package by.avest.crypto.pkcs11.provider.bign;

import by.avest.crypto.pkcs11.provider.ByteArrayUtil;
import by.avest.crypto.pkcs11.provider.LoginController;
import by.avest.crypto.pkcs11.provider.Pkcs11Common;
import by.avest.crypto.pkcs11.provider.Pkcs11Session;
import by.avest.crypto.pkcs11.provider.Pkcs11Tool;
import by.avest.crypto.pkcs11.provider.Pkcs11VirtualToken;
import by.avest.crypto.pkcs11.provider.TemplateBuilder;
import by.avest.crypto.pkcs11.provider.Util;
import by.avest.crypto.provider.AvTLSMasterSecretParameterSpec;
import by.avest.crypto.provider.PublicVA;
import by.avest.crypto.provider.PublicVB;
import iaik.pkcs.pkcs11.wrapper.CK_MECHANISM;
import iaik.pkcs.pkcs11.wrapper.PKCS11;
import iaik.pkcs.pkcs11.wrapper.PKCS11Constants;
import iaik.pkcs.pkcs11.wrapper.PKCS11Exception;
import java.security.InvalidAlgorithmParameterException;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.spec.AlgorithmParameterSpec;
import javax.crypto.KeyGeneratorSpi;
import javax.crypto.SecretKey;

/* loaded from: input_file:by/avest/crypto/pkcs11/provider/bign/KeyGeneratorAvTLSMasterSecret.class */
public class KeyGeneratorAvTLSMasterSecret extends KeyGeneratorSpi implements BignExtensions, PKCS11Constants {
    private Pkcs11Common pkcs11Common = new Pkcs11Common(true);
    private PrivateKeyBdhEphemer privateKey;
    private byte[] otherPartyPublicValue;

    protected PKCS11 getCryptoki() {
        return this.pkcs11Common.getCryptoki();
    }

    protected Pkcs11Session getSession() {
        return this.pkcs11Common.getSession();
    }

    long getVirtualSlotCount() {
        return this.pkcs11Common.getVirtualSlotCount();
    }

    protected long getVirtualSlotId() {
        return this.pkcs11Common.getVirtualSlotId();
    }

    long getTheVirtualSlotId() {
        return this.pkcs11Common.getTheVirtualSlotId();
    }

    Pkcs11VirtualToken getVirtualToken() {
        return this.pkcs11Common.getVirtualToken();
    }

    void release() {
        this.pkcs11Common.release();
    }

    void setVirtualSlotId(long j) {
        this.pkcs11Common.setVirtualSlotId(j);
    }

    @Override // javax.crypto.KeyGeneratorSpi
    protected void engineInit(SecureRandom secureRandom) {
        if (Util.isDebug()) {
            Util.log(getClass().getName() + ".engineInit(" + Util.getClassName(secureRandom) + ")");
        }
        throw new UnsupportedOperationException();
    }

    @Override // javax.crypto.KeyGeneratorSpi
    protected void engineInit(AlgorithmParameterSpec algorithmParameterSpec, SecureRandom secureRandom) throws InvalidAlgorithmParameterException {
        if (Util.isDebug()) {
            Util.log(getClass().getName() + ".engineInit(" + algorithmParameterSpec + ", " + Util.getClassName(secureRandom) + ")");
        }
        initParameter(algorithmParameterSpec);
        initSecureRandom(secureRandom);
    }

    private void initParameter(AlgorithmParameterSpec algorithmParameterSpec) throws InvalidAlgorithmParameterException {
        if (!(algorithmParameterSpec instanceof AvTLSMasterSecretParameterSpec)) {
            throw new InvalidAlgorithmParameterException("Invalid algorithm parameter specification.");
        }
        AvTLSMasterSecretParameterSpec avTLSMasterSecretParameterSpec = (AvTLSMasterSecretParameterSpec) algorithmParameterSpec;
        if (!(avTLSMasterSecretParameterSpec.getPrivateKey() instanceof PrivateKeyBdhEphemer)) {
            throw new InvalidAlgorithmParameterException("Invalid private key type");
        }
        this.privateKey = (PrivateKeyBdhEphemer) avTLSMasterSecretParameterSpec.getPrivateKey();
        PublicKey publicV = avTLSMasterSecretParameterSpec.getPublicV();
        if (publicV instanceof PublicVA) {
            this.otherPartyPublicValue = ByteArrayUtil.reverseRet(((PublicVA) publicV).getVAValue());
        } else {
            if (!(publicV instanceof PublicVB)) {
                throw new InvalidAlgorithmParameterException("Other side publicV must be either PublicVA or PublicVB instance");
            }
            this.otherPartyPublicValue = ByteArrayUtil.reverseRet(((PublicVB) publicV).getVBValue());
        }
        setVirtualSlotId(this.privateKey.getVirtualSlotId());
    }

    private void initSecureRandom(SecureRandom secureRandom) {
    }

    @Override // javax.crypto.KeyGeneratorSpi
    protected void engineInit(int i, SecureRandom secureRandom) {
        if (Util.isDebug()) {
            Util.log(getClass().getName() + ".engineInit(" + i + ", " + Util.getClassName(secureRandom) + ")");
        }
        throw new UnsupportedOperationException();
    }

    @Override // javax.crypto.KeyGeneratorSpi
    protected SecretKey engineGenerateKey() {
        if (Util.isDebug()) {
            Util.log(getClass().getName() + ".engineGenerateKey()");
        }
        try {
            SecretKey secretKey = (SecretKey) LoginController.doReleasableAction(this.pkcs11Common, new LoginController.Action() { // from class: by.avest.crypto.pkcs11.provider.bign.KeyGeneratorAvTLSMasterSecret.1
                @Override // by.avest.crypto.pkcs11.provider.LoginController.Action
                public Object doAction() throws PKCS11Exception {
                    return KeyGeneratorAvTLSMasterSecret.this.generateSecretKey();
                }
            });
            reset();
            return secretKey;
        } catch (Throwable th) {
            reset();
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public SecretKey generateSecretKey() throws PKCS11Exception {
        SecretKey createSecretKey;
        CK_MECHANISM ck_mechanism = new CK_MECHANISM();
        ck_mechanism.mechanism = -1911554013L;
        ck_mechanism.pParameter = this.otherPartyPublicValue;
        long C_DeriveKey = getCryptoki().C_DeriveKey(getSession().getSessionId(), ck_mechanism, this.privateKey.getHandle(), getSecretKeyTpl().toCkAttributeArray());
        synchronized (Pkcs11Tool.SECRET_KEY_ID_GENERATOR_LOCK) {
            byte[] generateSecretKeyId = BignUtils.generateSecretKeyId(getCryptoki(), getSession(), C_DeriveKey);
            Pkcs11Tool.setAttributeValue(getCryptoki(), getSession(), C_DeriveKey, 258L, generateSecretKeyId);
            createSecretKey = createSecretKey(C_DeriveKey, generateSecretKeyId);
        }
        return createSecretKey;
    }

    protected SecretKey createSecretKey(long j) throws PKCS11Exception {
        byte[] generateSecretKeyId = BignUtils.generateSecretKeyId(getCryptoki(), getSession(), j);
        Pkcs11Tool.setAttributeValue(getCryptoki(), getSession(), j, 258L, generateSecretKeyId);
        return createSecretKey(getVirtualSlotId(), generateSecretKeyId);
    }

    protected SecretKey createSecretKey(long j, byte[] bArr) {
        return new SecretKeyAvTLSMasterSecret(getVirtualSlotId(), bArr);
    }

    private TemplateBuilder getSecretKeyTpl() {
        TemplateBuilder templateBuilder = new TemplateBuilder();
        templateBuilder.append(0L, 4L);
        templateBuilder.append(256L, 16L);
        templateBuilder.append(1L, true);
        templateBuilder.append(261L, false);
        templateBuilder.append(260L, false);
        templateBuilder.append(262L, true);
        templateBuilder.append(263L, true);
        templateBuilder.append(354L, true);
        templateBuilder.append(259L, false);
        templateBuilder.append(264L, true);
        templateBuilder.append(266L, true);
        templateBuilder.append(268L, true);
        return templateBuilder;
    }

    private void reset() {
        this.privateKey = null;
        this.otherPartyPublicValue = null;
    }
}
