package org.adullact.parapheur.applets.splittedsign;

import iaik.pkcs.pkcs11.InitializeArgs;
import iaik.pkcs.pkcs11.Mechanism;
import iaik.pkcs.pkcs11.MechanismInfo;
import iaik.pkcs.pkcs11.Module;
import iaik.pkcs.pkcs11.Notify;
import iaik.pkcs.pkcs11.Session;
import iaik.pkcs.pkcs11.Slot;
import iaik.pkcs.pkcs11.Token;
import iaik.pkcs.pkcs11.TokenException;
import iaik.pkcs.pkcs11.objects.Key;
import iaik.pkcs.pkcs11.objects.Object;
import iaik.pkcs.pkcs11.objects.PrivateKey;
import iaik.pkcs.pkcs11.objects.RSAPrivateKey;
import iaik.pkcs.pkcs11.objects.X509PublicKeyCertificate;
import iaik.utils.CryptoUtils;
import java.io.IOException;
import java.math.BigInteger;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;

/* loaded from: input_file:org/adullact/parapheur/applets/splittedsign/OSXPkcs11Signer.class */
public class OSXPkcs11Signer {
    private final char[] pinCode;
    private String pkcs11moduleName;
    private Module pkcs11Module = null;
    private Token token = null;
    private Session session = null;
    private Key selectedSigningKey = null;
    private final boolean rwSession = true;

    public OSXPkcs11Signer(String str, char[] cArr) {
        this.pkcs11moduleName = null;
        this.pkcs11moduleName = str;
        this.pinCode = cArr;
    }

    public byte[] signHashWithPKCS11(X509Certificate x509Certificate, byte[] bArr) throws Exception {
        initializePkcs11();
        validateMechanism();
        openSession(this.pinCode);
        this.selectedSigningKey = selectMatchingSigningPrivateKey(x509Certificate);
        byte[] signWithSelectedKey = signWithSelectedKey(bArr);
        System.out.println("The signature value is: " + new BigInteger(1, signWithSelectedKey).toString(16));
        return signWithSelectedKey;
    }

    private void initializePkcs11() throws TokenException, IOException {
        this.pkcs11Module = Module.getInstance(this.pkcs11moduleName);
        this.pkcs11Module.initialize((InitializeArgs) null);
        Slot[] slotList = this.pkcs11Module.getSlotList(true);
        Token[] tokenArr = new Token[slotList.length];
        for (int i = 0; i < slotList.length; i++) {
            tokenArr[i] = slotList[i].getToken();
        }
        if (tokenArr.length == 0) {
            System.out.println("There is no slot with a present token.");
        } else if (tokenArr.length != 1) {
            System.out.println("Only one token allowed on this version");
        } else {
            System.out.println("Taking token with ID: " + tokenArr[0].getTokenID());
            this.token = tokenArr[0];
        }
    }

    private void validateMechanism() throws Exception {
        Mechanism[] mechanismList = this.token.getMechanismList();
        HashMap hashMap = new HashMap(mechanismList.length);
        for (int i = 0; i < mechanismList.length; i++) {
            hashMap.put(mechanismList[i], mechanismList[i]);
        }
        if (!hashMap.containsKey(Mechanism.get(1L))) {
            System.out.println("The token does not support mechanism RSA_PKCS. Going to exit.");
            throw new Exception("The token does not support mechanism RSA_PKCS.");
        }
        MechanismInfo mechanismInfo = this.token.getMechanismInfo(Mechanism.get(1L));
        if (mechanismInfo == null || !mechanismInfo.isSign()) {
            System.out.println("The token does not support signing with mechanism RSA_PKCS. Going to exit.");
            throw new Exception("The token does not support signing with mechanism RSA_PKCS.");
        }
    }

    private void openSession(char[] cArr) throws TokenException {
        this.session = this.token.openSession(true, this.rwSession, (Object) null, (Notify) null);
        this.session.login(true, cArr);
    }

    private Key selectFirstSigningPrivateKey() throws TokenException {
        RSAPrivateKey rSAPrivateKey = new RSAPrivateKey();
        rSAPrivateKey.getSign().setBooleanValue(Boolean.TRUE);
        System.out.println("OSXPkcs11: searching for keys");
        ArrayList arrayList = new ArrayList(4);
        this.session.findObjectsInit(rSAPrivateKey);
        while (true) {
            Object[] findObjects = this.session.findObjects(1);
            if (findObjects.length <= 0) {
                this.session.findObjectsFinal();
                return (Key) arrayList.get(0);
            }
            arrayList.add(findObjects[0]);
        }
    }

    private byte[] signWithSelectedKey(byte[] bArr) throws TokenException {
        this.session.signInit(Mechanism.get(1L), this.selectedSigningKey);
        return this.session.sign(bArr);
    }

    public Key selectMatchingSigningPrivateKey(X509Certificate x509Certificate) throws TokenException, CertificateException {
        BigInteger serialNumber = x509Certificate.getSerialNumber();
        RSAPrivateKey rSAPrivateKey = new RSAPrivateKey();
        rSAPrivateKey.getSign().setBooleanValue(Boolean.TRUE);
        ArrayList<PrivateKey> arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        this.session.findObjectsInit(rSAPrivateKey);
        while (true) {
            PrivateKey[] findObjects = this.session.findObjects(1);
            if (findObjects.length <= 0) {
                break;
            }
            arrayList.add(findObjects[0]);
        }
        this.session.findObjectsFinal();
        for (PrivateKey privateKey : arrayList) {
            arrayList2.clear();
            byte[] byteArrayValue = privateKey.getId().getByteArrayValue();
            X509PublicKeyCertificate x509PublicKeyCertificate = new X509PublicKeyCertificate();
            if (!this.session.getModule().getInfo().getManufacturerID().contains("AEP")) {
                x509PublicKeyCertificate.getId().setByteArrayValue(byteArrayValue);
            }
            this.session.findObjectsInit(x509PublicKeyCertificate);
            while (true) {
                X509PublicKeyCertificate[] findObjects2 = this.session.findObjects(1);
                if (findObjects2.length <= 0) {
                    break;
                }
                X509PublicKeyCertificate x509PublicKeyCertificate2 = findObjects2[0];
                if (!this.session.getModule().getInfo().getManufacturerID().contains("AEP")) {
                    arrayList2.add(x509PublicKeyCertificate2);
                } else if (CryptoUtils.equalsBlock(x509PublicKeyCertificate2.getId().getByteArrayValue(), byteArrayValue)) {
                    arrayList2.add(x509PublicKeyCertificate2);
                }
            }
            this.session.findObjectsFinal();
            Iterator it = arrayList2.iterator();
            while (it.hasNext()) {
                if (serialNumber.equals(new iaik.x509.X509Certificate(((X509PublicKeyCertificate) it.next()).getValue().getByteArrayValue()).getSerialNumber())) {
                    return privateKey;
                }
            }
        }
        return null;
    }
}
