package com.ibm.crypto.pkcs11impl.provider;

import com.ibm.misc.Debug;
import com.ibm.misc.HexDumpEncoder;
import com.ibm.pkcs11.PKCS11Exception;
import com.ibm.pkcs11.PKCS11Object;
import com.ibm.security.ec.ECParameters;
import com.ibm.security.pkcs9.UnstructuredName;
import com.ibm.security.util.DerOutputStream;
import com.ibm.security.util.DerValue;
import com.ibm.security.x509.CertificateSerialNumber;
import com.ibm.security.x509.X500Name;
import com.ibm.security.x509.X509CertImpl;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.io.UnsupportedEncodingException;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.KeyStoreSpi;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.PublicKey;
import java.security.Security;
import java.security.UnrecoverableEntryException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.ECParameterSpec;
import java.util.Date;
import java.util.Enumeration;
import java.util.Hashtable;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;

/* loaded from: input_file:com/ibm/crypto/pkcs11impl/provider/PKCS11KeyStore.class */
public final class PKCS11KeyStore extends KeyStoreSpi {
    private static Debug debug1 = Debug.getInstance("pkcs11impl");
    private static Debug debug2 = Debug.getInstance("pkcs11keystore");
    private static Debug debug;
    private static String className;
    private SessionManager sessionManager;
    private Hashtable entries;
    private Provider provider;
    private String providerName;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/ibm/crypto/pkcs11impl/provider/PKCS11KeyStore$PKCS11CertObj.class */
    public class PKCS11CertObj {
        private PKCS11Object certObj;
        private X509Certificate cert;
        private byte[] keyID;
        private String label;

        PKCS11CertObj(PKCS11Object pKCS11Object) {
            this.certObj = pKCS11Object;
        }

        public X509Certificate getX509Certificate(CertificateFactory certificateFactory, Session session) throws IOException, CertificateException {
            if (this.cert == null) {
                byte[] bArr = (byte[]) PKCS11KeyStore.this.getValue(session, this.certObj, 17);
                if (bArr == null) {
                    return null;
                }
                this.cert = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(bArr));
            }
            return this.cert;
        }

        public byte[] getKeyIdentifier(Session session) {
            if (this.keyID == null) {
                Object[] values = PKCS11KeyStore.this.getValues(session, this.certObj, new int[]{258, 3});
                this.keyID = (byte[]) values[0];
                this.label = (String) values[1];
            }
            return this.keyID;
        }

        public PKCS11Object getPKCS11Object() {
            return this.certObj;
        }

        public String getLabel(Session session) {
            if (this.label == null) {
                this.label = (String) PKCS11KeyStore.this.getValue(session, this.certObj, 3);
            }
            return this.label;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/ibm/crypto/pkcs11impl/provider/PKCS11KeyStore$PrivateKeyEntry.class */
    public class PrivateKeyEntry {
        Key key;
        PKCS11Object keyObject;
        Certificate[] chain;

        PrivateKeyEntry() {
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/ibm/crypto/pkcs11impl/provider/PKCS11KeyStore$SecretKeyEntry.class */
    public class SecretKeyEntry {
        Key key;
        PKCS11Object keyObject;

        SecretKeyEntry() {
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/ibm/crypto/pkcs11impl/provider/PKCS11KeyStore$TrustedCertEntry.class */
    public class TrustedCertEntry {
        Certificate cert;
        PKCS11Object certObject;
        private byte[] keyID;
        private String label;
        Session session;

        TrustedCertEntry() {
        }
    }

    public PKCS11KeyStore() {
        this.sessionManager = null;
        this.entries = new Hashtable();
        this.providerName = "IBMPKCS11Impl";
        this.sessionManager = ((IBMPKCS11Impl) Security.getProvider(this.providerName)).getSessionManager();
    }

    public PKCS11KeyStore(Provider provider) {
        this.sessionManager = null;
        this.entries = new Hashtable();
        this.providerName = "IBMPKCS11Impl";
        this.sessionManager = ((IBMPKCS11Impl) provider).getSessionManager();
        this.provider = provider;
        this.providerName = provider.getName();
    }

    @Override // java.security.KeyStoreSpi
    public Key engineGetKey(String str, char[] cArr) throws NoSuchAlgorithmException, UnrecoverableKeyException {
        Object obj = this.entries.get(str.toLowerCase());
        if (obj == null) {
            return null;
        }
        if (obj instanceof PrivateKeyEntry) {
            return ((PrivateKeyEntry) obj).key;
        }
        if (obj instanceof SecretKeyEntry) {
            return ((SecretKeyEntry) obj).key;
        }
        return null;
    }

    @Override // java.security.KeyStoreSpi
    public Certificate[] engineGetCertificateChain(String str) {
        Certificate[] certificateArr = null;
        Object obj = this.entries.get(str.toLowerCase());
        if (obj != null && (obj instanceof PrivateKeyEntry) && ((PrivateKeyEntry) obj).chain != null) {
            certificateArr = (Certificate[]) ((PrivateKeyEntry) obj).chain.clone();
        }
        return certificateArr;
    }

    @Override // java.security.KeyStoreSpi
    public Certificate engineGetCertificate(String str) {
        Certificate certificate = null;
        Object obj = this.entries.get(str.toLowerCase());
        if (obj != null) {
            if (obj instanceof TrustedCertEntry) {
                certificate = ((TrustedCertEntry) obj).cert;
            } else if ((obj instanceof PrivateKeyEntry) && ((PrivateKeyEntry) obj).chain != null) {
                certificate = ((PrivateKeyEntry) obj).chain[0];
            }
        }
        return certificate;
    }

    @Override // java.security.KeyStoreSpi
    public synchronized KeyStore.Entry engineGetEntry(String str, KeyStore.ProtectionParameter protectionParameter) throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableEntryException {
        Object obj = this.entries.get(str.toLowerCase());
        if (obj == null) {
            return null;
        }
        if (obj instanceof PrivateKeyEntry) {
            PrivateKey privateKey = (PrivateKey) ((PrivateKeyEntry) obj).key;
            Certificate[] certificateArr = null;
            if (((PrivateKeyEntry) obj).chain != null) {
                certificateArr = (Certificate[]) ((PrivateKeyEntry) obj).chain.clone();
            }
            return new KeyStore.PrivateKeyEntry(privateKey, certificateArr);
        }
        if (obj instanceof SecretKeyEntry) {
            return new KeyStore.SecretKeyEntry((SecretKey) ((SecretKeyEntry) obj).key);
        }
        if (obj instanceof TrustedCertEntry) {
            return new KeyStore.TrustedCertificateEntry(((TrustedCertEntry) obj).cert);
        }
        return null;
    }

    @Override // java.security.KeyStoreSpi
    public synchronized void engineSetEntry(String str, KeyStore.Entry entry, KeyStore.ProtectionParameter protectionParameter) throws KeyStoreException {
        if (entry instanceof KeyStore.TrustedCertificateEntry) {
            engineSetCertificateEntry(str, ((KeyStore.TrustedCertificateEntry) entry).getTrustedCertificate());
        } else if (entry instanceof KeyStore.PrivateKeyEntry) {
            engineSetKeyEntry(str, ((KeyStore.PrivateKeyEntry) entry).getPrivateKey(), null, ((KeyStore.PrivateKeyEntry) entry).getCertificateChain());
        } else {
            if (!(entry instanceof KeyStore.SecretKeyEntry)) {
                throw new KeyStoreException(new UnsupportedOperationException("unsupported entry type: " + entry.getClass().getName()));
            }
            engineSetKeyEntry(str, ((KeyStore.SecretKeyEntry) entry).getSecretKey(), null, null);
        }
    }

    @Override // java.security.KeyStoreSpi
    public Date engineGetCreationDate(String str) {
        Object obj = null;
        Object obj2 = this.entries.get(str.toLowerCase());
        if (obj2 != null) {
            Session session = null;
            if (obj2 instanceof PrivateKeyEntry) {
                try {
                    try {
                        session = this.sessionManager.getOpSession();
                        obj = session.getAttrValue(((PrivateKeyEntry) obj2).keyObject, 272);
                        this.sessionManager.releaseSession(session);
                    } catch (PKCS11Exception e) {
                        if (debug != null) {
                            debug.exception(16384L, className, "engineGetCreationDate", e);
                        }
                        obj = null;
                        this.sessionManager.releaseSession(session);
                    }
                    if (obj == null) {
                        if (debug != null) {
                            debug.text(16384L, className, "engineGetCreationDate", "start date attribute is not set for the private key");
                        }
                        Certificate[] certificateArr = ((PrivateKeyEntry) obj2).chain;
                        if (certificateArr != null && certificateArr.length > 0) {
                            PublicKey publicKey = ((X509Certificate) certificateArr[0]).getPublicKey();
                            if (publicKey instanceof PKCS11PublicKey) {
                                obj = ((PKCS11PublicKey) publicKey).getStartDate();
                            }
                        }
                    } else if (!(obj instanceof Date)) {
                        if (debug != null) {
                            debug.text(16384L, className, "engineGetCreationDate", "expected Date object, but got " + obj);
                        }
                        obj = null;
                    }
                } catch (Throwable th) {
                    this.sessionManager.releaseSession(session);
                    throw th;
                }
            } else {
                try {
                    if (obj2 instanceof SecretKeyEntry) {
                        try {
                            session = this.sessionManager.getOpSession();
                            obj = session.getAttrValue(((SecretKeyEntry) obj2).keyObject, 272);
                            this.sessionManager.releaseSession(session);
                        } catch (PKCS11Exception e2) {
                            if (debug != null) {
                                debug.exception(16384L, className, "engineGetCreationDate", e2);
                            }
                            obj = null;
                            this.sessionManager.releaseSession(session);
                        }
                        if (obj == null) {
                            if (debug != null) {
                                debug.text(16384L, className, "engineGetCreationDate", "start date attribute is not set for the secret key");
                            }
                        } else if (!(obj instanceof Date)) {
                            if (debug != null) {
                                debug.text(16384L, className, "engineGetCreationDate", "expected Date object, but got " + obj);
                            }
                            obj = null;
                        }
                    } else if (obj2 instanceof TrustedCertEntry) {
                        try {
                            try {
                                session = this.sessionManager.getOpSession();
                                obj = session.getAttrValue(((TrustedCertEntry) obj2).certObject, 272);
                                this.sessionManager.releaseSession(session);
                            } catch (PKCS11Exception e3) {
                                if (debug != null) {
                                    debug.exception(16384L, className, "engineGetCreationDate", e3);
                                }
                                obj = null;
                                this.sessionManager.releaseSession(session);
                            }
                            if (obj == null) {
                                if (debug != null) {
                                    debug.text(16384L, className, "engineGetCreationDate", "start date attribute is not set for the certificate");
                                }
                                PublicKey publicKey2 = ((TrustedCertEntry) obj2).cert.getPublicKey();
                                if (publicKey2 instanceof PKCS11PublicKey) {
                                    obj = ((PKCS11PublicKey) publicKey2).getStartDate();
                                }
                            } else if (!(obj instanceof Date)) {
                                if (debug != null) {
                                    debug.text(16384L, className, "engineGetCreationDate", "expected Date object, but got " + obj);
                                }
                                obj = null;
                            }
                        } catch (Throwable th2) {
                            this.sessionManager.releaseSession(session);
                            throw th2;
                        }
                    }
                } catch (Throwable th3) {
                    this.sessionManager.releaseSession(session);
                    throw th3;
                }
            }
        }
        if (obj != null) {
            return (Date) obj;
        }
        if (debug == null) {
            return null;
        }
        debug.text(16384L, className, "engineGetCreationDate", "no entry found associated with alias " + str);
        return null;
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // java.security.KeyStoreSpi
    public void engineSetKeyEntry(String str, Key key, char[] cArr, Certificate[] certificateArr) throws KeyStoreException {
        SecretKeyEntry secretKeyEntry;
        PKCS11PrivateKey pKCS11PrivateKey;
        if (debug != null) {
            System.out.println("PKCS11KeyStore.java:  engineSetKeyEntry():  METHOD ENTRY.");
            System.out.println("PKCS11KeyStore.java:  engineSetKeyEntry():  DUMPING ALL ENTRIES IN THE HASHTABLE.");
            dumpKeyStoreEntries();
        }
        synchronized (this.entries) {
            PKCS11Object pKCS11Object = null;
            try {
                Session objSession = this.sessionManager.getObjSession();
                if (engineIsCertificateEntry(str)) {
                    if (debug != null) {
                        debug.text(16384L, className, "engineSetKeyEntry", "Alias exists for a certificate entry");
                        debug.exit(16384L, className, "engineSetKeyEntry");
                    }
                    throw new KeyStoreException("Alias exists for a certificate entry");
                }
                if (engineIsKeyEntry(str)) {
                    Object obj = this.entries.get(str.toLowerCase());
                    if (obj instanceof PrivateKeyEntry) {
                        if (debug != null) {
                            System.out.println("PKCS11KeyStore.java:  engineSetKeyEntry():  The entry to be set is a PrivateKeyEntry at alias = " + str.toLowerCase());
                            System.out.println("                                            This alias already exists.  We are attempting to replace it with another.");
                        }
                        PKCS11PrivateKey pKCS11PrivateKey2 = (PKCS11PrivateKey) ((PrivateKeyEntry) obj).key;
                        pKCS11Object = pKCS11PrivateKey2.getObject();
                        if (debug != null) {
                            if (pKCS11PrivateKey2.getLabel() == null) {
                                System.out.println("PKCS11KeyStore.java:  engineSetKeyEntry():  The label lifted from the private key being replaced is NULL.  ");
                            } else {
                                System.out.println("PKCS11KeyStore.java:  engineSetKeyEntry():  The label lifted from the private key being replaced is = " + pKCS11PrivateKey2.getLabel());
                            }
                            if (pKCS11PrivateKey2.getID() == null) {
                                System.out.println("PKCS11KeyStore.java:  engineSetKeyEntry():  The ID lifted from the private key being replaced is NULL.  ");
                            } else {
                                System.out.println("PKCS11KeyStore.java:  engineSetKeyEntry():  The ID lifted from the private being replaced key is = " + toHexString(pKCS11PrivateKey2.getID()));
                            }
                            System.out.println("PKCS11KeyStore.java:  engineSetKeyEntry():  Calling deleteChain( ) now ");
                        }
                        if (debug != null) {
                            System.out.println("PKCS11KeyStore.java:  engineSetKeyEntry():  Calling deleteChain() to delete the cert chain from the pre-existing entry at alias = " + str.toLowerCase());
                        }
                        deleteChain(objSession, pKCS11PrivateKey2.getID(), pKCS11PrivateKey2.getLabel());
                    } else {
                        SecretKeyEntry secretKeyEntry2 = (SecretKeyEntry) obj;
                        pKCS11Object = secretKeyEntry2.keyObject;
                    }
                }
                if (key instanceof PKCS11PrivateKey) {
                    if (debug != null) {
                        System.out.println("PKCS11KeyStore.java:  engineSetKeyEntry():  The entry to be set is a PrivateKeyEntry at alias = " + str.toLowerCase());
                        System.out.println("                                            Creating the PrivateKeyEntry for the supplied key and cert chain.");
                        System.out.println("PKCS11KeyStore.java:  engineSetKeyEntry():  The length of the cert chain for the PrivateKeyEntry to be created is: " + certificateArr.length);
                        System.out.println("PKCS11KeyStore.java:  engineSetKeyEntry():  VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV BEGIN CHAIN VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV");
                        for (Certificate certificate : certificateArr) {
                            System.out.println(certificate.toString());
                        }
                        System.out.println("PKCS11KeyStore.java:  engineSetKeyEntry():  AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA END   CHAIN AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA");
                    }
                    SessionManager sessionManager = ((PKCS11PrivateKey) key).getSessionManager();
                    Session opSession = sessionManager.getOpSession();
                    PrivateKeyEntry privateKeyEntry = new PrivateKeyEntry();
                    privateKeyEntry.key = key;
                    privateKeyEntry.keyObject = ((PKCS11PrivateKey) key).getObject();
                    Boolean bool = (Boolean) getValue(opSession, privateKeyEntry.keyObject, 1);
                    if (bool == null || !(bool == null || bool.booleanValue())) {
                        PKCS11PrivateKey makePrivKeyToken = makePrivKeyToken(objSession, (PKCS11PrivateKey) key, str);
                        privateKeyEntry.key = makePrivKeyToken;
                        privateKeyEntry.keyObject = makePrivKeyToken.getObject();
                    } else if (!((String) getValue(opSession, privateKeyEntry.keyObject, 3)).equalsIgnoreCase(str)) {
                        PKCS11PrivateKey changePrivKeyLabel = changePrivKeyLabel(objSession, (PKCS11PrivateKey) key, str);
                        privateKeyEntry.key = changePrivKeyLabel;
                        privateKeyEntry.keyObject = changePrivKeyLabel.getObject();
                    }
                    if (certificateArr == null || certificateArr[0] == null) {
                        privateKeyEntry.chain = null;
                    } else {
                        privateKeyEntry.chain = (Certificate[]) certificateArr.clone();
                    }
                    if (pKCS11Object != null && pKCS11Object != privateKeyEntry.keyObject) {
                        if (debug != null) {
                            System.out.println("PKCS11KeyStore.java:  engineSetKeyEntry():  Destroying the pre-existing PrivateKey at alias:  " + str.toLowerCase());
                        }
                        objSession.destroyObject(pKCS11Object);
                    }
                    if (debug != null) {
                        System.out.println("PKCS11KeyStore.java:  engineSetKeyEntry():  Adding the new certificate chain to the PrivateKeyEntry being created.");
                    }
                    addCertificateChain(objSession, str, ((PKCS11PrivateKey) key).getID(), privateKeyEntry.chain, true);
                    secretKeyEntry = privateKeyEntry;
                    sessionManager.releaseSession(opSession);
                } else if (key instanceof PKCS11SecretKey) {
                    SessionManager sessionManager2 = ((PKCS11SecretKey) key).getSessionManager();
                    Session opSession2 = sessionManager2.getOpSession();
                    SecretKeyEntry secretKeyEntry3 = new SecretKeyEntry();
                    secretKeyEntry3.key = key;
                    secretKeyEntry3.keyObject = ((PKCS11SecretKey) key).getObject();
                    if (!((Boolean) getValue(opSession2, secretKeyEntry3.keyObject, 1)).booleanValue()) {
                        PKCS11SecretKey makeSecKeyToken = makeSecKeyToken(objSession, (PKCS11SecretKey) key, str);
                        secretKeyEntry3.key = makeSecKeyToken;
                        secretKeyEntry3.keyObject = makeSecKeyToken.getObject();
                    } else if (!((String) getValue(opSession2, secretKeyEntry3.keyObject, 3)).equalsIgnoreCase(str)) {
                        PKCS11SecretKey changeSecKeyLabel = changeSecKeyLabel(objSession, (PKCS11SecretKey) key, str);
                        secretKeyEntry3.key = changeSecKeyLabel;
                        secretKeyEntry3.keyObject = changeSecKeyLabel.getObject();
                    }
                    if (pKCS11Object != null && pKCS11Object != secretKeyEntry3.keyObject) {
                        if (debug != null) {
                            debug.text(16384L, "PKCS11KeyStore", "engineSetKeyEntry", "destroy existing one");
                        }
                        objSession.destroyObject(pKCS11Object);
                    }
                    secretKeyEntry = secretKeyEntry3;
                    sessionManager2.releaseSession(opSession2);
                } else if (key instanceof PrivateKey) {
                    String algorithm = key.getAlgorithm();
                    try {
                        if (algorithm.equalsIgnoreCase("DSA")) {
                            pKCS11PrivateKey = (PKCS11PrivateKey) KeyFactory.getInstance("DSA", this.providerName).translateKey(key);
                        } else if (algorithm.equalsIgnoreCase("RSA")) {
                            pKCS11PrivateKey = (PKCS11PrivateKey) KeyFactory.getInstance("RSA", this.providerName).translateKey(key);
                        } else {
                            if (!algorithm.equalsIgnoreCase("EC") && !algorithm.equalsIgnoreCase("ECDSA")) {
                                if (debug != null) {
                                    debug.text(16384L, className, "engineSetKeyEntry", "Keystore can not handle this key algorithm: " + algorithm);
                                    debug.exit(16384L, className, "engineSetKeyEntry");
                                }
                                throw new KeyStoreException("Keystore can not handle this key algorithm: " + algorithm);
                            }
                            pKCS11PrivateKey = (PKCS11PrivateKey) KeyFactory.getInstance("EC", this.providerName).translateKey(key);
                        }
                        PrivateKeyEntry privateKeyEntry2 = new PrivateKeyEntry();
                        if (((String) getValue(objSession, pKCS11PrivateKey.getObject(), 3)).equalsIgnoreCase(str)) {
                            privateKeyEntry2.key = pKCS11PrivateKey;
                            privateKeyEntry2.keyObject = pKCS11PrivateKey.getObject();
                        } else {
                            PKCS11PrivateKey changePrivKeyLabel2 = changePrivKeyLabel(objSession, pKCS11PrivateKey, str);
                            privateKeyEntry2.key = changePrivKeyLabel2;
                            privateKeyEntry2.keyObject = changePrivKeyLabel2.getObject();
                        }
                        if (certificateArr == null || certificateArr[0] == null) {
                            privateKeyEntry2.chain = null;
                        } else {
                            privateKeyEntry2.chain = (Certificate[]) certificateArr.clone();
                        }
                        if (pKCS11Object != null && pKCS11Object != privateKeyEntry2.keyObject) {
                            if (debug != null) {
                                debug.text(16384L, "PKCS11KeyStore", "engineSetKeyEntry", "destroy existing one");
                            }
                            objSession.destroyObject(pKCS11Object);
                        }
                        if (((Boolean) getValue(objSession, privateKeyEntry2.keyObject, 1)).booleanValue()) {
                            addCertificateChain(objSession, str, pKCS11PrivateKey.getID(), privateKeyEntry2.chain, true);
                        } else {
                            addCertificateChain(objSession, str, pKCS11PrivateKey.getID(), privateKeyEntry2.chain, false);
                        }
                        secretKeyEntry = privateKeyEntry2;
                    } catch (Exception e) {
                        if (debug != null) {
                            debug.exception(16384L, className, "engineSetKeyEntry", e);
                            debug.exit(16384L, className, "engineSetKeyEntry");
                        }
                        throw new KeyStoreException("Keystore can not handle this key: " + e.getMessage());
                    }
                } else {
                    if (!(key instanceof SecretKey)) {
                        if (debug != null) {
                            debug.text(16384L, className, "engineSetKeyEntry", "Invalid key type");
                            debug.exit(16384L, className, "engineSetKeyEntry");
                        }
                        throw new KeyStoreException("Invalid key type");
                    }
                    String algorithm2 = key.getAlgorithm();
                    try {
                        if (!algorithm2.equalsIgnoreCase("DES") && !algorithm2.equalsIgnoreCase("3DES") && !algorithm2.equalsIgnoreCase("DESede") && !algorithm2.equalsIgnoreCase("TripleDES") && !algorithm2.equalsIgnoreCase("ARCFOUR") && !algorithm2.equalsIgnoreCase("RC4") && !algorithm2.equalsIgnoreCase("Blowfish") && !algorithm2.equalsIgnoreCase("Generic") && !algorithm2.equalsIgnoreCase("AES")) {
                            if (debug != null) {
                                debug.text(16384L, className, "engineSetKeyEntry", "Keystore can not handle this key algorithm: " + algorithm2);
                                debug.exit(16384L, className, "engineSetKeyEntry");
                            }
                            throw new KeyStoreException("Keystore can not handle this key algorithm: " + algorithm2);
                        }
                        PKCS11SecretKey pKCS11SecretKey = (PKCS11SecretKey) SecretKeyFactory.getInstance(algorithm2, this.providerName).translateKey((SecretKey) key);
                        SecretKeyEntry secretKeyEntry4 = new SecretKeyEntry();
                        if (((String) getValue(objSession, pKCS11SecretKey.getObject(), 3)).equalsIgnoreCase(str)) {
                            secretKeyEntry4.key = pKCS11SecretKey;
                            secretKeyEntry4.keyObject = pKCS11SecretKey.getObject();
                        } else {
                            PKCS11SecretKey changeSecKeyLabel2 = changeSecKeyLabel(objSession, pKCS11SecretKey, str);
                            secretKeyEntry4.key = changeSecKeyLabel2;
                            secretKeyEntry4.keyObject = changeSecKeyLabel2.getObject();
                        }
                        secretKeyEntry = secretKeyEntry4;
                        if (pKCS11Object != null && pKCS11Object != secretKeyEntry4.keyObject) {
                            if (debug != null) {
                                debug.text(16384L, "PKCS11KeyStore", "engineSetKeyEntry", "destroy existing one");
                            }
                            objSession.destroyObject(pKCS11Object);
                        }
                    } catch (Exception e2) {
                        if (debug != null) {
                            debug.exception(16384L, className, "engineSetKeyEntry", e2);
                            debug.exit(16384L, className, "engineSetKeyEntry");
                        }
                        throw new KeyStoreException("Keystore can not handle this key: " + e2.getMessage());
                    }
                }
                this.entries.put(str.toLowerCase(), secretKeyEntry);
                this.sessionManager.releaseSession(objSession);
            } catch (Throwable th) {
                this.sessionManager.releaseSession(null);
                throw th;
            }
        }
        if (debug != null) {
            System.out.println("PKCS11KeyStore.java:  engineSetKeyEntry():  METHOD EXIT.");
            System.out.println("PKCS11KeyStore.java:  engineSetKeyEntry():  DUMPING ALL ENTRIES IN THE HASHTABLE.");
            dumpKeyStoreEntries();
        }
    }

    private PKCS11PrivateKey changePrivKeyLabel(Session session, PKCS11PrivateKey pKCS11PrivateKey, String str) throws KeyStoreException {
        if (debug != null) {
            debug.entry(16384L, className, "changePrivKeyLabel", pKCS11PrivateKey.toString(), str);
        }
        return convertPrivKeyObj2(session, new int[]{3}, new Object[]{str}, pKCS11PrivateKey, str, true);
    }

    private PKCS11PrivateKey makePrivKeyToken(Session session, PKCS11PrivateKey pKCS11PrivateKey, String str) throws KeyStoreException {
        if (debug != null) {
            System.out.println("PKCS11KeyStore.java:  makePrivKeyToken():  METHOD ENTRY");
            System.out.println("PKCS11KeyStore.java:  makePrivKeyToken():  The PKCS11Object of the PrivateKey passed in is:");
            System.out.println(pKCS11PrivateKey.getObject().toString());
        }
        int[] iArr = {1, 2, 3, 257};
        byte[] bArr = null;
        byte[] subject = pKCS11PrivateKey.getSubject();
        if (subject != null) {
            try {
                if (debug != null) {
                    debug.text(16384L, className, "makePrivKeyToken_3a", "Try DER encoding private key subject name as X500 name initially");
                }
                DerOutputStream derOutputStream = new DerOutputStream();
                new X500Name(new String(subject, "8859_1")).encode(derOutputStream);
                bArr = derOutputStream.toByteArray();
            } catch (Exception e) {
                try {
                    if (debug != null) {
                        debug.text(16384L, className, "makePrivKeyToken_3b", "DER encode private key subject name as UnstructuredName instead");
                    }
                    DerOutputStream derOutputStream2 = new DerOutputStream();
                    new UnstructuredName(new String[]{new String(subject, "8859_1")}).encode(derOutputStream2);
                    bArr = derOutputStream2.toByteArray();
                } catch (Exception e2) {
                    if (debug != null) {
                        debug.exception(16384L, className, "makePrivKeyToken_3c", e2);
                    }
                    throw new KeyStoreException(e2.getMessage());
                }
            }
        }
        PKCS11PrivateKey convertPrivKeyObj2 = convertPrivKeyObj2(session, iArr, new Object[]{Boolean.TRUE, Boolean.TRUE, str, bArr}, pKCS11PrivateKey, str, true);
        convertPrivKeyObj2.setKeyAsToken(true);
        pKCS11PrivateKey.setKeyAsToken(true);
        if (debug != null) {
            System.out.println("PKCS11KeyStore.java:  makePrivKeyToken():  The PKCS11Object of the returned PrivateKey is:");
            System.out.println(convertPrivKeyObj2.getObject().toString());
            System.out.println("PKCS11KeyStore.java:  makePrivKeyToken():  METHOD EXIT");
        }
        return convertPrivKeyObj2;
    }

    private PKCS11PrivateKey convertPrivKeyObj2(Session session, int[] iArr, Object[] objArr, PKCS11PrivateKey pKCS11PrivateKey, String str, boolean z) throws KeyStoreException {
        int[] iArr2;
        Object[] objArr2;
        PKCS11PrivateKey pKCS11ECPrivateKey;
        PKCS11Key pKCS11Key = null;
        PKCS11Object pKCS11Object = null;
        if (debug != null) {
            System.out.println("PKCS11KeyStore.java:  convertPrivKeyObj2():  METHOD ENTRY");
            System.out.println("PKCS11KeyStore.java:  convertPrivKeyObj2():  The PKCS11Object taken from pkey with label = " + str);
            System.out.println("PKCS11KeyStore.java:  convertPrivKeyObj2():  Trying to set the TOKEN attribute to:  " + z);
            System.out.println("PKCS11KeyStore.java:  convertPrivKeyObj2():  The PKCS11Object from the private key passed in is:");
            System.out.println(pKCS11PrivateKey.getObject().toString());
        }
        try {
            pKCS11Object = session.copy(pKCS11PrivateKey.getObject(), iArr, objArr);
            if (debug != null) {
                System.out.println("PKCS11KeyStore.java:  convertPrivKeyObj2():  The COPY attempt succeeded.  A new PKCS11Object was returned.");
                System.out.println("PKCS11KeyStore.java:  convertPrivKeyObj2():  The copied PKCS11Object is shown below.  It should match the one above.");
                System.out.println(pKCS11Object.toString());
            }
        } catch (Exception e) {
            if (debug != null) {
                System.out.println("PKCS11KeyStore.java:  convertPrivKeyObj2():  The COPY attempt failed.");
                System.out.println("PKCS11KeyStore.java:  convertPrivKeyObj2():  The following exception was thrown while trying to make a copy of the PKCS11Object taken from pkey:");
                System.out.println(e.toString());
                System.out.println("PKCS11KeyStore.java:  convertPrivKeyObj2():  The stack trace of that exception is:");
                e.printStackTrace();
            }
            if (pKCS11PrivateKey instanceof PKCS11RSAPrivateKey) {
                PKCS11RSAPrivateKey pKCS11RSAPrivateKey = (PKCS11RSAPrivateKey) pKCS11PrivateKey;
                iArr2 = new int[]{0, 1, 2, 3, 256, 257, 258, 264, 265, 288, 291, 261, 268, 259, 296, 290, 292, 293, 294, 295};
                objArr2 = new Object[]{PKCS11Object.PRIVATE_KEY, Boolean.valueOf(z), Boolean.TRUE, str, PKCS11Object.RSA, pKCS11RSAPrivateKey.getSubject(), pKCS11RSAPrivateKey.getID(), pKCS11RSAPrivateKey.getSign(), pKCS11RSAPrivateKey.getSignRecover(), pKCS11RSAPrivateKey.getModulus(), pKCS11RSAPrivateKey.getPrivateExponent(), pKCS11RSAPrivateKey.getDecrypt(), pKCS11RSAPrivateKey.getDerive(), pKCS11RSAPrivateKey.getSensitive(), pKCS11RSAPrivateKey.getCoefficient(), pKCS11RSAPrivateKey.getPublicExponent(), pKCS11RSAPrivateKey.getPrime1(), pKCS11RSAPrivateKey.getPrime2(), pKCS11RSAPrivateKey.getExponent1(), pKCS11RSAPrivateKey.getExponent2()};
            } else if (pKCS11PrivateKey instanceof PKCS11DSAPrivateKey) {
                PKCS11DSAPrivateKey pKCS11DSAPrivateKey = (PKCS11DSAPrivateKey) pKCS11PrivateKey;
                iArr2 = new int[]{17, 0, 1, 2, 3, 256, 257, 258, 264, 265, 306, 305, 304, 261, 268, 259};
                objArr2 = new Object[]{pKCS11DSAPrivateKey.getValue().toByteArray(), PKCS11Object.PRIVATE_KEY, Boolean.valueOf(z), Boolean.TRUE, str, PKCS11Object.DSA, pKCS11DSAPrivateKey.getSubject(), pKCS11DSAPrivateKey.getID(), pKCS11DSAPrivateKey.getSign(), pKCS11DSAPrivateKey.getSignRecover(), pKCS11DSAPrivateKey.getBase(), pKCS11DSAPrivateKey.getSubprime(), pKCS11DSAPrivateKey.getPrime(), pKCS11DSAPrivateKey.getDecrypt(), pKCS11DSAPrivateKey.getDerive(), pKCS11DSAPrivateKey.getSensitive()};
            } else {
                if (!(pKCS11PrivateKey instanceof PKCS11ECPrivateKey)) {
                    if (debug != null) {
                        System.out.println("PKCS11KeyStore.java:  convertPrivKeyObj2():  PKCS11KeyStore cannot handle a key which is an instance of:  " + pKCS11PrivateKey.getClass().getName());
                    }
                    throw new KeyStoreException("PKCS11Keystore cannot handle a key which is an instance of:  " + pKCS11PrivateKey.getClass().getName());
                }
                PKCS11ECPrivateKey pKCS11ECPrivateKey2 = (PKCS11ECPrivateKey) pKCS11PrivateKey;
                iArr2 = new int[]{17, 384, 0, 1, 2, 3, 256, 257, 258, 264, 265, 261, 268, 259};
                objArr2 = new Object[]{getMagnitude(pKCS11ECPrivateKey2.getS()), ECParameters.encodeParameters(pKCS11ECPrivateKey2.getParams()), PKCS11Object.PRIVATE_KEY, Boolean.valueOf(z), Boolean.TRUE, str, PKCS11Object.EC, pKCS11ECPrivateKey2.getSubject(), pKCS11ECPrivateKey2.getID(), pKCS11ECPrivateKey2.getSign(), pKCS11ECPrivateKey2.getSignRecover(), pKCS11ECPrivateKey2.getDecrypt(), pKCS11ECPrivateKey2.getDerive(), pKCS11ECPrivateKey2.getSensitive()};
            }
            try {
                if (debug != null) {
                    System.out.println("PKCS11KeyStore.java:  convertPrivKeyObj2():  Since the COPY attempt failed, try to CREATE a new PKCS11Object");
                }
                pKCS11Object = session.createObject(iArr2, objArr2);
                if (debug != null) {
                    System.out.println("PKCS11KeyStore.java:  convertPrivKeyObj2():  The CREATE of a new PKCS11Object succeeded");
                    System.out.println("PKCS11KeyStore.java:  convertPrivKeyObj2():  The newly created PKCS11Object is shown below.  It should match the one above.");
                    System.out.println("PKCS11KeyStore.java:  convertPrivKeyObj2():  The new PKCS11Object is:");
                    System.out.println(pKCS11Object.toString());
                }
            } catch (Exception e2) {
                if (debug != null) {
                    System.out.println("PKCS11KeyStore.java:  convertPrivKeyObj2():  THE CREATION OF A NEW PKCS11Object FAILED");
                    System.out.println("PKCS11KeyStore.java:  convertPrivKeyObj2():  The following exception was thrown while trying to create a new PKCS11Object:");
                    System.out.println(e2.toString());
                    System.out.println("PKCS11KeyStore.java:  convertPrivKeyObj2():  The stack trace of that exception is:");
                    e2.printStackTrace();
                }
                if (pKCS11Object != null) {
                    if (debug != null) {
                        System.out.println("PKCS11KeyStore.java:  convertPrivKeyObj2():  For some reason, a newobj was created, in spite of the fact that an exception was thrown.");
                        System.out.println("PKCS11KeyStore.java:  convertPrivKeyObj2():  Destroying newobj now.");
                    }
                    session.destroyObject(pKCS11Object);
                } else if (debug != null && pKCS11Object != null) {
                    System.out.println("PKCS11KeyStore.java:  convertPrivKeyObj2():  As expected, a newobj was NOT created, since an exception was thrown.");
                }
                throw new KeyStoreException(e2.getMessage());
            }
        }
        try {
            if (pKCS11PrivateKey instanceof PKCS11RSAPrivateKey) {
                PKCS11RSAPrivateKey pKCS11RSAPrivateKey2 = (PKCS11RSAPrivateKey) pKCS11PrivateKey;
                if (debug != null) {
                    System.out.println("PKCS11KeyStore.java:  convertPrivKeyObj2():  Attempting to create a new RSAPrivateKey instance using the 'COPIED' or 'CREATED' PKCS11Object");
                }
                pKCS11ECPrivateKey = new RSAPrivateKey(session, pKCS11Object, pKCS11RSAPrivateKey2.getID(), pKCS11RSAPrivateKey2.getSubject(), str, Boolean.valueOf(z), pKCS11RSAPrivateKey2.getSensitive(), pKCS11RSAPrivateKey2.getSign(), pKCS11RSAPrivateKey2.getDecrypt(), pKCS11RSAPrivateKey2.getUnwrap(), pKCS11RSAPrivateKey2.getExtractable(), pKCS11RSAPrivateKey2.getModulus(), pKCS11RSAPrivateKey2.getPublicExponent(), pKCS11RSAPrivateKey2.getPrivateExponent(), pKCS11RSAPrivateKey2.getPrime1(), pKCS11RSAPrivateKey2.getPrime2(), pKCS11RSAPrivateKey2.getExponent1(), pKCS11RSAPrivateKey2.getExponent2(), pKCS11RSAPrivateKey2.getCoefficient());
            } else if (pKCS11PrivateKey instanceof PKCS11DSAPrivateKey) {
                PKCS11DSAPrivateKey pKCS11DSAPrivateKey2 = (PKCS11DSAPrivateKey) pKCS11PrivateKey;
                pKCS11ECPrivateKey = new DSAPrivateKey(session, pKCS11Object, str, pKCS11DSAPrivateKey2.getID(), pKCS11DSAPrivateKey2.getSubject(), Boolean.valueOf(z), pKCS11DSAPrivateKey2.getSensitive(), pKCS11DSAPrivateKey2.getExtractable(), pKCS11DSAPrivateKey2.getPrime(), pKCS11DSAPrivateKey2.getSubprime(), pKCS11DSAPrivateKey2.getBase(), pKCS11DSAPrivateKey2.getValue());
            } else {
                if (!(pKCS11PrivateKey instanceof PKCS11ECPrivateKey)) {
                    if (debug != null) {
                        System.out.println("PKCS11KeyStore.java:  convertPrivKeyObj2():  PKCS11KeyStore cannot handle a key which is an instance of:  " + pKCS11PrivateKey.getClass().getName());
                    }
                    throw new KeyStoreException("PKCS11Keystore cannot handle a key which is an instance of:  " + pKCS11PrivateKey.getClass().getName());
                }
                PKCS11ECPrivateKey pKCS11ECPrivateKey3 = (PKCS11ECPrivateKey) pKCS11PrivateKey;
                byte[] encodeParameters = ECParameters.encodeParameters(pKCS11ECPrivateKey3.getParams());
                try {
                    pKCS11ECPrivateKey = new PKCS11ECPrivateKey(session, pKCS11Object, pKCS11ECPrivateKey3.getID(), pKCS11ECPrivateKey3.getSubject(), str, encodeParameters, pKCS11ECPrivateKey3.getS());
                } catch (Exception e3) {
                    pKCS11ECPrivateKey = new PKCS11ECPrivateKey(session, pKCS11Object, pKCS11ECPrivateKey3.getID(), pKCS11ECPrivateKey3.getSubject(), str, encodeParameters);
                }
            }
            if (debug != null) {
                System.out.println("PKCS11KeyStore.java:  convertPrivKeyObj2():  The new private key was created successfully.");
                System.out.println("PKCS11KeyStore.java:  convertPrivKeyObj2():  METHOD EXIT");
            }
            return pKCS11ECPrivateKey;
        } catch (Exception e4) {
            if (debug != null) {
                System.out.println("PKCS11KeyStore.java:  convertPrivKeyObj2():  The following exception was thrown while attempting to create a new Java PrivateKey object using the COPIED or CREATED PKCS11Object");
                System.out.println(e4.toString());
                System.out.println("PKCS11KeyStore.java:  convertPrivKeyObj2():  The stack trace of that exception is:");
                e4.toString();
            }
            if (!IBMPKCS11Impl.doMemoryManagement()) {
                if (!pKCS11Key.getToken().booleanValue()) {
                    if (debug != null) {
                        System.out.println("PKCS11KeyStore.java:  convertPrivKeyObj2( ):   key is NOT a token object.   Calling rm( ) ");
                        System.out.println("                                              The key label is  = " + pKCS11Key.getLabel());
                    }
                    pKCS11Key.rm();
                } else if (debug != null) {
                    System.out.println("PKCS11KeyStore.java:  convertPrivKeyObj2( ):  key is a token object.   NOT CALLING rm( )");
                    System.out.println("                                             The key label is  = " + pKCS11Key.getLabel());
                }
            }
            throw new KeyStoreException(e4.getMessage());
        }
    }

    private PKCS11SecretKey changeSecKeyLabel(Session session, PKCS11SecretKey pKCS11SecretKey, String str) throws KeyStoreException {
        if (debug != null) {
            debug.entry(16384L, className, "changeSecKeyLabel", pKCS11SecretKey.toString(), str);
        }
        int[] iArr = {3};
        Object[] objArr = {str};
        if (debug != null) {
            debug.exit(16384L, className, "changeSecKeyLabel");
        }
        return convertSecKeyObj(session, iArr, objArr, pKCS11SecretKey, str);
    }

    private PKCS11SecretKey makeSecKeyToken(Session session, PKCS11SecretKey pKCS11SecretKey, String str) throws KeyStoreException {
        if (debug != null) {
            debug.entry(16384L, className, "makeSecKeyToken", pKCS11SecretKey.toString(), str);
        }
        int[] iArr = {1, 2, 3};
        Object[] objArr = {Boolean.TRUE, Boolean.TRUE, str};
        if (debug != null) {
            debug.exit(16384L, className, "makeSecKeyToken");
        }
        return convertSecKeyObj(session, iArr, objArr, pKCS11SecretKey, str);
    }

    private PKCS11SecretKey convertSecKeyObj(Session session, int[] iArr, Object[] objArr, PKCS11SecretKey pKCS11SecretKey, String str) throws KeyStoreException {
        PKCS11Object pKCS11Object = null;
        if (debug != null) {
            debug.entry(16384L, className, "convertSecKeyObj");
        }
        try {
            pKCS11Object = session.copy(pKCS11SecretKey.getObject(), iArr, objArr);
            if (debug != null) {
                debug.text(16384L, className, "convertSecKeyObj", "make copy of secret key");
            }
        } catch (Exception e) {
            if (debug != null) {
                debug.text(16384L, className, "convertSecKeyObj", "Copy failed try to create token key");
            }
            try {
                byte[] bArr = null;
                if (pKCS11SecretKey instanceof GeneralKey) {
                    bArr = ((GeneralKey) pKCS11SecretKey).getValue();
                } else if (pKCS11SecretKey instanceof PKCS11DESedeKey) {
                    bArr = ((PKCS11DESedeKey) pKCS11SecretKey).getValue();
                } else if (pKCS11SecretKey instanceof PKCS11DESKey) {
                    bArr = ((PKCS11DESKey) pKCS11SecretKey).getValue();
                }
                pKCS11Object = session.createObject(new int[]{0, 256, 258, 3, 2, 1, 259, 268, 260, 261, 262, 263, 17}, new Object[]{PKCS11Object.SECRET_KEY, pKCS11SecretKey.getKeyType(), pKCS11SecretKey.getID(), str, Boolean.TRUE, Boolean.TRUE, pKCS11SecretKey.getSensitive(), pKCS11SecretKey.getDerive(), pKCS11SecretKey.getEncrypt(), pKCS11SecretKey.getDecrypt(), pKCS11SecretKey.getWrap(), pKCS11SecretKey.getUnwrap(), bArr});
            } catch (PKCS11Exception e2) {
                if (pKCS11Object != null) {
                    session.destroyObject(pKCS11Object);
                }
                if (debug != null) {
                    debug.exception(16384L, className, "convertSecKeyObj", e2);
                    debug.exit(16384L, className, "convertSecKeyObj");
                }
                throw new KeyStoreException(e2.getMessage());
            }
        }
        GeneralKey generalKey = null;
        try {
            try {
                if (pKCS11SecretKey instanceof GeneralKey) {
                    generalKey = new GeneralKey(session, pKCS11Object, ((GeneralKey) pKCS11SecretKey).mechanismBuilder.getAlgorithm());
                } else if (pKCS11SecretKey instanceof PKCS11DESKey) {
                    generalKey = new GeneralKey(session, pKCS11Object, "DES");
                } else if (pKCS11SecretKey instanceof PKCS11DESedeKey) {
                    generalKey = new GeneralKey(session, pKCS11Object, "DESede");
                }
                if (debug != null) {
                    debug.exit(16384L, className, "convertSecKeyObj");
                }
                return generalKey;
            } finally {
                session.destroyObject(pKCS11SecretKey.getObject());
            }
        } catch (InvalidKeyException e3) {
            if (debug != null) {
                debug.exception(16384L, className, "convertSecKeyObj", e3);
                debug.exit(16384L, className, "convertSecKeyObj");
            }
            throw new KeyStoreException(e3.getMessage());
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetKeyEntry(String str, byte[] bArr, Certificate[] certificateArr) throws KeyStoreException {
        if (debug != null) {
            debug.entry(16384L, className, "engineSetKeyEntry");
            debug.text(16384L, className, "engineSetKeyEntry", "This method is not supported");
            debug.exit(16384L, className, "engineSetKeyEntry");
        }
        throw new KeyStoreException("This method is not supported");
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetCertificateEntry(String str, Certificate certificate) throws KeyStoreException {
        byte[] bytes;
        Object[] createCertObject;
        if (debug != null) {
            debug.entry(16384L, className, "engineSetCertificateEntry", str, certificate);
        }
        synchronized (this.entries) {
            Object obj = this.entries.get(str.toLowerCase());
            if (obj != null && ((obj instanceof PrivateKeyEntry) || (obj instanceof SecretKeyEntry))) {
                if (debug != null) {
                    debug.text(16384L, className, "engineSetCertificateEntry", "Cannot overwrite key entry");
                    debug.exit(16384L, className, "engineSetCertificateEntry");
                }
                throw new KeyStoreException("Cannot overwrite key entry");
            }
            Object[] objArr = new Object[2];
            if (!(certificate instanceof X509Certificate)) {
                if (debug != null) {
                    debug.text(16384L, className, "engineSetCertificateEntry", "Unsupported certificate type. Only X509 certificate is supported");
                    debug.exit(16384L, className, "engineSetCertificateEntry");
                }
                throw new KeyStoreException("Unsupported certificate type. Only X509 certificate is supported");
            }
            try {
                bytes = str.getBytes("8859_1");
            } catch (UnsupportedEncodingException e) {
                bytes = str.getBytes();
            }
            if (bytes.length > 20) {
                byte[] bArr = new byte[20];
                System.arraycopy(bytes, 0, bArr, 0, 20);
                bytes = bArr;
            }
            try {
                try {
                    Session objSession = this.sessionManager.getObjSession();
                    CertificateFactory certificateFactory = CertificateFactory.getInstance("X509", this.providerName);
                    if (certificate instanceof X509CertImpl) {
                        X509CertImpl x509CertImpl = (X509CertImpl) certificate;
                        DerOutputStream derOutputStream = new DerOutputStream();
                        x509CertImpl.getSubjectDN().encode(derOutputStream);
                        byte[] byteArray = derOutputStream.toByteArray();
                        DerOutputStream derOutputStream2 = new DerOutputStream();
                        x509CertImpl.getIssuerDN().encode(derOutputStream2);
                        byte[] byteArray2 = derOutputStream2.toByteArray();
                        DerOutputStream derOutputStream3 = new DerOutputStream();
                        new CertificateSerialNumber(x509CertImpl.getSerialNumber()).encode(derOutputStream3);
                        createCertObject = createCertObject(objSession, str, Boolean.TRUE, x509CertImpl.getEncoded(), byteArray, bytes, byteArray2, derOutputStream3.toByteArray());
                    } else {
                        X509CertImpl generateCertificate = certificateFactory.generateCertificate(new ByteArrayInputStream(certificate.getEncoded()));
                        DerOutputStream derOutputStream4 = new DerOutputStream();
                        generateCertificate.getSubjectDN().encode(derOutputStream4);
                        byte[] byteArray3 = derOutputStream4.toByteArray();
                        generateCertificate.getIssuerDN().encode(new DerOutputStream());
                        DerOutputStream derOutputStream5 = new DerOutputStream();
                        new CertificateSerialNumber(generateCertificate.getSerialNumber()).encode(derOutputStream5);
                        createCertObject = createCertObject(objSession, str, Boolean.TRUE, generateCertificate.getEncoded(), byteArray3, bytes, null, derOutputStream5.toByteArray());
                    }
                    this.sessionManager.releaseSession(objSession);
                    TrustedCertEntry trustedCertEntry = new TrustedCertEntry();
                    trustedCertEntry.cert = certificate;
                    trustedCertEntry.certObject = (PKCS11Object) createCertObject[0];
                    trustedCertEntry.label = str;
                    trustedCertEntry.keyID = bytes;
                    if (createCertObject[1] != null) {
                        if (debug != null) {
                            debug.text(16384L, "PKCS11KeyStore", "engineSetCertificateEntry", "certificate is session object, session " + createCertObject[1]);
                        }
                        trustedCertEntry.session = (Session) createCertObject[1];
                    }
                    this.entries.put(str.toLowerCase(), trustedCertEntry);
                } catch (Exception e2) {
                    if (debug != null) {
                        debug.exception(16384L, className, "engineSetCertificateEntry", e2);
                        debug.exit(16384L, className, "engineSetCertificateEntry");
                    }
                    throw new KeyStoreException("Cannot store certificate :" + e2.getMessage());
                }
            } catch (Throwable th) {
                this.sessionManager.releaseSession(null);
                throw th;
            }
        }
        if (debug != null) {
            debug.exit(16384L, className, "engineSetCertificateEntry");
        }
    }

    private void addCertificateChain(Session session, String str, byte[] bArr, Certificate[] certificateArr, boolean z) throws KeyStoreException {
        X509CertImpl generateCertificate;
        byte[] byteArray;
        byte[] byteArray2;
        X509CertImpl generateCertificate2;
        byte[] byteArray3;
        byte[] byteArray4;
        if (debug != null) {
            debug.entry(16384L, className, "addCertificateChain", str, Boolean.valueOf(z));
        }
        int[] iArr = {1, 0, 257, 130};
        byte[] bArr2 = null;
        if (certificateArr == null) {
            if (debug != null) {
                debug.text(16384L, className, "addCertificateChain", "cert chain is null");
                debug.exit(16384L, className, "addCertificateChain");
                return;
            }
            return;
        }
        try {
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X509", this.providerName);
            if (certificateArr[0] instanceof X509CertImpl) {
                generateCertificate = (X509CertImpl) certificateArr[0];
                DerOutputStream derOutputStream = new DerOutputStream();
                generateCertificate.getSubjectDN().encode(derOutputStream);
                byteArray = derOutputStream.toByteArray();
                DerOutputStream derOutputStream2 = new DerOutputStream();
                generateCertificate.getIssuerDN().encode(derOutputStream2);
                bArr2 = derOutputStream2.toByteArray();
                DerOutputStream derOutputStream3 = new DerOutputStream();
                new CertificateSerialNumber(generateCertificate.getSerialNumber()).encode(derOutputStream3);
                byteArray2 = derOutputStream3.toByteArray();
            } else {
                generateCertificate = certificateFactory.generateCertificate(new ByteArrayInputStream(certificateArr[0].getEncoded()));
                DerOutputStream derOutputStream4 = new DerOutputStream();
                generateCertificate.getSubjectDN().encode(derOutputStream4);
                byteArray = derOutputStream4.toByteArray();
                generateCertificate.getIssuerDN().encode(new DerOutputStream());
                DerOutputStream derOutputStream5 = new DerOutputStream();
                new CertificateSerialNumber(generateCertificate.getSerialNumber()).encode(derOutputStream5);
                byteArray2 = derOutputStream5.toByteArray();
            }
            if (debug != null) {
                debug.text(16384L, className, "addCertificateChain", "Alias = " + str);
                debug.text(16384L, className, "addCertificateChain", "id = " + new HexDumpEncoder().encode(bArr));
            }
            createCertObject(session, str, Boolean.TRUE, generateCertificate.getEncoded(), byteArray, bArr, bArr2, byteArray2);
            for (int i = 1; i < certificateArr.length; i++) {
                if (certificateArr[i] instanceof X509CertImpl) {
                    generateCertificate2 = (X509CertImpl) certificateArr[i];
                    DerOutputStream derOutputStream6 = new DerOutputStream();
                    generateCertificate2.getSubjectDN().encode(derOutputStream6);
                    byteArray3 = derOutputStream6.toByteArray();
                    DerOutputStream derOutputStream7 = new DerOutputStream();
                    generateCertificate2.getIssuerDN().encode(derOutputStream7);
                    bArr2 = derOutputStream7.toByteArray();
                    DerOutputStream derOutputStream8 = new DerOutputStream();
                    new CertificateSerialNumber(generateCertificate2.getSerialNumber()).encode(derOutputStream8);
                    byteArray4 = derOutputStream8.toByteArray();
                } else {
                    generateCertificate2 = certificateFactory.generateCertificate(new ByteArrayInputStream(certificateArr[i].getEncoded()));
                    DerOutputStream derOutputStream9 = new DerOutputStream();
                    generateCertificate2.getSubjectDN().encode(derOutputStream9);
                    byteArray3 = derOutputStream9.toByteArray();
                    generateCertificate2.getIssuerDN().encode(new DerOutputStream());
                    DerOutputStream derOutputStream10 = new DerOutputStream();
                    new CertificateSerialNumber(generateCertificate2.getSerialNumber()).encode(derOutputStream10);
                    byteArray4 = derOutputStream10.toByteArray();
                }
                session.findObjectsInit(iArr, new Object[]{Boolean.TRUE, PKCS11Object.CERTIFICATE, byteArray3, byteArray4});
                PKCS11Object findObject = session.findObject();
                session.findObjectsFinal();
                if (debug != null) {
                    debug.text(16384L, className, "addCertificateChain", "pkcs11obj = " + findObject);
                }
                if (findObject == null) {
                    createCertObject(session, str, Boolean.TRUE, generateCertificate2.getEncoded(), byteArray3, bArr, bArr2, byteArray4);
                }
            }
            if (debug != null) {
                debug.exit(16384L, className, "addCertificateChain");
            }
        } catch (Exception e) {
            if (debug != null) {
                debug.exception(16384L, className, "addCertificateChain", e);
                debug.exit(16384L, className, "addCertificateChain");
            }
            throw new KeyStoreException(e.getMessage());
        }
    }

    private Object[] createCertObject(Session session, String str, Boolean bool, byte[] bArr, byte[] bArr2, byte[] bArr3, byte[] bArr4, byte[] bArr5) throws KeyStoreException {
        if (debug != null) {
            debug.entry(16384L, className, "createCertObject", str, bool);
        }
        Object[] objArr = new Object[2];
        try {
            PKCS11Object createObject = session.createObject(new int[]{0, 1, 2, 3, 128, 258, 257, 130, 17, 129}, new Object[]{PKCS11Object.CERTIFICATE, bool, Boolean.FALSE, str, PKCS11Object.X_509, bArr3, bArr2, bArr5, bArr, bArr4});
            if (!bool.booleanValue()) {
                if (debug != null) {
                    debug.text(16384L, "PKCS11KeyStore", "createCertObject", "certificate is session object, session is " + session);
                }
                session.addObject();
                objArr[1] = session;
            }
            if (debug != null) {
                debug.exit(16384L, className, "createCertObject");
            }
            objArr[0] = createObject;
            return objArr;
        } catch (Exception e) {
            if (debug != null) {
                debug.exception(16384L, className, "createCertObject", e);
                debug.exit(16384L, className, "createCertObject");
            }
            throw new KeyStoreException("Cannot store certificate: " + e.getMessage());
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineDeleteEntry(String str) throws KeyStoreException {
        if (debug != null) {
            System.out.println("PKCS11KeyStore.java:  engineDeleteEntry():  METHOD ENTRY.");
            System.out.println("PKCS11KeyStore.java:  engineDeleteEntry():  Delete the entry with label = " + str);
            System.out.println("PKCS11KeyStore.java:  engineDeleteEntry():  DUMPING ALL ENTRIES IN THE HASHTABLE AT METHOD ENTRY.");
            dumpKeyStoreEntries();
        }
        synchronized (this.entries) {
            try {
                Session opSession = this.sessionManager.getOpSession();
                if (engineIsKeyEntry(str)) {
                    Object obj = this.entries.get(str.toLowerCase());
                    if (obj instanceof PrivateKeyEntry) {
                        PrivateKeyEntry privateKeyEntry = (PrivateKeyEntry) obj;
                        ((PKCS11Key) privateKeyEntry.key).getID();
                        ((PKCS11Key) privateKeyEntry.key).getLabel();
                        deleteChain(opSession, ((PKCS11Key) privateKeyEntry.key).getID(), ((PKCS11Key) privateKeyEntry.key).getLabel());
                        if (debug != null) {
                            System.out.println("PKCS11KeyStore.java:  engineDeleteEntry():  The cert chain for the entry with label " + str + " has been deleted.");
                        }
                        deleteKey(opSession, (PKCS11Key) privateKeyEntry.key, PKCS11Object.PRIVATE_KEY.intValue());
                        if (debug != null) {
                            System.out.println("PKCS11KeyStore.java:  engineDeleteEntry():  The private key for the entry with label " + str + " has been deleted.");
                            System.out.println("PKCS11KeyStore.java:  engineDeleteEntry():  BOTH THE PRIVATE KEY AND CERT CHAIN HAVE NOW BEEN DELETED FOR label = " + str);
                        }
                        privateKeyEntry.chain = null;
                        privateKeyEntry.key = null;
                        privateKeyEntry.keyObject = null;
                    } else {
                        SecretKeyEntry secretKeyEntry = (SecretKeyEntry) obj;
                        deleteKey(opSession, (PKCS11Key) secretKeyEntry.key, PKCS11Object.SECRET_KEY.intValue());
                        secretKeyEntry.key = null;
                        secretKeyEntry.keyObject = null;
                    }
                } else if (engineIsCertificateEntry(str)) {
                    TrustedCertEntry trustedCertEntry = (TrustedCertEntry) this.entries.get(str.toLowerCase());
                    deleteCert(opSession, trustedCertEntry.keyID, trustedCertEntry.label);
                    if (trustedCertEntry.session != null) {
                        trustedCertEntry.session.removeObject();
                        trustedCertEntry.session = null;
                    }
                    trustedCertEntry.cert = null;
                    trustedCertEntry.certObject = null;
                    trustedCertEntry.keyID = null;
                    trustedCertEntry.label = null;
                }
                this.sessionManager.releaseSession(opSession);
                this.entries.remove(str.toLowerCase());
            } catch (Throwable th) {
                this.sessionManager.releaseSession(null);
                throw th;
            }
        }
        if (debug != null) {
            System.out.println("PKCS11KeyStore.java:  engineDeleteEntry():  METHOD EXIT.");
            System.out.println("PKCS11KeyStore.java:  engineDeleteEntry():  DUMPING ALL ENTRIES IN THE HASHTABLE AT METHOD EXIT.");
            dumpKeyStoreEntries();
        }
    }

    private void deleteKey(Session session, PKCS11Key pKCS11Key, int i) {
        if (debug != null) {
            debug.entry(16384L, className, "deleteKey", pKCS11Key.toString(), Integer.valueOf(i));
        }
        String label = pKCS11Key.getLabel();
        byte[] id = pKCS11Key.getID();
        pKCS11Key.getKeyType();
        if (debug != null) {
            System.out.println("PKCS11KeyStore.java:  deleteKey():  Called to delete the key associated with label = " + label);
            System.out.println("                                    Calling the key's rm() method now.");
        }
        pKCS11Key.rm();
        int i2 = 5;
        if (label == null) {
            i2 = 5 - 1;
        }
        if (id == null || id.length == 0) {
            i2--;
        }
        int[] iArr = new int[i2];
        Object[] objArr = new Object[i2];
        iArr[0] = 1;
        objArr[0] = Boolean.FALSE;
        int i3 = 0 + 1;
        iArr[i3] = 0;
        objArr[i3] = Integer.valueOf(i);
        int i4 = i3 + 1;
        iArr[i4] = 2;
        objArr[i4] = Boolean.FALSE;
        int i5 = i4 + 1;
        if (label != null) {
            iArr[i5] = 3;
            objArr[i5] = label;
            i5++;
        }
        if (id != null && id.length > 0) {
            iArr[i5] = 258;
            objArr[i5] = id;
        }
        session.findObjectsInit(iArr, objArr);
        PKCS11Object findObject = session.findObject();
        session.findObjectsFinal();
        if (findObject == null) {
            if (debug != null) {
                debug.exit(16384L, className, "deleteKey", "No Session object found.");
            }
        } else {
            session.destroyObject(findObject);
            if (debug != null) {
                debug.exit(16384L, className, "deleteKey", "Session object found.");
            }
        }
    }

    private void deletePublicKey(Session session, Certificate[] certificateArr, PKCS11Key pKCS11Key) {
        int[] iArr;
        Object[] objArr;
        if (debug != null) {
            debug.entry(16384L, className, "deletePublicKey", certificateArr, pKCS11Key.toString());
        }
        if (certificateArr == null || certificateArr[0] == null) {
            if (debug != null) {
                debug.text(16384L, className, "deletePublicKey", "No cert associated with private key.");
            }
            session.findObjectsInit(new int[]{1, 256, 0, 3, 258}, new Object[]{Boolean.TRUE, pKCS11Key.getKeyType(), PKCS11Object.PUBLIC_KEY, pKCS11Key.getLabel(), pKCS11Key.getID()});
            PKCS11Object findObject = session.findObject();
            session.findObjectsFinal();
            if (findObject == null) {
                if (debug != null) {
                    debug.exit(16384L, className, "deletePublicKey", "No object found.");
                    return;
                }
                return;
            } else {
                if (debug != null) {
                    debug.exit(16384L, className, "deletePublicKey", "Object = " + findObject);
                }
                session.destroyObject(findObject);
                if (debug != null) {
                    debug.exit(16384L, className, "deletePublicKey", "Object found.");
                    return;
                }
                return;
            }
        }
        PKCS11PublicKey pKCS11PublicKey = (PKCS11PublicKey) ((X509Certificate) certificateArr[0]).getPublicKey();
        if (pKCS11PublicKey.getKeyType() == PKCS11Object.RSA) {
            PKCS11RSAPublicKey pKCS11RSAPublicKey = (PKCS11RSAPublicKey) pKCS11PublicKey;
            iArr = new int[]{1, 256, 0, 288, 290, 3, 258};
            objArr = new Object[]{Boolean.TRUE, PKCS11Object.RSA, PKCS11Object.PUBLIC_KEY, pKCS11RSAPublicKey.getModulus(), pKCS11RSAPublicKey.getPublicExponent(), pKCS11Key.getLabel(), pKCS11Key.getID()};
        } else if (pKCS11PublicKey.getKeyType() == PKCS11Object.DSA) {
            PKCS11DSAPublicKey pKCS11DSAPublicKey = (PKCS11DSAPublicKey) pKCS11PublicKey;
            iArr = new int[]{1, 256, 0, 304, 305, 306, 17, 3, 258};
            objArr = new Object[]{Boolean.TRUE, PKCS11Object.DSA, PKCS11Object.PUBLIC_KEY, pKCS11DSAPublicKey.getPrime(), pKCS11DSAPublicKey.getSubprime(), pKCS11DSAPublicKey.getBase(), pKCS11DSAPublicKey.getValue().toByteArray(), pKCS11Key.getLabel(), pKCS11Key.getID()};
        } else if (pKCS11PublicKey.getKeyType() != PKCS11Object.EC) {
            if (debug != null) {
                debug.exit(16384L, className, "deletePublicKey", "Key type not RSA, DSA, or EC.");
                return;
            }
            return;
        } else {
            PKCS11ECPublicKey pKCS11ECPublicKey = (PKCS11ECPublicKey) pKCS11PublicKey;
            int[] iArr2 = {1, 256, 0, 3, 258, 384, 385};
            ECParameterSpec params = pKCS11ECPublicKey.getParams();
            try {
                iArr = iArr2;
                objArr = new Object[]{Boolean.TRUE, PKCS11Object.EC, PKCS11Object.PUBLIC_KEY, pKCS11Key.getLabel(), pKCS11Key.getID(), ECParameters.encodeParameters(params), new DerValue((byte) 4, ECParameters.encodePoint(pKCS11ECPublicKey.getW(), params.getCurve())).toByteArray()};
            } catch (IOException e) {
                throw new RuntimeException(e);
            }
        }
        session.findObjectsInit(iArr, objArr);
        PKCS11Object findObject2 = session.findObject();
        session.findObjectsFinal();
        if (findObject2 == null) {
            if (debug != null) {
                debug.exit(16384L, className, "deletePublicKey", "No object found.");
            }
        } else {
            session.destroyObject(findObject2);
            if (debug != null) {
                debug.exit(16384L, className, "deletePublicKey", "Object found.");
            }
        }
    }

    private void deleteCert(Session session, byte[] bArr, String str) {
        int[] iArr = {1, 0, 258};
        int[] iArr2 = {1, 0, 3};
        if (debug != null) {
            if (str != null) {
                System.out.println("PKCS11KeyStore.java:  deleteCert():  METHOD ENTRY:  label=" + str);
            } else {
                System.out.println("PKCS11KeyStore.java:  deleteCert():  METHOD ENTRY:  label = NULL");
            }
        }
        if (bArr == null || bArr.length <= 0) {
            session.findObjectsInit(iArr2, new Object[]{Boolean.TRUE, PKCS11Object.CERTIFICATE, str});
        } else {
            session.findObjectsInit(iArr, new Object[]{Boolean.TRUE, PKCS11Object.CERTIFICATE, bArr});
        }
        PKCS11Object findObject = session.findObject();
        session.findObjectsFinal();
        if (findObject == null) {
            if (debug != null) {
                System.out.println("PKCS11KeyStore.java:  deleteCert():  No leaf cert found.  label=" + str + "   Returning.");
                return;
            }
            return;
        }
        if (debug != null) {
            debug.text(16384L, className, "deleteCert", "Delete Cert found.");
        }
        byte[] bArr2 = (byte[]) getValue(session, findObject, 257);
        byte[] bArr3 = (byte[]) getValue(session, findObject, 129);
        session.destroyObject(findObject);
        if (bytesEquals(bArr3, bArr2)) {
            if (debug != null) {
                System.out.println("PKCS11KeyStore.java:  deleteCert():  The deleted cert was self-signed, so returning to caller.");
            }
        } else if (debug != null) {
            debug.exit(16384L, className, "deleteCert");
        }
    }

    @Override // java.security.KeyStoreSpi
    public Enumeration engineAliases() {
        return this.entries.keys();
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineContainsAlias(String str) {
        return this.entries.containsKey(str.toLowerCase());
    }

    @Override // java.security.KeyStoreSpi
    public int engineSize() {
        return this.entries.size();
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineIsKeyEntry(String str) {
        boolean z = false;
        Object obj = this.entries.get(str.toLowerCase());
        if (obj != null && ((obj instanceof PrivateKeyEntry) || (obj instanceof SecretKeyEntry))) {
            z = true;
        }
        return z;
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineIsCertificateEntry(String str) {
        boolean z = false;
        Object obj = this.entries.get(str.toLowerCase());
        if (obj != null && (obj instanceof TrustedCertEntry)) {
            z = true;
        }
        return z;
    }

    @Override // java.security.KeyStoreSpi
    public String engineGetCertificateAlias(Certificate certificate) {
        Certificate certificate2;
        Enumeration keys = this.entries.keys();
        while (keys.hasMoreElements()) {
            String str = (String) keys.nextElement();
            Object obj = this.entries.get(str);
            if (obj instanceof TrustedCertEntry) {
                certificate2 = ((TrustedCertEntry) obj).cert;
            } else if ((obj instanceof PrivateKeyEntry) && ((PrivateKeyEntry) obj).chain != null) {
                certificate2 = ((PrivateKeyEntry) obj).chain[0];
            }
            if (certificate2.equals(certificate)) {
                return str;
            }
        }
        return null;
    }

    @Override // java.security.KeyStoreSpi
    public void engineStore(OutputStream outputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
        throw new IOException("This method is not supported");
    }

    @Override // java.security.KeyStoreSpi
    public void engineLoad(KeyStore.LoadStoreParameter loadStoreParameter) throws IOException, NoSuchAlgorithmException, CertificateException {
        if (loadStoreParameter == null) {
            throw new IllegalArgumentException("LoadStoreParameter must not be null");
        }
        KeyStore.ProtectionParameter protectionParameter = loadStoreParameter.getProtectionParameter();
        if (protectionParameter instanceof KeyStore.PasswordProtection) {
            engineLoad(null, ((KeyStore.PasswordProtection) protectionParameter).getPassword());
            return;
        }
        if (!(protectionParameter instanceof KeyStore.CallbackHandlerProtection)) {
            throw new IllegalArgumentException("ProtectionParameter must be aPasswordProtection or CallbackHandlerProtection");
        }
        try {
            ((IBMPKCS11Impl) Security.getProvider(this.providerName)).login(null, ((KeyStore.CallbackHandlerProtection) protectionParameter).getCallbackHandler());
        } catch (Exception e) {
            throw new IOException(e.getMessage());
        } catch (PKCS11Exception e2) {
            if (e2.getCode() != 256) {
                throw new IOException(e2.getMessage());
            }
        }
        engineLoad(null, null);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Object getValue(Session session, PKCS11Object pKCS11Object, int i) {
        return session.getAttrValue(pKCS11Object, i);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Object[] getValues(Session session, PKCS11Object pKCS11Object, int[] iArr) {
        return session.getAttrValues(pKCS11Object, iArr);
    }

    private Object[] getAttributes(PKCS11Object pKCS11Object) {
        return null;
    }

    private boolean bytesEquals(byte[] bArr, byte[] bArr2) {
        if (bArr == null && bArr2 == null) {
            return true;
        }
        if (bArr == null || bArr2 == null || bArr.length != bArr2.length) {
            return false;
        }
        for (int i = 0; i < bArr.length; i++) {
            if (bArr[i] != bArr2[i]) {
                return false;
            }
        }
        return true;
    }

    protected void finalize() {
    }

    public static byte[] getMagnitude(BigInteger bigInteger) {
        byte[] byteArray = bigInteger.toByteArray();
        if (byteArray.length > 1 && byteArray[0] == 0) {
            int length = byteArray.length - 1;
            byte[] bArr = new byte[length];
            System.arraycopy(byteArray, 1, bArr, 0, length);
            byteArray = bArr;
        }
        return byteArray;
    }

    public static String toHexString(byte[] bArr) {
        StringBuffer stringBuffer = new StringBuffer();
        char[] cArr = {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'A', 'B', 'C', 'D', 'E', 'F'};
        int length = bArr.length;
        for (int i = 0; i < length; i++) {
            if (i % 16 == 0) {
                stringBuffer.append('\n');
            }
            int i2 = (bArr[i] & 240) >> 4;
            int i3 = bArr[i] & 15;
            stringBuffer.append(cArr[i2]);
            stringBuffer.append(cArr[i3]);
            stringBuffer.append(' ');
        }
        return stringBuffer.toString();
    }

    public boolean doesPublicKeyMatchPrivateKey(PublicKey publicKey, PrivateKey privateKey, String str) throws NoSuchAlgorithmException {
        java.security.Signature signature;
        if (debug != null) {
            String algorithm = privateKey.getAlgorithm();
            if (algorithm == null) {
                System.out.println("PKCS11KeyStore.java: doesPublicKeyMatchPrivateKey():  The algorithm carried by the privateKey is NULL !!!!");
            } else {
                System.out.println("PKCS11KeyStore.java: doesPublicKeyMatchPrivateKey():  The algorithm carried by the privateKey is:  " + algorithm);
            }
        }
        byte[] bytes = "this is a testmessage used by the signature algorithm".getBytes();
        try {
            if (debug != null) {
                String algorithm2 = privateKey.getAlgorithm();
                if (algorithm2 == null) {
                    System.out.println("PKCS11KeyStore.java: doesPublicKeyMatchPrivateKey():  Creating a Signature object for a NULL algorithm name.  An exception should be thrown.");
                } else {
                    System.out.println("PKCS11KeyStore.java: doesPublicKeyMatchPrivateKey():  Creating a Signature object for the algorithm:               " + algorithm2);
                    System.out.println("                                                      Creating the Signature object using the following provider:  " + str);
                }
            }
            signature = java.security.Signature.getInstance(privateKey.getAlgorithm(), str);
        } catch (Exception e) {
            if (debug != null) {
                System.out.println("PKCS11KeyStore.java: doesPublicKeyMatchPrivateKey():  The following exception was thrown while trying to create the Signature object:  ");
                e.printStackTrace();
            }
            signature = java.security.Signature.getInstance(privateKey.getAlgorithm());
        }
        try {
            signature.initSign(privateKey);
            signature.update(bytes);
            byte[] sign = signature.sign();
            if (debug != null) {
                if (sign == null) {
                    System.out.println("PKCS11KeyStore.java: doesPublicKeyMatchPrivateKey():  The returned signature byte array is NULL.  This likely signals an error.");
                } else if (sign.length == 0) {
                    System.out.println("PKCS11KeyStore.java: doesPublicKeyMatchPrivateKey():  The length of the returned signature array is 0.  This likely signals an error. ");
                } else {
                    System.out.println("PKCS11KeyStore.java: doesPublicKeyMatchPrivateKey():  The length of the returned signature array is:  " + sign.length);
                }
            }
            try {
                signature.initVerify(publicKey);
                signature.update(bytes);
                if (signature.verify(sign)) {
                    if (debug == null) {
                        return true;
                    }
                    System.out.println("PKCS11KeyStore.java: doesPublicKeyMatchPrivateKey():  The public key matches the private key.");
                    return true;
                }
                if (debug == null) {
                    return false;
                }
                System.out.println("PKCS11KeyStore.java: doesPublicKeyMatchPrivateKey():  The public key DOES NOT match the private key.");
                return false;
            } catch (Exception e2) {
                if (debug == null) {
                    return false;
                }
                System.out.println("PKCS11KeyStore.java: doesPublicKeyMatchPrivateKey():  An error occurred while trying to verify the Signature.");
                System.out.println("                                                      Therefore, the public key DOES NOT match the private key.");
                return false;
            }
        } catch (Exception e3) {
            if (debug == null) {
                return false;
            }
            System.out.println("PKCS11KeyStore.java: doesPublicKeyMatchPrivateKey():  An error occurred while trying to compute the Signature.");
            System.out.println("The exception thrown is:");
            System.out.println(e3.toString());
            e3.printStackTrace();
            return false;
        }
    }

    public boolean isSigner(X509Certificate x509Certificate, X509Certificate x509Certificate2, String str) {
        if (debug != null) {
            System.out.println("=============================================================================================================");
            System.out.println("PKCS11KeyStore.java:  isSigner():  The signerCert passed in is:  " + x509Certificate.getSubjectX500Principal().toString());
            System.out.println("                                   The signedCert passed in is:  " + x509Certificate2.getSubjectX500Principal().toString());
        }
        PublicKey publicKey = x509Certificate.getPublicKey();
        try {
            if (str != null) {
                x509Certificate2.verify(publicKey, str);
            } else {
                x509Certificate2.verify(publicKey);
            }
            if (debug == null) {
                return true;
            }
            System.out.println("PKCS11KeyStore.java:  isSigner():  The signerCert DID sign the signedCert.  Returning 'true' ");
            System.out.println("=============================================================================================================");
            return true;
        } catch (Exception e) {
            if (debug == null) {
                return false;
            }
            System.out.println("PKCS11KeyStore.java:  isSigner():  The signerCert DID NOT sign the signedCert.  Returning 'false' ");
            System.out.println("=============================================================================================================");
            return false;
        }
    }

    /* JADX WARN: Failed to find 'out' block for switch in B:236:0x0906. Please report as an issue. */
    /* JADX WARN: Removed duplicated region for block: B:251:0x0a81 A[Catch: all -> 0x0efe, all -> 0x0f11, TryCatch #8 {all -> 0x0efe, blocks: (B:7:0x0026, B:437:0x0032, B:9:0x005e, B:11:0x006e, B:12:0x00aa, B:14:0x00d1, B:16:0x00da, B:18:0x00e4, B:20:0x00f3, B:55:0x0101, B:57:0x0107, B:58:0x0134, B:25:0x0144, B:48:0x0152, B:50:0x0158, B:51:0x0185, B:30:0x019d, B:41:0x01ab, B:43:0x01b1, B:44:0x01de, B:33:0x01e9, B:36:0x01ef, B:62:0x01fb, B:64:0x0205, B:65:0x0248, B:67:0x024e, B:69:0x02d4, B:70:0x02e0, B:72:0x02ea, B:74:0x0314, B:75:0x031d, B:76:0x0326, B:78:0x0339, B:80:0x0349, B:81:0x035b, B:82:0x0373, B:84:0x037d, B:86:0x03d9, B:89:0x0407, B:91:0x0410, B:93:0x0416, B:94:0x0431, B:97:0x0442, B:108:0x0466, B:110:0x046c, B:111:0x0487, B:114:0x04a1, B:116:0x04dd, B:117:0x04f0, B:119:0x04fa, B:121:0x050e, B:126:0x051d, B:127:0x0527, B:123:0x0528, B:124:0x055e, B:130:0x0534, B:132:0x053a, B:133:0x0553, B:134:0x055d, B:137:0x0564, B:139:0x056a, B:140:0x0592, B:142:0x059a, B:144:0x05ae, B:146:0x05d2, B:148:0x05da, B:150:0x05e0, B:151:0x05f2, B:153:0x060c, B:155:0x0612, B:156:0x0624, B:158:0x0639, B:162:0x0669, B:164:0x066f, B:168:0x0689, B:170:0x06ab, B:171:0x06cf, B:173:0x06de, B:175:0x06f3, B:179:0x0726, B:186:0x0737, B:188:0x075c, B:190:0x0771, B:194:0x07a4, B:100:0x04b9, B:103:0x04bf, B:201:0x07ad, B:203:0x07b3, B:206:0x07d1, B:207:0x07e8, B:209:0x07ee, B:210:0x07f7, B:212:0x07fd, B:213:0x081b, B:214:0x082d, B:216:0x0837, B:218:0x084f, B:328:0x087c, B:330:0x0882, B:223:0x088e, B:225:0x0894, B:322:0x08b4, B:324:0x08ba, B:229:0x08c6, B:231:0x08cc, B:235:0x0901, B:236:0x0906, B:245:0x0958, B:247:0x0a0b, B:302:0x0a29, B:251:0x0a81, B:253:0x0a89, B:255:0x0a8f, B:256:0x0aa1, B:258:0x0ab0, B:260:0x0ab6, B:261:0x0ac8, B:263:0x0add, B:266:0x0b0d, B:268:0x0b13, B:272:0x0b2d, B:274:0x0b33, B:275:0x0b45, B:277:0x0b70, B:279:0x0b85, B:283:0x0bb8, B:290:0x0bc9, B:292:0x0bee, B:294:0x0c03, B:298:0x0c36, B:305:0x0a6b, B:308:0x0969, B:310:0x097a, B:312:0x098b, B:314:0x099c, B:316:0x09ad, B:238:0x09bf, B:240:0x09c5, B:318:0x09f4, B:320:0x09fa, B:334:0x08ec, B:336:0x08f2, B:340:0x0c3f, B:342:0x0c54, B:347:0x0c6f, B:349:0x0c81, B:351:0x0cb1, B:353:0x0ce8, B:356:0x0d2d, B:358:0x0d35, B:360:0x0d3b, B:361:0x0d4d, B:363:0x0d5c, B:365:0x0d62, B:366:0x0d74, B:368:0x0d89, B:370:0x0ee8, B:372:0x0db9, B:374:0x0dbf, B:378:0x0dd9, B:380:0x0ddf, B:381:0x0df1, B:383:0x0e1c, B:385:0x0e31, B:389:0x0e64, B:397:0x0e75, B:399:0x0e9a, B:401:0x0eaf, B:405:0x0ee2, B:413:0x0eee, B:424:0x07d9, B:426:0x07df, B:429:0x007f, B:431:0x0085, B:433:0x0090, B:434:0x009f, B:435:0x00a9, B:441:0x0044, B:443:0x004f, B:444:0x005b), top: B:6:0x0026, outer: #0 }] */
    /* JADX WARN: Removed duplicated region for block: B:290:0x0bc9 A[Catch: all -> 0x0efe, all -> 0x0f11, TryCatch #8 {all -> 0x0efe, blocks: (B:7:0x0026, B:437:0x0032, B:9:0x005e, B:11:0x006e, B:12:0x00aa, B:14:0x00d1, B:16:0x00da, B:18:0x00e4, B:20:0x00f3, B:55:0x0101, B:57:0x0107, B:58:0x0134, B:25:0x0144, B:48:0x0152, B:50:0x0158, B:51:0x0185, B:30:0x019d, B:41:0x01ab, B:43:0x01b1, B:44:0x01de, B:33:0x01e9, B:36:0x01ef, B:62:0x01fb, B:64:0x0205, B:65:0x0248, B:67:0x024e, B:69:0x02d4, B:70:0x02e0, B:72:0x02ea, B:74:0x0314, B:75:0x031d, B:76:0x0326, B:78:0x0339, B:80:0x0349, B:81:0x035b, B:82:0x0373, B:84:0x037d, B:86:0x03d9, B:89:0x0407, B:91:0x0410, B:93:0x0416, B:94:0x0431, B:97:0x0442, B:108:0x0466, B:110:0x046c, B:111:0x0487, B:114:0x04a1, B:116:0x04dd, B:117:0x04f0, B:119:0x04fa, B:121:0x050e, B:126:0x051d, B:127:0x0527, B:123:0x0528, B:124:0x055e, B:130:0x0534, B:132:0x053a, B:133:0x0553, B:134:0x055d, B:137:0x0564, B:139:0x056a, B:140:0x0592, B:142:0x059a, B:144:0x05ae, B:146:0x05d2, B:148:0x05da, B:150:0x05e0, B:151:0x05f2, B:153:0x060c, B:155:0x0612, B:156:0x0624, B:158:0x0639, B:162:0x0669, B:164:0x066f, B:168:0x0689, B:170:0x06ab, B:171:0x06cf, B:173:0x06de, B:175:0x06f3, B:179:0x0726, B:186:0x0737, B:188:0x075c, B:190:0x0771, B:194:0x07a4, B:100:0x04b9, B:103:0x04bf, B:201:0x07ad, B:203:0x07b3, B:206:0x07d1, B:207:0x07e8, B:209:0x07ee, B:210:0x07f7, B:212:0x07fd, B:213:0x081b, B:214:0x082d, B:216:0x0837, B:218:0x084f, B:328:0x087c, B:330:0x0882, B:223:0x088e, B:225:0x0894, B:322:0x08b4, B:324:0x08ba, B:229:0x08c6, B:231:0x08cc, B:235:0x0901, B:236:0x0906, B:245:0x0958, B:247:0x0a0b, B:302:0x0a29, B:251:0x0a81, B:253:0x0a89, B:255:0x0a8f, B:256:0x0aa1, B:258:0x0ab0, B:260:0x0ab6, B:261:0x0ac8, B:263:0x0add, B:266:0x0b0d, B:268:0x0b13, B:272:0x0b2d, B:274:0x0b33, B:275:0x0b45, B:277:0x0b70, B:279:0x0b85, B:283:0x0bb8, B:290:0x0bc9, B:292:0x0bee, B:294:0x0c03, B:298:0x0c36, B:305:0x0a6b, B:308:0x0969, B:310:0x097a, B:312:0x098b, B:314:0x099c, B:316:0x09ad, B:238:0x09bf, B:240:0x09c5, B:318:0x09f4, B:320:0x09fa, B:334:0x08ec, B:336:0x08f2, B:340:0x0c3f, B:342:0x0c54, B:347:0x0c6f, B:349:0x0c81, B:351:0x0cb1, B:353:0x0ce8, B:356:0x0d2d, B:358:0x0d35, B:360:0x0d3b, B:361:0x0d4d, B:363:0x0d5c, B:365:0x0d62, B:366:0x0d74, B:368:0x0d89, B:370:0x0ee8, B:372:0x0db9, B:374:0x0dbf, B:378:0x0dd9, B:380:0x0ddf, B:381:0x0df1, B:383:0x0e1c, B:385:0x0e31, B:389:0x0e64, B:397:0x0e75, B:399:0x0e9a, B:401:0x0eaf, B:405:0x0ee2, B:413:0x0eee, B:424:0x07d9, B:426:0x07df, B:429:0x007f, B:431:0x0085, B:433:0x0090, B:434:0x009f, B:435:0x00a9, B:441:0x0044, B:443:0x004f, B:444:0x005b), top: B:6:0x0026, outer: #0 }] */
    /* JADX WARN: Removed duplicated region for block: B:301:0x0a29 A[EXC_TOP_SPLITTER, SYNTHETIC] */
    @Override // java.security.KeyStoreSpi
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public void engineLoad(java.io.InputStream r9, char[] r10) throws java.io.IOException, java.security.NoSuchAlgorithmException, java.security.cert.CertificateException {
        /*
            Method dump skipped, instructions count: 3894
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.ibm.crypto.pkcs11impl.provider.PKCS11KeyStore.engineLoad(java.io.InputStream, char[]):void");
    }

    private PKCS11Object findThePrivateKeysCert(Session session, byte[] bArr, String str, PrivateKey privateKey) {
        int[] iArr = {1, 0, 258};
        int[] iArr2 = {1, 0, 3};
        int[] iArr3 = {1, 0};
        if (debug != null) {
            System.out.println("PKCS11KeyStore.java:  findThePrivateKeysCert():  METHOD ENTRY");
            System.out.println("PKCS11KeyStore.java:  findThePrivateKeyCert( ):  The label of the private key passed in is:  " + str);
        }
        try {
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X509", this.providerName);
            if (bArr != null && bArr.length > 0) {
                if (debug != null) {
                    System.out.println("PKCS11KeyStore.java:  findThePrivateKeysCert():  id != null.  Searching for a cert with a matching ID.");
                }
                session.findObjectsInit(iArr, new Object[]{Boolean.TRUE, PKCS11Object.CERTIFICATE, bArr});
            } else if (str != null) {
                if (debug != null) {
                    System.out.println("PKCS11KeyStore.java:  findThePrivateKeysCert():  label != null.  Searching for a cert with a matching label.");
                }
                session.findObjectsInit(iArr2, new Object[]{Boolean.TRUE, PKCS11Object.CERTIFICATE, str});
            } else {
                if (debug != null) {
                    System.out.println("PKCS11KeyStore.java:  findThePrivateKeysCert():  The ID and label are both null.  Searching for \"any\" cert.");
                }
                session.findObjectsInit(iArr3, new Object[]{Boolean.TRUE, PKCS11Object.CERTIFICATE});
            }
            PKCS11Object findObject = session.findObject();
            while (true) {
                if (findObject == null) {
                    break;
                }
                try {
                    X509Certificate x509Certificate = new PKCS11CertObj(findObject).getX509Certificate(certificateFactory, session);
                    if (x509Certificate == null) {
                        throw new RuntimeException("PKCS11KeyStore.java:  findThePrivateKeysCert():  Invalid certificate PKCS11CertObj");
                    }
                    if (debug != null) {
                        System.out.println("PKCS11KeyStore.java:  findThePrivateKeysCert():  subjectDN of the next cert being examined is = " + x509Certificate.getSubjectX500Principal().toString());
                    }
                    if (!doesPublicKeyMatchPrivateKey(x509Certificate.getPublicKey(), privateKey, this.providerName)) {
                        if (debug != null) {
                            System.out.println("PKCS11KeyStore.java:  findThePrivateKeysCert():  This cert does not match the private key.");
                            System.out.println("                                                 Continue the search.                     ");
                        }
                        findObject = session.findObject();
                    } else if (debug != null) {
                        System.out.println("PKCS11KeyStore.java:  findThePrivateKeysCert():  This cert matches the private key associated with label=" + str);
                        System.out.println("                                                 Terminating the search.                                 ");
                    }
                } catch (Exception e) {
                    if (debug == null) {
                        return null;
                    }
                    System.out.println("PKCS11KeyStore.java:  findThePrivateKeysCert():  The following exception was thrown while trying to find the cert which matches the private key.");
                    System.out.println(e.toString());
                    e.printStackTrace();
                    return null;
                }
            }
            session.findObjectsFinal();
            if (findObject != null) {
                if (debug != null) {
                    System.out.println("PKCS11KeyStore.java:  findThePrivateKeysCert():  The cert which matches the private key was found.");
                    System.out.println("PKCS11KeyStore.java:  findThePrivateKeysCert():  METHOD EXIT");
                }
                return findObject;
            }
            if (debug == null) {
                return null;
            }
            System.out.println("PKCS11KeyStore.java:  findThePrivateKeysCert():  The cert which matches the private key WAS NOT found.  Returning null.");
            System.out.println("PKCS11KeyStore.java:  findThePrivateKeysCert():  METHOD EXIT");
            return null;
        } catch (Exception e2) {
            if (debug != null) {
                System.out.println("PKCS11KeyStore.java:  findThePrivateKeysCert():  The following exception was thrown attempting to obtain CertificateFactory object.");
                System.out.println(e2.toString());
                e2.printStackTrace();
            }
            throw new RuntimeException("PKCS11KeyStore.findThePrivateKeysCert() failed.  A CertificateFactory instance could not be created.");
        }
    }

    public PrivateKey buildPrivateKey(Session session, PKCS11Object pKCS11Object) {
        if (pKCS11Object == null) {
            if (debug == null) {
                return null;
            }
            System.out.println("PKCS11KeyStore.java:  buildPrivateKey():  The PKCS11Object passed in was null.  Returning null.");
            return null;
        }
        Integer num = (Integer) getValue(session, pKCS11Object, 256);
        if (num.equals(PKCS11Object.RSA)) {
            if (debug != null) {
                System.out.println("PKCS11KeyStore.java: buildPrivateKey(): The private key is an RSA key");
            }
            try {
                return new RSAPrivateKey(session, pKCS11Object);
            } catch (Exception e) {
                try {
                    return new RSAPrivateKey(session, pKCS11Object, (byte[]) getValue(session, pKCS11Object, 258), (byte[]) getValue(session, pKCS11Object, 257), (String) getValue(session, pKCS11Object, 3), (Boolean) getValue(session, pKCS11Object, 1), (Boolean) getValue(session, pKCS11Object, 259), (Boolean) getValue(session, pKCS11Object, 264), (Boolean) getValue(session, pKCS11Object, 261), (Boolean) getValue(session, pKCS11Object, 263), (Boolean) getValue(session, pKCS11Object, 354), (BigInteger) getValue(session, pKCS11Object, 288), (BigInteger) getValue(session, pKCS11Object, 290));
                } catch (InvalidKeyException e2) {
                    if (debug == null) {
                        return null;
                    }
                    System.out.println("PKCS11KeyStore.java: buildPrivateKey(): The following exception was thrown while trying to create an RSAPrivateKey object:");
                    System.out.println(e2.toString());
                    e2.printStackTrace();
                    return null;
                }
            }
        }
        if (num.equals(PKCS11Object.DSA)) {
            if (debug != null) {
                System.out.println("PKCS11KeyStore.java: buildPrivateKey(): The private key is a DSA key");
            }
            try {
                return new DSAPrivateKey(session, pKCS11Object);
            } catch (Exception e3) {
                try {
                    return new DSAPrivateKey(session, pKCS11Object, (String) getValue(session, pKCS11Object, 3), (byte[]) getValue(session, pKCS11Object, 258), (byte[]) getValue(session, pKCS11Object, 257), (Boolean) getValue(session, pKCS11Object, 1), (Boolean) getValue(session, pKCS11Object, 259), (Boolean) getValue(session, pKCS11Object, 354));
                } catch (InvalidKeyException e4) {
                    if (debug == null) {
                        return null;
                    }
                    System.out.println("PKCS11KeyStore.java: buildPrivateKey(): The following exception was thrown while trying to create a DSAPrivateKey object:");
                    System.out.println(e4.toString());
                    e4.printStackTrace();
                    return null;
                }
            }
        }
        if (!num.equals(PKCS11Object.ECDSA)) {
            if (debug == null) {
                return null;
            }
            System.out.println("PKCS11KeyStore.java:  buildPrivateKey():  The type of the private key (RSA, DSA, ECDSA) could not be determined.  Returning null.");
            return null;
        }
        if (debug != null) {
            System.out.println("PKCS11KeyStore.java: buildPrivateKey(): The private key is an ECDSA key");
        }
        try {
            return new PKCS11ECPrivateKey(session, pKCS11Object, (byte[]) getValue(session, pKCS11Object, 258), (byte[]) getValue(session, pKCS11Object, 257), (String) getValue(session, pKCS11Object, 3), (byte[]) getValue(session, pKCS11Object, 384));
        } catch (Exception e5) {
            try {
                return new PKCS11ECPrivateKey(session, pKCS11Object, (byte[]) getValue(session, pKCS11Object, 258), (byte[]) getValue(session, pKCS11Object, 257), (String) getValue(session, pKCS11Object, 3), (byte[]) getValue(session, pKCS11Object, 384), new BigInteger((byte[]) getValue(session, pKCS11Object, 17)));
            } catch (InvalidKeyException e6) {
                if (debug == null) {
                    return null;
                }
                System.out.println("PKCS11KeyStore.java: buildPrivateKey(): The following exception was thrown while trying to create an ECDSAPrivateKey object:");
                System.out.println(e6.toString());
                e6.printStackTrace();
                return null;
            }
        }
    }

    public PrivateKey getPrivateKey(Session session, byte[] bArr, String str) {
        int[] iArr = {1, 0, 258};
        int[] iArr2 = {1, 0, 3};
        if (debug != null) {
            System.out.println("PKCS11KeyStore.java:  getPrivateKey( ):  The label of the private key sought is:  " + str);
        }
        session.findObjectsInit(iArr2, new Object[]{Boolean.TRUE, PKCS11Object.PRIVATE_KEY, str});
        PKCS11Object findObject = session.findObject();
        session.findObjectsFinal();
        return buildPrivateKey(session, findObject);
    }

    private PKCS11Object findSigner(Session session, PKCS11Object pKCS11Object) {
        PKCS11Object findObject;
        X509Certificate x509Certificate;
        int[] iArr = {1, 0, 258};
        int[] iArr2 = {1, 0, 3};
        int[] iArr3 = {1, 0, 257};
        int[] iArr4 = {1, 0, 129};
        byte[] bArr = (byte[]) getValue(session, pKCS11Object, 257);
        byte[] bArr2 = (byte[]) getValue(session, pKCS11Object, 129);
        if (debug != null) {
            System.out.println("PKCS11KeyStore.java:  findSigner():  The cert for which the signer obj is sought has the following subject dn AND issuer dn:");
            System.out.println("   subject = " + new String(bArr));
            System.out.println("   issuer  = " + new String(bArr2));
        }
        if (bytesEquals(bArr2, bArr)) {
            if (debug == null) {
                return null;
            }
            System.out.println("PKCS11KeyStore.java:  findSigner():   The cert for which the signer obj is sought is self signed.  Returning null.");
            return null;
        }
        if (debug != null) {
            System.out.println("PKCS11KeyStore.java:  findSigner():  Searching for the signer cert whose subject DN is:");
            System.out.println("   subject  = " + new String(bArr2));
        }
        try {
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X509", this.providerName);
            try {
                X509Certificate x509Certificate2 = new PKCS11CertObj(pKCS11Object).getX509Certificate(certificateFactory, session);
                if (x509Certificate2 == null) {
                    throw new RuntimeException("PKCS11KeyStore.java:  findSigner():  Invalid certificate PKCS11CertObj");
                }
                if (debug != null) {
                    System.out.println("PKCS11KeyStore.java:  findSigner():  The cert passed in as an argument is:");
                    System.out.println(x509Certificate2.toString());
                }
                session.findObjectsInit(iArr3, new Object[]{Boolean.TRUE, PKCS11Object.CERTIFICATE, bArr2});
                do {
                    findObject = session.findObject();
                    if (findObject == null) {
                        if (debug != null) {
                            System.out.println("PKCS11KeyStore.java:  findSigner():  No signer cert was found for the cert with issuer= " + new String(bArr2) + ".  Returning null.");
                        }
                        session.findObjectsFinal();
                        return null;
                    }
                    try {
                        x509Certificate = new PKCS11CertObj(findObject).getX509Certificate(certificateFactory, session);
                        if (x509Certificate == null) {
                            throw new RuntimeException("PKCS11KeyStore.java:  findSigner():  Invalid certificate PKCS11CertObj");
                        }
                    } catch (Exception e) {
                        if (debug != null) {
                            System.out.println("PKCS11KeyStore.java:  findSigner():  The following exception was thrown while executing cobj2.getX509Certificate(certFactory, session):");
                            System.out.println(e.toString());
                            e.printStackTrace();
                        }
                        throw new RuntimeException("PKCS11KeyStore.java:  findSigner():  Failure while executing cobj2.getX509Certificate(certFactory, session)");
                    }
                } while (!isSigner(x509Certificate, x509Certificate2, this.providerName));
                if (debug != null) {
                    System.out.println("PKCS11KeyStore.java:  findSigner():  The signer cert found is:");
                    System.out.println(x509Certificate.toString());
                }
                session.findObjectsFinal();
                return findObject;
            } catch (Exception e2) {
                if (debug != null) {
                    System.out.println("PKCS11KeyStore.java:  findSigner():  The following exception was thrown while executing cobj.getX509Certificate(certFactory, session):");
                    System.out.println(e2.toString());
                    e2.printStackTrace();
                }
                throw new RuntimeException("PKCS11KeyStore.java:  findSigner():  Failure while executing cobj.getX509Certificate(certFactory, session)");
            }
        } catch (Exception e3) {
            if (debug != null) {
                e3.printStackTrace();
            }
            throw new RuntimeException("PKCS11KeyStore.java:  findSigner():  Failure while creating a CertificateFactory object.");
        }
    }

    private void deleteChain(Session session, byte[] bArr, String str) {
        X509Certificate x509Certificate;
        int[] iArr = {1, 0, 258};
        int[] iArr2 = {1, 0, 3};
        int[] iArr3 = {1, 0, 257};
        int[] iArr4 = {1, 0, 129};
        if (debug != null) {
            System.out.println("PKCS11KeyStore.java:  deleteChain():  METHOD ENTRY");
            System.out.println("                                      label = " + str);
        }
        PrivateKey privateKey = getPrivateKey(session, bArr, str);
        if (privateKey == null) {
            if (debug != null) {
                System.out.println("PKCS11KeyStore.java:  deleteChain():  NO PRIVATE KEY WAS FOUND FOR label = " + str);
                System.out.println("                                      NO CHAIN WAS DELETED.  RETURNING.");
                System.out.println("PKCS11KeyStore.java:  deleteChain():  METHOD EXIT");
                return;
            }
            return;
        }
        CertificateFactory certificateFactory = null;
        try {
            certificateFactory = CertificateFactory.getInstance("X509", this.providerName);
        } catch (Exception e) {
            if (debug != null) {
                System.out.println("PKCS11KeyStore.java:  deleteChain():  The following exception was thrown attempting to obtain CertificateFactory object.");
                System.out.println(e.toString());
                e.printStackTrace();
            }
        }
        session.findObjectsInit(iArr2, new Object[]{Boolean.TRUE, PKCS11Object.CERTIFICATE, str});
        PKCS11Object findObject = session.findObject();
        while (findObject != null) {
            try {
                x509Certificate = new PKCS11CertObj(findObject).getX509Certificate(certificateFactory, session);
                if (debug != null) {
                    System.out.println("PKCS11KeyStore.java:  deleteChain():  subjectDN of the next cert is = " + x509Certificate.getSubjectX500Principal().toString());
                }
            } catch (Exception e2) {
                if (debug != null) {
                    System.out.println("PKCS11KeyStore.java:  deleteChain():  The following exception was thrown while trying to find the cert which matches the private key associated with label=" + str);
                    System.out.println(e2.toString());
                    e2.printStackTrace();
                }
            }
            if (doesPublicKeyMatchPrivateKey(x509Certificate.getPublicKey(), privateKey, this.providerName)) {
                if (debug != null) {
                    System.out.println("PKCS11KeyStore.java:  deleteChain():  This cert matches the private key associated with label=" + str);
                    System.out.println("                                      Terminating the search.                                         ");
                }
                break;
            } else {
                if (debug != null) {
                    System.out.println("PKCS11KeyStore.java:  deleteChain():  This cert does not match the private key associated with label=" + str);
                    System.out.println("                                      Continue the search.                                                   ");
                }
                findObject = session.findObject();
            }
        }
        session.findObjectsFinal();
        if (findObject == null) {
            if (debug != null) {
                System.out.println("PKCS11KeyStore.java:  deleteChain():  The cert which matches the private key associated with label=" + str + " WAS NOT found.");
                System.out.println("PKCS11KeyStore.java:  deleteChain():  METHOD EXIT");
                return;
            }
            return;
        }
        if (debug != null) {
            System.out.println("PKCS11KeyStore.java:  deleteChain():  The cert which matches the private key associated with label=" + str + " was found.");
            System.out.println("                                      Its subject and issuer are:");
            printCertDNs(findObject, certificateFactory);
        }
        byte[] bArr2 = (byte[]) getValue(session, findObject, 257);
        byte[] bArr3 = (byte[]) getValue(session, findObject, 129);
        try {
            X509Certificate x509Certificate2 = new PKCS11CertObj(findObject).getX509Certificate(certificateFactory, session);
            if (debug != null) {
                System.out.println("deleteChain():   Destroying the cert which matches the private key.");
            }
            session.destroyObject(findObject);
            if (bytesEquals(bArr3, bArr2)) {
                if (debug != null) {
                    System.out.println("PKCS11KeyStore.java:  deleteChain():   The cert which matches the private key was self signed.  THERE IS NO MORE WORK TO DO.  Returning.");
                    System.out.println("PKCS11KeyStore.java:  deleteChain():   METHOD EXIT");
                    return;
                }
                return;
            }
            if (debug != null) {
                System.out.println("PKCS11KeyStore.java:  deleteChain():   Entering loop to find and delete any signer certs of the leaf cert.");
            }
            X509Certificate x509Certificate3 = x509Certificate2;
            while (true) {
                session.findObjectsInit(iArr3, new Object[]{Boolean.TRUE, PKCS11Object.CERTIFICATE, bArr3});
                PKCS11Object findObject2 = session.findObject();
                if (findObject2 == null) {
                    if (debug != null) {
                        System.out.println("PKCS11KeyStore.java:  deleteChain():  The next signer cert was not found for the certificate chain associated with label=" + str);
                    }
                    session.findObjectsFinal();
                } else {
                    if (debug != null) {
                        System.out.println("PKCS11KeyStore.java:  deleteChain():  The next signer cert was found for the certificate chain associated with label=" + str);
                        System.out.println("                                      Its subject and issuer are:");
                        printCertDNs(findObject2, certificateFactory);
                    }
                    try {
                        X509Certificate x509Certificate4 = new PKCS11CertObj(findObject2).getX509Certificate(certificateFactory, session);
                        if (isSigner(x509Certificate4, x509Certificate3, this.providerName)) {
                            x509Certificate3 = x509Certificate4;
                            byte[] bArr4 = (byte[]) getValue(session, findObject2, 257);
                            bArr3 = (byte[]) getValue(session, findObject2, 129);
                            session.findObjectsFinal();
                            if (debug != null) {
                                System.out.println("PKCS11KeyStore.java:  deleteChain():   Before deleting the signer cert found, determine whether is is the issuer of any other cert in the keystore.");
                                System.out.println("                                       If it is, then do not delete it.");
                            }
                            Session opSession = this.sessionManager.getOpSession();
                            opSession.findObjectsInit(new int[]{1, 0}, new Object[]{Boolean.TRUE, PKCS11Object.CERTIFICATE});
                            PKCS11Object findObject3 = opSession.findObject();
                            boolean z = false;
                            while (true) {
                                if (findObject3 == null) {
                                    break;
                                }
                                byte[] bArr5 = (byte[]) getValue(session, findObject3, 257);
                                byte[] bArr6 = (byte[]) getValue(session, findObject3, 129);
                                try {
                                    X509Certificate x509Certificate5 = new PKCS11CertObj(findObject3).getX509Certificate(certificateFactory, session);
                                    if (bytesEquals(bArr4, bArr5) && bytesEquals(bArr3, bArr6)) {
                                        findObject3 = opSession.findObject();
                                    } else {
                                        if (isSigner(x509Certificate4, x509Certificate5, this.providerName)) {
                                            z = true;
                                            break;
                                        }
                                        findObject3 = opSession.findObject();
                                    }
                                } catch (Exception e3) {
                                    if (debug != null) {
                                        System.out.println("PKCS11KeyStore.java:  deleteChain():  The following exception was throw while trying to get an X509Certificate for the other cert found.  Returning.");
                                        System.out.println("PKCS11KeyStore.java:  deleteChain():   METHOD EXIT");
                                        return;
                                    }
                                    return;
                                }
                            }
                            opSession.findObjectsFinal();
                            this.sessionManager.releaseSession(opSession);
                            if (z) {
                                if (debug != null) {
                                    System.out.println("PKCS11KeyStore.java:  deleteChain():   The signer cert WAS the signer of another certificate.  IT WILL NOT BE DELETED.");
                                    System.out.println("                                       That signer cert was:");
                                    System.out.println(x509Certificate4.toString());
                                }
                                if (bytesEquals(bArr4, bArr3)) {
                                    if (debug != null) {
                                        System.out.println("PKCS11KeyStore.java:  deleteChain():   The signer cert just considered for deletion was SELF SIGNED.");
                                        System.out.println("                                       That means that deleteChain() has reached the end of the chain and can EXIT.");
                                    }
                                }
                            } else {
                                if (debug != null) {
                                    System.out.println("PKCS11KeyStore.java:  deleteChain():   The signer cert WAS NOT the signer of another certificate.  IT IS BEING DELETED.");
                                    System.out.println("                                       That signer cert was:");
                                    System.out.println(x509Certificate4.toString());
                                }
                                Session opSession2 = this.sessionManager.getOpSession();
                                session.destroyObject(findObject2);
                                this.sessionManager.releaseSession(opSession2);
                            }
                        } else if (debug != null) {
                            System.out.println("PKCS11KeyStore.java:  deleteChain():  This wasn't the next signer cert in the chain.  Continue searching.");
                        }
                    } catch (Exception e4) {
                        if (debug != null) {
                            System.out.println("PKCS11KeyStore.java:  deleteChain():  The following exception was throw while trying to get an X509Certificate for the signer cert found.  Returning.");
                            System.out.println("PKCS11KeyStore.java:  deleteChain():  METHOD EXIT");
                            return;
                        }
                        return;
                    }
                }
            }
            if (debug != null) {
                System.out.println("PKCS11KeyStore.java:  deleteChain():   METHOD EXIT.");
            }
        } catch (Exception e5) {
            if (debug != null) {
                System.out.println("PKCS11KeyStore.java:  deleteChain():  The following exception was throw while trying to get an X509Certificate for the leaf cert found.  Returning.");
                System.out.println("PKCS11KeyStore.java:  deleteChain():  METHOD EXIT");
            }
        }
    }

    private void printCertDNs(PKCS11Object pKCS11Object, CertificateFactory certificateFactory) {
        try {
            Session opSession = this.sessionManager.getOpSession();
            X509Certificate x509Certificate = new PKCS11CertObj(pKCS11Object).getX509Certificate(certificateFactory, opSession);
            System.out.println("             subjectDN of the cert is  = " + x509Certificate.getSubjectX500Principal().toString());
            System.out.println("             issuerDN  of the cert is  = " + x509Certificate.getIssuerX500Principal().toString());
            this.sessionManager.releaseSession(opSession);
        } catch (Exception e) {
        }
    }

    public void dumpKeyStoreEntries() {
        Enumeration keys = this.entries.keys();
        System.out.println("\n\n\n=============================== dumpKeyStoreEntries() BELOW ===============================================");
        while (keys.hasMoreElements()) {
            String str = (String) keys.nextElement();
            System.out.println("PKCS11KeyStore.java:  dumpKeyStoreEntries():  The next alias is:  " + str);
            if (str != null) {
                Object obj = this.entries.get(str);
                if (obj instanceof PrivateKeyEntry) {
                    System.out.println("PKCS11KeyStore.java:  dumpKeyStoreEntries():  " + str + " is is a PrivateKeyEntry");
                } else if (obj instanceof TrustedCertEntry) {
                    System.out.println("PKCS11KeyStore.java:  dumpKeyStoreEntries():  " + str + " is a TrustedCertificateEntry");
                } else if (obj instanceof SecretKeyEntry) {
                    System.out.println("PKCS11KeyStore.java:  dumpKeyStoreEntries():  " + str + " is a SecretKeyEntry");
                } else {
                    System.out.println("PKCS11KeyStore.java:  dumpKeyStoreEntries():  " + str + " IS AN UNKNOWN OBJECT OF THE CLASS " + obj.getClass().getName());
                }
            } else {
                System.out.println("PKCS11KeyStore.java:  dumpKeyStoreEntries():  The next alias is NULL.  Should never happen.");
            }
        }
        System.out.println("=============================== dumpKeyStoreEntries() ABOVE ===============================================\n\n\n");
    }

    static {
        debug = debug1 == null ? debug2 : debug1;
        className = "com.ibm.crypto.pkcs11impl.provider.PKCS11KeyStore";
    }
}
