package sun.security.pkcs11;

import java.io.ByteArrayOutputStream;
import java.nio.ByteBuffer;
import java.security.AlgorithmParameters;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import java.security.ProviderException;
import java.security.SecureRandom;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.InvalidParameterSpecException;
import java.util.Arrays;
import java.util.Locale;
import javax.crypto.BadPaddingException;
import javax.crypto.CipherSpi;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.ShortBufferException;
import javax.crypto.spec.GCMParameterSpec;
import sun.nio.ch.DirectBuffer;
import sun.security.jca.JCAUtil;
import sun.security.pkcs11.wrapper.CK_GCM_PARAMS;
import sun.security.pkcs11.wrapper.CK_MECHANISM;
import sun.security.pkcs11.wrapper.PKCS11Exception;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:unix/1.8.0_292/jre/lib/ext/sunpkcs11.jar:sun/security/pkcs11/P11AEADCipher.class */
public final class P11AEADCipher extends CipherSpi {
    private static final int MODE_GCM = 10;
    private static final int GCM_DEFAULT_TAG_LEN = 16;
    private static final int GCM_DEFAULT_IV_LEN = 16;
    private static final String ALGO = "AES";
    private final Token token;
    private final long mechanism;
    private final int blockMode;
    private final int fixedKeySize;
    private Session session = null;
    private P11Key p11Key = null;
    private boolean initialized = false;
    private boolean encrypt = true;
    private byte[] iv = null;
    private int tagLen = -1;
    private SecureRandom random = JCAUtil.getSecureRandom();
    private ByteArrayOutputStream dataBuffer = new ByteArrayOutputStream();
    private ByteArrayOutputStream aadBuffer = new ByteArrayOutputStream();
    private boolean updateCalled = false;
    private boolean requireReinit = false;
    private P11Key lastEncKey = null;
    private byte[] lastEncIv = null;

    /* JADX INFO: Access modifiers changed from: package-private */
    public P11AEADCipher(Token token, String str, long j) throws PKCS11Exception, NoSuchAlgorithmException {
        this.token = token;
        this.mechanism = j;
        String[] split = str.split("/");
        if (split.length != 3) {
            throw new ProviderException("Unsupported Transformation format: " + str);
        }
        if (!split[0].startsWith(ALGO)) {
            throw new ProviderException("Only support AES for AEAD cipher mode");
        }
        int indexOf = split[0].indexOf(95);
        if (indexOf != -1) {
            this.fixedKeySize = Integer.parseInt(split[0].substring(indexOf + 1)) >> 3;
        } else {
            this.fixedKeySize = -1;
        }
        this.blockMode = parseMode(split[1]);
        if (!split[2].equals("NoPadding")) {
            throw new ProviderException("Only NoPadding is supported for AEAD cipher mode");
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.crypto.CipherSpi
    public void engineSetMode(String str) throws NoSuchAlgorithmException {
        throw new NoSuchAlgorithmException("Unsupported mode " + str);
    }

    private int parseMode(String str) throws NoSuchAlgorithmException {
        String upperCase = str.toUpperCase(Locale.ENGLISH);
        if (upperCase.equals("GCM")) {
            return 10;
        }
        throw new NoSuchAlgorithmException("Unsupported mode " + upperCase);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.crypto.CipherSpi
    public void engineSetPadding(String str) throws NoSuchPaddingException {
        throw new NoSuchPaddingException("Unsupported padding " + str);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.crypto.CipherSpi
    public int engineGetBlockSize() {
        return 16;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.crypto.CipherSpi
    public int engineGetOutputSize(int i) {
        return doFinalLength(i);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.crypto.CipherSpi
    public byte[] engineGetIV() {
        if (this.iv == null) {
            return null;
        }
        return (byte[]) this.iv.clone();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.crypto.CipherSpi
    public AlgorithmParameters engineGetParameters() {
        if (this.encrypt && this.iv == null && this.tagLen == -1) {
            switch (this.blockMode) {
                case 10:
                    this.iv = new byte[16];
                    this.tagLen = 16;
                    this.random.nextBytes(this.iv);
                    break;
                default:
                    throw new ProviderException("Unsupported mode");
            }
        }
        try {
            switch (this.blockMode) {
                case 10:
                    GCMParameterSpec gCMParameterSpec = new GCMParameterSpec(this.tagLen << 3, this.iv);
                    AlgorithmParameters algorithmParameters = AlgorithmParameters.getInstance("GCM");
                    algorithmParameters.init(gCMParameterSpec);
                    return algorithmParameters;
                default:
                    throw new ProviderException("Unsupported mode");
            }
        } catch (GeneralSecurityException e) {
            throw new ProviderException("Could not encode parameters", e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.crypto.CipherSpi
    public void engineInit(int i, Key key, SecureRandom secureRandom) throws InvalidKeyException {
        if (i == 2) {
            throw new InvalidKeyException("Parameters required for decryption");
        }
        this.updateCalled = false;
        try {
            implInit(i, key, null, -1, secureRandom);
        } catch (InvalidAlgorithmParameterException e) {
            throw new InvalidKeyException("init() failed", e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.crypto.CipherSpi
    public void engineInit(int i, Key key, AlgorithmParameterSpec algorithmParameterSpec, SecureRandom secureRandom) throws InvalidKeyException, InvalidAlgorithmParameterException {
        if (i == 2 && algorithmParameterSpec == null) {
            throw new InvalidAlgorithmParameterException("Parameters required for decryption");
        }
        this.updateCalled = false;
        byte[] bArr = null;
        int i2 = -1;
        if (algorithmParameterSpec != null) {
            switch (this.blockMode) {
                case 10:
                    if (!(algorithmParameterSpec instanceof GCMParameterSpec)) {
                        throw new InvalidAlgorithmParameterException("Only GCMParameterSpec is supported");
                    }
                    bArr = ((GCMParameterSpec) algorithmParameterSpec).getIV();
                    i2 = ((GCMParameterSpec) algorithmParameterSpec).getTLen() >> 3;
                    break;
                default:
                    throw new ProviderException("Unsupported mode");
            }
        }
        implInit(i, key, bArr, i2, secureRandom);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.crypto.CipherSpi
    public void engineInit(int i, Key key, AlgorithmParameters algorithmParameters, SecureRandom secureRandom) throws InvalidKeyException, InvalidAlgorithmParameterException {
        if (i == 2 && algorithmParameters == null) {
            throw new InvalidAlgorithmParameterException("Parameters required for decryption");
        }
        this.updateCalled = false;
        AlgorithmParameterSpec algorithmParameterSpec = null;
        if (algorithmParameters != null) {
            try {
                switch (this.blockMode) {
                    case 10:
                        algorithmParameterSpec = algorithmParameters.getParameterSpec(GCMParameterSpec.class);
                        break;
                    default:
                        throw new ProviderException("Unsupported mode");
                }
            } catch (InvalidParameterSpecException e) {
                throw new InvalidAlgorithmParameterException(e);
            }
        }
        engineInit(i, key, algorithmParameterSpec, secureRandom);
    }

    private void implInit(int i, Key key, byte[] bArr, int i2, SecureRandom secureRandom) throws InvalidKeyException, InvalidAlgorithmParameterException {
        reset(true);
        if (this.fixedKeySize != -1) {
            if ((key instanceof P11Key ? ((P11Key) key).length() >> 3 : key.getEncoded().length) != this.fixedKeySize) {
                throw new InvalidKeyException("Key size is invalid");
            }
        }
        P11Key convertKey = P11SecretKeyFactory.convertKey(this.token, key, ALGO);
        switch (i) {
            case 1:
                this.encrypt = true;
                this.requireReinit = Arrays.equals(bArr, this.lastEncIv) && convertKey == this.lastEncKey;
                if (this.requireReinit) {
                    throw new InvalidAlgorithmParameterException("Cannot reuse iv for GCM encryption");
                }
                break;
            case 2:
                this.encrypt = false;
                this.requireReinit = false;
                break;
            default:
                throw new InvalidAlgorithmParameterException("Unsupported mode: " + i);
        }
        if (secureRandom != null) {
            this.random = secureRandom;
        }
        if (bArr == null && i2 == -1) {
            switch (this.blockMode) {
                case 10:
                    bArr = new byte[16];
                    this.random.nextBytes(bArr);
                    i2 = 16;
                    break;
                default:
                    throw new ProviderException("Unsupported mode");
            }
        }
        this.iv = bArr;
        this.tagLen = i2;
        this.p11Key = convertKey;
        try {
            initialize();
        } catch (PKCS11Exception e) {
            throw new InvalidKeyException("Could not initialize cipher", e);
        }
    }

    private void cancelOperation() {
        int doFinalLength = doFinalLength(0);
        byte[] bArr = new byte[doFinalLength];
        byte[] byteArray = this.dataBuffer.toByteArray();
        int length = byteArray.length;
        try {
            if (this.encrypt) {
                this.token.p11.C_Encrypt(this.session.id(), 0L, byteArray, 0, length, 0L, bArr, 0, doFinalLength);
            } else {
                this.token.p11.C_Decrypt(this.session.id(), 0L, byteArray, 0, length, 0L, bArr, 0, doFinalLength);
            }
        } catch (PKCS11Exception e) {
            if (e.getErrorCode() != 145 && this.encrypt) {
                throw new ProviderException("Cancel failed", e);
            }
        }
    }

    private void ensureInitialized() throws PKCS11Exception {
        if (this.initialized && this.aadBuffer.size() > 0) {
            reset(true);
        }
        if (this.initialized) {
            return;
        }
        initialize();
    }

    private void initialize() throws PKCS11Exception {
        if (this.p11Key == null) {
            throw new ProviderException("Operation cannot be performed without calling engineInit first");
        }
        if (this.requireReinit) {
            throw new IllegalStateException("Must use either different key or iv for GCM encryption");
        }
        this.token.ensureValid();
        byte[] byteArray = this.aadBuffer.size() > 0 ? this.aadBuffer.toByteArray() : null;
        long keyID = this.p11Key.getKeyID();
        try {
            try {
                if (this.session == null) {
                    this.session = this.token.getOpSession();
                }
                switch (this.blockMode) {
                    case 10:
                        CK_MECHANISM ck_mechanism = new CK_MECHANISM(this.mechanism, new CK_GCM_PARAMS(this.tagLen << 3, this.iv, byteArray));
                        if (this.encrypt) {
                            this.token.p11.C_EncryptInit(this.session.id(), ck_mechanism, keyID);
                        } else {
                            this.token.p11.C_DecryptInit(this.session.id(), ck_mechanism, keyID);
                        }
                        this.initialized = true;
                        return;
                    default:
                        throw new ProviderException("Unsupported mode: " + this.blockMode);
                }
            } catch (PKCS11Exception e) {
                this.p11Key.releaseKeyID();
                this.session = this.token.releaseSession(this.session);
                throw e;
            }
        } finally {
            this.dataBuffer.reset();
            this.aadBuffer.reset();
        }
    }

    private int doFinalLength(int i) {
        if (i < 0) {
            throw new ProviderException("Invalid negative input length");
        }
        int size = i + this.dataBuffer.size();
        if (this.encrypt) {
            size += this.tagLen;
        }
        return size;
    }

    private void reset(boolean z) {
        if (this.initialized) {
            this.initialized = false;
            try {
                if (this.session == null) {
                    return;
                }
                if (z && this.token.explicitCancel) {
                    cancelOperation();
                }
            } finally {
                this.p11Key.releaseKeyID();
                this.session = this.token.releaseSession(this.session);
                this.dataBuffer.reset();
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.crypto.CipherSpi
    public byte[] engineUpdate(byte[] bArr, int i, int i2) {
        this.updateCalled = true;
        implUpdate(bArr, i, i2);
        return new byte[0];
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.crypto.CipherSpi
    public int engineUpdate(byte[] bArr, int i, int i2, byte[] bArr2, int i3) throws ShortBufferException {
        this.updateCalled = true;
        implUpdate(bArr, i, i2);
        return 0;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.crypto.CipherSpi
    public int engineUpdate(ByteBuffer byteBuffer, ByteBuffer byteBuffer2) throws ShortBufferException {
        this.updateCalled = true;
        implUpdate(byteBuffer);
        return 0;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.crypto.CipherSpi
    public synchronized void engineUpdateAAD(byte[] bArr, int i, int i2) throws IllegalStateException {
        if (bArr == null || i < 0 || i + i2 > bArr.length) {
            throw new IllegalArgumentException("Invalid AAD");
        }
        if (this.requireReinit) {
            throw new IllegalStateException("Must use either different key or iv for GCM encryption");
        }
        if (this.p11Key == null) {
            throw new IllegalStateException("Need to initialize Cipher first");
        }
        if (this.updateCalled) {
            throw new IllegalStateException("Update has been called; no more AAD data");
        }
        this.aadBuffer.write(bArr, i, i2);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.crypto.CipherSpi
    public void engineUpdateAAD(ByteBuffer byteBuffer) throws IllegalStateException {
        if (byteBuffer == null) {
            throw new IllegalArgumentException("Invalid AAD");
        }
        byte[] bArr = new byte[byteBuffer.remaining()];
        byteBuffer.get(bArr);
        engineUpdateAAD(bArr, 0, bArr.length);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.crypto.CipherSpi
    public byte[] engineDoFinal(byte[] bArr, int i, int i2) throws IllegalBlockSizeException, BadPaddingException {
        try {
            try {
                byte[] bArr2 = new byte[doFinalLength(i2)];
                byte[] convert = P11Util.convert(bArr2, 0, engineDoFinal(bArr, i, i2, bArr2, 0));
                this.updateCalled = false;
                return convert;
            } catch (ShortBufferException e) {
                throw new ProviderException(e);
            }
        } catch (Throwable th) {
            this.updateCalled = false;
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.crypto.CipherSpi
    public int engineDoFinal(byte[] bArr, int i, int i2, byte[] bArr2, int i3) throws ShortBufferException, IllegalBlockSizeException, BadPaddingException {
        try {
            int implDoFinal = implDoFinal(bArr, i, i2, bArr2, i3, bArr2.length - i3);
            this.updateCalled = false;
            return implDoFinal;
        } catch (Throwable th) {
            this.updateCalled = false;
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.crypto.CipherSpi
    public int engineDoFinal(ByteBuffer byteBuffer, ByteBuffer byteBuffer2) throws ShortBufferException, IllegalBlockSizeException, BadPaddingException {
        try {
            int implDoFinal = implDoFinal(byteBuffer, byteBuffer2);
            this.updateCalled = false;
            return implDoFinal;
        } catch (Throwable th) {
            this.updateCalled = false;
            throw th;
        }
    }

    private int implUpdate(byte[] bArr, int i, int i2) {
        if (i2 <= 0) {
            return 0;
        }
        this.updateCalled = true;
        try {
            ensureInitialized();
            this.dataBuffer.write(bArr, i, i2);
            return 0;
        } catch (PKCS11Exception e) {
            reset(false);
            throw new ProviderException("update() failed", e);
        }
    }

    private int implUpdate(ByteBuffer byteBuffer) {
        int remaining = byteBuffer.remaining();
        if (remaining <= 0) {
            return 0;
        }
        try {
            ensureInitialized();
            byte[] bArr = new byte[remaining];
            byteBuffer.get(bArr);
            this.dataBuffer.write(bArr, 0, bArr.length);
            return 0;
        } catch (PKCS11Exception e) {
            reset(false);
            throw new ProviderException("update() failed", e);
        }
    }

    private int implDoFinal(byte[] bArr, int i, int i2, byte[] bArr2, int i3, int i4) throws ShortBufferException, IllegalBlockSizeException, BadPaddingException {
        int C_Decrypt;
        boolean z;
        if (i4 < doFinalLength(i2)) {
            throw new ShortBufferException();
        }
        try {
            try {
                ensureInitialized();
                if (this.dataBuffer.size() > 0) {
                    if (bArr != null && i > 0 && i2 > 0 && i < bArr.length - i2) {
                        this.dataBuffer.write(bArr, i, i2);
                    }
                    bArr = this.dataBuffer.toByteArray();
                    i = 0;
                    i2 = bArr.length;
                }
                if (this.encrypt) {
                    C_Decrypt = this.token.p11.C_Encrypt(this.session.id(), 0L, bArr, i, i2, 0L, bArr2, i3, i4);
                    z = false;
                } else {
                    if (i2 == 0) {
                        return 0;
                    }
                    C_Decrypt = this.token.p11.C_Decrypt(this.session.id(), 0L, bArr, i, i2, 0L, bArr2, i3, i4);
                    z = false;
                }
                int i5 = C_Decrypt;
                if (this.encrypt) {
                    this.lastEncKey = this.p11Key;
                    this.lastEncIv = this.iv;
                    this.requireReinit = true;
                }
                reset(z);
                return i5;
            } catch (PKCS11Exception e) {
                handleException(e);
                throw new ProviderException("doFinal() failed", e);
            }
        } finally {
            if (this.encrypt) {
                this.lastEncKey = this.p11Key;
                this.lastEncIv = this.iv;
                this.requireReinit = true;
            }
            reset(true);
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    private int implDoFinal(ByteBuffer byteBuffer, ByteBuffer byteBuffer2) throws ShortBufferException, IllegalBlockSizeException, BadPaddingException {
        int C_Decrypt;
        int remaining = byteBuffer2.remaining();
        int remaining2 = byteBuffer.remaining();
        if (remaining < doFinalLength(remaining2)) {
            throw new ShortBufferException();
        }
        boolean z = true;
        try {
            try {
                ensureInitialized();
                long j = 0;
                byte[] bArr = null;
                int i = 0;
                if (this.dataBuffer.size() > 0) {
                    if (remaining2 > 0) {
                        byte[] bArr2 = new byte[remaining2];
                        byteBuffer.get(bArr2);
                        this.dataBuffer.write(bArr2, 0, bArr2.length);
                    }
                    bArr = this.dataBuffer.toByteArray();
                    i = 0;
                    remaining2 = bArr.length;
                } else if (byteBuffer instanceof DirectBuffer) {
                    j = ((DirectBuffer) byteBuffer).address();
                    i = byteBuffer.position();
                } else if (byteBuffer.hasArray()) {
                    bArr = byteBuffer.array();
                    i = byteBuffer.position() + byteBuffer.arrayOffset();
                } else {
                    bArr = new byte[remaining2];
                    byteBuffer.get(bArr);
                }
                long j2 = 0;
                byte[] bArr3 = null;
                int i2 = 0;
                if (byteBuffer2 instanceof DirectBuffer) {
                    j2 = ((DirectBuffer) byteBuffer2).address();
                    i2 = byteBuffer2.position();
                } else if (byteBuffer2.hasArray()) {
                    bArr3 = byteBuffer2.array();
                    i2 = byteBuffer2.position() + byteBuffer2.arrayOffset();
                } else {
                    bArr3 = new byte[remaining];
                }
                if (this.encrypt) {
                    C_Decrypt = this.token.p11.C_Encrypt(this.session.id(), j, bArr, i, remaining2, j2, bArr3, i2, remaining);
                    z = false;
                } else {
                    if (remaining2 == 0) {
                        if (this.encrypt) {
                            this.lastEncKey = this.p11Key;
                            this.lastEncIv = this.iv;
                            this.requireReinit = true;
                        }
                        reset(true);
                        return 0;
                    }
                    C_Decrypt = this.token.p11.C_Decrypt(this.session.id(), j, bArr, i, remaining2, j2, bArr3, i2, remaining);
                    z = false;
                }
                byteBuffer2.position(byteBuffer2.position() + C_Decrypt);
                int i3 = C_Decrypt;
                if (this.encrypt) {
                    this.lastEncKey = this.p11Key;
                    this.lastEncIv = this.iv;
                    this.requireReinit = true;
                }
                reset(z);
                return i3;
            } catch (PKCS11Exception e) {
                handleException(e);
                throw new ProviderException("doFinal() failed", e);
            }
        } catch (Throwable th) {
            if (this.encrypt) {
                this.lastEncKey = this.p11Key;
                this.lastEncIv = this.iv;
                this.requireReinit = true;
            }
            reset(z);
            throw th;
        }
    }

    private void handleException(PKCS11Exception pKCS11Exception) throws ShortBufferException, IllegalBlockSizeException, BadPaddingException {
        long errorCode = pKCS11Exception.getErrorCode();
        if (errorCode == 336) {
            throw ((ShortBufferException) new ShortBufferException().initCause(pKCS11Exception));
        }
        if (errorCode == 33 || errorCode == 65) {
            throw ((IllegalBlockSizeException) new IllegalBlockSizeException(pKCS11Exception.toString()).initCause(pKCS11Exception));
        }
        if (errorCode == 64) {
            throw ((BadPaddingException) new BadPaddingException(pKCS11Exception.toString()).initCause(pKCS11Exception));
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.crypto.CipherSpi
    public byte[] engineWrap(Key key) throws IllegalBlockSizeException, InvalidKeyException {
        throw new UnsupportedOperationException("engineWrap()");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.crypto.CipherSpi
    public Key engineUnwrap(byte[] bArr, String str, int i) throws InvalidKeyException, NoSuchAlgorithmException {
        throw new UnsupportedOperationException("engineUnwrap()");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.crypto.CipherSpi
    public int engineGetKeySize(Key key) throws InvalidKeyException {
        return P11SecretKeyFactory.convertKey(this.token, key, ALGO).length();
    }
}
