package by.avest.crypto.pkcs11.provider.bign;

import by.avest.crypto.AvPKIExtensions;
import by.avest.crypto.pkcs11.provider.AvestProvider;
import by.avest.crypto.pkcs11.provider.ByteArrayUtil;
import by.avest.crypto.pkcs11.provider.CipherAbstr;
import by.avest.crypto.pkcs11.provider.Pkcs11SessionObject;
import by.avest.crypto.pkcs11.provider.Pkcs11Tool;
import by.avest.crypto.pkcs11.provider.PrivateKeyAbstr;
import by.avest.crypto.pkcs11.provider.ProviderDependent;
import by.avest.crypto.pkcs11.provider.ProviderExcptMessages;
import by.avest.crypto.pkcs11.provider.PublicKeyAbstr;
import by.avest.crypto.pkcs11.provider.SecretKeyAbstr;
import by.avest.crypto.pkcs11.provider.Util;
import iaik.pkcs.pkcs11.parameters.Parameters;
import iaik.pkcs.pkcs11.wrapper.CK_MECHANISM;
import iaik.pkcs.pkcs11.wrapper.PKCS11Exception;
import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import java.security.ProviderException;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.spec.AlgorithmParameterSpec;
import java.text.MessageFormat;
import java.util.HashMap;
import java.util.Map;
import javax.crypto.BadPaddingException;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.ShortBufferException;

/* loaded from: input_file:by/avest/crypto/pkcs11/provider/bign/CipherWrap.class */
public abstract class CipherWrap extends CipherAbstr implements BignExtensions, ProviderDependent {
    private static final Map<String, Integer> keyAlgorithms = new HashMap();
    private int opMode;
    private boolean operationInitialized;
    protected Parameters wrapParameter;
    private Pkcs11SessionObject sessionPrivateKey;
    private Pkcs11SessionObject sessionPublicKey;
    private PrivateKeyAbstr privateKey;
    private PublicKeyAbstr publicKey;
    protected AlgorithmParameterSpec wrapParameterSpec;

    private boolean isOperationInitialized() {
        return this.operationInitialized;
    }

    private void setOperationInitialized(boolean z) {
        this.operationInitialized = z;
    }

    private void setOperationMode(int i) {
        this.opMode = i;
    }

    private int getOperationMode() {
        return this.opMode;
    }

    protected boolean isEncryptMode() {
        return getOperationMode() == 1;
    }

    protected boolean isDecryptMode() {
        return getOperationMode() == 2;
    }

    protected boolean isWrapMode() {
        return getOperationMode() == 3;
    }

    protected boolean isUnwrapMode() {
        return getOperationMode() == 4;
    }

    protected abstract int getMechanism();

    private Object getMechanismParameter() {
        return this.wrapParameter == null ? null : this.wrapParameter.getPKCS11ParamsObject();
    }

    protected void ensureInitialized() throws PKCS11Exception {
        if (isOperationInitialized()) {
            return;
        }
        release();
        reInitialize();
    }

    private void reInitialize() throws PKCS11Exception {
        if (isWrapMode()) {
            if (getPublicKey() == null) {
                throw new ProviderException("Public key is null");
            }
            setSessionPublicKey(getSessionKey(getPublicKey()));
        } else if (isUnwrapMode()) {
            if (getPrivateKey() == null) {
                throw new ProviderException("Private key is null");
            }
            setSessionPrivateKey(getSessionKey(getPrivateKey()));
        }
        setOperationInitialized(true);
    }

    protected abstract void initCipherParameterSpec(AlgorithmParameterSpec algorithmParameterSpec) throws InvalidAlgorithmParameterException;

    @Override // javax.crypto.CipherSpi
    protected byte[] engineWrap(Key key) throws IllegalBlockSizeException, InvalidKeyException {
        if (Util.isDebug()) {
            Util.log(getClass().getName() + ".engineWrap(" + Util.getClassName(key) + ")");
        }
        try {
            try {
                ensureInitialized();
                CK_MECHANISM ck_mechanism = new CK_MECHANISM();
                ck_mechanism.mechanism = getMechanism();
                ck_mechanism.pParameter = getMechanismParameter();
                byte[] C_WrapKey = getCryptoki().C_WrapKey(getSession().getSessionId(), ck_mechanism, getSessionPublicKey().getHandle(), getSessionWrappedKey(key).getHandle());
                updateOutputParameter(ck_mechanism.pParameter);
                release();
                setOperationInitialized(false);
                getSessionPublicKey().destroy();
                return C_WrapKey;
            } catch (PKCS11Exception e) {
                ProviderException providerException = new ProviderException(e.getMessage());
                providerException.initCause(e);
                throw providerException;
            }
        } catch (Throwable th) {
            release();
            setOperationInitialized(false);
            getSessionPublicKey().destroy();
            throw th;
        }
    }

    protected void updateOutputParameter(Object obj) {
    }

    @Override // javax.crypto.CipherSpi
    protected Key engineUnwrap(byte[] bArr, String str, int i) throws InvalidKeyException, NoSuchAlgorithmException {
        SecretKey createSecretKey;
        if (Util.isDebug()) {
            Util.log(getClass().getName() + ".engineUnwrap(data, " + str + ", " + i + ")");
        }
        if (bArr == null || bArr.length == 0 || str == null) {
            return null;
        }
        Integer num = keyAlgorithms.get(str.toUpperCase());
        if (num == null) {
            throw new NoSuchAlgorithmException(MessageFormat.format(ProviderExcptMessages.CG_ECB_UNSUPPORTED_WRAPPED_KEY_ALG, str));
        }
        try {
            if (i != 3) {
                throw new NoSuchAlgorithmException(ProviderExcptMessages.CG_ECB_KEY_TYPE_MUSTBE);
            }
            try {
                Pkcs11SessionObject sessionPrivateKey = getSessionPrivateKey();
                CK_MECHANISM ck_mechanism = new CK_MECHANISM();
                ck_mechanism.mechanism = getMechanism();
                ck_mechanism.pParameter = getMechanismParameter();
                long C_UnwrapKey = getCryptoki().C_UnwrapKey(getSession().getSessionId(), ck_mechanism, sessionPrivateKey.getHandle(), bArr, BignUtils.buildSecretKeyTemplate(num.intValue()).toCkAttributeArray());
                synchronized (Pkcs11Tool.SECRET_KEY_ID_GENERATOR_LOCK) {
                    byte[] generateSecretKeyId = BignUtils.generateSecretKeyId(getCryptoki(), getSession(), C_UnwrapKey);
                    Pkcs11Tool.setAttributeValue(getCryptoki(), getSession(), C_UnwrapKey, 258L, generateSecretKeyId);
                    createSecretKey = getVirtualToken().isCachingEnabled() ? createSecretKey(num, C_UnwrapKey, generateSecretKeyId) : createSecretKey(num, generateSecretKeyId);
                }
                return createSecretKey;
            } catch (PKCS11Exception e) {
                ProviderException providerException = new ProviderException(e.getMessage());
                providerException.initCause(e);
                throw providerException;
            }
        } finally {
            release();
        }
    }

    private SecretKey createSecretKey(Integer num, long j, byte[] bArr) {
        if (num.intValue() == -1911554046) {
            return new SecretKeyGOST_28147_89Memory(getVirtualSlotId(), j, bArr);
        }
        if (num.intValue() == -1911554047) {
            return new SecretKeyBelTMemory(getVirtualSlotId(), j, bArr);
        }
        if (num.intValue() == 16) {
            return new SecretKeyGenericMemory(getVirtualSlotId(), j, bArr);
        }
        return null;
    }

    private SecretKey createSecretKey(Integer num, byte[] bArr) {
        if (num.intValue() == -1911554046) {
            return new SecretKeyGOST_28147_89(getVirtualSlotId(), bArr);
        }
        if (num.intValue() == -1911554047) {
            return new SecretKeyBelT(getVirtualSlotId(), bArr);
        }
        if (num.intValue() == 16) {
            return new SecretKeyGeneric(getVirtualSlotId(), bArr);
        }
        return null;
    }

    private Pkcs11SessionObject getSessionWrappedKey(Key key) throws PKCS11Exception, InvalidKeyException {
        if (key instanceof SecretKeyAbstr) {
            return getSessionKey((SecretKeyAbstr) key);
        }
        throw new InvalidKeyException(ProviderExcptMessages.CG_ECB_INVALID_WRAPPED_KEY_INST);
    }

    private Pkcs11SessionObject getSessionPublicKey() {
        return this.sessionPublicKey;
    }

    private void setSessionPublicKey(Pkcs11SessionObject pkcs11SessionObject) {
        this.sessionPublicKey = pkcs11SessionObject;
    }

    private PublicKeyAbstr getPublicKey() {
        return this.publicKey;
    }

    private void setPublicKey(PublicKeyAbstr publicKeyAbstr) {
        this.publicKey = publicKeyAbstr;
    }

    private PrivateKeyAbstr getPrivateKey() {
        return this.privateKey;
    }

    private void setPrivateKey(PrivateKeyAbstr privateKeyAbstr) {
        this.privateKey = privateKeyAbstr;
    }

    private synchronized Pkcs11SessionObject getSessionPrivateKey() {
        return this.sessionPrivateKey;
    }

    private synchronized void setSessionPrivateKey(Pkcs11SessionObject pkcs11SessionObject) {
        this.sessionPrivateKey = pkcs11SessionObject;
    }

    @Override // javax.crypto.CipherSpi
    protected byte[] engineDoFinal(byte[] bArr, int i, int i2) throws IllegalBlockSizeException, BadPaddingException {
        if (!Util.isDebug()) {
            return null;
        }
        Util.log(getClass().getName() + ".engineFinal(data, " + i + ", " + i2 + ")");
        return null;
    }

    private Pkcs11SessionObject getSessionKey(SecretKeyAbstr secretKeyAbstr) throws PKCS11Exception {
        if (secretKeyAbstr == null) {
            throw new ProviderException(ProviderExcptMessages.CG_NULL_SECRET_KEY);
        }
        if (Util.isDebug()) {
            Util.log("searching session key, id: " + ByteArrayUtil.toHexString(secretKeyAbstr.getId()));
        }
        long findObject = Pkcs11Tool.findObject(getCryptoki(), getSession(), secretKeyAbstr.getCkTemplate().toCkAttributeArray());
        if (Util.isDebug()) {
            Util.log("secret key found, handle: " + findObject);
        }
        if (findObject == 0) {
            throw new ProviderException(ProviderExcptMessages.CG_NO_SECRET_KEY_FOUND);
        }
        Pkcs11SessionObject pkcs11SessionObject = new Pkcs11SessionObject();
        pkcs11SessionObject.setVirtualSlotId(getVirtualSlotId());
        pkcs11SessionObject.setHandle(findObject);
        return pkcs11SessionObject;
    }

    @Override // javax.crypto.CipherSpi
    protected int engineDoFinal(byte[] bArr, int i, int i2, byte[] bArr2, int i3) throws ShortBufferException, IllegalBlockSizeException, BadPaddingException {
        if (Util.isDebug()) {
            Util.log(getClass().getName() + ".engineFinal(data, " + i + ", " + i2 + ", outData, " + i3 + ")");
        }
        throw new UnsupportedOperationException();
    }

    @Override // javax.crypto.CipherSpi
    protected int engineGetBlockSize() {
        if (!Util.isDebug()) {
            return 0;
        }
        Util.log(getClass().getName() + ".engineGetBlockSize()");
        return 0;
    }

    @Override // javax.crypto.CipherSpi
    protected int engineGetKeySize(Key key) throws InvalidKeyException {
        if (!Util.isDebug()) {
            return 0;
        }
        Util.log(getClass().getName() + ".engineGetKeySize(" + Util.getClassName(key) + ")");
        return 0;
    }

    @Override // javax.crypto.CipherSpi
    protected byte[] engineGetIV() {
        if (!Util.isDebug()) {
            return null;
        }
        Util.log(getClass().getName() + ".engineGetIV()");
        return null;
    }

    @Override // javax.crypto.CipherSpi
    protected int engineGetOutputSize(int i) {
        if (!Util.isDebug()) {
            return 0;
        }
        Util.log(getClass().getName() + ".engineGetOutputSize(" + i + ")");
        return 0;
    }

    @Override // javax.crypto.CipherSpi
    protected void engineInit(int i, Key key, SecureRandom secureRandom) throws InvalidKeyException {
        if (Util.isDebug()) {
            Util.log(getClass().getName() + ".engineInit(" + i + ", " + Util.getClassName(key) + ", " + Util.getClassName(secureRandom) + ")");
        }
        try {
            engineInit(i, key, (AlgorithmParameterSpec) null, secureRandom);
        } catch (InvalidAlgorithmParameterException e) {
            release();
            setOperationInitialized(false);
            ProviderException providerException = new ProviderException(e.getMessage());
            providerException.initCause(e);
            throw providerException;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.crypto.CipherSpi
    public void engineInit(int i, Key key, AlgorithmParameterSpec algorithmParameterSpec, SecureRandom secureRandom) throws InvalidKeyException, InvalidAlgorithmParameterException {
        if (Util.isDebug()) {
            Util.log(getClass().getName() + ".engineInit(" + i + ", " + Util.getClassName(key) + ", " + algorithmParameterSpec + ", " + Util.getClassName(secureRandom) + ")");
        }
        try {
            release();
            initOperationMode(i);
            initKey(key);
            initCipherParameterSpec(algorithmParameterSpec);
            setOperationInitialized(true);
        } catch (PKCS11Exception e) {
            release();
            ProviderException providerException = new ProviderException(e.getMessage());
            providerException.initCause(e);
            throw providerException;
        } catch (InvalidAlgorithmParameterException e2) {
            release();
            throw e2;
        } catch (InvalidKeyException e3) {
            release();
            throw e3;
        } catch (ProviderException e4) {
            release();
            throw e4;
        }
    }

    private void initKey(Key key) throws InvalidKeyException, PKCS11Exception {
        if (!isWrapMode()) {
            if (isUnwrapMode()) {
                if (!(key instanceof PrivateKeyAbstr)) {
                    throw new InvalidKeyException(ProviderExcptMessages.SA_INVALID_PRIVATE_KEY);
                }
                PrivateKeyAbstr privateKeyAbstr = (PrivateKeyAbstr) key;
                if (!isPrivateKeyAcceptable(privateKeyAbstr)) {
                    throw new InvalidKeyException(ProviderExcptMessages.SA_INVALID_PRIVATE_KEY);
                }
                setVirtualSlotId(privateKeyAbstr.getVirtualSlotId());
                setPrivateKey(privateKeyAbstr);
                setSessionPrivateKey(getSessionKey(privateKeyAbstr));
                return;
            }
            return;
        }
        initVirtualSlot();
        PublicKeyAbstr publicKeyAbstr = null;
        if (key instanceof PublicKeyAbstr) {
            if (Util.isDebug()) {
                Util.log("we got known key type");
            }
            publicKeyAbstr = (PublicKeyAbstr) key;
        } else if (key instanceof PublicKey) {
            if (Util.isDebug()) {
                Util.log("we got unknown public key type, wrapping");
            }
            try {
                publicKeyAbstr = PublicKeyAbstr.generate(key.getEncoded(), getVirtualSlotId());
                if (Util.isDebug()) {
                    Util.log("result public key: " + Util.getClassName(publicKeyAbstr));
                }
            } catch (IOException e) {
                throw new InvalidKeyException(e.getMessage(), e);
            } catch (NoSuchAlgorithmException e2) {
                throw new InvalidKeyException(ProviderExcptMessages.SA_INVALID_PUBLIC_KEY, e2);
            }
        }
        if (!isPublicKeyAcceptable(publicKeyAbstr)) {
            throw new InvalidKeyException(ProviderExcptMessages.SA_INVALID_PUBLIC_KEY);
        }
        setPublicKey(publicKeyAbstr);
        setSessionPublicKey(getSessionKey(getPublicKey()));
    }

    protected abstract boolean isPublicKeyAcceptable(PublicKeyAbstr publicKeyAbstr);

    protected abstract boolean isPrivateKeyAcceptable(PrivateKeyAbstr privateKeyAbstr);

    private Pkcs11SessionObject getSessionKey(PublicKeyAbstr publicKeyAbstr) throws PKCS11Exception {
        return new Pkcs11SessionObject(getVirtualSlotId(), Pkcs11Tool.createObject(getCryptoki(), getSession(), publicKeyAbstr.getCkTemplate().toCkAttributeArray()));
    }

    private Pkcs11SessionObject getSessionKey(PrivateKeyAbstr privateKeyAbstr) throws PKCS11Exception {
        return new Pkcs11SessionObject(getVirtualSlotId(), Pkcs11Tool.findObject(getCryptoki(), getSession(), privateKeyAbstr.getCkTemplate().toCkAttributeArray()));
    }

    private void initOperationMode(int i) {
        if (i != 3 && i != 4) {
            throw new ProviderException(ProviderExcptMessages.CG_INVALID_OP_MODE);
        }
        setOperationMode(i);
    }

    @Override // javax.crypto.CipherSpi
    protected void engineSetMode(String str) throws NoSuchAlgorithmException {
        if (Util.isDebug()) {
            Util.log(getClass().getName() + ".engineMode(" + str + ")");
        }
        throw new UnsupportedOperationException();
    }

    @Override // javax.crypto.CipherSpi
    protected void engineSetPadding(String str) throws NoSuchPaddingException {
        if (Util.isDebug()) {
            Util.log(getClass().getName() + ".engineSetPadding(" + str + ")");
        }
    }

    @Override // javax.crypto.CipherSpi
    protected byte[] engineUpdate(byte[] bArr, int i, int i2) {
        if (Util.isDebug()) {
            Util.log(getClass().getName() + ".engineUpdate(data, " + i + ", " + i2 + ")");
        }
        throw new UnsupportedOperationException();
    }

    @Override // javax.crypto.CipherSpi
    protected int engineUpdate(byte[] bArr, int i, int i2, byte[] bArr2, int i3) throws ShortBufferException {
        if (Util.isDebug()) {
            Util.log(getClass().getName() + ".engineUpdate(data, " + i + ", " + i2 + ", outData, " + i3 + ")");
        }
        throw new UnsupportedOperationException();
    }

    @Override // by.avest.crypto.pkcs11.provider.ProviderDependent
    public void initVirtualSlot() {
        if (getTheVirtualSlotId() == 0) {
            AvestProvider provider = getProvider();
            if (provider.isUsingSoftToken() && provider.getVirtualToken() == null) {
                this.pkcs11Common.setVirtualSlotId(provider.getSoftVirtualToken().getVirtualSlotId());
            } else {
                this.pkcs11Common.setVirtualSlotId(provider.getVirtualToken().getVirtualSlotId());
            }
        }
    }

    static {
        keyAlgorithms.put("GOST_28147_89", -1911554046);
        keyAlgorithms.put(AvPKIExtensions.BelOidG28147Ecb.toString(), -1911554046);
        keyAlgorithms.put(AvPKIExtensions.BelOidG28147Ctr.toString(), -1911554046);
        keyAlgorithms.put(AvPKIExtensions.BelOidG28147Cfb.toString(), -1911554046);
        keyAlgorithms.put(AvPKIExtensions.AvCsp_G28147_89_CFB.toString(), -1911554046);
        keyAlgorithms.put(AvPKIExtensions.AvCsp_G28147_89_CFB_PADDED.toString(), -1911554046);
        keyAlgorithms.put("BELT", -1911554047);
        keyAlgorithms.put(AvPKIExtensions.BelOidBeltEcb256.toString(), -1911554047);
        keyAlgorithms.put(AvPKIExtensions.BelOidBeltCbc256.toString(), -1911554047);
        keyAlgorithms.put(AvPKIExtensions.BelOidBeltCfb256.toString(), -1911554047);
        keyAlgorithms.put(AvPKIExtensions.BelOidBeltCtr256.toString(), -1911554047);
        keyAlgorithms.put("GENERIC", Integer.valueOf(new Long(16L).intValue()));
    }
}
