package tr.ebg.signatureapplet.sign;

import iaik.asn1.ASN;
import iaik.asn1.ASN1Object;
import iaik.asn1.CON_SPEC;
import iaik.asn1.CodingException;
import iaik.asn1.DerCoder;
import iaik.asn1.INTEGER;
import iaik.asn1.OCTET_STRING;
import iaik.asn1.ObjectID;
import iaik.asn1.PrintableString;
import iaik.asn1.SEQUENCE;
import iaik.asn1.SET;
import iaik.asn1.UTF8String;
import iaik.asn1.structures.AlgorithmID;
import iaik.asn1.structures.Attribute;
import iaik.asn1.structures.ChoiceOfTime;
import iaik.cms.CMSException;
import iaik.cms.CMSSignatureException;
import iaik.cms.ContentInfo;
import iaik.cms.DigestInfo;
import iaik.cms.IssuerAndSerialNumber;
import iaik.cms.OtherCertificate;
import iaik.cms.SecurityProvider;
import iaik.cms.SignedData;
import iaik.cms.SignerInfo;
import iaik.cms.attributes.CMSContentType;
import iaik.pkcs.pkcs11.Mechanism;
import iaik.pkcs.pkcs11.Session;
import iaik.pkcs.pkcs11.Token;
import iaik.pkcs.pkcs11.TokenException;
import iaik.pkcs.pkcs11.objects.Object;
import iaik.pkcs.pkcs11.objects.RSAPrivateKey;
import iaik.utils.Util;
import iaik.x509.X509Certificate;
import iaik.x509.qualified.QualifiedCertificateException;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.SignatureException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.spec.RSAPrivateKeySpec;
import java.util.List;
import tr.ebg.signatureapplet.enums.LogType;
import tr.ebg.signatureapplet.model.DdsCertificate;
import tr.ebg.signatureapplet.util.BaseUtil;

/* loaded from: input_file:tr/ebg/signatureapplet/sign/IaikPkcs11Sign.class */
public class IaikPkcs11Sign extends InitilizePkcs11 {
    private String pkcs11ModuleName;
    private boolean m_bInitByThisLib;
    private Session currentSession;
    private Token p11Token;
    private byte[] sha1AlgPrefix;
    private static final byte[] sha256AlgPrefix = {48, 49, 48, 13, 6, 9, 96, -122, 72, 1, 101, 3, 4, 2, 1, 5, 0, 4, 32};
    private static IaikPkcs11Sign m_pkcsSign = null;
    private Boolean m_islogin;

    private IaikPkcs11Sign(int i) throws IOException, TokenException, UnsatisfiedLinkError, Exception {
        super(i);
        this.currentSession = null;
        this.p11Token = null;
        this.sha1AlgPrefix = new byte[]{48, 33, 48, 9, 6, 5, 43, 14, 3, 2, 26, 5, 0, 4, 20};
        this.m_islogin = false;
    }

    public static IaikPkcs11Sign GetInstance(int i) throws IOException, TokenException, UnsatisfiedLinkError, Exception {
        if (m_pkcsSign != null) {
            return m_pkcsSign;
        }
        IaikPkcs11Sign iaikPkcs11Sign = new IaikPkcs11Sign(i);
        m_pkcsSign = iaikPkcs11Sign;
        return iaikPkcs11Sign;
    }

    public byte[] Sign(byte[] bArr, String str, DdsCertificate ddsCertificate, Boolean bool) throws TokenException {
        try {
            try {
                this.p11Token = this.pkcs11Module.getSlotList(false)[ddsCertificate.getSlotId()].getToken();
                byte[] bArr2 = null;
                if (this.currentSession == null) {
                    this.currentSession = this.p11Token.openSession(true, false, null, null);
                    this.currentSession.login(true, str.toCharArray());
                    this.m_islogin = true;
                }
                this.currentSession.findObjectsInit(new RSAPrivateKey());
                Object[] findObjects = this.currentSession.findObjects(10);
                if (findObjects != null && 0 < findObjects.length) {
                    RSAPrivateKey rSAPrivateKey = ddsCertificate.getManufactureId().trim().equals("Prime") ? (RSAPrivateKey) findObjects[1] : (RSAPrivateKey) findObjects[0];
                    byte[] bArr3 = new byte[sha256AlgPrefix.length + bArr.length];
                    System.arraycopy(sha256AlgPrefix, 0, bArr3, 0, sha256AlgPrefix.length);
                    System.arraycopy(bArr, 0, bArr3, sha256AlgPrefix.length, bArr.length);
                    this.currentSession.signInit(Mechanism.RSA_PKCS, rSAPrivateKey);
                    bArr2 = this.currentSession.sign(bArr3);
                    BaseUtil.printLog(LogType.INFO, "İmzalama Başarılı");
                }
                this.currentSession.findObjectsFinal();
                byte[] bArr4 = bArr2;
                if (this.currentSession != null && !bool.booleanValue()) {
                    m_pkcsSign = null;
                    BaseUtil.printLog(LogType.INFO, "Finalized");
                }
                return bArr4;
            } catch (TokenException e) {
                throw e;
            }
        } catch (Throwable th) {
            if (this.currentSession != null && !bool.booleanValue()) {
                m_pkcsSign = null;
                BaseUtil.printLog(LogType.INFO, "Finalized");
            }
            throw th;
        }
    }

    public SEQUENCE EtugraCer2(X509Certificate x509Certificate) throws NoSuchAlgorithmException, CertificateEncodingException {
        SEQUENCE sequence = new SEQUENCE();
        SEQUENCE sequence2 = new SEQUENCE();
        SEQUENCE sequence3 = new SEQUENCE();
        SEQUENCE sequence4 = new SEQUENCE();
        sequence4.addComponent(new ObjectID("2.16.840.1.101.3.4.2.1"));
        sequence3.addComponent(sequence4);
        sequence3.addComponent(new OCTET_STRING(MessageDigest.getInstance("SHA256").digest(x509Certificate.getEncoded())));
        SEQUENCE sequence5 = new SEQUENCE();
        SEQUENCE sequence6 = new SEQUENCE();
        SEQUENCE sequence7 = new SEQUENCE();
        SET set = new SET();
        SEQUENCE sequence8 = new SEQUENCE();
        ObjectID objectID = new ObjectID("2.5.4.3");
        UTF8String uTF8String = new UTF8String("EBG Nitelikli Elektronik Sertifika Hizmet Sağlayıcısı");
        sequence8.addComponent(objectID);
        sequence8.addComponent(uTF8String);
        set.addComponent(sequence8);
        SET set2 = new SET();
        SEQUENCE sequence9 = new SEQUENCE();
        ObjectID objectID2 = new ObjectID("2.5.4.10");
        UTF8String uTF8String2 = new UTF8String("EBG Bilişim Teknolojileri ve Hizmetleri A.Ş.");
        sequence9.addComponent(objectID2);
        sequence9.addComponent(uTF8String2);
        set2.addComponent(sequence9);
        SET set3 = new SET();
        SEQUENCE sequence10 = new SEQUENCE();
        ObjectID objectID3 = new ObjectID("2.5.4.6");
        PrintableString printableString = new PrintableString("TR");
        sequence10.addComponent(objectID3);
        sequence10.addComponent(printableString);
        set3.addComponent(sequence10);
        sequence7.addComponent(set);
        sequence7.addComponent(set2);
        sequence7.addComponent(set3);
        sequence6.addComponent(new CON_SPEC(4, sequence7));
        sequence5.addComponent(sequence6);
        sequence5.addComponent(new INTEGER(x509Certificate.getSerialNumber()));
        sequence3.addComponent(sequence5);
        sequence2.addComponent(sequence3);
        sequence.addComponent(sequence2);
        return sequence;
    }

    public SEQUENCE TurkTrust2(X509Certificate x509Certificate) throws NoSuchAlgorithmException, CertificateEncodingException {
        SEQUENCE sequence = new SEQUENCE();
        SEQUENCE sequence2 = new SEQUENCE();
        SEQUENCE sequence3 = new SEQUENCE();
        SEQUENCE sequence4 = new SEQUENCE();
        sequence4.addComponent(new ObjectID("2.16.840.1.101.3.4.2.1"));
        sequence3.addComponent(sequence4);
        sequence3.addComponent(new OCTET_STRING(MessageDigest.getInstance("SHA256").digest(x509Certificate.getEncoded())));
        SEQUENCE sequence5 = new SEQUENCE();
        SEQUENCE sequence6 = new SEQUENCE();
        SEQUENCE sequence7 = new SEQUENCE();
        SET set = new SET();
        SEQUENCE sequence8 = new SEQUENCE();
        ObjectID objectID = new ObjectID("2.5.4.3");
        UTF8String uTF8String = new UTF8String("TÜRKTRUST Nitelikli Elektronik Sertifika Hizmetleri");
        sequence8.addComponent(objectID);
        sequence8.addComponent(uTF8String);
        set.addComponent(sequence8);
        SET set2 = new SET();
        SEQUENCE sequence9 = new SEQUENCE();
        ObjectID objectID2 = new ObjectID("2.5.4.10");
        UTF8String uTF8String2 = new UTF8String("TÜRKTRUST Bilgi İletişim ve Bilişim Güvenliği Hizmetleri A.Ş. (c) Aralık 2007");
        sequence9.addComponent(objectID2);
        sequence9.addComponent(uTF8String2);
        set2.addComponent(sequence9);
        SET set3 = new SET();
        SEQUENCE sequence10 = new SEQUENCE();
        ObjectID objectID3 = new ObjectID("2.5.4.6");
        PrintableString printableString = new PrintableString("TR");
        sequence10.addComponent(objectID3);
        sequence10.addComponent(printableString);
        set3.addComponent(sequence10);
        SET set4 = new SET();
        SEQUENCE sequence11 = new SEQUENCE();
        ObjectID objectID4 = new ObjectID("2.5.4.11");
        UTF8String uTF8String3 = new UTF8String("Dayanak: T.C. 5070 sayılı Elektronik İmza Kanunu");
        sequence11.addComponent(objectID4);
        sequence11.addComponent(uTF8String3);
        set4.addComponent(sequence11);
        sequence7.addComponent(set);
        sequence7.addComponent(set3);
        sequence7.addComponent(set2);
        sequence7.addComponent(set4);
        sequence6.addComponent(new CON_SPEC(4, sequence7));
        sequence5.addComponent(sequence6);
        sequence5.addComponent(new INTEGER(x509Certificate.getSerialNumber()));
        sequence3.addComponent(sequence5);
        sequence2.addComponent(sequence3);
        sequence.addComponent(sequence2);
        return sequence;
    }

    public static PrivateKey generateRsaPrivateKey(BigInteger bigInteger, BigInteger bigInteger2) {
        try {
            return KeyFactory.getInstance(SecurityProvider.IMPLEMENTATION_NAME_RSA).generatePrivate(new RSAPrivateKeySpec(bigInteger, bigInteger2));
        } catch (Exception e) {
            return null;
        }
    }

    public byte[] SignCMS(byte[] bArr, String str, List<DdsCertificate> list, DdsCertificate ddsCertificate) throws UnsupportedEncodingException, CertificateException, NoSuchAlgorithmException, TokenException, CMSException, IOException, QualifiedCertificateException, CodingException, CMSSignatureException, InvalidKeyException, SignatureException {
        this.p11Token = this.pkcs11Module.getSlotList(false)[ddsCertificate.getSlotId()].getToken();
        if (this.currentSession == null) {
            this.currentSession = this.p11Token.openSession(true, false, null, null);
            this.currentSession.login(true, str.toCharArray());
            this.m_islogin = true;
        }
        this.currentSession.findObjectsInit(new RSAPrivateKey());
        Object[] findObjects = this.currentSession.findObjects(10);
        if (findObjects == null || 0 >= findObjects.length) {
            return null;
        }
        RSAPrivateKey rSAPrivateKey = ddsCertificate.getManufactureId().trim().equals("Prime") ? (RSAPrivateKey) findObjects[1] : (RSAPrivateKey) findObjects[0];
        SignedData signedData = new SignedData(bArr, 1);
        X509Certificate x509Certificate = new X509Certificate(ddsCertificate.getCert().getEncoded());
        OtherCertificate[] otherCertificateArr = new OtherCertificate[list.size()];
        for (int i = 0; i < list.size(); i++) {
            otherCertificateArr[i] = new OtherCertificate(ObjectID.x509Certificate, list.get(i).getCert().getEncoded());
        }
        signedData.setCertificates(Util.createCertificateChain(x509Certificate, otherCertificateArr));
        signedData.setContent(bArr);
        MessageDigest messageDigest = MessageDigest.getInstance("SHA256");
        byte[] digest = messageDigest.digest(bArr);
        SignerInfo signerInfo = new SignerInfo(new IssuerAndSerialNumber(x509Certificate), AlgorithmID.sha256, AlgorithmID.rsaEncryption, null);
        Attribute[] attributeArr = new Attribute[4];
        attributeArr[0] = new Attribute(new CMSContentType(ObjectID.cms_data));
        attributeArr[1] = new Attribute(ObjectID.signingTime, new ASN1Object[]{new ChoiceOfTime().toASN1Object()});
        attributeArr[2] = new Attribute(ObjectID.messageDigest, new ASN1Object[]{new OCTET_STRING(digest)});
        if (x509Certificate.getIssuerDN().toString().contains("EBG")) {
            attributeArr[3] = new Attribute(ObjectID.signingCertificateV2, new ASN1Object[]{EtugraCer2(x509Certificate)});
        } else if (x509Certificate.getIssuerDN().toString().contains("TÜRKTRUST")) {
            attributeArr[3] = new Attribute(ObjectID.signingCertificateV2, new ASN1Object[]{TurkTrust2(x509Certificate)});
        }
        signerInfo.setSignedAttributes(attributeArr);
        byte[] digest2 = messageDigest.digest(DerCoder.encode(ASN.createSetOf(signerInfo.getSignedAttributes())));
        new DigestInfo(AlgorithmID.sha256, digest2).toByteArray();
        byte[] bArr2 = new byte[sha256AlgPrefix.length + digest2.length];
        System.arraycopy(sha256AlgPrefix, 0, bArr2, 0, sha256AlgPrefix.length);
        System.arraycopy(digest2, 0, bArr2, sha256AlgPrefix.length, digest2.length);
        this.currentSession.signInit(Mechanism.RSA_PKCS, rSAPrivateKey);
        signerInfo.setSignatureValue(this.currentSession.sign(bArr2));
        signedData.addSignerInfo(signerInfo);
        signedData.setMessageDigest(AlgorithmID.sha256, digest);
        return new ContentInfo(signedData).getEncoded();
    }

    public void finalize() throws TokenException {
        if (this.pkcs11Module == null || !this.m_bInitByThisLib) {
            this.pkcs11Module = null;
        } else {
            this.pkcs11Module.finalize(null);
        }
        this.m_bInitByThisLib = false;
        m_pkcsSign = null;
        logout();
    }

    public void reset() throws TokenException {
        logout();
        finalize();
    }

    public void logout() throws TokenException {
        if (!this.m_islogin.booleanValue() || this.currentSession == null) {
            return;
        }
        closeSession();
    }

    public void closeSession() throws TokenException {
        this.currentSession.logout();
    }
}
