package sun.security.pkcs11;

import com.sun.org.apache.xalan.internal.templates.Constants;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.ProviderException;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.KeySpec;
import java.util.HashMap;
import java.util.Locale;
import java.util.Map;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactorySpi;
import javax.crypto.spec.DESKeySpec;
import javax.crypto.spec.DESedeKeySpec;
import javax.crypto.spec.SecretKeySpec;
import sun.security.pkcs11.wrapper.CK_ATTRIBUTE;
import sun.security.pkcs11.wrapper.PKCS11Constants;
import sun.security.pkcs11.wrapper.PKCS11Exception;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:win/1.8.0_412/lib/ext/sunpkcs11.jar:sun/security/pkcs11/P11SecretKeyFactory.class */
public final class P11SecretKeyFactory extends SecretKeyFactorySpi {
    private final Token token;
    private final String algorithm;
    private static final Map<String, Long> keyTypes = new HashMap();

    /* JADX INFO: Access modifiers changed from: package-private */
    public P11SecretKeyFactory(Token token, String str) {
        this.token = token;
        this.algorithm = str;
    }

    private static void addKeyType(String str, long j) {
        Long valueOf = Long.valueOf(j);
        keyTypes.put(str, valueOf);
        keyTypes.put(str.toUpperCase(Locale.ENGLISH), valueOf);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static long getKeyType(String str) {
        Long l = keyTypes.get(str);
        if (l == null) {
            String upperCase = str.toUpperCase(Locale.ENGLISH);
            l = keyTypes.get(upperCase);
            if (l == null) {
                if (upperCase.startsWith("HMAC")) {
                    return 2147483427L;
                }
                if (upperCase.startsWith("SSLMAC")) {
                    return PKCS11Constants.PCKK_SSLMAC;
                }
            }
        }
        if (l != null) {
            return l.longValue();
        }
        return -1L;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static P11Key convertKey(Token token, Key key, String str) throws InvalidKeyException {
        return convertKey(token, key, str, null);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static P11Key convertKey(Token token, Key key, String str, CK_ATTRIBUTE[] ck_attributeArr) throws InvalidKeyException {
        long keyType;
        token.ensureValid();
        if (key == null) {
            throw new InvalidKeyException("Key must not be null");
        }
        if (!(key instanceof SecretKey)) {
            throw new InvalidKeyException("Key must be a SecretKey");
        }
        if (str == null) {
            str = key.getAlgorithm();
            keyType = getKeyType(str);
        } else {
            keyType = getKeyType(str);
            if (keyType != getKeyType(key.getAlgorithm()) && keyType != 2147483427 && keyType != PKCS11Constants.PCKK_SSLMAC) {
                throw new InvalidKeyException("Key algorithm must be " + str);
            }
        }
        if (key instanceof P11Key) {
            P11Key p11Key = (P11Key) key;
            if (p11Key.token == token) {
                if (ck_attributeArr != null) {
                    Session session = null;
                    long keyID = p11Key.getKeyID();
                    try {
                        try {
                            session = token.getObjSession();
                            P11Key p11Key2 = (P11Key) P11Key.secretKey(session, token.p11.C_CopyObject(session.id(), keyID, ck_attributeArr), p11Key.algorithm, p11Key.keyLength, ck_attributeArr);
                            p11Key.releaseKeyID();
                            token.releaseSession(session);
                            p11Key = p11Key2;
                        } catch (PKCS11Exception e) {
                            throw new InvalidKeyException("Cannot duplicate the PKCS11 key", e);
                        }
                    } catch (Throwable th) {
                        p11Key.releaseKeyID();
                        token.releaseSession(session);
                        throw th;
                    }
                }
                return p11Key;
            }
        }
        P11Key p11Key3 = token.secretCache.get(key);
        if (p11Key3 != null) {
            return p11Key3;
        }
        if (!"RAW".equalsIgnoreCase(key.getFormat())) {
            throw new InvalidKeyException("Encoded format must be RAW");
        }
        P11Key createKey = createKey(token, key.getEncoded(), str, keyType, ck_attributeArr);
        token.secretCache.put(key, createKey);
        return createKey;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void fixDESParity(byte[] bArr, int i) {
        for (int i2 = 0; i2 < 8; i2++) {
            int i3 = bArr[i] & 254;
            int i4 = i;
            i++;
            bArr[i4] = (byte) (i3 | ((Integer.bitCount(i3) & 1) ^ 1));
        }
    }

    private static P11Key createKey(Token token, byte[] bArr, String str, long j, CK_ATTRIBUTE[] ck_attributeArr) throws InvalidKeyException {
        CK_ATTRIBUTE[] ck_attributeArr2;
        int length = bArr.length << 3;
        int i = length;
        try {
            switch ((int) j) {
                case 16:
                case 2147483429:
                case 2147483430:
                case 2147483431:
                    j = 16;
                    break;
                case 18:
                    i = P11KeyGenerator.checkKeySize(272L, length, token);
                    break;
                case 19:
                    i = P11KeyGenerator.checkKeySize(288L, length, token);
                    fixDESParity(bArr, 0);
                    break;
                case 21:
                    i = P11KeyGenerator.checkKeySize(305L, length, token);
                    fixDESParity(bArr, 0);
                    fixDESParity(bArr, 8);
                    if (i != 112) {
                        j = 21;
                        fixDESParity(bArr, 16);
                        break;
                    } else {
                        j = 20;
                        break;
                    }
                case 31:
                    i = P11KeyGenerator.checkKeySize(PKCS11Constants.CKM_AES_KEY_GEN, length, token);
                    break;
                case 32:
                    i = P11KeyGenerator.checkKeySize(PKCS11Constants.CKM_BLOWFISH_KEY_GEN, length, token);
                    break;
                case 2147483427:
                case 2147483428:
                    if (length != 0) {
                        j = 16;
                        break;
                    } else {
                        throw new InvalidKeyException("MAC keys must not be empty");
                    }
                default:
                    throw new InvalidKeyException("Unknown algorithm " + str);
            }
            Session session = null;
            try {
                try {
                    if (ck_attributeArr != null) {
                        ck_attributeArr2 = new CK_ATTRIBUTE[3 + ck_attributeArr.length];
                        System.arraycopy(ck_attributeArr, 0, ck_attributeArr2, 3, ck_attributeArr.length);
                    } else {
                        ck_attributeArr2 = new CK_ATTRIBUTE[3];
                    }
                    ck_attributeArr2[0] = new CK_ATTRIBUTE(0L, 4L);
                    ck_attributeArr2[1] = new CK_ATTRIBUTE(256L, j);
                    ck_attributeArr2[2] = new CK_ATTRIBUTE(17L, bArr);
                    CK_ATTRIBUTE[] attributes = token.getAttributes(Constants.ELEMNAME_IMPORT_STRING, 4L, j, ck_attributeArr2);
                    session = token.getObjSession();
                    P11Key p11Key = (P11Key) P11Key.secretKey(session, token.p11.C_CreateObject(session.id(), attributes), str, i, attributes);
                    token.releaseSession(session);
                    return p11Key;
                } catch (PKCS11Exception e) {
                    throw new InvalidKeyException("Could not create key", e);
                }
            } catch (Throwable th) {
                token.releaseSession(session);
                throw th;
            }
        } catch (InvalidAlgorithmParameterException e2) {
            throw new InvalidKeyException("Invalid key for " + str, e2);
        } catch (ProviderException e3) {
            throw new InvalidKeyException("Could not create key", e3);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.crypto.SecretKeyFactorySpi
    public SecretKey engineGenerateSecret(KeySpec keySpec) throws InvalidKeySpecException {
        this.token.ensureValid();
        if (keySpec == null) {
            throw new InvalidKeySpecException("KeySpec must not be null");
        }
        if (keySpec instanceof SecretKeySpec) {
            try {
                return (SecretKey) convertKey(this.token, (SecretKey) keySpec, this.algorithm);
            } catch (InvalidKeyException e) {
                throw new InvalidKeySpecException(e);
            }
        }
        if (this.algorithm.equalsIgnoreCase("DES")) {
            if (keySpec instanceof DESKeySpec) {
                return engineGenerateSecret(new SecretKeySpec(((DESKeySpec) keySpec).getKey(), "DES"));
            }
        } else if (this.algorithm.equalsIgnoreCase("DESede") && (keySpec instanceof DESedeKeySpec)) {
            return engineGenerateSecret(new SecretKeySpec(((DESedeKeySpec) keySpec).getKey(), "DESede"));
        }
        throw new InvalidKeySpecException("Unsupported spec: " + keySpec.getClass().getName());
    }

    private byte[] getKeyBytes(SecretKey secretKey) throws InvalidKeySpecException {
        try {
            SecretKey engineTranslateKey = engineTranslateKey(secretKey);
            if ("RAW".equalsIgnoreCase(engineTranslateKey.getFormat())) {
                return engineTranslateKey.getEncoded();
            }
            throw new InvalidKeySpecException("Could not obtain key bytes");
        } catch (InvalidKeyException e) {
            throw new InvalidKeySpecException(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.crypto.SecretKeyFactorySpi
    public KeySpec engineGetKeySpec(SecretKey secretKey, Class<?> cls) throws InvalidKeySpecException {
        this.token.ensureValid();
        if (secretKey == null || cls == null) {
            throw new InvalidKeySpecException("key and keySpec must not be null");
        }
        if (cls.isAssignableFrom(SecretKeySpec.class)) {
            return new SecretKeySpec(getKeyBytes(secretKey), this.algorithm);
        }
        if (this.algorithm.equalsIgnoreCase("DES")) {
            try {
                if (cls.isAssignableFrom(DESKeySpec.class)) {
                    return new DESKeySpec(getKeyBytes(secretKey));
                }
            } catch (InvalidKeyException e) {
                throw new InvalidKeySpecException(e);
            }
        } else if (this.algorithm.equalsIgnoreCase("DESede")) {
            try {
                if (cls.isAssignableFrom(DESedeKeySpec.class)) {
                    return new DESedeKeySpec(getKeyBytes(secretKey));
                }
            } catch (InvalidKeyException e2) {
                throw new InvalidKeySpecException(e2);
            }
        }
        throw new InvalidKeySpecException("Unsupported spec: " + cls.getName());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.crypto.SecretKeyFactorySpi
    public SecretKey engineTranslateKey(SecretKey secretKey) throws InvalidKeyException {
        return (SecretKey) convertKey(this.token, secretKey, this.algorithm);
    }

    static {
        addKeyType("RC4", 18L);
        addKeyType("ARCFOUR", 18L);
        addKeyType("DES", 19L);
        addKeyType("DESede", 21L);
        addKeyType("AES", 31L);
        addKeyType("Blowfish", 32L);
        addKeyType("RC2", 17L);
        addKeyType("IDEA", 26L);
        addKeyType("TlsPremasterSecret", PKCS11Constants.PCKK_TLSPREMASTER);
        addKeyType("TlsRsaPremasterSecret", PKCS11Constants.PCKK_TLSRSAPREMASTER);
        addKeyType("TlsMasterSecret", PKCS11Constants.PCKK_TLSMASTER);
        addKeyType("Generic", 16L);
    }
}
