package sun.security.pkcs11;

import java.security.AlgorithmParameters;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import java.security.ProviderException;
import java.security.SecureRandom;
import java.security.spec.AlgorithmParameterSpec;
import java.util.Locale;
import javax.crypto.BadPaddingException;
import javax.crypto.CipherSpi;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.ShortBufferException;
import org.python.icu.impl.coll.CollationFastLatin;
import sun.security.internal.spec.TlsRsaPremasterSecretParameterSpec;
import sun.security.pkcs11.wrapper.CK_ATTRIBUTE;
import sun.security.pkcs11.wrapper.CK_MECHANISM;
import sun.security.pkcs11.wrapper.CK_VERSION;
import sun.security.pkcs11.wrapper.PKCS11;
import sun.security.pkcs11.wrapper.PKCS11Exception;
import sun.security.util.KeyUtil;

/* JADX INFO: Access modifiers changed from: package-private */
/* JADX WARN: Classes with same name are omitted:
  input_file:uab-bootstrap-1.2.12/bin/java/unix/1.8.0_265/lib/ext/sunpkcs11.jar:sun/security/pkcs11/P11RSACipher.class
 */
/* loaded from: input_file:uab-bootstrap-1.2.12/bin/java/win/1.8.0_265/lib/ext/sunpkcs11.jar:sun/security/pkcs11/P11RSACipher.class */
public final class P11RSACipher extends CipherSpi {
    private static final int PKCS1_MIN_PADDING_LENGTH = 11;
    private static final byte[] B0 = new byte[0];
    private static final int MODE_ENCRYPT = 1;
    private static final int MODE_DECRYPT = 2;
    private static final int MODE_SIGN = 3;
    private static final int MODE_VERIFY = 4;
    private static final int PAD_NONE = 1;
    private static final int PAD_PKCS1 = 2;
    private final Token token;
    private final long mechanism;
    private Session session;
    private int mode;
    private int padType;
    private byte[] buffer;
    private int bufOfs;
    private P11Key p11Key;
    private boolean initialized;
    private int maxInputSize;
    private int outputSize;
    private SecureRandom random;
    private AlgorithmParameterSpec spec = null;
    private final String algorithm = "RSA";

    /* JADX INFO: Access modifiers changed from: package-private */
    public P11RSACipher(Token token, String str, long j) throws PKCS11Exception {
        this.token = token;
        this.mechanism = j;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.crypto.CipherSpi
    public void engineSetMode(String str) throws NoSuchAlgorithmException {
        if (!str.equalsIgnoreCase("ECB")) {
            throw new NoSuchAlgorithmException("Unsupported mode " + str);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.crypto.CipherSpi
    public void engineSetPadding(String str) throws NoSuchPaddingException {
        String lowerCase = str.toLowerCase(Locale.ENGLISH);
        if (lowerCase.equals("pkcs1padding")) {
            this.padType = 2;
        } else {
            if (!lowerCase.equals("nopadding")) {
                throw new NoSuchPaddingException("Unsupported padding " + str);
            }
            this.padType = 1;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.crypto.CipherSpi
    public int engineGetBlockSize() {
        return 0;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.crypto.CipherSpi
    public int engineGetOutputSize(int i) {
        return this.outputSize;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.crypto.CipherSpi
    public byte[] engineGetIV() {
        return null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.crypto.CipherSpi
    public AlgorithmParameters engineGetParameters() {
        return null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.crypto.CipherSpi
    public void engineInit(int i, Key key, SecureRandom secureRandom) throws InvalidKeyException {
        implInit(i, key);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.crypto.CipherSpi
    public void engineInit(int i, Key key, AlgorithmParameterSpec algorithmParameterSpec, SecureRandom secureRandom) throws InvalidKeyException, InvalidAlgorithmParameterException {
        if (algorithmParameterSpec != null) {
            if (!(algorithmParameterSpec instanceof TlsRsaPremasterSecretParameterSpec)) {
                throw new InvalidAlgorithmParameterException("Parameters not supported");
            }
            this.spec = algorithmParameterSpec;
            this.random = secureRandom;
        }
        implInit(i, key);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.crypto.CipherSpi
    public void engineInit(int i, Key key, AlgorithmParameters algorithmParameters, SecureRandom secureRandom) throws InvalidKeyException, InvalidAlgorithmParameterException {
        if (algorithmParameters != null) {
            throw new InvalidAlgorithmParameterException("Parameters not supported");
        }
        implInit(i, key);
    }

    private void implInit(int i, Key key) throws InvalidKeyException {
        boolean z;
        reset(true);
        this.p11Key = P11KeyFactory.convertKey(this.token, key, this.algorithm);
        if (i == 1) {
            z = true;
        } else {
            if (i != 2) {
                if (i == 3) {
                    if (!this.p11Key.isPublic()) {
                        throw new InvalidKeyException("Wrap has to be used with public keys");
                    }
                    return;
                } else {
                    if (i != 4) {
                        throw new InvalidKeyException("Unsupported mode: " + i);
                    }
                    if (!this.p11Key.isPrivate()) {
                        throw new InvalidKeyException("Unwrap has to be used with private keys");
                    }
                    return;
                }
            }
            z = false;
        }
        if (this.p11Key.isPublic()) {
            this.mode = z ? 1 : 4;
        } else {
            if (!this.p11Key.isPrivate()) {
                throw new InvalidKeyException("Unknown key type: " + ((Object) this.p11Key));
            }
            this.mode = z ? 3 : 2;
        }
        int length = (this.p11Key.length() + 7) >> 3;
        this.outputSize = length;
        this.buffer = new byte[length];
        this.maxInputSize = (this.padType == 2 && z) ? length - 11 : length;
        try {
            initialize();
        } catch (PKCS11Exception e) {
            throw new InvalidKeyException("init() failed", e);
        }
    }

    private void reset(boolean z) {
        if (this.initialized) {
            this.initialized = false;
            try {
                if (this.session == null) {
                    return;
                }
                if (z && this.token.explicitCancel) {
                    cancelOperation();
                }
            } finally {
                this.p11Key.releaseKeyID();
                this.session = this.token.releaseSession(this.session);
            }
        }
    }

    private void cancelOperation() {
        this.token.ensureValid();
        if (!this.session.hasObjects()) {
            this.session = this.token.killSession(this.session);
            return;
        }
        try {
            PKCS11 pkcs11 = this.token.p11;
            int i = this.maxInputSize;
            int length = this.buffer.length;
            long id = this.session.id();
            switch (this.mode) {
                case 1:
                    pkcs11.C_Encrypt(id, this.buffer, 0, i, this.buffer, 0, length);
                    break;
                case 2:
                    pkcs11.C_Decrypt(id, this.buffer, 0, i, this.buffer, 0, length);
                    break;
                case 3:
                    pkcs11.C_Sign(id, new byte[this.maxInputSize]);
                    break;
                case 4:
                    pkcs11.C_VerifyRecover(id, this.buffer, 0, i, this.buffer, 0, length);
                    break;
                default:
                    throw new ProviderException("internal error");
            }
        } catch (PKCS11Exception e) {
        }
    }

    private void ensureInitialized() throws PKCS11Exception {
        this.token.ensureValid();
        if (this.initialized) {
            return;
        }
        initialize();
    }

    private void initialize() throws PKCS11Exception {
        if (this.p11Key == null) {
            throw new ProviderException("Operation cannot be performed without calling engineInit first");
        }
        long keyID = this.p11Key.getKeyID();
        try {
            if (this.session == null) {
                this.session = this.token.getOpSession();
            }
            PKCS11 pkcs11 = this.token.p11;
            CK_MECHANISM ck_mechanism = new CK_MECHANISM(this.mechanism);
            switch (this.mode) {
                case 1:
                    pkcs11.C_EncryptInit(this.session.id(), ck_mechanism, keyID);
                    break;
                case 2:
                    pkcs11.C_DecryptInit(this.session.id(), ck_mechanism, keyID);
                    break;
                case 3:
                    pkcs11.C_SignInit(this.session.id(), ck_mechanism, keyID);
                    break;
                case 4:
                    pkcs11.C_VerifyRecoverInit(this.session.id(), ck_mechanism, keyID);
                    break;
                default:
                    throw new AssertionError((Object) "internal error");
            }
            this.bufOfs = 0;
            this.initialized = true;
        } catch (PKCS11Exception e) {
            this.p11Key.releaseKeyID();
            this.session = this.token.releaseSession(this.session);
            throw e;
        }
    }

    private void implUpdate(byte[] bArr, int i, int i2) {
        try {
            ensureInitialized();
            if (i2 == 0 || bArr == null) {
                return;
            }
            if (this.bufOfs + i2 > this.maxInputSize) {
                this.bufOfs = this.maxInputSize + 1;
            } else {
                System.arraycopy(bArr, i, this.buffer, this.bufOfs, i2);
                this.bufOfs += i2;
            }
        } catch (PKCS11Exception e) {
            throw new ProviderException("update() failed", e);
        }
    }

    private int implDoFinal(byte[] bArr, int i, int i2) throws BadPaddingException, IllegalBlockSizeException {
        int C_VerifyRecover;
        try {
            if (this.bufOfs > this.maxInputSize) {
                throw new IllegalBlockSizeException("Data must not be longer than " + this.maxInputSize + " bytes");
            }
            try {
                ensureInitialized();
                PKCS11 pkcs11 = this.token.p11;
                switch (this.mode) {
                    case 1:
                        C_VerifyRecover = pkcs11.C_Encrypt(this.session.id(), this.buffer, 0, this.bufOfs, bArr, i, i2);
                        break;
                    case 2:
                        C_VerifyRecover = pkcs11.C_Decrypt(this.session.id(), this.buffer, 0, this.bufOfs, bArr, i, i2);
                        break;
                    case 3:
                        byte[] bArr2 = new byte[this.bufOfs];
                        System.arraycopy(this.buffer, 0, bArr2, 0, this.bufOfs);
                        byte[] C_Sign = pkcs11.C_Sign(this.session.id(), bArr2);
                        if (C_Sign.length <= i2) {
                            System.arraycopy(C_Sign, 0, bArr, i, C_Sign.length);
                            C_VerifyRecover = C_Sign.length;
                            break;
                        } else {
                            throw new BadPaddingException("Output buffer (" + i2 + ") is too small to hold the produced data (" + C_Sign.length + ")");
                        }
                    case 4:
                        C_VerifyRecover = pkcs11.C_VerifyRecover(this.session.id(), this.buffer, 0, this.bufOfs, bArr, i, i2);
                        break;
                    default:
                        throw new ProviderException("internal error");
                }
                return C_VerifyRecover;
            } catch (PKCS11Exception e) {
                throw ((BadPaddingException) new BadPaddingException("doFinal() failed").initCause(e));
            }
        } finally {
            reset(false);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.crypto.CipherSpi
    public byte[] engineUpdate(byte[] bArr, int i, int i2) {
        implUpdate(bArr, i, i2);
        return B0;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.crypto.CipherSpi
    public int engineUpdate(byte[] bArr, int i, int i2, byte[] bArr2, int i3) throws ShortBufferException {
        implUpdate(bArr, i, i2);
        return 0;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.crypto.CipherSpi
    public byte[] engineDoFinal(byte[] bArr, int i, int i2) throws IllegalBlockSizeException, BadPaddingException {
        implUpdate(bArr, i, i2);
        int implDoFinal = implDoFinal(this.buffer, 0, this.buffer.length);
        byte[] bArr2 = new byte[implDoFinal];
        System.arraycopy(this.buffer, 0, bArr2, 0, implDoFinal);
        return bArr2;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.crypto.CipherSpi
    public int engineDoFinal(byte[] bArr, int i, int i2, byte[] bArr2, int i3) throws ShortBufferException, IllegalBlockSizeException, BadPaddingException {
        implUpdate(bArr, i, i2);
        return implDoFinal(bArr2, i3, bArr2.length - i3);
    }

    private byte[] doFinal() throws BadPaddingException, IllegalBlockSizeException {
        byte[] bArr = new byte[2048];
        int implDoFinal = implDoFinal(bArr, 0, bArr.length);
        byte[] bArr2 = new byte[implDoFinal];
        System.arraycopy(bArr, 0, bArr2, 0, implDoFinal);
        return bArr2;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.crypto.CipherSpi
    public byte[] engineWrap(Key key) throws InvalidKeyException, IllegalBlockSizeException {
        try {
            P11Key convertKey = P11SecretKeyFactory.convertKey(this.token, key, key.getAlgorithm());
            Session session = null;
            long keyID = this.p11Key.getKeyID();
            long keyID2 = convertKey.getKeyID();
            try {
                try {
                    session = this.token.getOpSession();
                    byte[] C_WrapKey = this.token.p11.C_WrapKey(session.id(), new CK_MECHANISM(this.mechanism), keyID, keyID2);
                    this.p11Key.releaseKeyID();
                    convertKey.releaseKeyID();
                    this.token.releaseSession(session);
                    return C_WrapKey;
                } catch (Throwable th) {
                    this.p11Key.releaseKeyID();
                    convertKey.releaseKeyID();
                    this.token.releaseSession(session);
                    throw th;
                }
            } catch (PKCS11Exception e) {
                throw new InvalidKeyException("wrap() failed", e);
            }
        } catch (InvalidKeyException e2) {
            byte[] encoded = key.getEncoded();
            if (encoded == null) {
                throw new InvalidKeyException("wrap() failed, no encoding available", e2);
            }
            implInit(1, this.p11Key);
            implUpdate(encoded, 0, encoded.length);
            try {
                try {
                    byte[] doFinal = doFinal();
                    implInit(3, this.p11Key);
                    return doFinal;
                } catch (Throwable th2) {
                    implInit(3, this.p11Key);
                    throw th2;
                }
            } catch (BadPaddingException e3) {
                throw new InvalidKeyException("wrap() failed", e3);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.crypto.CipherSpi
    public Key engineUnwrap(byte[] bArr, String str, int i) throws InvalidKeyException, NoSuchAlgorithmException {
        boolean equals = str.equals("TlsRsaPremasterSecret");
        Exception exc = null;
        if (!this.token.supportsRawSecretKeyImport()) {
            Session session = null;
            SecretKey secretKey = null;
            long keyID = this.p11Key.getKeyID();
            try {
                try {
                    session = this.token.getObjSession();
                    CK_ATTRIBUTE[] attributes = this.token.getAttributes("import", 4L, 16L, new CK_ATTRIBUTE[]{new CK_ATTRIBUTE(0L, 4L), new CK_ATTRIBUTE(256L, 16L)});
                    secretKey = P11Key.secretKey(session, this.token.p11.C_UnwrapKey(session.id(), new CK_MECHANISM(this.mechanism), keyID, bArr, attributes), str, CollationFastLatin.LATIN_LIMIT, attributes);
                } catch (PKCS11Exception e) {
                    if (!equals) {
                        throw new InvalidKeyException("unwrap() failed", e);
                    }
                    exc = e;
                }
                if (equals) {
                    TlsRsaPremasterSecretParameterSpec tlsRsaPremasterSecretParameterSpec = (TlsRsaPremasterSecretParameterSpec) this.spec;
                    secretKey = polishPreMasterSecretKey(this.token, session, exc, secretKey, tlsRsaPremasterSecretParameterSpec.getClientVersion(), tlsRsaPremasterSecretParameterSpec.getServerVersion());
                }
                return secretKey;
            } finally {
                this.p11Key.releaseKeyID();
                this.token.releaseSession(session);
            }
        }
        implInit(2, this.p11Key);
        try {
            if (bArr.length > this.maxInputSize) {
                throw new InvalidKeyException("Key is too long for unwrapping");
            }
            byte[] bArr2 = null;
            implUpdate(bArr, 0, bArr.length);
            try {
                try {
                    bArr2 = doFinal();
                } catch (IllegalBlockSizeException e2) {
                    throw new InvalidKeyException("Unwrapping failed", e2);
                }
            } catch (BadPaddingException e3) {
                if (!equals) {
                    throw new InvalidKeyException("Unwrapping failed", e3);
                }
                exc = e3;
            }
            if (equals) {
                if (!(this.spec instanceof TlsRsaPremasterSecretParameterSpec)) {
                    throw new IllegalStateException("No TlsRsaPremasterSecretParameterSpec specified");
                }
                TlsRsaPremasterSecretParameterSpec tlsRsaPremasterSecretParameterSpec2 = (TlsRsaPremasterSecretParameterSpec) this.spec;
                bArr2 = KeyUtil.checkTlsPreMasterSecretKey(tlsRsaPremasterSecretParameterSpec2.getClientVersion(), tlsRsaPremasterSecretParameterSpec2.getServerVersion(), this.random, bArr2, exc != null);
            }
            Key constructKey = ConstructKeys.constructKey(bArr2, str, i);
            implInit(4, this.p11Key);
            return constructKey;
        } catch (Throwable th) {
            implInit(4, this.p11Key);
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.crypto.CipherSpi
    public int engineGetKeySize(Key key) throws InvalidKeyException {
        return P11KeyFactory.convertKey(this.token, key, this.algorithm).length();
    }

    private static SecretKey polishPreMasterSecretKey(Token token, Session session, Exception exc, SecretKey secretKey, int i, int i2) {
        CK_VERSION ck_version = new CK_VERSION((i >>> 8) & 255, i & 255);
        try {
            CK_ATTRIBUTE[] attributes = token.getAttributes("generate", 4L, 16L, new CK_ATTRIBUTE[0]);
            return exc == null ? secretKey : P11Key.secretKey(session, token.p11.C_GenerateKey(session.id(), new CK_MECHANISM(880L, ck_version), attributes), "TlsRsaPremasterSecret", CollationFastLatin.LATIN_LIMIT, attributes);
        } catch (PKCS11Exception e) {
            throw new ProviderException("Could not generate premaster secret", e);
        }
    }
}
