package com.sun.messaging.smime.security.capi;

import com.sun.messaging.smime.applet.AppletLogger;
import com.sun.messaging.smime.applet.SMIMEAppletAPI;
import com.sun.messaging.smime.security.cardapi.CardAdmin;
import com.sun.messaging.smime.security.cardapi.CardException;
import com.sun.messaging.smime.security.cardapi.CardToken;
import java.io.ByteArrayInputStream;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;

/* loaded from: input_file:118208-37/SUNWmsglb/reloc/lib/config-templates/html/token-win32.jar:com/sun/messaging/smime/security/capi/CardTokenCAPI.class */
public class CardTokenCAPI extends CardToken {
    Map m_mapCerts;
    List m_listTrusted;
    X509Certificate[] m_arrCerts;
    CardAdmin m_cardAdmin;

    /* JADX INFO: Access modifiers changed from: protected */
    public CardTokenCAPI(String str) {
        super(str);
    }

    @Override // com.sun.messaging.smime.security.cardapi.CardToken
    public boolean isValid() throws CardException {
        return true;
    }

    @Override // com.sun.messaging.smime.security.cardapi.CardToken
    public X509Certificate[] getUserCertificates() throws CardException {
        if (this.m_mapCerts == null) {
            this.m_mapCerts = loadUserCerts();
            this.m_arrCerts = (X509Certificate[]) this.m_mapCerts.keySet().toArray(new X509Certificate[this.m_mapCerts.size()]);
        }
        return this.m_arrCerts;
    }

    @Override // com.sun.messaging.smime.security.cardapi.CardToken
    public X509Certificate[] getTrustedCertificates() throws CardException {
        if (this.m_listTrusted == null) {
            this.m_listTrusted = loadCerts(CAPIBridge.CA_CERTS);
        }
        return (X509Certificate[]) this.m_listTrusted.toArray(new X509Certificate[this.m_listTrusted.size()]);
    }

    @Override // com.sun.messaging.smime.security.cardapi.CardToken
    public byte[] sign(X509Certificate x509Certificate, String str, byte[] bArr) throws CardException, InvalidKeyException, SignatureException, BadPaddingException {
        String str2 = (String) this.m_mapCerts.get(x509Certificate);
        String str3 = SMIMEAppletAPI.DIGEST_MD5;
        if (str.equalsIgnoreCase("MD5withRSA")) {
            str3 = SMIMEAppletAPI.DIGEST_MD5;
        } else if (str.equalsIgnoreCase("SHA1withRSA")) {
            str3 = SMIMEAppletAPI.DIGEST_SHA1;
        }
        return CAPIBridge.signDigest(str2, str3, bArr);
    }

    @Override // com.sun.messaging.smime.security.cardapi.CardToken
    public byte[] decrypt(X509Certificate x509Certificate, String str, byte[] bArr) throws CardException, InvalidKeyException, BadPaddingException {
        return CAPIBridge.decrypt((String) this.m_mapCerts.get(x509Certificate), "RSA", bArr);
    }

    @Override // com.sun.messaging.smime.security.cardapi.CardToken
    public X509Certificate[] getCertificateChain(X509Certificate x509Certificate) throws CardException {
        return new X509Certificate[]{x509Certificate};
    }

    @Override // com.sun.messaging.smime.security.cardapi.CardToken
    public void registerCardAdmin(CardAdmin cardAdmin) {
        this.m_cardAdmin = cardAdmin;
    }

    private Map loadUserCerts() throws CardException {
        ArrayList arrayList = new ArrayList();
        HashMap hashMap = new HashMap();
        int openStore = openStore(CAPIBridge.USER_CERTS);
        try {
            int CertEnumCertificatesInStore = CAPIBridge.CertEnumCertificatesInStore(openStore, 0);
            if (CertEnumCertificatesInStore == 0) {
                throw new CardException("No Certs MY");
            }
            while (CertEnumCertificatesInStore != 0) {
                arrayList.add(new Integer(CertEnumCertificatesInStore));
                byte[] CertGetCert = CAPIBridge.CertGetCert(CertEnumCertificatesInStore);
                if (CertGetCert != null) {
                    try {
                        X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(CertGetCert));
                        String CertGetCertAlias = CAPIBridge.CertGetCertAlias(CertEnumCertificatesInStore);
                        if (CertGetCertAlias != null) {
                            hashMap.put(x509Certificate, CertGetCertAlias);
                        } else {
                            AppletLogger.error(new StringBuffer().append("No alias for ").append(x509Certificate.getSubjectDN().toString()).toString());
                        }
                    } catch (CertificateException e) {
                        throw new CardException("Failed to decode CAPI cert", e);
                    }
                }
                CertEnumCertificatesInStore = CAPIBridge.CertEnumCertificatesInStore(openStore, CertEnumCertificatesInStore);
            }
            return hashMap;
        } finally {
            closeStore(openStore);
        }
    }

    private int openStore(String str) throws CardException {
        int CertOpenSystemStore = CAPIBridge.CertOpenSystemStore(0, str);
        if (CertOpenSystemStore == 0) {
            throw new CardException(new StringBuffer().append("Failed to open CAPI Cert store: ").append(str).toString());
        }
        return CertOpenSystemStore;
    }

    private void closeStore(int i) throws CardException {
        if (i > 0 && !CAPIBridge.CertCloseStore(i, 1)) {
            throw new CardException("Failed to close store");
        }
    }

    private void testCert(X509Certificate x509Certificate) {
        try {
            Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
            cipher.init(1, x509Certificate.getPublicKey());
            if (new String(decrypt(x509Certificate, "RSA", cipher.doFinal("This is a load of stuff to encrypt".getBytes()))).equals("This is a load of stuff to encrypt")) {
                System.out.println("Decrypted OK");
            } else {
                System.out.println("Decryption failed.");
            }
            byte[] bytes = "This is load of stuff to sign".getBytes();
            byte[] sign = sign(x509Certificate, "RSA", MessageDigest.getInstance(SMIMEAppletAPI.DIGEST_MD5).digest(bytes));
            Signature signature = Signature.getInstance("MD5withRSA");
            signature.initVerify(x509Certificate.getPublicKey());
            signature.update(bytes);
            if (signature.verify(sign)) {
                System.out.println("Signature OK");
            } else {
                System.out.println("Signature Failed");
            }
        } catch (Exception e) {
            e.printStackTrace();
        }
    }

    private List loadCerts(String str) throws CardException {
        ArrayList arrayList = new ArrayList();
        int openStore = openStore(str);
        try {
            int CertEnumCertificatesInStore = CAPIBridge.CertEnumCertificatesInStore(openStore, 0);
            if (CertEnumCertificatesInStore == 0) {
                throw new CardException(new StringBuffer().append("No Certs ").append(str).toString());
            }
            while (CertEnumCertificatesInStore != 0) {
                byte[] CertGetCert = CAPIBridge.CertGetCert(CertEnumCertificatesInStore);
                if (CertGetCert != null) {
                    try {
                        arrayList.add((X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(CertGetCert)));
                    } catch (CertificateException e) {
                        throw new CardException("Failed to decode CAPI cert", e);
                    }
                }
                CertEnumCertificatesInStore = CAPIBridge.CertEnumCertificatesInStore(openStore, CertEnumCertificatesInStore);
            }
            return arrayList;
        } finally {
            closeStore(openStore);
        }
    }
}
