package com.safenetinc.luna.provider;

import com.safenetinc.luna.LunaCryptokiException;
import com.safenetinc.luna.LunaException;
import com.safenetinc.luna.LunaTokenObject;
import com.safenetinc.luna.provider.key.LunaKey;
import com.safenetinc.luna.provider.key.LunaSecretKey;
import com.safenetinc.luna.provider.key.LunaSecretKeyPBE;
import java.io.DataInputStream;
import java.io.DataOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyStoreException;
import java.security.KeyStoreSpi;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Iterator;
import javax.crypto.SecretKey;
import javax.crypto.interfaces.PBEKey;

/* loaded from: input_file:WEB-INF/lib/LunaProvider.jar:com/safenetinc/luna/provider/LunaKeyStoreMP.class */
public class LunaKeyStoreMP extends KeyStoreSpi {
    private final String FixedHeader = "LunaMP Key Store data file";
    private final String FixedHeader_1_1 = "LunaMP KeyStore data file";
    private final String FixedTrailer = "<end>";
    private HashMap<String, StoreEntry> mEntries = null;
    private ArrayList<StoreEntry> mEntriesToDelete = null;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/LunaProvider.jar:com/safenetinc/luna/provider/LunaKeyStoreMP$StoreEntry.class */
    public class StoreEntry {
        boolean mIsKeyEntry;
        String mAlias;
        LunaKey mKey;
        LunaCertificateX509[] mCertChain;
        byte[] mFingerprint;
        boolean mNewEntry;

        public StoreEntry(String str, boolean z, LunaKey lunaKey, LunaCertificateX509[] lunaCertificateX509Arr, byte[] bArr, boolean z2) {
            this.mIsKeyEntry = z;
            this.mAlias = str;
            this.mKey = lunaKey;
            this.mCertChain = lunaCertificateX509Arr;
            this.mFingerprint = bArr;
            this.mNewEntry = z2;
        }

        void update(LunaKey lunaKey, LunaCertificateX509[] lunaCertificateX509Arr, byte[] bArr) {
            this.mKey = lunaKey;
            this.mCertChain = lunaCertificateX509Arr;
            this.mFingerprint = bArr;
            this.mNewEntry = false;
        }

        boolean isKeyEntry() {
            return this.mIsKeyEntry;
        }

        String getAlias() {
            return this.mAlias;
        }

        LunaKey getKey() {
            return this.mKey;
        }

        LunaCertificateX509[] getCertChain() {
            if (this.mCertChain == null) {
                this.mCertChain = new LunaCertificateX509[0];
            }
            return this.mCertChain;
        }

        byte[] getFingerprint() {
            return this.mFingerprint;
        }

        boolean isNewEntry() {
            return this.mNewEntry;
        }

        public String toString() {
            StringBuffer stringBuffer = new StringBuffer();
            stringBuffer.append("entry " + this.mAlias + ": ");
            if (this.mIsKeyEntry) {
                stringBuffer.append("key entry " + this.mAlias + ": ");
                stringBuffer.append(this.mKey.toString());
                if (this.mCertChain != null && this.mCertChain.length > 0) {
                    stringBuffer.append(", certs");
                    for (int i = 0; i < this.mCertChain.length; i++) {
                        stringBuffer.append(" " + this.mCertChain[i].toString());
                    }
                }
            } else {
                stringBuffer.append("cert entry " + this.mAlias + ": ");
                stringBuffer.append(this.mCertChain[0].toString());
            }
            return stringBuffer.toString();
        }
    }

    @Override // java.security.KeyStoreSpi
    public synchronized Enumeration<String> engineAliases() {
        ArrayList arrayList = new ArrayList();
        Iterator<StoreEntry> it = this.mEntries.values().iterator();
        while (it.hasNext()) {
            arrayList.add(it.next().getAlias());
        }
        return Collections.enumeration(arrayList);
    }

    @Override // java.security.KeyStoreSpi
    public synchronized boolean engineContainsAlias(String str) {
        return this.mEntries.containsKey(str);
    }

    @Override // java.security.KeyStoreSpi
    public synchronized Date engineGetCreationDate(String str) {
        StoreEntry storeEntry = this.mEntries.get(str);
        if (storeEntry == null) {
            return null;
        }
        return storeEntry.isKeyEntry() ? storeEntry.getKey().GetDateMadePersistent() : storeEntry.getCertChain()[0].GetDateMadePersistent();
    }

    private void deleteEntry(String str) {
        StoreEntry storeEntry = this.mEntries.get(str);
        if (storeEntry != null) {
            this.mEntriesToDelete.add(storeEntry);
            this.mEntries.remove(str);
        }
    }

    @Override // java.security.KeyStoreSpi
    public synchronized void engineDeleteEntry(String str) throws KeyStoreException {
        deleteEntry(str);
    }

    @Override // java.security.KeyStoreSpi
    public synchronized Certificate engineGetCertificate(String str) {
        StoreEntry storeEntry = this.mEntries.get(str);
        if (storeEntry == null) {
            return null;
        }
        LunaCertificateX509[] certChain = storeEntry.getCertChain();
        if (certChain.length < 1) {
            return null;
        }
        return certChain[0];
    }

    @Override // java.security.KeyStoreSpi
    public synchronized String engineGetCertificateAlias(Certificate certificate) {
        try {
            byte[] encoded = certificate.getEncoded();
            for (StoreEntry storeEntry : this.mEntries.values()) {
                byte[] bArr = null;
                LunaCertificateX509 lunaCertificateX509 = null;
                LunaCertificateX509[] certChain = storeEntry.getCertChain();
                if (!storeEntry.isKeyEntry()) {
                    lunaCertificateX509 = certChain[0];
                } else if (certChain.length > 0) {
                    lunaCertificateX509 = certChain[0];
                }
                if (lunaCertificateX509 != null) {
                    try {
                        bArr = lunaCertificateX509.getEncoded();
                    } catch (CertificateEncodingException e) {
                    }
                }
                if (Arrays.equals(bArr, encoded)) {
                    return storeEntry.getAlias();
                }
                continue;
            }
            return null;
        } catch (CertificateEncodingException e2) {
            return null;
        }
    }

    @Override // java.security.KeyStoreSpi
    public synchronized Certificate[] engineGetCertificateChain(String str) {
        StoreEntry storeEntry = this.mEntries.get(str);
        if (storeEntry == null) {
            return null;
        }
        LunaCertificateX509[] certChain = storeEntry.getCertChain();
        if (storeEntry.isKeyEntry()) {
            return (Certificate[]) certChain.clone();
        }
        return null;
    }

    @Override // java.security.KeyStoreSpi
    public synchronized Key engineGetKey(String str, char[] cArr) throws NoSuchAlgorithmException, UnrecoverableKeyException {
        StoreEntry storeEntry = this.mEntries.get(str);
        if (storeEntry == null || !storeEntry.isKeyEntry()) {
            return null;
        }
        return storeEntry.getKey();
    }

    @Override // java.security.KeyStoreSpi
    public synchronized boolean engineIsCertificateEntry(String str) {
        StoreEntry storeEntry = this.mEntries.get(str);
        return (storeEntry == null || storeEntry.isKeyEntry()) ? false : true;
    }

    @Override // java.security.KeyStoreSpi
    public synchronized boolean engineIsKeyEntry(String str) {
        StoreEntry storeEntry = this.mEntries.get(str);
        if (storeEntry == null) {
            return false;
        }
        return storeEntry.isKeyEntry();
    }

    @Override // java.security.KeyStoreSpi
    public synchronized void engineSetCertificateEntry(String str, Certificate certificate) throws KeyStoreException {
        LunaCertificateX509 lunaCertificateX509;
        if (certificate == null) {
            throw new KeyStoreException("Can't store a null certificate");
        }
        if (certificate instanceof LunaCertificateX509) {
            lunaCertificateX509 = (LunaCertificateX509) certificate;
        } else {
            if (!(certificate instanceof X509Certificate)) {
                throw new KeyStoreException("Bad certificate class: " + certificate.getClass().getName());
            }
            try {
                lunaCertificateX509 = new LunaCertificateX509((X509Certificate) certificate);
            } catch (CertificateEncodingException e) {
                throw new KeyStoreException("Bad certificate encoding", e);
            }
        }
        deleteEntry(str);
        this.mEntries.put(str, new StoreEntry(str, false, null, new LunaCertificateX509[]{lunaCertificateX509}, lunaCertificateX509.GetFingerprint(), true));
    }

    @Override // java.security.KeyStoreSpi
    public synchronized void engineSetKeyEntry(String str, byte[] bArr, Certificate[] certificateArr) throws KeyStoreException {
        throw new KeyStoreException("Unsupported engineSetKeyEntry method");
    }

    @Override // java.security.KeyStoreSpi
    public synchronized void engineSetKeyEntry(String str, Key key, char[] cArr, Certificate[] certificateArr) throws KeyStoreException {
        LunaKey lunaKey;
        if (key == null) {
            throw new KeyStoreException("Can't store a null key");
        }
        if (key instanceof LunaKey) {
            lunaKey = (LunaKey) key;
        } else {
            try {
                if (key instanceof PBEKey) {
                    lunaKey = LunaSecretKeyPBE.InjectPBEKey((PBEKey) key, null);
                } else if (key instanceof SecretKey) {
                    lunaKey = LunaSecretKey.InjectSecretKey((SecretKey) key);
                } else {
                    if (!(key instanceof PrivateKey)) {
                        throw new KeyStoreException("LunaKeyStore- Unsupported key class: " + key.getClass().getName());
                    }
                    lunaKey = (LunaKey) LunaKey.InjectPrivateKey((PrivateKey) key);
                }
            } catch (InvalidKeyException e) {
                throw new KeyStoreException(e);
            }
        }
        LunaCertificateX509[] lunaCertificateX509Arr = null;
        byte[] GetFingerprint = lunaKey.GetFingerprint();
        if (key instanceof LunaKey) {
            StoreEntry storeEntry = this.mEntries.get(str);
            if (storeEntry == null || storeEntry.getKey().GetKeyHandle() != ((LunaKey) key).GetKeyHandle()) {
                deleteEntry(str);
            } else {
                this.mEntries.remove(str);
                if (certificateArr != null) {
                    for (LunaCertificateX509 lunaCertificateX509 : storeEntry.getCertChain()) {
                        boolean z = true;
                        for (Certificate certificate : certificateArr) {
                            if (lunaCertificateX509.equals(certificate)) {
                                z = false;
                            }
                        }
                        if (z) {
                            lunaCertificateX509.DestroyCert();
                        }
                    }
                } else {
                    for (LunaCertificateX509 lunaCertificateX5092 : storeEntry.getCertChain()) {
                        lunaCertificateX5092.DestroyCert();
                    }
                }
            }
        } else {
            deleteEntry(str);
        }
        if (lunaKey.GetKeyClass() == 3) {
            if (certificateArr != null) {
                lunaCertificateX509Arr = new LunaCertificateX509[certificateArr.length];
                for (int i = 0; i < certificateArr.length; i++) {
                    if (certificateArr[i] instanceof LunaCertificateX509) {
                        lunaCertificateX509Arr[i] = (LunaCertificateX509) certificateArr[i];
                    } else {
                        if (!(certificateArr[i] instanceof X509Certificate)) {
                            throw new KeyStoreException("LunaKeyStore- bad certificate class: " + certificateArr[0].getClass().getName());
                        }
                        try {
                            lunaCertificateX509Arr[i] = new LunaCertificateX509((X509Certificate) certificateArr[i]);
                        } catch (CertificateEncodingException e2) {
                            throw new KeyStoreException("LunaKeyStore- bad certificate encoding");
                        }
                    }
                }
            }
        } else if (lunaKey.GetKeyClass() != 4) {
            throw new KeyStoreException("LunaKeyStore- Unsupported key entry class");
        }
        this.mEntries.put(str, new StoreEntry(str, true, lunaKey, lunaCertificateX509Arr, GetFingerprint, true));
    }

    @Override // java.security.KeyStoreSpi
    public synchronized int engineSize() {
        return this.mEntries.size();
    }

    @Override // java.security.KeyStoreSpi
    public synchronized void engineLoad(InputStream inputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
        this.mEntries = new HashMap<>();
        this.mEntriesToDelete = new ArrayList<>();
        if (inputStream != null) {
            DataInputStream dataInputStream = new DataInputStream(inputStream);
            boolean z = false;
            String readUTF = dataInputStream.readUTF();
            if (readUTF.equals("LunaMP Key Store data file")) {
                z = true;
            } else if (!readUTF.equals("LunaMP KeyStore data file")) {
                throw new IOException("Corrupt LunaMP key store file");
            }
            int readInt = dataInputStream.readInt();
            for (int i = 0; i < readInt; i++) {
                readRecord(dataInputStream, z);
            }
            if (!dataInputStream.readUTF().equals("<end>")) {
                throw new IOException("Corrupt LunaMP key store file");
            }
        }
    }

    private void readRecord(DataInputStream dataInputStream, boolean z) throws IOException {
        boolean readBoolean = dataInputStream.readBoolean();
        String readUTF = dataInputStream.readUTF();
        dataInputStream.readInt();
        int readInt = dataInputStream.readInt();
        int[] iArr = new int[readInt];
        ArrayList arrayList = new ArrayList(readInt);
        for (int i = 0; i < readInt; i++) {
            iArr[i] = dataInputStream.readInt();
            if (!z) {
                byte[] bArr = new byte[dataInputStream.readInt()];
                dataInputStream.read(bArr);
                arrayList.add(bArr);
            }
        }
        byte[] bArr2 = new byte[dataInputStream.readInt()];
        dataInputStream.read(bArr2);
        LunaKey lunaKey = null;
        LunaCertificateX509[] lunaCertificateX509Arr = null;
        byte[] bArr3 = null;
        if (readBoolean) {
            lunaKey = LunaKey.LocateKeyByFingerprint(bArr2);
            lunaCertificateX509Arr = new LunaCertificateX509[readInt];
            for (int i2 = 0; i2 < readInt; i2++) {
                if (z) {
                    try {
                        lunaCertificateX509Arr[i2] = new LunaCertificateX509(LunaTokenObject.LocateObjectByHandle(iArr[i2]));
                    } catch (Exception e) {
                        lunaCertificateX509Arr[i2] = null;
                    }
                } else {
                    lunaCertificateX509Arr[i2] = new LunaCertificateX509(LunaTokenObject.LocateObjectByFingerprint((byte[]) arrayList.get(i2)));
                }
            }
            bArr3 = bArr2;
        } else if (readInt == 1) {
            lunaCertificateX509Arr = new LunaCertificateX509[1];
            try {
                if (z) {
                    lunaCertificateX509Arr[0] = new LunaCertificateX509(LunaTokenObject.LocateObjectByHandle(iArr[0]));
                } else {
                    lunaCertificateX509Arr[0] = new LunaCertificateX509(LunaTokenObject.LocateObjectByFingerprint((byte[]) arrayList.get(0)));
                }
            } catch (LunaException e2) {
                lunaCertificateX509Arr[0] = null;
            }
            if (lunaCertificateX509Arr[0] != null) {
                bArr3 = lunaCertificateX509Arr[0].GetFingerprint();
            }
        }
        try {
            if (Arrays.equals(bArr2, bArr3)) {
                this.mEntries.put(readUTF, new StoreEntry(readUTF, readBoolean, lunaKey, lunaCertificateX509Arr, bArr2, false));
            }
        } catch (LunaCryptokiException e3) {
        }
    }

    @Override // java.security.KeyStoreSpi
    public synchronized void engineStore(OutputStream outputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
        DataOutputStream dataOutputStream = new DataOutputStream(outputStream);
        dataOutputStream.writeUTF("LunaMP KeyStore data file");
        dataOutputStream.writeInt(engineSize());
        for (StoreEntry storeEntry : this.mEntries.values()) {
            LunaKey key = storeEntry.getKey();
            LunaCertificateX509[] certChain = storeEntry.getCertChain();
            byte[] bArr = null;
            if (storeEntry.isNewEntry()) {
                if (storeEntry.isKeyEntry()) {
                    if (key == null) {
                        throw new LunaException("Can't store key entry with a null key");
                    }
                    key.MakePersistent(storeEntry.getAlias());
                    bArr = key.GetFingerprint();
                }
                for (int i = 0; i < certChain.length; i++) {
                    certChain[i].MakePersistent(storeEntry.getAlias());
                    bArr = certChain[i].GetFingerprint();
                }
                storeEntry.update(key, certChain, bArr);
            }
            dataOutputStream.writeBoolean(storeEntry.isKeyEntry());
            dataOutputStream.writeUTF(storeEntry.getAlias());
            if (storeEntry.isKeyEntry()) {
                dataOutputStream.writeInt(key.GetKeyHandle());
                if (certChain != null) {
                    dataOutputStream.writeInt(certChain.length);
                    for (LunaCertificateX509 lunaCertificateX509 : certChain) {
                        dataOutputStream.writeInt(lunaCertificateX509.GetCertHandle());
                        byte[] GetFingerprint = lunaCertificateX509.GetFingerprint();
                        dataOutputStream.writeInt(GetFingerprint.length);
                        dataOutputStream.write(GetFingerprint, 0, GetFingerprint.length);
                    }
                } else {
                    dataOutputStream.writeInt(0);
                }
            } else {
                dataOutputStream.writeInt(0);
                dataOutputStream.writeInt(1);
                dataOutputStream.writeInt(certChain[0].GetCertHandle());
                byte[] GetFingerprint2 = certChain[0].GetFingerprint();
                dataOutputStream.writeInt(GetFingerprint2.length);
                dataOutputStream.write(GetFingerprint2, 0, GetFingerprint2.length);
            }
            byte[] fingerprint = storeEntry.getFingerprint();
            dataOutputStream.writeInt(fingerprint.length);
            dataOutputStream.write(fingerprint, 0, fingerprint.length);
        }
        dataOutputStream.writeUTF("<end>");
        destroyOldEntries();
    }

    private void destroyOldEntries() {
        Iterator<StoreEntry> it = this.mEntriesToDelete.iterator();
        while (it.hasNext()) {
            StoreEntry next = it.next();
            if (!next.isNewEntry()) {
                LunaKey key = next.getKey();
                if (key != null) {
                    key.DestroyKey();
                }
                for (LunaCertificateX509 lunaCertificateX509 : next.getCertChain()) {
                    lunaCertificateX509.DestroyCert();
                }
            }
        }
        this.mEntriesToDelete.clear();
    }
}
