package ee.sk.digidoc.factory;

import ee.sk.digidoc.Base64Util;
import ee.sk.digidoc.DigiDocException;
import ee.sk.digidoc.Signature;
import ee.sk.digidoc.SignedDoc;
import ee.sk.digidoc.TokenKeyInfo;
import ee.sk.utils.ConfigManager;
import ee.sk.utils.ConvertUtils;
import iaik.pkcs.pkcs11.InitializeArgs;
import iaik.pkcs.pkcs11.Mechanism;
import iaik.pkcs.pkcs11.Module;
import iaik.pkcs.pkcs11.Notify;
import iaik.pkcs.pkcs11.Session;
import iaik.pkcs.pkcs11.Slot;
import iaik.pkcs.pkcs11.SlotInfo;
import iaik.pkcs.pkcs11.Token;
import iaik.pkcs.pkcs11.TokenException;
import iaik.pkcs.pkcs11.objects.RSAPrivateKey;
import iaik.pkcs.pkcs11.objects.X509PublicKeyCertificate;
import iaik.pkcs.pkcs11.wrapper.PKCS11Exception;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.AccessController;
import java.security.PrivilegedExceptionAction;
import java.security.Provider;
import java.security.Security;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Vector;
import org.apache.log4j.Logger;

/* loaded from: input_file:ee/sk/digidoc/factory/PKCS11SignatureFactory.class */
public class PKCS11SignatureFactory implements SignatureFactory {
    private static Logger m_logger = Logger.getLogger(PKCS11SignatureFactory.class);
    private static boolean m_isInitialized;
    byte[] tsign = {0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19};
    private Module m_pkcs11Module = null;
    private TokenKeyInfo[] m_tokens = null;
    private Session m_currentSession = null;
    private TokenKeyInfo m_selToken = null;
    private Provider m_secProvider = null;

    public PKCS11SignatureFactory() {
        m_isInitialized = false;
    }

    @Override // ee.sk.digidoc.factory.SignatureFactory
    public void init() throws DigiDocException {
        if (this.m_pkcs11Module == null) {
            initPKCS11();
        }
        if (this.m_secProvider == null) {
            initProvider();
        }
    }

    public void initPKCS11() throws DigiDocException {
        try {
            if (m_logger.isInfoEnabled()) {
                m_logger.info("Loading PKCS11 driver: " + ConfigManager.instance().getProperty("DIGIDOC_SIGN_PKCS11_DRIVER") + " libpath: " + System.getProperty("java.library.path"));
            }
            this.m_pkcs11Module = (Module) AccessController.doPrivileged(new PrivilegedExceptionAction() { // from class: ee.sk.digidoc.factory.PKCS11SignatureFactory.1
                @Override // java.security.PrivilegedExceptionAction
                public Object run() throws IOException {
                    return Module.getInstance(ConfigManager.instance().getProperty("DIGIDOC_SIGN_PKCS11_DRIVER"));
                }
            });
            try {
                if (!m_isInitialized) {
                    this.m_pkcs11Module.initialize((InitializeArgs) null);
                    m_isInitialized = true;
                }
            } catch (PKCS11Exception e) {
                m_logger.error("Pkcs11 error: " + e);
                if (e.getErrorCode() == 401) {
                    m_logger.error("PKCS11 already loaded ok");
                    m_isInitialized = true;
                } else {
                    DigiDocException.handleException(e, 57);
                }
            }
            this.m_tokens = getTokenKeys();
        } catch (Exception e2) {
            this.m_pkcs11Module = null;
            DigiDocException.handleException(e2, 57);
        }
        if (this.m_tokens == null || this.m_tokens.length == 0) {
            throw new DigiDocException(85, "Error reading signature certificates from card!", null);
        }
    }

    @Override // ee.sk.digidoc.factory.SignatureFactory
    public TokenKeyInfo[] getTokenKeys() throws DigiDocException {
        X509PublicKeyCertificate[] findObjects;
        Vector vector = new Vector();
        Session session = null;
        try {
            try {
                CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
                Slot[] slotList = this.m_pkcs11Module.getSlotList(true);
                int i = 0;
                int i2 = 0;
                while (slotList != null) {
                    if (i2 >= slotList.length) {
                        break;
                    }
                    SlotInfo slotInfo = slotList[i2].getSlotInfo();
                    if (m_logger.isDebugEnabled()) {
                        m_logger.debug("Slot " + i2 + ": " + slotInfo);
                    }
                    if (slotInfo.isTokenPresent()) {
                        Token token = slotList[i2].getToken();
                        if (m_logger.isDebugEnabled()) {
                            m_logger.debug("Token: " + token);
                        }
                        Session openSession = token.openSession(true, false, (Object) null, (Notify) null);
                        openSession.findObjectsInit(new X509PublicKeyCertificate());
                        do {
                            findObjects = openSession.findObjects(1);
                            if (findObjects != null && findObjects.length > 0) {
                                if (m_logger.isDebugEnabled()) {
                                    m_logger.debug("Certs: " + findObjects.length);
                                }
                                for (int i3 = 0; findObjects != null && i3 < findObjects.length; i3++) {
                                    X509PublicKeyCertificate x509PublicKeyCertificate = findObjects[i3];
                                    TokenKeyInfo tokenKeyInfo = new TokenKeyInfo(i, slotList[i2].getSlotID(), token, x509PublicKeyCertificate.getId().getByteArrayValue(), x509PublicKeyCertificate.getLabel().toString(), (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(x509PublicKeyCertificate.getValue().getByteArrayValue())));
                                    i++;
                                    if (m_logger.isDebugEnabled()) {
                                        m_logger.debug("Slot: " + i2 + " cert: " + i3 + " nr: " + tokenKeyInfo.getCertSerial() + " CN: " + tokenKeyInfo.getCertName() + " id: " + tokenKeyInfo.getIdHex() + " signature: " + tokenKeyInfo.isSignatureKey());
                                    }
                                    vector.add(tokenKeyInfo);
                                }
                            }
                            if (findObjects == null) {
                                break;
                            }
                        } while (findObjects.length > 0);
                        openSession.closeSession();
                        session = null;
                    }
                    i2++;
                }
                if (session != null) {
                    try {
                        session.closeSession();
                    } catch (Exception e) {
                        m_logger.error("Error closing session: " + e);
                    }
                }
            } catch (Exception e2) {
                this.m_pkcs11Module = null;
                DigiDocException.handleException(e2, 57);
                if (session != null) {
                    try {
                        session.closeSession();
                    } catch (Exception e3) {
                        m_logger.error("Error closing session: " + e3);
                    }
                }
            }
            TokenKeyInfo[] tokenKeyInfoArr = new TokenKeyInfo[vector.size()];
            for (int i4 = 0; i4 < vector.size(); i4++) {
                tokenKeyInfoArr[i4] = (TokenKeyInfo) vector.elementAt(i4);
            }
            return tokenKeyInfoArr;
        } catch (Throwable th) {
            if (session != null) {
                try {
                    session.closeSession();
                } catch (Exception e4) {
                    m_logger.error("Error closing session: " + e4);
                    throw th;
                }
            }
            throw th;
        }
    }

    private void initProvider() throws DigiDocException {
        try {
            this.m_secProvider = (Provider) Class.forName(ConfigManager.instance().getProperty("DIGIDOC_SECURITY_PROVIDER")).newInstance();
            Security.addProvider(this.m_secProvider);
        } catch (Exception e) {
            this.m_secProvider = null;
            DigiDocException.handleException(e, 58);
        }
    }

    @Override // ee.sk.digidoc.factory.SignatureFactory
    public TokenKeyInfo[] getTokensOfType(boolean z) {
        int i = 0;
        boolean booleanProperty = ConfigManager.instance().getBooleanProperty("KEY_USAGE_CHECK", true);
        for (int i2 = 0; this.m_tokens != null && i2 < this.m_tokens.length; i2++) {
            TokenKeyInfo tokenKeyInfo = this.m_tokens[i2];
            if (m_logger.isDebugEnabled()) {
                m_logger.debug("Token: " + i2 + " is-sign: " + tokenKeyInfo.isSignatureKey() + " is-crypt: " + tokenKeyInfo.isEncryptKey() + " nr: " + tokenKeyInfo.getCertSerial() + " CN: " + tokenKeyInfo.getCertName() + " id: " + tokenKeyInfo.getIdHex());
            }
            if ((z && (tokenKeyInfo.isSignatureKey() || !booleanProperty)) || (!z && tokenKeyInfo.isEncryptKey())) {
                i++;
            }
        }
        TokenKeyInfo[] tokenKeyInfoArr = new TokenKeyInfo[i];
        int i3 = 0;
        for (int i4 = 0; this.m_tokens != null && i4 < this.m_tokens.length; i4++) {
            TokenKeyInfo tokenKeyInfo2 = this.m_tokens[i4];
            if ((z && (tokenKeyInfo2.isSignatureKey() || !booleanProperty)) || (!z && tokenKeyInfo2.isEncryptKey())) {
                if (m_logger.isDebugEnabled()) {
                    m_logger.debug("Using token: " + i4 + " is-sign: " + tokenKeyInfo2.isSignatureKey() + " is-crypt: " + tokenKeyInfo2.isEncryptKey() + " nr: " + tokenKeyInfo2.getCertSerial() + " CN: " + tokenKeyInfo2.getCertName() + " id: " + tokenKeyInfo2.getIdHex());
                }
                int i5 = i3;
                i3++;
                tokenKeyInfoArr[i5] = tokenKeyInfo2;
            }
        }
        return tokenKeyInfoArr;
    }

    public TokenKeyInfo getTokenWithSlotIdAndLabel(long j, String str) {
        for (int i = 0; this.m_tokens != null && i < this.m_tokens.length; i++) {
            TokenKeyInfo tokenKeyInfo = this.m_tokens[i];
            if (tokenKeyInfo.getSlot() == j && tokenKeyInfo.getLabel().equals(str)) {
                return tokenKeyInfo;
            }
        }
        return null;
    }

    public X509Certificate getCertificateWithSlotIdAndLabel(long j, String str) {
        TokenKeyInfo tokenWithSlotIdAndLabel = getTokenWithSlotIdAndLabel(j, str);
        if (tokenWithSlotIdAndLabel != null) {
            return tokenWithSlotIdAndLabel.getCert();
        }
        return null;
    }

    @Override // ee.sk.digidoc.factory.SignatureFactory
    public String[] getAvailableTokenNames() throws DigiDocException {
        if (this.m_pkcs11Module == null) {
            initPKCS11();
        }
        String[] strArr = new String[this.m_tokens.length];
        for (int i = 0; this.m_tokens != null && i < this.m_tokens.length; i++) {
            strArr[i] = this.m_tokens[i].getCertName();
        }
        return strArr;
    }

    public void openSession(TokenKeyInfo tokenKeyInfo, String str) throws DigiDocException {
        if (this.m_pkcs11Module == null) {
            initPKCS11();
        }
        try {
            if (this.m_currentSession != null) {
                closeSession();
            }
            if (m_logger.isDebugEnabled()) {
                m_logger.debug("Open session for token: " + tokenKeyInfo);
            }
            if (m_logger.isDebugEnabled()) {
                m_logger.debug("Open session for: " + (tokenKeyInfo != null ? tokenKeyInfo.getCertName() + " id: " + tokenKeyInfo.getIdHex() + " sign: " + tokenKeyInfo.isSignatureKey() + " crypt: " + tokenKeyInfo.isEncryptKey() : "NULL"));
            }
            if (tokenKeyInfo != null) {
                this.m_currentSession = tokenKeyInfo.getToken().openSession(true, false, (Object) null, (Notify) null);
                this.m_selToken = tokenKeyInfo;
            } else if (m_logger.isDebugEnabled()) {
                m_logger.debug("No suitable token found!");
            }
            if (this.m_currentSession != null && this.m_selToken != null) {
                if (m_logger.isDebugEnabled()) {
                    m_logger.debug("Login for: " + this.m_selToken.getCertName() + " id: " + this.m_selToken.getIdHex());
                }
                try {
                    this.m_currentSession.login(true, str.toCharArray());
                } catch (PKCS11Exception e) {
                    m_logger.error("Pkcs11 error: " + e);
                    if (e.getErrorCode() == 256) {
                        m_logger.error("User already logged in ok");
                    } else {
                        DigiDocException.handleException(e, 60);
                    }
                }
            }
        } catch (TokenException e2) {
            this.m_selToken = null;
            this.m_currentSession = null;
            DigiDocException.handleException(e2, 60);
        }
    }

    public void openSession(boolean z, int i, String str) throws DigiDocException {
        if (this.m_pkcs11Module == null) {
            initPKCS11();
        }
        try {
            if (this.m_currentSession == null || this.m_selToken == null || ((z && !this.m_selToken.isSignatureKey()) || (!z && this.m_selToken.isSignatureKey()))) {
                if (this.m_currentSession != null) {
                    closeSession();
                }
                if (m_logger.isDebugEnabled()) {
                    m_logger.debug("Open session for token: " + i);
                }
                TokenKeyInfo tokenKeyInfo = null;
                TokenKeyInfo[] tokensOfType = getTokensOfType(z);
                if (i >= 0 && tokensOfType != null && i < tokensOfType.length) {
                    tokenKeyInfo = tokensOfType[i];
                }
                if (m_logger.isDebugEnabled()) {
                    m_logger.debug("Open " + (z ? "sign" : "auth") + " session for: " + (tokenKeyInfo != null ? tokenKeyInfo.getCertName() + " id: " + tokenKeyInfo.getIdHex() + " sign: " + tokenKeyInfo.isSignatureKey() + " crypt: " + tokenKeyInfo.isEncryptKey() : "NULL"));
                }
                if (tokenKeyInfo != null) {
                    this.m_currentSession = tokenKeyInfo.getToken().openSession(true, false, (Object) null, (Notify) null);
                    this.m_selToken = tokenKeyInfo;
                } else if (m_logger.isDebugEnabled()) {
                    m_logger.debug("No suitable token found!");
                }
                if (this.m_currentSession != null && this.m_selToken != null) {
                    if (m_logger.isDebugEnabled()) {
                        m_logger.debug("Login for: " + this.m_selToken.getCertName() + " id: " + this.m_selToken.getIdHex());
                    }
                    try {
                        this.m_currentSession.login(true, str.toCharArray());
                    } catch (PKCS11Exception e) {
                        m_logger.error("Pkcs11 error: " + e);
                        if (e.getErrorCode() == 256) {
                            m_logger.error("User already logged in ok");
                        } else {
                            DigiDocException.handleException(e, 60);
                        }
                    }
                }
            }
        } catch (TokenException e2) {
            this.m_selToken = null;
            this.m_currentSession = null;
            DigiDocException.handleException(e2, 60);
        }
    }

    @Override // ee.sk.digidoc.factory.SignatureFactory
    public byte[] sign(byte[] bArr, int i, String str, Signature signature) throws DigiDocException {
        RSAPrivateKey[] findObjects;
        byte[] bArr2 = null;
        if (this.m_currentSession == null) {
            openSession(true, i, str);
        }
        try {
            if (m_logger.isDebugEnabled()) {
                m_logger.debug("Sign with token: " + i + " key: " + (this.m_selToken != null ? this.m_selToken.getCertName() : "NULL") + " id: " + (this.m_selToken != null ? this.m_selToken.getIdHex() : "NULL") + " dig-len: " + (bArr != null ? bArr.length : 0) + " dig: " + (bArr != null ? Base64Util.encode(bArr) : "NULL"));
            }
            this.m_currentSession.findObjectsInit(new RSAPrivateKey());
            do {
                findObjects = this.m_currentSession.findObjects(1);
                if (findObjects != null && findObjects.length > 0) {
                    int i2 = 0;
                    while (true) {
                        if (0 != 0 || i2 >= findObjects.length) {
                            break;
                        }
                        RSAPrivateKey rSAPrivateKey = findObjects[i2];
                        String bin2hex = SignedDoc.bin2hex(rSAPrivateKey.getId().getByteArrayValue());
                        if (m_logger.isDebugEnabled()) {
                            m_logger.debug("Key " + i2 + " id: " + bin2hex);
                        }
                        if (bin2hex == null || this.m_selToken.getIdHex() == null || !bin2hex.equals(this.m_selToken.getIdHex())) {
                            i2++;
                        } else {
                            if (m_logger.isDebugEnabled()) {
                                m_logger.debug("Using key " + i2 + " id: " + bin2hex);
                            }
                            this.m_currentSession.signInit(Mechanism.RSA_PKCS, rSAPrivateKey);
                            bArr2 = this.m_currentSession.sign(ConvertUtils.addDigestAsn1Prefix(bArr));
                            if (m_logger.isDebugEnabled()) {
                                m_logger.debug("Signature len: " + (bArr2 != null ? bArr2.length : 0));
                            }
                        }
                    }
                }
                if (0 != 0 || findObjects == null) {
                    break;
                }
            } while (findObjects.length > 0);
            this.m_currentSession.findObjectsFinal();
            closeSession();
        } catch (TokenException e) {
            DigiDocException.handleException(e, 61);
        }
        return bArr2;
    }

    public byte[] sign(byte[] bArr, long j, String str, String str2, Signature signature) throws DigiDocException {
        RSAPrivateKey[] findObjects;
        byte[] bArr2 = null;
        TokenKeyInfo tokenWithSlotIdAndLabel = getTokenWithSlotIdAndLabel(j, str);
        if (tokenWithSlotIdAndLabel == null) {
            m_logger.error("No token with slot: " + j + " and label: " + str + " found!");
            return null;
        }
        if (this.m_currentSession == null) {
            openSession(tokenWithSlotIdAndLabel, str2);
        }
        try {
            if (m_logger.isDebugEnabled()) {
                m_logger.debug("Sign with token: " + tokenWithSlotIdAndLabel + " key: " + (this.m_selToken != null ? this.m_selToken.getCertName() : "NULL") + " id: " + (this.m_selToken != null ? this.m_selToken.getIdHex() : "NULL") + " dig-len: " + (bArr != null ? bArr.length : 0) + " dig: " + (bArr != null ? Base64Util.encode(bArr) : "NULL"));
            }
            this.m_currentSession.findObjectsInit(new RSAPrivateKey());
            boolean z = false;
            do {
                findObjects = this.m_currentSession.findObjects(1);
                if (findObjects != null && findObjects.length > 0) {
                    if (m_logger.isDebugEnabled()) {
                        m_logger.debug("Keys: " + findObjects.length);
                    }
                    int i = 0;
                    while (true) {
                        if (z || i >= findObjects.length) {
                            break;
                        }
                        RSAPrivateKey rSAPrivateKey = findObjects[i];
                        String str3 = null;
                        if (rSAPrivateKey.getLabel() != null) {
                            str3 = rSAPrivateKey.getLabel().toString();
                            if (m_logger.isDebugEnabled()) {
                                m_logger.debug("Key " + i + " label: " + str3);
                            }
                        }
                        if (str3 == null || this.m_selToken.getLabel() == null || !str3.equals(this.m_selToken.getLabel())) {
                            i++;
                        } else {
                            if (m_logger.isDebugEnabled()) {
                                m_logger.debug("Using key " + i + " label: " + str3);
                            }
                            z = true;
                            this.m_currentSession.signInit(Mechanism.RSA_PKCS, rSAPrivateKey);
                            bArr2 = this.m_currentSession.sign(ConvertUtils.addDigestAsn1Prefix(bArr));
                            if (m_logger.isDebugEnabled()) {
                                m_logger.debug("Signature len: " + (bArr2 != null ? bArr2.length : 0));
                            }
                        }
                    }
                }
                if (z || findObjects == null) {
                    break;
                }
            } while (findObjects.length > 0);
            if (!z) {
                m_logger.error("Failed to sign, token with slot: " + j + " and label: " + str + " not found!");
            }
            this.m_currentSession.findObjectsFinal();
            closeSession();
        } catch (TokenException e) {
            DigiDocException.handleException(e, 61);
        }
        return bArr2;
    }

    @Override // ee.sk.digidoc.factory.SignatureFactory
    public X509Certificate getCertificate(int i, String str) throws DigiDocException {
        if (m_logger.isDebugEnabled()) {
            m_logger.debug("Get cert in slot: " + i);
        }
        if (this.m_currentSession == null) {
            openSession(true, i, str);
        }
        if (m_logger.isDebugEnabled()) {
            m_logger.debug("Got cert in slot: " + i + " nr: " + this.m_selToken.getNr() + " sign: " + this.m_selToken.isSignatureKey() + " enc: " + this.m_selToken.isEncryptKey());
        }
        if (this.m_selToken != null) {
            return this.m_selToken.getCert();
        }
        return null;
    }

    @Override // ee.sk.digidoc.factory.SignatureFactory
    public X509Certificate getAuthCertificate(int i, String str) throws DigiDocException {
        if (this.m_currentSession == null) {
            openSession(false, i, str);
        }
        if (m_logger.isDebugEnabled()) {
            m_logger.debug("Get cert for token: " + i);
        }
        if (this.m_selToken != null) {
            return this.m_selToken.getCert();
        }
        return null;
    }

    @Override // ee.sk.digidoc.factory.SignatureFactory
    public byte[] decrypt(byte[] bArr, int i, String str) throws DigiDocException {
        RSAPrivateKey[] findObjects;
        byte[] bArr2 = null;
        if (this.m_currentSession == null) {
            openSession(false, i, str);
        }
        try {
            if (m_logger.isDebugEnabled()) {
                m_logger.debug("Decrypting " + bArr.length + " bytes");
                m_logger.debug("Decrypting with token: " + this.m_selToken.getNr());
                m_logger.debug("session: " + this.m_currentSession);
            }
            this.m_currentSession.findObjectsInit(new RSAPrivateKey());
            boolean z = false;
            do {
                findObjects = this.m_currentSession.findObjects(1);
                if (findObjects != null && findObjects.length > 0) {
                    int i2 = 0;
                    while (true) {
                        if (z || i2 >= findObjects.length) {
                            break;
                        }
                        RSAPrivateKey rSAPrivateKey = findObjects[i2];
                        String str2 = null;
                        if (rSAPrivateKey.getId() != null) {
                            str2 = SignedDoc.bin2hex(rSAPrivateKey.getId().getByteArrayValue());
                            if (m_logger.isDebugEnabled()) {
                                m_logger.debug("Key " + i2 + " id: " + str2);
                            }
                        }
                        if (str2 == null || this.m_selToken.getIdHex() == null || !str2.equals(this.m_selToken.getIdHex())) {
                            i2++;
                        } else {
                            z = true;
                            if (m_logger.isDebugEnabled()) {
                                m_logger.debug("Using key " + i2 + " id: " + str2);
                            }
                            this.m_currentSession.decryptInit(Mechanism.RSA_PKCS, rSAPrivateKey);
                            if (m_logger.isDebugEnabled()) {
                                m_logger.debug("decryptInit OK");
                            }
                            bArr2 = this.m_currentSession.decrypt(bArr);
                            if (m_logger.isDebugEnabled()) {
                                m_logger.debug("value = " + bArr2);
                            }
                        }
                    }
                }
                if (z || findObjects == null) {
                    break;
                }
            } while (findObjects.length > 0);
            if (m_logger.isInfoEnabled()) {
                m_logger.info("Decrypted " + (bArr != null ? bArr.length : 0) + " bytes, got: " + bArr2.length);
            }
            this.m_currentSession.findObjectsFinal();
            closeSession();
        } catch (TokenException e) {
            DigiDocException.handleException(e, DigiDocException.ERR_XMLENC_DECRYPT);
        }
        return bArr2;
    }

    public byte[] decrypt(byte[] bArr, long j, String str, String str2) throws DigiDocException {
        RSAPrivateKey[] findObjects;
        byte[] bArr2 = null;
        TokenKeyInfo tokenWithSlotIdAndLabel = getTokenWithSlotIdAndLabel(j, str);
        if (tokenWithSlotIdAndLabel == null) {
            m_logger.error("No token with slot: " + j + " and label: " + str + " found!");
            return null;
        }
        if (this.m_currentSession == null) {
            openSession(tokenWithSlotIdAndLabel, str2);
        }
        try {
            this.m_currentSession.findObjectsInit(new RSAPrivateKey());
            if (m_logger.isDebugEnabled()) {
                m_logger.debug("Decrypting " + bArr.length + " bytes");
                m_logger.debug("Decrypting with token: " + this.m_selToken.getNr());
                m_logger.debug("session: " + this.m_currentSession);
            }
            boolean z = false;
            do {
                findObjects = this.m_currentSession.findObjects(1);
                if (findObjects != null && findObjects.length > 0) {
                    int i = 0;
                    while (true) {
                        if (z || i >= findObjects.length) {
                            break;
                        }
                        RSAPrivateKey rSAPrivateKey = findObjects[i];
                        String str3 = null;
                        if (rSAPrivateKey.getLabel() != null) {
                            str3 = rSAPrivateKey.getLabel().toString();
                            if (m_logger.isDebugEnabled()) {
                                m_logger.debug("Key " + i + " label: " + str3);
                            }
                        }
                        if (str3 == null || this.m_selToken.getLabel() == null || !str3.equals(this.m_selToken.getLabel())) {
                            i++;
                        } else {
                            if (m_logger.isDebugEnabled()) {
                                m_logger.debug("Using key " + i + " label: " + str3);
                            }
                            z = true;
                            this.m_currentSession.decryptInit(Mechanism.RSA_PKCS, rSAPrivateKey);
                            if (m_logger.isDebugEnabled()) {
                                m_logger.debug("decryptInit OK");
                            }
                            bArr2 = this.m_currentSession.decrypt(bArr);
                            if (m_logger.isDebugEnabled()) {
                                m_logger.debug("value = " + bArr2);
                            }
                        }
                    }
                }
                if (z || findObjects == null) {
                    break;
                }
            } while (findObjects.length > 0);
            if (!z) {
                m_logger.error("Failed to sign, token with slot: " + j + " and label: " + str + " not found!");
            }
            if (m_logger.isInfoEnabled()) {
                m_logger.info("Decrypted " + (bArr != null ? bArr.length : 0) + " bytes, got: " + bArr2.length);
            }
            this.m_currentSession.findObjectsFinal();
            closeSession();
        } catch (TokenException e) {
            DigiDocException.handleException(e, DigiDocException.ERR_XMLENC_DECRYPT);
        }
        return bArr2;
    }

    @Override // ee.sk.digidoc.factory.SignatureFactory
    public void closeSession() throws DigiDocException {
        try {
            if (m_logger.isDebugEnabled()) {
                m_logger.debug("Closing card session");
            }
            if (this.m_currentSession != null) {
                this.m_currentSession.closeSession();
            }
            this.m_currentSession = null;
        } catch (TokenException e) {
            DigiDocException.handleException(e, 63);
        }
    }

    public void finalize() throws DigiDocException {
        try {
            if (this.m_pkcs11Module != null) {
                this.m_pkcs11Module.finalize((Object) null);
            }
            m_isInitialized = false;
            this.m_pkcs11Module = null;
        } catch (TokenException e) {
            DigiDocException.handleException(e, 64);
        }
    }

    @Override // ee.sk.digidoc.factory.SignatureFactory
    public void reset() throws DigiDocException {
        if (m_logger.isDebugEnabled()) {
            m_logger.debug("Resetting PKCS11SignatureFactory");
        }
        this.m_selToken = null;
        closeSession();
        m_isInitialized = false;
        this.m_pkcs11Module = null;
        this.m_secProvider = null;
        finalize();
    }

    @Override // ee.sk.digidoc.factory.SignatureFactory
    public String getType() {
        return SignatureFactory.SIGFAC_TYPE_PKCS11;
    }
}
