package by.avest.crypto.pkcs11.provider;

import by.avest.crypto.pkcs11.provider.LoginController;
import by.avest.crypto.provider.Pkcs11SlotIntf;
import iaik.pkcs.pkcs11.wrapper.CK_MECHANISM;
import iaik.pkcs.pkcs11.wrapper.PKCS11;
import iaik.pkcs.pkcs11.wrapper.PKCS11Constants;
import iaik.pkcs.pkcs11.wrapper.PKCS11Exception;
import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.InvalidParameterException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.ProviderException;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import sun.security.util.Debug;

/* loaded from: input_file:by/avest/crypto/pkcs11/provider/SignatureHashAbstr.class */
public abstract class SignatureHashAbstr extends Signature implements Pkcs11SlotIntf, PKCS11Constants {
    private static final Debug dataDebug = Debug.getInstance("avp11data");
    private Pkcs11Common pkcs11Common;
    protected boolean signOperation;
    private boolean operationInitialized;
    protected boolean reverse;
    private PublicKeyAbstr publicKey;
    private Pkcs11SessionObject sessionPublicKey;
    private PrivateKeyAbstr privateKey;
    private Pkcs11SessionObject sessionPrivateKey;

    /* JADX INFO: Access modifiers changed from: protected */
    public SignatureHashAbstr(String str) {
        super(str);
        this.reverse = true;
        if (Util.isDebug()) {
            Util.log("creating signature: " + str);
        }
        this.pkcs11Common = new Pkcs11Common();
    }

    private Pkcs11SessionObject getSessionPublicKey() {
        return this.sessionPublicKey;
    }

    private void setSessionPublicKey(Pkcs11SessionObject pkcs11SessionObject) {
        this.sessionPublicKey = pkcs11SessionObject;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public PublicKeyAbstr getPublicKey() {
        return this.publicKey;
    }

    private void setPublicKey(PublicKeyAbstr publicKeyAbstr) {
        this.publicKey = publicKeyAbstr;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public PrivateKeyAbstr getPrivateKey() {
        return this.privateKey;
    }

    private void setPrivateKey(PrivateKeyAbstr privateKeyAbstr) {
        this.privateKey = privateKeyAbstr;
    }

    private synchronized Pkcs11SessionObject getSessionPrivateKey() {
        return this.sessionPrivateKey;
    }

    private synchronized void setSessionPrivateKey(Pkcs11SessionObject pkcs11SessionObject) {
        this.sessionPrivateKey = pkcs11SessionObject;
    }

    private boolean isOperationInitialized() {
        return this.operationInitialized;
    }

    private void setOperationInitialized(boolean z) {
        this.operationInitialized = z;
    }

    private void setSignOperation(boolean z) {
        this.signOperation = z;
    }

    private boolean isSignOperation() {
        return this.signOperation;
    }

    PKCS11 getCryptoki() {
        return this.pkcs11Common.getCryptoki();
    }

    Pkcs11Session getSession() {
        return this.pkcs11Common.getSession();
    }

    @Override // by.avest.crypto.provider.Pkcs11SlotIntf
    public long getVirtualSlotCount() {
        return this.pkcs11Common.getVirtualSlotCount();
    }

    @Override // by.avest.crypto.provider.Pkcs11SlotIntf
    public long getVirtualSlotId() {
        return this.pkcs11Common.getVirtualSlotId();
    }

    Pkcs11VirtualToken getVirtualToken() {
        return this.pkcs11Common.getVirtualToken();
    }

    void login(String str) {
        this.pkcs11Common.login(str);
    }

    void release() {
        this.pkcs11Common.release();
    }

    @Override // by.avest.crypto.provider.Pkcs11SlotIntf
    public void setVirtualSlotId(long j) {
        this.pkcs11Common.setVirtualSlotId(j);
    }

    @Override // java.security.SignatureSpi
    protected Object engineGetParameter(String str) throws InvalidParameterException {
        if (Util.isDebug()) {
            Util.log(getClass().getName() + ".engineGetParameter(" + str + ")");
        }
        throw new UnsupportedOperationException();
    }

    private void finalizeOperation() {
        try {
            if (isSignOperation()) {
                getCryptoki().C_SignFinal(getSession().getSessionId());
            } else {
                getCryptoki().C_VerifyFinal(getSession().getSessionId(), null);
            }
            getCryptoki().C_DigestFinal(getSession().getSessionId());
        } catch (PKCS11Exception e) {
        }
    }

    @Override // java.security.SignatureSpi
    protected void engineInitSign(final PrivateKey privateKey) throws InvalidKeyException {
        if (Util.isDebug()) {
            Util.log(getClass().getName() + ".engineInitSign(" + Util.getClassName(privateKey) + ")");
        }
        release();
        LoginController.LoginExceptionVoidAction loginExceptionVoidAction = new LoginController.LoginExceptionVoidAction() { // from class: by.avest.crypto.pkcs11.provider.SignatureHashAbstr.1
            @Override // by.avest.crypto.pkcs11.provider.LoginController.VoidAction
            public void doAction() throws PKCS11Exception {
                try {
                    SignatureHashAbstr.this.initPrivateKey(privateKey);
                    if (SignatureHashAbstr.this.isHashingRequired(SignatureHashAbstr.this.getPrivateKey().getCkKeyType())) {
                        SignatureHashAbstr.this.initDigest();
                    } else {
                        SignatureHashAbstr.this.initSignInternal();
                    }
                } catch (InvalidKeyException e) {
                    setException(e);
                }
            }
        };
        LoginController.doUnreleasableAction(this.pkcs11Common, loginExceptionVoidAction);
        if (loginExceptionVoidAction.getException() != null) {
            throw ((InvalidKeyException) loginExceptionVoidAction.getException());
        }
        setSignOperation(true);
        setOperationInitialized(true);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void initPrivateKey(PrivateKey privateKey) throws InvalidKeyException, PKCS11Exception {
        if (!(privateKey instanceof PrivateKeyAbstr)) {
            throw new InvalidKeyException(ProviderExcptMessages.SA_INVALID_PRIVATE_KEY);
        }
        PrivateKeyAbstr privateKeyAbstr = (PrivateKeyAbstr) privateKey;
        if (Util.isDebug()) {
            Util.log("initializing signature with virtual slot id: " + privateKeyAbstr.getVirtualSlotId());
        }
        setVirtualSlotId(privateKeyAbstr.getVirtualSlotId());
        setPrivateKey(privateKeyAbstr);
        setSessionPrivateKey(getSessionKey(privateKeyAbstr));
    }

    private Pkcs11SessionObject getSessionKey(PrivateKeyAbstr privateKeyAbstr) throws PKCS11Exception {
        return new Pkcs11SessionObject(getVirtualSlotId(), Pkcs11Tool.findObject(getCryptoki(), getSession(), privateKeyAbstr.getCkTemplate().toCkAttributeArray()));
    }

    private Pkcs11SessionObject getSessionKey(PublicKeyAbstr publicKeyAbstr) throws PKCS11Exception {
        return new Pkcs11SessionObject(getVirtualSlotId(), Pkcs11Tool.createObject(getCryptoki(), getSession(), publicKeyAbstr.getCkTemplate().toCkAttributeArray()));
    }

    @Override // java.security.SignatureSpi
    protected void engineInitVerify(final PublicKey publicKey) throws InvalidKeyException {
        if (Util.isDebug()) {
            Util.log(getClass().getName() + ".engineInitVerify(" + Util.getClassName(publicKey) + ")");
        }
        LoginController.LoginExceptionVoidAction loginExceptionVoidAction = new LoginController.LoginExceptionVoidAction() { // from class: by.avest.crypto.pkcs11.provider.SignatureHashAbstr.2
            @Override // by.avest.crypto.pkcs11.provider.LoginController.VoidAction
            public void doAction() throws PKCS11Exception {
                try {
                    SignatureHashAbstr.this.release();
                    SignatureHashAbstr.this.initPublicKey(publicKey);
                    try {
                        SignatureHashAbstr.this.getMechanism(SignatureHashAbstr.this.getPublicKey().getCkKeyType());
                        if (SignatureHashAbstr.this.isHashingRequired(SignatureHashAbstr.this.getPublicKey().getCkKeyType())) {
                            SignatureHashAbstr.this.initDigest();
                        } else {
                            SignatureHashAbstr.this.initVerifyInternal();
                        }
                    } catch (ProviderException e) {
                        InvalidKeyException invalidKeyException = new InvalidKeyException(e.getMessage());
                        invalidKeyException.initCause(e);
                        throw invalidKeyException;
                    }
                } catch (InvalidKeyException e2) {
                    setException(e2);
                }
            }
        };
        LoginController.doUnreleasableAction(this.pkcs11Common, loginExceptionVoidAction);
        if (loginExceptionVoidAction.getException() != null) {
            throw ((InvalidKeyException) loginExceptionVoidAction.getException());
        }
        setSignOperation(false);
        setOperationInitialized(true);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void initPublicKey(PublicKey publicKey) throws PKCS11Exception, InvalidKeyException {
        PublicKeyAbstr generate;
        if (Util.isDebug()) {
            Util.log("initPublicKey(" + Util.getClassName(publicKey) + ")");
        }
        AvestProvider avestProvider = (AvestProvider) getProvider();
        if (avestProvider.isUsingSoftToken()) {
            this.pkcs11Common.setVirtualSlotId(avestProvider.getSoftVirtualToken().getVirtualSlotId());
        } else {
            this.pkcs11Common.setVirtualSlotId(avestProvider.getVirtualToken().getVirtualSlotId());
        }
        if (publicKey instanceof PublicKeyAbstr) {
            if (Util.isDebug()) {
                Util.log("we got known key type");
            }
            generate = (PublicKeyAbstr) publicKey;
        } else {
            if (Util.isDebug()) {
                Util.log("we got unknown key type, wrapping");
            }
            try {
                generate = PublicKeyAbstr.generate(publicKey.getEncoded(), getVirtualSlotId());
                if (Util.isDebug()) {
                    Util.log("result public key: " + Util.getClassName(generate));
                }
            } catch (IOException e) {
                InvalidKeyException invalidKeyException = new InvalidKeyException(e.getMessage());
                invalidKeyException.initCause(e);
                throw invalidKeyException;
            } catch (NoSuchAlgorithmException e2) {
                InvalidKeyException invalidKeyException2 = new InvalidKeyException(ProviderExcptMessages.SA_INVALID_PUBLIC_KEY);
                invalidKeyException2.initCause(e2);
                throw invalidKeyException2;
            }
        }
        setPublicKey(generate);
        setSessionPublicKey(getSessionKey(generate));
    }

    @Override // java.security.SignatureSpi
    protected void engineSetParameter(String str, Object obj) throws InvalidParameterException {
        if (Util.isDebug()) {
            Util.log(getClass().getName() + ".engineSetParameter(" + str + ", " + obj + ")");
        }
        throw new UnsupportedOperationException();
    }

    @Override // java.security.SignatureSpi
    protected byte[] engineSign() throws SignatureException {
        if (Util.isDebug()) {
            Util.log(getClass().getName() + ".engineSign()");
        }
        if (!isSignOperation()) {
            throw new SignatureException(ProviderExcptMessages.SA_VERIFY_OP_STARTED);
        }
        try {
            byte[] bArr = (byte[]) LoginController.doReleasableAction(this.pkcs11Common, new LoginController.Action() { // from class: by.avest.crypto.pkcs11.provider.SignatureHashAbstr.3
                @Override // by.avest.crypto.pkcs11.provider.LoginController.Action
                public Object doAction() throws PKCS11Exception {
                    return SignatureHashAbstr.this.signInternal();
                }
            });
            setOperationInitialized(false);
            return bArr;
        } catch (Throwable th) {
            setOperationInitialized(false);
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public byte[] signInternal() throws PKCS11Exception {
        byte[] C_SignFinal;
        if (isHashingRequired(getPrivateKey().getCkKeyType())) {
            byte[] C_DigestFinal = getCryptoki().C_DigestFinal(getSession().getSessionId());
            if (dataDebug != null) {
                Util.log(dataDebug, getClass().getName() + ".engineSign, digest=" + ByteArrayUtil.toHexString(C_DigestFinal));
            }
            initSignInternal();
            C_SignFinal = getCryptoki().C_Sign(getSession().getSessionId(), C_DigestFinal);
        } else {
            C_SignFinal = getCryptoki().C_SignFinal(getSession().getSessionId());
        }
        if (this.reverse) {
            if (Util.isDebug()) {
                Util.log("reversing signature");
            }
            if (dataDebug != null) {
                Util.log(dataDebug, getClass().getName() + ".engineSign, signatureBeforeReverse=" + ByteArrayUtil.toHexString(C_SignFinal));
            }
            AttributeConverter.reverse(C_SignFinal);
        }
        if (dataDebug != null) {
            Util.log(dataDebug, getClass().getName() + ".engineSign, signature=" + ByteArrayUtil.toHexString(C_SignFinal));
        }
        return C_SignFinal;
    }

    @Override // java.security.SignatureSpi
    protected void engineUpdate(byte b) throws SignatureException {
        if (Util.isDebug()) {
            Util.log(getClass().getName() + ".engineUpdate(byte)");
        }
        byte[] bArr = {b};
        engineUpdate(bArr, 0, bArr.length);
    }

    @Override // java.security.SignatureSpi
    protected void engineUpdate(byte[] bArr, int i, int i2) throws SignatureException {
        if (Util.isDebug()) {
            Util.log(getClass().getName() + ".engineUpdate(data, " + i + ", " + i2 + ")");
        }
        final byte[] data4Update = getData4Update(bArr, i, i2);
        LoginController.doUnreleasableAction(this.pkcs11Common, new LoginController.VoidAction() { // from class: by.avest.crypto.pkcs11.provider.SignatureHashAbstr.4
            @Override // by.avest.crypto.pkcs11.provider.LoginController.VoidAction
            public void doAction() throws PKCS11Exception {
                SignatureHashAbstr.this.updateInternal(data4Update);
            }
        });
    }

    private void ensureInitialized() throws PKCS11Exception {
        if (isOperationInitialized()) {
            return;
        }
        finalizeOperation();
        release();
        reInitialize();
    }

    private void reInitialize() throws PKCS11Exception {
        if (isSignOperation()) {
            if (getPrivateKey() == null) {
                throw new ProviderException(ProviderExcptMessages.SA_PRIVATE_KEY_IS_NULL);
            }
            setSessionPrivateKey(getSessionKey(getPrivateKey()));
            initSignInternal();
        } else {
            if (getPublicKey() == null) {
                throw new ProviderException(ProviderExcptMessages.SA_PUBLIC_KEY_IS_NULL);
            }
            setSessionPublicKey(getSessionKey(getPublicKey()));
            initVerifyInternal();
        }
        initDigest();
        setOperationInitialized(true);
    }

    private byte[] getData4Update(byte[] bArr, int i, int i2) {
        byte[] bArr2;
        if (bArr == null || (i == 0 && bArr.length == i2)) {
            bArr2 = bArr;
        } else {
            bArr2 = new byte[i2];
            System.arraycopy(bArr, i, bArr2, 0, i2);
        }
        return bArr2;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void updateInternal(byte[] bArr) throws PKCS11Exception {
        ensureInitialized();
        if (dataDebug != null) {
            Util.log(dataDebug, getClass().getName() + ".engineUpdate, input=" + ByteArrayUtil.toHexString(bArr));
        }
        if (isHashingRequired((isSignOperation() ? getPrivateKey() : getPublicKey()).getCkKeyType())) {
            getCryptoki().C_DigestUpdate(getSession().getSessionId(), bArr);
        } else if (isSignOperation()) {
            getCryptoki().C_SignUpdate(getSession().getSessionId(), bArr);
        } else {
            getCryptoki().C_VerifyUpdate(getSession().getSessionId(), bArr);
        }
    }

    @Override // java.security.SignatureSpi
    protected boolean engineVerify(final byte[] bArr) throws SignatureException {
        if (Util.isDebug()) {
            Util.log(getClass().getName() + ".engineVerify(signature)");
        }
        if (isSignOperation()) {
            throw new SignatureException(ProviderExcptMessages.SA_SIGN_OP_STARTED);
        }
        try {
            Boolean bool = (Boolean) LoginController.doReleasableAction(this.pkcs11Common, new LoginController.Action() { // from class: by.avest.crypto.pkcs11.provider.SignatureHashAbstr.5
                @Override // by.avest.crypto.pkcs11.provider.LoginController.Action
                public Object doAction() throws PKCS11Exception {
                    return new Boolean(SignatureHashAbstr.this.verifyInternal(bArr));
                }
            });
            if (Util.isDebug()) {
                Util.log("engineVerify: " + bool);
            }
            boolean booleanValue = bool.booleanValue();
            setOperationInitialized(false);
            getSessionPublicKey().destroy();
            return booleanValue;
        } catch (Throwable th) {
            setOperationInitialized(false);
            getSessionPublicKey().destroy();
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public boolean verifyInternal(byte[] bArr) throws PKCS11Exception {
        byte[] bArr2 = (byte[]) bArr.clone();
        if (dataDebug != null) {
            Util.log(dataDebug, getClass().getName() + ".engineVerify, signature=" + ByteArrayUtil.toHexString(bArr2));
        }
        if (this.reverse) {
            if (Util.isDebug()) {
                Util.log("reversing signature");
            }
            AttributeConverter.reverse(bArr2);
            if (dataDebug != null) {
                Util.log(dataDebug, getClass().getName() + ".engineVerify, signatureAfterReverse=" + ByteArrayUtil.toHexString(bArr2));
            }
        }
        try {
            if (isHashingRequired(getPublicKey().getCkKeyType())) {
                byte[] C_DigestFinal = getCryptoki().C_DigestFinal(getSession().getSessionId());
                if (dataDebug != null) {
                    Util.log(dataDebug, getClass().getName() + ".engineVerify, digest=" + ByteArrayUtil.toHexString(C_DigestFinal));
                }
                initVerifyInternal();
                getCryptoki().C_Verify(getSession().getSessionId(), C_DigestFinal, bArr2);
            } else {
                getCryptoki().C_VerifyFinal(getSession().getSessionId(), bArr2);
            }
            return true;
        } catch (PKCS11Exception e) {
            if (e.getErrorCode() == 192) {
                return false;
            }
            throw e;
        }
    }

    public abstract int getMechanism(long j);

    public abstract int getHashMechanism();

    public abstract boolean isHashingRequired(long j);

    /* JADX INFO: Access modifiers changed from: private */
    public synchronized void initSignInternal() throws ProviderException, PKCS11Exception {
        CK_MECHANISM ck_mechanism = new CK_MECHANISM();
        ck_mechanism.mechanism = getMechanism(getPrivateKey().getCkKeyType());
        getCryptoki().C_SignInit(getSession().getSessionId(), ck_mechanism, getSessionPrivateKey().getHandle());
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void initDigest() throws PKCS11Exception {
        CK_MECHANISM ck_mechanism = new CK_MECHANISM();
        ck_mechanism.mechanism = getHashMechanism();
        getCryptoki().C_DigestInit(getSession().getSessionId(), ck_mechanism);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public synchronized void initVerifyInternal() throws PKCS11Exception, ProviderException {
        CK_MECHANISM ck_mechanism = new CK_MECHANISM();
        ck_mechanism.mechanism = getMechanism(getPublicKey().getCkKeyType());
        getCryptoki().C_VerifyInit(getSession().getSessionId(), ck_mechanism, getSessionPublicKey().getHandle());
    }
}
