package by.avest.edoc.client;

import by.avest.crypto.cert.verify.CertVerify;
import by.avest.crypto.pkcs11.provider.Util;
import java.io.IOException;
import java.net.Socket;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.HashSet;
import java.util.LinkedList;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.Set;
import java.util.StringTokenizer;
import javax.net.ssl.X509ExtendedKeyManager;
import javax.security.auth.x500.X500Principal;
import org.apache.batik.constants.XMLConstants;
import org.apache.log4j.Logger;
import sun.security.util.DerValue;
import sun.security.x509.X500Name;

/* loaded from: input_file:by/avest/edoc/client/PersonalKeyManager.class */
public abstract class PersonalKeyManager extends X509ExtendedKeyManager {
    public static final String PARAM_UNP = "UNP";
    public static final String PARAM_PUB_KEY_ID = "PUB_KEY_ID";
    public static final String PARAM_COMMON_NAME = "COMMON_NAME";
    public static final String PARAM_PASSWORD_KEY = "PASSWORD_KEY";
    private KeyStore ks;
    private CertVerify cv;
    private Map<String, X509Credentials> credentials;
    private String alias;
    private char[] password;
    private PrivateKey privkey;
    private X509Certificate[] certchain;
    public static final String GOSSUOK_UNP_OID = "1.2.112.1.2.1.1.1.1.2";
    public static final String RUPIIC_UNP_OID = "1.3.6.1.4.1.12656.106.101";
    public static final String CERT_SUBJ_KEY_ID_OID = "2.5.29.14";
    static final Logger logger = Logger.getLogger(PersonalKeyManager.class);
    protected static final String[] DEFAULT_KEY_TYPES = {"1.3.6.1.4.1.12656.1.38", "AvBds", "1.3.6.1.4.1.12656.1.35", "AvBdsHash", "1.3.6.1.4.1.12656.1.33", "AvCompoundBds", "1.3.6.1.4.1.12656.1.37", "AvCompoundBdsHash", "1.2.112.0.2.0.1176.2.2.1", "Bds", "1.2.112.0.2.0.1176.2.2.2", "BdsHash", "1.2.112.0.2.0.1176.2.2.3", "CompoundBds", "1.2.112.0.2.0.1176.2.2.4", "CompoundBdsHash", "1.2.112.0.2.0.34.101.45.2.1", "Bign"};
    protected static final char[] hexArray = Util.hexChars.toCharArray();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:by/avest/edoc/client/PersonalKeyManager$X509Credentials.class */
    public static class X509Credentials {
        X509Certificate[] certificates;
        private Set<X500Principal> issuerX500Principals;

        X509Credentials(X509Certificate[] x509CertificateArr) {
            this.certificates = x509CertificateArr;
        }

        synchronized Set<X500Principal> getIssuerX500Principals() {
            if (this.issuerX500Principals == null) {
                this.issuerX500Principals = new HashSet();
                for (X509Certificate x509Certificate : this.certificates) {
                    this.issuerX500Principals.add(x509Certificate.getIssuerX500Principal());
                }
            }
            return this.issuerX500Principals;
        }
    }

    public PersonalKeyManager(KeyStore keyStore) {
        this.ks = keyStore;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setCertVerify(CertVerify certVerify) {
        this.cv = certVerify;
    }

    public void init(String str) {
        if (str == null) {
            throw new IllegalArgumentException("init");
        }
        StringTokenizer stringTokenizer = new StringTokenizer(str, ";");
        String[] strArr = null;
        while (stringTokenizer.hasMoreTokens()) {
            String nextToken = stringTokenizer.nextToken();
            if (nextToken.indexOf(XMLConstants.XML_EQUAL_SIGN) < 0) {
                throw new AvLoginException("Неверный формат параметров авторизации.");
            }
            String substring = nextToken.substring(0, nextToken.indexOf(XMLConstants.XML_EQUAL_SIGN));
            String substring2 = nextToken.substring(nextToken.indexOf(XMLConstants.XML_EQUAL_SIGN) + 1);
            if (substring.equalsIgnoreCase("PASSWORD_KEY")) {
                if (logger.isDebugEnabled()) {
                    logger.debug("init params: param = password, value = ********");
                }
            } else if (logger.isDebugEnabled()) {
                logger.debug("init params: param = " + substring + ", value = " + substring2);
            }
            try {
                if (substring.equalsIgnoreCase("UNP")) {
                    strArr = selectAliasByUNP(substring2);
                    if (strArr == null || strArr.length == 0) {
                        throw new AvLoginException("В справочнике не найдено ни одного действующего сертификата со значением УНП = '" + substring2 + "'.");
                    }
                } else if (substring.equalsIgnoreCase("PUB_KEY_ID")) {
                    strArr = selectByKeyId(substring2);
                    if (strArr == null || strArr.length == 0) {
                        throw new AvLoginException("В справочнике не найдено ни одиного действующего сертификата с идентификатором открытого ключа = '" + substring2 + "'.");
                    }
                } else if (substring.equalsIgnoreCase(PARAM_COMMON_NAME)) {
                    strArr = selectByCommonName(substring2);
                    if (strArr == null || strArr.length == 0) {
                        throw new AvLoginException("В справочнике не найдено ни одного действующего сертификата со значением общего имени = '" + substring2 + "'.");
                    }
                } else if (substring.equalsIgnoreCase("PASSWORD_KEY")) {
                    this.password = substring2.toCharArray();
                }
            } catch (IOException e) {
                throw new AvLoginException(e.getMessage(), e);
            }
        }
        if (strArr == null || strArr.length == 0) {
            this.alias = null;
        } else if (strArr.length == 1) {
            this.alias = strArr[0];
        } else {
            try {
                logger.debug("choose alias");
                this.alias = chooseAlias(strArr);
                logger.debug("alias = " + this.alias);
            } catch (IOException e2) {
                throw new AvLoginException("При выборе контейнера с ключом клиента произошла ошибка.", e2);
            }
        }
        if (logger.isDebugEnabled()) {
            StringBuilder sb = new StringBuilder();
            sb.append("class variables: alias = ");
            sb.append(this.alias);
            sb.append(", privkey = ");
            sb.append(this.privkey == null ? "NULL" : "SET");
            sb.append(", certchain = ");
            sb.append(this.certchain == null ? "NULL" : "SET");
            logger.debug(sb.toString());
        }
    }

    private String[] selectAliasByUNP(String str) throws IOException {
        if (str == null) {
            return null;
        }
        LinkedList linkedList = new LinkedList();
        for (Map.Entry<String, X509Credentials> entry : getCredentials().entrySet()) {
            String key = entry.getKey();
            X509Certificate[] x509CertificateArr = entry.getValue().certificates;
            String parseUNP = parseUNP(x509CertificateArr[0]);
            if (parseUNP != null && parseUNP.equalsIgnoreCase(str) && isCertValid(x509CertificateArr[0])) {
                linkedList.add(key);
            }
        }
        String[] strArr = (String[]) linkedList.toArray(new String[0]);
        if (strArr.length == 0) {
            return null;
        }
        return strArr;
    }

    private String[] selectByKeyId(String str) throws IOException {
        if (str == null) {
            return null;
        }
        LinkedList linkedList = new LinkedList();
        for (Map.Entry<String, X509Credentials> entry : getCredentials().entrySet()) {
            String key = entry.getKey();
            X509Certificate[] x509CertificateArr = entry.getValue().certificates;
            String parseKeyID = parseKeyID(x509CertificateArr[0]);
            if (parseKeyID != null && parseKeyID.equalsIgnoreCase(str) && isCertValid(x509CertificateArr[0])) {
                linkedList.add(key);
            }
        }
        String[] strArr = (String[]) linkedList.toArray(new String[0]);
        if (strArr.length == 0) {
            return null;
        }
        return strArr;
    }

    private String[] selectByCommonName(String str) throws IOException {
        if (str == null) {
            return null;
        }
        LinkedList linkedList = new LinkedList();
        for (Map.Entry<String, X509Credentials> entry : getCredentials().entrySet()) {
            String key = entry.getKey();
            X509Certificate[] x509CertificateArr = entry.getValue().certificates;
            String commonName = new X500Name(x509CertificateArr[0].getSubjectX500Principal().getName()).getCommonName();
            if (commonName != null && commonName.equalsIgnoreCase(str) && isCertValid(x509CertificateArr[0])) {
                linkedList.add(key);
            }
        }
        String[] strArr = (String[]) linkedList.toArray(new String[0]);
        if (strArr.length == 0) {
            return null;
        }
        return strArr;
    }

    @Override // javax.net.ssl.X509KeyManager
    public String[] getClientAliases(String str, Principal[] principalArr) {
        if (logger.isDebugEnabled()) {
            StringBuilder sb = new StringBuilder();
            sb.append("get client aliases params: keytype = ");
            sb.append(str);
            sb.append(", issuers (");
            sb.append(principalArr == null ? "" : Integer.valueOf(principalArr.length));
            sb.append(") = ");
            if (principalArr == null) {
                sb.append("NULL");
            } else {
                for (Principal principal : principalArr) {
                    sb.append(principal);
                    sb.append(", ");
                }
            }
            logger.debug(sb.toString());
        }
        String[] strArr = null;
        if (str != null) {
            if (principalArr == null) {
                principalArr = new X500Principal[0];
            }
            if (!(principalArr instanceof X500Principal[])) {
                principalArr = convertPrincipals(principalArr);
            }
            String str2 = null;
            if (str.contains("_")) {
                int indexOf = str.indexOf("_");
                str2 = str.substring(indexOf + 1);
                str = str.substring(0, indexOf);
            }
            X500Principal[] x500PrincipalArr = (X500Principal[]) principalArr;
            ArrayList arrayList = new ArrayList();
            for (Map.Entry<String, X509Credentials> entry : getCredentials().entrySet()) {
                String key = entry.getKey();
                X509Credentials value = entry.getValue();
                X509Certificate[] x509CertificateArr = value.certificates;
                if (str.equals(x509CertificateArr[0].getPublicKey().getAlgorithm())) {
                    if (str2 != null) {
                        if (x509CertificateArr.length > 1) {
                            if (!str2.equals(x509CertificateArr[1].getPublicKey().getAlgorithm())) {
                            }
                        } else if (!x509CertificateArr[0].getSigAlgName().toUpperCase(Locale.ENGLISH).contains("WITH" + str2.toUpperCase(Locale.ENGLISH))) {
                        }
                    }
                    if (isCertValid(x509CertificateArr[0])) {
                        if (principalArr.length == 0) {
                            arrayList.add(key);
                        } else {
                            Set<X500Principal> issuerX500Principals = value.getIssuerX500Principals();
                            int i = 0;
                            while (true) {
                                if (i >= x500PrincipalArr.length) {
                                    break;
                                }
                                if (issuerX500Principals.contains(principalArr[i])) {
                                    arrayList.add(key);
                                    break;
                                }
                                i++;
                            }
                        }
                    }
                }
            }
            strArr = (String[]) arrayList.toArray(new String[0]);
        }
        if (logger.isDebugEnabled()) {
            StringBuilder sb2 = new StringBuilder();
            sb2.append("return aliases (");
            sb2.append(strArr == null ? "" : Integer.valueOf(strArr.length));
            sb2.append(") = ");
            if (strArr == null) {
                sb2.append("NULL");
            } else {
                for (String str3 : strArr) {
                    sb2.append(str3);
                    sb2.append(", ");
                }
            }
            logger.debug(sb2.toString());
        }
        if (strArr.length == 0) {
            return null;
        }
        return strArr;
    }

    private boolean isCertValid(X509Certificate x509Certificate) {
        if (this.cv == null) {
            return true;
        }
        try {
            return this.cv.verify(x509Certificate, new Date()).isCertValid();
        } catch (InvalidAlgorithmParameterException e) {
            throw new AvLoginException(e.getMessage(), e);
        }
    }

    private Map<String, X509Credentials> getCredentials() {
        if (this.credentials == null) {
            this.credentials = new HashMap();
            try {
                Enumeration<String> aliases = this.ks.aliases();
                while (aliases.hasMoreElements()) {
                    String nextElement = aliases.nextElement();
                    try {
                        if (this.ks.isKeyEntry(nextElement)) {
                            Certificate[] certificateChain = this.ks.getCertificateChain(nextElement);
                            if (certificateChain != null && certificateChain.length != 0 && (certificateChain[0] instanceof X509Certificate)) {
                                if (!(certificateChain instanceof X509Certificate[])) {
                                    X509Certificate[] x509CertificateArr = new X509Certificate[certificateChain.length];
                                    System.arraycopy(certificateChain, 0, x509CertificateArr, 0, certificateChain.length);
                                    certificateChain = x509CertificateArr;
                                }
                                this.credentials.put(nextElement, new X509Credentials((X509Certificate[]) certificateChain));
                            }
                        }
                    } catch (KeyStoreException e) {
                        e.printStackTrace();
                    }
                }
            } catch (KeyStoreException e2) {
                throw new AvLoginException(e2.getMessage(), e2);
            }
        }
        return this.credentials;
    }

    private static X500Principal[] convertPrincipals(Principal[] principalArr) {
        ArrayList arrayList = new ArrayList(principalArr.length);
        for (Principal principal : principalArr) {
            if (principal instanceof X500Principal) {
                arrayList.add((X500Principal) principal);
            } else {
                try {
                    arrayList.add(new X500Principal(principal.getName()));
                } catch (IllegalArgumentException e) {
                }
            }
        }
        return (X500Principal[]) arrayList.toArray(new X500Principal[arrayList.size()]);
    }

    @Override // javax.net.ssl.X509KeyManager
    public String chooseClientAlias(String[] strArr, Principal[] principalArr, Socket socket) {
        if (this.alias == null) {
            if (logger.isDebugEnabled()) {
                StringBuilder sb = new StringBuilder();
                sb.append("class variables: alias = ");
                sb.append(this.alias);
                sb.append(", privkey = ");
                sb.append(this.privkey == null ? "NULL" : "SET");
                sb.append(", certchain = ");
                sb.append(this.certchain == null ? "NULL" : "SET");
                logger.debug(sb.toString());
            }
            if (strArr == null) {
                logger.debug("choose client alias params: keytype = null; return alias = null");
                return null;
            }
            List asList = Arrays.asList(strArr);
            if (!(asList.contains("1.2.112.0.2.0.34.101.45.2.1") || asList.contains("Bign"))) {
                HashSet hashSet = new HashSet();
                hashSet.addAll(asList);
                hashSet.addAll(Arrays.asList(DEFAULT_KEY_TYPES));
                strArr = (String[]) hashSet.toArray(new String[0]);
            }
            ArrayList arrayList = new ArrayList();
            for (String str : strArr) {
                String[] clientAliases = getClientAliases(str, principalArr);
                if (clientAliases != null && clientAliases.length > 0) {
                    arrayList.addAll(Arrays.asList(clientAliases));
                }
            }
            String[] strArr2 = (String[]) arrayList.toArray(new String[0]);
            if (strArr2 == null || strArr2.length == 0) {
                throw new AvLoginException("В справочнике не найдено ни одного действующего сертификата.");
            }
            if (strArr2.length == 1) {
                this.alias = strArr2[0];
            } else {
                try {
                    logger.debug("choose alias");
                    this.alias = chooseAlias(strArr2);
                    logger.debug("alias = " + this.alias);
                } catch (IOException e) {
                    throw new AvLoginException("При выборе контейнера с ключом клиента произошла ошибка.", e);
                }
            }
        }
        if (logger.isDebugEnabled()) {
            StringBuilder sb2 = new StringBuilder();
            sb2.append("class variables: alias = ");
            sb2.append(this.alias);
            sb2.append(", privkey = ");
            sb2.append(this.privkey == null ? "NULL" : "SET");
            sb2.append(", certchain = ");
            sb2.append(this.certchain == null ? "NULL" : "SET");
            logger.debug(sb2.toString());
        }
        return this.alias;
    }

    public abstract String chooseAlias(String[] strArr) throws IOException;

    @Override // javax.net.ssl.X509KeyManager
    public PrivateKey getPrivateKey(String str) {
        logger.debug("get private key params: alias = " + str);
        if (logger.isDebugEnabled()) {
            StringBuilder sb = new StringBuilder();
            sb.append("class variables: alias = ");
            sb.append(this.alias);
            sb.append(", privkey = ");
            sb.append(this.privkey == null ? "NULL" : "SET");
            sb.append(", certchain = ");
            sb.append(this.certchain == null ? "NULL" : "SET");
            logger.debug(sb.toString());
        }
        if (str == null) {
            this.alias = null;
            this.privkey = null;
            this.certchain = null;
        } else {
            try {
                if (this.alias == null || !this.alias.equalsIgnoreCase(str) || this.privkey == null) {
                    this.alias = str;
                    this.privkey = (PrivateKey) this.ks.getKey(str, getPassword(str));
                }
            } catch (IOException e) {
                throw new AvLoginException(e.getMessage(), e);
            } catch (KeyStoreException e2) {
                throw new AvLoginException(e2.getMessage(), e2);
            } catch (NoSuchAlgorithmException e3) {
                throw new AvLoginException(e3.getMessage(), e3);
            } catch (UnrecoverableKeyException e4) {
                throw new AvLoginException(e4.getMessage(), e4);
            }
        }
        if (logger.isDebugEnabled()) {
            StringBuilder sb2 = new StringBuilder();
            sb2.append("class variables: alias = ");
            sb2.append(this.alias);
            sb2.append(", privkey = ");
            sb2.append(this.privkey == null ? "NULL" : "SET");
            sb2.append(", certchain = ");
            sb2.append(this.certchain == null ? "NULL" : "SET");
            logger.debug(sb2.toString());
        }
        return this.privkey;
    }

    private char[] getPassword(String str) throws IOException {
        logger.debug("get password");
        if (logger.isDebugEnabled()) {
            StringBuilder sb = new StringBuilder();
            sb.append("class variables: alias = ");
            sb.append(this.alias);
            sb.append(", privkey = ");
            sb.append(this.privkey == null ? "NULL" : "SET");
            sb.append(", certchain = ");
            sb.append(this.certchain == null ? "NULL" : "SET");
            logger.debug(sb.toString());
        }
        if (this.alias == null || !this.alias.equalsIgnoreCase(str) || this.password == null) {
            logger.debug("prompt password");
            this.password = promptPassword(str);
        }
        logger.debug("return password");
        return this.password;
    }

    public abstract char[] promptPassword(String str) throws IOException;

    @Override // javax.net.ssl.X509KeyManager
    public X509Certificate[] getCertificateChain(String str) {
        logger.debug("get certificate chain params: alias = " + str);
        if (logger.isDebugEnabled()) {
            StringBuilder sb = new StringBuilder();
            sb.append("class variables: alias = ");
            sb.append(this.alias);
            sb.append(", privkey = ");
            sb.append(this.privkey == null ? "NULL" : "SET");
            sb.append(", certchain = ");
            sb.append(this.certchain == null ? "NULL" : "SET");
            logger.debug(sb.toString());
        }
        if (str == null) {
            this.alias = null;
            this.privkey = null;
            this.certchain = null;
        } else {
            try {
                if (this.alias == null || !this.alias.equalsIgnoreCase(str) || this.certchain == null) {
                    this.alias = str;
                    logger.debug("get certificate chain");
                    this.certchain = (X509Certificate[]) this.ks.getCertificateChain(str);
                    logger.debug("certificate chain length = " + (this.certchain == null ? null : Integer.valueOf(this.certchain.length)));
                }
            } catch (KeyStoreException e) {
                throw new AvLoginException(e.getMessage(), e);
            }
        }
        if (logger.isDebugEnabled()) {
            StringBuilder sb2 = new StringBuilder();
            sb2.append("class variables: alias = ");
            sb2.append(this.alias);
            sb2.append(", privkey = ");
            sb2.append(this.privkey == null ? "NULL" : "SET");
            sb2.append(", certchain = ");
            sb2.append(this.certchain == null ? "NULL" : "SET");
            logger.debug(sb2.toString());
        }
        return this.certchain;
    }

    private static String parseUnpExtValue(X509Certificate x509Certificate, String str) throws IOException {
        byte[] extensionValue = x509Certificate.getExtensionValue(str);
        if (extensionValue == null) {
            return null;
        }
        return new DerValue(extensionValue).getData().getBMPString();
    }

    public static String bytes2Hex(byte[] bArr) {
        char[] cArr = new char[bArr.length * 2];
        for (int i = 0; i < bArr.length; i++) {
            int i2 = bArr[i] & 255;
            cArr[i * 2] = hexArray[i2 >>> 4];
            cArr[(i * 2) + 1] = hexArray[i2 & 15];
        }
        return new String(cArr);
    }

    private static String parsePubKeyIdExtValue(X509Certificate x509Certificate, String str) throws IOException {
        byte[] extensionValue = x509Certificate.getExtensionValue(str);
        if (extensionValue == null) {
            return null;
        }
        return bytes2Hex(new DerValue(extensionValue).getData().getOctetString());
    }

    private static String parseKeyID(X509Certificate x509Certificate) throws IOException {
        return parsePubKeyIdExtValue(x509Certificate, CERT_SUBJ_KEY_ID_OID);
    }

    private static String parseUNP(X509Certificate x509Certificate) throws IOException {
        String str;
        String parseUnpExtValue = parseUnpExtValue(x509Certificate, "1.2.112.1.2.1.1.1.1.2");
        String parseUnpExtValue2 = parseUnpExtValue(x509Certificate, "1.3.6.1.4.1.12656.106.101");
        if (parseUnpExtValue == null || parseUnpExtValue2 == null) {
            str = parseUnpExtValue != null ? parseUnpExtValue : parseUnpExtValue2 != null ? parseUnpExtValue2 : null;
        } else {
            if (!parseUnpExtValue.equalsIgnoreCase(parseUnpExtValue2)) {
                throw new AvLoginException("Сертификат пользователя содержит различные значения УНП: " + parseUnpExtValue + " и " + parseUnpExtValue2 + ".");
            }
            str = parseUnpExtValue;
        }
        return str;
    }

    @Override // javax.net.ssl.X509KeyManager
    public String chooseServerAlias(String str, Principal[] principalArr, Socket socket) {
        throw new UnsupportedOperationException();
    }

    @Override // javax.net.ssl.X509KeyManager
    public String[] getServerAliases(String str, Principal[] principalArr) {
        throw new UnsupportedOperationException();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void reset() {
        if (this.password != null) {
            for (int i = 0; i < this.password.length; i++) {
                this.password[i] = ' ';
            }
            this.password = null;
        }
        this.password = null;
        this.alias = null;
        this.privkey = null;
        this.certchain = null;
    }
}
