package by.avest.crypto.pkcs11.provider;

import by.avest.crypto.AvestExtensions;
import by.avest.crypto.pkcs11.provider.LoginController;
import by.avest.crypto.pkcs11.provider.TemplateFactory;
import by.avest.crypto.provider.Entropy;
import by.avest.crypto.provider.KeyPairGenParameterImpl;
import by.avest.crypto.provider.MessageDigestParameterBhf;
import by.avest.crypto.provider.Pkcs11MessageDigestIntf;
import by.avest.crypto.provider.Pkcs11SlotIntf;
import iaik.pkcs.pkcs11.wrapper.CK_ATTRIBUTE;
import iaik.pkcs.pkcs11.wrapper.CK_MECHANISM;
import iaik.pkcs.pkcs11.wrapper.PKCS11;
import iaik.pkcs.pkcs11.wrapper.PKCS11Constants;
import iaik.pkcs.pkcs11.wrapper.PKCS11Exception;
import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.ProviderException;
import java.security.SecureRandom;
import java.security.spec.AlgorithmParameterSpec;
import java.util.Arrays;
import sun.security.util.ObjectIdentifier;
import sun.security.x509.X500Name;

/* loaded from: input_file:by/avest/crypto/pkcs11/provider/KeyPairGeneratorAbstr.class */
public abstract class KeyPairGeneratorAbstr extends KeyPairGenerator implements Pkcs11SlotIntf, Entropy, PKCS11Constants, AvestExtensions {
    public static final String PARAM_TEMP_DN = "CN=temp";
    private static final long NMC_KEY_IDENTIFIER_LENGTH = 160;
    public static final byte[] NMC_INIT_VECTOR = {78, 78, -100, -100, -100, -100, 78, 78, -100, -100, 78, 78, 78, 78, -100, -100, -100, -100, 78, 78, 78, 78, -100, -100, 78, 78, -100, -100, -100, -100, 78, 78};
    private KeyPairGenParameterImpl parameter;
    private byte[] subjectEnc;
    private byte[] entropy;
    private Pkcs11Common pkcs11Common;

    /* JADX INFO: Access modifiers changed from: protected */
    public KeyPairGeneratorAbstr(String str) {
        super(str);
        this.pkcs11Common = new Pkcs11Common(true);
    }

    public PKCS11 getCryptoki() {
        return this.pkcs11Common.getCryptoki();
    }

    public Pkcs11Session getSession() {
        return this.pkcs11Common.getSession();
    }

    @Override // by.avest.crypto.provider.Pkcs11SlotIntf
    public long getVirtualSlotCount() {
        return this.pkcs11Common.getVirtualSlotCount();
    }

    @Override // by.avest.crypto.provider.Pkcs11SlotIntf
    public long getVirtualSlotId() {
        return this.pkcs11Common.getVirtualSlotId();
    }

    Pkcs11VirtualToken getVirtualToken() {
        return this.pkcs11Common.getVirtualToken();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public KeyPairGenParameterImpl getParameter() {
        return this.parameter;
    }

    void login(String str) {
        this.pkcs11Common.login(str);
    }

    void release() {
        this.pkcs11Common.release();
    }

    @Override // by.avest.crypto.provider.Pkcs11SlotIntf
    public void setVirtualSlotId(long j) {
        this.pkcs11Common.setVirtualSlotId(j);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public byte[] getSubjectEnc() {
        if (this.subjectEnc == null) {
            try {
                X500Name keySubjectName = this.parameter.getKeySubjectName();
                if (keySubjectName != null) {
                    this.subjectEnc = keySubjectName.getEncoded();
                }
            } catch (IOException e) {
                ProviderException providerException = new ProviderException(e.getMessage());
                providerException.initCause(e);
                throw providerException;
            }
        }
        return this.subjectEnc;
    }

    @Override // java.security.KeyPairGenerator, java.security.KeyPairGeneratorSpi
    public void initialize(AlgorithmParameterSpec algorithmParameterSpec, SecureRandom secureRandom) throws InvalidAlgorithmParameterException {
        initialize(algorithmParameterSpec);
    }

    @Override // java.security.KeyPairGenerator
    public void initialize(AlgorithmParameterSpec algorithmParameterSpec) throws InvalidAlgorithmParameterException {
        if (this.pkcs11Common.getTheVirtualSlotId() == 0) {
            this.pkcs11Common.setVirtualSlotId(((AvestProvider) getProvider()).getVirtualToken().getVirtualSlotId());
        }
        if (algorithmParameterSpec == null) {
            throw new InvalidAlgorithmParameterException(ProviderExcptMessages.KPGA_ALG_PARAM_NULL);
        }
        if (!(algorithmParameterSpec instanceof KeyPairGenParameterImpl)) {
            throw new InvalidAlgorithmParameterException("Invalid algorithm parameter specification.");
        }
        KeyPairGenParameterImpl keyPairGenParameterImpl = (KeyPairGenParameterImpl) algorithmParameterSpec;
        if (keyPairGenParameterImpl.getParamSetOid() == null) {
            keyPairGenParameterImpl.setParamSetOid(getDefaultParamSetOid());
        }
        if (keyPairGenParameterImpl.getKeySubjectName() != null) {
            try {
                keyPairGenParameterImpl.getKeySubjectName().getEncoded();
            } catch (IOException e) {
                InvalidAlgorithmParameterException invalidAlgorithmParameterException = new InvalidAlgorithmParameterException(e.getMessage());
                invalidAlgorithmParameterException.initCause(e);
                throw invalidAlgorithmParameterException;
            }
        }
        if (keyPairGenParameterImpl.getEntropy() != null) {
            setEntropy(keyPairGenParameterImpl.getEntropy());
        }
        this.parameter = keyPairGenParameterImpl;
    }

    protected ObjectIdentifier getDefaultParamSetOid() throws InvalidAlgorithmParameterException {
        throw new InvalidAlgorithmParameterException("Parameters set OID is null.");
    }

    @Override // java.security.KeyPairGenerator, java.security.KeyPairGeneratorSpi
    public KeyPair generateKeyPair() {
        return (KeyPair) LoginController.doReleasableAction(this.pkcs11Common, new LoginController.Action() { // from class: by.avest.crypto.pkcs11.provider.KeyPairGeneratorAbstr.1
            @Override // by.avest.crypto.pkcs11.provider.LoginController.Action
            public Object doAction() throws PKCS11Exception {
                return KeyPairGeneratorAbstr.this.generateKeyPairInternal();
            }
        });
    }

    protected KeyPair generateKeyPairInternal() throws PKCS11Exception {
        if (this.entropy != null) {
            try {
                getCryptoki().C_SeedRandom(getSession().getSessionId(), MessageDigest.getInstance("BelT", getProvider()).digest(this.entropy));
            } catch (NoSuchAlgorithmException e) {
                ProviderException providerException = new ProviderException(e.getMessage());
                providerException.initCause(e);
                throw providerException;
            }
        }
        TemplateBuilder createPublicKeyAttr = createPublicKeyAttr();
        TemplateBuilder createPrivateKeyAttr = createPrivateKeyAttr();
        resetLabel(createPrivateKeyAttr, createPublicKeyAttr);
        CK_MECHANISM ck_mechanism = new CK_MECHANISM();
        ck_mechanism.mechanism = getMechanism();
        if (Util.isDebug()) {
            Util.log(Util.getClassName(this) + ".generateKeyPairInternal, sessionId: " + getSession().getSessionId() + ", mech: " + ck_mechanism.mechanism + ", pubKeyTpl: " + Util.ckAttributesToString(createPublicKeyAttr.toCkAttributeArray()) + ", privKeyTpl: " + Util.ckAttributesToString(createPrivateKeyAttr.toCkAttributeArray()));
        }
        long[] C_GenerateKeyPair = getCryptoki().C_GenerateKeyPair(getSession().getSessionId(), ck_mechanism, createPublicKeyAttr.toCkAttributeArray(), createPrivateKeyAttr.toCkAttributeArray());
        if (Util.isDebug()) {
            Util.log(Util.getClassName(this) + ".generateKeyPairInternal, generated handles: " + Arrays.toString(C_GenerateKeyPair));
        }
        return constructKeyPair(new KeyPairHandle(C_GenerateKeyPair));
    }

    private void resetLabel(TemplateBuilder... templateBuilderArr) {
        if (this.parameter == null || this.parameter.getLabel() == null) {
            return;
        }
        for (TemplateBuilder templateBuilder : templateBuilderArr) {
            CK_ATTRIBUTE find = templateBuilder.find(3L);
            if (find == null) {
                templateBuilder.append(3L, this.parameter.getLabel());
            } else {
                find.pValue = Pkcs11Tool.getStringUTF8Bytes(this.parameter.getLabel());
            }
        }
    }

    protected TemplateBuilder createPublicKeyAttr() {
        return buildPublicKeyTemplate(getKeyType(), this.parameter.getParamSetOid(), getSubjectEnc());
    }

    protected TemplateBuilder buildPublicKeyTemplate(int i, ObjectIdentifier objectIdentifier, byte[] bArr) {
        TemplateBuilder templateBuilder = new TemplateBuilder();
        ((AvestProvider) getProvider()).getTemplateFactory().getAttributes(TemplateFactory.Operation.GENERATE, 2L, i, templateBuilder);
        templateBuilder.append(-1912602606L, objectIdentifier.toString());
        templateBuilder.append(257L, bArr);
        return templateBuilder;
    }

    protected TemplateBuilder createPrivateKeyAttr() {
        return buildPrivateKeyTemplate(getKeyType(), getSubjectEnc());
    }

    protected TemplateBuilder buildPrivateKeyTemplate(int i, byte[] bArr) {
        TemplateBuilder templateBuilder = new TemplateBuilder();
        ((AvestProvider) getProvider()).getTemplateFactory().getAttributes(TemplateFactory.Operation.GENERATE, 3L, i, templateBuilder);
        templateBuilder.append(257L, bArr);
        return templateBuilder;
    }

    protected KeyPair constructKeyPair(KeyPairHandle keyPairHandle) throws PKCS11Exception {
        PublicKeyAbstr createPublicKey = createPublicKey(keyPairHandle, this.parameter.getParamSetOid(), (byte[]) null);
        byte[] generateKeyIdentifier = generateKeyIdentifier(createPublicKey);
        Pkcs11Tool.setAttributeValue(getCryptoki(), getSession(), keyPairHandle.getPublicKey(), 258L, generateKeyIdentifier);
        createPublicKey.setId(generateKeyIdentifier);
        createPublicKey.setSubject(this.parameter.getKeySubjectName());
        createPublicKey.setLabel(this.parameter.getLabel());
        PrivateKeyAbstr createPrivateKey = createPrivateKey(keyPairHandle, this.parameter.getParamSetOid(), generateKeyIdentifier);
        Pkcs11Tool.setAttributeValue(getCryptoki(), getSession(), keyPairHandle.getPrivateKey(), 258L, generateKeyIdentifier);
        createPrivateKey.setId(generateKeyIdentifier);
        createPrivateKey.setSubject(this.parameter.getKeySubjectName());
        createPrivateKey.setLabel(this.parameter.getLabel());
        return new KeyPair(createPublicKey, createPrivateKey);
    }

    /* JADX WARN: Multi-variable type inference failed */
    public static byte[] generateKeyIdentifier(PublicKeyAbstr publicKeyAbstr) {
        try {
            byte[] publicKeyEncoded = getPublicKeyEncoded(publicKeyAbstr);
            MessageDigest messageDigest = MessageDigest.getInstance("BHF");
            ((Pkcs11MessageDigestIntf) messageDigest).setParameter(new MessageDigestParameterBhf(160L, NMC_INIT_VECTOR));
            byte[] digest = messageDigest.digest(publicKeyEncoded);
            if (digest == null || digest.length == 0) {
                throw new ProviderException(ProviderExcptMessages.KPGA_KPID_FAILURE);
            }
            return digest;
        } catch (IOException e) {
            throw new ProviderException(ProviderExcptMessages.KPGA_KPID_FAILURE);
        } catch (InvalidAlgorithmParameterException e2) {
            throw new ProviderException(ProviderExcptMessages.KPGA_KPID_FAILURE);
        } catch (NoSuchAlgorithmException e3) {
            throw new ProviderException(ProviderExcptMessages.KPGA_KPID_FAILURE);
        }
    }

    protected static byte[] getPublicKeyEncoded(PublicKeyAbstr publicKeyAbstr) throws IOException {
        return publicKeyAbstr.getSubjectPublicKeyEnc();
    }

    public PublicKeyAbstr createPublicKey(KeyPairHandle keyPairHandle, ObjectIdentifier objectIdentifier, byte[] bArr) throws PKCS11Exception {
        return createPublicKey(Pkcs11Tool.getAttributeValueBLOB(getCryptoki(), getSession(), keyPairHandle.getPublicKey(), 17L), objectIdentifier, bArr);
    }

    protected abstract PublicKeyAbstr createPublicKey(byte[] bArr, ObjectIdentifier objectIdentifier, byte[] bArr2);

    /* JADX INFO: Access modifiers changed from: protected */
    public PrivateKeyAbstr createPrivateKey(KeyPairHandle keyPairHandle, ObjectIdentifier objectIdentifier, byte[] bArr) {
        return createPrivateKey(objectIdentifier, bArr);
    }

    protected abstract PrivateKeyAbstr createPrivateKey(ObjectIdentifier objectIdentifier, byte[] bArr);

    public abstract int getKeyType();

    public abstract int getMechanism();

    @Override // by.avest.crypto.provider.Entropy
    public byte[] getEntropy() {
        return this.entropy;
    }

    @Override // by.avest.crypto.provider.Entropy
    public void setEntropy(byte[] bArr) {
        this.entropy = (byte[]) bArr.clone();
    }
}
