package es.gob.afirma.keystores;

import es.gob.afirma.core.AOCancelledOperationException;
import es.gob.afirma.core.keystores.KeyStoreManager;
import es.gob.afirma.core.misc.AOUtil;
import es.gob.afirma.core.misc.Platform;
import es.gob.afirma.core.ui.AOUIFactory;
import es.gob.afirma.keystores.filters.CertificateFilter;
import es.gob.afirma.ui.utils.Constants;
import java.awt.Component;
import java.io.File;
import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.Provider;
import java.security.cert.X509Certificate;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.StringTokenizer;
import java.util.logging.Logger;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.TextOutputCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.LoginException;
import javax.swing.JOptionPane;

/* loaded from: input_file:es/gob/afirma/keystores/KeyStoreUtilities.class */
public final class KeyStoreUtilities {
    static final Logger LOGGER = Logger.getLogger(Constants.OUR_NODE_NAME);
    private static final String[] FNMT_PKCS11_LIBS_WITHOUT_SHA1 = {"DNIe_P11_priv.dll", "DNIe_P11_pub.dll", "FNMT_P11.dll", "FNMT_P11_x64.dll", "UsrPkcs11.dll", "UsrPubPkcs11.dll", "TIF_P11.dll"};
    private static final String PIN_ERROR_LOCKED = "CKR_PIN_LOCKED";
    private static final String PIN_ERROR_WRONG_LENGTH = "CKR_PIN_LEN_RANGE";
    private static final String PIN_ERROR_INCORRECT = "CKR_PIN_INCORRECT";
    private static final int ALIAS_MAX_LENGTH = 120;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:es/gob/afirma/keystores/KeyStoreUtilities$PasswordCallbackHandler.class */
    public static class PasswordCallbackHandler implements CallbackHandler {
        private final Object parentComponent;
        private final PasswordCallback pssCallBack;
        private boolean cancelled = false;

        public PasswordCallbackHandler(Object obj, PasswordCallback passwordCallback) {
            this.parentComponent = obj;
            this.pssCallBack = passwordCallback;
        }

        @Override // javax.security.auth.callback.CallbackHandler
        public void handle(Callback[] callbackArr) throws UnsupportedCallbackException {
            for (Callback callback : callbackArr) {
                if (!(callback instanceof PasswordCallback)) {
                    if (!(callback instanceof TextOutputCallback)) {
                        if (!(callback instanceof NameCallback)) {
                            throw new UnsupportedCallbackException(callback, "Recibido tipo de callback desconocido: " + callback.getClass().getName());
                        }
                        Object showInputDialog = AOUIFactory.showInputDialog(this.parentComponent, KeyStoreMessages.getString("KeyStoreUtilities.3"), KeyStoreMessages.getString("KeyStoreUtilities.4"), 2, null, null, null);
                        if (showInputDialog != null) {
                            ((NameCallback) callback).setName(showInputDialog.toString());
                        }
                        throw new UnsupportedCallbackException(callback, "No se soporta la solicitud de nombre de usuario para dispositivos criptograficos");
                    }
                    TextOutputCallback textOutputCallback = (TextOutputCallback) callback;
                    switch (textOutputCallback.getMessageType()) {
                        case 0:
                            KeyStoreUtilities.LOGGER.info("Informacion del dispositivo criptografico: " + textOutputCallback.getMessage());
                            AOUIFactory.showMessageDialog(this.parentComponent, textOutputCallback.getMessage(), KeyStoreMessages.getString("KeyStoreUtilities.0"), 1);
                            break;
                        case 1:
                            KeyStoreUtilities.LOGGER.warning("Informacion del dispositivo criptografico: " + textOutputCallback.getMessage());
                            AOUIFactory.showMessageDialog(this.parentComponent, textOutputCallback.getMessage(), KeyStoreMessages.getString("KeyStoreUtilities.2"), 2);
                            break;
                        case 2:
                            KeyStoreUtilities.LOGGER.severe("Informacion del dispositivo criptografico: " + textOutputCallback.getMessage());
                            AOUIFactory.showMessageDialog(this.parentComponent, textOutputCallback.getMessage(), KeyStoreMessages.getString("KeyStoreUtilities.1"), 0);
                            break;
                        default:
                            KeyStoreUtilities.LOGGER.warning("Recibida informacion del dispositivo criptografico en un formato desconocido: " + textOutputCallback.getMessageType());
                            break;
                    }
                } else {
                    try {
                        ((PasswordCallback) callback).setPassword(this.pssCallBack.getPassword());
                    } catch (AOCancelledOperationException e) {
                        this.cancelled = true;
                    }
                }
            }
        }

        public boolean isCancelled() {
            return this.cancelled;
        }
    }

    private KeyStoreUtilities() {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String createPKCS11ConfigFile(String str, String str2, Integer num) {
        StringBuilder sb = new StringBuilder("library=");
        if (str.contains(")") || str.contains("(")) {
            sb.append(getShort(str));
        } else {
            sb.append(str);
        }
        sb.append("\r\n").append("name=").append(str2 != null ? str2 : "AFIRMA-PKCS11").append("\r\nshowInfo=false\r\n");
        if (num != null) {
            sb.append("slot=").append(num).append("\r\n");
        }
        String[] strArr = FNMT_PKCS11_LIBS_WITHOUT_SHA1;
        int length = strArr.length;
        int i = 0;
        while (true) {
            if (i >= length) {
                break;
            }
            if (strArr[i].equalsIgnoreCase(new File(str).getName())) {
                sb.append("disabledMechanisms={ CKM_SHA1_RSA_PKCS }\r\n");
                break;
            }
            i++;
        }
        LOGGER.info("Creada configuracion PKCS#11:\r\n" + sb.toString());
        return sb.toString();
    }

    public static Map<String, String> getAliasesByFriendlyName(String[] strArr, KeyStoreManager keyStoreManager, boolean z, boolean z2, List<? extends CertificateFilter> list) {
        String[] strArr2 = (String[]) strArr.clone();
        Hashtable hashtable = new Hashtable(strArr2.length);
        for (String str : strArr2) {
            hashtable.put(str, str);
        }
        if (keyStoreManager != null) {
            for (String str2 : (String[]) hashtable.keySet().toArray(new String[hashtable.size()])) {
                try {
                    X509Certificate certificate = keyStoreManager.getCertificate(str2);
                    if (certificate == null) {
                        LOGGER.warning("El KeyStore no permite extraer el certificado publico para el siguiente alias: " + str2);
                    } else {
                        if (!z2) {
                            try {
                                certificate.checkValidity();
                            } catch (Exception e) {
                                LOGGER.info("Se ocultara el certificado '" + str2 + "' por no ser valido: " + e);
                                hashtable.remove(str2);
                            }
                        }
                        if (z) {
                            try {
                                if (!keyStoreManager.isKeyEntry(str2)) {
                                    hashtable.remove(str2);
                                    LOGGER.info("Se ha ocultado un certificado (emitido por '" + AOUtil.getCN(certificate.getIssuerX500Principal().toString()) + "') por no soportar operaciones de clave privada");
                                }
                            } catch (Exception e2) {
                                hashtable.remove(str2);
                                LOGGER.info("Se ha ocultado un certificado (emitido por '" + AOUtil.getCN(certificate.getIssuerX500Principal().toString()) + "') por no poderse comprobar su clave privada: " + e2);
                            }
                        }
                    }
                } catch (AOCancelledOperationException e3) {
                    throw e3;
                } catch (RuntimeException e4) {
                    if ("es.gob.jmulticard.ui.passwordcallback.CancelledOperationException".equals(e4.getClass().getName()) || "es.gob.jmulticard.card.AuthenticationModeLockedException".equals(e4.getClass().getName()) || "es.gob.jmulticard.jse.provider.BadPasswordProviderException".equals(e4.getClass().getName()) || "es.gob.jmulticard.jse.provider.SignatureAuthException".equals(e4.getClass().getName())) {
                        throw e4;
                    }
                    LOGGER.warning("No se ha inicializado el KeyStore indicado: " + e4);
                }
            }
            if (list != null && list.size() > 0) {
                Hashtable hashtable2 = new Hashtable();
                Iterator<? extends CertificateFilter> it = list.iterator();
                while (it.hasNext()) {
                    for (String str3 : it.next().matches((String[]) hashtable.keySet().toArray(new String[hashtable.size()]), keyStoreManager)) {
                        hashtable2.put(str3, hashtable.get(str3));
                    }
                }
                hashtable.clear();
                hashtable.putAll(hashtable2);
            }
            for (String str4 : (String[]) hashtable.keySet().toArray(new String[0])) {
                String cn = AOUtil.getCN(keyStoreManager.getCertificate(str4));
                if (cn != null) {
                    hashtable.put(str4, cn);
                } else {
                    hashtable.put(str4, str4.trim());
                }
            }
        } else {
            for (String str5 : (String[]) hashtable.keySet().toArray(new String[hashtable.size()])) {
                String str6 = (String) hashtable.get(str5);
                if (str6.length() > 120) {
                    String cn2 = AOUtil.getCN(str6);
                    if (cn2 != null) {
                        hashtable.put(str5, cn2);
                    } else {
                        hashtable.put(str5, str6.substring(0, 120 - "...".length()) + "...");
                    }
                } else {
                    hashtable.put(str5, str6.trim());
                }
            }
        }
        return hashtable;
    }

    public static String getShort(String str) {
        if (str == null || !Platform.OS.WINDOWS.equals(Platform.getOS())) {
            return str;
        }
        if (!new File(str).exists()) {
            return str;
        }
        try {
            return new String(AOUtil.getDataFromInputStream(new ProcessBuilder("cmd.exe", "/c", "for %f in (\"" + str + "\") do @echo %~sf").start().getInputStream())).trim();
        } catch (Exception e) {
            LOGGER.warning("No se ha podido obtener el nombre corto de " + str + ": " + e);
            return str;
        }
    }

    public static boolean addPreferredKeyStoreManagers(AggregatedKeyStoreManager aggregatedKeyStoreManager, Object obj) {
        if (!Boolean.getBoolean("es.gob.afirma.keystores.mozilla.disableDnieNativeDriver")) {
            try {
                aggregatedKeyStoreManager.addKeyStoreManager(getDnieKeyStoreManager(obj));
                return true;
            } catch (AOCancelledOperationException e) {
                throw e;
            } catch (Exception e2) {
                LOGGER.warning("No se ha podido inicializar el controlador DNIe 100% Java: " + e2);
            }
        }
        if (Boolean.getBoolean("es.gob.afirma.keystores.mozilla.disableCeresNativeDriver") || Platform.OS.LINUX.equals(Platform.getOS())) {
            return false;
        }
        try {
            aggregatedKeyStoreManager.addKeyStoreManager(getCeresKeyStoreManager(obj));
            return true;
        } catch (AOCancelledOperationException e3) {
            throw e3;
        } catch (Exception e4) {
            LOGGER.warning("No se ha podido inicializar la tarjeta CERES: " + e4);
            return false;
        }
    }

    private static AOKeyStoreManager getDnieKeyStoreManager(Object obj) throws AOKeystoreAlternativeException, IOException {
        AggregatedKeyStoreManager aOKeyStoreManager = AOKeyStoreManagerFactory.getAOKeyStoreManager(AOKeyStore.DNIEJAVA, null, null, null, obj);
        LOGGER.info("El DNIe 100% Java ha podido inicializarse, se anadiran sus entradas");
        aOKeyStoreManager.setPreferred(true);
        return aOKeyStoreManager;
    }

    private static AOKeyStoreManager getCeresKeyStoreManager(Object obj) throws AOKeystoreAlternativeException, IOException {
        AggregatedKeyStoreManager aOKeyStoreManager = AOKeyStoreManagerFactory.getAOKeyStoreManager(AOKeyStore.CERES, null, null, null, obj);
        LOGGER.info("La tarjeta CERES ha podido inicializarse, se anadiran sus entradas");
        aOKeyStoreManager.setPreferred(true);
        return aOKeyStoreManager;
    }

    public static KeyStore getKeyStoreWithPasswordCallbackHandler(AOKeyStore aOKeyStore, PasswordCallback passwordCallback, Provider provider, Object obj) throws KeyStoreException {
        PasswordCallbackHandler passwordCallbackHandler = new PasswordCallbackHandler(obj, passwordCallback);
        try {
            return KeyStore.Builder.newInstance(aOKeyStore.getProviderName(), provider, new KeyStore.CallbackHandlerProtection(passwordCallbackHandler)).getKeyStore();
        } catch (KeyStoreException e) {
            if (passwordCallbackHandler.isCancelled()) {
                LOGGER.warning("Se ha detectado la cancelacion del dialogo de PIN");
                throw new AOCancelledOperationException("Se cancelo el dialogo de insercion de PIN");
            }
            if (e.getCause() != null && e.getCause().getCause() != null && (e.getCause().getCause() instanceof LoginException)) {
                Throwable cause = e.getCause().getCause().getCause();
                boolean z = false;
                String string = KeyStoreMessages.getString("KeyStoreUtilities.5");
                if (cause != null) {
                    if (PIN_ERROR_LOCKED.equals(cause.getMessage())) {
                        string = KeyStoreMessages.getString("KeyStoreUtilities.7");
                        z = true;
                    } else if (PIN_ERROR_WRONG_LENGTH.equals(cause.getMessage())) {
                        string = KeyStoreMessages.getString("KeyStoreUtilities.8");
                    } else if (PIN_ERROR_INCORRECT.equals(cause.getMessage())) {
                        string = KeyStoreMessages.getString("KeyStoreUtilities.5");
                    }
                }
                JOptionPane.showMessageDialog((Component) obj, string, KeyStoreMessages.getString("KeyStoreUtilities.6"), 0);
                if (!z) {
                    return getKeyStoreWithPasswordCallbackHandler(aOKeyStore, passwordCallback, provider, obj);
                }
            }
            throw e;
        }
    }

    public static String searchPathForFile(String[] strArr) {
        if (strArr == null || strArr.length < 1) {
            return null;
        }
        if (new File(strArr[0]).exists()) {
            return strArr[0];
        }
        StringTokenizer stringTokenizer = new StringTokenizer(Platform.getJavaLibraryPath(), File.pathSeparator);
        while (stringTokenizer.hasMoreTokens()) {
            String nextToken = stringTokenizer.nextToken();
            if (!nextToken.endsWith(File.separator)) {
                nextToken = nextToken + File.separator;
            }
            for (String str : strArr) {
                File file = new File(nextToken, str);
                if (file.exists() && !file.isDirectory()) {
                    return nextToken + str;
                }
            }
        }
        return null;
    }
}
