package com.ibm.ws.wssecurity.xml.xss4j.dsig.util;

import com.ibm.crypto.pkcs11impl.provider.PKCS11Key;
import com.ibm.websphere.management.NotificationConstants;
import com.ibm.ws.ssl.core.Constants;
import com.ibm.ws.wssecurity.util.Tr;
import com.ibm.ws.wssecurity.util.TraceComponent;
import com.ibm.wsspi.wssecurity.saml.config.SamlConstants;
import java.security.Key;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.util.HashMap;
import java.util.Hashtable;
import java.util.LinkedList;

/* loaded from: input_file:lib/com.ibm.jaxws.thinclient_9.0.jar:com/ibm/ws/wssecurity/xml/xss4j/dsig/util/HWKeyCache.class */
public class HWKeyCache {
    private static final String CLS_NAME = "HWkeyCache";
    private static final TraceComponent tc = Tr.register(HWKeyCache.class, "Web Services Security", "com.ibm.ws.wssecurity.resources.wssmessages");
    private static Provider _provider = null;
    private static HashMap fKey2TKey = null;
    private static HashMap fTKey2TTime = null;
    private static LinkedList fKey = null;
    private static Hashtable fAlg2Factory = null;
    private static int maxKeysOnCard = 0;
    private static long entryRefresh = 0;
    private static byte[] lock = new byte[0];
    private static boolean cacheSizeSet = false;
    private static HWKeyCache s_theInstance = new HWKeyCache();

    private HWKeyCache() {
        fAlg2Factory = new Hashtable();
        fKey2TKey = new HashMap();
        fTKey2TTime = new HashMap();
        fKey = new LinkedList();
    }

    public void setScanParameters(long j) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "HWKC:  setScanParameters(_entryRefreshHours[" + j + " hours]");
        }
        entryRefresh = j * SamlConstants.DEFAULT_SAML_EXPIRES_IN_MILLISECONDS;
        if (entryRefresh > NotificationConstants.HANDLE_NOTIFICATION_TIMEOUT_DEFAULT) {
            entryRefresh -= NotificationConstants.HANDLE_NOTIFICATION_TIMEOUT_DEFAULT;
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "HWKC:  entryRefresh:  " + entryRefresh + " ms");
        }
    }

    public static boolean isHWSigAlgorithm(String str) {
        boolean z = false;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "HWKC:  isHWSigAlgorithm(String a[" + str + "])");
        }
        if (str != null && (str.equals("http://www.w3.org/2000/09/xmldsig#rsa-sha1") || str.equals("http://www.w3.org/2000/09/xmldsig#dsa-sha1"))) {
            z = true;
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "HWKC:  isHWSigAlgorithm(String a) returns boolean[" + z + "]");
        }
        return z;
    }

    public static boolean isHWEncAlgorithm(String str) {
        boolean z = false;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "HWKC:  isHWEncAlgorithm(String a[" + str + "])");
        }
        if (str != null && (str.equals("http://www.w3.org/2001/04/xmlenc#rsa-1_5") || str.equals("http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"))) {
            z = true;
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "HWKC:  isHWEncAlgorithm(String a) returns boolean[" + z + "]");
        }
        return z;
    }

    public static HWKeyCache getInstance() {
        return s_theInstance;
    }

    public void setProvider(Provider provider, Integer num) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "HWKC:  setProvider(Provider provider[" + provider + "])");
        }
        if (_provider == null && provider != null) {
            _provider = provider;
            maxKeysOnCard = num.intValue();
            try {
                fAlg2Factory.put("RSA", KeyFactory.getInstance("RSA", provider));
                fAlg2Factory.put(Constants.DSA, KeyFactory.getInstance(Constants.DSA, provider));
            } catch (NoSuchAlgorithmException e) {
                if (tc.isDebugEnabled()) {
                    Tr.processException(e, CLS_NAME, "setProvider_1");
                }
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "HWKC:  setProvider(Provider provider[" + provider + "])");
        }
    }

    public static boolean cacheInitialized() {
        return _provider != null && maxKeysOnCard > 0;
    }

    public Key generate(String str) throws Exception {
        Long l;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "HWKC:  Caching Key for endpoing:  generate(String endpointReference[" + str + "])");
        }
        Key key = null;
        if (str != null) {
            synchronized (lock) {
                key = (Key) fKey2TKey.get(str);
                if (key != null && entryRefresh > 0 && ((l = (Long) fTKey2TTime.get(key)) == null || System.currentTimeMillis() - l.longValue() > entryRefresh)) {
                    if (tc.isDebugEnabled()) {
                        if (l == null) {
                            Tr.debug(tc, "HWKC:  CacheKey for endpointReference:      key to be refreshed, translatedTime:  null");
                        } else {
                            Tr.debug(tc, "HWKC:  CacheKey for endpointReference:      key to be refreshed, translatedTime:  " + l);
                            Tr.debug(tc, "HWKC:  CacheKey for endpointReference:      currentTime:  " + System.currentTimeMillis());
                            Tr.debug(tc, "HWKC:  CacheKey for endpointReference:      entryRefresh:  " + entryRefresh);
                            Tr.debug(tc, "HWKC:  CacheKey for endpointReference:      key is " + (System.currentTimeMillis() - l.longValue()) + " ms old");
                        }
                    }
                    remove(str);
                    key = null;
                }
                if (key != null) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "HWKC:  CacheKey for endpointReference:  Key [" + str.hashCode() + "], Translated Key [" + key.hashCode() + "] retrieved from cache.");
                    }
                    fKey.remove(str);
                    fKey.addFirst(str);
                }
            }
        } else if (tc.isDebugEnabled()) {
            Tr.debug(tc, "HWKC:  getting cached for endpointReference:  endpointReference == null, cannot generate");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "HWKC:  setKeyEntry(String alias, Key key, char[] password, Certificate[] chain) returns Translated Key[" + key + "]");
        }
        return key;
    }

    public void addGeneratedKey(String str, Key key) {
        if (str == null || key == null) {
            return;
        }
        synchronized (lock) {
            fKey2TKey.put(str, key);
            fKey.addFirst(str);
            fTKey2TTime.put(key, new Long(System.currentTimeMillis()));
        }
    }

    public void addGeneratedKey(byte[] bArr, Key key) {
        if (bArr == null || key == null) {
            return;
        }
        synchronized (lock) {
            fKey2TKey.put(bArr, key);
            fKey.addFirst(bArr);
            fTKey2TTime.put(key, new Long(System.currentTimeMillis()));
        }
    }

    public Key generate(byte[] bArr) throws Exception {
        Long l;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "HWKC:  Caching Key for endpoing:  generate(String wrappedKey[" + bArr + "])");
        }
        Key key = null;
        if (bArr != null) {
            synchronized (lock) {
                key = (Key) fKey2TKey.get(bArr);
                if (key != null && entryRefresh > 0 && ((l = (Long) fTKey2TTime.get(key)) == null || System.currentTimeMillis() - l.longValue() > entryRefresh)) {
                    if (tc.isDebugEnabled()) {
                        if (l == null) {
                            Tr.debug(tc, "HWKC:  CacheKey for endpointReference:      key to be refreshed, translatedTime:  null");
                        } else {
                            Tr.debug(tc, "HWKC:  CacheKey for endpointReference:      key to be refreshed, translatedTime:  " + l);
                            Tr.debug(tc, "HWKC:  CacheKey for endpointReference:      currentTime:  " + System.currentTimeMillis());
                            Tr.debug(tc, "HWKC:  CacheKey for endpointReference:      entryRefresh:  " + entryRefresh);
                            Tr.debug(tc, "HWKC:  CacheKey for endpointReference:      key is " + (System.currentTimeMillis() - l.longValue()) + " ms old");
                        }
                    }
                    remove(bArr);
                    key = null;
                }
                if (key != null) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "HWKC:  CacheKey for endpointReference:  Key [" + bArr.hashCode() + "], Translated Key [" + key.hashCode() + "] retrieved from cache.");
                    }
                    fKey.remove(bArr);
                    fKey.addFirst(bArr);
                }
            }
        } else if (tc.isDebugEnabled()) {
            Tr.debug(tc, "HWKC:  getting cached for endpointReference:  endpointReference == null, cannot generate");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "HWKC:  setKeyEntry(String alias, Key key, char[] password, Certificate[] chain) returns Translated Key[" + key + "]");
        }
        return key;
    }

    public Key translate(Key key) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "HWKC:  translate(Key key[" + key + "])");
        }
        Key key2 = null;
        if (cacheInitialized()) {
            if (key != null) {
                synchronized (lock) {
                    key2 = (Key) fKey2TKey.get(key);
                    if (key2 != null && entryRefresh > 0) {
                        Long l = (Long) fTKey2TTime.get(key2);
                        if (l == null || System.currentTimeMillis() - l.longValue() > entryRefresh) {
                            if (tc.isDebugEnabled()) {
                                if (l == null) {
                                    Tr.debug(tc, "HWKC:  key to be refreshed, translatedTime:  null");
                                } else {
                                    Tr.debug(tc, "HWKC:  key to be refreshed, translatedTime:  " + l);
                                    Tr.debug(tc, "HWKC:      currentTime:  " + System.currentTimeMillis());
                                    Tr.debug(tc, "HWKC:      entryRefresh:  " + entryRefresh);
                                    Tr.debug(tc, "HWKC:      key is " + (System.currentTimeMillis() - l.longValue()) + " ms old");
                                }
                            }
                            remove(key);
                            key2 = null;
                        }
                        if (tc.isDebugEnabled() && !(key2 instanceof PKCS11Key)) {
                            Tr.debug(tc, "_key is not an instanceof PKCS11Key");
                        }
                    }
                    if (key2 != null) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "HWKC:  Key [" + key.hashCode() + "], Translated Key [" + key2.hashCode() + "] retrieved from cache.");
                        }
                        fKey.remove(key);
                        fKey.addFirst(key);
                    } else {
                        KeyFactory keyFactory = null;
                        Throwable th = null;
                        try {
                            if (fKey.size() >= maxKeysOnCard) {
                                reduceKeysOnCardPercent(75);
                            }
                            try {
                                keyFactory = (KeyFactory) fAlg2Factory.get(key.getAlgorithm());
                                if (keyFactory == null) {
                                    String algorithm = key.getAlgorithm();
                                    keyFactory = KeyFactory.getInstance(algorithm, _provider);
                                    fAlg2Factory.put(algorithm, keyFactory);
                                }
                            } catch (Exception e) {
                                if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, "HWKC:  Exception caught:  new keyfactory needed for algorithm: [" + key.getAlgorithm() + "]");
                                }
                            }
                            try {
                                key2 = keyFactory.translateKey(key);
                                if (key2 != null && tc.isDebugEnabled()) {
                                    Tr.debug(tc, "HWKC:  Key [" + key.hashCode() + "], Translated Key [" + key2.hashCode() + "] translated to card.");
                                }
                            } catch (Exception e2) {
                                th = e2;
                                if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, "HWKC:  Exception caught in KeyCache.setKeyEntry(): " + e2);
                                    Tr.processException(e2, CLS_NAME, "translate_2");
                                }
                            } catch (OutOfMemoryError e3) {
                                if (cacheSizeSet) {
                                    th = e3;
                                } else {
                                    setMaxKeysOnCardPercent(80);
                                    reduceKeysOnCardPercent(75);
                                    if (tc.isDebugEnabled()) {
                                        Tr.debug(tc, "HWKC:  OutOfMemoryError from first _keyStore.setKeyEntry: " + e3);
                                        Tr.processException(e3, CLS_NAME, "translate_1");
                                    }
                                }
                            }
                            if (key2 == null && th == null) {
                                try {
                                    key2 = keyFactory.translateKey(key);
                                    if (key2 != null && tc.isDebugEnabled()) {
                                        Tr.debug(tc, "HWKC:  Key [" + key.hashCode() + "], Translated Key [" + key2.hashCode() + "] translated to card.");
                                    }
                                } catch (Exception e4) {
                                    th = e4;
                                    if (tc.isDebugEnabled()) {
                                        Tr.debug(tc, "HWKC:  Exception caught in 2nd KeyCache.setKeyEntry(): " + e4);
                                        Tr.processException(e4, CLS_NAME, "translate_4");
                                    }
                                } catch (OutOfMemoryError e5) {
                                    th = e5;
                                    if (tc.isDebugEnabled()) {
                                        Tr.debug(tc, "HWKC:  OutOfMemoryError from 2nd _keyStore.setKeyEntry: " + e5);
                                        Tr.processException(e5, CLS_NAME, "translate_3");
                                    }
                                }
                            }
                            if (key2 == null) {
                                if (th != null) {
                                    throw new Exception("Unable to translate key", th);
                                }
                                throw new Exception("Unable to translate key");
                            }
                            fKey2TKey.put(key, key2);
                            fKey.addFirst(key);
                            fTKey2TTime.put(key2, new Long(System.currentTimeMillis()));
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "HWKC:  Key [" + key.hashCode() + "], Translated Key [" + key2.hashCode() + "] stored in cache.");
                            }
                        } catch (Exception e6) {
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "HWKC:  Exception caught in setKeyEntry: " + e6);
                                Tr.processException(e6, CLS_NAME, "translate_5");
                            }
                            throw e6;
                        }
                    }
                }
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "HWKC:  key == null, cannot translate");
            }
        } else if (tc.isDebugEnabled()) {
            Tr.debug(tc, "HWKC:  KeyStore not initialized");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "HWKC:  setKeyEntry(String alias, Key key, char[] password, Certificate[] chain) returns Translated Key[" + key2 + "]");
        }
        return key2;
    }

    private static boolean remove(Key key) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "HWKC:  remove(Key[" + key.hashCode() + "])");
        }
        boolean z = false;
        fKey.remove(key);
        PKCS11Key pKCS11Key = (PKCS11Key) fKey2TKey.remove(key);
        fTKey2TTime.remove(pKCS11Key);
        if (pKCS11Key != null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "HWKC:  key [" + key.hashCode() + "], translated key [" + pKCS11Key.hashCode() + "] removed from cache");
            }
            try {
                pKCS11Key.rm();
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "HWKC:  Key [" + key.hashCode() + "], Translated Key [" + pKCS11Key.hashCode() + "] destroyed on card.");
                }
                z = true;
            } catch (Exception e) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "HWKC:  Exception caught");
                    e.printStackTrace(System.err);
                }
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "HWKC:  remove(Key) returns boolean[" + z + "]");
        }
        return z;
    }

    private static void remove(String str) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "HWKC:  CacheKey for endpointReference:  remove(Key[" + str.hashCode() + "])");
        }
        fKey.remove(str);
        fTKey2TTime.remove(str);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "HWKC:  CacheKey for endpointReference:  remove(Key)");
        }
    }

    private static void remove(byte[] bArr) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "HWKC:  CacheKey for endpointReference:  remove(Key[" + bArr.hashCode() + "])");
        }
        fKey.remove(bArr);
        fTKey2TTime.remove(bArr);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "HWKC:  CacheKey for endpointReference:  remove(Key)");
        }
    }

    private static boolean removeLast() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "HWKC:  removeLast()");
        }
        boolean z = false;
        Object last = fKey.getLast();
        if (last instanceof Key) {
            z = remove((Key) last);
        } else if (last instanceof String) {
            remove((String) last);
            z = true;
        } else if (last instanceof byte[]) {
            remove((byte[]) last);
            z = true;
        } else if (tc.isDebugEnabled()) {
            Tr.debug(tc, "HWKC:  removeLast() found key of unsupported type in the list.");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "HWKC:  removeLast() returns boolean[" + z + "]");
        }
        return z;
    }

    private static boolean removeLast(int i) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "HWKC:  removeLast(int n[" + i + "])");
        }
        boolean z = false;
        if (i > fKey.size()) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "HWKC:  _" + i + "_ exceeds the _" + fKey.size() + "_ entries cached");
            }
            fKey.size();
        } else {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "HWKC:  cache size before:  fKey[" + fKey.size() + "], fKey2Tkey[" + fKey2TKey.size() + "]");
            }
            int i2 = 0;
            while (true) {
                if (i2 >= i) {
                    break;
                }
                z = removeLast();
                if (z) {
                    i2++;
                } else if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "HWKC:  removeLast() failed, _" + i + "_ is too large");
                }
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "HWKC:  cache size after:  fKey[" + fKey.size() + "], fKey2Tkey[" + fKey2TKey.size() + "]");
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "HWKC:  removeLast(int n) returns boolean[" + z + "]");
        }
        return z;
    }

    private static boolean reduceKeysOnCardPercent(int i) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "HWKC:  reduceKeysOnCardPercent(int percent[" + i + "])");
        }
        boolean removeLast = removeLast(fKey.size() - ((maxKeysOnCard * i) / 100));
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "HWKC:  reduceKeysOnCard(int percent) returns boolean[" + removeLast + "]");
        }
        return removeLast;
    }

    private static int setMaxKeysOnCardPercent(int i) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "HWKC:  setMaxKeysOnCardPercent(int percent[" + i + "])");
        }
        maxKeysOnCard = (fKey.size() * i) / 100;
        cacheSizeSet = true;
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "HWKC:  setMaxKeysOnCardPercent(int percent) returns int[" + maxKeysOnCard + "]");
        }
        return maxKeysOnCard;
    }

    public static void removeAllEntries() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "HWKC:  removeAllEntries()");
        }
        if (cacheInitialized()) {
            synchronized (lock) {
                reduceKeysOnCardPercent(0);
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "HWKC:  removeAllEntries()");
        }
    }

    public static void setCapacityReached() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "HWKC:  setCapacityReached()");
        }
        if (cacheInitialized() && !cacheSizeSet) {
            synchronized (lock) {
                setMaxKeysOnCardPercent(80);
                reduceKeysOnCardPercent(75);
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "HWKC:  setCapacityReached()");
        }
    }
}
