package com.ksign.pkcs11;

import com.dreamsecurity.jcaos.asn1.x509.AlgorithmIdentifier;
import com.ksign.KCaseLogging;
import com.ksign.util.encoders.Base64;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.lang.reflect.Field;
import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.KeyStoreSpi;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.HashMap;

/* loaded from: classes2.dex */
public class TokenSunMSCAPI {
    private static final String split = "^";
    private HashMap<String, Certificate> certList;

    public TokenSunMSCAPI() throws PKCS11Exception {
        this.certList = null;
        this.certList = new HashMap<>();
    }

    private PrivateKey _fixAliases(KeyStore keyStore, String str) {
        try {
            Field declaredField = keyStore.getClass().getDeclaredField("keyStoreSpi");
            declaredField.setAccessible(true);
            KeyStoreSpi keyStoreSpi = (KeyStoreSpi) declaredField.get(keyStore);
            if (!"sun.security.mscapi.KeyStore$MY".equals(keyStoreSpi.getClass().getName())) {
                return null;
            }
            Field declaredField2 = keyStoreSpi.getClass().getEnclosingClass().getDeclaredField("entries");
            declaredField2.setAccessible(true);
            for (Object obj : (Collection) declaredField2.get(keyStoreSpi)) {
                Field declaredField3 = obj.getClass().getDeclaredField("certChain");
                declaredField3.setAccessible(true);
                String num = Integer.toString(((X509Certificate[]) declaredField3.get(obj))[0].hashCode());
                Field declaredField4 = obj.getClass().getDeclaredField("alias");
                declaredField4.setAccessible(true);
                if (str.equals(((String) declaredField4.get(obj)).concat(split).concat(num))) {
                    Field declaredField5 = obj.getClass().getDeclaredField("privateKey");
                    declaredField5.setAccessible(true);
                    return (PrivateKey) declaredField5.get(obj);
                }
            }
            return null;
        } catch (Exception e) {
            System.err.println(e);
            e.printStackTrace();
            return null;
        }
    }

    private void _fixAliases(KeyStore keyStore) {
        try {
            Field declaredField = keyStore.getClass().getDeclaredField("keyStoreSpi");
            declaredField.setAccessible(true);
            KeyStoreSpi keyStoreSpi = (KeyStoreSpi) declaredField.get(keyStore);
            if ("sun.security.mscapi.KeyStore$MY".equals(keyStoreSpi.getClass().getName())) {
                Field declaredField2 = keyStoreSpi.getClass().getEnclosingClass().getDeclaredField("entries");
                declaredField2.setAccessible(true);
                for (Object obj : (Collection) declaredField2.get(keyStoreSpi)) {
                    Field declaredField3 = obj.getClass().getDeclaredField("certChain");
                    declaredField3.setAccessible(true);
                    X509Certificate[] x509CertificateArr = (X509Certificate[]) declaredField3.get(obj);
                    String num = Integer.toString(x509CertificateArr[0].hashCode());
                    Field declaredField4 = obj.getClass().getDeclaredField("alias");
                    declaredField4.setAccessible(true);
                    String str = (String) declaredField4.get(obj);
                    if (keyStore.isKeyEntry(str)) {
                        this.certList.put(str.concat(split).concat(num), x509CertificateArr[0]);
                    }
                }
            }
        } catch (Exception e) {
            System.err.println(e);
            e.printStackTrace();
        }
    }

    private KeyStore getKeyStore() throws PKCS11Exception {
        try {
            KeyStore keyStore = KeyStore.getInstance("Windows-MY");
            try {
                keyStore.load(null, null);
                return keyStore;
            } catch (IOException e) {
                KCaseLogging.print((Exception) e);
                throw new PKCS11Exception(3204);
            } catch (NoSuchAlgorithmException e2) {
                KCaseLogging.print((Exception) e2);
                throw new PKCS11Exception(3202);
            } catch (CertificateException e3) {
                KCaseLogging.print((Exception) e3);
                throw new PKCS11Exception(3203);
            }
        } catch (KeyStoreException e4) {
            KCaseLogging.print((Exception) e4);
            throw new PKCS11Exception(3201);
        }
    }

    private Provider getProvider() throws PKCS11Exception {
        return getKeyStore().getProvider();
    }

    private void loadCertificate() throws PKCS11Exception {
        _fixAliases(getKeyStore());
    }

    public Certificate getCertificate(String str) throws PKCS11Exception {
        loadCertificate();
        return this.certList.get(str);
    }

    public HashMap<String, Certificate> getCertificate() throws PKCS11Exception {
        loadCertificate();
        return this.certList;
    }

    public PrivateKey getPrivateKey(String str, char[] cArr) throws PKCS11Exception {
        return _fixAliases(getKeyStore(), str);
    }

    public byte[] getSignature(String str, PrivateKey privateKey, String str2) throws PKCS11Exception {
        try {
            return getSignature(Base64.decode(str.getBytes(str2)), privateKey);
        } catch (UnsupportedEncodingException e) {
            KCaseLogging.print((Exception) e);
            throw new PKCS11Exception(3210, str2);
        }
    }

    public byte[] getSignature(byte[] bArr, PrivateKey privateKey) throws PKCS11Exception {
        try {
            try {
                Signature signature = Signature.getInstance(AlgorithmIdentifier.NAME_SHA1_WITH_RSA, getProvider());
                try {
                    signature.initSign(privateKey);
                    signature.update(bArr);
                    byte[] sign = signature.sign();
                    try {
                        KeyStore.getInstance("JKS");
                    } catch (KeyStoreException e) {
                        e.printStackTrace();
                    }
                    return sign;
                } catch (InvalidKeyException e2) {
                    KCaseLogging.print((Exception) e2);
                    throw new PKCS11Exception(3208);
                } catch (SignatureException e3) {
                    KCaseLogging.print((Exception) e3);
                    throw new PKCS11Exception(3209);
                }
            } catch (NoSuchAlgorithmException e4) {
                KCaseLogging.print((Exception) e4);
                throw new PKCS11Exception(3207);
            }
        } catch (Throwable th) {
            try {
                KeyStore.getInstance("JKS");
            } catch (KeyStoreException e5) {
                e5.printStackTrace();
            }
            throw th;
        }
    }

    public boolean verify(Certificate certificate, String str, String str2, String str3) throws PKCS11Exception {
        try {
            return verify(certificate, Base64.decode(str.getBytes(str3)), Base64.decode(str2.getBytes(str3)));
        } catch (UnsupportedEncodingException e) {
            KCaseLogging.print((Exception) e);
            throw new PKCS11Exception(3210, str3);
        }
    }

    public boolean verify(Certificate certificate, byte[] bArr, byte[] bArr2) throws PKCS11Exception {
        try {
            Signature signature = Signature.getInstance(AlgorithmIdentifier.NAME_SHA1_WITH_RSA, getProvider());
            try {
                signature.initVerify(certificate);
                signature.update(bArr);
                return signature.verify(bArr2);
            } catch (InvalidKeyException e) {
                KCaseLogging.print((Exception) e);
                throw new PKCS11Exception(3212);
            } catch (SignatureException e2) {
                KCaseLogging.print((Exception) e2);
                throw new PKCS11Exception(3211);
            }
        } catch (NoSuchAlgorithmException e3) {
            KCaseLogging.print((Exception) e3);
            throw new PKCS11Exception(3207);
        }
    }
}
