package by.avest.crypto.pkcs11.provider;

import by.avest.crypto.AvestExtensions;
import by.avest.crypto.pkcs11.provider.LoginController;
import by.avest.crypto.provider.KeyGenParameterOID;
import by.avest.crypto.provider.KeyGenParameterSpec;
import by.avest.crypto.provider.Pkcs11KeySpec;
import by.avest.crypto.provider.SecretKeyGostSpec;
import iaik.pkcs.pkcs11.wrapper.PKCS11;
import iaik.pkcs.pkcs11.wrapper.PKCS11Constants;
import iaik.pkcs.pkcs11.wrapper.PKCS11Exception;
import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.ProviderException;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.KeySpec;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactorySpi;
import sun.security.util.DerInputStream;
import sun.security.util.ObjectIdentifier;

/* loaded from: input_file:by/avest/crypto/pkcs11/provider/SecretKeyFactoryGOST_28147_89.class */
public abstract class SecretKeyFactoryGOST_28147_89 extends SecretKeyFactorySpi implements ProviderDependent, PKCS11Constants, AvestExtensions {
    private Pkcs11Common pkcs11Common = new Pkcs11Common(true);

    PKCS11 getCryptoki() {
        return this.pkcs11Common.getCryptoki();
    }

    Pkcs11Session getSession() {
        return this.pkcs11Common.getSession();
    }

    Pkcs11VirtualToken getVirtualToken() {
        return this.pkcs11Common.getVirtualToken();
    }

    long getVirtualSlotId() {
        return this.pkcs11Common.getVirtualSlotId();
    }

    long getTheVirtualSlotId() {
        return this.pkcs11Common.getTheVirtualSlotId();
    }

    void setVirtualSlotId(long j) {
        this.pkcs11Common.setVirtualSlotId(j);
    }

    void release() {
        this.pkcs11Common.release();
    }

    @Override // javax.crypto.SecretKeyFactorySpi
    protected SecretKey engineGenerateSecret(KeySpec keySpec) throws InvalidKeySpecException {
        SecretKey secretKey;
        if (Util.isDebug()) {
            Util.log(getClass().getName() + ".engineGenerateSecret(" + keySpec + ")");
        }
        initVirtualSlot();
        if (keySpec instanceof Pkcs11KeySpec) {
            Pkcs11KeySpec pkcs11KeySpec = (Pkcs11KeySpec) keySpec;
            secretKey = new SecretKeyGOST_28147_89(pkcs11KeySpec.getVirtualSlotId(), pkcs11KeySpec.getId());
        } else {
            if (!(keySpec instanceof SecretKeyGostSpec)) {
                throw new InvalidKeySpecException(ProviderExcptMessages.SKFG_UNSUPPORTED_KEYSPEC);
            }
            final SecretKeyGostSpec secretKeyGostSpec = (SecretKeyGostSpec) keySpec;
            LoginController.LoginExceptionAction loginExceptionAction = new LoginController.LoginExceptionAction() { // from class: by.avest.crypto.pkcs11.provider.SecretKeyFactoryGOST_28147_89.1
                @Override // by.avest.crypto.pkcs11.provider.LoginController.Action
                public Object doAction() throws PKCS11Exception {
                    try {
                        return SecretKeyFactoryGOST_28147_89.this.createSecretKey(secretKeyGostSpec);
                    } catch (InvalidKeySpecException e) {
                        setException(e);
                        return null;
                    }
                }
            };
            secretKey = (SecretKey) LoginController.doReleasableAction(this.pkcs11Common, loginExceptionAction);
            if (loginExceptionAction.getException() != null) {
                throw ((InvalidKeySpecException) loginExceptionAction.getException());
            }
        }
        return secretKey;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public SecretKey createSecretKey(SecretKeyGostSpec secretKeyGostSpec) throws InvalidKeySpecException, PKCS11Exception {
        SecretKeyGOST_28147_89 secretKeyGOST_28147_89;
        TemplateBuilder ckTemplate = getCkTemplate(secretKeyGostSpec);
        if (Util.isDebug()) {
            Util.log("creating secret key");
        }
        long createObject = Pkcs11Tool.createObject(getCryptoki(), getSession(), ckTemplate.toCkAttributeArray());
        if (Util.isDebug()) {
            Util.log("created secret key handle: " + createObject);
        }
        synchronized (Pkcs11Tool.SECRET_KEY_ID_GENERATOR_LOCK) {
            byte[] generateSecretKeyId = Pkcs11Tool.generateSecretKeyId(getCryptoki(), getSession(), createObject);
            if (Util.isDebug()) {
                Util.log("created secret key id: " + ByteArrayUtil.toHexString(generateSecretKeyId));
            }
            Pkcs11Tool.setAttributeValue(getCryptoki(), getSession(), createObject, 258L, generateSecretKeyId);
            secretKeyGOST_28147_89 = new SecretKeyGOST_28147_89(getVirtualSlotId(), generateSecretKeyId);
        }
        return secretKeyGOST_28147_89;
    }

    private TemplateBuilder getCkTemplate(SecretKeyGostSpec secretKeyGostSpec) throws InvalidKeySpecException {
        if (secretKeyGostSpec.getValue() == null || secretKeyGostSpec.getValue().length != 32) {
            throw new InvalidKeySpecException(ProviderExcptMessages.SKFG_INVALID_KEY_LENGTH);
        }
        TemplateBuilder buildCkTemplate = buildCkTemplate(secretKeyGostSpec.isTokenPersistent(), secretKeyGostSpec.isTokenPersistent(), secretKeyGostSpec.getValue());
        try {
            buildCkTemplate.append(Pkcs11ParametersFactory.createKeyGenParameterCkTemplate(secretKeyGostSpec.getParameterSpec()));
            return buildCkTemplate;
        } catch (InvalidAlgorithmParameterException e) {
            InvalidKeySpecException invalidKeySpecException = new InvalidKeySpecException(e.getMessage());
            invalidKeySpecException.initCause(e);
            throw invalidKeySpecException;
        }
    }

    private TemplateBuilder buildCkTemplate(boolean z, boolean z2, byte[] bArr) {
        TemplateBuilder templateBuilder = new TemplateBuilder();
        templateBuilder.append(0L, 4L);
        templateBuilder.append(256L, -1912602624);
        templateBuilder.append(1L, z2);
        templateBuilder.append(2L, z);
        templateBuilder.append(261L, true);
        templateBuilder.append(260L, true);
        templateBuilder.append(262L, true);
        templateBuilder.append(263L, true);
        templateBuilder.append(354L, true);
        templateBuilder.append(259L, false);
        templateBuilder.append(264L, true);
        templateBuilder.append(266L, true);
        templateBuilder.append(17L, bArr);
        return templateBuilder;
    }

    @Override // javax.crypto.SecretKeyFactorySpi
    protected KeySpec engineGetKeySpec(final SecretKey secretKey, Class cls) throws InvalidKeySpecException {
        KeySpec keySpec;
        if (Util.isDebug()) {
            Util.log(getClass().getName() + ".engineGenerateSecret(" + Util.getClassName(secretKey) + ", " + cls + ")");
        }
        initVirtualSlot();
        if (secretKey == null || !(secretKey instanceof SecretKeyGOST_28147_89)) {
            throw new InvalidKeySpecException("Invalid secret key instance.");
        }
        if (Pkcs11KeySpec.class.isAssignableFrom(cls)) {
            keySpec = new Pkcs11KeySpec(((SecretKeyGOST_28147_89) secretKey).getVirtualSlotId(), ((SecretKeyGOST_28147_89) secretKey).getId());
        } else {
            if (!SecretKeyGostSpec.class.isAssignableFrom(cls)) {
                throw new InvalidKeySpecException(ProviderExcptMessages.SKFG_UNSUPPORTED_KEYSPEC);
            }
            keySpec = (KeySpec) LoginController.doReleasableAction(this.pkcs11Common, new LoginController.Action() { // from class: by.avest.crypto.pkcs11.provider.SecretKeyFactoryGOST_28147_89.2
                @Override // by.avest.crypto.pkcs11.provider.LoginController.Action
                public Object doAction() throws PKCS11Exception {
                    return SecretKeyFactoryGOST_28147_89.this.getSecretKeySpec((SecretKeyGOST_28147_89) secretKey);
                }
            });
        }
        return keySpec;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public SecretKeyGostSpec getSecretKeySpec(SecretKeyGOST_28147_89 secretKeyGOST_28147_89) throws PKCS11Exception {
        setVirtualSlotId(secretKeyGOST_28147_89.getVirtualSlotId());
        long secretKeyHandle = getSecretKeyHandle(secretKeyGOST_28147_89);
        return new SecretKeyGostSpec(Pkcs11Tool.getAttributeValueBLOB(getCryptoki(), getSession(), secretKeyHandle, 17L), getParamSpec(secretKeyHandle));
    }

    private KeyGenParameterSpec getParamSpec(long j) throws PKCS11Exception {
        byte[] attributeValueBLOB = Pkcs11Tool.getAttributeValueBLOB(getCryptoki(), getSession(), j, -1912602607L);
        if (attributeValueBLOB == null) {
            return null;
        }
        try {
            return new KeyGenParameterOID(new ObjectIdentifier(new DerInputStream(attributeValueBLOB)));
        } catch (IOException e) {
            ProviderException providerException = new ProviderException(e.getMessage());
            providerException.initCause(e);
            throw providerException;
        }
    }

    @Override // javax.crypto.SecretKeyFactorySpi
    protected SecretKey engineTranslateKey(SecretKey secretKey) throws InvalidKeyException {
        if (Util.isDebug()) {
            Util.log(getClass().getName() + ".engineTranslateKey(" + Util.getClassName(secretKey) + ")");
        }
        throw new UnsupportedOperationException();
    }

    private long getSecretKeyHandle(SecretKeyGOST_28147_89 secretKeyGOST_28147_89) throws PKCS11Exception {
        if (secretKeyGOST_28147_89 == null) {
            throw new ProviderException(ProviderExcptMessages.CG_NULL_SECRET_KEY);
        }
        long[] findObjects = Pkcs11Tool.findObjects(getCryptoki(), getSession(), secretKeyGOST_28147_89.getCkTemplate().toCkAttributeArray());
        if (findObjects == null || findObjects.length == 0) {
            throw new ProviderException(ProviderExcptMessages.CG_NO_SECRET_KEY_FOUND);
        }
        if (findObjects.length > 1) {
            throw new ProviderException(ProviderExcptMessages.CG_TOO_MANY_SECRET_KEYS_FOUND);
        }
        return findObjects[0];
    }

    public abstract AvestProvider getProvider();

    @Override // by.avest.crypto.pkcs11.provider.ProviderDependent
    public void initVirtualSlot() {
        if (getTheVirtualSlotId() == 0) {
            setVirtualSlotId(getProvider().getVirtualToken().getVirtualSlotId());
        }
    }
}
