package by.avest.crypto.pkcs11.provider.bign;

import by.avest.crypto.AvPKIExtensions;
import by.avest.crypto.AvestExtensions;
import by.avest.crypto.pkcs11.provider.AttributeConverter;
import by.avest.crypto.pkcs11.provider.ByteArrayUtil;
import by.avest.crypto.pkcs11.provider.KeyPairGeneratorAbstr;
import by.avest.crypto.pkcs11.provider.KeyParamsListBds;
import by.avest.crypto.pkcs11.provider.KeyParamsListCompoundBds;
import by.avest.crypto.pkcs11.provider.LoginController;
import by.avest.crypto.pkcs11.provider.Pkcs11Common;
import by.avest.crypto.pkcs11.provider.Pkcs11Factory;
import by.avest.crypto.pkcs11.provider.Pkcs11Session;
import by.avest.crypto.pkcs11.provider.Pkcs11Tool;
import by.avest.crypto.pkcs11.provider.PrivateKeyAbstr;
import by.avest.crypto.pkcs11.provider.PrivateKeyHandleWrapper;
import by.avest.crypto.pkcs11.provider.ProviderExcptMessages;
import by.avest.crypto.pkcs11.provider.TemplateBuilder;
import by.avest.crypto.pkcs11.provider.Util;
import by.avest.crypto.provider.BelPBEWithGOST28147ECBParameterSpec;
import by.avest.crypto.provider.Pkcs11SlotIntf;
import by.avest.crypto.provider.PrivateKey;
import iaik.pkcs.pkcs11.TokenException;
import iaik.pkcs.pkcs11.wrapper.CK_MECHANISM;
import iaik.pkcs.pkcs11.wrapper.PKCS11;
import iaik.pkcs.pkcs11.wrapper.PKCS11Constants;
import iaik.pkcs.pkcs11.wrapper.PKCS11Exception;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.ProviderException;
import sun.security.util.BitArray;
import sun.security.util.DerInputStream;
import sun.security.util.DerOutputStream;
import sun.security.util.DerValue;
import sun.security.util.ObjectIdentifier;

/* loaded from: input_file:by/avest/crypto/pkcs11/provider/bign/EncryptedPrivateKeyInfo.class */
public class EncryptedPrivateKeyInfo implements Pkcs11SlotIntf, BignExtensions, PKCS11Constants, AvestExtensions {
    private static final int MAC_LENGTH = 4;
    private static final int DEFAULT_ROUNDS = 2000;
    private final Pkcs11Common pkcs11Common = new Pkcs11Common(true);
    private PrivateKey privKey;
    private PrivateKeyHandleWrapper pkhw;
    private byte[] privKeyEnc;

    public EncryptedPrivateKeyInfo(java.security.PrivateKey privateKey) throws InvalidKeyException {
        if (privateKey == null) {
            throw new InvalidKeyException(ProviderExcptMessages.SA_PRIVATE_KEY_IS_NULL);
        }
        if (!(privateKey instanceof PrivateKey)) {
            throw new InvalidKeyException(ProviderExcptMessages.SA_INVALID_PRIVATE_KEY);
        }
        this.privKey = (PrivateKey) privateKey;
        setVirtualSlotId(this.privKey.getVirtualSlotId());
    }

    public EncryptedPrivateKeyInfo(PrivateKeyHandleWrapper privateKeyHandleWrapper) throws InvalidKeyException {
        if (privateKeyHandleWrapper == null || privateKeyHandleWrapper.getPrivateKey() == null) {
            throw new InvalidKeyException(ProviderExcptMessages.SA_PRIVATE_KEY_IS_NULL);
        }
        this.pkhw = privateKeyHandleWrapper;
        this.privKey = privateKeyHandleWrapper.getPrivateKey();
        setVirtualSlotId(this.privKey.getVirtualSlotId());
    }

    public EncryptedPrivateKeyInfo(byte[] bArr) throws InvalidKeyException {
        if (bArr == null) {
            throw new InvalidKeyException(ProviderExcptMessages.EPKI_ENCRYPTED_KEY_DATA_NULL);
        }
        this.privKeyEnc = bArr;
    }

    public byte[] encrypt(String str) {
        return encrypt(getPasswordBytes(str));
    }

    private static final byte[] getPasswordBytes(String str) {
        byte[] bArr = null;
        if (str != null) {
            try {
                bArr = str.getBytes("UTF-8");
            } catch (UnsupportedEncodingException e) {
                ProviderException providerException = new ProviderException(e.getMessage());
                providerException.initCause(e);
                throw providerException;
            }
        }
        return bArr;
    }

    public byte[] encrypt(byte[] bArr) {
        if (Util.isDebug()) {
            Util.log(getClass().getName() + ".encrypt(password)");
        }
        if (this.privKey == null) {
            throw new ProviderException(ProviderExcptMessages.SA_PRIVATE_KEY_IS_NULL);
        }
        return wrapPkcs8(bArr);
    }

    private byte[] wrapPkcs8(final byte[] bArr) {
        return (byte[]) LoginController.doReleasableAction(this.pkcs11Common, new LoginController.Action() { // from class: by.avest.crypto.pkcs11.provider.bign.EncryptedPrivateKeyInfo.1
            @Override // by.avest.crypto.pkcs11.provider.LoginController.Action
            public Object doAction() throws PKCS11Exception {
                return EncryptedPrivateKeyInfo.this.wrapPkcs8Inner(bArr);
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public byte[] wrapPkcs8Inner(byte[] bArr) throws PKCS11Exception {
        byte[] p11ToCsp;
        if (Util.isDebug()) {
            Util.log("vsi: " + this.privKey.getVirtualSlotId());
        }
        setVirtualSlotId(this.privKey.getVirtualSlotId());
        if (this.pkhw == null) {
            this.pkhw = new PrivateKeyHandleWrapper(getPrivateKeyHandle(getCryptoki(), getSession(), this.privKey), this.privKey);
        }
        if (Util.isDebug()) {
            Util.log("private key handle: " + this.pkhw.getHandle());
        }
        PKCS11 cryptoki = getCryptoki();
        Pkcs11Session session = getSession();
        byte[] bArr2 = new byte[8];
        cryptoki.C_GenerateRandom(session.getSessionId(), bArr2);
        BelPBEWithGOST28147ECBParameterSpec belPBEWithGOST28147ECBParameterSpec = new BelPBEWithGOST28147ECBParameterSpec(bArr2, 2000, AvPKIExtensions.AvCSPOidGostSubstMailgov);
        if (Util.isDebug()) {
            Util.log("pbeKeySpec=" + belPBEWithGOST28147ECBParameterSpec);
        }
        long generatePBEKey = generatePBEKey(this.pkcs11Common, bArr, belPBEWithGOST28147ECBParameterSpec);
        try {
            try {
                try {
                    try {
                        byte[] decryptKey = decryptKey(cryptoki, session, generatePBEKey, wrapKey(cryptoki, session, generatePBEKey));
                        int intValue = new Long(Pkcs11Tool.getAttributeValueLong(cryptoki, session, this.pkhw.getHandle(), 256L)).intValue();
                        byte[] attributeValueBLOB = Pkcs11Tool.getAttributeValueBLOB(cryptoki, session, this.pkhw.getHandle(), getParamsAttribute(intValue));
                        if (Util.isDebug()) {
                            Util.log("oidParams: " + ByteArrayUtil.toHexString(attributeValueBLOB));
                        }
                        Pkcs11KeyStore pkcs11KeyStore = new Pkcs11KeyStore(Pkcs11Factory.getInstance().getVirtualToken(getVirtualSlotId()));
                        if (isBign(intValue)) {
                            p11ToCsp = decryptKey;
                        } else if (isCompound(intValue)) {
                            byte[] paramSetEncoded = pkcs11KeyStore.getParamSetEncoded(intValue, attributeValueBLOB);
                            p11ToCsp = p11ToCspCompound(decryptKey, BignUtils.isBelOidParams(attributeValueBLOB) ? KeyParamsListCompoundBds.decodeParams(paramSetEncoded) : KeyParamsListCompoundBds.decodeDomainParams(paramSetEncoded));
                        } else {
                            p11ToCsp = p11ToCsp(decryptKey, new KeyParamsListBds(pkcs11KeyStore.getParamSet(intValue, attributeValueBLOB)));
                        }
                        if (Util.isDebug()) {
                            Util.log("key value: " + ByteArrayUtil.toHexString(p11ToCsp));
                        }
                        byte[] encodePrivateKeyInfo = encodePrivateKeyInfo(intValue, p11ToCsp, attributeValueBLOB);
                        if (Util.isDebug()) {
                            Util.log("PrivateKeyInfo: " + ByteArrayUtil.toHexString(encodePrivateKeyInfo));
                        }
                        byte[] encryptKeyAndMac = encryptKeyAndMac(cryptoki, session, encodePrivateKeyInfo, generatePBEKey);
                        try {
                            if (Util.isDebug()) {
                                Util.log("destroying PBE key handle: " + generatePBEKey);
                            }
                            getCryptoki().C_DestroyObject(getSession().getSessionId(), generatePBEKey);
                        } catch (PKCS11Exception e) {
                        }
                        byte[] encodeEncryptedPrivateKeyInfo = encodeEncryptedPrivateKeyInfo(belPBEWithGOST28147ECBParameterSpec, encryptKeyAndMac);
                        if (Util.isDebug()) {
                            Util.log("EncryptedPrivateKeyInfo: " + ByteArrayUtil.toHexString(encodeEncryptedPrivateKeyInfo));
                        }
                        return encodeEncryptedPrivateKeyInfo;
                    } catch (TokenException e2) {
                        throw new ProviderException(e2.getMessage(), e2);
                    }
                } catch (IOException e3) {
                    throw new ProviderException(e3.getMessage(), e3);
                }
            } catch (PKCS11Exception e4) {
                throw e4;
            }
        } finally {
            try {
                if (Util.isDebug()) {
                    Util.log("destroying PBE key handle: " + generatePBEKey);
                }
                getCryptoki().C_DestroyObject(getSession().getSessionId(), generatePBEKey);
            } catch (PKCS11Exception e5) {
                if (Util.isDebug()) {
                    Util.log("error destroying pbe key");
                    e5.printStackTrace();
                }
            }
        }
    }

    private long getParamsAttribute(int i) {
        return isBign(i) ? 384L : -1911554046L;
    }

    private static boolean isCompound(int i) {
        return i == -1911554040 || i == -1911554039;
    }

    private byte[] encodeEncryptedPrivateKeyInfo(BelPBEWithGOST28147ECBParameterSpec belPBEWithGOST28147ECBParameterSpec, byte[] bArr) {
        try {
            DerOutputStream derOutputStream = new DerOutputStream();
            DerOutputStream derOutputStream2 = new DerOutputStream();
            derOutputStream2.putOID(AvPKIExtensions.AvCSPBelPBEGost2814789ECB);
            DerOutputStream derOutputStream3 = new DerOutputStream();
            derOutputStream3.putOctetString(belPBEWithGOST28147ECBParameterSpec.getSalt());
            derOutputStream3.putInteger(belPBEWithGOST28147ECBParameterSpec.getIterationCount());
            derOutputStream3.putOID(belPBEWithGOST28147ECBParameterSpec.getSubstBlock());
            derOutputStream2.write((byte) 48, derOutputStream3);
            derOutputStream.write((byte) 48, derOutputStream2);
            derOutputStream.putOctetString(bArr);
            DerOutputStream derOutputStream4 = new DerOutputStream();
            derOutputStream4.write((byte) 48, derOutputStream);
            return derOutputStream4.toByteArray();
        } catch (IOException e) {
            ProviderException providerException = new ProviderException("unable to encode EncryptedPrivateKeyInfo");
            providerException.initCause(e);
            throw providerException;
        }
    }

    private byte[] encryptKeyAndMac(PKCS11 pkcs11, Pkcs11Session pkcs11Session, byte[] bArr, long j) throws PKCS11Exception {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        CK_MECHANISM ck_mechanism = new CK_MECHANISM();
        ck_mechanism.mechanism = -1911554034L;
        if (Util.isDebug()) {
            Util.log("generating mac");
        }
        pkcs11.C_SignInit(pkcs11Session.getSessionId(), ck_mechanism, j);
        byte[] C_Sign = pkcs11.C_Sign(pkcs11Session.getSessionId(), bArr);
        if (Util.isDebug()) {
            Util.log("mac: " + ByteArrayUtil.toHexString(C_Sign));
        }
        try {
            byteArrayOutputStream.write(encryptKey(pkcs11, pkcs11Session, j, bArr));
            byteArrayOutputStream.write(C_Sign);
            byte[] byteArray = byteArrayOutputStream.toByteArray();
            if (Util.isDebug()) {
                Util.log("encryptedData: " + ByteArrayUtil.toHexString(byteArray));
            }
            return byteArray;
        } catch (IOException e) {
            throw new ProviderException("unexpected error", e);
        }
    }

    private byte[] encodePrivateKeyInfo(int i, byte[] bArr, byte[] bArr2) {
        try {
            DerOutputStream derOutputStream = new DerOutputStream();
            derOutputStream.putInteger(0);
            DerOutputStream derOutputStream2 = new DerOutputStream();
            derOutputStream2.putOID(ckKeyTypeToOid(i, bArr2));
            derOutputStream2.write(bArr2);
            derOutputStream.write((byte) 48, derOutputStream2);
            derOutputStream.putOctetString(bArr);
            DerOutputStream derOutputStream3 = new DerOutputStream();
            derOutputStream3.write((byte) 48, derOutputStream);
            return derOutputStream3.toByteArray();
        } catch (IOException e) {
            throw new ProviderException("unexpected error", e);
        }
    }

    private ObjectIdentifier ckKeyTypeToOid(int i, byte[] bArr) {
        if (isBign(i)) {
            return PublicKeyBign.algorithmOid;
        }
        boolean isBelOidParams = BignUtils.isBelOidParams(bArr);
        if (i == -1911554044) {
            return PublicKeyAvBds.algorithmOid;
        }
        if (i == -1911554042) {
            return PublicKeyBdh.algorithmOid;
        }
        if (i == -1911554039) {
            return isBelOidParams ? PublicKeyCompoundBds.algorithmOid : PublicKeyAvCompoundBds.algorithmOid;
        }
        if (i == -1911554043) {
            return isBelOidParams ? PublicKeyBdsHash.algorithmOid : PublicKeyAvBdsHash.algorithmOid;
        }
        if (i == -1911554040) {
            return isBelOidParams ? PublicKeyCompoundBdsHash.algorithmOid : PublicKeyAvCompoundBdsHash.algorithmOid;
        }
        throw new ProviderException("unsupported key type: " + Util.toHexLong(i));
    }

    private byte[] wrapKey(PKCS11 pkcs11, Pkcs11Session pkcs11Session, long j) throws PKCS11Exception {
        CK_MECHANISM ck_mechanism = new CK_MECHANISM();
        ck_mechanism.mechanism = -1911554037L;
        if (Util.isDebug()) {
            Util.log("wrapping key");
        }
        byte[] C_WrapKey = pkcs11.C_WrapKey(pkcs11Session.getSessionId(), ck_mechanism, j, this.pkhw.getHandle());
        if (Util.isDebug()) {
            Util.log("wrapped key: " + ByteArrayUtil.toHexString(C_WrapKey));
        }
        return C_WrapKey;
    }

    public static long generatePBEKey(Pkcs11Common pkcs11Common, byte[] bArr, BelPBEWithGOST28147ECBParameterSpec belPBEWithGOST28147ECBParameterSpec) throws PKCS11Exception {
        BelPBKDF belPBKDF = new BelPBKDF();
        belPBKDF.setVirtualSlotId(pkcs11Common.getVirtualSlotId());
        if (Util.isDebug()) {
            Util.log("generating PBE key");
        }
        byte[] generateKey = belPBKDF.generateKey(belPBEWithGOST28147ECBParameterSpec, bArr);
        if (Util.isDebug()) {
            Util.log("generated PBE key: " + ByteArrayUtil.toHexString(generateKey));
        }
        long createObject = Pkcs11Tool.createObject(pkcs11Common.getCryptoki(), pkcs11Common.getSession(), buildPBETemplate(-1911554046, generateKey, belPBEWithGOST28147ECBParameterSpec.getSubstBlock()).toCkAttributeArray());
        if (Util.isDebug()) {
            Util.log("generated PBE key handle: " + createObject);
        }
        return createObject;
    }

    static char[] convertBytesToChars(byte[] bArr) {
        try {
            return new String(bArr, "UTF-8").toCharArray();
        } catch (UnsupportedEncodingException e) {
            if (Util.isDebug()) {
                e.printStackTrace();
            }
            return new String(bArr).toCharArray();
        }
    }

    private static TemplateBuilder buildPBETemplate(int i, byte[] bArr, ObjectIdentifier objectIdentifier) {
        TemplateBuilder templateBuilder = new TemplateBuilder();
        templateBuilder.append(0L, 4L);
        templateBuilder.append(256L, i);
        templateBuilder.append(1L, false);
        templateBuilder.append(261L, true);
        templateBuilder.append(260L, true);
        templateBuilder.append(262L, true);
        templateBuilder.append(263L, true);
        templateBuilder.append(354L, true);
        templateBuilder.append(259L, false);
        templateBuilder.append(264L, true);
        templateBuilder.append(266L, true);
        if (objectIdentifier != null) {
            templateBuilder.append(-1911554045L, BignUtils.wrapSBlockOid(objectIdentifier));
        }
        templateBuilder.append(17L, bArr);
        return templateBuilder;
    }

    public static long getPrivateKeyHandle(PKCS11 pkcs11, Pkcs11Session pkcs11Session, PrivateKey privateKey) throws PKCS11Exception {
        return Pkcs11Tool.findObject(pkcs11, pkcs11Session, buildPrivateKeyTemplate(privateKey.getId(), privateKey.getLabel()).toCkAttributeArray());
    }

    private static TemplateBuilder buildPrivateKeyTemplate(byte[] bArr, char[] cArr) {
        TemplateBuilder templateBuilder = new TemplateBuilder();
        templateBuilder.append(0L, 3L);
        templateBuilder.append(258L, bArr);
        templateBuilder.append(3L, cArr);
        return templateBuilder;
    }

    public java.security.PrivateKey decrypt(String str, String str2) {
        return decrypt(getPasswordBytes(str), str2);
    }

    public java.security.PrivateKey decrypt(byte[] bArr, String str) {
        if (Util.isDebug()) {
            Util.log(getClass().getName() + ".decrypt(password, " + str + ")");
        }
        if (this.privKeyEnc == null) {
            throw new ProviderException(ProviderExcptMessages.EPKI_ENCRYPTED_KEY_DATA_NULL);
        }
        if (str == null) {
            throw new ProviderException("label required");
        }
        return unwrapPkcs8(this.privKeyEnc, bArr, str).getPrivateKey();
    }

    public PrivateKeyHandleWrapper decryptWrapped(byte[] bArr, String str) {
        if (this.privKeyEnc == null) {
            throw new ProviderException(ProviderExcptMessages.EPKI_ENCRYPTED_KEY_DATA_NULL);
        }
        if (str == null) {
            throw new ProviderException("label required");
        }
        return unwrapPkcs8(this.privKeyEnc, bArr, str);
    }

    private PKCS11 getCryptoki() {
        return this.pkcs11Common.getCryptoki();
    }

    private Pkcs11Session getSession() {
        return this.pkcs11Common.getSession();
    }

    @Override // by.avest.crypto.provider.Pkcs11SlotIntf
    public long getVirtualSlotCount() {
        return this.pkcs11Common.getVirtualSlotCount();
    }

    @Override // by.avest.crypto.provider.Pkcs11SlotIntf
    public long getVirtualSlotId() {
        return this.pkcs11Common.getVirtualSlotId();
    }

    @Override // by.avest.crypto.provider.Pkcs11SlotIntf
    public void setVirtualSlotId(long j) {
        this.pkcs11Common.setVirtualSlotId(j);
    }

    private PrivateKeyHandleWrapper unwrapPkcs8(final byte[] bArr, final byte[] bArr2, final String str) {
        return (PrivateKeyHandleWrapper) LoginController.doReleasableAction(this.pkcs11Common, new LoginController.Action() { // from class: by.avest.crypto.pkcs11.provider.bign.EncryptedPrivateKeyInfo.2
            @Override // by.avest.crypto.pkcs11.provider.LoginController.Action
            public Object doAction() throws PKCS11Exception {
                return EncryptedPrivateKeyInfo.this.unwrapPkcs8Inner(bArr, bArr2, str);
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public PrivateKeyHandleWrapper unwrapPkcs8Inner(byte[] bArr, byte[] bArr2, String str) throws PKCS11Exception {
        long doUnwrapKey = doUnwrapKey(bArr, bArr2, str);
        long attributeValueLong = Pkcs11Tool.getAttributeValueLong(getCryptoki(), getSession(), doUnwrapKey, 0L);
        if (Util.isDebug()) {
            Util.log("unwrapped key class: " + attributeValueLong);
        }
        if (attributeValueLong == 3) {
            return new PrivateKeyHandleWrapper(doUnwrapKey, (PrivateKey) getUnwrappedPrivateKey(getCryptoki(), getSession(), getVirtualSlotId(), doUnwrapKey, false));
        }
        if (attributeValueLong == 2) {
            throw new ProviderException(ProviderExcptMessages.EPKI_INVALID_CLASS_PUBLIC_KEY);
        }
        if (attributeValueLong == 4) {
            throw new ProviderException(ProviderExcptMessages.EPKI_INVALID_CLASS_SECRET_KEY);
        }
        throw new ProviderException(ProviderExcptMessages.EPKI_INVALID_CLASS);
    }

    public static java.security.PrivateKey getPrivateKey(PKCS11 pkcs11, Pkcs11Session pkcs11Session, long j, long j2) throws PKCS11Exception {
        byte[] attributeValueBLOB = Pkcs11Tool.getAttributeValueBLOB(pkcs11, pkcs11Session, j2, 258L);
        PrivateKeyAbstr privateKeyObject = getPrivateKeyObject(Pkcs11Tool.getAttributeValueLong(pkcs11, pkcs11Session, j2, 256L));
        privateKeyObject.setId(attributeValueBLOB);
        privateKeyObject.setVirtualSlotId(j);
        String attributeValueString = Pkcs11Tool.getAttributeValueString(pkcs11, pkcs11Session, j2, 3L);
        if (attributeValueString != null) {
            privateKeyObject.setLabel(attributeValueString.toCharArray());
        }
        return privateKeyObject;
    }

    public static java.security.PrivateKey getUnwrappedPrivateKey(PKCS11 pkcs11, Pkcs11Session pkcs11Session, long j, long j2, boolean z) throws PKCS11Exception {
        long attributeValueLong = Pkcs11Tool.getAttributeValueLong(pkcs11, pkcs11Session, j2, 256L);
        byte[] attributeValueBLOB = Pkcs11Tool.getAttributeValueBLOB(pkcs11, pkcs11Session, j2, 258L);
        long[] findObjects = Pkcs11Tool.findObjects(pkcs11, pkcs11Session, 3L, attributeValueBLOB);
        PrivateKeyAbstr privateKeyObject = getPrivateKeyObject(attributeValueLong);
        privateKeyObject.setId(attributeValueBLOB);
        privateKeyObject.setVirtualSlotId(j);
        String attributeValueString = Pkcs11Tool.getAttributeValueString(pkcs11, pkcs11Session, j2, 3L);
        if (attributeValueString != null) {
            privateKeyObject.setLabel(attributeValueString.toCharArray());
        }
        if (z) {
            for (long j3 : findObjects) {
                Pkcs11Tool.destroyObject(pkcs11, pkcs11Session, j3);
            }
        }
        return privateKeyObject;
    }

    static ObjectIdentifier getParamSetOid(PKCS11 pkcs11, Pkcs11Session pkcs11Session, long j) throws PKCS11Exception {
        byte[] attributeValueBLOB = Pkcs11Tool.getAttributeValueBLOB(pkcs11, pkcs11Session, j, -1911554046L);
        if (attributeValueBLOB == null) {
            throw new ProviderException(ProviderExcptMessages.EPKI_FAILED_TO_GET_OID);
        }
        return BignUtils.unwrapParametersOid(attributeValueBLOB);
    }

    public static byte[] generateKeyId(PKCS11 pkcs11, Pkcs11Session pkcs11Session, byte[] bArr) throws PKCS11Exception {
        CK_MECHANISM ck_mechanism = new CK_MECHANISM();
        ck_mechanism.mechanism = -1911554032L;
        ck_mechanism.pParameter = new AvBhfParameter(KeyPairGeneratorAbstr.NMC_INIT_VECTOR).getPKCS11ParamsObject();
        pkcs11.C_DigestInit(pkcs11Session.getSessionId(), ck_mechanism);
        return pkcs11.C_Digest(pkcs11Session.getSessionId(), bArr);
    }

    private static PrivateKeyAbstr getPrivateKeyObject(long j) {
        PrivateKeyAbstr privateKeyBign;
        int intValue = new Long(j).intValue();
        if (intValue == -1911554042) {
            privateKeyBign = new PrivateKeyBdh(0L, null);
        } else if (intValue == -1911554044) {
            privateKeyBign = new PrivateKeyAvBds(0L, null);
        } else if (intValue == -1911554039) {
            privateKeyBign = new PrivateKeyAvCompoundBds(0L, null);
        } else if (intValue == -1911554043) {
            privateKeyBign = new PrivateKeyAvBdsHash(0L, null);
        } else if (intValue == -1911554040) {
            privateKeyBign = new PrivateKeyAvCompoundBdsHash(0L, null);
        } else {
            if (!isBign(intValue)) {
                throw new ProviderException(ProviderExcptMessages.EPKI_UNKNOWN_KEY_TYPE);
            }
            privateKeyBign = new PrivateKeyBign(0L, null);
        }
        return privateKeyBign;
    }

    private long doUnwrapKey(byte[] bArr, byte[] bArr2, String str) throws PKCS11Exception {
        try {
            byte[] generateKeyId = generateKeyId(getCryptoki(), getSession(), bArr);
            if (Util.isDebug()) {
                Util.log("parsing EncryptedPrivateKeyInfo");
            }
            DerInputStream data = new DerValue(bArr).getData();
            BelPBEWithGOST28147ECBParameterSpec parsePBEParams = parsePBEParams(data.getDerValue());
            if (Util.isDebug()) {
                Util.log("pbeSpec=" + parsePBEParams);
            }
            byte[] octetString = data.getOctetString();
            if (Util.isDebug()) {
                Util.log("encrypted data: " + ByteArrayUtil.toHexString(octetString));
            }
            byte[] decryptKeyAndVerifyMac = decryptKeyAndVerifyMac(bArr2, parsePBEParams, octetString);
            if (Util.isDebug()) {
                Util.log("parsing PrivateKeyInfo");
            }
            DerInputStream data2 = new DerValue(decryptKeyAndVerifyMac).getData();
            int integer = data2.getDerValue().getInteger();
            if (Util.isDebug()) {
                Util.log("PrivateKeyInfo.version: " + integer);
            }
            DerInputStream data3 = data2.getDerValue().getData();
            ObjectIdentifier oid = data3.getDerValue().getOID();
            if (Util.isDebug()) {
                Util.log("PrivateKeyInfo.oid: " + oid);
            }
            byte[] byteArray = data3.getDerValue().toByteArray();
            if (Util.isDebug()) {
                Util.log("PrivateKeyInfo.paramsOid: " + ByteArrayUtil.toHexString(byteArray));
            }
            TemplateBuilder buildUnwrappedPrivateKeyTemplate = buildUnwrappedPrivateKeyTemplate(generateKeyId, str.toCharArray(), oid, byteArray, data2.getDerValue().getOctetString());
            if (Util.isDebug()) {
                Util.log("importing private key");
            }
            long createObject = Pkcs11Tool.createObject(getCryptoki(), getSession(), buildUnwrappedPrivateKeyTemplate.toCkAttributeArray());
            if (Util.isDebug()) {
                Util.log("imported private key handle: " + createObject);
            }
            return createObject;
        } catch (IOException e) {
            throw new ProviderException("could not parse EncryptedPrivateKeyInfo", e);
        }
    }

    private byte[] decryptKeyAndVerifyMac(byte[] bArr, BelPBEWithGOST28147ECBParameterSpec belPBEWithGOST28147ECBParameterSpec, byte[] bArr2) throws PKCS11Exception {
        long generatePBEKey = generatePBEKey(this.pkcs11Common, bArr, belPBEWithGOST28147ECBParameterSpec);
        try {
            byte[] bArr3 = new byte[4];
            int length = bArr2.length - 4;
            byte[] bArr4 = new byte[length];
            System.arraycopy(bArr2, 0, bArr4, 0, length);
            if (Util.isDebug()) {
                Util.log("encryptedKey: " + ByteArrayUtil.toHexString(bArr4));
            }
            System.arraycopy(bArr2, length, bArr3, 0, 4);
            if (Util.isDebug()) {
                Util.log("mac: " + ByteArrayUtil.toHexString(bArr3));
            }
            PKCS11 cryptoki = this.pkcs11Common.getCryptoki();
            Pkcs11Session session = this.pkcs11Common.getSession();
            byte[] decryptKey = decryptKey(cryptoki, session, generatePBEKey, bArr4);
            CK_MECHANISM ck_mechanism = new CK_MECHANISM();
            ck_mechanism.mechanism = -1911554034L;
            if (Util.isDebug()) {
                Util.log("verifying mac");
            }
            cryptoki.C_VerifyInit(session.getSessionId(), ck_mechanism, generatePBEKey);
            cryptoki.C_Verify(session.getSessionId(), decryptKey, bArr3);
            if (Util.isDebug()) {
                Util.log("mac valid");
            }
            try {
                if (Util.isDebug()) {
                    Util.log("destroying PBE key handle: " + generatePBEKey);
                }
                getCryptoki().C_DestroyObject(getSession().getSessionId(), generatePBEKey);
            } catch (PKCS11Exception e) {
            }
            return decryptKey;
        } finally {
            try {
                if (Util.isDebug()) {
                    Util.log("destroying PBE key handle: " + generatePBEKey);
                }
                getCryptoki().C_DestroyObject(getSession().getSessionId(), generatePBEKey);
            } catch (PKCS11Exception e2) {
                if (Util.isDebug()) {
                    Util.log("error destroying pbe key");
                    e2.printStackTrace();
                }
            }
        }
    }

    private byte[] encryptKey(PKCS11 pkcs11, Pkcs11Session pkcs11Session, long j, byte[] bArr) throws PKCS11Exception {
        if (Util.isDebug()) {
            Util.log("encrypting key");
        }
        CK_MECHANISM ck_mechanism = new CK_MECHANISM();
        ck_mechanism.mechanism = -1911554037L;
        pkcs11.C_EncryptInit(pkcs11Session.getSessionId(), ck_mechanism, j);
        byte[] C_Encrypt = pkcs11.C_Encrypt(pkcs11Session.getSessionId(), bArr);
        if (Util.isDebug()) {
            Util.log("encryptedKey: " + ByteArrayUtil.toHexString(C_Encrypt));
        }
        return C_Encrypt;
    }

    private byte[] decryptKey(PKCS11 pkcs11, Pkcs11Session pkcs11Session, long j, byte[] bArr) throws PKCS11Exception {
        if (Util.isDebug()) {
            Util.log("decrypting key");
        }
        CK_MECHANISM ck_mechanism = new CK_MECHANISM();
        ck_mechanism.mechanism = -1911554037L;
        pkcs11.C_DecryptInit(pkcs11Session.getSessionId(), ck_mechanism, j);
        byte[] C_Decrypt = pkcs11.C_Decrypt(pkcs11Session.getSessionId(), bArr);
        if (Util.isDebug()) {
            Util.log("decryptedKey: " + ByteArrayUtil.toHexString(C_Decrypt));
        }
        return C_Decrypt;
    }

    private BelPBEWithGOST28147ECBParameterSpec parsePBEParams(DerValue derValue) throws IOException {
        DerInputStream data = derValue.getData();
        ObjectIdentifier oid = data.getDerValue().getOID();
        if (!oid.equals(AvPKIExtensions.AvCSPBelPBEGost2814789ECB)) {
            throw new ProviderException("Unsupported EncryptedPrivateKeyInfo algorithm oid: " + oid);
        }
        DerInputStream data2 = data.getDerValue().getData();
        byte[] octetString = data2.getDerValue().getOctetString();
        int integer = data2.getDerValue().getInteger();
        ObjectIdentifier objectIdentifier = null;
        if (data2.available() > 0) {
            objectIdentifier = data2.getDerValue().getOID();
        }
        return new BelPBEWithGOST28147ECBParameterSpec(octetString, integer, objectIdentifier);
    }

    private static TemplateBuilder buildUnwrappedPrivateKeyTemplate(byte[] bArr, char[] cArr, ObjectIdentifier objectIdentifier, byte[] bArr2, byte[] bArr3) {
        int i;
        TemplateBuilder templateBuilder = new TemplateBuilder();
        boolean z = false;
        if (isOidOneOf(objectIdentifier, PublicKeyAvBds.algorithmOid, PublicKeyBds.algorithmOid)) {
            i = -1911554044;
        } else if (isOidOneOf(objectIdentifier, PublicKeyBdh.algorithmOid)) {
            i = -1911554042;
        } else if (isOidOneOf(objectIdentifier, PublicKeyAvCompoundBds.algorithmOid, PublicKeyCompoundBds.algorithmOid)) {
            i = -1911554039;
        } else if (isOidOneOf(objectIdentifier, PublicKeyAvBdsHash.algorithmOid, PublicKeyBdsHash.algorithmOid)) {
            i = -1911554043;
        } else if (isOidOneOf(objectIdentifier, PublicKeyAvCompoundBdsHash.algorithmOid, PublicKeyCompoundBdsHash.algorithmOid)) {
            i = -1911554040;
        } else {
            if (!isOidOneOf(objectIdentifier, PublicKeyBign.algorithmOid)) {
                throw new ProviderException("unsupported key algorithm oid: " + objectIdentifier);
            }
            z = true;
            i = -1911554045;
        }
        if (isCompound(i)) {
            templateBuilder.append(-1911554044L, cspToP11Compound(bArr3));
        } else if (z) {
            templateBuilder.append(17L, bArr3);
        } else {
            templateBuilder.append(17L, cspToP11(bArr3));
        }
        if (bArr2 != null) {
            if (isBign(i)) {
                templateBuilder.append(384L, bArr2);
            } else {
                templateBuilder.append(-1911554046L, bArr2);
            }
        }
        templateBuilder.append(0L, 3L);
        templateBuilder.append(256L, i);
        templateBuilder.append(1L, true);
        templateBuilder.append(2L, true);
        templateBuilder.append(264L, true);
        templateBuilder.append(268L, true);
        templateBuilder.append(354L, true);
        templateBuilder.append(263L, true);
        templateBuilder.append(3L, cArr);
        templateBuilder.append(258L, bArr);
        return templateBuilder;
    }

    private static boolean isBign(int i) {
        return i == -1911554045;
    }

    public static byte[] cspToP11(byte[] bArr) {
        try {
            return shiftKeyValue(new DerValue(bArr));
        } catch (IOException e) {
            throw new ProviderException("error parsing private key value", e);
        }
    }

    public static byte[] cspToP11Compound(byte[] bArr) {
        try {
            DerOutputStream derOutputStream = new DerOutputStream();
            DerInputStream data = new DerValue(bArr).getData();
            derOutputStream.putInteger(new BigInteger(shiftKeyValue(data.getDerValue())));
            derOutputStream.putInteger(new BigInteger(shiftKeyValue(data.getDerValue())));
            DerOutputStream derOutputStream2 = new DerOutputStream();
            derOutputStream2.write((byte) 48, derOutputStream);
            return derOutputStream2.toByteArray();
        } catch (IOException e) {
            throw new ProviderException("error parsing compound private key value", e);
        }
    }

    public static byte[] shiftKeyValue(DerValue derValue) throws IOException {
        int peekByte = derValue.data.peekByte();
        byte[] bitString = derValue.getBitString();
        if (peekByte != 0) {
            AttributeConverter.shiftRight(bitString, peekByte);
        }
        return bitString;
    }

    public static byte[] p11ToCsp(byte[] bArr, KeyParamsListBds keyParamsListBds) {
        try {
            DerOutputStream derOutputStream = new DerOutputStream();
            derOutputStream.putUnalignedBitString(alignKeyValue(new DerValue((byte) 2, bArr), keyParamsListBds.getPrmR()));
            return derOutputStream.toByteArray();
        } catch (IOException e) {
            throw new ProviderException("unexpected error", e);
        }
    }

    public static byte[] p11ToCspCompound(byte[] bArr, KeyParamsListCompoundBds keyParamsListCompoundBds) {
        try {
            DerOutputStream derOutputStream = new DerOutputStream();
            DerInputStream data = new DerValue(bArr).getData();
            derOutputStream.putUnalignedBitString(alignKeyValue(data.getDerValue(), keyParamsListCompoundBds.getBdsParams().getPrmR()));
            derOutputStream.putUnalignedBitString(alignKeyValue(data.getDerValue(), keyParamsListCompoundBds.getBdhParams().getPrmR()));
            DerOutputStream derOutputStream2 = new DerOutputStream();
            derOutputStream2.write((byte) 48, derOutputStream);
            return derOutputStream2.toByteArray();
        } catch (IOException e) {
            throw new ProviderException("error parsing compound private key value", e);
        }
    }

    private static BitArray alignKeyValue(DerValue derValue, int i) throws IOException {
        byte[] byteArray = derValue.getBigInteger().toByteArray();
        if (Util.isDebug()) {
            Util.log("alignKeyValue, keyValue: " + ByteArrayUtil.toHexString(byteArray) + ", length: " + i);
        }
        int i2 = (i / 8) + 1;
        if (byteArray.length < i2) {
            byte[] bArr = new byte[i2];
            System.arraycopy(byteArray, 0, bArr, i2 - byteArray.length, byteArray.length);
            byteArray = bArr;
        }
        AttributeConverter.shiftLeft(byteArray, AttributeConverter.getOffset(byteArray, i));
        if (Util.isDebug()) {
            Util.log("alignKeyValue, alignedKeyValue: " + ByteArrayUtil.toHexString(byteArray));
        }
        return new BitArray(i, byteArray);
    }

    public static boolean isOidOneOf(ObjectIdentifier objectIdentifier, ObjectIdentifier... objectIdentifierArr) {
        for (ObjectIdentifier objectIdentifier2 : objectIdentifierArr) {
            if (objectIdentifier.equals(objectIdentifier2)) {
                return true;
            }
        }
        return false;
    }
}
