package sun.security.pkcs11;

import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.MessageDigest;
import java.security.ProviderException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import sun.security.pkcs11.wrapper.PKCS11;
import sun.security.pkcs11.wrapper.PKCS11Exception;

/* loaded from: classes.dex */
public final class Secmod {
    private static final Secmod a;
    private long b;
    private boolean c;
    private List<c> d;
    private String e;
    private String f;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: sun.security.pkcs11.Secmod$1, reason: invalid class name */
    /* loaded from: classes.dex */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] a;

        static {
            try {
                b[TrustType.CLIENT_AUTH.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                b[TrustType.SERVER_AUTH.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                b[TrustType.CODE_SIGNING.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                b[TrustType.EMAIL_PROTECTION.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
            try {
                b[TrustType.ALL.ordinal()] = 5;
            } catch (NoSuchFieldError e5) {
            }
            a = new int[ModuleType.values().length];
            try {
                a[ModuleType.EXTERNAL.ordinal()] = 1;
            } catch (NoSuchFieldError e6) {
            }
            try {
                a[ModuleType.CRYPTO.ordinal()] = 2;
            } catch (NoSuchFieldError e7) {
            }
            try {
                a[ModuleType.KEYSTORE.ordinal()] = 3;
            } catch (NoSuchFieldError e8) {
            }
            try {
                a[ModuleType.FIPS.ordinal()] = 4;
            } catch (NoSuchFieldError e9) {
            }
            try {
                a[ModuleType.TRUSTANCHOR.ordinal()] = 5;
            } catch (NoSuchFieldError e10) {
            }
        }
    }

    /* loaded from: classes.dex */
    public enum DbMode {
        READ_WRITE("NSS_InitReadWrite"),
        READ_ONLY("NSS_Init"),
        NO_DB("NSS_NoDB_Init");

        final String functionName;

        DbMode(String str) {
            this.functionName = str;
        }
    }

    /* loaded from: classes.dex */
    public enum ModuleType {
        CRYPTO,
        KEYSTORE,
        FIPS,
        TRUSTANCHOR,
        EXTERNAL
    }

    /* loaded from: classes.dex */
    public enum TrustType {
        ALL,
        CLIENT_AUTH,
        SERVER_AUTH,
        CODE_SIGNING,
        EMAIL_PROTECTION
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public static class a {
        final byte[] a;

        a(byte[] bArr) {
            this.a = bArr;
        }

        public boolean equals(Object obj) {
            if (this == obj) {
                return true;
            }
            if (obj instanceof a) {
                return Arrays.equals(this.a, ((a) obj).a);
            }
            return false;
        }

        public int hashCode() {
            return Arrays.hashCode(this.a);
        }
    }

    /* loaded from: classes.dex */
    public static final class b implements KeyStore.LoadStoreParameter {
        final TrustType a;
        final KeyStore.ProtectionParameter b;

        public TrustType a() {
            return this.a;
        }

        @Override // java.security.KeyStore.LoadStoreParameter
        public KeyStore.ProtectionParameter getProtectionParameter() {
            return this.b;
        }
    }

    /* loaded from: classes.dex */
    public static final class c {
        final String a;
        final String b;
        final int c;
        final ModuleType d;
        private String e;
        private SunPKCS11 f;
        private Map<a, d> g;

        private SunPKCS11 c() {
            try {
                return new SunPKCS11(new ByteArrayInputStream(this.e.getBytes("UTF8")));
            } catch (Exception e) {
                throw new ProviderException(e);
            }
        }

        public ModuleType a() {
            return this.d;
        }

        d a(a aVar) {
            if (this.g == null) {
                synchronized (this) {
                    SunPKCS11 sunPKCS11 = this.f;
                    if (sunPKCS11 == null) {
                        sunPKCS11 = c();
                    }
                    try {
                        this.g = Secmod.b(sunPKCS11);
                    } catch (PKCS11Exception e) {
                        throw new RuntimeException(e);
                    }
                }
            }
            return this.g.get(aVar);
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public void a(SunPKCS11 sunPKCS11) {
            if (this.f != null) {
                throw new ProviderException("Secmod provider already initialized");
            }
            this.f = sunPKCS11;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public synchronized void a(ak akVar, X509Certificate x509Certificate) {
            a aVar = new a(Secmod.b(x509Certificate, "SHA-1"));
            d a = a(aVar);
            if (a == null) {
                this.g.put(aVar, new d(akVar, x509Certificate, aVar, 3461563218L));
            } else if (!a.a(TrustType.ALL)) {
                throw new ProviderException("Cannot change existing trust attributes");
            }
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public synchronized boolean b() {
            return this.f != null;
        }

        public String toString() {
            return this.b + " (" + this.d + ", " + this.a + ", slot " + this.c + ")";
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes.dex */
    public static class d {
        final long a;
        final long b;
        final long c;
        final long d;
        final long e;
        final byte[] f;

        d(ak akVar, X509Certificate x509Certificate, a aVar, long j) {
            ac acVar = null;
            try {
                try {
                    acVar = akVar.f();
                    this.a = akVar.b.C_CreateObject(acVar.a(), new sun.security.pkcs11.wrapper.b[]{new sun.security.pkcs11.wrapper.b(1L, true), new sun.security.pkcs11.wrapper.b(0L, 3461563219L), new sun.security.pkcs11.wrapper.b(3461571416L, j), new sun.security.pkcs11.wrapper.b(3461571418L, j), new sun.security.pkcs11.wrapper.b(3461571419L, j), new sun.security.pkcs11.wrapper.b(3461571417L, j), new sun.security.pkcs11.wrapper.b(3461571508L, aVar.a), new sun.security.pkcs11.wrapper.b(3461571509L, Secmod.b(x509Certificate, "MD5")), new sun.security.pkcs11.wrapper.b(129L, x509Certificate.getIssuerX500Principal().getEncoded()), new sun.security.pkcs11.wrapper.b(130L, x509Certificate.getSerialNumber().toByteArray())});
                    this.f = aVar.a;
                    this.b = j;
                    this.c = j;
                    this.d = j;
                    this.e = j;
                } catch (PKCS11Exception e) {
                    throw new ProviderException("Could not create trust object", e);
                }
            } finally {
                akVar.d(acVar);
            }
        }

        d(ak akVar, ac acVar, long j) {
            long j2;
            this.a = j;
            sun.security.pkcs11.wrapper.b[] bVarArr = {new sun.security.pkcs11.wrapper.b(3461571416L), new sun.security.pkcs11.wrapper.b(3461571418L), new sun.security.pkcs11.wrapper.b(3461571419L), new sun.security.pkcs11.wrapper.b(3461571508L)};
            akVar.b.C_GetAttributeValue(acVar.a(), j, bVarArr);
            this.c = bVarArr[0].e();
            this.d = bVarArr[1].e();
            this.e = bVarArr[2].e();
            this.f = bVarArr[3].d();
            sun.security.pkcs11.wrapper.b[] bVarArr2 = {new sun.security.pkcs11.wrapper.b(3461571417L)};
            try {
                akVar.b.C_GetAttributeValue(acVar.a(), j, bVarArr2);
                j2 = bVarArr2[0].e();
            } catch (PKCS11Exception e) {
                j2 = this.c;
            }
            this.b = j2;
        }

        private boolean a(long j) {
            return j == 3461563218L;
        }

        a a() {
            return new a(this.f);
        }

        boolean a(TrustType trustType) {
            switch (trustType) {
                case CLIENT_AUTH:
                    return a(this.b);
                case SERVER_AUTH:
                    return a(this.c);
                case CODE_SIGNING:
                    return a(this.d);
                case EMAIL_PROTECTION:
                    return a(this.e);
                case ALL:
                    return a(TrustType.CLIENT_AUTH) && a(TrustType.SERVER_AUTH) && a(TrustType.CODE_SIGNING) && a(TrustType.EMAIL_PROTECTION);
                default:
                    return false;
            }
        }
    }

    static {
        PKCS11.a();
        a = new Secmod();
    }

    private Secmod() {
    }

    private d a(ModuleType moduleType, a aVar) {
        c a2 = a(moduleType);
        if (a2 == null) {
            return null;
        }
        return a2.a(aVar);
    }

    public static Secmod a() {
        return a;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static Map<a, d> b(SunPKCS11 sunPKCS11) {
        HashMap hashMap = new HashMap();
        ak token = sunPKCS11.getToken();
        ac acVar = null;
        try {
            acVar = token.f();
            token.b.C_FindObjectsInit(acVar.a(), new sun.security.pkcs11.wrapper.b[]{new sun.security.pkcs11.wrapper.b(0L, 3461563219L)});
            long[] C_FindObjects = token.b.C_FindObjects(acVar.a(), 8192);
            token.b.C_FindObjectsFinal(acVar.a());
            for (long j : C_FindObjects) {
                d dVar = new d(token, acVar, j);
                hashMap.put(dVar.a(), dVar);
            }
            return hashMap;
        } finally {
            token.d(acVar);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static byte[] b(X509Certificate x509Certificate, String str) {
        try {
            return MessageDigest.getInstance(str).digest(x509Certificate.getEncoded());
        } catch (GeneralSecurityException e) {
            throw new ProviderException(e);
        }
    }

    private boolean f() {
        if (this.b == 0) {
            this.b = nssGetLibraryHandle(System.mapLibraryName("nss3"));
            if (this.b != 0) {
                g();
            }
        }
        return this.b != 0;
    }

    private void g() {
        this.c = nssVersionCheck(this.b, "3.7");
    }

    private static native long nssGetLibraryHandle(String str);

    private static native Object nssGetModuleList(long j, String str);

    private static native boolean nssInitialize(String str, long j, String str2, boolean z);

    private static native long nssLoadLibrary(String str);

    private static native boolean nssVersionCheck(long j, String str);

    public c a(ModuleType moduleType) {
        for (c cVar : e()) {
            if (cVar.a() == moduleType) {
                return cVar;
            }
        }
        return null;
    }

    public synchronized void a(DbMode dbMode, String str, String str2, boolean z) {
        if (b()) {
            throw new IOException("NSS is already initialized");
        }
        if (dbMode == null) {
            throw new NullPointerException();
        }
        if (dbMode != DbMode.NO_DB && str == null) {
            throw new NullPointerException();
        }
        String mapLibraryName = System.mapLibraryName("nss3");
        if (str2 != null) {
            File file = new File(str2);
            if (!file.isDirectory()) {
                throw new IOException("nssLibDir must be a directory:" + str2);
            }
            File file2 = new File(file, mapLibraryName);
            if (!file2.isFile()) {
                throw new FileNotFoundException(file2.getPath());
            }
            mapLibraryName = file2.getPath();
        }
        if (str != null) {
            File file3 = new File(str);
            if (!file3.isDirectory()) {
                throw new IOException("configDir must be a directory: " + str);
            }
            File file4 = new File(file3, "secmod.db");
            if (!file4.isFile()) {
                throw new FileNotFoundException(file4.getPath());
            }
        }
        this.b = nssLoadLibrary(mapLibraryName);
        g();
        if (!this.c) {
            throw new IOException("The specified version of NSS is incompatible, 3.7 or later required");
        }
        if (!nssInitialize(dbMode.functionName, this.b, str, z)) {
            throw new IOException("NSS initialization failed");
        }
        this.e = str;
        this.f = str2;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean a(X509Certificate x509Certificate, TrustType trustType) {
        a aVar = new a(b(x509Certificate, "SHA-1"));
        d a2 = a(ModuleType.KEYSTORE, aVar);
        if (a2 == null && (a2 = a(ModuleType.FIPS, aVar)) == null) {
            a2 = a(ModuleType.TRUSTANCHOR, aVar);
        }
        if (a2 == null) {
            return false;
        }
        return a2.a(trustType);
    }

    public synchronized boolean b() {
        boolean z;
        if (!f()) {
            z = false;
        } else {
            if (!this.c) {
                throw new IOException("An incompatible version of NSS is already loaded, 3.7 or later required");
            }
            z = true;
        }
        return z;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String c() {
        return this.e;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String d() {
        return this.f;
    }

    public synchronized List<c> e() {
        try {
            if (!b()) {
                throw new IllegalStateException("NSS not initialized");
            }
            if (this.d == null) {
                this.d = Collections.unmodifiableList((List) nssGetModuleList(this.b, this.f));
            }
        } catch (IOException e) {
            throw new IllegalStateException(e);
        }
        return this.d;
    }
}
