraceEnabled()) {
                        LOG.trace("No hay clave privada");
                    }
                }
            }
            return z ? arrayList2 : arrayList;
        } catch (SecurityException e4) {
            LOG.error(I18N.getLocalMessage(ConstantsCert.I18N_CERT_MOZILLA_9), e4);
            throw new CertStoreException(I18N.getLocalMessage(ConstantsCert.I18N_CERT_MOZILLA_9), e4);
        } catch (TokenException e5) {
            LOG.error(I18N.getLocalMessage(ConstantsCert.I18N_CERT_MOZILLA_9), e5);
            throw new CertStoreException(I18N.getLocalMessage(ConstantsCert.I18N_CERT_MOZILLA_9), e5);
        }
    }

    public List<X509Certificate> getTrustCertificates() throws CertStoreException {
        throw new UnsupportedOperationException("Not implemented yet");
    }

    private synchronized void initialize(String str, MozillaStoreUtils.LIB_MODE lib_mode) throws CertStoreException {
        MozillaStoreUtils.initialize(str, lib_mode);
        try {
            if (LOG.isDebugEnabled()) {
                LOG.debug("Se levanta el proveedor JSS");
            }
            CryptoManager.InitializationValues initializationValues = new CryptoManager.InitializationValues(str);
            initializationValues.installJSSProvider = false;
            CryptoManager.initialize(initializationValues);
            cm = CryptoManager.getInstance();
        } catch (UnsatisfiedLinkError e) {
            LOG.debug("No se pudo cargar la instancia de la librería JSS: " + e.getMessage(), e);
            throw new CertStoreException(e);
        } catch (GeneralSecurityException e2) {
            LOG.error(I18N.getLocalMessage(ConstantsCert.I18N_CERT_MOZILLA_2, new Object[]{e2.getMessage()}), e2);
        } catch (CertDatabaseException e3) {
            LOG.error(I18N.getLocalMessage(ConstantsCert.I18N_CERT_MOZILLA_2, new Object[]{e3.getMessage()}), e3);
        } catch (AlreadyInitializedException e4) {
        } catch (CryptoManager.NotInitializedException e5) {
            LOG.error(I18N.getLocalMessage(ConstantsCert.I18N_CERT_MOZILLA_2, new Object[]{e5.getMessage()}), e5);
        } catch (KeyDatabaseException e6) {
            LOG.error(I18N.getLocalMessage(ConstantsCert.I18N_CERT_MOZILLA_2, new Object[]{e6.getMessage()}), e6);
        }
        if (cm != null) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("Capturando slot para peticiones de PIN");
            }
            cm.setPasswordCallback(MozillaStoreUtils.getPassHandler(IPINDialogConfigurable.MESSAGES_MODE.AUTO, null, null));
        }
    }

    public MozillaTokenLoginModeEnum getLoginMode() {
        return this.loginMode;
    }

    public void setLoginMode(MozillaTokenLoginModeEnum mozillaTokenLoginModeEnum) {
        this.loginMode = mozillaTokenLoginModeEnum;
    }

    public int getLoginTimeoutMinutes() {
        return this.loginTimeoutMinutes;
    }

    public void setLoginTimeoutMinutes(int i) {
        this.loginTimeoutMinutes = i;
    }
}
