package es.gob.afirma.keystores;

import es.gob.afirma.core.AOCancelledOperationException;
import es.gob.afirma.core.keystores.NameCertificateBean;
import es.gob.afirma.core.misc.AOUtil;
import es.gob.afirma.core.misc.Platform;
import es.gob.afirma.core.ui.AOUIFactory;
import es.gob.afirma.keystores.callbacks.CachePasswordCallback;
import es.gob.afirma.keystores.filters.CertificateFilter;
import java.io.File;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.logging.Logger;
import javax.security.auth.x500.X500Principal;

/* loaded from: input_file:es/gob/afirma/keystores/KeyStoreUtilities.class */
public final class KeyStoreUtilities {
    static final Logger a = Logger.getLogger("es.gob.afirma");
    private static final X500Principal b = new X500Principal("CN=AC DNIE 001, OU=DNIE, O=DIRECCION GENERAL DE LA POLICIA, C=ES");
    private static final String[] c = {"DNIe_P11_priv.dll", "DNIe_P11_pub.dll", "FNMT_P11.dll", "UsrPkcs11.dll", "UsrPubPkcs11.dll"};

    private KeyStoreUtilities() {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String a(String str, String str2, Integer num) {
        StringBuilder sb = new StringBuilder("library=");
        if (str.contains(")") || str.contains("(")) {
            sb.append(getShort(str));
        } else {
            sb.append(str);
        }
        sb.append("\r\n").append("name=").append(str2 != null ? str2 : "AFIRMA-PKCS11").append("\r\nshowInfo=false\r\n");
        if (num != null) {
            sb.append("slot=").append(num).append("\r\n");
        }
        String[] strArr = c;
        int length = strArr.length;
        int i = 0;
        while (true) {
            if (i >= length) {
                break;
            }
            if (strArr[i].equalsIgnoreCase(new File(str).getName())) {
                sb.append("disabledMechanisms={ CKM_SHA1_RSA_PKCS }\r\n");
                break;
            }
            i++;
        }
        a.info("Creada configuracion PKCS#11:\r\n" + sb.toString());
        return sb.toString();
    }

    public static Map getAliasesByFriendlyName(String[] strArr, AOKeyStoreManager aOKeyStoreManager, boolean z, boolean z2, List list) {
        String[] strArr2 = (String[]) strArr.clone();
        Hashtable hashtable = new Hashtable(strArr2.length);
        for (String str : strArr2) {
            hashtable.put(str, str);
        }
        if (aOKeyStoreManager != null) {
            for (String str2 : (String[]) hashtable.keySet().toArray(new String[hashtable.size()])) {
                try {
                    X509Certificate certificate = aOKeyStoreManager.getCertificate(str2);
                    if (certificate == null) {
                        a.warning("El KeyStore no permite extraer el certificado publico para el siguiente alias: " + str2);
                    } else {
                        if (!z2) {
                            try {
                                certificate.checkValidity();
                            } catch (Exception e) {
                                a.info("Se ocultara el certificado '" + str2 + "' por no ser valido: " + e);
                                hashtable.remove(str2);
                            }
                        }
                        if (z) {
                            try {
                                if (aOKeyStoreManager.getKeyEntry(str2, new CachePasswordCallback(new char[0])) == null) {
                                    hashtable.remove(str2);
                                    a.info("El certificado '" + str2 + "' no era tipo trusted pero su clave tampoco era de tipo privada, no se mostrara");
                                }
                            } catch (UnsupportedOperationException e2) {
                                hashtable.remove(str2);
                                a.info("Se ha ocultado un certificado por no soportar operaciones de clave privada: " + e2);
                            } catch (Exception e3) {
                            }
                        }
                    }
                } catch (RuntimeException e4) {
                    if ("es.gob.jmulticard.ui.passwordcallback.CancelledOperationException".equals(e4.getClass().getName()) || "es.gob.jmulticard.card.AuthenticationModeLockedException".equals(e4.getClass().getName()) || "es.gob.jmulticard.jse.provider.BadPasswordProviderException".equals(e4.getClass().getName()) || "es.gob.jmulticard.jse.provider.SignatureAuthException".equals(e4.getClass().getName())) {
                        throw e4;
                    }
                    a.warning("No se ha inicializado el KeyStore indicado: " + e4);
                }
            }
            if (list != null && list.size() > 0) {
                Hashtable hashtable2 = new Hashtable();
                Iterator it = list.iterator();
                while (it.hasNext()) {
                    for (String str3 : ((CertificateFilter) it.next()).matches((String[]) hashtable.keySet().toArray(new String[0]), aOKeyStoreManager)) {
                        hashtable2.put(str3, hashtable.get(str3));
                    }
                }
                hashtable.clear();
                hashtable.putAll(hashtable2);
            }
            for (String str4 : (String[]) hashtable.keySet().toArray(new String[0])) {
                String cn = AOUtil.getCN(aOKeyStoreManager.getCertificate(str4));
                if (cn != null) {
                    hashtable.put(str4, cn);
                } else {
                    hashtable.put(str4, str4.trim());
                }
            }
        } else {
            for (String str5 : (String[]) hashtable.keySet().toArray(new String[hashtable.size()])) {
                String str6 = (String) hashtable.get(str5);
                if (str6.length() > 120) {
                    String cn2 = AOUtil.getCN(str6);
                    if (cn2 != null) {
                        hashtable.put(str5, cn2);
                    } else {
                        hashtable.put(str5, str6.substring(0, 120 - "...".length()) + "...");
                    }
                } else {
                    hashtable.put(str5, str6.trim());
                }
            }
        }
        return hashtable;
    }

    public static String showCertSelectionDialog(String[] strArr, AOKeyStoreManager aOKeyStoreManager, Object obj, boolean z, boolean z2, boolean z3) {
        return showCertSelectionDialog(strArr, aOKeyStoreManager, obj, z, z2, z3, null, false);
    }

    public static String showCertSelectionDialog(String[] strArr, AOKeyStoreManager aOKeyStoreManager, Object obj, boolean z, boolean z2, boolean z3, List list, boolean z4) {
        if ((strArr == null && aOKeyStoreManager == null) || (strArr != null && strArr.length == 0)) {
            throw new AOCertificatesNotFoundException("El almacen no contenia entradas");
        }
        Map aliasesByFriendlyName = getAliasesByFriendlyName(strArr != null ? strArr : aOKeyStoreManager.getAliases(), aOKeyStoreManager, z, z3, list);
        if (aliasesByFriendlyName.size() == 0) {
            throw new AOCertificatesNotFoundException("El almacen no contenia entradas validas");
        }
        if (z4 && aliasesByFriendlyName.size() == 1) {
            return aliasesByFriendlyName.keySet().toArray()[0].toString();
        }
        int i = 0;
        NameCertificateBean[] nameCertificateBeanArr = new NameCertificateBean[aliasesByFriendlyName.size()];
        for (String str : (String[]) aliasesByFriendlyName.keySet().toArray(new String[0])) {
            int i2 = i;
            i++;
            nameCertificateBeanArr[i2] = new NameCertificateBean(str, (String) aliasesByFriendlyName.get(str), aOKeyStoreManager.getCertificate(str));
        }
        Arrays.sort(nameCertificateBeanArr, new j());
        String str2 = (String) AOUIFactory.showCertificateSelectionDialog(obj, nameCertificateBeanArr);
        if (str2 == null) {
            throw new AOCancelledOperationException("Operacion de seleccion de certificado cancelada");
        }
        if (z2 && aOKeyStoreManager != null) {
            String str3 = null;
            try {
                aOKeyStoreManager.getCertificate(str2).checkValidity();
            } catch (CertificateExpiredException e) {
                str3 = i.a("KeyStoreUtilities.2");
            } catch (CertificateNotYetValidException e2) {
                str3 = i.a("KeyStoreUtilities.3");
            } catch (Exception e3) {
                str3 = i.a("KeyStoreUtilities.4");
            }
            boolean z5 = false;
            if (str3 != null) {
                a.warning("Error durante la validacion: " + str3);
                if (AOUIFactory.showConfirmDialog(obj, str3, i.a("KeyStoreUtilities.5"), AOUIFactory.YES_NO_OPTION, AOUIFactory.WARNING_MESSAGE) == AOUIFactory.YES_OPTION) {
                    return str2;
                }
                z5 = true;
            }
            if (z5) {
                throw new AOCancelledOperationException("Se ha reusado un certificado probablemente no valido");
            }
        }
        return str2;
    }

    public static String getShort(String str) {
        if (str == null || !Platform.OS.WINDOWS.equals(Platform.getOS())) {
            return str;
        }
        if (!new File(str).exists()) {
            return str;
        }
        try {
            return new String(AOUtil.getDataFromInputStream(new ProcessBuilder("cmd.exe", "/c", "for %f in (\"" + str + "\") do @echo %~sf").start().getInputStream())).trim();
        } catch (Exception e) {
            a.warning("No se ha podido obtener el nombre corto de " + str + ": " + e);
            return str;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean a(AOKeyStoreManager aOKeyStoreManager) {
        for (String str : aOKeyStoreManager.getAliases()) {
            if (aOKeyStoreManager.getCertificate(str).getIssuerX500Principal().equals(b)) {
                return true;
            }
        }
        return false;
    }
}
