package by.avest.crypto.pkcs11.provider;

import by.avest.crypto.AvestExtensions;
import by.avest.crypto.pkcs11.provider.LoginController;
import by.avest.crypto.provider.Pkcs11SlotIntf;
import by.avest.crypto.provider.PrivateKey;
import iaik.pkcs.pkcs11.parameters.AvPKCS8Parameter;
import iaik.pkcs.pkcs11.wrapper.CK_MECHANISM;
import iaik.pkcs.pkcs11.wrapper.PKCS11;
import iaik.pkcs.pkcs11.wrapper.PKCS11Constants;
import iaik.pkcs.pkcs11.wrapper.PKCS11Exception;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.security.InvalidKeyException;
import java.security.ProviderException;
import sun.security.util.DerInputStream;
import sun.security.util.ObjectIdentifier;

/* loaded from: input_file:by/avest/crypto/pkcs11/provider/EncryptedPrivateKeyInfo.class */
public class EncryptedPrivateKeyInfo implements Pkcs11SlotIntf, AvestExtensions, PKCS11Constants {
    private final Pkcs11Common pkcs11Common = new Pkcs11Common(true);
    private PrivateKey privKey;
    private PrivateKeyHandleWrapper pkhw;
    private byte[] privKeyEnc;

    public EncryptedPrivateKeyInfo(java.security.PrivateKey privateKey) throws InvalidKeyException {
        if (privateKey == null) {
            throw new InvalidKeyException(ProviderExcptMessages.SA_PRIVATE_KEY_IS_NULL);
        }
        if (!(privateKey instanceof PrivateKey)) {
            throw new InvalidKeyException(ProviderExcptMessages.SA_INVALID_PRIVATE_KEY);
        }
        this.privKey = (PrivateKey) privateKey;
        setVirtualSlotId(this.privKey.getVirtualSlotId());
    }

    public EncryptedPrivateKeyInfo(PrivateKeyHandleWrapper privateKeyHandleWrapper) throws InvalidKeyException {
        if (privateKeyHandleWrapper == null || privateKeyHandleWrapper.getPrivateKey() == null) {
            throw new InvalidKeyException(ProviderExcptMessages.SA_PRIVATE_KEY_IS_NULL);
        }
        this.pkhw = privateKeyHandleWrapper;
        this.privKey = privateKeyHandleWrapper.getPrivateKey();
        setVirtualSlotId(this.privKey.getVirtualSlotId());
    }

    public EncryptedPrivateKeyInfo(byte[] bArr) throws InvalidKeyException {
        if (bArr == null) {
            throw new InvalidKeyException(ProviderExcptMessages.EPKI_ENCRYPTED_KEY_DATA_NULL);
        }
        this.privKeyEnc = bArr;
    }

    public byte[] encrypt(String str) {
        return encrypt(getPasswordBytes(str));
    }

    private static final byte[] getPasswordBytes(String str) {
        byte[] bArr = null;
        if (str != null) {
            try {
                bArr = str.getBytes("UTF-8");
            } catch (UnsupportedEncodingException e) {
                ProviderException providerException = new ProviderException(e.getMessage());
                providerException.initCause(e);
                throw providerException;
            }
        }
        return bArr;
    }

    public byte[] encrypt(byte[] bArr) {
        if (this.privKey == null) {
            throw new ProviderException(ProviderExcptMessages.SA_PRIVATE_KEY_IS_NULL);
        }
        return wrapPkcs8(bArr);
    }

    private byte[] wrapPkcs8(final byte[] bArr) {
        return (byte[]) LoginController.doReleasableAction(this.pkcs11Common, new LoginController.Action() { // from class: by.avest.crypto.pkcs11.provider.EncryptedPrivateKeyInfo.1
            @Override // by.avest.crypto.pkcs11.provider.LoginController.Action
            public Object doAction() throws PKCS11Exception {
                return EncryptedPrivateKeyInfo.this.wrapPkcs8Inner(bArr);
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public byte[] wrapPkcs8Inner(byte[] bArr) throws PKCS11Exception {
        setVirtualSlotId(this.privKey.getVirtualSlotId());
        if (this.pkhw == null) {
            this.pkhw = new PrivateKeyHandleWrapper(getPrivateKeyHandle(getCryptoki(), getSession(), this.privKey), this.privKey);
        }
        AvPKCS8Parameter avPKCS8Parameter = new AvPKCS8Parameter(bArr);
        CK_MECHANISM ck_mechanism = new CK_MECHANISM();
        ck_mechanism.mechanism = -1912602581L;
        ck_mechanism.pParameter = avPKCS8Parameter.getPKCS11ParamsObject();
        return getCryptoki().C_WrapKey(getSession().getSessionId(), ck_mechanism, 0L, this.pkhw.getHandle());
    }

    public static long getPrivateKeyHandle(PKCS11 pkcs11, Pkcs11Session pkcs11Session, PrivateKey privateKey) throws PKCS11Exception {
        return Pkcs11Tool.findObject(pkcs11, pkcs11Session, buildPrivateKeyTemplate(privateKey.getId(), privateKey.getLabel()).toCkAttributeArray());
    }

    private static TemplateBuilder buildPrivateKeyTemplate(byte[] bArr, char[] cArr) {
        TemplateBuilder templateBuilder = new TemplateBuilder();
        templateBuilder.append(0L, 3L);
        templateBuilder.append(258L, bArr);
        templateBuilder.append(3L, cArr);
        return templateBuilder;
    }

    public java.security.PrivateKey decrypt(String str, String str2) {
        return decrypt(getPasswordBytes(str), str2);
    }

    public java.security.PrivateKey decrypt(byte[] bArr, String str) {
        if (this.privKeyEnc == null) {
            throw new ProviderException(ProviderExcptMessages.EPKI_ENCRYPTED_KEY_DATA_NULL);
        }
        if (str == null) {
            throw new ProviderException("label required");
        }
        return unwrapPkcs8(this.privKeyEnc, bArr, str).getPrivateKey();
    }

    public PrivateKeyHandleWrapper decryptWrapped(byte[] bArr, String str) {
        if (this.privKeyEnc == null) {
            throw new ProviderException(ProviderExcptMessages.EPKI_ENCRYPTED_KEY_DATA_NULL);
        }
        if (str == null) {
            throw new ProviderException("label required");
        }
        return unwrapPkcs8(this.privKeyEnc, bArr, str);
    }

    private PKCS11 getCryptoki() {
        return this.pkcs11Common.getCryptoki();
    }

    private Pkcs11Session getSession() {
        return this.pkcs11Common.getSession();
    }

    @Override // by.avest.crypto.provider.Pkcs11SlotIntf
    public long getVirtualSlotCount() {
        return this.pkcs11Common.getVirtualSlotCount();
    }

    @Override // by.avest.crypto.provider.Pkcs11SlotIntf
    public long getVirtualSlotId() {
        return this.pkcs11Common.getVirtualSlotId();
    }

    @Override // by.avest.crypto.provider.Pkcs11SlotIntf
    public void setVirtualSlotId(long j) {
        this.pkcs11Common.setVirtualSlotId(j);
    }

    private PrivateKeyHandleWrapper unwrapPkcs8(final byte[] bArr, final byte[] bArr2, final String str) {
        return (PrivateKeyHandleWrapper) LoginController.doReleasableAction(this.pkcs11Common, new LoginController.Action() { // from class: by.avest.crypto.pkcs11.provider.EncryptedPrivateKeyInfo.2
            @Override // by.avest.crypto.pkcs11.provider.LoginController.Action
            public Object doAction() throws PKCS11Exception {
                return EncryptedPrivateKeyInfo.this.unwrapPkcs8Inner(bArr, bArr2, str);
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public PrivateKeyHandleWrapper unwrapPkcs8Inner(byte[] bArr, byte[] bArr2, String str) throws PKCS11Exception {
        long doUnwrapKey = doUnwrapKey(bArr, bArr2, str);
        long attributeValueLong = Pkcs11Tool.getAttributeValueLong(getCryptoki(), getSession(), doUnwrapKey, 0L);
        if (attributeValueLong == 3) {
            return new PrivateKeyHandleWrapper(doUnwrapKey, (PrivateKey) getUnwrapperPrivateKey(getCryptoki(), getSession(), getVirtualSlotId(), doUnwrapKey, false));
        }
        if (attributeValueLong == 2) {
            throw new ProviderException(ProviderExcptMessages.EPKI_INVALID_CLASS_PUBLIC_KEY);
        }
        if (attributeValueLong == 4) {
            throw new ProviderException(ProviderExcptMessages.EPKI_INVALID_CLASS_SECRET_KEY);
        }
        throw new ProviderException(ProviderExcptMessages.EPKI_INVALID_CLASS);
    }

    public static java.security.PrivateKey getPrivateKey(PKCS11 pkcs11, Pkcs11Session pkcs11Session, long j, long j2) throws PKCS11Exception {
        byte[] attributeValueBLOB = Pkcs11Tool.getAttributeValueBLOB(pkcs11, pkcs11Session, j2, 258L);
        PrivateKeyAbstr privateKeyObject = getPrivateKeyObject(Pkcs11Tool.getAttributeValueLong(pkcs11, pkcs11Session, j2, 256L));
        privateKeyObject.setId(attributeValueBLOB);
        privateKeyObject.setVirtualSlotId(j);
        String attributeValueString = Pkcs11Tool.getAttributeValueString(pkcs11, pkcs11Session, j2, 3L);
        if (attributeValueString != null) {
            privateKeyObject.setLabel(attributeValueString.toCharArray());
        }
        return privateKeyObject;
    }

    public static java.security.PrivateKey getUnwrapperPrivateKey(PKCS11 pkcs11, Pkcs11Session pkcs11Session, long j, long j2, boolean z) throws PKCS11Exception {
        long attributeValueLong = Pkcs11Tool.getAttributeValueLong(pkcs11, pkcs11Session, j2, 256L);
        byte[] generateKeyId = generateKeyId(pkcs11, pkcs11Session, j2, attributeValueLong, j);
        long[] findObjects = Pkcs11Tool.findObjects(pkcs11, pkcs11Session, 3L, generateKeyId);
        Pkcs11Tool.setAttributeValue(pkcs11, pkcs11Session, j2, 258L, generateKeyId);
        PrivateKeyAbstr privateKeyObject = getPrivateKeyObject(attributeValueLong);
        privateKeyObject.setId(generateKeyId);
        privateKeyObject.setVirtualSlotId(j);
        String attributeValueString = Pkcs11Tool.getAttributeValueString(pkcs11, pkcs11Session, j2, 3L);
        if (attributeValueString != null) {
            privateKeyObject.setLabel(attributeValueString.toCharArray());
        }
        if (z) {
            for (long j3 : findObjects) {
                Pkcs11Tool.destroyObject(pkcs11, pkcs11Session, j3);
            }
        }
        return privateKeyObject;
    }

    private static ObjectIdentifier getParamSetOid(PKCS11 pkcs11, Pkcs11Session pkcs11Session, long j) throws PKCS11Exception {
        byte[] attributeValueBLOB = Pkcs11Tool.getAttributeValueBLOB(pkcs11, pkcs11Session, j, -1912602607L);
        if (attributeValueBLOB == null) {
            throw new ProviderException(ProviderExcptMessages.EPKI_FAILED_TO_GET_OID);
        }
        try {
            return new ObjectIdentifier(new DerInputStream(attributeValueBLOB));
        } catch (IOException e) {
            ProviderException providerException = new ProviderException(e.getMessage());
            providerException.initCause(e);
            throw providerException;
        }
    }

    private static KeyPairGeneratorAbstr getKeyPairGeneratorObject(long j) {
        KeyPairGeneratorAbstr keyPairGeneratorBdsProBdh;
        int intValue = new Long(j).intValue();
        if (intValue == -1912602620) {
            keyPairGeneratorBdsProBdh = new KeyPairGeneratorBdh();
        } else if (intValue == -1912602623) {
            keyPairGeneratorBdsProBdh = new KeyPairGeneratorBds();
        } else if (intValue == -1912602618) {
            keyPairGeneratorBdsProBdh = new KeyPairGeneratorBdsBdh();
        } else if (intValue == -1912602615) {
            keyPairGeneratorBdsProBdh = new KeyPairGeneratorBdsPro();
        } else {
            if (intValue != -1912602614) {
                throw new ProviderException(ProviderExcptMessages.EPKI_UNKNOWN_KEY_TYPE);
            }
            keyPairGeneratorBdsProBdh = new KeyPairGeneratorBdsProBdh();
        }
        return keyPairGeneratorBdsProBdh;
    }

    public static long derivePublicKey(PKCS11 pkcs11, Pkcs11Session pkcs11Session, long j, long j2) throws PKCS11Exception {
        CK_MECHANISM ck_mechanism = new CK_MECHANISM();
        ck_mechanism.mechanism = getDeriveMechanism(j2);
        return pkcs11.C_DeriveKey(pkcs11Session.getSessionId(), ck_mechanism, j, buildPublicKeyTemplate(j2).toCkAttributeArray());
    }

    private static TemplateBuilder buildPublicKeyTemplate(long j) {
        TemplateBuilder templateBuilder = new TemplateBuilder();
        templateBuilder.append(0L, 2L);
        templateBuilder.append(256L, j);
        templateBuilder.append(1L, false);
        return templateBuilder;
    }

    private static long getDeriveMechanism(long j) {
        long j2;
        int intValue = new Long(j).intValue();
        if (intValue == -1912602620) {
            j2 = -1912602572;
        } else if (intValue == -1912602623) {
            j2 = -1912602574;
        } else if (intValue == -1912602618) {
            j2 = -1912602571;
        } else if (intValue == -1912602615) {
            j2 = -1912602573;
        } else {
            if (intValue != -1912602614) {
                throw new ProviderException(ProviderExcptMessages.EPKI_UNKNOWN_KEY_TYPE);
            }
            j2 = -1912602570;
        }
        return j2;
    }

    public static byte[] generateKeyId(PKCS11 pkcs11, Pkcs11Session pkcs11Session, long j, long j2, long j3) throws PKCS11Exception {
        ObjectIdentifier paramSetOid = getParamSetOid(pkcs11, pkcs11Session, j);
        long derivePublicKey = derivePublicKey(pkcs11, pkcs11Session, j, j2);
        KeyPairGeneratorAbstr keyPairGeneratorObject = getKeyPairGeneratorObject(j2);
        keyPairGeneratorObject.setVirtualSlotId(j3);
        byte[] generateKeyIdentifier = KeyPairGeneratorAbstr.generateKeyIdentifier(keyPairGeneratorObject.createPublicKey(new KeyPairHandle(new long[]{derivePublicKey, j}), paramSetOid, (byte[]) null));
        Pkcs11Tool.destroyObject(pkcs11, pkcs11Session, derivePublicKey);
        return generateKeyIdentifier;
    }

    private static PrivateKeyAbstr getPrivateKeyObject(long j) {
        PrivateKeyAbstr privateKeyBdsProBdh;
        int intValue = new Long(j).intValue();
        if (intValue == -1912602620) {
            privateKeyBdsProBdh = new PrivateKeyBdh(0L, null);
        } else if (intValue == -1912602623) {
            privateKeyBdsProBdh = new PrivateKeyBds(0L, null);
        } else if (intValue == -1912602618) {
            privateKeyBdsProBdh = new PrivateKeyBdsBdh(0L, (byte[]) null);
        } else if (intValue == -1912602615) {
            privateKeyBdsProBdh = new PrivateKeyBdsPro(0L, null);
        } else {
            if (intValue != -1912602614) {
                throw new ProviderException(ProviderExcptMessages.EPKI_UNKNOWN_KEY_TYPE);
            }
            privateKeyBdsProBdh = new PrivateKeyBdsProBdh(0L, (byte[]) null);
        }
        return privateKeyBdsProBdh;
    }

    private long doUnwrapKey(byte[] bArr, byte[] bArr2, String str) throws PKCS11Exception {
        TemplateBuilder buildUnwrappedPrivateKeyTemplate = buildUnwrappedPrivateKeyTemplate(str.toCharArray());
        CK_MECHANISM ck_mechanism = new CK_MECHANISM();
        ck_mechanism.mechanism = -1912602581L;
        ck_mechanism.pParameter = new AvPKCS8Parameter(bArr2).getPKCS11ParamsObject();
        return this.pkcs11Common.getCryptoki().C_UnwrapKey(this.pkcs11Common.getSession().getSessionId(), ck_mechanism, 0L, bArr, buildUnwrappedPrivateKeyTemplate.toCkAttributeArray());
    }

    private static TemplateBuilder buildUnwrappedPrivateKeyTemplate(char[] cArr) {
        TemplateBuilder templateBuilder = new TemplateBuilder();
        templateBuilder.append(0L, 3L);
        templateBuilder.append(1L, true);
        templateBuilder.append(3L, cArr);
        templateBuilder.append(2L, true);
        templateBuilder.append(264L, true);
        templateBuilder.append(268L, true);
        templateBuilder.append(354L, true);
        return templateBuilder;
    }
}
