package es.gob.afirma.keystores;

import es.gob.afirma.core.AOCancelledOperationException;
import es.gob.afirma.core.misc.AOUtil;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.lang.reflect.InvocationTargetException;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.security.Security;
import java.security.cert.CertificateException;
import java.util.logging.Logger;
import javax.security.auth.callback.PasswordCallback;
import org.apache.commons.io.FilenameUtils;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes.dex */
public final class AOKeyStoreManagerHelperPkcs11 {
    static final Logger LOGGER = Logger.getLogger("es.gob.afirma");

    private AOKeyStoreManagerHelperPkcs11() {
    }

    private static KeyStore getKeyStoreWithNullPassword(Provider provider) throws AOKeyStoreManagerException {
        try {
            KeyStore keyStore = KeyStore.getInstance(AOKeyStore.PKCS11.getProviderName(), provider);
            try {
                keyStore.load(null, null);
                return keyStore;
            } catch (IOException e) {
                throw new AOKeyStoreManagerException("No se ha podido obtener el almacen PKCS#11 solicitado: " + e, e);
            } catch (NoSuchAlgorithmException e2) {
                Security.removeProvider(provider.getName());
                throw new AOKeyStoreManagerException("No se ha podido verificar la integridad del almacen PKCS#11 solicitado: " + e2, e2);
            } catch (CertificateException e3) {
                Security.removeProvider(provider.getName());
                throw new AOKeyStoreManagerException("No se han podido cargar los certificados del almacen PKCS#11 solicitado: " + e3, e3);
            }
        } catch (Exception e4) {
            Security.removeProvider(provider.getName());
            throw new AOKeyStoreManagerException("No se ha podido obtener el almacen PKCS#11: " + e4, e4);
        }
    }

    private static Provider getP11Provider(byte[] bArr) throws NoSuchMethodException, SecurityException, IllegalAccessException, IllegalArgumentException, InvocationTargetException, InstantiationException, ClassNotFoundException, IOException {
        return AOUtil.isJava9orNewer() ? getP11ProviderJava9(bArr) : getP11ProviderJava8(bArr);
    }

    private static Provider getP11ProviderJava8(byte[] bArr) throws InstantiationException, IllegalAccessException, IllegalArgumentException, InvocationTargetException, NoSuchMethodException, SecurityException, ClassNotFoundException {
        Provider provider = (Provider) Class.forName("sun.security.pkcs11.SunPKCS11").getConstructor(InputStream.class).newInstance(new ByteArrayInputStream(bArr));
        Security.addProvider(provider);
        return provider;
    }

    private static Provider getP11ProviderJava9(byte[] bArr) throws IOException, NoSuchMethodException, SecurityException, IllegalAccessException, IllegalArgumentException, InvocationTargetException {
        Provider provider = Security.getProvider("SunPKCS11");
        File createTempFile = File.createTempFile("pkcs11_", ".cfg");
        FileOutputStream fileOutputStream = new FileOutputStream(createTempFile);
        try {
            fileOutputStream.write(bArr);
            fileOutputStream.close();
            fileOutputStream.close();
            Provider provider2 = (Provider) Provider.class.getMethod("configure", String.class).invoke(provider, createTempFile.getAbsolutePath());
            createTempFile.deleteOnExit();
            Security.addProvider(provider2);
            return provider2;
        } catch (Throwable th) {
            try {
                throw th;
            } catch (Throwable th2) {
                try {
                    fileOutputStream.close();
                } catch (Throwable th3) {
                    th.addSuppressed(th3);
                }
                throw th2;
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static KeyStore initPKCS11(PasswordCallback passwordCallback, Object[] objArr, boolean z, Object obj) throws AOKeyStoreManagerException, IOException {
        Provider p11Provider;
        if (objArr == null || objArr.length < 2) {
            throw new IOException("No se puede acceder al KeyStore PKCS#11 si no se especifica la biblioteca");
        }
        if (objArr[0] == null) {
            throw new IllegalArgumentException("No se puede acceder al KeyStore PKCS#11 si se especifica una biblioteca nula");
        }
        String obj2 = objArr[0].toString();
        Provider provider = null;
        Integer num = (objArr.length < 3 || !(objArr[2] instanceof Integer)) ? null : (Integer) objArr[2];
        String replace = new File(obj2).getName().replace(FilenameUtils.EXTENSION_SEPARATOR, '_').replace(' ', '_');
        Provider provider2 = Security.getProvider("SunPKCS11-" + replace);
        if (provider2 == null || !(z || Boolean.getBoolean("es.gob.afirma.keystores.DoNotReusePkcs11Provider"))) {
            provider = provider2;
        } else {
            LOGGER.info("Se retira el proveedor " + provider2);
            Security.removeProvider(provider2.getName());
        }
        if (provider == null) {
            byte[] bytes = KeyStoreUtilities.createPKCS11ConfigFile(obj2, replace, num).getBytes();
            try {
                p11Provider = getP11Provider(bytes);
            } catch (Exception e) {
                LOGGER.warning("Ha fallado el primer intento de inicializacion del PKCS#11 para la la biblioteca '" + obj2 + "', se reintentara: " + e);
                try {
                    p11Provider = getP11Provider(bytes);
                } catch (Exception e2) {
                    throw new AOKeyStoreManagerException("No se ha podido instanciar el proveedor SunPKCS11 para la la biblioteca '" + obj2 + "': " + e2, e2);
                }
            }
            provider = p11Provider;
        } else {
            LOGGER.info("El proveedor SunPKCS11 solicitado ya estaba instanciado, se reutilizara esa instancia: " + provider.getName());
        }
        if (passwordCallback == null) {
            return getKeyStoreWithNullPassword(provider);
        }
        try {
            return KeyStoreUtilities.getKeyStoreWithPasswordCallbackHandler(AOKeyStore.PKCS11, passwordCallback, provider, obj);
        } catch (AOCancelledOperationException e3) {
            Security.removeProvider("SunPKCS11-" + replace);
            throw e3;
        } catch (Exception e4) {
            Security.removeProvider("SunPKCS11-" + replace);
            throw new AOKeyStoreManagerException("Error construyendo el KeyStore PKCS#11 para la biblioteca '" + obj2 + "': " + e4, e4);
        }
    }
}
