package by.avest.crypto.pkcs11.provider;

import by.avest.crypto.pkcs11.provider.LoginController;
import by.avest.crypto.provider.Pkcs11KeySpec;
import by.avest.crypto.provider.PublicVA;
import by.avest.crypto.provider.PublicVB;
import iaik.pkcs.pkcs11.wrapper.CK_MECHANISM;
import iaik.pkcs.pkcs11.wrapper.PKCS11Exception;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import java.security.ProviderException;
import java.security.SecureRandom;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.InvalidKeySpecException;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.ShortBufferException;

/* loaded from: input_file:by/avest/crypto/pkcs11/provider/KeyAgreementBDHNoAuth.class */
public abstract class KeyAgreementBDHNoAuth extends KeyAgreementAbstr {
    private static final int STATE_NOOPERATION_PERFORMED = 0;
    private static final int STATE_INIT_PERFORMED = 1;
    private static final int STATE_DOPHASE_PERFORMED = 2;
    private PrivateKeyBdhEphemer privateKey;
    private int mechanismType;
    private TemplateBuilder paramTemplate;
    private int state = 0;
    private byte[] otherPartyPublicValue;
    private Pkcs11KeySpec secretKeySpec;

    @Override // javax.crypto.KeyAgreementSpi
    protected Key engineDoPhase(Key key, boolean z) throws InvalidKeyException, IllegalStateException {
        if (Util.isDebug()) {
            Util.log(getClass().getName() + ".engineDoPhase(" + Util.getClassName(key) + ", " + z + ")");
        }
        if (this.state != 1) {
            throw new IllegalStateException(ProviderExcptMessages.KABW_STATE_NOT_INIT);
        }
        initPublicKey(key);
        LoginController.doUnreleasableAction(this.pkcs11Common, new LoginController.VoidAction() { // from class: by.avest.crypto.pkcs11.provider.KeyAgreementBDHNoAuth.1
            @Override // by.avest.crypto.pkcs11.provider.LoginController.VoidAction
            public void doAction() throws PKCS11Exception {
                KeyAgreementBDHNoAuth.this.doPhaseInner();
            }
        });
        this.state = 2;
        return null;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void doPhaseInner() throws PKCS11Exception {
        CK_MECHANISM ck_mechanism = new CK_MECHANISM();
        ck_mechanism.mechanism = this.mechanismType;
        ck_mechanism.pParameter = this.otherPartyPublicValue;
        this.secretKeySpec = deriveInner(ck_mechanism, this.privateKey.getHandle());
    }

    private Pkcs11KeySpec deriveInner(CK_MECHANISM ck_mechanism, long j) throws PKCS11Exception {
        Pkcs11KeySpec pkcs11KeySpec;
        try {
            long C_DeriveKey = getCryptoki().C_DeriveKey(getSession().getSessionId(), ck_mechanism, j, getSecretKeyTpl().toCkAttributeArray());
            synchronized (Pkcs11Tool.SECRET_KEY_ID_GENERATOR_LOCK) {
                byte[] generateSecretKeyId = Pkcs11Tool.generateSecretKeyId(getCryptoki(), getSession(), C_DeriveKey);
                Pkcs11Tool.setAttributeValue(getCryptoki(), getSession(), C_DeriveKey, 258L, generateSecretKeyId);
                pkcs11KeySpec = new Pkcs11KeySpec(getVirtualSlotId(), generateSecretKeyId);
            }
            return pkcs11KeySpec;
        } finally {
            release();
        }
    }

    private TemplateBuilder getSecretKeyTpl() {
        return KeyGeneratorAbstr.buildCkTemplate(-1912602624).append(this.paramTemplate);
    }

    private void initPublicKey(Key key) throws InvalidKeyException {
        if (key == null) {
            throw new InvalidKeyException("Other side public key value is null.");
        }
        if (key instanceof PublicVA) {
            setOtherPartyPublicValue(((PublicVA) key).getVAValue());
        } else {
            if (!(key instanceof PublicVB)) {
                throw new InvalidKeyException("Other side public key must be either PublicVA or PublicVB instance.");
            }
            setOtherPartyPublicValue(((PublicVB) key).getVBValue());
        }
    }

    private void setOtherPartyPublicValue(byte[] bArr) {
        this.otherPartyPublicValue = bArr;
    }

    @Override // javax.crypto.KeyAgreementSpi
    protected byte[] engineGenerateSecret() throws IllegalStateException {
        if (Util.isDebug()) {
            Util.log(getClass().getName() + ".engineGenerateSecret()");
        }
        throw new UnsupportedOperationException();
    }

    @Override // javax.crypto.KeyAgreementSpi
    protected SecretKey engineGenerateSecret(String str) throws IllegalStateException, NoSuchAlgorithmException, InvalidKeyException {
        if (Util.isDebug()) {
            Util.log(getClass().getName() + ".engineGenerateSecret(" + str + ")");
        }
        if (this.state != 2) {
            throw new IllegalStateException(ProviderExcptMessages.KABW_STATE_NO_DOPHASE);
        }
        try {
            if (this.secretKeySpec == null) {
                throw new ProviderException(ProviderExcptMessages.KABW_SECRET_KEY_GEN_FAILURE);
            }
            SecretKey generateSecret = SecretKeyFactory.getInstance(str).generateSecret(this.secretKeySpec);
            deleteEphemerKey();
            release();
            reset();
            return generateSecret;
        } catch (InvalidKeySpecException e) {
            throw new InvalidKeyException();
        }
    }

    private void deleteEphemerKey() {
        this.privateKey.destroy();
    }

    private void reset() {
        this.mechanismType = 0;
        this.otherPartyPublicValue = null;
        this.privateKey = null;
        this.paramTemplate = null;
        this.secretKeySpec = null;
        this.state = 0;
    }

    @Override // javax.crypto.KeyAgreementSpi
    protected int engineGenerateSecret(byte[] bArr, int i) throws IllegalStateException, ShortBufferException {
        if (!Util.isDebug()) {
            return 0;
        }
        Util.log(getClass().getName() + ".engineGenerateSecret(sharedSecret, " + i + ")");
        return 0;
    }

    @Override // javax.crypto.KeyAgreementSpi
    protected void engineInit(Key key, SecureRandom secureRandom) throws InvalidKeyException {
        if (Util.isDebug()) {
            Util.log(getClass().getName() + ".engineInit(" + Util.getClassName(key) + "," + Util.getClassName(secureRandom) + ")");
        }
        release();
        initPrivateKey(key);
        initRandom(secureRandom);
        this.state = 1;
    }

    @Override // javax.crypto.KeyAgreementSpi
    protected void engineInit(Key key, AlgorithmParameterSpec algorithmParameterSpec, SecureRandom secureRandom) throws InvalidKeyException, InvalidAlgorithmParameterException {
        if (Util.isDebug()) {
            Util.log(getClass().getName() + ".engineInit(" + Util.getClassName(key) + "," + algorithmParameterSpec + "," + Util.getClassName(secureRandom) + ")");
        }
        release();
        initPrivateKey(key);
        initParameter(algorithmParameterSpec);
        initRandom(secureRandom);
        this.state = 1;
    }

    private void initRandom(SecureRandom secureRandom) {
    }

    private void initParameter(AlgorithmParameterSpec algorithmParameterSpec) throws InvalidAlgorithmParameterException {
        this.paramTemplate = Pkcs11ParametersFactory.createKeyGenParameterCkTemplate(algorithmParameterSpec);
    }

    private void initPrivateKey(Key key) throws InvalidKeyException {
        if (!(key instanceof PrivateKeyBdhEphemer)) {
            throw new InvalidKeyException("Invalid private key type.");
        }
        PrivateKeyBdhEphemer privateKeyBdhEphemer = (PrivateKeyBdhEphemer) key;
        setVirtualSlotId(privateKeyBdhEphemer.getVirtualSlotId());
        this.privateKey = privateKeyBdhEphemer;
        this.mechanismType = -1912602603;
    }
}
