package org.nhindirect.common.crypto.tools.commands;

import java.io.BufferedReader;
import java.io.File;
import java.io.InputStreamReader;
import java.lang.reflect.Method;
import java.math.BigInteger;
import java.security.AlgorithmParameters;
import java.security.Key;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.MessageDigest;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.SecureRandom;
import java.security.Security;
import java.security.Signature;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Calendar;
import java.util.Enumeration;
import java.util.Map;
import java.util.Random;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.io.FileUtils;
import org.apache.derby.iapi.store.raw.RawStoreFactory;
import org.bouncycastle.crypto.prng.VMPCRandomGenerator;
import org.bouncycastle.jce.X509Principal;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.x509.X509V3CertificateGenerator;
import org.nhindirect.common.crypto.MutableKeyStoreProtectionManager;
import org.nhindirect.common.crypto.WrappableKeyProtectionManager;
import org.nhindirect.common.crypto.impl.AbstractPKCS11TokenKeyStoreProtectionManager;
import org.nhindirect.common.crypto.tools.commands.printers.KeyPrinter;
import org.nhindirect.common.tooling.Command;
import org.nhindirect.common.tooling.StringArrayUtil;
import org.springframework.util.backoff.ExponentialBackOff;

/* loaded from: input_file:BOOT-INF/lib/direct-common-8.0.0.jar:org/nhindirect/common/crypto/tools/commands/PKCS11Commands.class */
public class PKCS11Commands {
    private static final String LIST_SECRET_KEYS = "Lists secret keys in the HSM";
    private static final String LIST_ALL_KEYS = "Lists all keys in the HSM";
    private static final String ADD_RANDOM_SECRET_KEY = "Creates a new named random AES128 secret key\r\n\r\n  keyName\r\n\t keyName: The unique name of the new secret key.  Place the key name in quotes (\"\") if there are spaces in the name.";
    private static final String ADD_USER_SECRET_KEY = "Creates a new named AES128 secret key via user entered text\r\n\r\n  keyName keyText\r\n\t keyName: The unique name of the new secret key.  Place the key name in quotes (\"\") if there are spaces in the name.\r\n\t keyText: The user entered key text.  Place the text in quotes (\"\") if there are spaces in the text.";
    private static final String REMOVE_KEY = "Removes a new named key\r\n \r\n  keyName\r\n\t keyName: The unique name of the secret key.  Place the key name in quotes (\"\") if there are spaces in the name.";
    private static final String CREATE_KEY_PAIR = "Creates a new public/private key pair.\r\n  keyName [keySize] \r\n\t keyName: The key name given to the key pair.\r\n\t keySize: Option size of the key (modulus).  If not provided, the size will default to 2048";
    private static final String EXPORT_PUBLIC_KEY = "Exports the public key of an RSA key pair.\r\n  keyName [file] \r\n\t keyName: The key name given to the key pair.\r\n\t file: Optional name of the file to export to.  By default, that key name name will be use.";
    private static final String EXPORT_PUB_KEY_CERTIFICATE = "Exports the certificate associated with an RSA key pair.\r\n  keyName [file] \r\n\t keyName: The key name given to the key pair.\r\n\t file: Optional name of the file to export to.  By default, that key name name will be use.";
    private static final String EXPORT_PRIVATE_KEY = "Exports the private key of an RSA key pair in wrapped format.  NOTE, some devices may not allow exporting of private keys.\r\n  keyName wrapperKeyName [file] \r\n\t keyName: The key name given to the key pair.\r\n\t wrapperKeyName: The key name given to secret key used to wrap the private key.\r\n\t file: Optional name of the file to export to.  By default, that key name name will be use.";
    private static final String UPDATE_PUB_KEY_CERT = "Updates the certificate associated with an RSA key pair.  The public key MUST match the existing public key.\r\n \r\n  keyName keyName \r\n\t  certFileName Full path of the certificate file in der format \r\n\t  keyName The key entry name of the RSA key pair that will be updated with the new cert ";
    private static final String CREATE_CSR = "Creates a certificate signing request using a stored RSA key pair.  Certificates are specific to DirectProject use cases.\r\n \r\n  keyName commonName subjectAltName keyUsage [additionalRDNattributes]\r\n\t  keyName The name of the key pair used in the CSR \r\n\t  commonName The certificate common name attribute used in the subject RDN field.  Do not start with \"CN=\"; it will be assumed. \r\n\t  subjectAltName The subject alternative name. \r\n\t  keyUsage The key usage of the certificate.  Valid value are DigitalSignature, KeyEncipherment, and DualUse\r\n\t  additionalRDNattributes One or more optional subject RDN fields.  Each of these MUST start with the field name.  Example: C=US S=Missouri.  Separate each field with a space.  Use quotes \"\" if a field has a space in the field's value.";
    private static final String UNWRAP_KEY = "Checks that a private key can be unwrapped using a protected wrapper AES key\r\n \r\n  wrapperKeyName file \r\n\t wrapperKeyName: The key name given to secret key used to unwrap the private key.\r\n\t file: The name of the file that contains the wrapped private key.";
    private static final String MESSAGE_SIGN_PROFILING = "Runs a test of signing x number of messages and reports the speed\r\n privateKeyName numSigsPerThread [numThreads]\r\n\t wrapperKeyName: The key name given to secret key used to unwrap the private key.\r\n\t numSigs: The number of signatures to perform per thread.\r\n\t numThreads: Optional number of threads that will execute signature.  Default is 1.  Max number is 20";
    private static final String IMPORT_P12_FILE = "Imports a p12 file and creates an store entry in the HSM.\r\n \r\n  p12FileName entryName keyStorePass privKeyPass \r\n\t  p12FileName Full path of the p12 file \r\n\t  entryName Name that the private key will be given in the key store. \r\n\t  keyStorePass Optional keystore password.  Using empty quotes if empty \r\n\t  privKeyPass Optional private key password.  Using empty quotes if empty ";
    private static final String TEST_OAEP_ENC_DEC = "Tests the RSA OAEP decryption.\r\n \r\n  privateKeyName file\r\n\t  privateKeyName The private key used to decrypt the data \r\n\t  file File containing the data to decrypt ";
    private static final String LIST_SLOTS = "For Gemalto Luna based devices, lists the available slots..\r\n ";
    protected final KeyPrinter keyPrinter = new KeyPrinter();
    protected final MutableKeyStoreProtectionManager mgr;

    /* loaded from: input_file:BOOT-INF/lib/direct-common-8.0.0.jar:org/nhindirect/common/crypto/tools/commands/PKCS11Commands$InfiniteRead.class */
    protected class InfiniteRead implements Runnable {
        protected boolean isRunning = true;

        protected InfiniteRead() {
        }

        @Override // java.lang.Runnable
        public void run() {
            while (isRunning()) {
                System.out.println("Infinite read... press return to exit.");
                PKCS11Commands.this.listCerts(null);
                try {
                    Thread.sleep(ExponentialBackOff.DEFAULT_INITIAL_INTERVAL);
                } catch (Exception e) {
                }
            }
        }

        public synchronized boolean isRunning() {
            return this.isRunning;
        }

        public synchronized void stopRunning() {
            this.isRunning = false;
        }
    }

    /* loaded from: input_file:BOOT-INF/lib/direct-common-8.0.0.jar:org/nhindirect/common/crypto/tools/commands/PKCS11Commands$SigTestThread.class */
    protected class SigTestThread implements Runnable {
        protected final byte[] digest;
        protected final int numSigs;
        protected final PrivateKey privKey;
        protected final Provider prov;

        public SigTestThread(int i, byte[] bArr, PrivateKey privateKey, Provider provider) {
            this.numSigs = i;
            this.digest = bArr;
            this.privKey = privateKey;
            this.prov = provider;
        }

        @Override // java.lang.Runnable
        public void run() {
            for (int i = 0; i < this.numSigs; i++) {
                try {
                    Signature signature = Signature.getInstance("SHA256withRSA", this.prov);
                    signature.initSign(this.privKey);
                    signature.update(this.digest);
                    signature.sign();
                    if (i % 25 == 0) {
                        System.out.println("Thread progress: " + Thread.currentThread().getName() + " performed " + i + " signatures");
                    }
                } catch (Exception e) {
                    System.out.println("Error creating signature.");
                }
            }
        }
    }

    public PKCS11Commands(MutableKeyStoreProtectionManager mutableKeyStoreProtectionManager) {
        this.mgr = mutableKeyStoreProtectionManager;
    }

    @Command(name = "ListSecretKeys", usage = LIST_SECRET_KEYS)
    public void listCerts(String[] strArr) {
        try {
            Map<String, Key> allKeys = this.mgr.getAllKeys();
            if (allKeys.isEmpty()) {
                System.out.println("No keys found");
            } else {
                ArrayList arrayList = new ArrayList();
                for (Map.Entry<String, Key> entry : allKeys.entrySet()) {
                    arrayList.add(new KeyModel(entry.getKey(), entry.getValue(), entry.getValue().getEncoded() != null ? "*****".toCharArray() : "Not Extractable".toCharArray()));
                }
                this.keyPrinter.printRecords(arrayList);
            }
        } catch (Exception e) {
            e.printStackTrace();
        }
    }

    @Command(name = "ListAllKeys", usage = LIST_ALL_KEYS)
    public void listAllKeys(String[] strArr) {
        try {
            KeyStore ks = this.mgr.getKS();
            Enumeration<String> aliases = ks.aliases();
            if (aliases.hasMoreElements()) {
                ArrayList arrayList = new ArrayList();
                while (aliases.hasMoreElements()) {
                    String nextElement = aliases.nextElement();
                    if (ks.isKeyEntry(nextElement)) {
                        Key key = ks.getKey(nextElement, null);
                        arrayList.add(new KeyModel(nextElement, key, key.getEncoded() != null ? "*****".toCharArray() : "Not Extractable".toCharArray()));
                    }
                }
                this.keyPrinter.printRecords(arrayList);
            } else {
                System.out.println("No keys found");
            }
        } catch (Exception e) {
            e.printStackTrace();
        }
    }

    @Command(name = "CreateRandomSecretKey", usage = ADD_RANDOM_SECRET_KEY)
    public void addRandomSecretKey(String[] strArr) {
        String requiredValue = StringArrayUtil.getRequiredValue(strArr, 0);
        try {
            KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", this.mgr.getKS().getProvider().getName());
            keyGenerator.init(128);
            SecretKey generateKey = keyGenerator.generateKey();
            this.mgr.clearKey(requiredValue);
            this.mgr.setKey(requiredValue, generateKey);
        } catch (Exception e) {
            System.err.println("Failed to add new random secret key: " + e.getMessage());
            e.printStackTrace();
        }
    }

    @Command(name = "CreateUserSecretKey", usage = ADD_USER_SECRET_KEY)
    public void addUserSecretKey(String[] strArr) {
        String requiredValue = StringArrayUtil.getRequiredValue(strArr, 0);
        try {
            byte[] copyOf = Arrays.copyOf(MessageDigest.getInstance("SHA-1").digest(StringArrayUtil.getRequiredValue(strArr, 1).getBytes("UTF-8")), 16);
            this.mgr.clearKey(requiredValue);
            this.mgr.setKey(requiredValue, new SecretKeySpec(copyOf, "AES"));
        } catch (Exception e) {
            System.err.println("Failed to add new random secret key: " + e.getMessage());
            e.printStackTrace();
        }
    }

    @Command(name = "RemoveKey", usage = REMOVE_KEY)
    public void removeSecretKey(String[] strArr) {
        try {
            this.mgr.clearKey(StringArrayUtil.getRequiredValue(strArr, 0));
        } catch (Exception e) {
            System.err.println("Failed to add new random secret key: " + e.getMessage());
        }
    }

    @Command(name = "TestSignatureSpeed", usage = MESSAGE_SIGN_PROFILING)
    public void testSignatureSpeed(String[] strArr) {
        String requiredValue = StringArrayUtil.getRequiredValue(strArr, 0);
        int parseInt = Integer.parseInt(StringArrayUtil.getRequiredValue(strArr, 1));
        int parseInt2 = Integer.parseInt(StringArrayUtil.getOptionalValue(strArr, 2, "1"));
        if (parseInt2 < 1) {
            System.out.println("Number of threads cannot be less than 1.  Setting number of threads to 1");
            parseInt2 = 1;
        } else if (parseInt2 > 20) {
            System.out.println("Number of thread cannot be greater than 20.  Setting number of threads to 20");
            parseInt2 = 20;
        }
        try {
            KeyStore ks = this.mgr.getKS();
            PrivateKey privateKey = (PrivateKey) ks.getKey(requiredValue, "".toCharArray());
            if (privateKey == null) {
                System.out.println("Key name " + requiredValue + " does not contain a private key");
                return;
            }
            byte[] bArr = new byte[2048];
            new Random().nextBytes(bArr);
            MessageDigest messageDigest = MessageDigest.getInstance("SHA256", BouncyCastleProvider.PROVIDER_NAME);
            messageDigest.update(bArr);
            byte[] digest = messageDigest.digest();
            SigTestThread[] sigTestThreadArr = new SigTestThread[parseInt2];
            Thread[] threadArr = new Thread[parseInt2];
            long currentTimeMillis = System.currentTimeMillis();
            for (int i = 0; i < parseInt2; i++) {
                sigTestThreadArr[i] = new SigTestThread(parseInt, digest, privateKey, ks.getProvider());
                threadArr[i] = new Thread(sigTestThreadArr[i]);
                threadArr[i].setDaemon(true);
                threadArr[i].setName("SigThread" + i);
                threadArr[i].start();
            }
            for (int i2 = 0; i2 < parseInt2; i2++) {
                threadArr[i2].join();
            }
            long currentTimeMillis2 = System.currentTimeMillis() - currentTimeMillis;
            int i3 = parseInt * parseInt2;
            System.out.println("\r\nTotal runtime: " + currentTimeMillis2 + "ms.");
            System.out.println("\r\nNumber of signatures: " + i3);
            System.out.println("Average speed: " + (i3 / (((int) currentTimeMillis2) / 1000)) + " signatures per second.");
        } catch (Exception e) {
            System.err.println("Failed to test key signatures: " + e.getMessage());
        }
    }

    @Command(name = "TestKeyUnwrap", usage = UNWRAP_KEY)
    public void testKeyUnwrap(String[] strArr) {
        String requiredValue = StringArrayUtil.getRequiredValue(strArr, 0);
        try {
            byte[] readFileToByteArray = FileUtils.readFileToByteArray(new File(StringArrayUtil.getRequiredValue(strArr, 1)));
            KeyStore ks = this.mgr.getKS();
            Key key = this.mgr.getKey(requiredValue);
            if (key == null) {
                System.out.println("Wrapper key with name " + key + " does not exist.");
                return;
            }
            if (key.getAlgorithm().startsWith("AES")) {
                IvParameterSpec ivParameterSpec = new IvParameterSpec(AbstractPKCS11TokenKeyStoreProtectionManager.IV_BYTES);
                Cipher cipher = Cipher.getInstance(AbstractPKCS11TokenKeyStoreProtectionManager.WRAP_ALGO, ks.getProvider().getName());
                cipher.init(4, key, ivParameterSpec);
                System.out.println("Succesfully unwrapped private key.  Private key class: " + cipher.unwrap(readFileToByteArray, "RSA", 2).getClass().getName());
            } else {
                System.out.println("Wrapper key must be an AES key.");
            }
        } catch (Exception e) {
            e.printStackTrace();
            System.err.println("Failed to unwrap private key: " + e.getMessage());
        }
    }

    @Command(name = "ExportPrivateKey", usage = EXPORT_PRIVATE_KEY)
    public void exportPrivateKey(String[] strArr) {
        String requiredValue = StringArrayUtil.getRequiredValue(strArr, 0);
        String requiredValue2 = StringArrayUtil.getRequiredValue(strArr, 1);
        String optionalValue = StringArrayUtil.getOptionalValue(strArr, 2, requiredValue + "-privKey.der");
        try {
            KeyStore ks = this.mgr.getKS();
            Key key = this.mgr.getKey(requiredValue2);
            if (key == null) {
                System.out.println("Wrapper key with name " + key + " does not exist.");
                return;
            }
            if (!ks.containsAlias(requiredValue)) {
                System.out.println("Private key with name " + requiredValue + " does not exist.");
                return;
            }
            PrivateKey privateKey = (PrivateKey) ks.getKey(requiredValue, "".toCharArray());
            if (privateKey == null) {
                System.out.println("Key name " + requiredValue + " does not contain a private key");
                return;
            }
            Cipher cipher = null;
            if (key.getAlgorithm().startsWith("AES")) {
                cipher = Cipher.getInstance(AbstractPKCS11TokenKeyStoreProtectionManager.WRAP_ALGO, ks.getProvider().getName());
                AlgorithmParameters algorithmParameters = null;
                try {
                    algorithmParameters = AlgorithmParameters.getInstance("IV", ks.getProvider().getName());
                    algorithmParameters.init(new IvParameterSpec(AbstractPKCS11TokenKeyStoreProtectionManager.IV_BYTES));
                } catch (Exception e) {
                }
                if (algorithmParameters == null) {
                    cipher.init(3, key, new IvParameterSpec(AbstractPKCS11TokenKeyStoreProtectionManager.IV_BYTES));
                } else {
                    cipher.init(3, key, algorithmParameters);
                }
            } else if (key.getAlgorithm().startsWith("RSA")) {
                cipher = Cipher.getInstance("RSA/ECB/NoPadding", ks.getProvider().getName());
                cipher.init(3, key);
            }
            try {
                byte[] wrap = cipher.wrap(privateKey);
                File file = new File(optionalValue);
                FileUtils.writeByteArrayToFile(file, wrap);
                System.out.println("Wrapped private key written to file " + file.getAbsolutePath());
            } catch (Exception e2) {
                System.out.println("Private key with name " + requiredValue + " could not be extracted.  Your hardware may not allow exporting of private keys or attributes on the key may not allow the key to be exported.  \r\nError message: " + e2.getMessage());
                e2.printStackTrace();
            }
        } catch (Exception e3) {
            e3.printStackTrace();
            System.err.println("Failed to export private key: " + e3.getMessage());
        }
    }

    @Command(name = "ExportPublicKey", usage = EXPORT_PUBLIC_KEY)
    public void exportPublicKey(String[] strArr) {
        String requiredValue = StringArrayUtil.getRequiredValue(strArr, 0);
        String optionalValue = StringArrayUtil.getOptionalValue(strArr, 1, requiredValue + "-publicKey.der");
        try {
            KeyStore ks = this.mgr.getKS();
            if (!ks.containsAlias(requiredValue)) {
                System.out.println("Entry with key name " + requiredValue + " does not exist.");
                return;
            }
            X509Certificate x509Certificate = (X509Certificate) ks.getCertificate(requiredValue);
            if (x509Certificate == null) {
                System.out.println("Key name " + requiredValue + " does not contain a public key");
                return;
            }
            File file = new File(optionalValue);
            FileUtils.writeByteArrayToFile(file, x509Certificate.getPublicKey().getEncoded());
            System.out.println("Public key written to file " + file.getAbsolutePath());
        } catch (Exception e) {
            e.printStackTrace();
            System.err.println("Failed to export public key: " + e.getMessage());
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:47:0x02b7, code lost:
    
        r18 = move-exception;
     */
    /* JADX WARN: Code restructure failed: missing block: B:48:0x02b9, code lost:
    
        r18.printStackTrace();
        java.lang.System.err.println("Failed to create CSR : " + r18.getMessage());
     */
    /* JADX WARN: Code restructure failed: missing block: B:49:0x02db, code lost:
    
        return;
     */
    @org.nhindirect.common.tooling.Command(name = "CreateCSR", usage = org.nhindirect.common.crypto.tools.commands.PKCS11Commands.CREATE_CSR)
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public void createCSR(java.lang.String[] r10) {
        /*
            Method dump skipped, instructions count: 732
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.nhindirect.common.crypto.tools.commands.PKCS11Commands.createCSR(java.lang.String[]):void");
    }

    @Command(name = "CreateKeyPair", usage = CREATE_KEY_PAIR)
    public void createKeyPair(String[] strArr) {
        String requiredValue = StringArrayUtil.getRequiredValue(strArr, 0);
        String optionalValue = StringArrayUtil.getOptionalValue(strArr, 1, RawStoreFactory.PAGE_SIZE_STRING);
        try {
            KeyPair generateKeyPair = KeyPairGenerator.getInstance("RSA", BouncyCastleProvider.PROVIDER_NAME).generateKeyPair();
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", this.mgr.getKS().getProvider().getName());
            keyPairGenerator.initialize(Integer.parseInt(optionalValue));
            KeyPair generateKeyPair2 = keyPairGenerator.generateKeyPair();
            X509V3CertificateGenerator x509V3CertificateGenerator = new X509V3CertificateGenerator();
            x509V3CertificateGenerator.setPublicKey(generateKeyPair2.getPublic());
            x509V3CertificateGenerator.setSignatureAlgorithm("SHA256WithRSAEncryption");
            Calendar calendar = Calendar.getInstance();
            Calendar calendar2 = Calendar.getInstance();
            calendar2.add(5, 3000);
            x509V3CertificateGenerator.setSerialNumber(BigInteger.valueOf(generatePositiveRandom()));
            x509V3CertificateGenerator.setIssuerDN(new X509Principal("cn=test"));
            x509V3CertificateGenerator.setNotBefore(calendar.getTime());
            x509V3CertificateGenerator.setNotAfter(calendar2.getTime());
            x509V3CertificateGenerator.setSubjectDN(new X509Principal("cn=test"));
            x509V3CertificateGenerator.setPublicKey(generateKeyPair2.getPublic());
            this.mgr.getKS().setKeyEntry(requiredValue, generateKeyPair2.getPrivate(), "".toCharArray(), new X509Certificate[]{x509V3CertificateGenerator.generate(generateKeyPair.getPrivate(), BouncyCastleProvider.PROVIDER_NAME)});
            System.out.println("Key pair created and stored.");
        } catch (Exception e) {
            e.printStackTrace();
            System.err.println("Failed to generate key pair: " + e.getMessage());
        }
    }

    private static long generatePositiveRandom() {
        long j = -1;
        byte[] bArr = new byte[8];
        VMPCRandomGenerator vMPCRandomGenerator = new VMPCRandomGenerator();
        vMPCRandomGenerator.addSeedMaterial(new SecureRandom().nextLong());
        vMPCRandomGenerator.nextBytes(bArr);
        SecureRandom secureRandom = new SecureRandom(bArr);
        while (j < 1) {
            j = secureRandom.nextLong();
        }
        return j;
    }

    public void infiniteRead(String[] strArr) {
        InfiniteRead infiniteRead = new InfiniteRead();
        new Thread(infiniteRead).start();
        try {
            new BufferedReader(new InputStreamReader(System.in)).readLine();
            System.out.println("Stop read triggered.  Waiting for last read.");
            infiniteRead.stopRunning();
        } catch (Exception e) {
        }
    }

    @Command(name = "ListSlots", usage = LIST_SLOTS)
    public void listSlots(String[] strArr) {
        if (!this.mgr.getKS().getProvider().getName().contains("LunaProvider")) {
            System.err.println("Connected token is not Luna device.");
            return;
        }
        try {
            Class<?> loadClass = getClass().getClassLoader().loadClass("com.safenetinc.luna.LunaSlotManager");
            Method method = loadClass.getMethod("getInstance", new Class[0]);
            Method declaredMethod = loadClass.getDeclaredMethod("getNumberOfSlots", new Class[0]);
            Method declaredMethod2 = loadClass.getDeclaredMethod("isTokenPresent", Integer.TYPE);
            Method declaredMethod3 = loadClass.getDeclaredMethod("getTokenLabel", Integer.TYPE);
            Object invoke = method.invoke(null, new Object[0]);
            Integer num = (Integer) declaredMethod.invoke(invoke, new Object[0]);
            System.out.println("Number of slots: " + num);
            if (num.intValue() > 0) {
                for (int i = 0; i < num.intValue(); i++) {
                    if (((Boolean) declaredMethod2.invoke(invoke, Integer.valueOf(i))).booleanValue()) {
                        System.out.println("Slot: " + i + " token label: " + ((String) declaredMethod3.invoke(invoke, Integer.valueOf(i))));
                    }
                }
            } else {
                System.out.println("No slots found.");
            }
        } catch (Exception e) {
            System.err.println("Error finding slots: " + e.getMessage());
            throw new RuntimeException(e);
        }
    }

    @Command(name = "ExportKeyPairCert", usage = EXPORT_PUB_KEY_CERTIFICATE)
    public void exportPublicKeyCert(String[] strArr) {
        String requiredValue = StringArrayUtil.getRequiredValue(strArr, 0);
        String optionalValue = StringArrayUtil.getOptionalValue(strArr, 1, requiredValue + ".der");
        try {
            KeyStore ks = this.mgr.getKS();
            if (!ks.containsAlias(requiredValue)) {
                System.out.println("Entry with key name " + requiredValue + " does not exist.");
                return;
            }
            X509Certificate x509Certificate = (X509Certificate) ks.getCertificate(requiredValue);
            if (x509Certificate == null) {
                System.out.println("Key name " + requiredValue + " does not contain a certificate that can be exported.  This key may not be an RSA key pair.");
                return;
            }
            File file = new File(optionalValue);
            FileUtils.writeByteArrayToFile(file, x509Certificate.getEncoded());
            System.out.println("Certificate written to file " + file.getAbsolutePath());
        } catch (Exception e) {
            e.printStackTrace();
            System.err.println("Failed to export certificate: " + e.getMessage());
        }
    }

    @Command(name = "UpdateKeyPairCert", usage = UPDATE_PUB_KEY_CERT)
    public void updateKeyPairCert(String[] strArr) {
        String requiredValue = StringArrayUtil.getRequiredValue(strArr, 0);
        String requiredValue2 = StringArrayUtil.getRequiredValue(strArr, 1);
        File file = new File(requiredValue);
        if (!file.exists()) {
            System.out.println("Certificate file " + file.getAbsolutePath() + " could not be found.");
            return;
        }
        try {
            KeyStore ks = this.mgr.getKS();
            if (!ks.containsAlias(requiredValue2)) {
                System.out.println("Entry with key name " + requiredValue2 + " does not exist.");
                return;
            }
            X509Certificate x509Certificate = (X509Certificate) ks.getCertificate(requiredValue2);
            if (x509Certificate == null) {
                System.out.println("Key name " + requiredValue2 + " does not contain a certificate that can be updated.  This key may not be an RSA key pair.");
                return;
            }
            X509Certificate x509Certificate2 = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(FileUtils.openInputStream(file));
            if (!x509Certificate2.getPublicKey().equals(x509Certificate.getPublicKey())) {
                System.out.println("Imported public key does not match the stored public key");
            } else {
                ks.setKeyEntry(requiredValue2, (PrivateKey) ks.getKey(requiredValue2, "".toCharArray()), "".toCharArray(), new X509Certificate[]{x509Certificate2});
                System.out.println("Certificate updated.");
            }
        } catch (Exception e) {
            System.err.println("Failed to update certificate: " + e.getMessage());
        }
    }

    @Command(name = "testOAEP", usage = TEST_OAEP_ENC_DEC)
    public void oaepTest(String[] strArr) {
        String requiredValue = StringArrayUtil.getRequiredValue(strArr, 0);
        String requiredValue2 = StringArrayUtil.getRequiredValue(strArr, 1);
        try {
            byte[] readFileToByteArray = FileUtils.readFileToByteArray(new File(requiredValue2));
            if (readFileToByteArray == null || readFileToByteArray.length == 0) {
                System.out.println("Invalid file " + requiredValue2);
                return;
            }
            KeyStore ks = this.mgr.getKS();
            if (!ks.containsAlias(requiredValue)) {
                System.out.println("Private key with name " + requiredValue + " does not exist.");
                return;
            }
            PrivateKey privateKey = (PrivateKey) ks.getKey(requiredValue, "".toCharArray());
            if (privateKey == null) {
                System.out.println("Key name " + requiredValue + " does not contain a private key");
                return;
            }
            Cipher cipher = Cipher.getInstance("RSA/None/OAEPWithSHA1AndMGF1Padding", ks.getProvider().getName());
            cipher.init(2, privateKey);
            cipher.doFinal(readFileToByteArray);
            System.out.println("OAEP decryption successfull");
        } catch (Exception e) {
            e.printStackTrace();
            System.err.println("Test failed: " + e.getMessage());
        }
    }

    @Command(name = "ImportP12File", usage = IMPORT_P12_FILE)
    public void importPrivateKeyFile(String[] strArr) {
        if (!(this.mgr instanceof WrappableKeyProtectionManager)) {
            System.out.println("Key store manager does not support wrapping.");
            return;
        }
        String requiredValue = StringArrayUtil.getRequiredValue(strArr, 0);
        String requiredValue2 = StringArrayUtil.getRequiredValue(strArr, 1);
        String optionalValue = StringArrayUtil.getOptionalValue(strArr, 2, "");
        String optionalValue2 = StringArrayUtil.getOptionalValue(strArr, 3, "");
        try {
            System.out.println("Provider Name: " + this.mgr.getKS().getProvider().getName());
            KeyStore keyStore = KeyStore.getInstance("pkcs12");
            keyStore.load(FileUtils.openInputStream(new File(requiredValue)), optionalValue.toCharArray());
            String nextElement = keyStore.aliases().nextElement();
            this.mgr.getKS().setKeyEntry(requiredValue2, (PrivateKey) keyStore.getKey(nextElement, optionalValue2.toCharArray()), "".toCharArray(), new X509Certificate[]{(X509Certificate) keyStore.getCertificate(nextElement)});
            System.out.println("Import " + requiredValue + " as entry " + requiredValue2);
        } catch (Exception e) {
            e.printStackTrace();
        }
    }

    public void importPrivateKeyFileForTempKey(String[] strArr) {
        if (!(this.mgr instanceof WrappableKeyProtectionManager)) {
            System.out.println("Key store manager does not support wrapping.");
            return;
        }
        WrappableKeyProtectionManager wrappableKeyProtectionManager = (WrappableKeyProtectionManager) this.mgr;
        String requiredValue = StringArrayUtil.getRequiredValue(strArr, 0);
        String optionalValue = StringArrayUtil.getOptionalValue(strArr, 1, "");
        String optionalValue2 = StringArrayUtil.getOptionalValue(strArr, 2, "");
        try {
            String name = this.mgr.getKS().getProvider().getName();
            System.out.println("Provider Name: " + name);
            KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", name);
            keyGenerator.init(128);
            SecretKey generateKey = keyGenerator.generateKey();
            KeyStore keyStore = KeyStore.getInstance("pkcs12");
            keyStore.load(FileUtils.openInputStream(new File(requiredValue)), optionalValue.toCharArray());
            System.out.println("Successfully created an unwrapped private key");
        } catch (Exception e) {
            e.printStackTrace();
        }
    }

    static {
        Security.addProvider(new BouncyCastleProvider());
    }
}
