package defpackage;

import iaik.asn1.ASN;
import iaik.asn1.ASN1Object;
import iaik.asn1.CodingException;
import iaik.asn1.DerCoder;
import iaik.asn1.OCTET_STRING;
import iaik.asn1.ObjectID;
import iaik.asn1.structures.AlgorithmID;
import iaik.asn1.structures.Attribute;
import iaik.asn1.structures.ChoiceOfTime;
import iaik.pkcs.PKCSException;
import iaik.pkcs.pkcs11.Mechanism;
import iaik.pkcs.pkcs11.MechanismInfo;
import iaik.pkcs.pkcs11.Module;
import iaik.pkcs.pkcs11.Session;
import iaik.pkcs.pkcs11.Slot;
import iaik.pkcs.pkcs11.Token;
import iaik.pkcs.pkcs11.TokenException;
import iaik.pkcs.pkcs11.TokenInfo;
import iaik.pkcs.pkcs11.objects.Key;
import iaik.pkcs.pkcs11.objects.Object;
import iaik.pkcs.pkcs11.objects.PrivateKey;
import iaik.pkcs.pkcs11.objects.RSAPrivateKey;
import iaik.pkcs.pkcs11.objects.X509PublicKeyCertificate;
import iaik.pkcs.pkcs7.ContentInfoStream;
import iaik.pkcs.pkcs7.DigestInfo;
import iaik.pkcs.pkcs7.IssuerAndSerialNumber;
import iaik.pkcs.pkcs7.SignedData;
import iaik.pkcs.pkcs7.SignerInfo;
import iaik.utils.Base64OutputStream;
import java.io.BufferedOutputStream;
import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.io.PrintWriter;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
import java.util.Hashtable;
import java.util.Vector;

/* loaded from: input_file:SignWithSmartCardCertificate.class */
public class SignWithSmartCardCertificate {
    private Module pkcs11Module;
    private boolean moduleInitialized;
    private KeyAndCertificate keyAndCert;
    private Session session;
    static PrintWriter output_;
    static BufferedReader input_;

    static {
        try {
            output_ = new PrintWriter((OutputStream) System.out, true);
            input_ = new BufferedReader(new InputStreamReader(System.in));
        } catch (Throwable th) {
            th.printStackTrace();
            output_ = new PrintWriter((OutputStream) System.out, true);
            input_ = new BufferedReader(new InputStreamReader(System.in));
        }
    }

    public static void main(String[] strArr) throws IOException, TokenException, NoSuchAlgorithmException, Exception {
        SignWithSmartCardCertificate signWithSmartCardCertificate = new SignWithSmartCardCertificate(strArr[0]);
        if (strArr.length < 2) {
            printUsage();
        } else {
            signWithSmartCardCertificate.findCertToSign(strArr[1]);
        }
    }

    public SignWithSmartCardCertificate(String str) {
        initPkcs11Module(str);
        setKeyAndCert(null);
    }

    public SignWithSmartCardCertificate() {
        setModuleInitialized(false);
        setKeyAndCert(null);
    }

    private void initPkcs11Module(String str) {
        try {
            this.pkcs11Module = Module.getInstance(str);
            this.pkcs11Module.initialize(null);
            setModuleInitialized(true);
        } catch (TokenException e) {
            e.printStackTrace();
            setModuleInitialized(false);
        } catch (IOException e2) {
            e2.printStackTrace();
            setModuleInitialized(false);
        }
    }

    public void stopPkcs11Module() {
        try {
            if (isModuleInitialized()) {
                this.pkcs11Module.finalize(null);
                setModuleInitialized(false);
            }
        } catch (TokenException e) {
            e.printStackTrace();
        }
    }

    public void findCertToSign(String str) throws Exception, IOException, TokenException, NoSuchAlgorithmException {
        if (!isModuleInitialized()) {
            output_.println("Modulo PKCS11 non inizializzato!");
            throw new Exception("Modulo PKCS11 non inizializzato!");
        }
        Slot[] slotList = this.pkcs11Module.getSlotList(true);
        if (slotList.length == 0) {
            output_.println("Smart cart non inserita nel lettore!");
            throw new Exception("Smart cart non inserita nel lettore!");
        }
        Token token = slotList[0].getToken();
        this.session = token.openSession(true, true, null, null);
        TokenInfo tokenInfo = token.getTokenInfo();
        if (tokenInfo.isLoginRequired()) {
            if (tokenInfo.isProtectedAuthenticationPath()) {
                this.session.login(true, null);
            } else {
                if (str.length() <= 0) {
                    output_.println("Impossibile proseguire senza PIN!");
                    throw new Exception("Impossibile proseguire senza PIN!");
                }
                this.session.login(true, str.toCharArray());
            }
        }
        Mechanism[] mechanismList = token.getMechanismList();
        Hashtable hashtable = new Hashtable(mechanismList.length);
        for (int i = 0; i < mechanismList.length; i++) {
            hashtable.put(mechanismList[i], mechanismList[i]);
        }
        if (!hashtable.contains(Mechanism.RSA_PKCS)) {
            output_.println("La Smart card non supporta la firma con il meccanismo RSA_PKCS.");
            throw new Exception("La Smart card non supporta la firma con il meccanismo RSA_PKCS.");
        }
        MechanismInfo mechanismInfo = token.getMechanismInfo(Mechanism.RSA_PKCS);
        if (mechanismInfo == null || !mechanismInfo.isSign()) {
            output_.println("La Smart card non supporta la firma con il meccanismo RSA_PKCS.");
            throw new Exception("La Smart card non supporta la firma con il meccanismo RSA_PKCS.");
        }
        RSAPrivateKey rSAPrivateKey = new RSAPrivateKey();
        rSAPrivateKey.getSign().setBooleanValue(Boolean.TRUE);
        KeyAndCertificate selectKeyAndCertificate = selectKeyAndCertificate(this.session, rSAPrivateKey, output_, input_);
        if (selectKeyAndCertificate == null) {
            output_.println("Nessuna chiave privata corrisponde al certificato.");
            output_.flush();
            throw new Exception("Nessuna chiave privata corrisponde al certificato.");
        }
        setKeyAndCert(selectKeyAndCertificate);
    }

    public KeyAndCertificate selectKeyAndCertificate(Session session, Key key, PrintWriter printWriter, BufferedReader bufferedReader) throws TokenException, IOException {
        if (session == null) {
            throw new NullPointerException("Argument \"session\" must not be null.");
        }
        if (key == null) {
            throw new NullPointerException("Argument \"keyTemplate\" must not be null.");
        }
        if (printWriter == null) {
            throw new NullPointerException("Argument \"output\" must not be null.");
        }
        if (bufferedReader == null) {
            throw new NullPointerException("Argument \"input\" must not be null.");
        }
        Vector vector = new Vector(4);
        session.findObjectsInit(key);
        while (true) {
            Object[] findObjects = session.findObjects(1);
            if (findObjects.length <= 0) {
                break;
            }
            vector.addElement(findObjects[0]);
        }
        session.findObjectsFinal();
        Hashtable hashtable = new Hashtable(4);
        Enumeration elements = vector.elements();
        while (elements.hasMoreElements()) {
            PrivateKey privateKey = (PrivateKey) elements.nextElement();
            byte[] byteArrayValue = privateKey.getId().getByteArrayValue();
            X509PublicKeyCertificate x509PublicKeyCertificate = new X509PublicKeyCertificate();
            x509PublicKeyCertificate.getId().setByteArrayValue(byteArrayValue);
            session.findObjectsInit(x509PublicKeyCertificate);
            Object[] findObjects2 = session.findObjects(1);
            if (findObjects2.length > 0) {
                hashtable.put(privateKey, findObjects2[0]);
            }
            session.findObjectsFinal();
        }
        if (vector.size() == 0) {
            printWriter.println("Found NO matching key that can be used.");
            return null;
        }
        if (vector.size() == 1) {
            Key key2 = (Key) vector.elementAt(0);
            return new KeyAndCertificate(key2, (X509PublicKeyCertificate) hashtable.get(key2));
        }
        Enumeration elements2 = vector.elements();
        while (elements2.hasMoreElements()) {
            Key key3 = (Key) elements2.nextElement();
            X509PublicKeyCertificate x509PublicKeyCertificate2 = (X509PublicKeyCertificate) hashtable.get(key3);
            try {
                if (((X509Certificate) CertificateFactory.getInstance("X.509", "BC").generateCertificate(new ByteArrayInputStream(x509PublicKeyCertificate2.getValue().getByteArrayValue()))).getKeyUsage()[1]) {
                    return new KeyAndCertificate(key3, x509PublicKeyCertificate2);
                }
            } catch (NoSuchProviderException e) {
                e.printStackTrace();
                return null;
            } catch (CertificateException e2) {
                e2.printStackTrace();
                return null;
            }
        }
        printWriter.println("Found NO matching certificate that can be used.");
        return null;
    }

    public void signFile(String str) throws TokenException, NoSuchAlgorithmException, IOException, CertificateException, CodingException, PKCSException {
        output_.println("################################################################################");
        output_.println("signing data from file: " + str);
        String str2 = String.valueOf(str) + ".p7m";
        FileInputStream fileInputStream = new FileInputStream(str);
        MessageDigest messageDigest = MessageDigest.getInstance("SHA-1");
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        byte[] bArr = new byte[1024];
        while (true) {
            int read = fileInputStream.read(bArr);
            if (read < 0) {
                byte[] digest = messageDigest.digest();
                byteArrayOutputStream.close();
                SignedData signedData = new SignedData(byteArrayOutputStream.toByteArray(), 1);
                iaik.x509.X509Certificate x509Certificate = new iaik.x509.X509Certificate(this.keyAndCert.getCertificate().getValue().getByteArrayValue());
                signedData.setCertificates(new iaik.x509.X509Certificate[]{x509Certificate});
                SignerInfo signerInfo = new SignerInfo(new IssuerAndSerialNumber(x509Certificate), AlgorithmID.sha1, null);
                Attribute[] attributeArr = {new Attribute(ObjectID.contentType, new ASN1Object[]{ObjectID.pkcs7_data}), new Attribute(ObjectID.signingTime, new ASN1Object[]{new ChoiceOfTime().toASN1Object()}), new Attribute(ObjectID.messageDigest, new ASN1Object[]{new OCTET_STRING(digest)})};
                signerInfo.setAuthenticatedAttributes(attributeArr);
                byte[] byteArray = new DigestInfo(AlgorithmID.sha1, messageDigest.digest(DerCoder.encode(ASN.createSetOf(attributeArr, true)))).toByteArray();
                this.session.signInit(Mechanism.RSA_PKCS, this.keyAndCert.getKey());
                signerInfo.setEncryptedDigest(this.session.sign(byteArray));
                signedData.addSignerInfo(signerInfo);
                output_.println("Writing signature to file: " + str2);
                FileOutputStream fileOutputStream = new FileOutputStream(str2);
                ContentInfoStream contentInfoStream = new ContentInfoStream(signedData);
                Base64OutputStream base64OutputStream = new Base64OutputStream(new BufferedOutputStream(fileOutputStream));
                contentInfoStream.writeTo(base64OutputStream);
                base64OutputStream.close();
                output_.println("################################################################################");
                this.session.closeSession();
                this.pkcs11Module.finalize(null);
                setModuleInitialized(false);
                return;
            }
            messageDigest.update(bArr, 0, read);
            byteArrayOutputStream.write(bArr, 0, read);
        }
    }

    protected static void printUsage() {
        output_.println("SignFile <PKCS#11 module name> <file to sign> <PIN>");
    }

    public boolean isModuleInitialized() {
        return this.moduleInitialized;
    }

    public void setModuleInitialized(boolean z) {
        this.moduleInitialized = z;
    }

    public KeyAndCertificate getKeyAndCert() {
        return this.keyAndCert;
    }

    public void setKeyAndCert(KeyAndCertificate keyAndCertificate) {
        this.keyAndCert = keyAndCertificate;
    }

    public Session getSession() {
        return this.session;
    }

    public void setSession(Session session) {
        this.session = session;
    }
}
