package org.mozilla.jss.pkcs11;

import java.security.DigestException;
import java.security.InvalidKeyException;
import java.security.InvalidParameterException;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.security.SecureRandom;
import org.mozilla.jss.crypto.Algorithm;
import org.mozilla.jss.crypto.AlreadyInitializedException;
import org.mozilla.jss.crypto.Cipher;
import org.mozilla.jss.crypto.CryptoStore;
import org.mozilla.jss.crypto.CryptoToken;
import org.mozilla.jss.crypto.DigestAlgorithm;
import org.mozilla.jss.crypto.EncryptionAlgorithm;
import org.mozilla.jss.crypto.JSSMessageDigest;
import org.mozilla.jss.crypto.KeyGenAlgorithm;
import org.mozilla.jss.crypto.KeyGenerator;
import org.mozilla.jss.crypto.KeyPairAlgorithm;
import org.mozilla.jss.crypto.KeyPairGenerator;
import org.mozilla.jss.crypto.KeyWrapAlgorithm;
import org.mozilla.jss.crypto.KeyWrapper;
import org.mozilla.jss.crypto.PQGParamGenException;
import org.mozilla.jss.crypto.PQGParams;
import org.mozilla.jss.crypto.Signature;
import org.mozilla.jss.crypto.SignatureAlgorithm;
import org.mozilla.jss.crypto.SymmetricKey;
import org.mozilla.jss.crypto.TokenException;
import org.mozilla.jss.util.Assert;
import org.mozilla.jss.util.IncorrectPasswordException;
import org.mozilla.jss.util.NotImplementedException;
import org.mozilla.jss.util.NullPasswordCallback;
import org.mozilla.jss.util.Password;
import org.mozilla.jss.util.PasswordCallback;
import org.mozilla.jss.util.PasswordCallbackInfo;

/* JADX WARN: Classes with same name are omitted:
  input_file:117667-01/patchzip-d52diu.zip:nsclient.zip:java/jss3.jar:org/mozilla/jss/pkcs11/PK11Token.class
 */
/* loaded from: input_file:117667-01/patchzip-d52diu.zip:nsclient.zip:java/jss3128.jar:org/mozilla/jss/pkcs11/PK11Token.class */
public final class PK11Token implements CryptoToken {
    protected boolean mIsInternalCryptoToken;
    protected boolean mIsInternalKeyStorageToken;
    protected TokenProxy tokenProxy;
    protected PK11Store cryptoStore;

    /* JADX WARN: Classes with same name are omitted:
      input_file:117667-01/patchzip-d52diu.zip:nsclient.zip:java/jss3.jar:org/mozilla/jss/pkcs11/PK11Token$NotInitializedException.class
     */
    /* loaded from: input_file:117667-01/patchzip-d52diu.zip:nsclient.zip:java/jss3128.jar:org/mozilla/jss/pkcs11/PK11Token$NotInitializedException.class */
    public static class NotInitializedException extends IncorrectPasswordException {
        public NotInitializedException() {
        }

        public NotInitializedException(String str) {
            super(str);
        }
    }

    @Override // org.mozilla.jss.crypto.CryptoToken
    public Signature getSignatureContext(SignatureAlgorithm signatureAlgorithm) throws NoSuchAlgorithmException, TokenException {
        Assert._assert(signatureAlgorithm != null);
        return Tunnel.constructSignature(signatureAlgorithm, new PK11Signature(this, signatureAlgorithm));
    }

    @Override // org.mozilla.jss.crypto.CryptoToken
    public JSSMessageDigest getDigestContext(DigestAlgorithm digestAlgorithm) throws NoSuchAlgorithmException, DigestException {
        if (doesAlgorithm(digestAlgorithm)) {
            return new PK11MessageDigest(this, digestAlgorithm);
        }
        throw new NoSuchAlgorithmException();
    }

    @Override // org.mozilla.jss.crypto.CryptoToken
    public Cipher getCipherContext(EncryptionAlgorithm encryptionAlgorithm) throws NoSuchAlgorithmException, TokenException {
        if (doesAlgorithm(encryptionAlgorithm)) {
            return new PK11Cipher(this, encryptionAlgorithm);
        }
        throw new NoSuchAlgorithmException(new StringBuffer().append(encryptionAlgorithm).append(" is not supported by this token").toString());
    }

    @Override // org.mozilla.jss.crypto.CryptoToken
    public KeyGenerator getKeyGenerator(KeyGenAlgorithm keyGenAlgorithm) throws NoSuchAlgorithmException, TokenException {
        if (doesAlgorithm(keyGenAlgorithm)) {
            return new PK11KeyGenerator(this, keyGenAlgorithm);
        }
        throw new NoSuchAlgorithmException(new StringBuffer().append(keyGenAlgorithm).append(" is not supported by this token").toString());
    }

    @Override // org.mozilla.jss.crypto.CryptoToken
    public SymmetricKey cloneKey(SymmetricKey symmetricKey) throws SymmetricKey.NotExtractableException, InvalidKeyException, TokenException {
        return PK11KeyGenerator.clone(symmetricKey, this);
    }

    @Override // org.mozilla.jss.crypto.CryptoToken
    public KeyWrapper getKeyWrapper(KeyWrapAlgorithm keyWrapAlgorithm) throws NoSuchAlgorithmException, TokenException {
        if (doesAlgorithm(keyWrapAlgorithm)) {
            return new PK11KeyWrapper(this, keyWrapAlgorithm);
        }
        throw new NoSuchAlgorithmException(new StringBuffer().append(keyWrapAlgorithm).append(" is not supported by this token").toString());
    }

    public SecureRandom getRandomGenerator() throws NotImplementedException, TokenException {
        throw new NotImplementedException();
    }

    @Override // org.mozilla.jss.crypto.CryptoToken
    public KeyPairGenerator getKeyPairGenerator(KeyPairAlgorithm keyPairAlgorithm) throws NoSuchAlgorithmException, TokenException {
        Assert._assert(keyPairAlgorithm != null);
        return new KeyPairGenerator(keyPairAlgorithm, new PK11KeyPairGenerator(this, keyPairAlgorithm));
    }

    @Override // org.mozilla.jss.crypto.CryptoToken
    public native boolean isLoggedIn() throws TokenException;

    @Override // org.mozilla.jss.crypto.CryptoToken
    public void login(PasswordCallback passwordCallback) throws NotInitializedException, IncorrectPasswordException, TokenException {
        if (passwordCallback == null) {
            passwordCallback = new NullPasswordCallback();
        }
        nativeLogin(passwordCallback);
    }

    protected native void nativeLogin(PasswordCallback passwordCallback) throws NotInitializedException, IncorrectPasswordException, TokenException;

    public native boolean isWritable();

    @Override // org.mozilla.jss.crypto.CryptoToken
    public native boolean isPresent();

    @Override // org.mozilla.jss.crypto.CryptoToken
    public native void logout() throws TokenException;

    @Override // org.mozilla.jss.crypto.CryptoToken
    public native int getLoginMode() throws TokenException;

    @Override // org.mozilla.jss.crypto.CryptoToken
    public native void setLoginMode(int i) throws TokenException;

    @Override // org.mozilla.jss.crypto.CryptoToken
    public native int getLoginTimeoutMinutes() throws TokenException;

    @Override // org.mozilla.jss.crypto.CryptoToken
    public native void setLoginTimeoutMinutes(int i) throws TokenException;

    @Override // org.mozilla.jss.crypto.CryptoToken
    public void initPassword(PasswordCallback passwordCallback, PasswordCallback passwordCallback2) throws IncorrectPasswordException, AlreadyInitializedException, TokenException {
        byte[] passwordByteCopy;
        Password password = null;
        Password password2 = null;
        PasswordCallbackInfo makePWCBInfo = makePWCBInfo();
        if (passwordCallback == null) {
            passwordCallback = new NullPasswordCallback();
        }
        if (passwordCallback2 == null) {
            passwordCallback2 = new NullPasswordCallback();
        }
        try {
            try {
                if (!PWInitable()) {
                    throw new AlreadyInitializedException();
                }
                if (isInternalKeyStorageToken()) {
                    passwordByteCopy = new byte[]{0};
                } else {
                    password = passwordCallback.getPasswordFirstAttempt(makePWCBInfo);
                    passwordByteCopy = Tunnel.getPasswordByteCopy(password);
                    while (!SSOPasswordIsCorrect(passwordByteCopy)) {
                        Password.wipeBytes(passwordByteCopy);
                        password.clear();
                        password = passwordCallback.getPasswordAgain(makePWCBInfo);
                        passwordByteCopy = Tunnel.getPasswordByteCopy(password);
                    }
                }
                Password passwordFirstAttempt = passwordCallback2.getPasswordFirstAttempt(makePWCBInfo);
                byte[] passwordByteCopy2 = Tunnel.getPasswordByteCopy(passwordFirstAttempt);
                initPassword(passwordByteCopy, passwordByteCopy2);
                if (passwordByteCopy != null) {
                    Password.wipeBytes(passwordByteCopy);
                }
                if (password != null) {
                    password.clear();
                }
                if (passwordByteCopy2 != null) {
                    Password.wipeBytes(passwordByteCopy2);
                }
                if (passwordFirstAttempt != null) {
                    passwordFirstAttempt.clear();
                }
            } catch (PasswordCallback.GiveUpException e) {
                throw new IncorrectPasswordException(e.toString());
            }
        } catch (Throwable th) {
            if (0 != 0) {
                Password.wipeBytes(null);
            }
            if (0 != 0) {
                password.clear();
            }
            if (0 != 0) {
                Password.wipeBytes(null);
            }
            if (0 != 0) {
                password2.clear();
            }
            throw th;
        }
    }

    protected native boolean PWInitable() throws TokenException;

    protected native boolean SSOPasswordIsCorrect(byte[] bArr) throws TokenException, AlreadyInitializedException;

    protected native void initPassword(byte[] bArr, byte[] bArr2) throws IncorrectPasswordException, AlreadyInitializedException, TokenException;

    @Override // org.mozilla.jss.crypto.CryptoToken
    public native boolean passwordIsInitialized() throws TokenException;

    /* JADX WARN: Code restructure failed: missing block: B:10:0x0041, code lost:
    
        org.mozilla.jss.util.Password.wipeBytes(r7);
        r9.clear();
        r9 = r5.getPasswordAgain(r0);
        r7 = org.mozilla.jss.pkcs11.Tunnel.getPasswordByteCopy(r9);
     */
    /* JADX WARN: Code restructure failed: missing block: B:11:0x005f, code lost:
    
        if (userPasswordIsCorrect(r7) == false) goto L46;
     */
    /* JADX WARN: Code restructure failed: missing block: B:14:0x0062, code lost:
    
        r10 = r6.getPasswordFirstAttempt(r0);
        r8 = org.mozilla.jss.pkcs11.Tunnel.getPasswordByteCopy(r10);
        changePassword(r7, r8);
     */
    /* JADX WARN: Code restructure failed: missing block: B:15:0x007b, code lost:
    
        if (r7 == null) goto L15;
     */
    /* JADX WARN: Code restructure failed: missing block: B:16:0x007e, code lost:
    
        org.mozilla.jss.util.Password.wipeBytes(r7);
     */
    /* JADX WARN: Code restructure failed: missing block: B:18:0x0084, code lost:
    
        if (r9 == null) goto L18;
     */
    /* JADX WARN: Code restructure failed: missing block: B:19:0x0087, code lost:
    
        r9.clear();
     */
    /* JADX WARN: Code restructure failed: missing block: B:21:0x008e, code lost:
    
        if (r8 == null) goto L21;
     */
    /* JADX WARN: Code restructure failed: missing block: B:22:0x0091, code lost:
    
        org.mozilla.jss.util.Password.wipeBytes(r8);
     */
    /* JADX WARN: Code restructure failed: missing block: B:24:0x0098, code lost:
    
        if (r10 == null) goto L42;
     */
    /* JADX WARN: Code restructure failed: missing block: B:25:0x009b, code lost:
    
        r10.clear();
     */
    /* JADX WARN: Code restructure failed: missing block: B:26:?, code lost:
    
        return;
     */
    /* JADX WARN: Code restructure failed: missing block: B:28:0x00dd, code lost:
    
        return;
     */
    /* JADX WARN: Code restructure failed: missing block: B:9:0x003e, code lost:
    
        if (userPasswordIsCorrect(r7) == false) goto L10;
     */
    @Override // org.mozilla.jss.crypto.CryptoToken
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public void changePassword(org.mozilla.jss.util.PasswordCallback r5, org.mozilla.jss.util.PasswordCallback r6) throws org.mozilla.jss.util.IncorrectPasswordException, org.mozilla.jss.crypto.TokenException {
        /*
            Method dump skipped, instructions count: 222
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.mozilla.jss.pkcs11.PK11Token.changePassword(org.mozilla.jss.util.PasswordCallback, org.mozilla.jss.util.PasswordCallback):void");
    }

    protected PasswordCallbackInfo makePWCBInfo() {
        return new TokenCallbackInfo(getName());
    }

    protected native boolean userPasswordIsCorrect(byte[] bArr) throws TokenException;

    protected native void changePassword(byte[] bArr, byte[] bArr2) throws IncorrectPasswordException, TokenException;

    @Override // org.mozilla.jss.crypto.CryptoToken
    public native String getName();

    public Provider getProvider() {
        Assert.notYetImplemented("Providers not implemented by PK11Token yet");
        return null;
    }

    @Override // org.mozilla.jss.crypto.CryptoToken
    public CryptoStore getCryptoStore() {
        return this.cryptoStore;
    }

    @Override // org.mozilla.jss.crypto.CryptoToken
    public boolean equals(Object obj) {
        if (obj != null && (obj instanceof PK11Token)) {
            return this.tokenProxy.equals(((PK11Token) obj).tokenProxy);
        }
        return false;
    }

    @Override // org.mozilla.jss.crypto.CryptoToken
    public native boolean doesAlgorithm(Algorithm algorithm);

    @Override // org.mozilla.jss.crypto.CryptoToken
    public String generateCertRequest(String str, int i, String str2, byte[] bArr, byte[] bArr2, byte[] bArr3) throws TokenException, InvalidParameterException, PQGParamGenException {
        if (str2.equalsIgnoreCase("dsa")) {
            if (bArr == null && bArr2 == null && bArr3 == null) {
                System.out.println("no pqg supplied, self-generating...");
                try {
                    PQGParams generate = PQGParams.generate(i);
                    try {
                        return new StringBuffer().append("-----BEGIN NEW CERTIFICATE REQUEST-----\n").append(generatePK10(str, i, str2, PQGParams.BigIntegerToUnsignedByteArray(generate.getP()), PQGParams.BigIntegerToUnsignedByteArray(generate.getQ()), PQGParams.BigIntegerToUnsignedByteArray(generate.getG()))).append("\n-----END NEW CERTIFICATE REQUEST-----").toString();
                    } catch (InvalidParameterException e) {
                        throw e;
                    } catch (TokenException e2) {
                        throw e2;
                    }
                } catch (PQGParamGenException e3) {
                    System.out.println(e3.toString());
                    throw e3;
                }
            }
            if (bArr == null || bArr2 == null || bArr3 == null) {
                throw new InvalidParameterException("need all P, Q, and G");
            }
        }
        try {
            return new StringBuffer().append("-----BEGIN NEW CERTIFICATE REQUEST-----\n").append(generatePK10(str, i, str2, bArr, bArr2, bArr3)).append("\n-----END NEW CERTIFICATE REQUEST-----").toString();
        } catch (InvalidParameterException e4) {
            throw e4;
        } catch (TokenException e5) {
            throw e5;
        }
    }

    protected native String generatePK10(String str, int i, String str2, byte[] bArr, byte[] bArr2, byte[] bArr3) throws TokenException, InvalidParameterException;

    protected PK11Token() {
        Assert._assert(false);
    }

    protected PK11Token(byte[] bArr, boolean z, boolean z2) {
        Assert._assert(bArr != null);
        this.tokenProxy = new TokenProxy(bArr);
        this.mIsInternalCryptoToken = z;
        this.mIsInternalKeyStorageToken = z2;
        this.cryptoStore = new PK11Store(this.tokenProxy);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public TokenProxy getProxy() {
        return this.tokenProxy;
    }

    public boolean isInternalCryptoToken() {
        return this.mIsInternalCryptoToken;
    }

    public boolean isInternalKeyStorageToken() {
        return this.mIsInternalKeyStorageToken;
    }
}
