package eu.europa.esig.dss.token;

import eu.europa.esig.dss.model.DSSException;
import java.io.IOException;
import java.security.AuthProvider;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.security.Security;
import java.security.Signature;
import java.util.UUID;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.LoginException;

/* loaded from: input_file:eu/europa/esig/dss/token/Pkcs11SignatureToken.class */
public class Pkcs11SignatureToken extends AbstractKeyStoreTokenConnection {
    private static final String SUN_PKCS11_KEYSTORE_TYPE = "PKCS11";
    private static final String NEW_LINE = "\n";
    private static final String DOUBLE_QUOTE = "\"";
    private Provider provider;
    private final String pkcs11Path;
    private final PasswordInputCallback callback;
    private final int slotId;
    private final int slotListIndex;
    private final String extraPkcs11Config;

    public Pkcs11SignatureToken(String str) {
        this(str, (PasswordInputCallback) null);
    }

    public Pkcs11SignatureToken(String str, String str2) {
        this(str, (PasswordInputCallback) null, str2);
    }

    public Pkcs11SignatureToken(String str, KeyStore.PasswordProtection passwordProtection) {
        this(str, passwordProtection, 0);
    }

    public Pkcs11SignatureToken(String str, KeyStore.PasswordProtection passwordProtection, String str2) {
        this(str, passwordProtection, 0, str2);
    }

    public Pkcs11SignatureToken(String str, PasswordInputCallback passwordInputCallback) {
        this(str, passwordInputCallback, 0);
    }

    public Pkcs11SignatureToken(String str, PasswordInputCallback passwordInputCallback, String str2) {
        this(str, passwordInputCallback, 0, -1, str2);
    }

    public Pkcs11SignatureToken(String str, KeyStore.PasswordProtection passwordProtection, int i) {
        this(str, new PrefilledPasswordCallback(passwordProtection), i);
    }

    public Pkcs11SignatureToken(String str, KeyStore.PasswordProtection passwordProtection, int i, String str2) {
        this(str, new PrefilledPasswordCallback(passwordProtection), i, -1, str2);
    }

    public Pkcs11SignatureToken(String str, PasswordInputCallback passwordInputCallback, int i) {
        this(str, passwordInputCallback, i, -1, null);
    }

    public Pkcs11SignatureToken(String str, PasswordInputCallback passwordInputCallback, int i, String str2) {
        this(str, passwordInputCallback, i, -1, str2);
    }

    public Pkcs11SignatureToken(String str, PasswordInputCallback passwordInputCallback, int i, int i2, String str2) {
        this.pkcs11Path = str;
        this.callback = passwordInputCallback;
        this.slotId = i;
        this.slotListIndex = i2;
        this.extraPkcs11Config = str2;
    }

    protected Provider getProvider() {
        if (this.provider == null) {
            String buildConfig = buildConfig();
            LOG.debug("PKCS11 Config : \n{}", buildConfig);
            this.provider = SunPKCS11Initializer.getProvider(buildConfig);
            if (this.provider == null) {
                throw new DSSException("Unable to create PKCS11 provider");
            }
            Security.addProvider(this.provider);
        }
        return this.provider;
    }

    protected String buildConfig() {
        String escapePath = escapePath(getPkcs11Path());
        StringBuilder sb = new StringBuilder();
        sb.append("name = SmartCard").append(UUID.randomUUID());
        sb.append(NEW_LINE).append("library = ").append(DOUBLE_QUOTE).append(escapePath).append(DOUBLE_QUOTE);
        if (this.slotId >= 0) {
            sb.append(NEW_LINE).append("slot = ").append(this.slotId);
        }
        if (this.slotListIndex >= 0) {
            sb.append(NEW_LINE).append("slotListIndex = ").append(this.slotListIndex);
        }
        if (this.extraPkcs11Config != null && !this.extraPkcs11Config.isEmpty()) {
            sb.append(NEW_LINE).append(this.extraPkcs11Config);
        }
        return sb.toString();
    }

    protected String escapePath(String str) {
        return str != null ? str.replace("\\", "\\\\") : "";
    }

    @Override // eu.europa.esig.dss.token.AbstractKeyStoreTokenConnection
    KeyStore getKeyStore() throws DSSException {
        try {
            KeyStore keyStore = KeyStore.getInstance(SUN_PKCS11_KEYSTORE_TYPE, getProvider());
            keyStore.load(new KeyStore.LoadStoreParameter() { // from class: eu.europa.esig.dss.token.Pkcs11SignatureToken.1
                @Override // java.security.KeyStore.LoadStoreParameter
                public KeyStore.ProtectionParameter getProtectionParameter() {
                    return new KeyStore.CallbackHandlerProtection(new CallbackHandler() { // from class: eu.europa.esig.dss.token.Pkcs11SignatureToken.1.1
                        @Override // javax.security.auth.callback.CallbackHandler
                        public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
                            for (Callback callback : callbackArr) {
                                if (callback instanceof PasswordCallback) {
                                    ((PasswordCallback) callback).setPassword(Pkcs11SignatureToken.this.callback.getPassword());
                                    return;
                                }
                            }
                            throw new DSSException("No password callback");
                        }
                    });
                }
            });
            return keyStore;
        } catch (Exception e) {
            if ("CKR_PIN_INCORRECT".equals(e.getMessage())) {
                throw new DSSException("Bad password for PKCS11", e);
            }
            throw new DSSException("Can't initialize Sun PKCS#11 security provider. Reason: " + e.getMessage(), e);
        }
    }

    protected String getPkcs11Path() {
        return this.pkcs11Path;
    }

    @Override // eu.europa.esig.dss.token.AbstractKeyStoreTokenConnection
    KeyStore.PasswordProtection getKeyProtectionParameter() {
        return null;
    }

    @Override // eu.europa.esig.dss.token.AbstractSignatureTokenConnection
    protected Signature getSignatureInstance(String str) throws NoSuchAlgorithmException {
        return Signature.getInstance(str, getProvider());
    }

    @Override // eu.europa.esig.dss.token.SignatureTokenConnection, java.lang.AutoCloseable
    public void close() {
        try {
            if (this.provider != null) {
                try {
                    if (this.provider instanceof AuthProvider) {
                        ((AuthProvider) this.provider).logout();
                        this.provider.clear();
                    }
                } catch (LoginException e) {
                    LOG.error("Unable to logout : {}", e.getMessage(), e);
                }
                Security.removeProvider(this.provider.getName());
            }
        } catch (SecurityException e2) {
            LOG.error("Unable to remove provider '{}'", this.provider.getName(), e2);
        } finally {
            this.provider = null;
        }
    }
}
