package kz.gov.pki.provider.utils;

import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.SecureRandom;
import java.security.SignatureException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.ECGenParameterSpec;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javafx.scene.control.ButtonBar;
import javax.smartcardio.CardException;
import javax.smartcardio.CardTerminal;
import javax.smartcardio.TerminalFactory;
import kz.gov.pki.kalkan.Storage;
import kz.gov.pki.kalkan.asn1.DERSet;
import kz.gov.pki.kalkan.asn1.cryptopro.CryptoProObjectIdentifiers;
import kz.gov.pki.kalkan.asn1.knca.KNCAObjectIdentifiers;
import kz.gov.pki.kalkan.asn1.pkcs.PKCSObjectIdentifiers;
import kz.gov.pki.kalkan.asn1.x509.SubjectKeyIdentifier;
import kz.gov.pki.kalkan.asn1.x509.X509Extensions;
import kz.gov.pki.kalkan.asn1.x509.X509ExtensionsGenerator;
import kz.gov.pki.kalkan.asn1.x509.X509Name;
import kz.gov.pki.kalkan.exception.KalkanException;
import kz.gov.pki.kalkan.exception.PCSCCode;
import kz.gov.pki.kalkan.jce.provider.KalkanProvider;
import kz.gov.pki.kalkan.pcsc.TokenDispatcher;
import kz.gov.pki.kalkan.pcsc.generators.AKAlgorithmParameterSpec;
import kz.gov.pki.kalkan.pcsc.tokens.AKToken;
import kz.gov.pki.kalkan.util.KALKANUtils;
import kz.gov.pki.kalkan.util.encoders.Hex;
import kz.gov.pki.kalkan.util.io.Streams;
import kz.gov.pki.kalkan.x509.X509Attribute;
import kz.gov.pki.knca.applet.AppletConstants;
import kz.gov.pki.provider.exception.ProviderUtilException;
import kz.gov.pki.provider.exception.ProviderUtilExceptionCode;
import kz.gov.pki.provider.utils.model.SigningEntity;
import kz.gov.pki.reference.KNCACertificateType;
import kz.gov.pki.reference.KeyStoreEntry;
import kz.gov.pki.reference.PublicPartInfo;

/* loaded from: input_file:kz/gov/pki/provider/utils/KeyStoreUtil.class */
public class KeyStoreUtil {
    private static final String CA_CERTS_STORE = "/cacerts.jks";
    private static final String KZTKN_PREFIX = "DigiFlow LLP. KAZTOKEN";
    private static final String P12_EXTENSION = "p12";
    private static final String JKS_EXTENSION = "jks";
    private static final String DOT = ".";
    private static List<X509Certificate> defaultCACerts;
    private static /* synthetic */ int[] $SWITCH_TABLE$kz$gov$pki$kalkan$Storage;

    public static List<String> loadSlotList(Storage storage) throws CardException, ProviderUtilException, KalkanException {
        if (!storage.isToken()) {
            throw new ProviderUtilException(ProviderUtilExceptionCode.UNKNOWN_STORAGE_FOR_THE_CURRENT_OPERATION);
        }
        ArrayList arrayList = new ArrayList();
        for (CardTerminal cardTerminal : TerminalFactory.getDefault().terminals().list()) {
            String name = cardTerminal.getName();
            System.out.println(String.valueOf(name) + " = isPresent = " + cardTerminal.isCardPresent());
            if (cardTerminal.isCardPresent()) {
                switch ($SWITCH_TABLE$kz$gov$pki$kalkan$Storage()[storage.ordinal()]) {
                    case 1:
                        if (isSpecifiedToken(name, storage)) {
                            arrayList.add(name);
                            break;
                        } else {
                            break;
                        }
                    case 2:
                        if (!name.startsWith(KZTKN_PREFIX) && isSpecifiedToken(name, storage) && getPublicPartInfo(storage, name, PublicPartInfo.IIN) != null) {
                            arrayList.add(name);
                            break;
                        }
                        break;
                    case 3:
                        if (!name.startsWith(KZTKN_PREFIX) && isSpecifiedToken(name, storage)) {
                            System.out.println("tName = " + name);
                            arrayList.add(name);
                            break;
                        }
                        break;
                    case 4:
                        if (!name.startsWith(KZTKN_PREFIX) && isSpecifiedToken(name, storage)) {
                            arrayList.add(name);
                            break;
                        }
                        break;
                    case 5:
                    case 6:
                    default:
                        throw new ProviderUtilException(ProviderUtilExceptionCode.UNKNOWN_STORAGE, "Smartcard type is unknown!");
                    case 7:
                        if (!name.startsWith(KZTKN_PREFIX) && isSpecifiedToken(name, storage)) {
                            arrayList.add(name);
                            break;
                        }
                        break;
                }
            }
        }
        return arrayList;
    }

    public static String getPublicPartInfo(Storage storage, String str, PublicPartInfo publicPartInfo) throws ProviderUtilException, KalkanException {
        if (!storage.equals(Storage.KZIDCARD)) {
            throw new ProviderUtilException(ProviderUtilExceptionCode.UNKNOWN_STORAGE_FOR_THE_CURRENT_OPERATION);
        }
        AKToken instantiateToken = TokenDispatcher.INSTANCE.instantiateToken(Storage.KZIDCARD.getName(), str, null);
        String publicPartInfo2 = instantiateToken.getPublicPartInfo(publicPartInfo.name());
        TokenDispatcher.INSTANCE.removeToken(instantiateToken);
        return publicPartInfo2;
    }

    public static KeyStore getKeyStore(Storage storage, String str, char[] cArr, Provider provider) throws KeyStoreException, NoSuchProviderException, ProviderUtilException, IOException, NoSuchAlgorithmException, CertificateException {
        String str2;
        KeyStore keyStore = KeyStore.getInstance(storage.getName(), provider.getName());
        try {
            loadKeyStore(storage, str, keyStore, cArr);
            return keyStore;
        } catch (IOException e) {
            str2 = "Неверный пароль.";
            if (e.getMessage().contains("password")) {
                throw new ProviderUtilException(ProviderUtilExceptionCode.WRONG_KEYSTORE_PASSWORD, -1, str2, e);
            }
            if (e.getCause() instanceof KalkanException) {
                KalkanException kalkanException = (KalkanException) e.getCause();
                if (kalkanException.getErrorCode().equals(PCSCCode.WRONG_PIN) || kalkanException.getErrorCode().equals(PCSCCode.INVALID_PIN_VALUE)) {
                    Object obj = kalkanException.get("SW");
                    str2 = obj != null ? String.valueOf(str2) + " Код: " + obj : "Неверный пароль.";
                    if (kalkanException.get("RetryCount") != null) {
                        throw new ProviderUtilException(ProviderUtilExceptionCode.WRONG_KEYSTORE_PASSWORD, ((Integer) kalkanException.get("RetryCount")).intValue(), str2, kalkanException);
                    }
                    throw new ProviderUtilException(ProviderUtilExceptionCode.WRONG_KEYSTORE_PASSWORD, -1, str2, kalkanException);
                }
                if (kalkanException.getErrorCode().equals(PCSCCode.BLOCKED_PIN)) {
                    throw new ProviderUtilException(ProviderUtilExceptionCode.BLOCKED_KEYSTORE_PASSWORD, "Пароль заблокирован.", kalkanException);
                }
            }
            throw e;
        }
    }

    @Deprecated
    public static Map<String, KeyStoreEntry> getKeyStoreEntries(Storage storage, String str, char[] cArr, Provider provider) throws IOException, KeyStoreException, NoSuchProviderException, NoSuchAlgorithmException, CertificateException, ProviderUtilException, UnrecoverableKeyException {
        KeyStore keyStore = getKeyStore(storage, str, cArr, provider);
        HashMap hashMap = new HashMap();
        Enumeration<String> aliases = keyStore.aliases();
        while (aliases.hasMoreElements()) {
            String nextElement = aliases.nextElement();
            X509Certificate x509Certificate = (X509Certificate) keyStore.getCertificate(nextElement);
            if (x509Certificate != null) {
                hashMap.put(nextElement, new KeyStoreEntry(nextElement, x509Certificate.getPublicKey().getAlgorithm(), x509Certificate));
            } else {
                try {
                    hashMap.put(nextElement, new KeyStoreEntry(nextElement, keyStore.getKey(nextElement, cArr).getAlgorithm(), null));
                } catch (UnrecoverableKeyException e) {
                    if (!e.getMessage().contains(PCSCCode.INVALID_PRIVKEY.toString())) {
                        throw e;
                    }
                    hashMap.put(nextElement, new KeyStoreEntry(nextElement, AppletConstants.KEY_TYPE_UNKNOWN, null));
                }
            }
        }
        return hashMap;
    }

    public static Map<String, KeyStoreEntry> getKeyStoreEntries(Storage storage, String str, KNCACertificateType kNCACertificateType, char[] cArr, Provider provider) throws IOException, KeyStoreException, NoSuchProviderException, NoSuchAlgorithmException, CertificateException, ProviderUtilException, UnrecoverableKeyException {
        return getKeyStoreEntries(getKeyStore(storage, str, cArr, provider), cArr, kNCACertificateType);
    }

    public static Map<String, KeyStoreEntry> getKeyStoreEntries(KeyStore keyStore, char[] cArr, KNCACertificateType kNCACertificateType) throws KeyStoreException, CertificateException, IOException, CertificateParsingException, ProviderUtilException, NoSuchAlgorithmException, UnrecoverableKeyException {
        HashMap hashMap = new HashMap();
        Enumeration<String> aliases = keyStore.aliases();
        while (aliases.hasMoreElements()) {
            String nextElement = aliases.nextElement();
            X509Certificate x509Certificate = (X509Certificate) keyStore.getCertificate(nextElement);
            if (kNCACertificateType == null) {
                try {
                    hashMap.put(nextElement, new KeyStoreEntry(nextElement, keyStore.getKey(nextElement, cArr).getAlgorithm(), x509Certificate));
                } catch (UnrecoverableKeyException e) {
                    if (!e.getMessage().contains(PCSCCode.INVALID_PRIVKEY.toString())) {
                        throw e;
                    }
                    hashMap.put(nextElement, new KeyStoreEntry(nextElement, AppletConstants.KEY_TYPE_UNKNOWN, null));
                }
            } else if (x509Certificate != null) {
                try {
                    Set<KNCACertificateType> kNCACertificateType2 = X509Util.getKNCACertificateType(x509Certificate);
                    if (kNCACertificateType2 != null && kNCACertificateType2.contains(kNCACertificateType)) {
                        hashMap.put(nextElement, new KeyStoreEntry(nextElement, x509Certificate.getPublicKey().getAlgorithm(), x509Certificate));
                    }
                } catch (ProviderUtilException e2) {
                    if (!e2.getCode().equals(ProviderUtilExceptionCode.UNKNOWN_KNCA_CERTIFICATE_TYPE)) {
                        throw e2;
                    }
                }
            } else {
                continue;
            }
        }
        return hashMap;
    }

    public static Map<String, KeyStoreEntry> getKeyStoreEntries(KeyStore keyStore, char[] cArr) throws KeyStoreException, CertificateException, IOException, CertificateParsingException, ProviderUtilException, NoSuchAlgorithmException, UnrecoverableKeyException {
        return getKeyStoreEntries(keyStore, cArr, null);
    }

    /* JADX WARN: Multi-variable type inference failed */
    public static SigningEntity getSigningEntityChained(KeyStore keyStore, String str, char[] cArr, List<X509Certificate> list) throws UnrecoverableKeyException, KeyStoreException, NoSuchAlgorithmException, ProviderUtilException {
        List arrayList;
        PrivateKey privateKey = (PrivateKey) keyStore.getKey(str, cArr);
        X509Certificate x509Certificate = (X509Certificate) keyStore.getCertificate(str);
        if (list != null) {
            PKIXUtil allowExpired = new PKIXUtil(x509Certificate, list).allowExpired();
            allowExpired.validate();
            arrayList = allowExpired.getCertificateChain();
        } else {
            arrayList = new ArrayList();
            arrayList.add(x509Certificate);
        }
        return new SigningEntity(privateKey, arrayList);
    }

    public static SigningEntity getSigningEntity(KeyStore keyStore, String str, char[] cArr) throws UnrecoverableKeyException, KeyStoreException, NoSuchAlgorithmException, ProviderUtilException {
        return getSigningEntityChained(keyStore, str, cArr, null);
    }

    public static SigningEntity getSigningEntityDefaultChained(KeyStore keyStore, String str, char[] cArr) throws UnrecoverableKeyException, KeyStoreException, NoSuchAlgorithmException, ProviderUtilException {
        return getSigningEntityChained(keyStore, str, cArr, getDefaultCACerts());
    }

    public static String genKeyPairAndGetCSR(Storage storage, String str, String str2, char[] cArr, String str3, int i, X509Name x509Name, X509ExtensionsGenerator x509ExtensionsGenerator, Provider provider) throws ProviderUtilException, KeyStoreException, NoSuchProviderException, CertificateException, IOException, NoSuchAlgorithmException, InvalidAlgorithmParameterException, InvalidKeyException, SignatureException, KalkanException {
        if (validateSignatureAlgorithmId(str3)) {
            throw new ProviderUtilException(ProviderUtilExceptionCode.UNKNOWN_ALGORITHM);
        }
        String str4 = null;
        if (storage.isToken()) {
            str4 = genKeyId();
            if (!storage.equals(Storage.KZIDCARD)) {
                str2 = str4;
            } else {
                if (str2 == null || str2.isEmpty()) {
                    throw new ProviderUtilException(ProviderUtilExceptionCode.KZIDCARD_EMPTY_ALIAS, "Алиас не может быть пустым при генерации ключей на Удостоверение Личности.");
                }
                validateKZIDCARDOwner(str, x509Name);
                str2 = String.valueOf(str2) + str4;
            }
        }
        KeyStore keyStore = getKeyStore(storage, storage.isToken() ? str : null, cArr, provider);
        KeyPair genKeyPair = getKeyPairGenerator(storage, str, str2, str3, i, provider).genKeyPair();
        if (!storage.isToken()) {
            if (str4 == null) {
                str4 = KALKANUtils.getKeyIdFromPK(genKeyPair.getPublic());
            }
            keyStore.setKeyEntry(str4, genKeyPair.getPrivate(), cArr, new Certificate[]{null});
        }
        if (x509ExtensionsGenerator == null) {
            x509ExtensionsGenerator = new X509ExtensionsGenerator();
        }
        x509ExtensionsGenerator.addExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifier(Hex.decode(str4)).getDEREncoded());
        String genPKCS10CertificationRequest = CSRUtil.genPKCS10CertificationRequest(str3, x509Name, genKeyPair.getPublic(), new DERSet(new X509Attribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest.getId(), x509ExtensionsGenerator.generate())), genKeyPair.getPrivate());
        store(getKeyStoreAbsoluteFileName(storage.name(), str, str3, str4), keyStore, cArr);
        return genPKCS10CertificationRequest;
    }

    public static String setX509Certificate(Storage storage, String str, char[] cArr, X509Certificate x509Certificate, Provider provider) throws CertificateException, NoSuchProviderException, IOException, KeyStoreException, NoSuchAlgorithmException, ProviderUtilException {
        String str2;
        boolean z = false;
        String keyId = X509Util.getKeyId(x509Certificate);
        if (storage.isToken()) {
            str2 = str;
        } else {
            str2 = getSuitableKeySoreFilePath(storage, str, keyId, cArr, provider);
            Set<KNCACertificateType> set = null;
            try {
                set = X509Util.getKNCACertificateType(x509Certificate);
            } catch (ProviderUtilException e) {
                if (!e.getCode().equals(ProviderUtilExceptionCode.UNKNOWN_KNCA_CERTIFICATE_TYPE)) {
                    throw e;
                }
            }
            if (set != null && set.contains(KNCACertificateType.AUTHENTICATION)) {
                z = true;
            }
        }
        KeyStore keyStore = getKeyStore(storage, str2, cArr, provider);
        try {
            keyStore.setCertificateEntry(keyId, x509Certificate);
            store(str2, keyStore, cArr);
            if (z) {
                String aUTHFilePath = getAUTHFilePath(str2);
                new File(str2).renameTo(new File(aUTHFilePath));
                str2 = aUTHFilePath;
            }
            return str2;
        } catch (KeyStoreException e2) {
            if (e2.getCause() instanceof KalkanException) {
                KalkanException kalkanException = (KalkanException) e2.getCause();
                if (kalkanException.getErrorCode().equals(PCSCCode.INAPPROPRIATE_CERT)) {
                    throw new ProviderUtilException(ProviderUtilExceptionCode.INAPPROPRIATE_CERT, "Хранилище ключей не содержит открытый ключ, который соответсвует сертификату для установки.", kalkanException);
                }
            }
            throw e2;
        }
    }

    public static void changePassword(Storage storage, String str, char[] cArr, char[] cArr2, Provider provider) throws ProviderUtilException, KeyStoreException, IOException, NoSuchProviderException, NoSuchAlgorithmException, CertificateException, UnrecoverableKeyException {
        validatePasswordPattern(storage, String.valueOf(cArr2));
        KeyStore keyStore = getKeyStore(storage, str, cArr, provider);
        if (storage.isToken()) {
            keyStore.store(null, cArr2);
        } else {
            Map<String, KeyStoreEntry> keyStoreEntries = getKeyStoreEntries(storage, str, null, cArr, provider);
            if (keyStoreEntries == null || keyStoreEntries.isEmpty()) {
                throw new ProviderUtilException(ProviderUtilExceptionCode.CHANGE_PASSWORD_CONSTRAINT, "Для данного типа носителя невозможно сменить пароль до установки соответствующего сертификата.");
            }
            Iterator<String> it = keyStoreEntries.keySet().iterator();
            while (it.hasNext()) {
                if (keyStoreEntries.get(it.next()) == null) {
                    throw new ProviderUtilException(ProviderUtilExceptionCode.CHANGE_PASSWORD_CONSTRAINT, "Для данного типа носителя невозможно сменить пароль до установки соответствующего сертификата.");
                }
            }
            store(str, keyStore, cArr2);
        }
    }

    public static void deleteEntry(Storage storage, String str, char[] cArr, String str2, Provider provider) throws KeyStoreException, NoSuchProviderException, NoSuchAlgorithmException, CertificateException, ProviderUtilException, IOException {
        KeyStore keyStore = getKeyStore(storage, str, cArr, provider);
        if (!storage.isToken()) {
            throw new ProviderUtilException(ProviderUtilExceptionCode.UNKNOWN_STORAGE_FOR_THE_CURRENT_OPERATION);
        }
        keyStore.deleteEntry(str2);
        keyStore.store(null, null);
    }

    private static boolean isSpecifiedToken(String str, Storage storage) {
        try {
            AKToken instantiateToken = TokenDispatcher.INSTANCE.instantiateToken(storage.getName(), str, null);
            System.out.println("tokenid: " + instantiateToken.getTokenId());
            TokenDispatcher.INSTANCE.removeToken(instantiateToken);
            return true;
        } catch (KalkanException e) {
            return false;
        }
    }

    private static void loadKeyStore(Storage storage, String str, KeyStore keyStore, char[] cArr) throws NoSuchAlgorithmException, IOException, CertificateException {
        Throwable th;
        Throwable th2;
        if (storage.isToken()) {
            th = null;
            try {
                InputStream fromString = Streams.fromString(str);
                try {
                    keyStore.load(fromString, cArr);
                    if (fromString != null) {
                        fromString.close();
                        return;
                    }
                    return;
                } catch (Throwable th3) {
                    if (fromString != null) {
                        fromString.close();
                    }
                    throw th3;
                }
            } finally {
            }
        }
        if (str == null) {
            keyStore.load(null);
            return;
        }
        th = null;
        try {
            FileInputStream fileInputStream = new FileInputStream(str);
            try {
                keyStore.load(fileInputStream, cArr);
                if (fileInputStream != null) {
                    fileInputStream.close();
                }
            } catch (Throwable th4) {
                if (fileInputStream != null) {
                    fileInputStream.close();
                }
                throw th4;
            }
        } finally {
        }
    }

    private static void store(String str, KeyStore keyStore, char[] cArr) throws NoSuchAlgorithmException, IOException, CertificateException, KeyStoreException {
        if (!keyStore.getType().equals(Storage.PKCS12.getName()) && !keyStore.getType().equals(Storage.JKS.getName())) {
            keyStore.store(null, null);
            return;
        }
        Throwable th = null;
        try {
            FileOutputStream fileOutputStream = new FileOutputStream(str);
            try {
                keyStore.store(fileOutputStream, cArr);
                if (fileOutputStream != null) {
                    fileOutputStream.close();
                }
            } catch (Throwable th2) {
                if (fileOutputStream != null) {
                    fileOutputStream.close();
                }
                throw th2;
            }
        } catch (Throwable th3) {
            if (0 == 0) {
                th = th3;
            } else if (null != th3) {
                th.addSuppressed(th3);
            }
            throw th;
        }
    }

    private static KeyPairGenerator getKeyPairGenerator(Storage storage, String str, String str2, String str3, int i, Provider provider) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidAlgorithmParameterException, ProviderUtilException, KalkanException {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(str3, provider.getName());
        if (storage.isToken()) {
            AKAlgorithmParameterSpec aKAlgorithmParameterSpec = new AKAlgorithmParameterSpec(str, str2);
            aKAlgorithmParameterSpec.setKeyLength(i);
            keyPairGenerator.initialize(aKAlgorithmParameterSpec);
        } else if (str3.equals(PKCSObjectIdentifiers.sha1WithRSAEncryption.getId())) {
            keyPairGenerator.initialize(i);
        } else if (str3.equals(PKCSObjectIdentifiers.sha256WithRSAEncryption.getId())) {
            keyPairGenerator.initialize(i);
        } else if (str3.equals(CryptoProObjectIdentifiers.gostR3411_94_with_gostR34310_2004.getId())) {
            keyPairGenerator.initialize((AlgorithmParameterSpec) null);
        } else {
            if (!str3.equals(KNCAObjectIdentifiers.gost34311_95_with_gost34310_2004.getId())) {
                throw new ProviderUtilException(ProviderUtilExceptionCode.UNKNOWN_ALGORITHM);
            }
            keyPairGenerator.initialize(new ECGenParameterSpec("Gost34310-2004-PKIGOVKZ-A"));
        }
        return keyPairGenerator;
    }

    private static String getKeyStoreAbsoluteFileName(String str, String str2, String str3, String str4) throws ProviderUtilException {
        Object obj;
        if (str3.equals(PKCSObjectIdentifiers.sha1WithRSAEncryption.getId())) {
            obj = AppletConstants.RSA_FILE_PREFIX;
        } else if (str3.equals(PKCSObjectIdentifiers.sha256WithRSAEncryption.getId())) {
            obj = "RSA256_";
        } else if (str3.equals(CryptoProObjectIdentifiers.gostR3411_94_with_gostR34310_2004.getId())) {
            obj = "GOSTGT_";
        } else {
            if (!str3.equals(KNCAObjectIdentifiers.gost34311_95_with_gost34310_2004.getId())) {
                throw new ProviderUtilException(ProviderUtilExceptionCode.UNKNOWN_ALGORITHM);
            }
            obj = "GOSTKNCA_";
        }
        String str5 = String.valueOf(obj) + str4;
        String str6 = str2.lastIndexOf(System.getProperty("file.separator")) < str2.length() - System.getProperty("file.separator").length() ? String.valueOf(str2) + System.getProperty("file.separator") + str5 : String.valueOf(str2) + str5;
        return str.equals(Storage.PKCS12.getName()) ? String.valueOf(str6) + AppletConstants.P12_EXTENSION : String.valueOf(str6) + AppletConstants.JKS_EXTENSION;
    }

    private static String genKeyId() {
        byte[] bArr = new byte[12];
        new SecureRandom().nextBytes(bArr);
        return Hex.encodeStr(bArr);
    }

    private static boolean validateSignatureAlgorithmId(String str) {
        ArrayList arrayList = new ArrayList();
        arrayList.add(PKCSObjectIdentifiers.sha1WithRSAEncryption.getId());
        arrayList.add(PKCSObjectIdentifiers.sha256WithRSAEncryption.getId());
        arrayList.add(CryptoProObjectIdentifiers.gostR3411_94_with_gostR34310_2004.getId());
        arrayList.add(KNCAObjectIdentifiers.gost34311_95_with_gost34310_2004.getId());
        return arrayList.toString().matches(Pattern.quote(str));
    }

    private static void validateKZIDCARDOwner(String str, X509Name x509Name) throws ProviderUtilException, CertificateException, KalkanException {
        String upperCase = getPublicPartInfo(Storage.KZIDCARD, str, PublicPartInfo.IIN).toUpperCase();
        String upperCase2 = getPublicPartInfo(Storage.KZIDCARD, str, PublicPartInfo.LASTNAME).toUpperCase();
        String upperCase3 = getPublicPartInfo(Storage.KZIDCARD, str, PublicPartInfo.FIRSTNAME).toUpperCase();
        String upperCase4 = getPublicPartInfo(Storage.KZIDCARD, str, PublicPartInfo.MIDDLENAME).toUpperCase();
        String substring = X509Util.getRdn(x509Name, X509Name.SERIALNUMBER, 0).substring(3);
        String rdn = X509Util.getRdn(x509Name, X509Name.CN, 0);
        String rdn2 = X509Util.getRdn(x509Name, X509Name.SURNAME, 0);
        String trim = (rdn == null || rdn2 == null) ? null : rdn.replaceFirst(Pattern.quote(rdn2), ButtonBar.BUTTON_ORDER_NONE).trim();
        if (trim.isEmpty()) {
            trim = null;
        }
        String rdn3 = X509Util.getRdn(x509Name, X509Name.G, 0);
        if (substring == null || !substring.equals(upperCase)) {
            throw new ProviderUtilException(ProviderUtilExceptionCode.INCORRECT_SUBJECTDN_VALUE, "ИИН владельца удостоверение личности и ИИН заявителя не совпадают");
        }
        if (rdn2 != null && (upperCase2 == null || !rdn2.equals(upperCase2))) {
            throw new ProviderUtilException(ProviderUtilExceptionCode.INCORRECT_SUBJECTDN_VALUE, "Фамилия владельца удостоверение личности и фамилия заявителя не совпадают");
        }
        if (trim != null && (upperCase3 == null || !trim.equals(upperCase3))) {
            throw new ProviderUtilException(ProviderUtilExceptionCode.INCORRECT_SUBJECTDN_VALUE, "Имя владельца удостоверение личности и имя заявителя не совпадают");
        }
        if (rdn3 != null) {
            if (upperCase4 == null || !rdn3.equals(upperCase4)) {
                throw new ProviderUtilException(ProviderUtilExceptionCode.INCORRECT_SUBJECTDN_VALUE, "Отчество владельца удостоверение личности и отчество заявителя не совпадают");
            }
        }
    }

    private static void validatePasswordPattern(Storage storage, String str) throws ProviderUtilException {
        int i;
        if (str == null || str.isEmpty()) {
            throw new ProviderUtilException(ProviderUtilExceptionCode.WRONG_PASSWORD_PATTERN, "Пустой пароль не допускается.");
        }
        switch ($SWITCH_TABLE$kz$gov$pki$kalkan$Storage()[storage.ordinal()]) {
            case 1:
            case 3:
            case 7:
                i = 32;
                break;
            case 2:
            default:
                throw new ProviderUtilException(ProviderUtilExceptionCode.UNKNOWN_STORAGE_FOR_THE_CURRENT_OPERATION, "Невозможно сменить пароль для указанного носителя ключей.");
            case 4:
                i = 10;
                break;
            case 5:
            case 6:
                i = 32;
                break;
        }
        Matcher matcher = storage == Storage.PKCS12 ? Pattern.compile("^(?=.*\\d)(?=.*[a-zA-Z])[0-9a-z.?A-Z#$^+=!*()@%&_-]{6,32}$").matcher(str) : Pattern.compile("[0-9a-z.?A-Z#$^+=!*()@%&_-]*$").matcher(str);
        if (str.length() > i || !matcher.matches()) {
            throw new ProviderUtilException(ProviderUtilExceptionCode.WRONG_PASSWORD_PATTERN, "Пароль должен содержать латинские буквы, а также цифры. Максимальная длина для указанного носителя ключей - " + i + " символов.");
        }
    }

    private static String getSuitableKeySoreFilePath(Storage storage, String str, String str2, char[] cArr, Provider provider) throws KeyStoreException, NoSuchProviderException, ProviderUtilException, NoSuchAlgorithmException, CertificateException {
        if (str != null) {
            for (File file : new File(str).listFiles()) {
                String name = file.getName();
                String str3 = ButtonBar.BUTTON_ORDER_NONE;
                int lastIndexOf = name.lastIndexOf(46);
                if (lastIndexOf > 0) {
                    str3 = name.substring(lastIndexOf + 1);
                }
                if (str3.equalsIgnoreCase(P12_EXTENSION) || str3.equalsIgnoreCase(JKS_EXTENSION)) {
                    KeyStore keyStore = null;
                    try {
                        try {
                            keyStore = getKeyStore(storage, file.getAbsolutePath(), cArr, provider);
                        } catch (ProviderUtilException e) {
                            if (e.getCode().equals(ProviderUtilExceptionCode.WRONG_KEYSTORE_PASSWORD)) {
                            }
                        }
                        if (keyStore != null && keyStore.containsAlias(str2)) {
                            return file.getAbsolutePath();
                        }
                    } catch (IOException e2) {
                    }
                }
            }
        }
        throw new ProviderUtilException(ProviderUtilExceptionCode.KEYSTORE_FILE_NOT_FOUND, "По указанному пути \"" + str + "\" отсутствует файл, предназначенный для хранения ключей с алиасом - " + str2 + DOT);
    }

    private static String getAUTHFilePath(String str) {
        File file = new File(str);
        return (file.getName().startsWith("AUTH_") || file.getName().startsWith("auth_")) ? file.getAbsolutePath() : String.valueOf(file.getParent()) + File.separator + "AUTH_" + file.getName();
    }

    public static List<X509Certificate> getDefaultCACerts() {
        if (defaultCACerts == null) {
            try {
                ArrayList arrayList = new ArrayList();
                KeyStore keyStore = KeyStore.getInstance("JKS", KalkanProvider.PROVIDER_NAME);
                keyStore.load(PKIXUtil.class.getResourceAsStream(CA_CERTS_STORE), "knca".toCharArray());
                Enumeration<String> aliases = keyStore.aliases();
                while (aliases.hasMoreElements()) {
                    arrayList.add((X509Certificate) keyStore.getCertificate(aliases.nextElement()));
                }
                defaultCACerts = Collections.unmodifiableList(arrayList);
            } catch (Exception e) {
                System.err.println("Could not fetch CA certificates!");
            }
        }
        return defaultCACerts;
    }

    static /* synthetic */ int[] $SWITCH_TABLE$kz$gov$pki$kalkan$Storage() {
        int[] iArr = $SWITCH_TABLE$kz$gov$pki$kalkan$Storage;
        if (iArr != null) {
            return iArr;
        }
        int[] iArr2 = new int[Storage.values().length];
        try {
            iArr2[Storage.AKEY.ordinal()] = 7;
        } catch (NoSuchFieldError unused) {
        }
        try {
            iArr2[Storage.ETOKEN_72K.ordinal()] = 3;
        } catch (NoSuchFieldError unused2) {
        }
        try {
            iArr2[Storage.JACARTA.ordinal()] = 4;
        } catch (NoSuchFieldError unused3) {
        }
        try {
            iArr2[Storage.JKS.ordinal()] = 5;
        } catch (NoSuchFieldError unused4) {
        }
        try {
            iArr2[Storage.KAZTOKEN.ordinal()] = 1;
        } catch (NoSuchFieldError unused5) {
        }
        try {
            iArr2[Storage.KZIDCARD.ordinal()] = 2;
        } catch (NoSuchFieldError unused6) {
        }
        try {
            iArr2[Storage.PKCS12.ordinal()] = 6;
        } catch (NoSuchFieldError unused7) {
        }
        $SWITCH_TABLE$kz$gov$pki$kalkan$Storage = iArr2;
        return iArr2;
    }
}
