package cr.libre.firmador;

import cr.libre.firmador.gui.GUIInterface;
import eu.europa.esig.dss.enumerations.KeyUsageBit;
import eu.europa.esig.dss.service.crl.OnlineCRLSource;
import eu.europa.esig.dss.service.ocsp.OnlineOCSPSource;
import eu.europa.esig.dss.spi.DSSUtils;
import eu.europa.esig.dss.spi.x509.CommonCertificateSource;
import eu.europa.esig.dss.spi.x509.CommonTrustedCertificateSource;
import eu.europa.esig.dss.spi.x509.aia.DefaultAIASource;
import eu.europa.esig.dss.token.DSSPrivateKeyEntry;
import eu.europa.esig.dss.token.Pkcs11SignatureToken;
import eu.europa.esig.dss.token.Pkcs12SignatureToken;
import eu.europa.esig.dss.token.SignatureTokenConnection;
import eu.europa.esig.dss.validation.CertificateVerifier;
import eu.europa.esig.dss.validation.CommonCertificateVerifier;
import java.lang.invoke.MethodHandles;
import java.util.Iterator;
import java.util.List;
import org.apache.commons.lang3.SystemProperties;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:cr/libre/firmador/CRSigner.class */
public class CRSigner {
    final Logger LOG = LoggerFactory.getLogger(MethodHandles.lookup().lookupClass());
    public static final String TSA_URL = "http://tsa.sinpe.fi.cr/tsaHttp/";
    protected GUIInterface gui;

    public CRSigner(GUIInterface gUIInterface) {
        this.gui = gUIInterface;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public DSSPrivateKeyEntry getPrivateKey(SignatureTokenConnection signatureTokenConnection) {
        DSSPrivateKeyEntry dSSPrivateKeyEntry = null;
        List<DSSPrivateKeyEntry> list = null;
        try {
            list = signatureTokenConnection.getKeys();
        } catch (Throwable th) {
            Throwable rootCause = FirmadorUtils.getRootCause(th);
            String th2 = th.getCause().toString();
            this.LOG.error("Error " + rootCause.getLocalizedMessage() + " obteniendo manejador de llaves privadas de la tarjeta", th);
            if (rootCause.getLocalizedMessage().equals("CKR_PIN_INCORRECT")) {
                throw th;
            }
            if (rootCause.getLocalizedMessage().equals("CKR_GENERAL_ERROR") && th.getCause().toString().contains("Unable to instantiate PKCS11")) {
                throw th;
            }
            if (rootCause.getLocalizedMessage().equals("CKR_TOKEN_NOT_RECOGNIZED")) {
                this.LOG.info(rootCause.getLocalizedMessage() + " (dispositivo de firma no reconocido)", th);
                return null;
            }
            if (th2.contains("but token only has 0 slots")) {
                throw th;
            }
            this.gui.showError(FirmadorUtils.getRootCause(th));
        }
        if (list != null) {
            Iterator<DSSPrivateKeyEntry> it = list.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                DSSPrivateKeyEntry next = it.next();
                if (next.getCertificate().checkKeyUsage(KeyUsageBit.NON_REPUDIATION)) {
                    dSSPrivateKeyEntry = next;
                    break;
                }
            }
        }
        return dSSPrivateKeyEntry;
    }

    public static String getPkcs11Lib() {
        String lowerCase = System.getProperty(SystemProperties.OS_NAME).toLowerCase();
        Settings andCreateSettings = SettingsManager.getInstance().getAndCreateSettings();
        return (andCreateSettings.extraPKCS11Lib == null || andCreateSettings.extraPKCS11Lib.isEmpty()) ? lowerCase.contains("mac") ? "/Library/Application Support/Athena/libASEP11.dylib" : lowerCase.contains("linux") ? "/usr/lib/x64-athena/libASEP11.so" : lowerCase.contains("windows") ? System.getenv("SystemRoot") + "\\System32\\asepkcs.dll" : "" : andCreateSettings.extraPKCS11Lib;
    }

    public SignatureTokenConnection getSignatureConnection(CardSignInfo cardSignInfo) {
        SignatureTokenConnection signatureTokenConnection = null;
        try {
            signatureTokenConnection = cardSignInfo.getCardType() == CardSignInfo.PKCS12TYPE ? new Pkcs12SignatureToken(cardSignInfo.getTokenSerialNumber(), cardSignInfo.getPin()) : new Pkcs11SignatureToken(getPkcs11Lib(), cardSignInfo.getPin(), cardSignInfo.getSlotID());
        } catch (Throwable th) {
            this.LOG.error("Error al obtener la conexión de firma", th);
            this.gui.showError(FirmadorUtils.getRootCause(th));
        }
        return signatureTokenConnection;
    }

    public CertificateVerifier getCertificateVerifier() {
        CommonTrustedCertificateSource commonTrustedCertificateSource = new CommonTrustedCertificateSource();
        commonTrustedCertificateSource.addCertificate(DSSUtils.loadCertificate(getClass().getClassLoader().getResourceAsStream("certs/CA RAIZ NACIONAL - COSTA RICA v2.crt")));
        commonTrustedCertificateSource.addCertificate(DSSUtils.loadCertificate(getClass().getClassLoader().getResourceAsStream("certs/CA RAIZ NACIONAL COSTA RICA.cer")));
        CommonCertificateSource commonCertificateSource = new CommonCertificateSource();
        commonCertificateSource.addCertificate(DSSUtils.loadCertificate(getClass().getClassLoader().getResourceAsStream("certs/CA POLITICA PERSONA FISICA - COSTA RICA v2.crt")));
        commonCertificateSource.addCertificate(DSSUtils.loadCertificate(getClass().getClassLoader().getResourceAsStream("certs/CA POLITICA PERSONA JURIDICA - COSTA RICA v2.crt")));
        commonCertificateSource.addCertificate(DSSUtils.loadCertificate(getClass().getClassLoader().getResourceAsStream("certs/CA POLITICA SELLADO DE TIEMPO - COSTA RICA v2.crt")));
        commonCertificateSource.addCertificate(DSSUtils.loadCertificate(getClass().getClassLoader().getResourceAsStream("certs/CA SINPE - PERSONA FISICA v2(1).crt")));
        commonCertificateSource.addCertificate(DSSUtils.loadCertificate(getClass().getClassLoader().getResourceAsStream("certs/CA SINPE - PERSONA FISICA v2(2).crt")));
        commonCertificateSource.addCertificate(DSSUtils.loadCertificate(getClass().getClassLoader().getResourceAsStream("certs/CA SINPE - PERSONA JURIDICA v2(1).crt")));
        commonCertificateSource.addCertificate(DSSUtils.loadCertificate(getClass().getClassLoader().getResourceAsStream("certs/CA SINPE - PERSONA JURIDICA v2(2).crt")));
        commonCertificateSource.addCertificate(DSSUtils.loadCertificate(getClass().getClassLoader().getResourceAsStream("certs/TSA SINPE v3.cer")));
        CommonCertificateVerifier commonCertificateVerifier = new CommonCertificateVerifier();
        commonCertificateVerifier.setTrustedCertSources(commonTrustedCertificateSource);
        commonCertificateVerifier.setAdjunctCertSources(commonCertificateSource);
        commonCertificateVerifier.setCrlSource(new OnlineCRLSource());
        commonCertificateVerifier.setOcspSource(new OnlineOCSPSource());
        commonCertificateVerifier.setAIASource(new DefaultAIASource());
        commonCertificateVerifier.setRevocationFallback(true);
        return commonCertificateVerifier;
    }
}
