package com.sun.messaging.smime.security.pkcs11;

import com.sun.messaging.smime.security.cardapi.CardAdmin;
import com.sun.messaging.smime.security.cardapi.CardException;
import com.sun.messaging.smime.security.cardapi.CardParameters;
import com.sun.messaging.smime.security.cardapi.CardToken;
import com.sun.messaging.smime.security.pkcs11.wrapper.PKCS11Exception;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.PrivateKey;
import java.security.SignatureException;
import java.security.cert.X509Certificate;
import javax.crypto.BadPaddingException;
import javax.security.auth.login.LoginException;

/* loaded from: input_file:118208-28/SUNWmsglb/reloc/lib/config-templates/html/SMIMEApplet.jar:com/sun/messaging/smime/security/pkcs11/PKCS11CardToken.class */
class PKCS11CardToken extends CardToken {
    private final PKCS11CardReader e;
    private CardAdmin f;
    private final CardParameters g;
    private static final String h = "SmartCard";
    private final C054 i;
    private static final byte[] j = {48, 32, 48, 12, 6, 8, 42, -122, 72, -122, -9, 13, 2, 5, 5, 0, 4, 16};

    @Override // com.sun.messaging.smime.security.cardapi.CardToken
    public X509Certificate[] getCertificateChain(X509Certificate x509Certificate) throws CardException {
        try {
            return this.i.k().b(x509Certificate);
        } catch (PKCS11Exception e) {
            throw new CardException("Certificate chain building error", e);
        }
    }

    @Override // com.sun.messaging.smime.security.cardapi.CardToken
    public byte[] decrypt(X509Certificate x509Certificate, String str, byte[] bArr) throws CardException, InvalidKeyException, BadPaddingException {
        a();
        if (needsLogin()) {
            boolean z = false;
            while (!z) {
                String login = this.f.getLogin(h, "Please input card PIN");
                if (login == null) {
                    throw new CardException("Card login canceled by user");
                }
                try {
                    d(login.toCharArray());
                    z = true;
                } catch (C031 e) {
                    throw e;
                } catch (CardException e2) {
                } catch (LoginException e3) {
                }
            }
        }
        try {
            return b(this.i.k().g(x509Certificate), str, bArr);
        } catch (PKCS11Exception e4) {
            throw new CardException("Private access error", e4);
        }
    }

    private void a() throws CardException {
        if (this.e.isShutdown) {
            throw new C031("Reader has been shutdown");
        }
        if (!isValid()) {
            throw new C031("Token has been removed");
        }
    }

    private byte[] b(PrivateKey privateKey, String str, byte[] bArr) throws CardException, InvalidKeyException, BadPaddingException {
        if (!"RSA".equals(str) && !"1.2.840.113549.1.1.1".equals(str)) {
            throw new BadPaddingException("Only RSA decryption supported");
        }
        try {
            return this.i.a().a(privateKey, bArr);
        } catch (PKCS11Exception e) {
            throw new CardException("Error accessing token", e);
        }
    }

    public boolean needsLogin() throws CardException {
        try {
            if (isValid()) {
                if (!this.i.e(null)) {
                    return true;
                }
            }
            return false;
        } catch (PKCS11Exception e) {
            throw new CardException("Error querying token", e);
        }
    }

    private byte[] c(PrivateKey privateKey, String str, byte[] bArr) throws CardException, InvalidKeyException, SignatureException {
        if (!"MD5withRSA".equals(str) && !"SHA1withRSA".equals(str)) {
            throw new SignatureException("Only MD5withRSA and SHA1withRSA signing supported");
        }
        try {
            try {
                ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                byteArrayOutputStream.write(j);
                byteArrayOutputStream.write(bArr);
                return this.i.g().a(privateKey, byteArrayOutputStream.toByteArray());
            } catch (IOException e) {
                throw new CardException(new StringBuffer().append("Message digest IO error: ").append(e.toString()).toString());
            }
        } catch (PKCS11Exception e2) {
            throw new CardException("Error accessing token", e2);
        }
    }

    @Override // com.sun.messaging.smime.security.cardapi.CardToken
    public X509Certificate[] getUserCertificates() throws CardException {
        a();
        try {
            return this.i.k().f();
        } catch (PKCS11Exception e) {
            throw new CardException("Error accessing token", e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public PKCS11CardToken(PKCS11CardReader pKCS11CardReader, C054 c054, CardParameters cardParameters) {
        super(cardParameters.getProviderName());
        this.e = pKCS11CardReader;
        this.i = c054;
        this.g = cardParameters;
    }

    @Override // com.sun.messaging.smime.security.cardapi.CardToken
    public byte[] sign(X509Certificate x509Certificate, String str, byte[] bArr) throws CardException, InvalidKeyException, BadPaddingException {
        a();
        if (needsLogin()) {
            boolean z = false;
            while (!z) {
                String login = this.f.getLogin(h, "Please input card PIN");
                if (login == null) {
                    throw new CardException("Card login canceled by user");
                }
                try {
                    d(login.toCharArray());
                    z = true;
                } catch (C031 e) {
                    throw e;
                } catch (CardException e2) {
                } catch (LoginException e3) {
                }
            }
        }
        try {
            return c(this.i.k().g(x509Certificate), str, bArr);
        } catch (PKCS11Exception e4) {
            throw new CardException("Private access error", e4);
        } catch (SignatureException e5) {
            throw new CardException("Signing error", e5);
        }
    }

    private void d(char[] cArr) throws CardException, LoginException {
        a();
        try {
            if (this.i.e(null)) {
                return;
            }
            this.i.f(cArr);
        } catch (PKCS11Exception e) {
            throw new CardException("Error querying token", e);
        }
    }

    @Override // com.sun.messaging.smime.security.cardapi.CardToken
    public X509Certificate[] getTrustedCertificates() throws CardException {
        a();
        try {
            return this.i.k().k();
        } catch (PKCS11Exception e) {
            throw new CardException("Error accessing token", e);
        }
    }

    @Override // com.sun.messaging.smime.security.cardapi.CardToken
    public boolean isValid() {
        return !this.e.isShutdown && this.i.o();
    }

    @Override // com.sun.messaging.smime.security.cardapi.CardToken
    public void registerCardAdmin(CardAdmin cardAdmin) {
        this.f = cardAdmin;
    }
}
