package iaik.pkcs.pkcs11.provider.signatures;

import iaik.pkcs.pkcs11.Mechanism;
import iaik.pkcs.pkcs11.MechanismInfo;
import iaik.pkcs.pkcs11.Session;
import iaik.pkcs.pkcs11.TokenException;
import iaik.pkcs.pkcs11.provider.DelegateProvider;
import iaik.pkcs.pkcs11.provider.IAIKPkcs11;
import iaik.pkcs.pkcs11.provider.IAIKPkcs11Exception;
import iaik.pkcs.pkcs11.provider.PKCS11EngineClass;
import iaik.pkcs.pkcs11.provider.TokenManager;
import iaik.pkcs.pkcs11.provider.keys.IAIKPKCS11Key;
import iaik.pkcs.pkcs11.provider.keys.IAIKPKCS11PrivateKey;
import iaik.pkcs.pkcs11.provider.keys.IAIKPKCS11PublicKey;
import iaik.pkcs.pkcs11.wrapper.PKCS11Exception;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.InvalidParameterException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.SignatureSpi;
import java.security.spec.AlgorithmParameterSpec;

/* loaded from: classes.dex */
public abstract class PKCS11Signature extends SignatureSpi implements PKCS11EngineClass {
    private static final boolean DEBUG = false;
    protected static final int SIGN = 1;
    protected static final int VERIFY = 2;
    protected boolean currentKeyIsSoftwareKey_;
    protected boolean initialized_;
    protected int operationState_;
    protected boolean pkcs11OperationInitialized_;
    protected IAIKPKCS11PrivateKey privateKey_;
    protected IAIKPKCS11PublicKey publicKey_;
    protected Session session_;
    protected Signature softwareDelegate_;
    protected TokenManager tokenManager_;
    protected MechanismInfo[][] usedMechanismInfos_;
    protected Mechanism[] usedMechanisms_;

    @Override // java.security.SignatureSpi
    protected Object engineGetParameter(String str) throws InvalidParameterException {
        if (!this.currentKeyIsSoftwareKey_) {
            return pkcs11GetParameter(str);
        }
        if (IAIKPkcs11.isEnableSoftwareDelegation()) {
            return this.softwareDelegate_.getParameter(str);
        }
        throw new IAIKPkcs11Exception("The current key is not a key of this provider, but software delegation is disabled.");
    }

    @Override // java.security.SignatureSpi
    protected void engineInitSign(PrivateKey privateKey) throws InvalidKeyException {
        PrivateKey handleSignatureKey = IAIKPkcs11.getGlobalKeyHandler().handleSignatureKey(getAlgorithmName(), privateKey);
        if (handleSignatureKey instanceof IAIKPKCS11Key) {
            pkcs11InitSign(handleSignatureKey);
            this.currentKeyIsSoftwareKey_ = false;
        } else {
            if (!IAIKPkcs11.isEnableSoftwareDelegation()) {
                throw new InvalidKeyException("The current key is not a key of this provider, but software delegation is disabled.");
            }
            if (this.softwareDelegate_ == null) {
                initializeSoftwareDelegate();
            }
            this.softwareDelegate_.initSign(handleSignatureKey);
            this.currentKeyIsSoftwareKey_ = true;
        }
    }

    @Override // java.security.SignatureSpi
    protected void engineInitVerify(PublicKey publicKey) throws InvalidKeyException {
        PublicKey handleVerificationKey = IAIKPkcs11.getGlobalKeyHandler().handleVerificationKey(getAlgorithmName(), publicKey);
        if (handleVerificationKey instanceof IAIKPKCS11Key) {
            pkcs11InitVerify(handleVerificationKey);
            this.currentKeyIsSoftwareKey_ = false;
        } else {
            if (!IAIKPkcs11.isEnableSoftwareDelegation()) {
                throw new InvalidKeyException("The current key is not a key of this provider, but software delegation is disabled.");
            }
            if (this.softwareDelegate_ == null) {
                initializeSoftwareDelegate();
            }
            this.softwareDelegate_.initVerify(handleVerificationKey);
            this.currentKeyIsSoftwareKey_ = true;
        }
    }

    @Override // java.security.SignatureSpi
    protected void engineSetParameter(String str, Object obj) throws InvalidParameterException {
        if (!this.currentKeyIsSoftwareKey_) {
            pkcs11SetParameter(str, obj);
        } else {
            if (!IAIKPkcs11.isEnableSoftwareDelegation()) {
                throw new IAIKPkcs11Exception("The current key is not a key of this provider, but software delegation is disabled.");
            }
            this.softwareDelegate_.setParameter(str, obj);
        }
    }

    @Override // java.security.SignatureSpi
    protected void engineSetParameter(AlgorithmParameterSpec algorithmParameterSpec) throws InvalidAlgorithmParameterException {
        if (!this.currentKeyIsSoftwareKey_) {
            pkcs11SetParameter(algorithmParameterSpec);
        } else {
            if (!IAIKPkcs11.isEnableSoftwareDelegation()) {
                throw new IAIKPkcs11Exception("The current key is not a key of this provider, but software delegation is disabled.");
            }
            this.softwareDelegate_.setParameter(algorithmParameterSpec);
        }
    }

    @Override // java.security.SignatureSpi
    protected byte[] engineSign() throws SignatureException {
        if (!this.currentKeyIsSoftwareKey_) {
            return pkcs11Sign();
        }
        if (IAIKPkcs11.isEnableSoftwareDelegation()) {
            return this.softwareDelegate_.sign();
        }
        throw new IAIKPkcs11Exception("The current key is not a key of this provider, but software delegation is disabled.");
    }

    @Override // java.security.SignatureSpi
    protected void engineUpdate(byte b) throws SignatureException {
        if (!this.currentKeyIsSoftwareKey_) {
            pkcs11Update(b);
        } else {
            if (!IAIKPkcs11.isEnableSoftwareDelegation()) {
                throw new IAIKPkcs11Exception("The current key is not a key of this provider, but software delegation is disabled.");
            }
            this.softwareDelegate_.update(b);
        }
    }

    @Override // java.security.SignatureSpi
    protected void engineUpdate(byte[] bArr, int i, int i2) throws SignatureException {
        if (!this.currentKeyIsSoftwareKey_) {
            pkcs11Update(bArr, i, i2);
        } else {
            if (!IAIKPkcs11.isEnableSoftwareDelegation()) {
                throw new IAIKPkcs11Exception("The current key is not a key of this provider, but software delegation is disabled.");
            }
            this.softwareDelegate_.update(bArr, i, i2);
        }
    }

    @Override // java.security.SignatureSpi
    protected boolean engineVerify(byte[] bArr) throws SignatureException {
        if (!this.currentKeyIsSoftwareKey_) {
            return pkcs11Verify(bArr);
        }
        if (IAIKPkcs11.isEnableSoftwareDelegation()) {
            return this.softwareDelegate_.verify(bArr);
        }
        throw new IAIKPkcs11Exception("The current key is not a key of this provider, but software delegation is disabled.");
    }

    protected void finalize() throws Throwable {
        if (this.session_ != null) {
            finalizePkcs11Operation();
        }
        super.finalize();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void finalizePkcs11Operation() {
        if (!this.pkcs11OperationInitialized_) {
            this.tokenManager_.disposeSession(this.session_);
            this.session_ = null;
        } else {
            this.pkcs11OperationInitialized_ = false;
            this.tokenManager_.closeSession(this.session_);
            this.session_ = null;
        }
    }

    protected abstract String getAlgorithmName();

    protected abstract Mechanism getMechanism();

    protected MechanismInfo[][] getUsedMechanismFeatures() {
        if (this.usedMechanismInfos_ == null) {
            MechanismInfo mechanismInfo = new MechanismInfo();
            mechanismInfo.setSign(true);
            MechanismInfo mechanismInfo2 = new MechanismInfo();
            mechanismInfo2.setVerify(true);
            this.usedMechanismInfos_ = new MechanismInfo[][]{new MechanismInfo[]{mechanismInfo, mechanismInfo2}};
        }
        return this.usedMechanismInfos_;
    }

    protected Mechanism[] getUsedMechanisms() {
        if (this.usedMechanisms_ == null) {
            Mechanism mechanism = (Mechanism) getMechanism().clone();
            mechanism.setParameters(null);
            this.usedMechanisms_ = new Mechanism[]{mechanism};
        }
        return this.usedMechanisms_;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void initializePkcs11Operation() throws InvalidKeyException {
        initializeSession();
        try {
            if (this.operationState_ == 1) {
                this.session_.signInit(getMechanism(), this.privateKey_.getKeyObject());
            } else {
                this.session_.verifyInit(getMechanism(), this.publicKey_.getKeyObject());
            }
            this.pkcs11OperationInitialized_ = true;
        } catch (TokenException e) {
            throw new InvalidKeyException(e.toString());
        }
    }

    protected void initializeSession() {
        try {
            if (this.session_ == null) {
                this.session_ = this.tokenManager_.getSession(false);
            }
            this.tokenManager_.makeAuthorizedSession(this.session_, null);
        } catch (TokenException e) {
            throw new IAIKPkcs11Exception(e.toString());
        }
    }

    protected void initializeSoftwareDelegate() {
        DelegateProvider delegateProvider = this.tokenManager_ != null ? this.tokenManager_.getProvider().getDelegateProvider() : IAIKPkcs11.getGlobalDelegateProvider();
        String algorithmName = getAlgorithmName();
        this.softwareDelegate_ = delegateProvider.getSignature(algorithmName);
        if (this.softwareDelegate_ == null) {
            throw new IAIKPkcs11Exception(new StringBuffer("Could not get delegate signature engine for ").append(algorithmName).toString());
        }
    }

    @Override // iaik.pkcs.pkcs11.provider.PKCS11EngineClass
    public boolean isSupportedBy(TokenManager tokenManager) {
        try {
            return tokenManager.isMechanismFeatureSupported(getUsedMechanisms(), getUsedMechanismFeatures());
        } catch (TokenException e) {
            return false;
        }
    }

    protected Object pkcs11GetParameter(String str) throws InvalidParameterException {
        throw new UnsupportedOperationException("Method not supported!");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void pkcs11InitSign(PrivateKey privateKey) throws InvalidKeyException {
        if (!(privateKey instanceof IAIKPKCS11PrivateKey)) {
            throw new InvalidKeyException("Private key must be of type iaik.pkcs.pkcs11.provider.keys.IAIKPKCS11PrivateKey!");
        }
        this.privateKey_ = (IAIKPKCS11PrivateKey) privateKey;
        this.tokenManager_ = this.privateKey_.getTokenManager();
        this.operationState_ = 1;
        initializePkcs11Operation();
        this.initialized_ = true;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void pkcs11InitVerify(PublicKey publicKey) throws InvalidKeyException {
        if (!(publicKey instanceof IAIKPKCS11PublicKey)) {
            throw new InvalidKeyException("Public key must be of type iaik.pkcs.pkcs11.provider.keys.IAIKPKCS11PublicKey!");
        }
        this.publicKey_ = (IAIKPKCS11PublicKey) publicKey;
        this.tokenManager_ = this.publicKey_.getTokenManager();
        this.operationState_ = 2;
        initializePkcs11Operation();
        this.initialized_ = true;
    }

    protected void pkcs11SetParameter(String str, Object obj) throws InvalidParameterException {
        throw new UnsupportedOperationException("Method not supported!");
    }

    protected void pkcs11SetParameter(AlgorithmParameterSpec algorithmParameterSpec) throws InvalidAlgorithmParameterException {
        throw new UnsupportedOperationException("This method not supported by this class!");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public byte[] pkcs11Sign() throws SignatureException {
        if (this.operationState_ != 1) {
            throw new SignatureException("Signature object not in sign state");
        }
        if (!this.initialized_) {
            throw new SignatureException("Signature object not initialzed");
        }
        if (!this.pkcs11OperationInitialized_) {
            try {
                initializePkcs11Operation();
            } catch (InvalidKeyException e) {
                finalizePkcs11Operation();
                throw new IAIKPkcs11Exception(new StringBuffer("Could not reinitialize PKCS#11 signature for next operation: ").append(e.toString()).toString());
            }
        }
        try {
            try {
                byte[] signFinal = this.session_.signFinal();
                this.pkcs11OperationInitialized_ = false;
                return signFinal;
            } catch (TokenException e2) {
                throw new SignatureException(e2.toString());
            }
        } finally {
            finalizePkcs11Operation();
        }
    }

    protected void pkcs11Update(byte b) throws SignatureException {
        if (!this.initialized_) {
            throw new SignatureException("Signature object not initialzed");
        }
        pkcs11Update(new byte[]{b}, 0, 1);
    }

    protected void pkcs11Update(byte[] bArr, int i, int i2) throws SignatureException {
        if (!this.initialized_) {
            throw new SignatureException("Signature object not initialzed");
        }
        if (i + i2 > bArr.length) {
            throw new IllegalArgumentException("Arguments must satisfy ((offset + length) <= data.length).");
        }
        if (!this.pkcs11OperationInitialized_) {
            try {
                initializePkcs11Operation();
            } catch (InvalidKeyException e) {
                finalizePkcs11Operation();
                throw new IAIKPkcs11Exception(new StringBuffer("Could not reinitialize PKCS#11 signature for next operation: ").append(e.toString()).toString());
            }
        }
        byte[] bArr2 = new byte[i2];
        System.arraycopy(bArr, i, bArr2, 0, i2);
        try {
            if (this.operationState_ == 1) {
                this.session_.signUpdate(bArr2);
            } else {
                if (this.operationState_ != 2) {
                    throw new SignatureException("Signature object in undefined state");
                }
                this.session_.verifyUpdate(bArr2);
            }
        } catch (TokenException e2) {
            finalizePkcs11Operation();
            throw new SignatureException(e2.toString());
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean pkcs11Verify(byte[] bArr) throws SignatureException {
        boolean z;
        if (this.operationState_ != 2) {
            throw new SignatureException("Signature object not in verify state");
        }
        if (!this.initialized_) {
            throw new SignatureException("Signature object not initialzed");
        }
        if (!this.pkcs11OperationInitialized_) {
            try {
                initializePkcs11Operation();
            } catch (InvalidKeyException e) {
                finalizePkcs11Operation();
                throw new IAIKPkcs11Exception(new StringBuffer("Could not reinitialize PKCS#11 signature for next operation: ").append(e.toString()).toString());
            }
        }
        try {
            try {
                this.session_.verifyFinal(bArr);
                z = true;
                this.pkcs11OperationInitialized_ = false;
            } finally {
                finalizePkcs11Operation();
            }
        } catch (PKCS11Exception e2) {
            if (e2.getErrorCode() == 192) {
                this.pkcs11OperationInitialized_ = false;
                z = false;
            } else {
                z = false;
            }
        } catch (TokenException e3) {
            z = false;
        }
        return z;
    }
}
