package sun.security.pkcs11;

import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.io.NotSerializableException;
import java.io.ObjectStreamException;
import java.io.Serializable;
import java.security.AccessController;
import java.security.AuthProvider;
import java.security.InvalidParameterException;
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import java.security.PrivilegedAction;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.security.Provider;
import java.security.ProviderException;
import java.security.Security;
import java.security.SecurityPermission;
import java.security.interfaces.DSAPrivateKey;
import java.security.interfaces.DSAPublicKey;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.text.MessageFormat;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.crypto.interfaces.DHPrivateKey;
import javax.crypto.interfaces.DHPublicKey;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.login.FailedLoginException;
import javax.security.auth.login.LoginException;
import sun.security.ec.ECParameters;
import sun.security.pkcs11.Secmod;
import sun.security.pkcs11.wrapper.CK_C_INITIALIZE_ARGS;
import sun.security.pkcs11.wrapper.CK_INFO;
import sun.security.pkcs11.wrapper.CK_MECHANISM_INFO;
import sun.security.pkcs11.wrapper.CK_SLOT_INFO;
import sun.security.pkcs11.wrapper.Functions;
import sun.security.pkcs11.wrapper.PKCS11;
import sun.security.pkcs11.wrapper.PKCS11Constants;
import sun.security.pkcs11.wrapper.PKCS11Exception;
import sun.security.util.Debug;
import sun.security.util.ResourcesMgr;

/* loaded from: input_file:sun/security/pkcs11/SunPKCS11.class */
public final class SunPKCS11 extends AuthProvider {
    private static final long serialVersionUID = -1354835039035306505L;
    private static int dummyConfigId;
    final PKCS11 p11;
    private final String configName;
    final Config config;
    final long slotID;
    private CallbackHandler pHandler;
    private final Object LOCK_HANDLER;
    final boolean removable;
    final Secmod.Module nssModule;
    final boolean nssUseSecmodTrust;
    private volatile Token token;
    private TokenPoller poller;
    private static volatile boolean integrityVerified;
    private static final String MD = "MessageDigest";
    private static final String SIG = "Signature";
    private static final String KPG = "KeyPairGenerator";
    private static final String KG = "KeyGenerator";
    private static final String AGP = "AlgorithmParameters";
    private static final String KF = "KeyFactory";
    private static final String SKF = "SecretKeyFactory";
    private static final String CIP = "Cipher";
    private static final String MAC = "Mac";
    private static final String KA = "KeyAgreement";
    private static final String KS = "KeyStore";
    private static final String SR = "SecureRandom";
    static final Debug debug = Debug.getInstance("sunpkcs11");
    private static final Map<Integer, List<Descriptor>> descriptors = new HashMap();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:sun/security/pkcs11/SunPKCS11$Descriptor.class */
    public static final class Descriptor {
        final String type;
        final String algorithm;
        final String className;
        final String[] aliases;
        final int[] mechanisms;

        private Descriptor(String str, String str2, String str3, String[] strArr, int[] iArr) {
            this.type = str;
            this.algorithm = str2;
            this.className = str3;
            this.aliases = strArr;
            this.mechanisms = iArr;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public P11Service service(Token token, int i) {
            return new P11Service(token, this.type, this.algorithm, this.className, this.aliases, i);
        }

        public String toString() {
            return this.type + "." + this.algorithm;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:sun/security/pkcs11/SunPKCS11$P11Service.class */
    public static class P11Service extends Provider.Service {
        private final Token token;
        private final long mechanism;

        P11Service(Token token, String str, String str2, String str3, String[] strArr, long j) {
            super(token.provider, str, str2, str3, toList(strArr), null);
            this.token = token;
            this.mechanism = j & 4294967295L;
        }

        private static List<String> toList(String[] strArr) {
            if (strArr == null) {
                return null;
            }
            return Arrays.asList(strArr);
        }

        @Override // java.security.Provider.Service
        public Object newInstance(Object obj) throws NoSuchAlgorithmException {
            if (!this.token.isValid()) {
                throw new NoSuchAlgorithmException("Token has been removed");
            }
            try {
                return newInstance0(obj);
            } catch (PKCS11Exception e) {
                throw new NoSuchAlgorithmException(e);
            }
        }

        public Object newInstance0(Object obj) throws PKCS11Exception, NoSuchAlgorithmException {
            String algorithm = getAlgorithm();
            String type = getType();
            if (type == SunPKCS11.MD) {
                return new P11Digest(this.token, algorithm, this.mechanism);
            }
            if (type == SunPKCS11.CIP) {
                SunPKCS11.verifySelfIntegrity(getClass());
                return algorithm.startsWith("RSA") ? new P11RSACipher(this.token, algorithm, this.mechanism) : new P11Cipher(this.token, algorithm, this.mechanism);
            }
            if (type == SunPKCS11.SIG) {
                return new P11Signature(this.token, algorithm, this.mechanism);
            }
            if (type == SunPKCS11.MAC) {
                SunPKCS11.verifySelfIntegrity(getClass());
                return new P11Mac(this.token, algorithm, this.mechanism);
            }
            if (type == SunPKCS11.KPG) {
                return new P11KeyPairGenerator(this.token, algorithm, this.mechanism);
            }
            if (type == SunPKCS11.KA) {
                SunPKCS11.verifySelfIntegrity(getClass());
                return algorithm.equals("ECDH") ? new P11ECDHKeyAgreement(this.token, algorithm, this.mechanism) : new P11KeyAgreement(this.token, algorithm, this.mechanism);
            }
            if (type == SunPKCS11.KF) {
                return this.token.getKeyFactory(algorithm);
            }
            if (type == SunPKCS11.SKF) {
                SunPKCS11.verifySelfIntegrity(getClass());
                return new P11SecretKeyFactory(this.token, algorithm);
            }
            if (type == SunPKCS11.KG) {
                SunPKCS11.verifySelfIntegrity(getClass());
                return algorithm == "SunTlsRsaPremasterSecret" ? new P11TlsRsaPremasterSecretGenerator(this.token, algorithm, this.mechanism) : algorithm == "SunTlsMasterSecret" ? new P11TlsMasterSecretGenerator(this.token, algorithm, this.mechanism) : algorithm == "SunTlsKeyMaterial" ? new P11TlsKeyMaterialGenerator(this.token, algorithm, this.mechanism) : algorithm == "SunTlsPrf" ? new P11TlsPrfGenerator(this.token, algorithm, this.mechanism) : new P11KeyGenerator(this.token, algorithm, this.mechanism);
            }
            if (type == SunPKCS11.SR) {
                return this.token.getRandom();
            }
            if (type == SunPKCS11.KS) {
                return this.token.getKeyStore();
            }
            if (type == SunPKCS11.AGP) {
                return new ECParameters();
            }
            throw new NoSuchAlgorithmException("Unknown type: " + type);
        }

        @Override // java.security.Provider.Service
        public boolean supportsParameter(Object obj) {
            if (obj == null || !this.token.isValid()) {
                return false;
            }
            if (!(obj instanceof Key)) {
                throw new InvalidParameterException("Parameter must be a Key");
            }
            String algorithm = getAlgorithm();
            String type = getType();
            Key key = (Key) obj;
            String algorithm2 = key.getAlgorithm();
            if ((type == SunPKCS11.CIP && algorithm.startsWith("RSA")) || (type == SunPKCS11.SIG && algorithm.endsWith("RSA"))) {
                if (algorithm2.equals("RSA")) {
                    return isLocalKey(key) || (key instanceof RSAPrivateKey) || (key instanceof RSAPublicKey);
                }
                return false;
            }
            if ((type == SunPKCS11.KA && algorithm.equals("ECDH")) || (type == SunPKCS11.SIG && algorithm.endsWith("ECDSA"))) {
                if (algorithm2.equals("EC")) {
                    return isLocalKey(key) || (key instanceof ECPrivateKey) || (key instanceof ECPublicKey);
                }
                return false;
            }
            if (type == SunPKCS11.SIG && algorithm.endsWith("DSA")) {
                if (algorithm2.equals("DSA")) {
                    return isLocalKey(key) || (key instanceof DSAPrivateKey) || (key instanceof DSAPublicKey);
                }
                return false;
            }
            if (type == SunPKCS11.CIP || type == SunPKCS11.MAC) {
                return isLocalKey(key) || "RAW".equals(key.getFormat());
            }
            if (type != SunPKCS11.KA) {
                throw new AssertionError("SunPKCS11 error: " + type + ", " + algorithm);
            }
            if (algorithm2.equals("DH")) {
                return isLocalKey(key) || (key instanceof DHPrivateKey) || (key instanceof DHPublicKey);
            }
            return false;
        }

        private boolean isLocalKey(Key key) {
            return (key instanceof P11Key) && ((P11Key) key).token == this.token;
        }

        @Override // java.security.Provider.Service
        public String toString() {
            return super.toString() + " (" + Functions.getMechanismName(this.mechanism) + ")";
        }
    }

    /* loaded from: input_file:sun/security/pkcs11/SunPKCS11$SunPKCS11Rep.class */
    private static class SunPKCS11Rep implements Serializable {
        static final long serialVersionUID = -2896606995897745419L;
        private final String providerName;
        private final String configName;

        SunPKCS11Rep(SunPKCS11 sunPKCS11) throws NotSerializableException {
            this.providerName = sunPKCS11.getName();
            this.configName = sunPKCS11.configName;
            if (Security.getProvider(this.providerName) != sunPKCS11) {
                throw new NotSerializableException("Only SunPKCS11 providers installed in java.security.Security can be serialized");
            }
        }

        private Object readResolve() throws ObjectStreamException {
            SunPKCS11 sunPKCS11 = (SunPKCS11) Security.getProvider(this.providerName);
            if (sunPKCS11 == null || !sunPKCS11.configName.equals(this.configName)) {
                throw new NotSerializableException("Could not find " + this.providerName + " in installed providers");
            }
            return sunPKCS11;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:sun/security/pkcs11/SunPKCS11$TokenPoller.class */
    public static class TokenPoller implements Runnable {
        private final SunPKCS11 provider;
        private volatile boolean enabled;

        private TokenPoller(SunPKCS11 sunPKCS11) {
            this.provider = sunPKCS11;
            this.enabled = true;
        }

        @Override // java.lang.Runnable
        public void run() {
            int insertionCheckInterval = this.provider.config.getInsertionCheckInterval();
            while (this.enabled) {
                try {
                    Thread.sleep(insertionCheckInterval);
                    if (!this.enabled) {
                        return;
                    } else {
                        try {
                            this.provider.initToken(null);
                        } catch (PKCS11Exception e) {
                        }
                    }
                } catch (InterruptedException e2) {
                    return;
                }
            }
        }

        void disable() {
            this.enabled = false;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Token getToken() {
        return this.token;
    }

    public SunPKCS11() {
        super("SunPKCS11-Dummy", 1.5d, "SunPKCS11-Dummy");
        this.LOCK_HANDLER = new Object();
        throw new ProviderException("SunPKCS11 requires configuration file argument");
    }

    public SunPKCS11(String str) {
        this((String) checkNull(str), null);
    }

    public SunPKCS11(InputStream inputStream) {
        this(getDummyConfigName(), (InputStream) checkNull(inputStream));
    }

    private static <T> T checkNull(T t) {
        if (t == null) {
            throw new NullPointerException();
        }
        return t;
    }

    private static synchronized String getDummyConfigName() {
        int i = dummyConfigId + 1;
        dummyConfigId = i;
        return "---DummyConfig-" + i + "---";
    }

    @Deprecated
    public SunPKCS11(String str, InputStream inputStream) {
        super("SunPKCS11-" + Config.getConfig(str, inputStream).getName(), 1.6d, Config.getConfig(str, inputStream).getDescription());
        PKCS11 pkcs11;
        int i;
        String configDir;
        this.LOCK_HANDLER = new Object();
        this.configName = str;
        this.config = Config.removeConfig(str);
        if (debug != null) {
            System.out.println("SunPKCS11 loading " + str);
        }
        String library = this.config.getLibrary();
        String functionList = this.config.getFunctionList();
        long slotID = this.config.getSlotID();
        int slotListIndex = this.config.getSlotListIndex();
        boolean nssUseSecmod = this.config.getNssUseSecmod();
        boolean nssUseSecmodTrust = this.config.getNssUseSecmodTrust();
        Secmod.Module module = null;
        if (nssUseSecmod) {
            Secmod secmod = Secmod.getInstance();
            Secmod.DbMode nssDbMode = this.config.getNssDbMode();
            try {
                String nssLibraryDirectory = this.config.getNssLibraryDirectory();
                String nssSecmodDirectory = this.config.getNssSecmodDirectory();
                if (!secmod.isInitialized()) {
                    if (nssDbMode != Secmod.DbMode.NO_DB) {
                        if (nssSecmodDirectory == null) {
                            throw new ProviderException("Secmod not initialized and nssSecmodDirectory not specified");
                        }
                    } else if (nssSecmodDirectory != null) {
                        throw new ProviderException("nssSecmodDirectory must not be specified in noDb mode");
                    }
                    secmod.initialize(nssDbMode, nssSecmodDirectory, nssLibraryDirectory);
                } else {
                    if (nssSecmodDirectory != null && (configDir = secmod.getConfigDir()) != null && !configDir.equals(nssSecmodDirectory)) {
                        throw new ProviderException("Secmod directory " + nssSecmodDirectory + " invalid, NSS already initialized with " + configDir);
                    }
                    if (nssLibraryDirectory != null) {
                        String libDir = secmod.getLibDir();
                        if (libDir != null && !libDir.equals(nssLibraryDirectory)) {
                            throw new ProviderException("NSS library directory " + nssLibraryDirectory + " invalid, NSS already initialized with " + libDir);
                        }
                    }
                }
                List<Secmod.Module> modules = secmod.getModules();
                if (this.config.getShowInfo()) {
                    System.out.println("NSS modules: " + modules);
                }
                String nssModule = this.config.getNssModule();
                if (nssModule == null) {
                    module = secmod.getModule(Secmod.ModuleType.FIPS);
                    if (module != null) {
                        nssModule = "fips";
                    } else {
                        nssModule = nssDbMode == Secmod.DbMode.NO_DB ? "crypto" : "keystore";
                    }
                }
                if (nssModule.equals("fips")) {
                    module = secmod.getModule(Secmod.ModuleType.FIPS);
                    nssUseSecmodTrust = true;
                    functionList = "FC_GetFunctionList";
                } else if (nssModule.equals("keystore")) {
                    module = secmod.getModule(Secmod.ModuleType.KEYSTORE);
                    nssUseSecmodTrust = true;
                } else if (nssModule.equals("crypto")) {
                    module = secmod.getModule(Secmod.ModuleType.CRYPTO);
                } else if (nssModule.equals("trustanchors")) {
                    module = secmod.getModule(Secmod.ModuleType.TRUSTANCHOR);
                    nssUseSecmodTrust = true;
                } else {
                    if (!nssModule.startsWith("external-")) {
                        throw new ProviderException("Unknown NSS module: " + nssModule);
                    }
                    try {
                        i = Integer.parseInt(nssModule.substring("external-".length()));
                    } catch (NumberFormatException e) {
                        i = -1;
                    }
                    if (i < 1) {
                        throw new ProviderException("Invalid external module: " + nssModule);
                    }
                    int i2 = 0;
                    Iterator<Secmod.Module> it = modules.iterator();
                    while (true) {
                        if (!it.hasNext()) {
                            break;
                        }
                        Secmod.Module next = it.next();
                        if (next.getType() == Secmod.ModuleType.EXTERNAL) {
                            i2++;
                            if (i2 == i) {
                                module = next;
                                break;
                            }
                        }
                    }
                    if (module == null) {
                        throw new ProviderException("Invalid module " + nssModule + ": only " + i2 + " external NSS modules available");
                    }
                }
                if (module == null) {
                    throw new ProviderException("NSS module not available: " + nssModule);
                }
                if (module.hasInitializedProvider()) {
                    throw new ProviderException("Secmod module already configured");
                }
                library = module.libraryName;
                slotListIndex = module.slot;
            } catch (IOException e2) {
                throw new ProviderException("Could not initialize NSS", e2);
            }
        }
        this.nssUseSecmodTrust = nssUseSecmodTrust;
        this.nssModule = module;
        if (!new File(library).getName().equals(library) && !new File(library).isFile()) {
            String str2 = "Library " + library + " does not exist";
            if (this.config.getHandleStartupErrors() != 1) {
                throw new UnsupportedOperationException(str2);
            }
            throw new ProviderException(str2);
        }
        try {
            if (debug != null) {
                debug.println("Initializing PKCS#11 library " + library);
            }
            CK_C_INITIALIZE_ARGS ck_c_initialize_args = new CK_C_INITIALIZE_ARGS();
            String nssArgs = this.config.getNssArgs();
            if (nssArgs != null) {
                ck_c_initialize_args.pReserved = nssArgs;
            }
            ck_c_initialize_args.flags = 2L;
            try {
                pkcs11 = PKCS11.getInstance(library, functionList, ck_c_initialize_args, this.config.getOmitInitialize());
            } catch (PKCS11Exception e3) {
                if (debug != null) {
                    debug.println("Multi-threaded initialization failed: " + e3);
                }
                if (!this.config.getAllowSingleThreadedModules()) {
                    throw e3;
                }
                if (nssArgs == null) {
                    ck_c_initialize_args = null;
                } else {
                    ck_c_initialize_args.flags = 0L;
                }
                pkcs11 = PKCS11.getInstance(library, functionList, ck_c_initialize_args, this.config.getOmitInitialize());
            }
            this.p11 = pkcs11;
            CK_INFO C_GetInfo = this.p11.C_GetInfo();
            if (C_GetInfo.cryptokiVersion.major < 2) {
                throw new ProviderException("Only PKCS#11 v2.0 and later supported, library version is v" + C_GetInfo.cryptokiVersion);
            }
            boolean showInfo = this.config.getShowInfo();
            if (showInfo) {
                System.out.println("Information for provider " + getName());
                System.out.println("Library info:");
                System.out.println(C_GetInfo);
            }
            if (slotID < 0 || showInfo) {
                long[] C_GetSlotList = this.p11.C_GetSlotList(false);
                if (showInfo) {
                    System.out.println("All slots: " + toString(C_GetSlotList));
                    C_GetSlotList = this.p11.C_GetSlotList(true);
                    System.out.println("Slots with tokens: " + toString(C_GetSlotList));
                }
                if (slotID < 0) {
                    if (slotListIndex < 0 || slotListIndex >= C_GetSlotList.length) {
                        throw new ProviderException("slotListIndex is " + slotListIndex + " but token only has " + C_GetSlotList.length + " slots");
                    }
                    slotID = C_GetSlotList[slotListIndex];
                }
            }
            this.slotID = slotID;
            CK_SLOT_INFO C_GetSlotInfo = this.p11.C_GetSlotInfo(slotID);
            this.removable = (C_GetSlotInfo.flags & 2) != 0;
            initToken(C_GetSlotInfo);
            if (module != null) {
                module.setProvider(this);
            }
        } catch (Exception e4) {
            if (this.config.getHandleStartupErrors() != 2) {
                throw new ProviderException("Initialization failed", e4);
            }
            throw new UnsupportedOperationException("Initialization failed", e4);
        }
    }

    private static String toString(long[] jArr) {
        if (jArr.length == 0) {
            return "(none)";
        }
        StringBuilder sb = new StringBuilder();
        sb.append(jArr[0]);
        for (int i = 1; i < jArr.length; i++) {
            sb.append(", ");
            sb.append(jArr[i]);
        }
        return sb.toString();
    }

    static void verifySelfIntegrity(Class cls) {
        if (integrityVerified) {
            return;
        }
        doVerifySelfIntegrity(cls);
    }

    private static synchronized void doVerifySelfIntegrity(Class cls) {
        integrityVerified = JarVerifierImpl.doVerification(cls, "-----BEGIN CERTIFICATE-----\nMIICnTCCAlugAwIBAgICAh8wCwYHKoZIzjgEAwUAMIGQMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExEjAQBgNVBAcTCVBhbG8gQWx0bzEdMBsGA1UEChMUU3VuIE1pY3Jvc3lzdGVtcyBJbmMxIzAhBgNVBAsTGkphdmEgU29mdHdhcmUgQ29kZSBTaWduaW5nMRwwGgYDVQQDExNKQ0UgQ29kZSBTaWduaW5nIENBMB4XDTA1MTEyMzIyNDk0MVoXDTEwMTEyNzIyNDk0MVowYzEdMBsGA1UEChMUU3VuIE1pY3Jvc3lzdGVtcyBJbmMxIzAhBgNVBAsTGkphdmEgU29mdHdhcmUgQ29kZSBTaWduaW5nMR0wGwYDVQQDExRTdW4gTWljcm9zeXN0ZW1zIEluYzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA16bKo6tC3OHFDNfPXLKXMCMtIyeubNnsEtlvrH34HhfF+ZmpSliLCvQ15ms705vy4XgZUbZ3mgSOlLRMAGRo6596ePhc+0Z6yeKhbb3LZ8iz97ZIptkHGOshj9cfcSRPYmorUug9OsybMdIfQXazxT9mZJ9Yx5IDw6xak7kVbpUCAwEAAaOBiDCBhTARBglghkgBhvhCAQEEBAMCBBAwDgYDVR0PAQH/BAQDAgXgMB0GA1UdDgQWBBRI319jCbhc9DWJVltXgfrMybHNjzAfBgNVHSMEGDAWgBRl4vSGydNO8JFOWKJq9dh4WprBpjAgBgNVHREEGTAXgRV5dS1jaGluZy5wZW5nQHN1bi5jb20wCwYHKoZIzjgEAwUAAy8AMCwCFFBFmED9s3OoN9rbXfQV3+brJPW/AhQr+Wq1MlubAvnfjrlqeksh0QaDAQ==\n-----END CERTIFICATE-----");
        if (!integrityVerified) {
            throw new ProviderException("The SunPKCS11 provider may have been tampered with.");
        }
    }

    @Override // java.util.Hashtable, java.util.Map
    public boolean equals(Object obj) {
        return this == obj;
    }

    @Override // java.util.Hashtable, java.util.Map
    public int hashCode() {
        return System.identityHashCode(this);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static String[] s(String str) {
        return new String[]{str};
    }

    private static String[] s(String str, String str2) {
        return new String[]{str, str2};
    }

    private static int[] m(long j) {
        return new int[]{(int) j};
    }

    private static int[] m(long j, long j2) {
        return new int[]{(int) j, (int) j2};
    }

    private static int[] m(long j, long j2, long j3) {
        return new int[]{(int) j, (int) j2, (int) j3};
    }

    private static int[] m(long j, long j2, long j3, long j4) {
        return new int[]{(int) j, (int) j2, (int) j3, (int) j4};
    }

    private static void d(String str, String str2, String str3, int[] iArr) {
        register(new Descriptor(str, str2, str3, null, iArr));
    }

    private static void d(String str, String str2, String str3, String[] strArr, int[] iArr) {
        register(new Descriptor(str, str2, str3, strArr, iArr));
    }

    private static void register(Descriptor descriptor) {
        for (int i = 0; i < descriptor.mechanisms.length; i++) {
            Integer valueOf = Integer.valueOf(descriptor.mechanisms[i]);
            List<Descriptor> list = descriptors.get(valueOf);
            if (list == null) {
                list = new ArrayList();
                descriptors.put(valueOf, list);
            }
            list.add(descriptor);
        }
    }

    private void createPoller() {
        if (this.poller != null) {
            return;
        }
        TokenPoller tokenPoller = new TokenPoller();
        Thread thread = new Thread(tokenPoller, "Poller " + getName());
        thread.setDaemon(true);
        thread.setPriority(1);
        thread.start();
        this.poller = tokenPoller;
    }

    private void destroyPoller() {
        if (this.poller != null) {
            this.poller.disable();
            this.poller = null;
        }
    }

    private boolean hasValidToken() {
        Token token = this.token;
        return token != null && token.isValid();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public synchronized void uninitToken(Token token) {
        if (this.token != token) {
            return;
        }
        destroyPoller();
        this.token = null;
        AccessController.doPrivileged(new PrivilegedAction<Object>() { // from class: sun.security.pkcs11.SunPKCS11.1
            @Override // java.security.PrivilegedAction
            public Object run() {
                SunPKCS11.this.clear();
                return null;
            }
        });
        createPoller();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void initToken(CK_SLOT_INFO ck_slot_info) throws PKCS11Exception {
        int i;
        Integer valueOf;
        List<Descriptor> list;
        if (ck_slot_info == null) {
            ck_slot_info = this.p11.C_GetSlotInfo(this.slotID);
        }
        if (this.removable && (ck_slot_info.flags & 1) == 0) {
            createPoller();
            return;
        }
        destroyPoller();
        boolean showInfo = this.config.getShowInfo();
        if (showInfo) {
            System.out.println("Slot info for slot " + this.slotID + ":");
            System.out.println(ck_slot_info);
        }
        final Token token = new Token(this);
        if (showInfo) {
            System.out.println("Token info for token in slot " + this.slotID + ":");
            System.out.println(token.tokenInfo);
        }
        long[] C_GetMechanismList = this.p11.C_GetMechanismList(this.slotID);
        final HashMap hashMap = new HashMap();
        for (long j : C_GetMechanismList) {
            boolean isEnabled = this.config.isEnabled(j);
            if (showInfo) {
                CK_MECHANISM_INFO C_GetMechanismInfo = this.p11.C_GetMechanismInfo(this.slotID, j);
                System.out.println("Mechanism " + Functions.getMechanismName(j) + ":");
                if (!isEnabled) {
                    System.out.println("DISABLED in configuration");
                }
                System.out.println(C_GetMechanismInfo);
            }
            if (isEnabled && (j >>> 32) == 0 && (list = descriptors.get((valueOf = Integer.valueOf((i = (int) j))))) != null) {
                for (Descriptor descriptor : list) {
                    Integer num = (Integer) hashMap.get(descriptor);
                    if (num == null) {
                        hashMap.put(descriptor, valueOf);
                    } else {
                        int intValue = num.intValue();
                        int i2 = 0;
                        while (true) {
                            if (i2 >= descriptor.mechanisms.length) {
                                break;
                            }
                            int i3 = descriptor.mechanisms[i2];
                            if (i == i3) {
                                hashMap.put(descriptor, valueOf);
                                break;
                            } else if (intValue == i3) {
                                break;
                            } else {
                                i2++;
                            }
                        }
                    }
                }
            }
        }
        AccessController.doPrivileged(new PrivilegedAction<Object>() { // from class: sun.security.pkcs11.SunPKCS11.2
            @Override // java.security.PrivilegedAction
            public Object run() {
                for (Map.Entry entry : hashMap.entrySet()) {
                    SunPKCS11.this.putService(((Descriptor) entry.getKey()).service(token, ((Integer) entry.getValue()).intValue()));
                }
                if ((token.tokenInfo.flags & 1) != 0 && SunPKCS11.this.config.isEnabled(PKCS11Constants.PCKM_SECURERANDOM) && !token.sessionManager.lowMaxSessions()) {
                    SunPKCS11.this.putService(new P11Service(token, SunPKCS11.SR, "PKCS11", "sun.security.pkcs11.P11SecureRandom", null, PKCS11Constants.PCKM_SECURERANDOM));
                }
                if (!SunPKCS11.this.config.isEnabled(PKCS11Constants.PCKM_KEYSTORE)) {
                    return null;
                }
                SunPKCS11.this.putService(new P11Service(token, SunPKCS11.KS, "PKCS11", "sun.security.pkcs11.P11KeyStore", SunPKCS11.s("PKCS11-" + SunPKCS11.this.config.getName()), PKCS11Constants.PCKM_KEYSTORE));
                return null;
            }
        });
        this.token = token;
    }

    @Override // java.security.AuthProvider
    public void login(Subject subject, CallbackHandler callbackHandler) throws LoginException {
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            if (debug != null) {
                debug.println("checking login permission");
            }
            securityManager.checkPermission(new SecurityPermission("authProvider." + getName()));
        }
        if (!hasValidToken()) {
            throw new LoginException("No token present");
        }
        if ((this.token.tokenInfo.flags & 4) == 0) {
            if (debug != null) {
                debug.println("login operation not required for token - ignoring login request");
                return;
            }
            return;
        }
        try {
            if (this.token.isLoggedInNow(null)) {
                if (debug != null) {
                    debug.println("user already logged in");
                    return;
                }
                return;
            }
        } catch (PKCS11Exception e) {
        }
        char[] cArr = null;
        if ((this.token.tokenInfo.flags & 256) == 0) {
            CallbackHandler callbackHandler2 = getCallbackHandler(callbackHandler);
            if (callbackHandler2 == null) {
                throw new LoginException("no password provided, and no callback handler available for retrieving password");
            }
            PasswordCallback passwordCallback = new PasswordCallback(new MessageFormat(ResourcesMgr.getString("PKCS11 Token [providerName] Password: ")).format(new Object[]{getName()}), false);
            try {
                callbackHandler2.handle(new Callback[]{passwordCallback});
                cArr = passwordCallback.getPassword();
                passwordCallback.clearPassword();
                if (cArr == null && debug != null) {
                    debug.println("caller passed NULL pin");
                }
            } catch (Exception e2) {
                LoginException loginException = new LoginException("Unable to perform password callback");
                loginException.initCause(e2);
                throw loginException;
            }
        }
        Session session = null;
        try {
            try {
                session = this.token.getOpSession();
                this.p11.C_Login(session.id(), 1L, cArr);
                if (debug != null) {
                    debug.println("login succeeded");
                }
                this.token.releaseSession(session);
                if (cArr != null) {
                    Arrays.fill(cArr, ' ');
                }
            } catch (Throwable th) {
                this.token.releaseSession(session);
                if (cArr != null) {
                    Arrays.fill(cArr, ' ');
                }
                throw th;
            }
        } catch (PKCS11Exception e3) {
            if (e3.getErrorCode() == 256) {
                if (debug != null) {
                    debug.println("user already logged in");
                }
                this.token.releaseSession(session);
                if (cArr != null) {
                    Arrays.fill(cArr, ' ');
                    return;
                }
                return;
            }
            if (e3.getErrorCode() == 160) {
                FailedLoginException failedLoginException = new FailedLoginException();
                failedLoginException.initCause(e3);
                throw failedLoginException;
            }
            LoginException loginException2 = new LoginException();
            loginException2.initCause(e3);
            throw loginException2;
        }
    }

    @Override // java.security.AuthProvider
    public void logout() throws LoginException {
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            securityManager.checkPermission(new SecurityPermission("authProvider." + getName()));
        }
        if (hasValidToken()) {
            if ((this.token.tokenInfo.flags & 4) == 0) {
                if (debug != null) {
                    debug.println("logout operation not required for token - ignoring logout request");
                    return;
                }
                return;
            }
            try {
                if (!this.token.isLoggedInNow(null)) {
                    if (debug != null) {
                        debug.println("user not logged in");
                        return;
                    }
                    return;
                }
            } catch (PKCS11Exception e) {
            }
            Session session = null;
            try {
                try {
                    session = this.token.getOpSession();
                    this.p11.C_Logout(session.id());
                    if (debug != null) {
                        debug.println("logout succeeded");
                    }
                    this.token.releaseSession(session);
                } catch (PKCS11Exception e2) {
                    if (e2.getErrorCode() != 257) {
                        LoginException loginException = new LoginException();
                        loginException.initCause(e2);
                        throw loginException;
                    }
                    if (debug != null) {
                        debug.println("user not logged in");
                    }
                    this.token.releaseSession(session);
                }
            } catch (Throwable th) {
                this.token.releaseSession(session);
                throw th;
            }
        }
    }

    @Override // java.security.AuthProvider
    public void setCallbackHandler(CallbackHandler callbackHandler) {
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            securityManager.checkPermission(new SecurityPermission("authProvider." + getName()));
        }
        synchronized (this.LOCK_HANDLER) {
            this.pHandler = callbackHandler;
        }
    }

    private CallbackHandler getCallbackHandler(CallbackHandler callbackHandler) {
        if (callbackHandler != null) {
            return callbackHandler;
        }
        if (debug != null) {
            debug.println("getting provider callback handler");
        }
        synchronized (this.LOCK_HANDLER) {
            if (this.pHandler != null) {
                return this.pHandler;
            }
            try {
                if (debug != null) {
                    debug.println("getting default callback handler");
                }
                CallbackHandler callbackHandler2 = (CallbackHandler) AccessController.doPrivileged(new PrivilegedExceptionAction<CallbackHandler>() { // from class: sun.security.pkcs11.SunPKCS11.3
                    /* JADX WARN: Can't rename method to resolve collision */
                    @Override // java.security.PrivilegedExceptionAction
                    public CallbackHandler run() throws Exception {
                        String property = Security.getProperty("auth.login.defaultCallbackHandler");
                        if (property != null && property.length() != 0) {
                            return (CallbackHandler) Class.forName(property, true, Thread.currentThread().getContextClassLoader()).newInstance();
                        }
                        if (SunPKCS11.debug == null) {
                            return null;
                        }
                        SunPKCS11.debug.println("no default handler set");
                        return null;
                    }
                });
                this.pHandler = callbackHandler2;
                return callbackHandler2;
            } catch (PrivilegedActionException e) {
                if (debug != null) {
                    debug.println("Unable to load default callback handler");
                    e.printStackTrace();
                }
                return null;
            }
        }
    }

    private Object writeReplace() throws ObjectStreamException {
        return new SunPKCS11Rep(this);
    }

    static {
        d(MD, "MD2", "sun.security.pkcs11.P11Digest", m(512L));
        d(MD, "MD5", "sun.security.pkcs11.P11Digest", m(528L));
        d(MD, "SHA1", "sun.security.pkcs11.P11Digest", s("SHA", "SHA-1"), m(544L));
        d(MD, "SHA-256", "sun.security.pkcs11.P11Digest", m(592L));
        d(MD, "SHA-384", "sun.security.pkcs11.P11Digest", m(608L));
        d(MD, "SHA-512", "sun.security.pkcs11.P11Digest", m(624L));
        d(MAC, "HmacMD5", "sun.security.pkcs11.P11MAC", m(529L));
        d(MAC, "HmacSHA1", "sun.security.pkcs11.P11MAC", m(545L));
        d(MAC, "HmacSHA256", "sun.security.pkcs11.P11MAC", m(593L));
        d(MAC, "HmacSHA384", "sun.security.pkcs11.P11MAC", m(609L));
        d(MAC, "HmacSHA512", "sun.security.pkcs11.P11MAC", m(625L));
        d(MAC, "SslMacMD5", "sun.security.pkcs11.P11MAC", m(896L));
        d(MAC, "SslMacSHA1", "sun.security.pkcs11.P11MAC", m(897L));
        d(KPG, "RSA", "sun.security.pkcs11.P11KeyPairGenerator", m(0L));
        d(KPG, "DSA", "sun.security.pkcs11.P11KeyPairGenerator", m(16L));
        d(KPG, "DH", "sun.security.pkcs11.P11KeyPairGenerator", s("DiffieHellman"), m(32L));
        d(KPG, "EC", "sun.security.pkcs11.P11KeyPairGenerator", m(4160L));
        d(KG, "ARCFOUR", "sun.security.pkcs11.P11KeyGenerator", s("RC4"), m(272L));
        d(KG, "DES", "sun.security.pkcs11.P11KeyGenerator", m(288L));
        d(KG, "DESede", "sun.security.pkcs11.P11KeyGenerator", m(305L, 304L));
        d(KG, "AES", "sun.security.pkcs11.P11KeyGenerator", m(PKCS11Constants.CKM_AES_KEY_GEN));
        d(KG, "Blowfish", "sun.security.pkcs11.P11KeyGenerator", m(PKCS11Constants.CKM_BLOWFISH_KEY_GEN));
        d(KF, "RSA", "sun.security.pkcs11.P11RSAKeyFactory", m(0L, 1L, 3L));
        d(KF, "DSA", "sun.security.pkcs11.P11DSAKeyFactory", m(16L, 17L, 18L));
        d(KF, "DH", "sun.security.pkcs11.P11DHKeyFactory", s("DiffieHellman"), m(32L, 33L));
        d(KF, "EC", "sun.security.pkcs11.P11DHKeyFactory", m(4160L, PKCS11Constants.CKM_ECDH1_DERIVE, PKCS11Constants.CKM_ECDSA, PKCS11Constants.CKM_ECDSA_SHA1));
        d(AGP, "EC", "sun.security.ec.ECParameters", s("1.2.840.10045.2.1"), m(4160L, PKCS11Constants.CKM_ECDH1_DERIVE, PKCS11Constants.CKM_ECDSA, PKCS11Constants.CKM_ECDSA_SHA1));
        d(KA, "DH", "sun.security.pkcs11.P11KeyAgreement", s("DiffieHellman"), m(33L));
        d(KA, "ECDH", "sun.security.pkcs11.P11ECDHKeyAgreement", m(PKCS11Constants.CKM_ECDH1_DERIVE));
        d(SKF, "ARCFOUR", "sun.security.pkcs11.P11SecretKeyFactory", s("RC4"), m(273L));
        d(SKF, "DES", "sun.security.pkcs11.P11SecretKeyFactory", m(290L));
        d(SKF, "DESede", "sun.security.pkcs11.P11SecretKeyFactory", m(307L));
        d(SKF, "AES", "sun.security.pkcs11.P11SecretKeyFactory", m(PKCS11Constants.CKM_AES_CBC));
        d(SKF, "Blowfish", "sun.security.pkcs11.P11SecretKeyFactory", m(PKCS11Constants.CKM_BLOWFISH_CBC));
        d(CIP, "ARCFOUR", "sun.security.pkcs11.P11Cipher", s("RC4"), m(273L));
        d(CIP, "DES/CBC/NoPadding", "sun.security.pkcs11.P11Cipher", m(290L));
        d(CIP, "DES/CBC/PKCS5Padding", "sun.security.pkcs11.P11Cipher", m(293L, 290L));
        d(CIP, "DES/ECB", "sun.security.pkcs11.P11Cipher", s("DES"), m(289L));
        d(CIP, "DESede/CBC/NoPadding", "sun.security.pkcs11.P11Cipher", m(307L));
        d(CIP, "DESede/CBC/PKCS5Padding", "sun.security.pkcs11.P11Cipher", m(310L, 307L));
        d(CIP, "DESede/ECB", "sun.security.pkcs11.P11Cipher", s("DESede"), m(306L));
        d(CIP, "AES/CBC/NoPadding", "sun.security.pkcs11.P11Cipher", m(PKCS11Constants.CKM_AES_CBC));
        d(CIP, "AES/CBC/PKCS5Padding", "sun.security.pkcs11.P11Cipher", m(PKCS11Constants.CKM_AES_CBC_PAD, PKCS11Constants.CKM_AES_CBC));
        d(CIP, "AES/ECB", "sun.security.pkcs11.P11Cipher", s("AES"), m(PKCS11Constants.CKM_AES_ECB));
        d(CIP, "Blowfish/CBC/NoPadding", "sun.security.pkcs11.P11Cipher", m(PKCS11Constants.CKM_BLOWFISH_CBC));
        d(CIP, "RSA/ECB/PKCS1Padding", "sun.security.pkcs11.P11RSACipher", m(1L));
        d(SIG, "RawDSA", "sun.security.pkcs11.P11Signature", s("NONEwithDSA"), m(17L));
        d(SIG, "DSA", "sun.security.pkcs11.P11Signature", s("SHA1withDSA"), m(18L, 17L));
        d(SIG, "NONEwithECDSA", "sun.security.pkcs11.P11Signature", m(PKCS11Constants.CKM_ECDSA));
        d(SIG, "SHA1withECDSA", "sun.security.pkcs11.P11Signature", s("ECDSA"), m(PKCS11Constants.CKM_ECDSA_SHA1, PKCS11Constants.CKM_ECDSA));
        d(SIG, "SHA256withECDSA", "sun.security.pkcs11.P11Signature", m(PKCS11Constants.CKM_ECDSA));
        d(SIG, "SHA384withECDSA", "sun.security.pkcs11.P11Signature", m(PKCS11Constants.CKM_ECDSA));
        d(SIG, "SHA512withECDSA", "sun.security.pkcs11.P11Signature", m(PKCS11Constants.CKM_ECDSA));
        d(SIG, "MD2withRSA", "sun.security.pkcs11.P11Signature", m(4L, 1L, 3L));
        d(SIG, "MD5withRSA", "sun.security.pkcs11.P11Signature", m(5L, 1L, 3L));
        d(SIG, "SHA1withRSA", "sun.security.pkcs11.P11Signature", m(6L, 1L, 3L));
        d(SIG, "SHA256withRSA", "sun.security.pkcs11.P11Signature", m(64L, 1L, 3L));
        d(SIG, "SHA384withRSA", "sun.security.pkcs11.P11Signature", m(65L, 1L, 3L));
        d(SIG, "SHA512withRSA", "sun.security.pkcs11.P11Signature", m(66L, 1L, 3L));
        d(KG, "SunTlsRsaPremasterSecret", "sun.security.pkcs11.P11TlsRsaPremasterSecretGenerator", m(880L, 884L));
        d(KG, "SunTlsMasterSecret", "sun.security.pkcs11.P11TlsMasterSecretGenerator", m(881L, 885L, 883L, 887L));
        d(KG, "SunTlsKeyMaterial", "sun.security.pkcs11.P11TlsKeyMaterialGenerator", m(882L, 886L));
        d(KG, "SunTlsPrf", "sun.security.pkcs11.P11TlsPrfGenerator", m(888L, PKCS11Constants.CKM_NSS_TLS_PRF_GENERAL));
    }
}
