package by.avest.crypto.pkcs11.provider;

import by.avest.crypto.AvestExtensions;
import by.avest.crypto.pkcs11.provider.LoginController;
import by.avest.crypto.pkcs11.provider.bign.Pkcs11SessionKey;
import by.avest.crypto.pkcs11.provider.bign.PrivateKeyMac;
import by.avest.crypto.pkcs11.provider.bign.PublicKeyMac;
import by.avest.crypto.provider.Pkcs11SlotIntf;
import iaik.pkcs.pkcs11.wrapper.CK_MECHANISM;
import iaik.pkcs.pkcs11.wrapper.PKCS11;
import iaik.pkcs.pkcs11.wrapper.PKCS11Constants;
import iaik.pkcs.pkcs11.wrapper.PKCS11Exception;
import java.security.InvalidKeyException;
import java.security.InvalidParameterException;
import java.security.PrivateKey;
import java.security.ProviderException;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import javax.crypto.SecretKey;
import sun.security.util.Debug;

/* loaded from: input_file:by/avest/crypto/pkcs11/provider/SignatureMacAbstr.class */
public abstract class SignatureMacAbstr extends Signature implements Pkcs11SlotIntf, PKCS11Constants, AvestExtensions {
    private static final Debug dataDebug = Debug.getInstance("avp11data");
    private Pkcs11Common pkcs11Common;
    protected boolean signOperation;
    private boolean operationInitialized;
    protected SecretKeyAbstr secretKey;
    private Pkcs11SessionObject sessionSecretKey;
    private long sharedSessionId;

    /* JADX INFO: Access modifiers changed from: protected */
    public SignatureMacAbstr(String str) {
        super(str);
        if (Util.isDebug()) {
            Util.log("creating signature: " + str);
        }
        this.pkcs11Common = new Pkcs11Common();
    }

    private boolean isOperationInitialized() {
        return this.operationInitialized;
    }

    private void setOperationInitialized(boolean z) {
        this.operationInitialized = z;
    }

    private void setSignOperation(boolean z) {
        this.signOperation = z;
    }

    private boolean isSignOperation() {
        return this.signOperation;
    }

    protected PKCS11 getCryptoki() {
        return this.sharedSessionId != 0 ? this.pkcs11Common.getCryptoki(this.sharedSessionId) : this.pkcs11Common.getCryptoki();
    }

    protected Pkcs11Session getSession() {
        return this.sharedSessionId != 0 ? this.pkcs11Common.getSession(this.sharedSessionId) : this.pkcs11Common.getSession();
    }

    @Override // by.avest.crypto.provider.Pkcs11SlotIntf
    public long getVirtualSlotCount() {
        return this.pkcs11Common.getVirtualSlotCount();
    }

    @Override // by.avest.crypto.provider.Pkcs11SlotIntf
    public long getVirtualSlotId() {
        return this.pkcs11Common.getVirtualSlotId();
    }

    Pkcs11VirtualToken getVirtualToken() {
        return this.pkcs11Common.getVirtualToken();
    }

    void login(String str) {
        this.pkcs11Common.login(str);
    }

    void release() {
        this.pkcs11Common.release();
    }

    @Override // by.avest.crypto.provider.Pkcs11SlotIntf
    public void setVirtualSlotId(long j) {
        this.pkcs11Common.setVirtualSlotId(j);
    }

    @Override // java.security.SignatureSpi
    protected Object engineGetParameter(String str) throws InvalidParameterException {
        if (Util.isDebug()) {
            Util.log(getClass().getName() + ".engineGetParameter(" + str + ")");
        }
        throw new UnsupportedOperationException();
    }

    private void finalizeOperation() {
        try {
            if (isSignOperation()) {
                getCryptoki().C_SignFinal(getSession().getSessionId());
            } else {
                getCryptoki().C_VerifyFinal(getSession().getSessionId(), null);
            }
        } catch (PKCS11Exception e) {
        }
    }

    @Override // java.security.SignatureSpi
    protected void engineInitSign(final PrivateKey privateKey) throws InvalidKeyException {
        if (Util.isDebug()) {
            Util.log(getClass().getName() + ".engineInitSign(" + privateKey + ")");
        }
        release();
        LoginController.LoginExceptionVoidAction loginExceptionVoidAction = new LoginController.LoginExceptionVoidAction() { // from class: by.avest.crypto.pkcs11.provider.SignatureMacAbstr.1
            @Override // by.avest.crypto.pkcs11.provider.LoginController.VoidAction
            public void doAction() throws PKCS11Exception {
                try {
                    SignatureMacAbstr.this.initPrivateKey(privateKey);
                    SignatureMacAbstr.this.initSignInternal();
                } catch (InvalidKeyException e) {
                    setException(e);
                }
            }
        };
        LoginController.doUnreleasableAction(this.pkcs11Common, loginExceptionVoidAction);
        if (loginExceptionVoidAction.getException() != null) {
            throw ((InvalidKeyException) loginExceptionVoidAction.getException());
        }
        setSignOperation(true);
        setOperationInitialized(true);
    }

    @Override // java.security.SignatureSpi
    protected void engineInitVerify(final PublicKey publicKey) throws InvalidKeyException {
        if (Util.isDebug()) {
            Util.log(getClass().getName() + ".engineInitVerify(" + publicKey + ")");
        }
        LoginController.LoginExceptionVoidAction loginExceptionVoidAction = new LoginController.LoginExceptionVoidAction() { // from class: by.avest.crypto.pkcs11.provider.SignatureMacAbstr.2
            @Override // by.avest.crypto.pkcs11.provider.LoginController.VoidAction
            public void doAction() throws PKCS11Exception {
                try {
                    SignatureMacAbstr.this.release();
                    SignatureMacAbstr.this.initPublicKey(publicKey);
                    try {
                        SignatureMacAbstr.this.initVerifyInternal();
                    } catch (ProviderException e) {
                        InvalidKeyException invalidKeyException = new InvalidKeyException(e.getMessage());
                        invalidKeyException.initCause(e);
                        throw invalidKeyException;
                    }
                } catch (InvalidKeyException e2) {
                    setException(e2);
                }
            }
        };
        LoginController.doUnreleasableAction(this.pkcs11Common, loginExceptionVoidAction);
        if (loginExceptionVoidAction.getException() != null) {
            throw ((InvalidKeyException) loginExceptionVoidAction.getException());
        }
        setSignOperation(false);
        setOperationInitialized(true);
    }

    protected abstract void initKey(SecretKey secretKey) throws InvalidKeyException;

    /* JADX INFO: Access modifiers changed from: private */
    public void initPrivateKey(PrivateKey privateKey) throws InvalidKeyException, PKCS11Exception {
        if (!(privateKey instanceof PrivateKeyMac)) {
            throw new InvalidKeyException(ProviderExcptMessages.SA_INVALID_PRIVATE_KEY);
        }
        PrivateKeyMac privateKeyMac = (PrivateKeyMac) privateKey;
        this.sharedSessionId = privateKeyMac.getSharedSessionId();
        initKey(privateKeyMac.getSecretKey());
        setVirtualSlotId(this.secretKey.getVirtualSlotId());
        this.sessionSecretKey = getSessionKey(this.secretKey);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void initPublicKey(PublicKey publicKey) throws PKCS11Exception, InvalidKeyException {
        if (!(publicKey instanceof PublicKeyMac)) {
            throw new InvalidKeyException(ProviderExcptMessages.SA_INVALID_PUBLIC_KEY);
        }
        PublicKeyMac publicKeyMac = (PublicKeyMac) publicKey;
        this.sharedSessionId = publicKeyMac.getSharedSessionId();
        initKey(publicKeyMac.getSecretKey());
        setVirtualSlotId(this.secretKey.getVirtualSlotId());
        this.sessionSecretKey = getSessionKey(this.secretKey);
    }

    /* JADX WARN: Multi-variable type inference failed */
    private Pkcs11SessionObject getSessionKey(SecretKeyAbstr secretKeyAbstr) {
        if (secretKeyAbstr instanceof Pkcs11SessionKey) {
            return ((Pkcs11SessionKey) secretKeyAbstr).getPkcs11SessionObject();
        }
        if (secretKeyAbstr == 0) {
            throw new ProviderException(ProviderExcptMessages.CG_NULL_SECRET_KEY);
        }
        if (Util.isDebug()) {
            Util.log("searching session key, id: " + ByteArrayUtil.toHexString(secretKeyAbstr.getId()));
        }
        try {
            long findObject = Pkcs11Tool.findObject(getCryptoki(), getSession(), secretKeyAbstr.getCkTemplate().toCkAttributeArray());
            if (Util.isDebug()) {
                Util.log("secret key found, handle: " + findObject);
            }
            if (findObject == 0) {
                throw new ProviderException(ProviderExcptMessages.CG_NO_SECRET_KEY_FOUND);
            }
            Pkcs11SessionObject pkcs11SessionObject = new Pkcs11SessionObject();
            pkcs11SessionObject.setVirtualSlotId(getVirtualSlotId());
            pkcs11SessionObject.setHandle(findObject);
            Util.log("looking for secret key end");
            return pkcs11SessionObject;
        } catch (PKCS11Exception e) {
            ProviderException providerException = new ProviderException(e.getMessage());
            providerException.initCause(e);
            throw providerException;
        }
    }

    @Override // java.security.SignatureSpi
    protected void engineSetParameter(String str, Object obj) throws InvalidParameterException {
        if (Util.isDebug()) {
            Util.log(getClass().getName() + ".engineSetParameter(" + str + ", " + obj + ")");
        }
        throw new UnsupportedOperationException();
    }

    @Override // java.security.SignatureSpi
    protected byte[] engineSign() throws SignatureException {
        if (Util.isDebug()) {
            Util.log(getClass().getName() + ".engineSign()");
        }
        if (!isSignOperation()) {
            throw new SignatureException(ProviderExcptMessages.SA_VERIFY_OP_STARTED);
        }
        if (!isOperationInitialized()) {
            return null;
        }
        try {
            byte[] bArr = (byte[]) LoginController.doReleasableAction(this.pkcs11Common, new LoginController.Action() { // from class: by.avest.crypto.pkcs11.provider.SignatureMacAbstr.3
                @Override // by.avest.crypto.pkcs11.provider.LoginController.Action
                public Object doAction() throws PKCS11Exception {
                    return SignatureMacAbstr.this.signInternal();
                }
            });
            setOperationInitialized(false);
            this.sharedSessionId = 0L;
            return bArr;
        } catch (Throwable th) {
            setOperationInitialized(false);
            this.sharedSessionId = 0L;
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public byte[] signInternal() throws PKCS11Exception {
        byte[] C_SignFinal = getCryptoki().C_SignFinal(getSession().getSessionId());
        if (dataDebug != null) {
            Util.log(dataDebug, getClass().getName() + ".engineSign, signature=" + ByteArrayUtil.toHexString(C_SignFinal));
        }
        return C_SignFinal;
    }

    @Override // java.security.SignatureSpi
    protected void engineUpdate(byte b) throws SignatureException {
        if (Util.isDebug()) {
            Util.log(getClass().getName() + ".engineUpdate(byte)");
        }
        byte[] bArr = {b};
        engineUpdate(bArr, 0, bArr.length);
    }

    @Override // java.security.SignatureSpi
    protected void engineUpdate(byte[] bArr, int i, int i2) throws SignatureException {
        if (Util.isDebug()) {
            Util.log(getClass().getName() + ".engineUpdate(data, " + i + ", " + i2 + ")");
        }
        final byte[] data4Update = getData4Update(bArr, i, i2);
        LoginController.doUnreleasableAction(this.pkcs11Common, new LoginController.VoidAction() { // from class: by.avest.crypto.pkcs11.provider.SignatureMacAbstr.4
            @Override // by.avest.crypto.pkcs11.provider.LoginController.VoidAction
            public void doAction() throws PKCS11Exception {
                SignatureMacAbstr.this.updateInternal(data4Update);
            }
        });
    }

    private void ensureInitialized() throws PKCS11Exception {
        if (isOperationInitialized()) {
            return;
        }
        finalizeOperation();
        release();
        reInitialize();
    }

    private void reInitialize() throws PKCS11Exception {
        if (this.secretKey == null) {
            throw new ProviderException("Secret key is null");
        }
        this.sessionSecretKey = getSessionKey(this.secretKey);
        if (isSignOperation()) {
            initSignInternal();
        } else {
            initVerifyInternal();
        }
        setOperationInitialized(true);
    }

    private byte[] getData4Update(byte[] bArr, int i, int i2) {
        byte[] bArr2;
        if (bArr == null || (i == 0 && bArr.length == i2)) {
            bArr2 = bArr;
        } else {
            bArr2 = new byte[i2];
            System.arraycopy(bArr, i, bArr2, 0, i2);
        }
        return bArr2;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void updateInternal(byte[] bArr) throws PKCS11Exception {
        ensureInitialized();
        if (dataDebug != null) {
            Util.log(dataDebug, getClass().getName() + ".engineUpdate, input=" + ByteArrayUtil.toHexString(bArr));
        }
        if (isSignOperation()) {
            getCryptoki().C_SignUpdate(getSession().getSessionId(), bArr);
        } else {
            getCryptoki().C_VerifyUpdate(getSession().getSessionId(), bArr);
        }
    }

    @Override // java.security.SignatureSpi
    protected boolean engineVerify(final byte[] bArr) throws SignatureException {
        if (Util.isDebug()) {
            Util.log(getClass().getName() + ".engineVerify(signature)");
        }
        if (isSignOperation()) {
            throw new SignatureException(ProviderExcptMessages.SA_SIGN_OP_STARTED);
        }
        if (!isOperationInitialized()) {
            return false;
        }
        try {
            Boolean bool = (Boolean) LoginController.doReleasableAction(this.pkcs11Common, new LoginController.Action() { // from class: by.avest.crypto.pkcs11.provider.SignatureMacAbstr.5
                @Override // by.avest.crypto.pkcs11.provider.LoginController.Action
                public Object doAction() throws PKCS11Exception {
                    return new Boolean(SignatureMacAbstr.this.verifyInternal(bArr));
                }
            });
            if (Util.isDebug()) {
                Util.log("engineVerify: " + bool);
            }
            boolean booleanValue = bool.booleanValue();
            setOperationInitialized(false);
            this.sharedSessionId = 0L;
            return booleanValue;
        } catch (Throwable th) {
            setOperationInitialized(false);
            this.sharedSessionId = 0L;
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public boolean verifyInternal(byte[] bArr) throws PKCS11Exception {
        byte[] bArr2 = (byte[]) bArr.clone();
        if (dataDebug != null) {
            Util.log(dataDebug, getClass().getName() + ".engineVerify, signature=" + ByteArrayUtil.toHexString(bArr2));
        }
        try {
            getCryptoki().C_VerifyFinal(getSession().getSessionId(), bArr2);
            return true;
        } catch (PKCS11Exception e) {
            if (e.getErrorCode() == 192) {
                return false;
            }
            throw e;
        }
    }

    public abstract int getMechanism();

    /* JADX INFO: Access modifiers changed from: private */
    public synchronized void initSignInternal() throws ProviderException, PKCS11Exception {
        CK_MECHANISM ck_mechanism = new CK_MECHANISM();
        ck_mechanism.mechanism = getMechanism();
        getCryptoki().C_SignInit(getSession().getSessionId(), ck_mechanism, this.sessionSecretKey.getHandle());
    }

    /* JADX INFO: Access modifiers changed from: private */
    public synchronized void initVerifyInternal() throws PKCS11Exception, ProviderException {
        CK_MECHANISM ck_mechanism = new CK_MECHANISM();
        ck_mechanism.mechanism = getMechanism();
        getCryptoki().C_VerifyInit(getSession().getSessionId(), ck_mechanism, this.sessionSecretKey.getHandle());
    }
}
