package com.telventi.afirma.cliente.certmanager;

import com.telventi.afirma.cliente.common.EnvHelper;
import com.telventi.afirma.cliente.exceptions.ClienteFirmaRuntimeException;
import com.telventi.afirma.cliente.interfaz.PasswordWindow;
import com.telventi.afirma.cliente.utilidades.Platform;
import iaik.asn1.DerInputStream;
import iaik.asn1.structures.AlgorithmID;
import iaik.java.security.cert.CertificateException;
import iaik.java.security.cert.CertificateFactory;
import iaik.java.security.cert.X509Certificate;
import iaik.javax.crypto.Cipher;
import iaik.security.cipher.SecretKey;
import java.awt.Component;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FilenameFilter;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.Key;
import java.security.cert.CertificateEncodingException;
import java.security.spec.AlgorithmParameterSpec;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Map;
import javax.swing.JOptionPane;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.BERInputStream;
import org.mozilla.jss.CertDatabaseException;
import org.mozilla.jss.CryptoManager;
import org.mozilla.jss.KeyDatabaseException;
import org.mozilla.jss.asn1.INTEGER;
import org.mozilla.jss.asn1.InvalidBERException;
import org.mozilla.jss.asn1.OCTET_STRING;
import org.mozilla.jss.asn1.SET;
import org.mozilla.jss.crypto.AlreadyInitializedException;
import org.mozilla.jss.crypto.CryptoToken;
import org.mozilla.jss.crypto.InternalCertificate;
import org.mozilla.jss.crypto.KeyWrapAlgorithm;
import org.mozilla.jss.crypto.KeyWrapper;
import org.mozilla.jss.crypto.ObjectNotFoundException;
import org.mozilla.jss.crypto.PrivateKey;
import org.mozilla.jss.crypto.SymmetricKey;
import org.mozilla.jss.crypto.TokenException;
import org.mozilla.jss.pkcs11.PK11InternalCert;
import org.mozilla.jss.pkix.cms.EncryptedContentInfo;
import org.mozilla.jss.pkix.cms.EnvelopedData;
import org.mozilla.jss.pkix.cms.IssuerAndSerialNumber;
import org.mozilla.jss.pkix.cms.RecipientInfo;
import org.mozilla.jss.pkix.primitive.Name;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:firmaFichero5/clienteFirmaAFirma5.jar:com/telventi/afirma/cliente/certmanager/CertManagerMozilla.class */
public class CertManagerMozilla extends ACertManager {
    private static CryptoManager cm = null;
    private String[] names;
    private String[] aliases;
    private X509Certificate[] certificates;
    private final Object lock = new Object();
    private Map certificatesByName = new HashMap();
    private Map certificatesByAlias = new HashMap();

    /* JADX INFO: Access modifiers changed from: package-private */
    public CertManagerMozilla() throws CertManagerException {
        logger.log(Integer.MIN_VALUE, "Iniciando CertManagerMozilla...");
        try {
            initCryptoManager();
            try {
                reload();
            } catch (CertManagerException e) {
                throw new CertManagerException("Error al cargar certificados del almacén Mozilla.", e);
            }
        } catch (CertManagerException e2) {
            throw new CertManagerException("Error al inicializar el almacen de certificados Mozilla.", e2);
        }
    }

    private void addCertificates(Map map) {
        for (Map.Entry entry : map.entrySet()) {
            String str = (String) entry.getKey();
            X509Certificate x509Certificate = (X509Certificate) entry.getValue();
            String certificateName = getCertificateName(x509Certificate);
            this.certificatesByAlias.put(str, x509Certificate);
            this.certificatesByName.put(certificateName, x509Certificate);
        }
    }

    @Override // com.telventi.afirma.cliente.certmanager.ICertManager
    public void reload() throws CertManagerException {
        try {
            synchronized (this.lock) {
                this.certificatesByAlias.clear();
                this.certificatesByName.clear();
                addCertificates(getInternalCertificates());
                addCertificates(getExternalCertificates());
                this.aliases = (String[]) this.certificatesByAlias.keySet().toArray(new String[this.certificatesByAlias.size()]);
                this.names = new String[this.aliases.length];
                this.certificates = new X509Certificate[this.aliases.length];
                for (int i = 0; i < this.aliases.length; i++) {
                    this.certificates[i] = (X509Certificate) this.certificatesByAlias.get(this.aliases[i]);
                    this.names[i] = getCertificateName(this.certificates[i]);
                }
            }
        } catch (CertificateException e) {
            throw new CertManagerException(new StringBuffer().append("Error CertificateException cargando certificados: ").append(e.getMessage()).toString(), e);
        } catch (IOException e2) {
            throw new CertManagerException(new StringBuffer().append("Error de E/S cargando certificados: ").append(e2.getMessage()).toString(), e2);
        } catch (CertificateEncodingException e3) {
            throw new CertManagerException(new StringBuffer().append("Error CertificateEncodingException cargando certificados: ").append(e3.getMessage()).toString(), e3);
        } catch (TokenException e4) {
            throw new CertManagerException(new StringBuffer().append("Error TokenException cargando certificados: ").append(e4.getMessage()).toString(), e4);
        }
    }

    @Override // com.telventi.afirma.cliente.certmanager.ICertManager
    public void restrictTo(X509Certificate[] x509CertificateArr) {
        HashMap hashMap = new HashMap();
        for (int i = 0; i < this.certificates.length; i++) {
            boolean z = false;
            for (int i2 = 0; i2 < x509CertificateArr.length && !z; i2++) {
                z = this.certificates[i].equals(x509CertificateArr[i2]);
                if (z) {
                    hashMap.put(this.aliases[i], this.certificates[i]);
                }
            }
        }
        synchronized (this.lock) {
            this.certificatesByAlias.clear();
            this.certificatesByName.clear();
            addCertificates(hashMap);
            this.aliases = (String[]) this.certificatesByAlias.keySet().toArray(new String[this.certificatesByAlias.size()]);
            this.names = (String[]) this.certificatesByName.keySet().toArray(new String[this.certificatesByName.size()]);
            this.certificates = (X509Certificate[]) this.certificatesByAlias.values().toArray(new X509Certificate[this.certificatesByAlias.size()]);
            for (int i3 = 0; i3 < this.aliases.length; i3++) {
                this.certificates[i3] = (X509Certificate) this.certificatesByAlias.get(this.aliases[i3]);
                this.names[i3] = getCertificateName(this.certificates[i3]);
            }
        }
    }

    private static void initCryptoManager() throws CertManagerException {
        logger.log(Integer.MIN_VALUE, "initCryptoManager...");
        if (cm == null) {
            try {
                logger.debug("Trazando instanciacion de initCrytoManager...");
                String guessProfileDir = guessProfileDir();
                String property = System.getProperty("afirma.user.path");
                try {
                    logger.debug(new StringBuffer().append("Invocando CryptoManager.initialize(").append(guessProfileDir).append(",").append(property).append(")").toString());
                    CryptoManager.initialize(guessProfileDir, property);
                } catch (NoSuchMethodError e) {
                    JOptionPane.showMessageDialog((Component) null, new StringBuffer().append("Se ha detectado una versión incorrecta de jss33.jar\n\nEs posible que exista una versión anterior de jss33.jar en el directorio \nde extensión de la JRE. Esta versión no es compatible con la versión del\nCliente que desea ejecutar. Para solucionar el problema copie la librería:\n      ").append(property).append(File.separator).append("jss33.jar\n").append("al directorio:\n").append("      ").append(System.getProperty("java.ext.dirs")).append(",\n").append("sobrescribiendo si fuera necesario.").toString(), "Error de incompatibilidad de librerías", 0);
                    throw new CertManagerException("Problema al cargar librerías nativas", e);
                } catch (CryptoManager.NativeDependencyException e2) {
                    logger.log(5, new StringBuffer().append("Error al inicializar las bibliotecas nativas: ").append(e2.getMessage()).toString());
                    throw new CryptoManager.NativeDependencyException("No se han encontrado las librerías nativas JSS3 en el path.");
                } catch (AlreadyInitializedException e3) {
                    logger.log(Integer.MIN_VALUE, (Throwable) e3);
                }
                cm = CryptoManager.getInstance();
                cm.setPasswordCallback(new PasswordWindow(4));
            } catch (CertManagerException e4) {
                throw new CertManagerException(new StringBuffer().append("Error CertManagerException inicializando CryptoManager: ").append(e4.getMessage()).toString(), e4);
            } catch (GeneralSecurityException e5) {
                throw new CertManagerException(new StringBuffer().append("Error GeneralSecurityException inicializando CryptoManager: ").append(e5.getMessage()).toString(), e5);
            } catch (CertDatabaseException e6) {
                throw new CertManagerException(new StringBuffer().append("Error CertDatabaseException inicializando CryptoManager: ").append(e6.getMessage()).toString(), e6);
            } catch (CryptoManager.NativeDependencyException e7) {
                logger.log(5, new StringBuffer().append("Error al inicializar las bibliotecas nativas: ").append(e7.getMessage()).toString());
                JOptionPane.showMessageDialog((Component) null, new StringBuffer().append("No se han podido copiar las librerías necesarias para Firefox.  \nEs probable que no tenga privilegios de escritura en directorios\ndel PATH. Siga las instrucciones para solucionar este problema: \n   1.Pulse botón derecho sobre Mi PC y seleccione Propiedades\n   2.Seleccione Opciones Avanzadas. \n   3.Pulse el botón Variables de entorno.\n   4.Busque la variable PATH y modifiquela añadiendo:\n       ").append((String) null).append("\n").append("   5.Reinicie Firefox.").toString(), "Error al copiar librerías Mozilla-JSS", 0);
                throw new CertManagerException("No se han encontrado las librerías nativas JSS3 en el path.");
            } catch (CryptoManager.NotInitializedException e8) {
                throw new CertManagerException(new StringBuffer().append("Error NotInitializedException inicializando CryptoManager: ").append(e8.getMessage()).toString(), e8);
            } catch (KeyDatabaseException e9) {
                throw new CertManagerException(new StringBuffer().append("Error KeyDatabaseException inicializando CryptoManager: ").append(e9.getMessage()).toString(), e9);
            }
        }
    }

    private static String guessProfileBaseDir() throws CertManagerException {
        String[] strArr;
        File file;
        logger.log(Integer.MIN_VALUE, "guessProfileBaseDir...");
        String property = System.getProperty("user.name");
        String property2 = System.getProperty("user.home");
        String envVarIgnoreCase = EnvHelper.getEnvVarIgnoreCase("AppData");
        if (envVarIgnoreCase != null) {
            if (envVarIgnoreCase.toUpperCase().indexOf(property.toUpperCase()) < 0) {
                System.out.println(new StringBuffer().append("No se ha encontrado ").append(property).append(" en ").append(envVarIgnoreCase).toString());
            }
            File file2 = new File(envVarIgnoreCase);
            if (file2 == null || !file2.exists() || !file2.isDirectory()) {
                char[] charArray = envVarIgnoreCase.toCharArray();
                char[] charArray2 = property2.toCharArray();
                int i = 0;
                while (true) {
                    if (i >= charArray2.length) {
                        break;
                    }
                    if (charArray.length <= i) {
                        charArray = new String(charArray2).toCharArray();
                        break;
                    }
                    if (charArray2[i] != charArray[i]) {
                        charArray[i] = charArray2[i];
                    }
                    i++;
                }
                envVarIgnoreCase = new String(charArray);
                System.out.println(new StringBuffer().append("ApplicationDataDir reconfigurado a: ").append(envVarIgnoreCase).toString());
            }
        }
        if (Platform.firefox) {
            strArr = new String[]{new StringBuffer().append(property2).append("/.mozilla/Firefox/Profiles/").toString(), new StringBuffer().append(property2).append("/.mozilla/firefox/").toString(), new StringBuffer().append(envVarIgnoreCase).append("/Mozilla/Firefox/Profiles/").toString(), new StringBuffer().append(envVarIgnoreCase).append("/Mozilla/Firefox/").toString(), new StringBuffer().append(envVarIgnoreCase).append("/Phoenix/Profiles/").toString()};
        } else {
            if (!Platform.mozilla) {
                throw new CertManagerException("Plataforma no soportada");
            }
            strArr = new String[]{new StringBuffer().append(property2).append("/.mozilla/").append("default").append("/").toString(), new StringBuffer().append(envVarIgnoreCase).append("/Mozilla/Profiles/").append("default").append("/").toString()};
        }
        int i2 = 0;
        do {
            file = new File(strArr[i2]);
            i2++;
            if (file.exists()) {
                break;
            }
        } while (i2 < strArr.length);
        if (!file.exists()) {
            throw new CertManagerException("No se ha encontrado el directorio base de profiles.");
        }
        System.out.println(new StringBuffer().append("Directorio de perfiles detectado: ").append(file.getAbsolutePath()).toString());
        return file.getAbsolutePath();
    }

    private static String guessProfileDir() throws CertManagerException {
        logger.log(Integer.MIN_VALUE, "guessProfileDir...");
        File file = new File(guessProfileBaseDir());
        String[] list = file.list(new FilenameFilter() { // from class: com.telventi.afirma.cliente.certmanager.CertManagerMozilla.1
            @Override // java.io.FilenameFilter
            public boolean accept(File file2, String str) {
                return str.endsWith(".slt") || str.endsWith(".default");
            }
        });
        if (list == null || list.length == 0) {
            throw new CertManagerException("No se ha encontrador el directorio de profiles.");
        }
        logger.log(1, new StringBuffer().append(list.length).append(" profiles encontrados.").toString());
        String absolutePath = new File(file, list[0]).getAbsolutePath();
        logger.log(2, new StringBuffer().append("Usando profile ").append(absolutePath).toString());
        return absolutePath;
    }

    private Map getInternalCertificates() throws CertificateException, IOException, TokenException, CertificateEncodingException {
        org.mozilla.jss.crypto.X509Certificate[] certificates = cm.getInternalKeyStorageToken().getCryptoStore().getCertificates();
        HashMap hashMap = new HashMap();
        for (int i = 0; i < certificates.length; i++) {
            InternalCertificate internalCertificate = (InternalCertificate) certificates[i];
            if (internalCertificate.getSSLTrust() == 64) {
                PK11InternalCert pK11InternalCert = (PK11InternalCert) internalCertificate;
                logger.log(Integer.MIN_VALUE, "Certificado de usuario encontrado:");
                logger.log(Integer.MIN_VALUE, new StringBuffer().append("###").append(pK11InternalCert.getVersion()).toString());
                logger.log(Integer.MIN_VALUE, new StringBuffer().append("###").append(pK11InternalCert.getSerialNumber()).toString());
                logger.log(Integer.MIN_VALUE, new StringBuffer().append("###").append(pK11InternalCert.getNickname()).toString());
                logger.log(Integer.MIN_VALUE, new StringBuffer().append("###").append(pK11InternalCert.getIssuerDN().getName()).toString());
                logger.log(Integer.MIN_VALUE, new StringBuffer().append("###").append(pK11InternalCert.getPublicKey()).toString());
                logger.log(Integer.MIN_VALUE, new StringBuffer().append("###").append(pK11InternalCert.getSubjectDN()).toString());
                hashMap.put(((PK11InternalCert) certificates[i]).getNickname(), toX509(certificates[i]));
            } else {
                logger.debug(new StringBuffer().append("Certificado interno de no-usuario encontrado (SSLTrust= ").append(internalCertificate.getSSLTrust()).append("): ").append(internalCertificate.getSubjectDN().getName()).toString());
            }
        }
        return hashMap;
    }

    private X509Certificate toX509(org.mozilla.jss.crypto.X509Certificate x509Certificate) throws CertificateException, IOException, CertificateEncodingException {
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(x509Certificate.getEncoded());
        try {
            X509Certificate x509Certificate2 = (X509Certificate) certificateFactory.generateCertificate(byteArrayInputStream);
            byteArrayInputStream.close();
            return x509Certificate2;
        } catch (Throwable th) {
            byteArrayInputStream.close();
            throw th;
        }
    }

    private Map getExternalCertificates() throws TokenException, CertificateException, IOException, CertificateEncodingException {
        logger.log(Integer.MIN_VALUE, "initExternalCertificates...");
        Enumeration externalTokens = cm.getExternalTokens();
        HashMap hashMap = new HashMap();
        while (externalTokens.hasMoreElements()) {
            org.mozilla.jss.crypto.X509Certificate[] certificates = ((CryptoToken) externalTokens.nextElement()).getCryptoStore().getCertificates();
            for (int i = 0; i < certificates.length; i++) {
                InternalCertificate internalCertificate = (InternalCertificate) certificates[i];
                if (internalCertificate.getSSLTrust() == 64) {
                    PK11InternalCert pK11InternalCert = (PK11InternalCert) internalCertificate;
                    logger.log(Integer.MIN_VALUE, "Certificado externo de usuario encontrado:");
                    logger.log(Integer.MIN_VALUE, new StringBuffer().append("###").append(pK11InternalCert.getVersion()).toString());
                    logger.log(Integer.MIN_VALUE, new StringBuffer().append("###").append(pK11InternalCert.getSerialNumber()).toString());
                    logger.log(Integer.MIN_VALUE, new StringBuffer().append("###").append(pK11InternalCert.getNickname()).toString());
                    logger.log(Integer.MIN_VALUE, new StringBuffer().append("###").append(pK11InternalCert.getIssuerDN().getName()).toString());
                    logger.log(Integer.MIN_VALUE, new StringBuffer().append("###").append(pK11InternalCert.getPublicKey()).toString());
                    logger.log(Integer.MIN_VALUE, new StringBuffer().append("###").append(pK11InternalCert.getSubjectDN()).toString());
                    hashMap.put(certificates[i].getNickname(), toX509(certificates[i]));
                } else {
                    logger.log(Integer.MIN_VALUE, new StringBuffer().append("Certificado externo de no-usuario encontrado (SSL Trust = ").append(internalCertificate.getSSLTrust()).append("): ").append(internalCertificate.getSubjectDN().getName()).toString());
                }
            }
        }
        return hashMap;
    }

    @Override // com.telventi.afirma.cliente.certmanager.ICertManager
    public String[] getNames() {
        String[] strArr;
        synchronized (this.lock) {
            strArr = this.names;
        }
        return strArr;
    }

    @Override // com.telventi.afirma.cliente.certmanager.ICertManager
    public String[] getAliases() {
        String[] strArr;
        synchronized (this.lock) {
            strArr = this.aliases;
        }
        return strArr;
    }

    @Override // com.telventi.afirma.cliente.certmanager.ICertManager
    public X509Certificate[] getCertificates() {
        X509Certificate[] x509CertificateArr;
        synchronized (this.lock) {
            x509CertificateArr = this.certificates;
        }
        return x509CertificateArr;
    }

    @Override // com.telventi.afirma.cliente.certmanager.ICertManager
    public X509Certificate getCertificateWithIndex(int i) {
        X509Certificate x509Certificate;
        synchronized (this.lock) {
            x509Certificate = this.certificates[i];
        }
        return x509Certificate;
    }

    @Override // com.telventi.afirma.cliente.certmanager.ICertManager
    public X509Certificate getCertificateWithAlias(String str) {
        X509Certificate x509Certificate;
        synchronized (this.lock) {
            x509Certificate = (X509Certificate) this.certificatesByAlias.get(str);
        }
        return x509Certificate;
    }

    @Override // com.telventi.afirma.cliente.certmanager.ICertManager
    public X509Certificate getCertificateWithName(String str) {
        X509Certificate x509Certificate;
        synchronized (this.lock) {
            x509Certificate = (X509Certificate) this.certificatesByName.get(str);
        }
        return x509Certificate;
    }

    @Override // com.telventi.afirma.cliente.certmanager.ICertManager
    public Key getPrivateKey(X509Certificate x509Certificate) throws CertificateException, java.security.cert.CertificateException, ObjectNotFoundException, TokenException {
        PrivateKey findPrivKeyByCert;
        synchronized (this.lock) {
            cm.setPasswordCallback(new PasswordWindow(4));
            findPrivKeyByCert = cm.findPrivKeyByCert(cm.findCertByIssuerAndSerialNumber(((java.security.cert.X509Certificate) java.security.cert.CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(x509Certificate.getEncoded()))).getIssuerX500Principal().getEncoded(), new INTEGER(x509Certificate.getSerialNumber())));
        }
        return findPrivKeyByCert;
    }

    @Override // com.telventi.afirma.cliente.certmanager.ICertManager
    public Key getPrivateKey(INTEGER integer, Name name) throws ObjectNotFoundException, TokenException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            name.encode(byteArrayOutputStream);
            return cm.findPrivKeyByCert(cm.findCertByIssuerAndSerialNumber(byteArrayOutputStream.toByteArray(), integer));
        } catch (IOException e) {
            throw new ObjectNotFoundException("Error IO.");
        }
    }

    @Override // com.telventi.afirma.cliente.certmanager.ICertManager
    public byte[] decipherEnvelopedCMS(byte[] bArr) {
        EnvelopedData envelopedData;
        SymmetricKey.Type type;
        EnvelopedData.Template template = new EnvelopedData.Template();
        try {
            iaik.cms.EnvelopedData envelopedData2 = new iaik.cms.EnvelopedData(new ByteArrayInputStream(bArr));
            try {
                BERInputStream bERInputStream = new BERInputStream(new ByteArrayInputStream(bArr));
                try {
                    envelopedData = (EnvelopedData) template.decode(new ASN1InputStream(bArr));
                } catch (InvalidBERException e) {
                    try {
                        envelopedData = (EnvelopedData) template.decode(bERInputStream);
                    } catch (InvalidBERException e2) {
                        envelopedData = (EnvelopedData) template.decode(new ByteArrayInputStream(envelopedData2.getEncoded()));
                    }
                }
                SET recipientInfos = envelopedData.getRecipientInfos();
                RecipientInfo[] recipientInfoArr = new RecipientInfo[recipientInfos.size()];
                SymmetricKey symmetricKey = null;
                ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                EncryptedContentInfo encryptedContentInfo = envelopedData.getEncryptedContentInfo();
                encryptedContentInfo.getContentEncryptionAlgorithm().encode(byteArrayOutputStream);
                AlgorithmID algorithmID = new AlgorithmID(new DerInputStream(new ByteArrayInputStream(byteArrayOutputStream.toByteArray())));
                logger.debug(new StringBuffer().append("Algoritmo usado: ").append(algorithmID.getImplementationName()).append(" : ").append(algorithmID.getRawImplementationName()).toString());
                logger.info("Analizando receptores...");
                for (int i = 0; i < recipientInfos.size() && symmetricKey == null; i++) {
                    recipientInfoArr[i] = (RecipientInfo) recipientInfos.elementAt(i);
                    PrivateKey privateKeyByIssuerAndSerial = getPrivateKeyByIssuerAndSerial(recipientInfoArr[i].getissuerAndSerialNumber());
                    if (privateKeyByIssuerAndSerial != null) {
                        logger.info(new StringBuffer().append("Certificado autorizado encontrado en almacén: ").append(recipientInfoArr[i].getissuerAndSerialNumber().getIssuer().getRFC1485()).append(" SN#=").append(recipientInfoArr[i].getissuerAndSerialNumber().getSerialNumber()).toString());
                        OCTET_STRING encryptedKey = recipientInfoArr[i].getEncryptedKey();
                        KeyWrapper keyWrapper = cm.getInternalKeyStorageToken().getKeyWrapper(KeyWrapAlgorithm.RSA);
                        keyWrapper.initUnwrap(privateKeyByIssuerAndSerial, (AlgorithmParameterSpec) null);
                        if (algorithmID.getRawImplementationName().indexOf("AES") >= 0) {
                            type = SymmetricKey.Type.AES;
                        } else if (algorithmID.getRawImplementationName().indexOf("3DES") >= 0) {
                            type = SymmetricKey.Type.DES3;
                        } else if (algorithmID.getRawImplementationName().indexOf("DES") >= 0) {
                            type = SymmetricKey.Type.DES;
                        } else {
                            if (algorithmID.getRawImplementationName().indexOf("RC4") < 0) {
                                throw new ClienteFirmaRuntimeException(new StringBuffer().append("Algoritmo ").append(algorithmID.getName()).append(" no soportado por Mozilla JSS").toString());
                            }
                            type = SymmetricKey.Type.RC4;
                        }
                        symmetricKey = keyWrapper.unwrapSymmetric(encryptedKey.toByteArray(), type, SymmetricKey.Usage.DECRYPT, 0);
                    }
                }
                if (symmetricKey == null) {
                    throw new ClienteFirmaRuntimeException("No se ha encontrado un certificado autorizado para la recuperación del sobre.");
                }
                logger.info("Desencriptando sobre...");
                byte[] byteArray = encryptedContentInfo.getEncryptedContent().toByteArray();
                Cipher cipherInstance = algorithmID.getCipherInstance();
                cipherInstance.init(2, new SecretKey(symmetricKey.getKeyData(), algorithmID.getRawImplementationName()), algorithmID.getAlgorithmParameters());
                byte[] doFinal = cipherInstance.doFinal(byteArray);
                if (doFinal.length < 128) {
                    logger.info(new StringBuffer().append("Resultado recuperado:").append(HEX_HELPER.toHex(doFinal)).toString());
                } else {
                    byte[] bArr2 = new byte[128];
                    System.arraycopy(doFinal, 0, bArr2, 0, 128);
                    logger.info(new StringBuffer().append("Resultado recuperado:").append(HEX_HELPER.toHex(bArr2)).append("...").toString());
                }
                return doFinal;
            } catch (Exception e3) {
                throw new ClienteFirmaRuntimeException("Error al descifrar el sobre digital", e3);
            }
        } catch (Exception e4) {
            e4.printStackTrace();
            return null;
        }
    }

    private PrivateKey getPrivateKeyByIssuerAndSerial(IssuerAndSerialNumber issuerAndSerialNumber) {
        PrivateKey privateKey;
        try {
            X509Certificate recoverCertificate = recoverCertificate(issuerAndSerialNumber.getIssuer(), issuerAndSerialNumber.getSerialNumber());
            if (recoverCertificate != null) {
                logger.info(new StringBuffer().append("Certificado encontrado: ").append(recoverCertificate.getSubjectDN().getName()).toString());
                privateKey = (PrivateKey) getPrivateKey(recoverCertificate);
            } else {
                privateKey = null;
            }
            return privateKey;
        } catch (CertificateEncodingException e) {
            throw new ClienteFirmaRuntimeException("Error CertificateEncodingException accediendo a la clave privada del certificado", e);
        } catch (java.security.cert.CertificateException e2) {
            throw new ClienteFirmaRuntimeException("Error CertificateException accediendo a la clave privada del certificado", e2);
        } catch (ObjectNotFoundException e3) {
            logger.error(new StringBuffer().append("No se ha encontrado la clave privada para el certificado ").append((String) null).toString());
            return null;
        } catch (TokenException e4) {
            throw new ClienteFirmaRuntimeException("Error de acceso a la clave privada del certificado", e4);
        } catch (Exception e5) {
            throw new ClienteFirmaRuntimeException("Error al recuperar la clave privada del certificado.", e5);
        }
    }

    private X509Certificate recoverCertificate(Name name, INTEGER integer) throws Exception {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        name.encode(byteArrayOutputStream);
        iaik.asn1.structures.Name name2 = new iaik.asn1.structures.Name(byteArrayOutputStream.toByteArray());
        for (int i = 0; i < this.certificates.length; i++) {
            if (this.certificates[i].getIssuerDN().getName().equals(name2.getName()) && this.certificates[i].getSerialNumber().longValue() == integer.longValue()) {
                return this.certificates[i];
            }
        }
        return null;
    }
}
