package org.mozilla.jss;

import java.security.GeneralSecurityException;
import java.security.Security;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.Vector;
import org.mozilla.jss.asn1.ANY;
import org.mozilla.jss.asn1.ASN1Util;
import org.mozilla.jss.asn1.INTEGER;
import org.mozilla.jss.asn1.InvalidBERException;
import org.mozilla.jss.crypto.Algorithm;
import org.mozilla.jss.crypto.AlreadyInitializedException;
import org.mozilla.jss.crypto.CryptoToken;
import org.mozilla.jss.crypto.InternalCertificate;
import org.mozilla.jss.crypto.JSSSecureRandom;
import org.mozilla.jss.crypto.NoSuchItemOnTokenException;
import org.mozilla.jss.crypto.ObjectNotFoundException;
import org.mozilla.jss.crypto.PrivateKey;
import org.mozilla.jss.crypto.SignatureAlgorithm;
import org.mozilla.jss.crypto.TokenException;
import org.mozilla.jss.crypto.TokenSupplier;
import org.mozilla.jss.crypto.TokenSupplierManager;
import org.mozilla.jss.crypto.X509Certificate;
import org.mozilla.jss.pkcs11.KeyType;
import org.mozilla.jss.pkcs11.PK11Cert;
import org.mozilla.jss.pkcs11.PK11Module;
import org.mozilla.jss.pkcs11.PK11SecureRandom;
import org.mozilla.jss.pkcs11.PK11Token;
import org.mozilla.jss.provider.java.security.JSSMessageDigestSpi;
import org.mozilla.jss.util.Assert;
import org.mozilla.jss.util.ConsolePasswordCallback;
import org.mozilla.jss.util.Debug;
import org.mozilla.jss.util.InvalidNicknameException;
import org.mozilla.jss.util.PasswordCallback;

/* loaded from: input_file:org/mozilla/jss/CryptoManager.class */
public final class CryptoManager implements TokenSupplier {
    private Vector moduleVector;
    private CryptoToken internalCryptoToken;
    private CryptoToken internalKeyStorageToken;
    private PasswordCallback passwordCallback;
    public static final String JAR_JSS_VERSION = "JSS_VERSION = JSS_4_3_2_RTM";
    public static final String JAR_JDK_VERSION = "JDK_VERSION = N/A";
    public static final String JAR_NSS_VERSION = "NSS_VERSION = NSS_3_12_RTM";
    public static final String JAR_DBM_VERSION = "DBM_VERSION = N/A";
    public static final String JAR_NSPR_VERSION = "NSPR_VERSION = NSPR_4_7_RTM";
    private Hashtable perThreadTokenTable = new Hashtable();
    private static CryptoManager instance = null;
    private static int TYPE_KRL = 0;
    private static int TYPE_CRL = 1;
    private static boolean mNativeLibrariesLoaded = false;

    /* loaded from: input_file:org/mozilla/jss/CryptoManager$CertUsage.class */
    public static final class CertUsage {
        private int usage;
        private String name;
        private static ArrayList list = new ArrayList();
        public static final CertUsage SSLClient = new CertUsage(0, "SSLClient");
        public static final CertUsage SSLServer = new CertUsage(1, "SSLServer");
        public static final CertUsage SSLServerWithStepUp = new CertUsage(2, "SSLServerWithStepUp");
        public static final CertUsage SSLCA = new CertUsage(3, "SSLCA");
        public static final CertUsage EmailSigner = new CertUsage(4, "EmailSigner");
        public static final CertUsage EmailRecipient = new CertUsage(5, "EmailRecipient");
        public static final CertUsage ObjectSigner = new CertUsage(6, "ObjectSigner");
        public static final CertUsage UserCertImport = new CertUsage(7, "UserCertImport");
        public static final CertUsage VerifyCA = new CertUsage(8, "VerifyCA");
        public static final CertUsage ProtectedObjectSigner = new CertUsage(9, "ProtectedObjectSigner");
        public static final CertUsage StatusResponder = new CertUsage(10, "StatusResponder");
        public static final CertUsage AnyCA = new CertUsage(11, "AnyCA");

        private CertUsage() {
        }

        private CertUsage(int i, String str) {
            this.usage = i;
            this.name = str;
            list.add(this);
        }

        public int getUsage() {
            return this.usage;
        }

        public static Iterator getCertUsages() {
            return list.iterator();
        }

        public String toString() {
            return this.name;
        }
    }

    /* loaded from: input_file:org/mozilla/jss/CryptoManager$InitializationValues.class */
    public static final class InitializationValues {
        public final int TOKEN_LENGTH = 33;
        public final int SLOT_LENGTH = 65;
        public final int MANUFACTURER_LENGTH = 33;
        public final int LIBRARY_LENGTH = 33;
        public String configDir;
        public String certPrefix;
        public String keyPrefix;
        public String secmodName;
        public PasswordCallback passwordCallback;
        public FIPSMode fipsMode;
        public boolean readOnly;
        private String manufacturerID;
        private String libraryDescription;
        private String internalTokenDescription;
        private String internalKeyStorageTokenDescription;
        private String internalSlotDescription;
        private String internalKeyStorageSlotDescription;
        private String FIPSSlotDescription;
        private String FIPSKeyStorageSlotDescription;
        public boolean ocspCheckingEnabled;
        public String ocspResponderURL;
        public String ocspResponderCertNickname;
        public boolean installJSSProvider;
        public boolean removeSunProvider;
        public boolean initializeJavaOnly;
        public boolean PKIXVerify;
        public boolean noCertDB;
        public boolean noModDB;
        public boolean forceOpen;
        public boolean noRootInit;
        public boolean optimizeSpace;
        public boolean PK11ThreadSafe;
        public boolean PK11Reload;
        public boolean noPK11Finalize;
        public boolean cooperate;

        /* loaded from: input_file:org/mozilla/jss/CryptoManager$InitializationValues$FIPSMode.class */
        public static final class FIPSMode {
            public static final FIPSMode ENABLED = new FIPSMode();
            public static final FIPSMode DISABLED = new FIPSMode();
            public static final FIPSMode UNCHANGED = new FIPSMode();

            private FIPSMode() {
            }
        }

        protected InitializationValues() {
            this.TOKEN_LENGTH = 33;
            this.SLOT_LENGTH = 65;
            this.MANUFACTURER_LENGTH = 33;
            this.LIBRARY_LENGTH = 33;
            this.configDir = null;
            this.certPrefix = null;
            this.keyPrefix = null;
            this.secmodName = null;
            this.passwordCallback = new ConsolePasswordCallback();
            this.fipsMode = FIPSMode.UNCHANGED;
            this.readOnly = false;
            this.manufacturerID = "mozilla.org                      ";
            this.libraryDescription = "Internal Crypto Services         ";
            this.internalTokenDescription = "NSS Generic Crypto Services      ";
            this.internalKeyStorageTokenDescription = "Internal Key Storage Token       ";
            this.internalSlotDescription = "NSS Internal Cryptographic Services                              ";
            this.internalKeyStorageSlotDescription = "NSS User Private Key and Certificate Services                    ";
            this.FIPSSlotDescription = "NSS FIPS 140-2 User Private Key Services                         ";
            this.FIPSKeyStorageSlotDescription = "NSS FIPS 140-2 User Private Key Services                         ";
            this.ocspCheckingEnabled = false;
            this.ocspResponderURL = null;
            this.ocspResponderCertNickname = null;
            this.installJSSProvider = true;
            this.removeSunProvider = false;
            this.initializeJavaOnly = false;
            this.PKIXVerify = false;
            this.noCertDB = false;
            this.noModDB = false;
            this.forceOpen = false;
            this.noRootInit = false;
            this.optimizeSpace = false;
            this.PK11ThreadSafe = false;
            this.PK11Reload = false;
            this.noPK11Finalize = false;
            this.cooperate = false;
            Assert.notReached("Default constructor");
        }

        public InitializationValues(String str) {
            this.TOKEN_LENGTH = 33;
            this.SLOT_LENGTH = 65;
            this.MANUFACTURER_LENGTH = 33;
            this.LIBRARY_LENGTH = 33;
            this.configDir = null;
            this.certPrefix = null;
            this.keyPrefix = null;
            this.secmodName = null;
            this.passwordCallback = new ConsolePasswordCallback();
            this.fipsMode = FIPSMode.UNCHANGED;
            this.readOnly = false;
            this.manufacturerID = "mozilla.org                      ";
            this.libraryDescription = "Internal Crypto Services         ";
            this.internalTokenDescription = "NSS Generic Crypto Services      ";
            this.internalKeyStorageTokenDescription = "Internal Key Storage Token       ";
            this.internalSlotDescription = "NSS Internal Cryptographic Services                              ";
            this.internalKeyStorageSlotDescription = "NSS User Private Key and Certificate Services                    ";
            this.FIPSSlotDescription = "NSS FIPS 140-2 User Private Key Services                         ";
            this.FIPSKeyStorageSlotDescription = "NSS FIPS 140-2 User Private Key Services                         ";
            this.ocspCheckingEnabled = false;
            this.ocspResponderURL = null;
            this.ocspResponderCertNickname = null;
            this.installJSSProvider = true;
            this.removeSunProvider = false;
            this.initializeJavaOnly = false;
            this.PKIXVerify = false;
            this.noCertDB = false;
            this.noModDB = false;
            this.forceOpen = false;
            this.noRootInit = false;
            this.optimizeSpace = false;
            this.PK11ThreadSafe = false;
            this.PK11Reload = false;
            this.noPK11Finalize = false;
            this.cooperate = false;
            this.configDir = str;
        }

        public InitializationValues(String str, String str2, String str3, String str4) {
            this.TOKEN_LENGTH = 33;
            this.SLOT_LENGTH = 65;
            this.MANUFACTURER_LENGTH = 33;
            this.LIBRARY_LENGTH = 33;
            this.configDir = null;
            this.certPrefix = null;
            this.keyPrefix = null;
            this.secmodName = null;
            this.passwordCallback = new ConsolePasswordCallback();
            this.fipsMode = FIPSMode.UNCHANGED;
            this.readOnly = false;
            this.manufacturerID = "mozilla.org                      ";
            this.libraryDescription = "Internal Crypto Services         ";
            this.internalTokenDescription = "NSS Generic Crypto Services      ";
            this.internalKeyStorageTokenDescription = "Internal Key Storage Token       ";
            this.internalSlotDescription = "NSS Internal Cryptographic Services                              ";
            this.internalKeyStorageSlotDescription = "NSS User Private Key and Certificate Services                    ";
            this.FIPSSlotDescription = "NSS FIPS 140-2 User Private Key Services                         ";
            this.FIPSKeyStorageSlotDescription = "NSS FIPS 140-2 User Private Key Services                         ";
            this.ocspCheckingEnabled = false;
            this.ocspResponderURL = null;
            this.ocspResponderCertNickname = null;
            this.installJSSProvider = true;
            this.removeSunProvider = false;
            this.initializeJavaOnly = false;
            this.PKIXVerify = false;
            this.noCertDB = false;
            this.noModDB = false;
            this.forceOpen = false;
            this.noRootInit = false;
            this.optimizeSpace = false;
            this.PK11ThreadSafe = false;
            this.PK11Reload = false;
            this.noPK11Finalize = false;
            this.cooperate = false;
            this.configDir = str;
            this.certPrefix = str2;
            this.keyPrefix = str3;
            this.secmodName = str4;
        }

        public String getManufacturerID() {
            return this.manufacturerID;
        }

        public void setManufacturerID(String str) throws InvalidLengthException {
            if (str.length() != 33) {
                throw new InvalidLengthException();
            }
            this.manufacturerID = str;
        }

        public String getLibraryDescription() {
            return this.libraryDescription;
        }

        public void setLibraryDescription(String str) throws InvalidLengthException {
            if (str.length() != 33) {
                throw new InvalidLengthException();
            }
            this.libraryDescription = str;
        }

        public String getInternalTokenDescription() {
            return this.internalTokenDescription;
        }

        public void setInternalTokenDescription(String str) throws InvalidLengthException {
            if (str.length() != 33) {
                throw new InvalidLengthException();
            }
            this.internalTokenDescription = str;
        }

        public String getInternalKeyStorageTokenDescription() {
            return this.internalKeyStorageTokenDescription;
        }

        public void setInternalKeyStorageTokenDescription(String str) throws InvalidLengthException {
            if (str.length() != 33) {
                throw new InvalidLengthException();
            }
            this.internalKeyStorageTokenDescription = str;
        }

        public String getInternalSlotDescription() {
            return this.internalSlotDescription;
        }

        public void setInternalSlotDescription(String str) throws InvalidLengthException {
            if (str.length() != 65) {
                throw new InvalidLengthException();
            }
            this.internalSlotDescription = str;
        }

        public String getInternalKeyStorageSlotDescription() {
            return this.internalKeyStorageSlotDescription;
        }

        public void setInternalKeyStorageSlotDescription(String str) throws InvalidLengthException {
            if (str.length() != 65) {
                throw new InvalidLengthException();
            }
            this.internalKeyStorageSlotDescription = str;
        }

        public String getFIPSSlotDescription() {
            return this.FIPSSlotDescription;
        }

        public void setFIPSSlotDescription(String str) throws InvalidLengthException {
            if (str.length() != 65) {
                throw new InvalidLengthException();
            }
            this.FIPSSlotDescription = str;
        }

        public String getFIPSKeyStorageSlotDescription() {
            return this.FIPSKeyStorageSlotDescription;
        }

        public void setFIPSKeyStorageSlotDescription(String str) throws InvalidLengthException {
            if (str.length() != 65) {
                throw new InvalidLengthException();
            }
            this.FIPSKeyStorageSlotDescription = str;
        }
    }

    /* loaded from: input_file:org/mozilla/jss/CryptoManager$InvalidLengthException.class */
    public static final class InvalidLengthException extends Exception {
    }

    /* loaded from: input_file:org/mozilla/jss/CryptoManager$NicknameConflictException.class */
    public static final class NicknameConflictException extends Exception {
    }

    /* loaded from: input_file:org/mozilla/jss/CryptoManager$NotInitializedException.class */
    public static final class NotInitializedException extends Exception {
    }

    /* loaded from: input_file:org/mozilla/jss/CryptoManager$UserCertConflictException.class */
    public static final class UserCertConflictException extends Exception {
    }

    @Override // org.mozilla.jss.crypto.TokenSupplier
    public synchronized CryptoToken getInternalCryptoToken() {
        return this.internalCryptoToken;
    }

    public synchronized CryptoToken getInternalKeyStorageToken() {
        return this.internalKeyStorageToken;
    }

    public synchronized CryptoToken getTokenByName(String str) throws NoSuchTokenException {
        Enumeration allTokens = getAllTokens();
        while (allTokens.hasMoreElements()) {
            CryptoToken cryptoToken = (CryptoToken) allTokens.nextElement();
            try {
            } catch (TokenException e) {
                Assert._assert(false, "Got a token exception");
            }
            if (str.equals(cryptoToken.getName())) {
                return cryptoToken;
            }
        }
        throw new NoSuchTokenException();
    }

    public synchronized Enumeration getTokensSupportingAlgorithm(Algorithm algorithm) {
        Enumeration allTokens = getAllTokens();
        Vector vector = new Vector();
        while (allTokens.hasMoreElements()) {
            CryptoToken cryptoToken = (CryptoToken) allTokens.nextElement();
            if (cryptoToken.doesAlgorithm(algorithm)) {
                vector.addElement(cryptoToken);
            }
        }
        return vector.elements();
    }

    public synchronized Enumeration getAllTokens() {
        Enumeration modules = getModules();
        Vector vector = new Vector();
        while (modules.hasMoreElements()) {
            Enumeration tokens = ((PK11Module) modules.nextElement()).getTokens();
            while (tokens.hasMoreElements()) {
                vector.addElement(tokens.nextElement());
            }
        }
        return vector.elements();
    }

    public synchronized Enumeration getExternalTokens() {
        Enumeration modules = getModules();
        Vector vector = new Vector();
        while (modules.hasMoreElements()) {
            Enumeration tokens = ((PK11Module) modules.nextElement()).getTokens();
            while (tokens.hasMoreElements()) {
                PK11Token pK11Token = (PK11Token) tokens.nextElement();
                if (!pK11Token.isInternalCryptoToken() && !pK11Token.isInternalKeyStorageToken()) {
                    vector.addElement(pK11Token);
                }
            }
        }
        return vector.elements();
    }

    public synchronized Enumeration getModules() {
        return this.moduleVector.elements();
    }

    private synchronized void reloadModules() {
        this.moduleVector = new Vector();
        putModulesInVector(this.moduleVector);
        Enumeration allTokens = getAllTokens();
        this.internalCryptoToken = null;
        this.internalKeyStorageToken = null;
        while (allTokens.hasMoreElements()) {
            PK11Token pK11Token = (PK11Token) allTokens.nextElement();
            if (pK11Token.isInternalCryptoToken()) {
                Assert._assert(this.internalCryptoToken == null);
                this.internalCryptoToken = pK11Token;
            }
            if (pK11Token.isInternalKeyStorageToken()) {
                Assert._assert(this.internalKeyStorageToken == null);
                this.internalKeyStorageToken = pK11Token;
            }
        }
        Assert._assert(this.internalKeyStorageToken != null);
        Assert._assert(this.internalCryptoToken != null);
    }

    private native void putModulesInVector(Vector vector);

    protected CryptoManager() {
        TokenSupplierManager.setTokenSupplier(this);
        reloadModules();
    }

    public static synchronized CryptoManager getInstance() throws NotInitializedException {
        if (instance == null) {
            throw new NotInitializedException();
        }
        return instance;
    }

    private static native boolean enableFIPS(boolean z) throws GeneralSecurityException;

    public native synchronized boolean FIPSEnabled();

    public synchronized void setPasswordCallback(PasswordCallback passwordCallback) {
        this.passwordCallback = passwordCallback;
        setNativePasswordCallback(passwordCallback);
    }

    private native void setNativePasswordCallback(PasswordCallback passwordCallback);

    public synchronized PasswordCallback getPasswordCallback() {
        return this.passwordCallback;
    }

    public static synchronized void initialize(String str) throws KeyDatabaseException, CertDatabaseException, AlreadyInitializedException, GeneralSecurityException {
        initialize(new InitializationValues(str));
    }

    public static synchronized void initialize(InitializationValues initializationValues) throws KeyDatabaseException, CertDatabaseException, AlreadyInitializedException, GeneralSecurityException {
        if (instance != null) {
            throw new AlreadyInitializedException();
        }
        loadNativeLibraries();
        if (initializationValues.ocspResponderURL != null && initializationValues.ocspResponderCertNickname == null) {
            throw new GeneralSecurityException("Must set ocspResponderCertNickname");
        }
        initializeAllNative(initializationValues.configDir, initializationValues.certPrefix, initializationValues.keyPrefix, initializationValues.secmodName, initializationValues.readOnly, initializationValues.getManufacturerID(), initializationValues.getLibraryDescription(), initializationValues.getInternalTokenDescription(), initializationValues.getInternalKeyStorageTokenDescription(), initializationValues.getInternalSlotDescription(), initializationValues.getInternalKeyStorageSlotDescription(), initializationValues.getFIPSSlotDescription(), initializationValues.getFIPSKeyStorageSlotDescription(), initializationValues.ocspCheckingEnabled, initializationValues.ocspResponderURL, initializationValues.ocspResponderCertNickname, initializationValues.initializeJavaOnly, initializationValues.PKIXVerify, initializationValues.noCertDB, initializationValues.noModDB, initializationValues.forceOpen, initializationValues.noRootInit, initializationValues.optimizeSpace, initializationValues.PK11ThreadSafe, initializationValues.PK11Reload, initializationValues.noPK11Finalize, initializationValues.cooperate);
        instance = new CryptoManager();
        instance.setPasswordCallback(initializationValues.passwordCallback);
        if (initializationValues.fipsMode != InitializationValues.FIPSMode.UNCHANGED) {
            if (enableFIPS(initializationValues.fipsMode == InitializationValues.FIPSMode.ENABLED)) {
                instance.reloadModules();
            }
        }
        new JSSMessageDigestSpi.SHA1();
        KeyType.getKeyTypeFromAlgorithm(SignatureAlgorithm.RSASignatureWithSHA1Digest);
        if (initializationValues.installJSSProvider) {
            Security.insertProviderAt(new JSSProvider(), 1);
        }
        if (initializationValues.removeSunProvider) {
            Security.removeProvider("SUN");
        }
    }

    private static native void initializeAllNative(String str, String str2, String str3, String str4, boolean z, String str5, String str6, String str7, String str8, String str9, String str10, String str11, String str12, boolean z2, String str13, String str14, boolean z3, boolean z4, boolean z5, boolean z6, boolean z7, boolean z8, boolean z9, boolean z10, boolean z11, boolean z12, boolean z13) throws KeyDatabaseException, CertDatabaseException, AlreadyInitializedException;

    public native X509Certificate[] getCACerts();

    public native X509Certificate[] getPermCerts();

    public X509Certificate importCertPackage(byte[] bArr, String str) throws CertificateEncodingException, NicknameConflictException, UserCertConflictException, NoSuchItemOnTokenException, TokenException {
        return importCertPackageNative(bArr, str, false, false);
    }

    public X509Certificate importUserCACertPackage(byte[] bArr, String str) throws CertificateEncodingException, NicknameConflictException, UserCertConflictException, NoSuchItemOnTokenException, TokenException {
        return importCertPackageNative(bArr, str, false, true);
    }

    public X509Certificate importCACertPackage(byte[] bArr) throws CertificateEncodingException, TokenException {
        try {
            return importCertPackageNative(bArr, null, true, false);
        } catch (NicknameConflictException e) {
            Assert.notReached("importing CA certs caused nickname conflict");
            Debug.trace(1, "importing CA certs caused nickname conflict");
            return null;
        } catch (UserCertConflictException e2) {
            Assert.notReached("importing CA certs caused user cert conflict");
            Debug.trace(1, "importing CA certs caused user cert conflict");
            return null;
        } catch (NoSuchItemOnTokenException e3) {
            Assert.notReached("importing CA certs caused NoSuchItemOnTokenException");
            Debug.trace(1, "importing CA certs caused NoSuchItemOnTokenException");
            return null;
        }
    }

    public InternalCertificate importCertToPerm(X509Certificate x509Certificate, String str) throws TokenException, InvalidNicknameException {
        if (str == null) {
            throw new InvalidNicknameException("Nickname must be non-null");
        }
        return importCertToPermNative(x509Certificate, str);
    }

    private native InternalCertificate importCertToPermNative(X509Certificate x509Certificate, String str) throws TokenException;

    private native X509Certificate importCertPackageNative(byte[] bArr, String str, boolean z, boolean z2) throws CertificateEncodingException, NicknameConflictException, UserCertConflictException, NoSuchItemOnTokenException, TokenException;

    public void importCRL(byte[] bArr, String str) throws CRLImportException, TokenException {
        importCRLNative(bArr, str, TYPE_CRL);
    }

    private native void importCRLNative(byte[] bArr, String str, int i) throws CRLImportException, TokenException;

    public native byte[] exportCertsToPKCS7(X509Certificate[] x509CertificateArr) throws CertificateEncodingException;

    public X509Certificate findCertByNickname(String str) throws ObjectNotFoundException, TokenException {
        Assert._assert(str != null);
        return findCertByNicknameNative(str);
    }

    public X509Certificate[] findCertsByNickname(String str) throws TokenException {
        Assert._assert(str != null);
        return findCertsByNicknameNative(str);
    }

    public X509Certificate findCertByIssuerAndSerialNumber(byte[] bArr, INTEGER integer) throws ObjectNotFoundException, TokenException {
        try {
            return findCertByIssuerAndSerialNumberNative(bArr, ((ANY) ASN1Util.decode(ANY.getTemplate(), ASN1Util.encode(integer))).getContents());
        } catch (InvalidBERException e) {
            Assert.notReached("Invalid BER encoding of INTEGER");
            return null;
        }
    }

    private native X509Certificate findCertByIssuerAndSerialNumberNative(byte[] bArr, byte[] bArr2) throws ObjectNotFoundException, TokenException;

    protected native X509Certificate findCertByNicknameNative(String str) throws ObjectNotFoundException, TokenException;

    protected native X509Certificate[] findCertsByNicknameNative(String str) throws TokenException;

    public X509Certificate[] buildCertificateChain(X509Certificate x509Certificate) throws CertificateException, TokenException {
        if (x509Certificate instanceof PK11Cert) {
            return buildCertificateChainNative((PK11Cert) x509Certificate);
        }
        throw new CertificateException("Certificate is not a PKCS #11 certificate");
    }

    native X509Certificate[] buildCertificateChainNative(PK11Cert pK11Cert) throws CertificateException, TokenException;

    public PrivateKey findPrivKeyByCert(X509Certificate x509Certificate) throws ObjectNotFoundException, TokenException {
        Assert._assert(x509Certificate != null);
        if (x509Certificate instanceof PK11Cert) {
            return findPrivKeyByCertNative(x509Certificate);
        }
        Assert.notReached("non-pkcs11 cert passed to PK11Finder");
        throw new ObjectNotFoundException();
    }

    protected native PrivateKey findPrivKeyByCertNative(X509Certificate x509Certificate) throws ObjectNotFoundException, TokenException;

    public JSSSecureRandom createPseudoRandomNumberGenerator() {
        return new PK11SecureRandom();
    }

    @Override // org.mozilla.jss.crypto.TokenSupplier
    public JSSSecureRandom getSecureRNG() {
        return new PK11SecureRandom();
    }

    static synchronized void loadNativeLibraries() {
        if (mNativeLibrariesLoaded) {
            return;
        }
        System.loadLibrary("jss4");
        Debug.trace(5, "jss library loaded");
        mNativeLibrariesLoaded = true;
    }

    @Override // org.mozilla.jss.crypto.TokenSupplier
    public void setThreadToken(CryptoToken cryptoToken) {
        if (cryptoToken != null) {
            this.perThreadTokenTable.put(Thread.currentThread(), cryptoToken);
        } else {
            this.perThreadTokenTable.remove(Thread.currentThread());
        }
    }

    @Override // org.mozilla.jss.crypto.TokenSupplier
    public CryptoToken getThreadToken() {
        CryptoToken cryptoToken = (CryptoToken) this.perThreadTokenTable.get(Thread.currentThread());
        if (cryptoToken == null) {
            cryptoToken = getInternalKeyStorageToken();
        }
        return cryptoToken;
    }

    public boolean isCertValid(String str, boolean z, CertUsage certUsage) throws ObjectNotFoundException, InvalidNicknameException {
        if (str == null) {
            throw new InvalidNicknameException("Nickname must be non-null");
        }
        return verifyCertNowNative(str, z, certUsage.getUsage());
    }

    private native boolean verifyCertNowNative(String str, boolean z, int i) throws ObjectNotFoundException;

    public boolean isCertValid(byte[] bArr, boolean z, CertUsage certUsage) throws TokenException, CertificateEncodingException {
        return verifyCertTempNative(bArr, z, certUsage.getUsage());
    }

    private native boolean verifyCertTempNative(byte[] bArr, boolean z, int i) throws TokenException, CertificateEncodingException;

    public void configureOCSP(boolean z, String str, String str2) throws GeneralSecurityException {
        configureOCSPNative(z, str, str2);
    }

    private native void configureOCSPNative(boolean z, String str, String str2) throws GeneralSecurityException;
}
