package com.rsa.certj.provider.db.pkcs11;

import com.bea.security.saml2.util.SAML2Constants;
import com.rsa.certj.CertJ;
import com.rsa.certj.InvalidParameterException;
import com.rsa.certj.NotSupportedException;
import com.rsa.certj.Provider;
import com.rsa.certj.ProviderImplementation;
import com.rsa.certj.ProviderManagementException;
import com.rsa.certj.cert.CRL;
import com.rsa.certj.cert.Certificate;
import com.rsa.certj.cert.CertificateException;
import com.rsa.certj.cert.NameException;
import com.rsa.certj.cert.X500Name;
import com.rsa.certj.cert.X509Certificate;
import com.rsa.certj.cert.X509V3Extensions;
import com.rsa.certj.cms.InfoObjectFactory;
import com.rsa.certj.spi.db.DatabaseException;
import com.rsa.certj.spi.db.DatabaseInterface;
import com.rsa.certj.x.d;
import com.rsa.jsafe.JSAFE_Exception;
import com.rsa.jsafe.JSAFE_InvalidParameterException;
import com.rsa.jsafe.JSAFE_PKCS11SessionSpec;
import com.rsa.jsafe.JSAFE_PrivateKey;
import com.rsa.jsafe.JSAFE_PublicKey;
import com.rsa.jsafe.JSAFE_Session;
import com.rsa.jsafe.JSAFE_UnimplementedException;
import java.util.Date;
import java.util.Vector;

/* loaded from: input_file:com/rsa/certj/provider/db/pkcs11/PKCS11DB.class */
public final class PKCS11DB extends Provider {
    private byte[] providerHandle;
    private byte[] contextHandle;
    private JSAFE_Session session;
    private boolean sessionFlag;
    private static final String PASSED_IN_SESSION_IS_NULL = "Passed in session is null.";

    /* loaded from: input_file:com/rsa/certj/provider/db/pkcs11/PKCS11DB$a.class */
    private final class a extends ProviderImplementation implements DatabaseInterface {
        private final Object b;
        private final Object c;
        private final Object d;
        private final Object e;
        private byte[] f;
        private byte[] g;
        private X509Certificate h;
        private static final String i = "PKCS11DBProvider.insertCertificate: ";
        private static final String j = "PKCS11DBProvider.insertPrivateKeyByCertificate: ";
        private static final String k = "PKCS11DBProvider.insertPrivateKeyByPublicKey: ";
        private static final String l = "PKCS11DBProvider.selectCertificate: Session is not open.";
        private static final String m = "PKCS11 DB provider does not support ";
        private static final String n = "PKCS11";
        private static final int o = 7;
        private static final int p = 0;

        private a(CertJ certJ, String str) throws InvalidParameterException {
            super(certJ, str);
            this.b = new Object();
            this.c = new Object();
            this.d = new Object();
            this.e = new Object();
        }

        @Override // com.rsa.certj.spi.db.DatabaseInterface
        public void insertCertificate(Certificate certificate) throws DatabaseException {
            if (certificate == null) {
                throw new DatabaseException("PKCS11DBProvider.insertCertificate: cert should not be null.");
            }
            if (PKCS11DB.this.providerHandle == null) {
                throw new DatabaseException("PKCS11DBProvider.insertCertificate: Session is not open. Cert-C DB Provider is not initialized.");
            }
            if (PKCS11DB.this.contextHandle == null) {
                throw new DatabaseException("PKCS11DBProvider.insertCertificate: Session is not open. Cert-C context object is not initialized.");
            }
            X500Name issuerName = ((X509Certificate) certificate).getIssuerName();
            byte[] serialNumber = ((X509Certificate) certificate).getSerialNumber();
            if (issuerName == null || serialNumber == null) {
                throw new DatabaseException("PKCS11DBProvider.insertCertificate: invalid certificate. IssuerName or SerialNumber is null.");
            }
            try {
                int dERLen = ((X509Certificate) certificate).getDERLen(0);
                if (dERLen == 0) {
                    throw new DatabaseException("PKCS11DBProvider.insertCertificate: invalid certificate. Cannot DER-encode certificate.");
                }
                byte[] bArr = new byte[dERLen];
                if (((X509Certificate) certificate).getDEREncoding(bArr, 0, 0) == 0) {
                    throw new DatabaseException("PKCS11DBProvider.insertCertificate: invalid certificate. Cannot DER-encode certificate.");
                }
                synchronized (this.b) {
                    if (PKCS11DB.this.nativeInsertCertificate(bArr, PKCS11DB.this.providerHandle, PKCS11DB.this.contextHandle) != 0) {
                        throw new DatabaseException("PKCS11DBProvider.insertCertificate: unable to insert certificate");
                    }
                }
            } catch (CertificateException e) {
                throw new DatabaseException("PKCS11DBProvider.insertCertificate: invalid certificate.", e);
            }
        }

        @Override // com.rsa.certj.spi.db.DatabaseInterface
        public void insertCRL(CRL crl) throws NotSupportedException {
            throw new NotSupportedException("insertCRL method is not supported by PKCS11DB provider.");
        }

        @Override // com.rsa.certj.spi.db.DatabaseInterface
        public void insertPrivateKeyByCertificate(Certificate certificate, JSAFE_PrivateKey jSAFE_PrivateKey) throws DatabaseException {
            if (certificate == null || jSAFE_PrivateKey == null) {
                throw new DatabaseException("PKCS11DBImplementation.insertPrivateKeyByCertificate: cert and private key should not be null");
            }
            if (PKCS11DB.this.providerHandle == null) {
                throw new DatabaseException("PKCS11DBProvider.insertPrivateKey: Session is not open.");
            }
            synchronized (this.c) {
                if (selectPrivateKeyByCertificate(certificate) != null) {
                    return;
                }
                try {
                    byte[] a = a(jSAFE_PrivateKey);
                    byte[] subjectPublicKeyBER = certificate.getSubjectPublicKeyBER();
                    if (subjectPublicKeyBER == null) {
                        throw new DatabaseException("PKCS11DBImplementation.insertPrivateKeyByCertificate: Public key in certificate is null.");
                    }
                    synchronized (this.c) {
                        if (PKCS11DB.this.nativeInsertPrivateKey(subjectPublicKeyBER, a, PKCS11DB.this.providerHandle) != 0) {
                            throw new DatabaseException("PKCS11DBProvider.insertPrivateKeyByCertificate: unable to insert private key");
                        }
                    }
                } catch (CertificateException e) {
                    throw new DatabaseException("PKCS11DBImplementation.insertPrivateKeyByCertificate.", e);
                }
            }
        }

        private byte[] a(JSAFE_PrivateKey jSAFE_PrivateKey) throws DatabaseException {
            byte[][] bArr = (byte[][]) null;
            try {
                String[] supportedGetFormats = jSAFE_PrivateKey.getSupportedGetFormats();
                int i2 = 0;
                while (i2 < supportedGetFormats.length) {
                    if (supportedGetFormats[i2].equals("RSAPrivateKeyBER") || supportedGetFormats[i2].equals("DSAPrivateKeyBER") || supportedGetFormats[i2].equals("DSAPrivateKeyX957BER")) {
                        bArr = jSAFE_PrivateKey.getKeyData(supportedGetFormats[i2]);
                        break;
                    }
                    i2++;
                }
                if (i2 == supportedGetFormats.length) {
                    throw new DatabaseException("PKCS11DBProvider.insertPrivateKeyByCertificate: cannot get private key BER data.");
                }
                if (bArr == null || bArr.length == 0 || bArr[0] == null) {
                    throw new DatabaseException("PKCS11DBProvider.insertPrivateKeyByCertificate: cannot get private key data");
                }
                return bArr[0];
            } catch (JSAFE_UnimplementedException e) {
                throw new DatabaseException(j, e);
            }
        }

        private byte[] a(JSAFE_PublicKey jSAFE_PublicKey) throws DatabaseException {
            byte[][] bArr = (byte[][]) null;
            try {
                String[] supportedGetFormats = jSAFE_PublicKey.getSupportedGetFormats();
                int i2 = 0;
                while (i2 < supportedGetFormats.length) {
                    if (supportedGetFormats[i2].equals("RSAPublicKeyBER") || supportedGetFormats[i2].equals("DSAPublicKeyBER") || supportedGetFormats[i2].equals("DSAPublicKeyX957BER")) {
                        bArr = jSAFE_PublicKey.getKeyData(supportedGetFormats[i2]);
                        break;
                    }
                    i2++;
                }
                if (i2 == supportedGetFormats.length) {
                    throw new DatabaseException("PKCS11DBProvider.insertPrivateKeyByPublicKey: cannot get public key BER data.");
                }
                if (bArr == null || bArr.length == 0 || bArr[0] == null) {
                    throw new DatabaseException("PKCS11DBProvider.insertPrivateKeyByPublicKey: cannot get public key data.");
                }
                return bArr[0];
            } catch (JSAFE_UnimplementedException e) {
                throw new DatabaseException(k, e);
            }
        }

        @Override // com.rsa.certj.spi.db.DatabaseInterface
        public void insertPrivateKeyByPublicKey(JSAFE_PublicKey jSAFE_PublicKey, JSAFE_PrivateKey jSAFE_PrivateKey) throws DatabaseException {
            if (jSAFE_PublicKey == null || jSAFE_PrivateKey == null) {
                throw new DatabaseException("PKCS11DBProvider.insertPrivateKeyByPublicKey: Neither publicKey nor privateKey should be null.");
            }
            if (PKCS11DB.this.providerHandle == null) {
                throw new DatabaseException("PKCS11DBProvider.insertPrivateKey: Session is not open.");
            }
            synchronized (this.c) {
                if (selectPrivateKeyByPublicKey(jSAFE_PublicKey) != null) {
                    return;
                }
                byte[] a = a(jSAFE_PrivateKey);
                byte[] a2 = a(jSAFE_PublicKey);
                synchronized (this.c) {
                    if (PKCS11DB.this.nativeInsertPrivateKey(a2, a, PKCS11DB.this.providerHandle) != 0) {
                        throw new DatabaseException("PKCS11DBProvider.insertPrivateKeyByPublicKey: unable to insert private key");
                    }
                }
            }
        }

        @Override // com.rsa.certj.spi.db.DatabaseInterface
        public int selectCertificateByIssuerAndSerialNumber(X500Name x500Name, byte[] bArr, Vector vector) throws DatabaseException {
            byte[][] nativeSelectCertByIssuerSerial;
            if (x500Name == null || bArr == null) {
                throw new DatabaseException("PKCS11DBProvider.Neither issuerName nor serialNumber should be null.");
            }
            if (PKCS11DB.this.providerHandle == null) {
                throw new DatabaseException(l);
            }
            byte[] bArr2 = new byte[x500Name.getDERLen(0)];
            try {
                if (x500Name.getDEREncoding(bArr2, 0, 0) == 0) {
                    throw new DatabaseException("PKCS11DBProvider: Invalid IssuerName. Cannot DER-encode IssuerName.");
                }
                synchronized (this.b) {
                    nativeSelectCertByIssuerSerial = PKCS11DB.this.nativeSelectCertByIssuerSerial(bArr2, bArr, PKCS11DB.this.providerHandle);
                }
                if (nativeSelectCertByIssuerSerial == null) {
                    return 0;
                }
                int i2 = 0;
                for (byte[] bArr3 : nativeSelectCertByIssuerSerial) {
                    try {
                        X509Certificate x509Certificate = new X509Certificate(bArr3, 0, 0);
                        if (!vector.contains(x509Certificate)) {
                            vector.addElement(x509Certificate);
                            i2++;
                        }
                    } catch (CertificateException e) {
                        throw new DatabaseException("PKCS11DBProvider: Invalid certificate.", e);
                    }
                }
                return i2;
            } catch (NameException e2) {
                throw new DatabaseException("PKCS11DBProvider: Invalid IssuerName.", e2);
            }
        }

        @Override // com.rsa.certj.spi.db.DatabaseInterface
        public int selectCertificateBySubject(X500Name x500Name, Vector vector) throws DatabaseException {
            byte[][] nativeSelectCertBySubject;
            if (x500Name == null) {
                throw new DatabaseException("PKCS11DBProvider.selectCertificateBySubject: subjectName should not be null.");
            }
            if (PKCS11DB.this.providerHandle == null) {
                throw new DatabaseException(l);
            }
            byte[] bArr = new byte[x500Name.getDERLen(0)];
            try {
                if (x500Name.getDEREncoding(bArr, 0, 0) == 0) {
                    throw new DatabaseException("PKCS11DBProvider: Invalid SubjectName. Cannot DER-encode SubjectName.");
                }
                synchronized (this.b) {
                    nativeSelectCertBySubject = PKCS11DB.this.nativeSelectCertBySubject(bArr, PKCS11DB.this.providerHandle);
                }
                if (nativeSelectCertBySubject == null) {
                    return 0;
                }
                int i2 = 0;
                for (byte[] bArr2 : nativeSelectCertBySubject) {
                    try {
                        X509Certificate x509Certificate = new X509Certificate(bArr2, 0, 0);
                        if (!vector.contains(x509Certificate)) {
                            vector.addElement(x509Certificate);
                            i2++;
                        }
                    } catch (CertificateException e) {
                        throw new DatabaseException("PKCS11DBProvider: Invalid certificate.", e);
                    }
                }
                return i2;
            } catch (NameException e2) {
                throw new DatabaseException("PKCS11DBProvider: Invalid SubjectName.", e2);
            }
        }

        @Override // com.rsa.certj.spi.db.DatabaseInterface
        public int selectCertificateByExtensions(X500Name x500Name, X509V3Extensions x509V3Extensions, Vector vector) throws DatabaseException {
            byte[][] nativeSelectCertByExtensions;
            if (x500Name == null || x509V3Extensions == null) {
                throw new DatabaseException("PKCS11DBProvider.selectCertificateByExtensions: Either baseName or extensions should have a non-null value.");
            }
            if (PKCS11DB.this.providerHandle == null) {
                throw new DatabaseException(l);
            }
            if (PKCS11DB.this.contextHandle == null) {
                throw new DatabaseException(l);
            }
            byte[] bArr = new byte[x500Name.getDERLen(0)];
            try {
                if (x500Name.getDEREncoding(bArr, 0, 0) == 0) {
                    throw new DatabaseException("PKCS11DBProvider: Invalid BaseName. Cannot DER-encode BaseName.");
                }
                byte[] bArr2 = new byte[x509V3Extensions.getDERLen(0)];
                if (x509V3Extensions.getDEREncoding(bArr2, 0, 0) == 0) {
                    throw new DatabaseException("PKCS11DBProvider: Invalid extensions. Cannot DER-encode extensions.");
                }
                synchronized (this.b) {
                    nativeSelectCertByExtensions = PKCS11DB.this.nativeSelectCertByExtensions(bArr, bArr2, PKCS11DB.this.providerHandle, PKCS11DB.this.contextHandle);
                }
                if (nativeSelectCertByExtensions == null) {
                    return 0;
                }
                int i2 = 0;
                for (byte[] bArr3 : nativeSelectCertByExtensions) {
                    try {
                        X509Certificate x509Certificate = new X509Certificate(bArr3, 0, 0);
                        if (!vector.contains(x509Certificate)) {
                            vector.addElement(x509Certificate);
                            i2++;
                        }
                    } catch (CertificateException e) {
                        throw new DatabaseException("PKCS11DBProvider: Invalid certificate.", e);
                    }
                }
                return i2;
            } catch (NameException e2) {
                throw new DatabaseException("PKCS11DBProvider: Invalid BaseName.", e2);
            }
        }

        @Override // com.rsa.certj.spi.db.DatabaseInterface
        public boolean isCertificateIteratorSetup() {
            boolean z;
            synchronized (this.d) {
                z = this.f != null;
            }
            return z;
        }

        @Override // com.rsa.certj.spi.db.DatabaseInterface
        public void setupCertificateIterator() {
            synchronized (this.d) {
                this.f = new byte[4];
                this.f[0] = 0;
                this.f[1] = 0;
                this.f[2] = 0;
                this.f[3] = 0;
                this.h = null;
            }
        }

        @Override // com.rsa.certj.spi.db.DatabaseInterface
        public Certificate firstCertificate() throws DatabaseException {
            if (PKCS11DB.this.providerHandle == null) {
                throw new DatabaseException("PKCS11DBProvider.firstCertificate: Session is not open.");
            }
            setupCertificateIterator();
            synchronized (this.d) {
                byte[] nativeFirstCertificate = PKCS11DB.this.nativeFirstCertificate(this.f, PKCS11DB.this.providerHandle);
                if (nativeFirstCertificate == null) {
                    this.f = null;
                    return null;
                }
                try {
                    return new X509Certificate(nativeFirstCertificate, 0, 0);
                } catch (CertificateException e) {
                    throw new DatabaseException("PKCS11DBProvider.", e);
                }
            }
        }

        @Override // com.rsa.certj.spi.db.DatabaseInterface
        public Certificate nextCertificate() throws DatabaseException {
            if (PKCS11DB.this.providerHandle == null) {
                throw new DatabaseException("PKCS11DBProvider.nextCertificate: Session is not open.");
            }
            if (!isCertificateIteratorSetup()) {
                throw new DatabaseException("PKCS11DBProvider.nextCertificate: iterator is not set up.");
            }
            synchronized (this.d) {
                if (this.h != null) {
                    X509Certificate x509Certificate = this.h;
                    this.h = null;
                    return x509Certificate;
                }
                byte[] nativeFirstCertificate = (this.f[0] == 0 && this.f[1] == 0 && this.f[2] == 0 && this.f[3] == 0) ? PKCS11DB.this.nativeFirstCertificate(this.f, PKCS11DB.this.providerHandle) : PKCS11DB.this.nativeNextCertificate(this.f, PKCS11DB.this.providerHandle);
                if (nativeFirstCertificate == null) {
                    this.f = null;
                    return null;
                }
                try {
                    return new X509Certificate(nativeFirstCertificate, 0, 0);
                } catch (CertificateException e) {
                    throw new DatabaseException("PKCS11DBProvider.", e);
                }
            }
        }

        @Override // com.rsa.certj.spi.db.DatabaseInterface
        public boolean hasMoreCertificates() throws DatabaseException {
            synchronized (this.d) {
                if (!isCertificateIteratorSetup()) {
                    setupCertificateIterator();
                }
                if (this.h != null) {
                    return true;
                }
                this.h = (X509Certificate) nextCertificate();
                return this.h != null;
            }
        }

        @Override // com.rsa.certj.spi.db.DatabaseInterface
        public int selectCRLByIssuerAndTime(X500Name x500Name, Date date, Vector vector) throws NotSupportedException {
            throw new NotSupportedException("PKCS11 DB provider does not support selectCRLByIssuerAndTime method.");
        }

        @Override // com.rsa.certj.spi.db.DatabaseInterface
        public boolean isCRLIteratorSetup() throws NotSupportedException {
            throw new NotSupportedException("PKCS11 DB provider does not support isCRLIteratorSetup() method");
        }

        @Override // com.rsa.certj.spi.db.DatabaseInterface
        public void setupCRLIterator() throws NotSupportedException {
            throw new NotSupportedException("PKCS11 DB provider does not support setupCRLIterator() method");
        }

        @Override // com.rsa.certj.spi.db.DatabaseInterface
        public CRL firstCRL() throws NotSupportedException {
            throw new NotSupportedException("PKCS11 DB provider does not support firstCRL() method");
        }

        @Override // com.rsa.certj.spi.db.DatabaseInterface
        public CRL nextCRL() throws NotSupportedException {
            throw new NotSupportedException("PKCS11 DB provider does not support nextCRL() method");
        }

        @Override // com.rsa.certj.spi.db.DatabaseInterface
        public boolean hasMoreCRLs() throws NotSupportedException {
            throw new NotSupportedException("PKCS11 DB provider does not support hasMoreCRLs() method");
        }

        private JSAFE_PrivateKey a(byte[][] bArr) throws DatabaseException {
            JSAFE_PrivateKey jSAFE_PrivateKey = null;
            try {
                if (bArr.length == 1) {
                    jSAFE_PrivateKey = d.d(bArr[0], 0, "Java", this.context.b);
                } else if (bArr[0] != null && bArr[1] != null && bArr[1].length >= 8) {
                    if (bArr[1][7] == 0) {
                        jSAFE_PrivateKey = d.i("RSA", n, this.context.b);
                    } else if (bArr[1][7] == 1) {
                        jSAFE_PrivateKey = d.i(SAML2Constants.DSA_KEY_TYPE, n, this.context.b);
                    } else {
                        if (bArr[1][7] != 2) {
                            throw new DatabaseException("PKCS11DBImplementation.selectPrivateKeyByCertificate: Invalid Private key - unknown algorithm: " + ((int) bArr[1][7]));
                        }
                        jSAFE_PrivateKey = d.i(InfoObjectFactory.KEYAGREE_DH, n, this.context.b);
                    }
                    jSAFE_PrivateKey.setKeyData("KeyToken", bArr);
                }
                return jSAFE_PrivateKey;
            } catch (JSAFE_Exception e) {
                throw new DatabaseException("Cannot set the private key data.", e);
            }
        }

        @Override // com.rsa.certj.spi.db.DatabaseInterface
        public JSAFE_PrivateKey selectPrivateKeyByCertificate(Certificate certificate) throws DatabaseException {
            byte[][] nativeSelectPrivateKey;
            if (certificate == null) {
                throw new DatabaseException("PKCS11DBImplementation.selectPrivateKeyByCertificate: cert should not be null.");
            }
            if (PKCS11DB.this.providerHandle == null) {
                throw new DatabaseException("PKCS11DBProvider.selectPrivateKey: Session is not open.");
            }
            try {
                byte[] subjectPublicKeyBER = certificate.getSubjectPublicKeyBER();
                if (subjectPublicKeyBER == null) {
                    throw new DatabaseException("Cert does not contain public key info.");
                }
                synchronized (this.c) {
                    nativeSelectPrivateKey = PKCS11DB.this.nativeSelectPrivateKey(subjectPublicKeyBER, PKCS11DB.this.providerHandle);
                }
                if (nativeSelectPrivateKey == null) {
                    return null;
                }
                return a(nativeSelectPrivateKey);
            } catch (CertificateException e) {
                throw new DatabaseException("PKCS11DBImplementation.selectPrivateKeyByCertificate: ", e);
            }
        }

        @Override // com.rsa.certj.spi.db.DatabaseInterface
        public JSAFE_PrivateKey selectPrivateKeyByPublicKey(JSAFE_PublicKey jSAFE_PublicKey) throws DatabaseException {
            byte[][] nativeSelectPrivateKey;
            if (jSAFE_PublicKey == null) {
                throw new DatabaseException("PKCS11DBImplementation.selectPrivateKeyByPublicKey: publicKey should not be null.");
            }
            if (PKCS11DB.this.providerHandle == null) {
                throw new DatabaseException("PKCS11DBProvider.selectPrivateKey: Session is not open.");
            }
            byte[] a = a(jSAFE_PublicKey);
            synchronized (this.c) {
                nativeSelectPrivateKey = PKCS11DB.this.nativeSelectPrivateKey(a, PKCS11DB.this.providerHandle);
            }
            if (nativeSelectPrivateKey == null) {
                return null;
            }
            return a(nativeSelectPrivateKey);
        }

        @Override // com.rsa.certj.spi.db.DatabaseInterface
        public boolean isPrivateKeyIteratorSetup() {
            boolean z;
            synchronized (this.e) {
                z = this.g != null;
            }
            return z;
        }

        @Override // com.rsa.certj.spi.db.DatabaseInterface
        public void setupPrivateKeyIterator() {
            synchronized (this.e) {
                this.g = new byte[4];
                this.g[0] = 0;
                this.g[1] = 0;
                this.g[2] = 0;
                this.g[3] = 0;
            }
        }

        @Override // com.rsa.certj.spi.db.DatabaseInterface
        public JSAFE_PrivateKey firstPrivateKey() throws DatabaseException {
            if (PKCS11DB.this.providerHandle == null) {
                throw new DatabaseException("PKCS11DBProvider.firstPrivateKey: Session is not open.");
            }
            setupPrivateKeyIterator();
            synchronized (this.e) {
                byte[][] nativeFirstPrivateKey = PKCS11DB.this.nativeFirstPrivateKey(this.g, PKCS11DB.this.providerHandle);
                if (nativeFirstPrivateKey != null) {
                    return a(nativeFirstPrivateKey);
                }
                this.g = null;
                return null;
            }
        }

        @Override // com.rsa.certj.spi.db.DatabaseInterface
        public JSAFE_PrivateKey nextPrivateKey() throws DatabaseException {
            if (PKCS11DB.this.providerHandle == null) {
                throw new DatabaseException("PKCS11DBProvider.nextPrivateKey: Session is not open.");
            }
            if (!isPrivateKeyIteratorSetup()) {
                throw new DatabaseException("PKCS11DBProvider.nextPrivateKey: iterator is not set up.");
            }
            synchronized (this.e) {
                byte[][] nativeFirstPrivateKey = (this.g[0] == 0 && this.g[1] == 0 && this.g[2] == 0 && this.g[3] == 0) ? PKCS11DB.this.nativeFirstPrivateKey(this.g, PKCS11DB.this.providerHandle) : PKCS11DB.this.nativeNextPrivateKey(this.g, PKCS11DB.this.providerHandle);
                if (nativeFirstPrivateKey != null) {
                    return a(nativeFirstPrivateKey);
                }
                this.g = null;
                return null;
            }
        }

        @Override // com.rsa.certj.spi.db.DatabaseInterface
        public boolean hasMorePrivateKeys() throws NotSupportedException {
            throw new NotSupportedException("PKCS11 DB provider does not support hasMorePrivateKeys() method");
        }

        @Override // com.rsa.certj.spi.db.DatabaseInterface
        public void deleteCertificate(X500Name x500Name, byte[] bArr) throws DatabaseException {
            int nativeDeleteCert;
            if (x500Name == null || bArr == null) {
                throw new DatabaseException("PKCS11DBImplementation.deleteCertificate: Neither issuerName nor serialNumber should be null.");
            }
            if (PKCS11DB.this.providerHandle == null) {
                throw new DatabaseException("PKCS11DBProvider.deleteCertificate: Session is not open. Cert-C DB provider is not initialized.");
            }
            if (PKCS11DB.this.contextHandle == null) {
                throw new DatabaseException("PKCS11DBProvider.deleteCertificate: Session is not open. Cert-C context object is not initialized.");
            }
            byte[] bArr2 = new byte[x500Name.getDERLen(0)];
            try {
                if (x500Name.getDEREncoding(bArr2, 0, 0) == 0) {
                    throw new DatabaseException("PKCS11DBProvider: Invalid IssuerName. Cannot DER-encode Issuer Name.");
                }
                synchronized (this.b) {
                    nativeDeleteCert = PKCS11DB.this.nativeDeleteCert(bArr2, bArr, PKCS11DB.this.providerHandle, PKCS11DB.this.contextHandle);
                }
                if (nativeDeleteCert != 0) {
                    throw new DatabaseException("PKCS11DBProvider: Unable to delete certificate.");
                }
            } catch (NameException e) {
                throw new DatabaseException("PKCS11DBProvider: Invalid IssuerName.", e);
            }
        }

        @Override // com.rsa.certj.spi.db.DatabaseInterface
        public void deleteCRL(X500Name x500Name, Date date) throws NotSupportedException {
            throw new NotSupportedException("deleteCRL method is not supported by PKCS11DB provider.");
        }

        @Override // com.rsa.certj.spi.db.DatabaseInterface
        public void deletePrivateKeyByCertificate(Certificate certificate) throws DatabaseException {
            int nativeDeletePrivateKey;
            if (certificate == null) {
                throw new DatabaseException("PKCS11DBImplementation.deletePrivateKeyByCertificate: cert should not be null.");
            }
            if (PKCS11DB.this.providerHandle == null) {
                throw new DatabaseException("PKCS11DBProvider.deletePrivateKey: Session is not open.");
            }
            try {
                byte[] subjectPublicKeyBER = certificate.getSubjectPublicKeyBER();
                if (subjectPublicKeyBER == null) {
                    throw new DatabaseException("PKCS11DBProvider: cert is missing public Key.");
                }
                synchronized (this.c) {
                    nativeDeletePrivateKey = PKCS11DB.this.nativeDeletePrivateKey(subjectPublicKeyBER, PKCS11DB.this.providerHandle);
                }
                if (nativeDeletePrivateKey != 0) {
                    throw new DatabaseException("PKCS11DBProvider: Unable to delete private key.");
                }
            } catch (CertificateException e) {
                throw new DatabaseException("PKCS11DBProvider: invalid cert.", e);
            }
        }

        @Override // com.rsa.certj.spi.db.DatabaseInterface
        public void deletePrivateKeyByPublicKey(JSAFE_PublicKey jSAFE_PublicKey) throws DatabaseException {
            int nativeDeletePrivateKey;
            if (jSAFE_PublicKey == null) {
                throw new DatabaseException("PKCS11DBImplementation.deletePrivateKeyByPublicKey: publicKey should not be null.");
            }
            if (PKCS11DB.this.providerHandle == null) {
                throw new DatabaseException("PKCS11DBProvider.deletePrivateKey: Session is not open.");
            }
            byte[] a = a(jSAFE_PublicKey);
            synchronized (this.c) {
                nativeDeletePrivateKey = PKCS11DB.this.nativeDeletePrivateKey(a, PKCS11DB.this.providerHandle);
            }
            if (nativeDeletePrivateKey != 0) {
                throw new DatabaseException("PKCS11DB: Unable to delete private key.");
            }
        }

        @Override // com.rsa.certj.ProviderImplementation
        public void unregister() {
            if (PKCS11DB.this.providerHandle != null) {
                PKCS11DB.this.nativeFinalizeSession(PKCS11DB.this.providerHandle, PKCS11DB.this.contextHandle);
            }
            if (PKCS11DB.this.sessionFlag) {
                PKCS11DB.this.session.clearSensitiveData();
                PKCS11DB.this.session.closeSession();
            }
            PKCS11DB.this.providerHandle = null;
            PKCS11DB.this.contextHandle = null;
        }

        protected void finalize() {
            unregister();
        }
    }

    public PKCS11DB(String str, JSAFE_Session jSAFE_Session) throws InvalidParameterException {
        super(1, str);
        if (jSAFE_Session == null) {
            throw new InvalidParameterException(PASSED_IN_SESSION_IS_NULL);
        }
        this.session = jSAFE_Session;
        createProvider(str, jSAFE_Session);
    }

    public PKCS11DB(String str, JSAFE_PKCS11SessionSpec jSAFE_PKCS11SessionSpec) throws InvalidParameterException {
        super(1, str);
        if (jSAFE_PKCS11SessionSpec == null) {
            throw new InvalidParameterException("Spec is null.");
        }
        try {
            this.session = JSAFE_Session.getInstance(jSAFE_PKCS11SessionSpec);
            this.sessionFlag = true;
            createProvider(str, this.session);
        } catch (JSAFE_InvalidParameterException e) {
            throw new InvalidParameterException("Cannot create PKCS#11 session.", e);
        }
    }

    public PKCS11DB(String str, String str2, String str3, char[] cArr, int i, int i2) throws InvalidParameterException {
        super(1, str);
        try {
            JSAFE_PKCS11SessionSpec jSAFE_PKCS11SessionSpec = new JSAFE_PKCS11SessionSpec(str2, str3, cArr, i, i2);
            this.session = JSAFE_Session.getInstance(jSAFE_PKCS11SessionSpec);
            this.sessionFlag = true;
            createProvider(str, this.session);
            jSAFE_PKCS11SessionSpec.clearSensitiveData();
        } catch (JSAFE_InvalidParameterException e) {
            throw new InvalidParameterException("Cannot create PKCS#11 session.", e);
        }
    }

    private void createProvider(String str, JSAFE_Session jSAFE_Session) throws InvalidParameterException {
        if (jSAFE_Session == null) {
            throw new InvalidParameterException(PASSED_IN_SESSION_IS_NULL);
        }
        JSAFE_PKCS11SessionSpec sessionSpec = jSAFE_Session.getSessionSpec();
        if (sessionSpec == null) {
            throw new InvalidParameterException("Passed in session does not contain spec.");
        }
        byte[] sessionHandle = sessionSpec.getSessionHandle(jSAFE_Session);
        if (sessionHandle == null) {
            throw new InvalidParameterException("Invalid PKCS#11 session: sessionHandle is null.");
        }
        byte[] cryptokiFunctions = sessionSpec.getCryptokiFunctions(jSAFE_Session);
        if (cryptokiFunctions == null) {
            throw new InvalidParameterException("Invalid PKCS#11 session: cryptoki function list is null.");
        }
        this.contextHandle = new byte[cryptokiFunctions.length];
        this.providerHandle = nativeInitCertCtx(str, sessionHandle, cryptokiFunctions, this.contextHandle);
        if (this.providerHandle == null) {
            throw new InvalidParameterException("PKCS11DB: cannot create provider.");
        }
    }

    @Override // com.rsa.certj.Provider
    public ProviderImplementation instantiate(CertJ certJ) throws ProviderManagementException {
        try {
            return new a(certJ, getName());
        } catch (InvalidParameterException e) {
            throw new ProviderManagementException("PKCS11DB.instantiate.", e);
        }
    }

    public String toString() {
        return "PKCS11 database provider named: " + super.getName();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public native int nativeInsertCertificate(byte[] bArr, byte[] bArr2, byte[] bArr3);

    private native byte[] nativeInitCertCtx(String str, byte[] bArr, byte[] bArr2, byte[] bArr3);

    /* JADX INFO: Access modifiers changed from: private */
    public native int nativeInsertPrivateKey(byte[] bArr, byte[] bArr2, byte[] bArr3);

    /* JADX INFO: Access modifiers changed from: private */
    public native byte[][] nativeSelectCertByIssuerSerial(byte[] bArr, byte[] bArr2, byte[] bArr3);

    /* JADX INFO: Access modifiers changed from: private */
    public native byte[][] nativeSelectCertBySubject(byte[] bArr, byte[] bArr2);

    /* JADX INFO: Access modifiers changed from: private */
    public native byte[][] nativeSelectCertByExtensions(byte[] bArr, byte[] bArr2, byte[] bArr3, byte[] bArr4);

    /* JADX INFO: Access modifiers changed from: private */
    public native byte[][] nativeSelectPrivateKey(byte[] bArr, byte[] bArr2);

    /* JADX INFO: Access modifiers changed from: private */
    public native byte[] nativeFirstCertificate(byte[] bArr, byte[] bArr2);

    /* JADX INFO: Access modifiers changed from: private */
    public native byte[] nativeNextCertificate(byte[] bArr, byte[] bArr2);

    /* JADX INFO: Access modifiers changed from: private */
    public native int nativeDeleteCert(byte[] bArr, byte[] bArr2, byte[] bArr3, byte[] bArr4);

    /* JADX INFO: Access modifiers changed from: private */
    public native byte[][] nativeFirstPrivateKey(byte[] bArr, byte[] bArr2);

    /* JADX INFO: Access modifiers changed from: private */
    public native byte[][] nativeNextPrivateKey(byte[] bArr, byte[] bArr2);

    /* JADX INFO: Access modifiers changed from: private */
    public native int nativeDeletePrivateKey(byte[] bArr, byte[] bArr2);

    /* JADX INFO: Access modifiers changed from: private */
    public native void nativeFinalizeSession(byte[] bArr, byte[] bArr2);

    static {
        System.loadLibrary("certJpkcs11");
    }
}
