package com.cryptoarm.Pkcs11Caller;

import com.cryptoarm.Pkcs11Caller.bcprovider.CmsSigner;
import com.sun.jna.NativeLong;
import java.io.BufferedInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.nio.charset.StandardCharsets;
import java.security.KeyStore;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import java.util.concurrent.Callable;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import java.util.concurrent.Future;
import java.util.logging.Level;
import java.util.logging.Logger;
import net.lingala.zip4j.crypto.PBKDF2.BinTools;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.pqc.jcajce.spec.McElieceCCA2KeyGenParameterSpec;
import ru.rutoken.pkcs11jna.CK_TOKEN_INFO_EXTENDED;
import ru.rutoken.pkcs11wrapper.constant.standard.Pkcs11UserType;
import ru.rutoken.pkcs11wrapper.datatype.Pkcs11TokenInfo;
import ru.rutoken.pkcs11wrapper.main.Pkcs11Exception;
import ru.rutoken.pkcs11wrapper.main.Pkcs11Session;
import ru.rutoken.pkcs11wrapper.main.Pkcs11Slot;
import ru.rutoken.pkcs11wrapper.object.certificate.Pkcs11X509PublicKeyCertificateObject;
import ru.rutoken.pkcs11wrapper.object.key.Pkcs11PrivateKeyObject;

/* loaded from: classes.dex */
public class Token {
    static final /* synthetic */ boolean $assertionsDisabled = false;
    private long mFreeMemory;
    private String mHardwareVersion;
    private String mId;
    private final boolean mIsBluetooth;
    private final boolean mIsNfc;
    private String mLabel;
    private String mModel;
    private boolean mPinFinalTry;
    private boolean mPinLocked;
    private String mSerialNumber;
    private Pkcs11Session mSession;
    private final Pkcs11Slot mSlot;
    private final String mStore;
    private long mTotalMemory;
    private boolean mUserPinFinalTry;
    private boolean mUserPinLocked;
    private int mUserRetryCountLeft;
    private Pkcs11Session.LoginGuard mLoginCallback = null;
    private final ExecutorService mReadCertsService = Executors.newFixedThreadPool(2);
    private final HashMap<String, CertificateKeyPairInfo> mCertificateMap = new HashMap<>();

    /* JADX INFO: Access modifiers changed from: package-private */
    public Token(Pkcs11Slot pkcs11Slot, boolean z, boolean z2, String str) throws Exception {
        this.mIsNfc = z;
        this.mIsBluetooth = z2;
        this.mStore = str;
        this.mSlot = pkcs11Slot;
        initTokenInfo();
        openSession();
        readCerts();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Map<String, CertificateKeyPairInfo> getCspCertificates() {
        HashMap hashMap = new HashMap();
        try {
            KeyStore keyStore = KeyStore.getInstance(this.mStore);
            keyStore.load(null, null);
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                if (!nextElement.contains("pkcs")) {
                    Certificate certificate = new Certificate(keyStore.getCertificate(nextElement).getEncoded(), nextElement, this.mStore);
                    CertificateKeyPairInfo certificateKeyPairInfo = new CertificateKeyPairInfo(certificate, null);
                    hashMap.put(certificate.id(), certificateKeyPairInfo);
                    Logger.getLogger("LOG Certificate").log(Level.INFO, "Certificate: " + certificateKeyPairInfo);
                }
            }
        } catch (Exception e) {
            Logger.getLogger("LOG ERROR").log(Level.INFO, "keyStore: " + e);
        }
        return hashMap;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Map<String, CertificateKeyPairInfo> getPkcs11Certificates() {
        HashMap hashMap = new HashMap();
        HashMap hashMap2 = new HashMap();
        try {
            List<Pkcs11X509PublicKeyCertificateObject> findObjectsAtOnce = this.mSession.getObjectManager().findObjectsAtOnce(Pkcs11X509PublicKeyCertificateObject.class);
            KeyStore keyStore = KeyStore.getInstance(this.mStore);
            keyStore.load(null, null);
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                if (nextElement.contains("pkcs")) {
                    hashMap2.put(Certificate.calculateHash(keyStore.getCertificate(nextElement).getEncoded()), nextElement);
                }
            }
            for (Pkcs11X509PublicKeyCertificateObject pkcs11X509PublicKeyCertificateObject : findObjectsAtOnce) {
                Certificate certificate = new Certificate(pkcs11X509PublicKeyCertificateObject, this.mSession, this.mStore, (String) hashMap2.get(Certificate.calculateHash(pkcs11X509PublicKeyCertificateObject.getValueAttributeValue(this.mSession).getByteArrayValue())));
                hashMap.put(certificate.id(), new CertificateKeyPairInfo(certificate, new GostKeyPair(this.mSession, certificate.getCertificateHolder())));
            }
        } catch (Exception unused) {
        }
        return hashMap;
    }

    private void initTokenInfo() throws NoSuchAlgorithmException {
        CK_TOKEN_INFO_EXTENDED ck_token_info_extended = new CK_TOKEN_INFO_EXTENDED();
        ck_token_info_extended.ulSizeofThisStructure = new NativeLong(ck_token_info_extended.size());
        Pkcs11TokenInfo tokenInfo = this.mSlot.getToken().getTokenInfo();
        this.mLabel = tokenInfo.getLabel().trim();
        this.mModel = tokenInfo.getModel().trim();
        String trim = tokenInfo.getSerialNumber().trim();
        this.mSerialNumber = trim;
        try {
            this.mSerialNumber = String.valueOf(Long.parseLong(trim, 16));
        } catch (NumberFormatException unused) {
        }
        this.mHardwareVersion = String.format("%d.%d.%d.%d", Byte.valueOf(tokenInfo.getHardwareVersion().getMajor()), Byte.valueOf(tokenInfo.getHardwareVersion().getMinor()), Byte.valueOf(tokenInfo.getFirmwareVersion().getMajor()), Byte.valueOf(tokenInfo.getFirmwareVersion().getMinor()));
        this.mTotalMemory = tokenInfo.getTotalPublicMemory();
        this.mFreeMemory = tokenInfo.getFreePublicMemory();
        this.mUserPinLocked = tokenInfo.isUserPinLocked();
        this.mUserPinFinalTry = tokenInfo.isUserPinFinalTry();
        this.mPinLocked = tokenInfo.isSoPinLocked();
        this.mPinFinalTry = tokenInfo.isSoPinFinalTry();
        this.mUserRetryCountLeft = ck_token_info_extended.ulUserRetryCountLeft.intValue();
        this.mId = sha1Digest(this.mModel + " " + this.mSerialNumber);
    }

    private void loginUser(String str) {
        this.mLoginCallback = this.mSession.login(Pkcs11UserType.CKU_USER, str);
    }

    private void readCerts() {
        try {
            Iterator it = this.mReadCertsService.invokeAll(Arrays.asList(new Callable() { // from class: com.cryptoarm.Pkcs11Caller.Token$$ExternalSyntheticLambda1
                @Override // java.util.concurrent.Callable
                public final Object call() {
                    Map pkcs11Certificates;
                    pkcs11Certificates = Token.this.getPkcs11Certificates();
                    return pkcs11Certificates;
                }
            }, new Callable() { // from class: com.cryptoarm.Pkcs11Caller.Token$$ExternalSyntheticLambda0
                @Override // java.util.concurrent.Callable
                public final Object call() {
                    Map cspCertificates;
                    cspCertificates = Token.this.getCspCertificates();
                    return cspCertificates;
                }
            })).iterator();
            while (it.hasNext()) {
                this.mCertificateMap.putAll((Map) ((Future) it.next()).get());
            }
        } catch (InterruptedException | Exception unused) {
        } catch (Throwable th) {
            this.mReadCertsService.shutdown();
            throw th;
        }
        this.mReadCertsService.shutdown();
    }

    private String sha1Digest(String str) throws NoSuchAlgorithmException {
        byte[] digest = MessageDigest.getInstance(McElieceCCA2KeyGenParameterSpec.SHA1).digest(str.getBytes(StandardCharsets.UTF_8));
        char[] charArray = BinTools.hex.toCharArray();
        char[] cArr = new char[digest.length * 2];
        for (int i = 0; i < digest.length; i++) {
            int i2 = digest[i] & 255;
            int i3 = i * 2;
            cArr[i3] = charArray[i2 >>> 4];
            cArr[i3 + 1] = charArray[i2 & 15];
        }
        return new String(cArr).toLowerCase(Locale.ROOT);
    }

    public void closeSession() {
        try {
            this.mSession.close();
        } catch (Exception unused) {
        }
    }

    public byte[] cmsDecrypt(Pkcs11Session pkcs11Session, byte[] bArr, Pkcs11PrivateKeyObject pkcs11PrivateKeyObject, List<X509Certificate> list) {
        try {
            return new CmsDecryptor(pkcs11Session).decrypt(bArr, pkcs11PrivateKeyObject.getHandle(), list);
        } catch (Exception e) {
            Logger.getLogger("LOG cmsDecrypt").log(Level.INFO, "error: " + e.toString());
            return new byte[0];
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:12:0x0049, code lost:
    
        java.util.logging.Logger.getLogger("LOG decryptedData bread").log(java.util.logging.Level.INFO, "key: " + r3);
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public byte[] decrypt(byte[] r8) throws java.lang.Exception {
        /*
            r7 = this;
            r0 = 0
            byte[] r0 = new byte[r0]     // Catch: java.lang.Exception -> L68
            ru.rutoken.pkcs11wrapper.main.Pkcs11Session r1 = r7.getSession()     // Catch: java.lang.Exception -> L68
            java.util.Set r2 = r7.enumerateCertificates()     // Catch: java.lang.Exception -> L68
            java.util.Iterator r2 = r2.iterator()     // Catch: java.lang.Exception -> L68
        Lf:
            boolean r3 = r2.hasNext()     // Catch: java.lang.Exception -> L68
            if (r3 == 0) goto L67
            java.lang.Object r3 = r2.next()     // Catch: java.lang.Exception -> L68
            java.lang.String r3 = (java.lang.String) r3     // Catch: java.lang.Exception -> L68
            com.cryptoarm.Pkcs11Caller.Certificate r4 = r7.getCertificate(r3)     // Catch: java.lang.Exception -> L68
            java.lang.String r4 = r4.id()     // Catch: java.lang.Exception -> L68
            com.cryptoarm.Pkcs11Caller.CertificateKeyPairInfo r4 = r7.getCertificateKeyPairInfo(r4)     // Catch: java.lang.Exception -> L68
            com.cryptoarm.Pkcs11Caller.Certificate r5 = r4.getCertificate()     // Catch: java.lang.Exception -> L68
            org.bouncycastle.cert.X509CertificateHolder r5 = r5.getCertificateHolder()     // Catch: java.lang.Exception -> L68
            boolean r6 = r7.havePrivateKey(r1, r4)     // Catch: java.lang.Exception -> L68
            if (r6 != 0) goto L36
            goto Lf
        L36:
            ru.rutoken.pkcs11wrapper.object.key.Pkcs11GostPrivateKeyObject r0 = r4.getPrivateKey(r1)     // Catch: java.lang.Exception -> L68
            java.security.cert.X509Certificate r4 = com.cryptoarm.Pkcs11Caller.UtilsPkcs11.getX509Certificate(r5)     // Catch: java.lang.Exception -> L68
            java.util.List r4 = java.util.Collections.singletonList(r4)     // Catch: java.lang.Exception -> L68
            byte[] r0 = r7.cmsDecrypt(r1, r8, r0, r4)     // Catch: java.lang.Exception -> L68
            int r4 = r0.length     // Catch: java.lang.Exception -> L68
            if (r4 == 0) goto Lf
            java.lang.String r7 = "LOG decryptedData bread"
            java.util.logging.Logger r7 = java.util.logging.Logger.getLogger(r7)     // Catch: java.lang.Exception -> L68
            java.util.logging.Level r8 = java.util.logging.Level.INFO     // Catch: java.lang.Exception -> L68
            java.lang.StringBuilder r1 = new java.lang.StringBuilder     // Catch: java.lang.Exception -> L68
            r1.<init>()     // Catch: java.lang.Exception -> L68
            java.lang.String r2 = "key: "
            java.lang.StringBuilder r1 = r1.append(r2)     // Catch: java.lang.Exception -> L68
            java.lang.StringBuilder r1 = r1.append(r3)     // Catch: java.lang.Exception -> L68
            java.lang.String r1 = r1.toString()     // Catch: java.lang.Exception -> L68
            r7.log(r8, r1)     // Catch: java.lang.Exception -> L68
        L67:
            return r0
        L68:
            r7 = move-exception
            java.lang.String r8 = "LOG decrypt"
            java.util.logging.Logger r8 = java.util.logging.Logger.getLogger(r8)
            java.util.logging.Level r0 = java.util.logging.Level.INFO
            java.lang.StringBuilder r1 = new java.lang.StringBuilder
            r1.<init>()
            java.lang.String r2 = "decrypt: "
            java.lang.StringBuilder r1 = r1.append(r2)
            java.lang.StringBuilder r1 = r1.append(r7)
            java.lang.String r1 = r1.toString()
            r8.log(r0, r1)
            java.lang.RuntimeException r8 = new java.lang.RuntimeException
            r8.<init>(r7)
            throw r8
        */
        throw new UnsupportedOperationException("Method not decompiled: com.cryptoarm.Pkcs11Caller.Token.decrypt(byte[]):byte[]");
    }

    public Set<String> enumerateCertificates() {
        return this.mCertificateMap.keySet();
    }

    public Certificate getCertificate(String str) {
        return ((CertificateKeyPairInfo) Objects.requireNonNull(this.mCertificateMap.get(str))).getCertificate();
    }

    public CertificateKeyPairInfo getCertificateKeyPairInfo(String str) {
        return (CertificateKeyPairInfo) Objects.requireNonNull(this.mCertificateMap.get(str));
    }

    public long getFreeMemory() {
        return this.mFreeMemory;
    }

    public String getHardwareVersion() {
        return this.mHardwareVersion;
    }

    public String getId() {
        return this.mId;
    }

    public String getLabel() {
        return this.mLabel;
    }

    public String getModel() {
        return this.mModel;
    }

    public boolean getPinFinalTry() {
        return this.mPinFinalTry;
    }

    public boolean getPinLocked() {
        return this.mPinLocked;
    }

    public String getSerialNumber() {
        return this.mSerialNumber;
    }

    public Pkcs11Session getSession() {
        return (Pkcs11Session) Objects.requireNonNull(this.mSession);
    }

    public String getStore() {
        return this.mStore;
    }

    public long getTotalMemory() {
        return this.mTotalMemory;
    }

    public boolean getUserPinFinalTry() {
        return this.mUserPinFinalTry;
    }

    public boolean getUserPinLocked() {
        return this.mUserPinLocked;
    }

    public int getUserRetryCountLeft() {
        return this.mUserRetryCountLeft;
    }

    public boolean havePrivateKey(Pkcs11Session pkcs11Session, CertificateKeyPairInfo certificateKeyPairInfo) {
        try {
            return certificateKeyPairInfo.getPrivateKey(pkcs11Session) != null;
        } catch (Exception unused) {
            return false;
        }
    }

    public boolean isBluetooth() {
        return this.mIsBluetooth;
    }

    public boolean isNfc() {
        return this.mIsNfc;
    }

    public void login(String str) {
        if (this.mIsNfc) {
            openSession();
        }
        loginUser(str);
    }

    public void logout() {
        Pkcs11Session.LoginGuard loginGuard = this.mLoginCallback;
        if (loginGuard != null) {
            loginGuard.close();
            this.mLoginCallback = null;
        }
    }

    public void openSession() {
        this.mSession = this.mSlot.getToken().openSession(false);
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r7v3 */
    /* JADX WARN: Type inference failed for: r7v8, types: [java.io.BufferedInputStream] */
    public byte[] sign(String str, String str2, Boolean bool) throws IOException {
        Pkcs11Session session = getSession();
        FileInputStream fileInputStream = null;
        try {
            try {
                try {
                    File file = new File(str2);
                    CertificateKeyPairInfo certificateKeyPairInfo = getCertificateKeyPairInfo(str);
                    X509CertificateHolder certificateHolder = certificateKeyPairInfo.getCertificate().getCertificateHolder();
                    CmsSigner cmsSigner = new CmsSigner(certificateKeyPairInfo.getGostKeyPair().getKeyType(), session);
                    try {
                        OutputStream initSignature = cmsSigner.initSignature(certificateKeyPairInfo.getPrivateKey(session), certificateHolder, bool.booleanValue());
                        try {
                            FileInputStream fileInputStream2 = new FileInputStream(file);
                            try {
                                bool = new BufferedInputStream(fileInputStream2);
                                try {
                                    byte[] bArr = new byte[2048];
                                    while (true) {
                                        int read = bool.read(bArr);
                                        if (read <= 0) {
                                            break;
                                        }
                                        initSignature.write(bArr, 0, read);
                                    }
                                    if (initSignature != null) {
                                        try {
                                            try {
                                                initSignature.close();
                                            } catch (Exception e) {
                                                e = e;
                                                try {
                                                    throw new RuntimeException("IO error", e);
                                                } catch (Exception e2) {
                                                    e = e2;
                                                    Logger.getLogger("LOG sign").log(Level.INFO, "sign: " + e);
                                                    throw new RuntimeException(e);
                                                }
                                            }
                                        } catch (Throwable th) {
                                            th = th;
                                            fileInputStream = fileInputStream2;
                                            if (fileInputStream != null) {
                                                fileInputStream.close();
                                            }
                                            if (bool != 0) {
                                                bool.close();
                                            }
                                            throw th;
                                        }
                                    }
                                    try {
                                        byte[] finishSignature = cmsSigner.finishSignature();
                                        fileInputStream2.close();
                                        bool.close();
                                        return finishSignature;
                                    } catch (Exception e3) {
                                        e = e3;
                                        Logger.getLogger("LOG sign").log(Level.INFO, "sign: " + e);
                                        throw new RuntimeException(e);
                                    }
                                } catch (Throwable th2) {
                                    th = th2;
                                    if (initSignature != null) {
                                        try {
                                            initSignature.close();
                                        } catch (Throwable th3) {
                                            try {
                                                th.addSuppressed(th3);
                                            } catch (Exception e4) {
                                                e = e4;
                                                throw new RuntimeException("IO error", e);
                                            }
                                        }
                                    }
                                    throw th;
                                }
                            } catch (Throwable th4) {
                                th = th4;
                            }
                        } catch (Throwable th5) {
                            th = th5;
                        }
                    } catch (Exception e5) {
                        e = e5;
                    }
                } catch (Throwable th6) {
                    th = th6;
                    bool = 0;
                }
            } catch (Exception e6) {
                e = e6;
            }
        } catch (Throwable th7) {
            th = th7;
        }
    }

    public void updateUserRetryCountLeftFlag() throws Pkcs11Exception {
        CK_TOKEN_INFO_EXTENDED ck_token_info_extended = new CK_TOKEN_INFO_EXTENDED();
        ck_token_info_extended.ulSizeofThisStructure = new NativeLong(ck_token_info_extended.size());
        RtPkcs11Library.getInstance().getPkcs().C_EX_GetTokenInfoExtended(new NativeLong(this.mSlot.getId()), ck_token_info_extended);
        ck_token_info_extended.ulSizeofThisStructure = new NativeLong(ck_token_info_extended.size());
        this.mUserRetryCountLeft = ck_token_info_extended.ulUserRetryCountLeft.intValue();
    }
}
