package eu.europa.esig.dss.token;

import eu.europa.esig.dss.DSSException;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.KeyStore;
import java.security.Provider;
import java.security.ProviderException;
import java.security.Security;
import java.util.UUID;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import sun.security.pkcs11.SunPKCS11;
import sun.security.pkcs11.wrapper.PKCS11Exception;

/* loaded from: input_file:eu/europa/esig/dss/token/Pkcs11SignatureToken.class */
public class Pkcs11SignatureToken extends AbstractKeyStoreTokenConnection {
    private Provider _pkcs11Provider;
    private final String _pkcs11Path;
    private KeyStore _keyStore;
    private final PasswordInputCallback callback;
    private int slotIndex;

    public Pkcs11SignatureToken(String str) {
        this(str, (PasswordInputCallback) null);
    }

    public Pkcs11SignatureToken(String str, PasswordInputCallback passwordInputCallback) {
        this._pkcs11Path = str;
        this.callback = passwordInputCallback;
        this.slotIndex = 0;
    }

    public Pkcs11SignatureToken(String str, char[] cArr) {
        this(str, new PrefilledPasswordCallback(cArr));
    }

    public Pkcs11SignatureToken(String str, PasswordInputCallback passwordInputCallback, int i) {
        this(str, passwordInputCallback);
        this.slotIndex = i;
    }

    public Pkcs11SignatureToken(String str, char[] cArr, int i) {
        this(str, cArr);
        this.slotIndex = i;
    }

    private Provider getProvider() {
        try {
            if (this._pkcs11Provider == null) {
                Provider[] providers = Security.getProviders();
                if (providers != null) {
                    for (Provider provider : providers) {
                        if (provider.getInfo().contains(getPkcs11Path())) {
                            this._pkcs11Provider = provider;
                            return provider;
                        }
                    }
                }
                installProvider();
            }
            return this._pkcs11Provider;
        } catch (ProviderException e) {
            throw new DSSException("Not a PKCS#11 library", e);
        }
    }

    private void installProvider() {
        this._pkcs11Provider = new SunPKCS11(new ByteArrayInputStream(("name = SmartCard" + UUID.randomUUID().toString() + "\nlibrary = \"" + escapePath(getPkcs11Path()) + "\"\nslotListIndex = " + this.slotIndex).getBytes()));
        Security.addProvider(this._pkcs11Provider);
    }

    private String escapePath(String str) {
        return str != null ? str.replace("\\", "\\\\") : "";
    }

    @Override // eu.europa.esig.dss.token.AbstractKeyStoreTokenConnection
    KeyStore getKeyStore() throws DSSException {
        if (this._keyStore == null) {
            try {
                this._keyStore = KeyStore.getInstance("PKCS11", getProvider());
                this._keyStore.load(new KeyStore.LoadStoreParameter() { // from class: eu.europa.esig.dss.token.Pkcs11SignatureToken.1
                    @Override // java.security.KeyStore.LoadStoreParameter
                    public KeyStore.ProtectionParameter getProtectionParameter() {
                        return new KeyStore.CallbackHandlerProtection(new CallbackHandler() { // from class: eu.europa.esig.dss.token.Pkcs11SignatureToken.1.1
                            @Override // javax.security.auth.callback.CallbackHandler
                            public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
                                for (Callback callback : callbackArr) {
                                    if (callback instanceof PasswordCallback) {
                                        ((PasswordCallback) callback).setPassword(Pkcs11SignatureToken.this.callback.getPassword());
                                        return;
                                    }
                                }
                                throw new RuntimeException("No password callback");
                            }
                        });
                    }
                });
            } catch (Exception e) {
                if ((e instanceof PKCS11Exception) && "CKR_PIN_INCORRECT".equals(e.getMessage())) {
                    throw new DSSException("Bad password for PKCS11", e);
                }
                throw new DSSException("Can't initialize Sun PKCS#11 security provider. Reason: " + e.getMessage(), e);
            }
        }
        return this._keyStore;
    }

    @Override // eu.europa.esig.dss.token.AbstractKeyStoreTokenConnection
    KeyStore.ProtectionParameter getKeyProtectionParameter() {
        return null;
    }

    protected String getPkcs11Path() {
        return this._pkcs11Path;
    }

    @Override // eu.europa.esig.dss.token.SignatureTokenConnection
    public void close() {
        if (this._pkcs11Provider != null) {
            try {
                Security.removeProvider(this._pkcs11Provider.getName());
            } catch (Exception e) {
                LOG.error(e.getMessage(), (Throwable) e);
            }
        }
        this._pkcs11Provider = null;
        this._keyStore = null;
    }
}
