package es.gob.afirma.keystores.main.common;

import es.gob.afirma.core.InvalidOSException;
import es.gob.afirma.core.MissingLibraryException;
import es.gob.afirma.core.misc.Platform;
import es.gob.afirma.keystores.main.callbacks.UIPasswordCallback;
import es.gob.afirma.ui.utils.Constants;
import java.awt.Component;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.lang.reflect.Constructor;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.security.Security;
import java.security.UnrecoverableEntryException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.List;
import java.util.logging.Logger;
import javax.crypto.BadPaddingException;
import javax.security.auth.callback.PasswordCallback;

/* loaded from: input_file:es/gob/afirma/keystores/main/common/AOKeyStoreManager.class */
public class AOKeyStoreManager {
    private Provider nssProvider = null;
    private KeyStore ks;
    private AOKeyStore ksType;
    protected static final Logger LOGGER = Logger.getLogger(Constants.OUR_NODE_NAME);
    private static Provider sunMSCAPIProvider = null;

    protected Provider getNSSProvider() {
        return this.nssProvider;
    }

    protected void setNSSProvider(Provider provider) {
        this.nssProvider = provider;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setKeyStore(KeyStore keyStore) {
        this.ks = keyStore;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public KeyStore getKeyStore() {
        return this.ks;
    }

    public AOKeyStore getType() {
        return this.ksType;
    }

    private List<KeyStore> initPKCS11(PasswordCallback passwordCallback, Object[] objArr) throws AOKeyStoreManagerException, IOException {
        if (objArr == null || objArr.length < 2) {
            throw new IOException("No se puede acceder al KeyStore PKCS#11 si no se especifica la biblioteca");
        }
        if (objArr[0] == null) {
            throw new IllegalArgumentException("No se puede acceder al KeyStore PKCS#11 si se especifica una biblioteca nula");
        }
        String obj = objArr[0].toString();
        Integer num = null;
        if (objArr.length >= 3 && (objArr[2] instanceof Integer)) {
            num = (Integer) objArr[2];
        }
        String replace = new File(obj).getName().replace('.', '_').replace(' ', '_');
        Provider provider = Security.getProvider("SunPKCS11-" + replace);
        if (provider == null) {
            try {
                Constructor<?> constructor = Class.forName("sun.security.pkcs11.SunPKCS11").getConstructor(InputStream.class);
                byte[] bytes = KeyStoreUtilities.createPKCS11ConfigFile(obj, replace, num).getBytes();
                try {
                    provider = (Provider) constructor.newInstance(new ByteArrayInputStream(bytes));
                } catch (Exception e) {
                    try {
                        provider = (Provider) constructor.newInstance(new ByteArrayInputStream(bytes));
                    } catch (Exception e2) {
                        throw new AOKeyStoreManagerException("No se ha podido instanciar el proveedor SunPKCS11 para la la biblioteca " + obj, e2);
                    }
                }
                Security.addProvider(provider);
            } catch (Exception e3) {
                throw new MissingSunPKCS11Exception(e3);
            }
        } else {
            LOGGER.info("El proveedor SunPKCS11 solicitado ya estaba instanciado, se reutilizara esa instancia: " + provider.getName());
        }
        try {
            this.ks = KeyStore.getInstance(this.ksType.getProviderName(), provider);
            try {
                this.ks.load(null, passwordCallback != null ? passwordCallback.getPassword() : null);
                ArrayList arrayList = new ArrayList(1);
                arrayList.add(this.ks);
                return arrayList;
            } catch (IOException e4) {
                if ((e4.getCause() instanceof UnrecoverableKeyException) || (e4.getCause() instanceof BadPaddingException)) {
                    throw new IOException("Contrasena invalida: " + e4, e4);
                }
                throw new AOKeyStoreManagerException("No se ha podido obtener el almacen PKCS#11 solicitado", e4);
            } catch (NoSuchAlgorithmException e5) {
                Security.removeProvider(provider.getName());
                throw new AOKeyStoreManagerException("No se ha podido verificar la integridad del almacen PKCS#11 solicitado", e5);
            } catch (CertificateException e6) {
                Security.removeProvider(provider.getName());
                throw new AOKeyStoreManagerException("No se han podido cargar los certificados del almacen PKCS#11 solicitado", e6);
            }
        } catch (Exception e7) {
            Security.removeProvider(provider.getName());
            throw new AOKeyStoreManagerException("No se ha podido obtener el almacen PKCS#11", e7);
        }
    }

    private List<KeyStore> initSingle(InputStream inputStream, PasswordCallback passwordCallback) throws AOKeyStoreManagerException, IOException {
        if (inputStream == null) {
            throw new AOKeyStoreManagerException("Es necesario proporcionar el fichero X.509 o PKCS#7");
        }
        try {
            Provider provider = (Provider) Class.forName("es.gob.afirma.keystores.single.SingleCertKeyStoreProvider").newInstance();
            Security.addProvider(provider);
            try {
                this.ks = KeyStore.getInstance(this.ksType.getProviderName(), provider);
                try {
                    this.ks.load(inputStream, passwordCallback != null ? passwordCallback.getPassword() : null);
                    ArrayList arrayList = new ArrayList(1);
                    arrayList.add(this.ks);
                    try {
                        inputStream.close();
                    } catch (Exception e) {
                    }
                    return arrayList;
                } catch (IOException e2) {
                    if ((e2.getCause() instanceof UnrecoverableKeyException) || (e2.getCause() instanceof BadPaddingException)) {
                        throw new IOException("Contrasena invalida: " + e2, e2);
                    }
                    throw new AOKeyStoreManagerException("No se ha podido abrir el almacen PKCS#7 / X.509 solicitado", e2);
                } catch (NoSuchAlgorithmException e3) {
                    throw new AOKeyStoreManagerException("No se ha podido verificar la integridad del almacen PKCS#7 / X.509 solicitado", e3);
                } catch (CertificateException e4) {
                    throw new AOKeyStoreManagerException("No se han podido cargar los certificados del almacen PKCS#7 / X.509 solicitado", e4);
                }
            } catch (Exception e5) {
                throw new AOKeyStoreManagerException("No se ha podido obtener el almacen PKCS#7 / X.509", e5);
            }
        } catch (Exception e6) {
            throw new MissingLibraryException("No se ha podido instanciar el proveedor SingleCertKeyStoreProvider: " + e6, e6);
        }
    }

    private List<KeyStore> initJava(InputStream inputStream, PasswordCallback passwordCallback) throws AOKeyStoreManagerException, IOException {
        if (inputStream == null) {
            throw new IOException("Es necesario proporcionar el fichero KeyStore");
        }
        try {
            this.ks = KeyStore.getInstance(this.ksType.getProviderName());
            try {
                this.ks.load(inputStream, passwordCallback != null ? passwordCallback.getPassword() : null);
            } catch (IOException e) {
                if ((e.getCause() instanceof UnrecoverableKeyException) || (e.getCause() instanceof BadPaddingException)) {
                    throw new IOException("Contrasena invalida: " + e, e);
                }
            } catch (NoSuchAlgorithmException e2) {
                throw new AOKeyStoreManagerException("No se ha podido verificar la integridad del almacen JavaKeyStore solicitado", e2);
            } catch (CertificateException e3) {
                throw new AOKeyStoreManagerException("No se han podido cargar los certificados del almacen JavaKeyStore solicitado", e3);
            }
            ArrayList arrayList = new ArrayList(1);
            arrayList.add(this.ks);
            try {
                inputStream.close();
            } catch (Exception e4) {
            }
            return arrayList;
        } catch (Exception e5) {
            throw new AOKeyStoreManagerException("No se ha podido obtener el almacen JavaKeyStore", e5);
        }
    }

    private List<KeyStore> initCAPI() throws AOKeyStoreManagerException, IOException {
        if (!Platform.getOS().equals(Platform.OS.WINDOWS)) {
            throw new InvalidOSException("Microsoft Windows");
        }
        if (sunMSCAPIProvider == null && Security.getProvider("SunMSCAPI") == null) {
            try {
                sunMSCAPIProvider = (Provider) Class.forName("sun.security.mscapi.SunMSCAPI").newInstance();
                Security.addProvider(sunMSCAPIProvider);
            } catch (Exception e) {
                throw new MissingSunMSCAPIException(e);
            }
        }
        try {
            this.ks = KeyStore.getInstance(this.ksType.getProviderName());
            LOGGER.info("Cargando KeyStore de Windows");
            try {
                this.ks.load(null, null);
                try {
                    KeyStoreUtilities.cleanCAPIDuplicateAliases(this.ks);
                } catch (Exception e2) {
                    LOGGER.warning("No se han podido tratar los alias duplicados: " + e2);
                }
                ArrayList arrayList = new ArrayList(1);
                arrayList.add(this.ks);
                return arrayList;
            } catch (NoSuchAlgorithmException e3) {
                throw new AOKeyStoreManagerException("No se ha podido verificar la integridad del almacen SunMSCAPI.MY", e3);
            } catch (CertificateException e4) {
                throw new AOKeyStoreManagerException("No se han podido cargar los certificados del almacen SunMSCAPI.MY", e4);
            }
        } catch (Exception e5) {
            throw new AOKeyStoreManagerException("No se ha podido obtener el almacen SunMSCAPI.MY", e5);
        }
    }

    private List<KeyStore> initCAPIAddressBook() throws AOKeyStoreManagerException {
        if (!Platform.getOS().equals(Platform.OS.WINDOWS)) {
            throw new InvalidOSException("Microsoft Windows");
        }
        if (Security.getProvider("SunMSCAPI") == null) {
            try {
                Security.addProvider((Provider) Class.forName("sun.security.mscapi.SunMSCAPI").newInstance());
            } catch (Exception e) {
                throw new MissingSunMSCAPIException(e);
            }
        }
        Provider provider = Security.getProvider("MSCAPIAddressBook");
        if (provider == null) {
            try {
                provider = (Provider) Class.forName("es.gob.afirma.keystores.capiaddressbook.MSCAPIAddressBook").newInstance();
                Security.addProvider(provider);
            } catch (Exception e2) {
                throw new MissingLibraryException("No se ha podido instanciar el proveedor MSCAPIAddressBook", e2);
            }
        }
        try {
            this.ks = KeyStore.getInstance(this.ksType.getProviderName(), provider);
            try {
                this.ks.load(null, null);
                ArrayList arrayList = new ArrayList(1);
                arrayList.add(this.ks);
                return arrayList;
            } catch (Exception e3) {
                throw new AOKeyStoreManagerException("No se ha podido abrir el almacen MSCAPIAddressBook.ADDRESSBOOK", e3);
            }
        } catch (Exception e4) {
            throw new AOKeyStoreManagerException("No se ha podido obtener el almacen MSCAPIAddressBook.ADDRESSBOOK", e4);
        }
    }

    private List<KeyStore> initApple(InputStream inputStream) throws AOKeyStoreManagerException, IOException {
        if (!Platform.OS.MACOSX.equals(Platform.getOS())) {
            throw new InvalidOSException("Apple Mac OS X");
        }
        try {
            this.ks = KeyStore.getInstance(this.ksType.getProviderName());
            try {
                this.ks.load(inputStream, null);
                ArrayList arrayList = new ArrayList(1);
                arrayList.add(this.ks);
                return arrayList;
            } catch (NoSuchAlgorithmException e) {
                throw new AOKeyStoreManagerException("No se ha podido verificar la integridad del almacen Apple.KeychainStore", e);
            } catch (CertificateException e2) {
                throw new AOKeyStoreManagerException("No se han podido cargar los certificados del almacen Apple.KeychainStore", e2);
            }
        } catch (Exception e3) {
            throw new AOKeyStoreManagerException("No se ha podido obtener el almacen Apple.KeychainStore", e3);
        }
    }

    private List<KeyStore> initDnieJava(PasswordCallback passwordCallback, Object obj) throws AOKeyStoreManagerException, IOException {
        if (Security.getProvider(AOKeyStore.DNIEJAVA.getProviderName()) == null) {
            try {
                Security.addProvider((Provider) Class.forName("es.gob.jmulticard.jse.provider.DnieProvider").newInstance());
            } catch (Exception e) {
                throw new AOKeyStoreManagerException("No se ha podido instanciar e instalar el proveedor 100% Java para DNIe de Afirma: " + e, e);
            }
        }
        try {
            Class.forName("es.gob.jmulticard.ui.passwordcallback.PasswordCallbackManager").getMethod("setDialogOwner", Component.class).invoke(null, obj);
        } catch (Exception e2) {
            LOGGER.warning("No se ha podido establecer el componente padre para los dialogos del almacen: " + e2);
        }
        try {
            this.ks = KeyStore.getInstance(this.ksType.getProviderName());
            LOGGER.info("Cargando KeyStore DNIe 100% Java");
            try {
                this.ks.load(null, passwordCallback == null ? null : passwordCallback.getPassword());
                ArrayList arrayList = new ArrayList(1);
                arrayList.add(this.ks);
                return arrayList;
            } catch (NoSuchAlgorithmException e3) {
                throw new AOKeyStoreManagerException("Error de algoritmo al obtener el almacen DNIe 100% Java: " + e3, e3);
            } catch (CertificateException e4) {
                throw new AOKeyStoreManagerException("Error de certificado al obtener el almacen DNIe 100% Java: " + e4, e4);
            }
        } catch (Exception e5) {
            throw new AOKeyStoreManagerException("No se ha podido obtener el almacen DNIe 100% Java: " + e5, e5);
        }
    }

    public List<KeyStore> init(AOKeyStore aOKeyStore, InputStream inputStream, PasswordCallback passwordCallback, Object[] objArr) throws AOKeyStoreManagerException, IOException {
        if (aOKeyStore == null) {
            throw new IllegalArgumentException("Se ha solicitado inicializar un AOKeyStore nulo");
        }
        LOGGER.info("Inicializamos el almacen de tipo: " + aOKeyStore);
        this.ksType = aOKeyStore;
        if (this.ksType.equals(AOKeyStore.SINGLE)) {
            return initSingle(inputStream, passwordCallback);
        }
        if (this.ksType.equals(AOKeyStore.DNIEJAVA)) {
            return initDnieJava(passwordCallback, (objArr == null || objArr.length <= 0) ? null : objArr[0]);
        }
        if (this.ksType.equals(AOKeyStore.JAVA) || this.ksType.equals(AOKeyStore.JAVACE) || this.ksType.equals(AOKeyStore.JCEKS)) {
            return initJava(inputStream, passwordCallback);
        }
        if (this.ksType.equals(AOKeyStore.WINDOWS) || this.ksType.equals(AOKeyStore.WINROOT)) {
            return initCAPI();
        }
        if (this.ksType.equals(AOKeyStore.WINCA) || this.ksType.equals(AOKeyStore.WINADDRESSBOOK)) {
            return initCAPIAddressBook();
        }
        if (this.ksType.equals(AOKeyStore.PKCS11)) {
            return initPKCS11(passwordCallback, objArr);
        }
        if (this.ksType.equals(AOKeyStore.APPLE)) {
            return initApple(inputStream);
        }
        if (this.ksType.equals(AOKeyStore.DNIE)) {
            return initPKCS11(passwordCallback != null ? passwordCallback : new UIPasswordCallback(KeyStoreMessages.getString("AOKeyStoreManager.0"), null), new String[]{KeyStoreUtilities.getPKCS11DNIeLib(), "DNIe-Afirma"});
        }
        throw new UnsupportedOperationException("Tipo de almacen no soportado");
    }

    public KeyStore.PrivateKeyEntry getKeyEntry(String str, PasswordCallback passwordCallback) throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableEntryException {
        if (this.ks == null) {
            throw new IllegalStateException("Se han pedido claves a un almacen no inicializado");
        }
        return (KeyStore.PrivateKeyEntry) this.ks.getEntry(str, passwordCallback != null ? new KeyStore.PasswordProtection(passwordCallback.getPassword()) : null);
    }

    public static X509Certificate getCertificate(KeyStore.PrivateKeyEntry privateKeyEntry) {
        return (X509Certificate) privateKeyEntry.getCertificate();
    }

    public X509Certificate getCertificate(String str) {
        if (str == null) {
            LOGGER.warning("El alias del certificado es nulo, se devolvera null");
            return null;
        }
        if (this.ks == null) {
            LOGGER.warning("No se ha podido recuperar el certificado con alias '" + str + "' porque el KeyStore no estaba inicializado, se devolvera null");
            return null;
        }
        try {
            Certificate certificate = this.ks.getCertificate(str);
            if (certificate != null) {
                return (X509Certificate) certificate;
            }
            LOGGER.warning("No se ha podido recuperar el certificado con alias '" + str + "', se devolvera null");
            return null;
        } catch (Exception e) {
            LOGGER.warning("No se ha podido recuperar el certificado con alias '" + str + "', se devolvera null: " + e);
            return null;
        }
    }

    public static X509Certificate[] getCertificateChain(KeyStore.PrivateKeyEntry privateKeyEntry) {
        return (X509Certificate[]) privateKeyEntry.getCertificateChain();
    }

    public X509Certificate[] getCertificateChain(String str) {
        if (this.ks == null) {
            LOGGER.warning("El KeyStore actual no esta inicializado, por lo que no se pudo recuperar el certificado para el alias '" + str + "'");
            return null;
        }
        try {
            return (X509Certificate[]) this.ks.getCertificateChain(str);
        } catch (Exception e) {
            LOGGER.severe("Error al obtener la cadena de certificados para el alias '" + str + "', se devolvera una cadena vacia: " + e);
            return new X509Certificate[0];
        }
    }

    public String[] getAliases() {
        if (this.ks == null) {
            throw new IllegalStateException("Se han pedido los alias de un almacen no inicializado");
        }
        LOGGER.info("Solicitando los alias al KeyStore (" + this.ks.getProvider() + ")");
        try {
            Enumeration<String> aliases = this.ks.aliases();
            ArrayList arrayList = new ArrayList();
            LOGGER.info("Componiendo el vector de alias");
            while (aliases.hasMoreElements()) {
                String str = aliases.nextElement().toString();
                arrayList.add(str);
                LOGGER.info("Alias: " + str);
            }
            return (String[]) arrayList.toArray(new String[0]);
        } catch (Exception e) {
            LOGGER.severe("Error intentando obtener los alias del almacen de claves, se devolvera una enumeracion vacia: " + e);
            return new String[0];
        }
    }

    public List<KeyStore> getKeyStores() {
        ArrayList arrayList = new ArrayList(1);
        arrayList.add(this.ks);
        return arrayList;
    }

    public String toString() {
        StringBuilder sb = new StringBuilder("Gestor de almacenes de claves");
        if (this.ksType != null) {
            String name = this.ksType.getName();
            if (name != null) {
                sb.append(" de tipo ");
                sb.append(name);
            }
            String name2 = this.ksType.getName();
            if (name2 != null) {
                sb.append(" con nombre ");
                sb.append(name2);
            }
            sb.append(" de clase ");
            sb.append(this.ksType.toString());
        }
        return sb.toString();
    }
}
