package com.telventi.afirma.cliente.signatureformat.signaturemanager;

import com.telventi.afirma.cliente.exceptions.CanceladoPorElUsuarioException;
import com.telventi.afirma.cliente.exceptions.ClienteFirmaRuntimeException;
import com.telventi.afirma.cliente.interfaz.PasswordWindow;
import com.telventi.afirma.wsclient.WebServicesAvailable;
import iaik.cms.SecurityProvider;
import iaik.java.security.cert.CertificateEncodingException;
import iaik.java.security.cert.X509Certificate;
import java.io.ByteArrayInputStream;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Security;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.util.Enumeration;
import javax.crypto.Cipher;
import org.mozilla.jss.CryptoManager;
import org.mozilla.jss.JSSProvider;
import org.mozilla.jss.asn1.INTEGER;
import org.mozilla.jss.crypto.CryptoToken;
import org.mozilla.jss.crypto.ObjectNotFoundException;
import org.mozilla.jss.crypto.Signature;
import org.mozilla.jss.crypto.SignatureAlgorithm;
import org.mozilla.jss.crypto.TokenException;

/* loaded from: input_file:firmaFichero5/clienteFirmaAFirma5.jar:com/telventi/afirma/cliente/signatureformat/signaturemanager/SignManagerMozilla.class */
class SignManagerMozilla extends ASignManager {
    private static boolean lastMassiveSignature = true;
    private static final CryptoManager cm;

    private void logOut() {
        try {
            cm.getInternalCryptoToken().logout();
        } catch (Exception e) {
        }
        try {
            cm.getInternalKeyStorageToken().logout();
        } catch (Exception e2) {
        }
        Enumeration externalTokens = cm.getExternalTokens();
        while (externalTokens.hasMoreElements()) {
            try {
                ((CryptoToken) externalTokens.nextElement()).logout();
            } catch (Exception e3) {
            }
        }
    }

    private PrivateKey getPrivateKey(X509Certificate x509Certificate) throws SignManagerException {
        logger.log(2, "Obteniendo clave privada...");
        try {
            cm.setPasswordCallback(new PasswordWindow(4));
            java.security.cert.X509Certificate x509Certificate2 = (java.security.cert.X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(x509Certificate.getEncoded()));
            if (x509Certificate2 != null) {
                logger.info(new StringBuffer().append("Certificado de la clave ").append(x509Certificate2.getSubjectDN().toString()).toString());
            } else {
                logger.info("Certificado de la clave NULO");
            }
            return cm.findPrivKeyByCert(cm.findCertByIssuerAndSerialNumber(x509Certificate2.getIssuerX500Principal().getEncoded(), new INTEGER(x509Certificate.getSerialNumber())));
        } catch (CertificateEncodingException e) {
            throw new SignManagerException("Error CertificateEncodingException accediendo a la clave privada del certificado", e);
        } catch (CertificateException e2) {
            throw new SignManagerException("Error CertificateException accediendo a la clave privada del certificado", e2);
        } catch (ObjectNotFoundException e3) {
            throw new SignManagerException("No se ha encontrado la clave privada para el certificado", e3);
        } catch (TokenException e4) {
            throw new SignManagerException("Error de acceso a la clave privada del certificado", e4);
        }
    }

    @Override // com.telventi.afirma.cliente.signatureformat.signaturemanager.ISignManager
    public byte[] signDigitally(byte[] bArr, String str, X509Certificate x509Certificate, byte[] bArr2) throws SignManagerException {
        return signDigitally(bArr, str, x509Certificate, bArr2, lastMassiveSignature);
    }

    private byte[] signDigitally(byte[] bArr, String str, X509Certificate x509Certificate, byte[] bArr2, boolean z) throws SignManagerException {
        SignatureAlgorithm signatureAlgorithm;
        logger.log(1, "Firmando digitalmente...");
        try {
            if (showHashMessage) {
                warn(str, bArr2);
            }
            PrivateKey privateKey = getPrivateKey(x509Certificate);
            try {
                String signAlgorithmForMozilla = ALG_HELPER.getSignAlgorithmForMozilla(str);
                logger.debug(new StringBuffer().append("Algoritmo de firma: ").append(signAlgorithmForMozilla).toString());
                if (signAlgorithmForMozilla.indexOf(SecurityProvider.ALG_DIGEST_MD5) > -1) {
                    signatureAlgorithm = SignatureAlgorithm.RSASignatureWithMD5Digest;
                } else if (signAlgorithmForMozilla.indexOf("MD2") > -1) {
                    signatureAlgorithm = SignatureAlgorithm.RSASignatureWithMD2Digest;
                } else {
                    if (signAlgorithmForMozilla.indexOf(WebServicesAvailable.DEFAULT_HASH_ALGORITHM) <= -1) {
                        throw new NoSuchAlgorithmException(new StringBuffer().append("Algoritmo inválido para Firefox: ").append(signAlgorithmForMozilla).toString());
                    }
                    signatureAlgorithm = SignatureAlgorithm.RSASignatureWithSHA1Digest;
                }
                if (!(privateKey instanceof org.mozilla.jss.crypto.PrivateKey)) {
                    throw new InvalidKeyException("Clave no recuperada correctamente");
                }
                logger.debug("Iniciando firma JSSSignature");
                Signature signatureContext = ((org.mozilla.jss.crypto.PrivateKey) privateKey).getOwningToken().getSignatureContext(signatureAlgorithm);
                signatureContext.initSign((org.mozilla.jss.crypto.PrivateKey) privateKey);
                signatureContext.update(bArr);
                byte[] sign = signatureContext.sign();
                if (z) {
                    logOut();
                }
                logger.log(Integer.MIN_VALUE, new StringBuffer().append("Firmado digitalmente: ").append(signAlgorithmForMozilla).toString());
                return sign;
            } catch (InvalidKeyException e) {
                logOut();
                throw new SignManagerException(new StringBuffer().append("ERROR: Clave privada no válida: ").append(e.getMessage()).toString(), e);
            } catch (NoSuchAlgorithmException e2) {
                logOut();
                throw new SignManagerException(new StringBuffer().append("ERROR: Algoritmo no válido: ").append(str).toString(), e2);
            } catch (SignatureException e3) {
                logOut();
                throw new SignManagerException(new StringBuffer().append("ERROR de firmado: ").append(e3.getMessage()).toString(), e3);
            } catch (Exception e4) {
                logOut();
                e4.printStackTrace();
                throw new SignManagerException("ERROR: El dispositivo de seguridad ha originado una excepción no esperada.", e4);
            }
        } catch (CanceladoPorElUsuarioException e5) {
            throw new SignManagerException(e5.getMessage(), e5);
        } catch (IllegalStateException e6) {
            throw new SignManagerException(new StringBuffer().append("ERROR de firmado: ").append(e6.getMessage()).toString(), e6);
        }
    }

    private String getAsimetricAlgorithm(String str) {
        int indexOf = str.toLowerCase().indexOf("with");
        String substring = indexOf != -1 ? str.substring(indexOf + 4) : str;
        logger.debug(new StringBuffer().append("Sign alg: ").append(str).append(" / asimetric alg: ").append(substring).toString());
        return substring;
    }

    public byte[] cipher(byte[] bArr, String str, X509Certificate x509Certificate) throws SignManagerException {
        return cipher(bArr, str, x509Certificate, lastMassiveSignature);
    }

    private byte[] cipher(byte[] bArr, String str, X509Certificate x509Certificate, boolean z) throws SignManagerException {
        logger.log(1, "Cifrando hash...");
        try {
            PrivateKey privateKey = getPrivateKey(x509Certificate);
            try {
                Cipher cipher = Cipher.getInstance(getAsimetricAlgorithm(ALG_HELPER.getSignAlgorithmForMozilla(str)));
                cipher.init(1, privateKey);
                byte[] doFinal = cipher.doFinal(bArr);
                if (z) {
                    logOut();
                }
                logger.log(Integer.MIN_VALUE, "Hash cifrado.");
                return doFinal;
            } catch (Throwable th) {
                if (z) {
                    logOut();
                }
                throw th;
            }
        } catch (Exception e) {
            throw new SignManagerException(new StringBuffer().append("Error de cifrado: ").append(e).toString());
        }
    }

    @Override // com.telventi.afirma.cliente.signatureformat.signaturemanager.ASignManager, com.telventi.afirma.cliente.signatureformat.signaturemanager.ISignManager
    public byte[] decipher(byte[] bArr, String str, X509Certificate x509Certificate) throws SignManagerException {
        logger.log(1, "Cifrando hash...");
        try {
            PrivateKey privateKey = getPrivateKey(x509Certificate);
            try {
                Cipher cipher = Cipher.getInstance(getAsimetricAlgorithm(ALG_HELPER.getSignAlgorithmForMozilla(str)));
                cipher.init(2, privateKey);
                byte[] doFinal = cipher.doFinal(bArr);
                logOut();
                logger.log(Integer.MIN_VALUE, "Hash cifrado.");
                return doFinal;
            } catch (Throwable th) {
                logOut();
                throw th;
            }
        } catch (Exception e) {
            throw new SignManagerException(new StringBuffer().append("Error de cifrado: ").append(e).toString());
        }
    }

    @Override // com.telventi.afirma.cliente.signatureformat.signaturemanager.ASignManager, com.telventi.afirma.cliente.signatureformat.signaturemanager.ISignManager
    public void setLastSignature_MassiveMode(boolean z) {
        lastMassiveSignature = z;
    }

    static {
        try {
            if (Security.getProvider("Mozilla-JSS") == null) {
                logger.debug("Added JSS Provider.");
                Security.addProvider(new JSSProvider());
            } else {
                logger.debug("JSSProvider previusly instantiated");
            }
            cm = CryptoManager.getInstance();
            cm.setPasswordCallback(new PasswordWindow(4));
        } catch (CryptoManager.NotInitializedException e) {
            throw new ClienteFirmaRuntimeException(new StringBuffer().append("Error iniciando CryptoManager: ").append(e.getMessage()).toString(), e);
        }
    }
}
