package by.avest.crypto.pkcs11.provider.bign;

import by.avest.crypto.pkcs11.provider.ByteArrayUtil;
import by.avest.crypto.pkcs11.provider.LoginController;
import by.avest.crypto.pkcs11.provider.Pkcs11Common;
import by.avest.crypto.pkcs11.provider.Pkcs11Session;
import by.avest.crypto.pkcs11.provider.Pkcs11Tool;
import by.avest.crypto.pkcs11.provider.Pkcs11VirtualToken;
import by.avest.crypto.pkcs11.provider.TemplateBuilder;
import by.avest.crypto.pkcs11.provider.Util;
import by.avest.crypto.provider.AvTLSKeyMaterial;
import by.avest.crypto.provider.AvTLSKeyMaterialParameterSpec;
import iaik.pkcs.pkcs11.parameters.AvTLSKeyMaterialOutParameters;
import iaik.pkcs.pkcs11.parameters.AvTLSKeyMaterialParameters;
import iaik.pkcs.pkcs11.wrapper.CK_AVTLS_KEY_MAT_OUT_PARAMS;
import iaik.pkcs.pkcs11.wrapper.CK_AVTLS_KEY_MAT_PARAMS;
import iaik.pkcs.pkcs11.wrapper.CK_MECHANISM;
import iaik.pkcs.pkcs11.wrapper.PKCS11;
import iaik.pkcs.pkcs11.wrapper.PKCS11Constants;
import iaik.pkcs.pkcs11.wrapper.PKCS11Exception;
import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.ProviderException;
import java.security.SecureRandom;
import java.security.spec.AlgorithmParameterSpec;
import javax.crypto.KeyGeneratorSpi;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;

/* loaded from: input_file:by/avest/crypto/pkcs11/provider/bign/KeyGeneratorAvTLSKeyMaterial.class */
public class KeyGeneratorAvTLSKeyMaterial extends KeyGeneratorSpi implements BignExtensions, PKCS11Constants {
    private Pkcs11Common pkcs11Common = new Pkcs11Common(true);
    private AvTLSKeyMaterialParameters mechanismParam;
    private SecretKeyAvTLSMasterSecret masterSecret;
    private AvTLSKeyMaterialParameterSpec param;

    protected PKCS11 getCryptoki() {
        return this.pkcs11Common.getCryptoki();
    }

    protected Pkcs11Session getSession() {
        return this.pkcs11Common.getSession();
    }

    long getVirtualSlotCount() {
        return this.pkcs11Common.getVirtualSlotCount();
    }

    protected long getVirtualSlotId() {
        return this.pkcs11Common.getVirtualSlotId();
    }

    long getTheVirtualSlotId() {
        return this.pkcs11Common.getTheVirtualSlotId();
    }

    Pkcs11VirtualToken getVirtualToken() {
        return this.pkcs11Common.getVirtualToken();
    }

    void release() {
        this.pkcs11Common.release();
    }

    void setVirtualSlotId(long j) {
        this.pkcs11Common.setVirtualSlotId(j);
    }

    @Override // javax.crypto.KeyGeneratorSpi
    protected void engineInit(SecureRandom secureRandom) {
        if (Util.isDebug()) {
            Util.log(getClass().getName() + ".engineInit(" + Util.getClassName(secureRandom) + ")");
        }
        throw new UnsupportedOperationException();
    }

    @Override // javax.crypto.KeyGeneratorSpi
    protected void engineInit(AlgorithmParameterSpec algorithmParameterSpec, SecureRandom secureRandom) throws InvalidAlgorithmParameterException {
        if (Util.isDebug()) {
            Util.log(getClass().getName() + ".engineInit(" + algorithmParameterSpec + ", " + Util.getClassName(secureRandom) + ")");
        }
        initParameter(algorithmParameterSpec);
        initSecureRandom(secureRandom);
    }

    private void initParameter(AlgorithmParameterSpec algorithmParameterSpec) throws InvalidAlgorithmParameterException {
        if (!(algorithmParameterSpec instanceof AvTLSKeyMaterialParameterSpec)) {
            throw new InvalidAlgorithmParameterException("Invalid algorithm parameter specification.");
        }
        this.param = (AvTLSKeyMaterialParameterSpec) algorithmParameterSpec;
        this.mechanismParam = new AvTLSKeyMaterialParameters(this.param.getSeed(), new AvTLSKeyMaterialOutParameters(new byte[8], new byte[8]));
        if (!(this.param.getMasterSecret() instanceof SecretKeyAvTLSMasterSecret)) {
            throw new InvalidAlgorithmParameterException("Invalid master secret key type");
        }
        this.masterSecret = (SecretKeyAvTLSMasterSecret) this.param.getMasterSecret();
        setVirtualSlotId(this.masterSecret.getVirtualSlotId());
    }

    private void initSecureRandom(SecureRandom secureRandom) {
    }

    @Override // javax.crypto.KeyGeneratorSpi
    protected void engineInit(int i, SecureRandom secureRandom) {
        if (Util.isDebug()) {
            Util.log(getClass().getName() + ".engineInit(" + i + ", " + Util.getClassName(secureRandom) + ")");
        }
        throw new UnsupportedOperationException();
    }

    @Override // javax.crypto.KeyGeneratorSpi
    protected SecretKey engineGenerateKey() {
        if (Util.isDebug()) {
            Util.log(getClass().getName() + ".engineGenerateKey()");
        }
        try {
            SecretKey secretKey = (SecretKey) LoginController.doReleasableAction(this.pkcs11Common, new LoginController.Action() { // from class: by.avest.crypto.pkcs11.provider.bign.KeyGeneratorAvTLSKeyMaterial.1
                @Override // by.avest.crypto.pkcs11.provider.LoginController.Action
                public Object doAction() throws PKCS11Exception {
                    return KeyGeneratorAvTLSKeyMaterial.this.generateSecretKey();
                }
            });
            reset();
            return secretKey;
        } catch (Throwable th) {
            reset();
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public SecretKey generateSecretKey() throws PKCS11Exception {
        CK_MECHANISM ck_mechanism = new CK_MECHANISM();
        ck_mechanism.mechanism = -1911554012L;
        ck_mechanism.pParameter = this.mechanismParam.getPKCS11ParamsObject();
        getCryptoki().C_DeriveKey(getSession().getSessionId(), ck_mechanism, Pkcs11Tool.findObject(getCryptoki(), getSession(), this.masterSecret.getCkTemplate().toCkAttributeArray()), getSecretKeyTpl().toCkAttributeArray());
        CK_AVTLS_KEY_MAT_OUT_PARAMS ck_avtls_key_mat_out_params = ((CK_AVTLS_KEY_MAT_PARAMS) ck_mechanism.pParameter).pReturnedKeyMaterial;
        return new SecretKeyAvTLSKeyMaterial(new AvTLSKeyMaterial(createSecretKey(ck_avtls_key_mat_out_params.hClientKey), createSecretKey(ck_avtls_key_mat_out_params.hClientMacKey), new IvParameterSpec(ck_avtls_key_mat_out_params.IVClient)), new AvTLSKeyMaterial(createSecretKey(ck_avtls_key_mat_out_params.hServerKey), createSecretKey(ck_avtls_key_mat_out_params.hServerMacKey), new IvParameterSpec(ck_avtls_key_mat_out_params.IVServer)));
    }

    protected SecretKey createSecretKey(long j) throws PKCS11Exception {
        byte[] generateSecretKeyId = BignUtils.generateSecretKeyId(getCryptoki(), getSession(), j);
        Pkcs11Tool.setAttributeValue(getCryptoki(), getSession(), j, 258L, generateSecretKeyId);
        return getVirtualToken().isCachingEnabled() ? createSecretKey(getVirtualSlotId(), j, generateSecretKeyId) : createSecretKey(getVirtualSlotId(), generateSecretKeyId);
    }

    protected SecretKey createSecretKey(long j, long j2, byte[] bArr) {
        return new SecretKeyGOST_28147_89Memory(getVirtualSlotId(), j2, bArr);
    }

    protected SecretKey createSecretKey(long j, byte[] bArr) {
        return new SecretKeyGOST_28147_89(j, bArr);
    }

    private TemplateBuilder getSecretKeyTpl() {
        TemplateBuilder buildSecretKeyTemplate = BignUtils.buildSecretKeyTemplate(-1911554046L);
        if (this.param.getsBlock() != null) {
            try {
                byte[] wrapSBlock = BignUtils.wrapSBlock(this.param.getsBlock());
                if (Util.isDebug()) {
                    Util.log(getClass().getName() + ", wrapedSBlock=" + ByteArrayUtil.toHexString(wrapSBlock));
                }
                buildSecretKeyTemplate.append(-1911554045L, wrapSBlock);
            } catch (IOException e) {
                ProviderException providerException = new ProviderException(e.getMessage());
                providerException.initCause(e);
                throw providerException;
            }
        } else if (this.param.getsBlockOid() != null) {
            buildSecretKeyTemplate.append(-1911554045L, BignUtils.wrapSBlockOid(this.param.getsBlockOid()));
        }
        return buildSecretKeyTemplate;
    }

    private void reset() {
        this.mechanismParam = null;
        this.masterSecret = null;
        this.param = null;
    }
}
