package iaik.pkcs.pkcs11.provider.keyagreements;

import iaik.pkcs.pkcs11.Mechanism;
import iaik.pkcs.pkcs11.MechanismInfo;
import iaik.pkcs.pkcs11.Session;
import iaik.pkcs.pkcs11.TokenException;
import iaik.pkcs.pkcs11.objects.AESSecretKey;
import iaik.pkcs.pkcs11.objects.Attribute;
import iaik.pkcs.pkcs11.objects.BlowfishSecretKey;
import iaik.pkcs.pkcs11.objects.ByteArrayAttribute;
import iaik.pkcs.pkcs11.objects.CAST128SecretKey;
import iaik.pkcs.pkcs11.objects.CAST3SecretKey;
import iaik.pkcs.pkcs11.objects.CASTSecretKey;
import iaik.pkcs.pkcs11.objects.DES3SecretKey;
import iaik.pkcs.pkcs11.objects.DESSecretKey;
import iaik.pkcs.pkcs11.objects.GenericSecretKey;
import iaik.pkcs.pkcs11.objects.IDEASecretKey;
import iaik.pkcs.pkcs11.objects.Key;
import iaik.pkcs.pkcs11.objects.RC2SecretKey;
import iaik.pkcs.pkcs11.objects.RC4SecretKey;
import iaik.pkcs.pkcs11.objects.RC5SecretKey;
import iaik.pkcs.pkcs11.objects.TwofishSecretKey;
import iaik.pkcs.pkcs11.provider.DelegateProvider;
import iaik.pkcs.pkcs11.provider.IAIKPkcs11;
import iaik.pkcs.pkcs11.provider.IAIKPkcs11Exception;
import iaik.pkcs.pkcs11.provider.PKCS11EngineClass;
import iaik.pkcs.pkcs11.provider.TokenManager;
import iaik.pkcs.pkcs11.provider.keys.IAIKPKCS11Key;
import iaik.pkcs.pkcs11.provider.keys.IAIKPKCS11SecretKey;
import iaik.pkcs.pkcs11.provider.spec.PKCS11Spec;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.spec.AlgorithmParameterSpec;
import javax.crypto.KeyAgreement;
import javax.crypto.KeyAgreementSpi;
import javax.crypto.SecretKey;
import javax.crypto.ShortBufferException;

/* loaded from: classes.dex */
public abstract class PKCS11KeyAgreement extends KeyAgreementSpi implements PKCS11EngineClass {
    private static final boolean DEBUG = false;
    protected boolean currentKeyIsSoftwareKey_;
    protected Key initKeyObject_;
    protected IAIKPKCS11Key initKey_;
    protected boolean initialized_;
    protected boolean keyAgreementSpecChanged_;
    protected PKCS11KeyAgreementSpec keyAgreementSpec_;
    protected IAIKPKCS11Key phaseKey_;
    protected boolean pkcs11OperationInitialized_;
    protected Session session_;
    protected KeyAgreement softwareDelegate_;
    protected TokenManager tokenManager_;
    protected MechanismInfo[][] usedMechanismInfos_;
    protected Mechanism[] usedMechanisms_;

    protected abstract void checkInitKeyObject(Key key) throws InvalidKeyException;

    protected abstract void checkPhaseKeyObject(Key key) throws InvalidKeyException;

    @Override // javax.crypto.KeyAgreementSpi
    protected java.security.Key engineDoPhase(java.security.Key key, boolean z) throws InvalidKeyException, IllegalStateException {
        java.security.Key handleKeyAgreementPhaseKey = IAIKPkcs11.getGlobalKeyHandler().handleKeyAgreementPhaseKey(getAlgorithmName(), key);
        if (!this.currentKeyIsSoftwareKey_) {
            return pkcs11DoPhase(handleKeyAgreementPhaseKey, z);
        }
        if (IAIKPkcs11.isEnableSoftwareDelegation()) {
            return this.softwareDelegate_.doPhase(handleKeyAgreementPhaseKey, z);
        }
        throw new InvalidKeyException("The current key is not a key of this provider, but software delegation is disabled.");
    }

    @Override // javax.crypto.KeyAgreementSpi
    protected int engineGenerateSecret(byte[] bArr, int i) throws IllegalStateException, ShortBufferException {
        if (!this.currentKeyIsSoftwareKey_) {
            return pkcs11GenerateSecret(bArr, i);
        }
        if (IAIKPkcs11.isEnableSoftwareDelegation()) {
            return this.softwareDelegate_.generateSecret(bArr, i);
        }
        throw new IAIKPkcs11Exception("The current key is not a key of this provider, but software delegation is disabled.");
    }

    @Override // javax.crypto.KeyAgreementSpi
    protected SecretKey engineGenerateSecret(String str) throws IllegalStateException, NoSuchAlgorithmException, InvalidKeyException {
        if (!this.currentKeyIsSoftwareKey_) {
            return pkcs11GenerateSecret(str);
        }
        if (IAIKPkcs11.isEnableSoftwareDelegation()) {
            return this.softwareDelegate_.generateSecret(str);
        }
        throw new InvalidKeyException("The current key is not a key of this provider, but software delegation is disabled.");
    }

    @Override // javax.crypto.KeyAgreementSpi
    protected byte[] engineGenerateSecret() throws IllegalStateException {
        if (!this.currentKeyIsSoftwareKey_) {
            return pkcs11GenerateSecret();
        }
        if (IAIKPkcs11.isEnableSoftwareDelegation()) {
            return this.softwareDelegate_.generateSecret();
        }
        throw new IAIKPkcs11Exception("The current key is not a key of this provider, but software delegation is disabled.");
    }

    @Override // javax.crypto.KeyAgreementSpi
    protected void engineInit(java.security.Key key, SecureRandom secureRandom) throws InvalidKeyException {
        java.security.Key handleKeyAgreementKey = IAIKPkcs11.getGlobalKeyHandler().handleKeyAgreementKey(getAlgorithmName(), key, null);
        if (handleKeyAgreementKey instanceof IAIKPKCS11Key) {
            pkcs11Init(handleKeyAgreementKey, secureRandom);
            this.currentKeyIsSoftwareKey_ = false;
        } else {
            if (!IAIKPkcs11.isEnableSoftwareDelegation()) {
                throw new InvalidKeyException("The current key is not a key of this provider, but software delegation is disabled.");
            }
            if (this.softwareDelegate_ == null) {
                initializeSoftwareDelegate();
            }
            this.softwareDelegate_.init(handleKeyAgreementKey, secureRandom);
            this.currentKeyIsSoftwareKey_ = true;
        }
    }

    @Override // javax.crypto.KeyAgreementSpi
    protected void engineInit(java.security.Key key, AlgorithmParameterSpec algorithmParameterSpec, SecureRandom secureRandom) throws InvalidKeyException, InvalidAlgorithmParameterException {
        java.security.Key handleKeyAgreementKey = IAIKPkcs11.getGlobalKeyHandler().handleKeyAgreementKey(getAlgorithmName(), key, algorithmParameterSpec);
        if (handleKeyAgreementKey instanceof IAIKPKCS11Key) {
            pkcs11Init(handleKeyAgreementKey, algorithmParameterSpec, secureRandom);
            this.currentKeyIsSoftwareKey_ = false;
        } else {
            if (!IAIKPkcs11.isEnableSoftwareDelegation()) {
                throw new InvalidKeyException("The current key is not a key of this provider, but software delegation is disabled.");
            }
            if (this.softwareDelegate_ == null) {
                initializeSoftwareDelegate();
            }
            this.softwareDelegate_.init(handleKeyAgreementKey, algorithmParameterSpec, secureRandom);
            this.currentKeyIsSoftwareKey_ = true;
        }
    }

    protected byte[] extractValue(iaik.pkcs.pkcs11.objects.SecretKey secretKey) {
        if (secretKey == null) {
            throw new NullPointerException("Argument \"secretKeyObject\" must not be null.");
        }
        ByteArrayAttribute byteArrayAttribute = (ByteArrayAttribute) secretKey.getAttributeTable().get(Attribute.VALUE);
        if (byteArrayAttribute == null || !byteArrayAttribute.isPresent() || byteArrayAttribute.isSensitive()) {
            return null;
        }
        return byteArrayAttribute.getByteArrayValue();
    }

    protected void finalize() throws Throwable {
        if (this.session_ != null) {
            finalizePkcs11Operation();
        }
        super.finalize();
    }

    protected void finalizePkcs11Operation() {
        this.pkcs11OperationInitialized_ = false;
        this.tokenManager_.disposeSession(this.session_);
        this.session_ = null;
    }

    protected abstract String getAlgorithmName();

    iaik.pkcs.pkcs11.objects.SecretKey getDefaultSecretTemplate(String str) {
        if (str == null || str.equals("")) {
            GenericSecretKey genericSecretKey = new GenericSecretKey();
            genericSecretKey.getValueLen().setLongValue(new Long(getMaxSecretLength(this.phaseKey_.getKeyObject())));
            return genericSecretKey;
        }
        if (str.equalsIgnoreCase(IAIKPKCS11Key.AES)) {
            AESSecretKey aESSecretKey = new AESSecretKey();
            aESSecretKey.getValueLen().setLongValue(new Long(16L));
            return aESSecretKey;
        }
        if (str.equalsIgnoreCase(IAIKPKCS11Key.DESede)) {
            return new DES3SecretKey();
        }
        if (str.equalsIgnoreCase(IAIKPKCS11Key.RC4)) {
            RC4SecretKey rC4SecretKey = new RC4SecretKey();
            rC4SecretKey.getValueLen().setLongValue(new Long(16L));
            return rC4SecretKey;
        }
        if (str.equalsIgnoreCase(IAIKPKCS11Key.DES)) {
            return new DESSecretKey();
        }
        if (str.equalsIgnoreCase(IAIKPKCS11Key.IDEA)) {
            return new IDEASecretKey();
        }
        if (str.equalsIgnoreCase(IAIKPKCS11Key.RC2)) {
            RC2SecretKey rC2SecretKey = new RC2SecretKey();
            rC2SecretKey.getValueLen().setLongValue(new Long(16L));
            return rC2SecretKey;
        }
        if (str.equalsIgnoreCase(IAIKPKCS11Key.RC5)) {
            RC5SecretKey rC5SecretKey = new RC5SecretKey();
            rC5SecretKey.getValueLen().setLongValue(new Long(16L));
            return rC5SecretKey;
        }
        if (str.equalsIgnoreCase(IAIKPKCS11Key.BLOWFISH)) {
            BlowfishSecretKey blowfishSecretKey = new BlowfishSecretKey();
            blowfishSecretKey.getValueLen().setLongValue(new Long(16L));
            return blowfishSecretKey;
        }
        if (str.equalsIgnoreCase(IAIKPKCS11Key.TWOFISH)) {
            TwofishSecretKey twofishSecretKey = new TwofishSecretKey();
            twofishSecretKey.getValueLen().setLongValue(new Long(16L));
            return twofishSecretKey;
        }
        if (str.equalsIgnoreCase(IAIKPKCS11Key.CAST128) || str.equalsIgnoreCase(IAIKPKCS11Key.CAST5)) {
            CAST128SecretKey cAST128SecretKey = new CAST128SecretKey();
            cAST128SecretKey.getValueLen().setLongValue(new Long(16L));
            return cAST128SecretKey;
        }
        if (str.equalsIgnoreCase(IAIKPKCS11Key.CAST3)) {
            CAST3SecretKey cAST3SecretKey = new CAST3SecretKey();
            cAST3SecretKey.getValueLen().setLongValue(new Long(8L));
            return cAST3SecretKey;
        }
        if (str.equalsIgnoreCase(IAIKPKCS11Key.CAST)) {
            CASTSecretKey cASTSecretKey = new CASTSecretKey();
            cASTSecretKey.getValueLen().setLongValue(new Long(8L));
            return cASTSecretKey;
        }
        GenericSecretKey genericSecretKey2 = new GenericSecretKey();
        genericSecretKey2.getValueLen().setLongValue(new Long(getMaxSecretLength(this.phaseKey_.getKeyObject())));
        return genericSecretKey2;
    }

    protected abstract int getMaxSecretLength(Key key);

    protected abstract Mechanism getMechanism();

    protected MechanismInfo[][] getUsedMechanismFeatures() {
        if (this.usedMechanismInfos_ == null) {
            MechanismInfo mechanismInfo = new MechanismInfo();
            mechanismInfo.setDerive(true);
            this.usedMechanismInfos_ = new MechanismInfo[][]{new MechanismInfo[]{mechanismInfo}};
        }
        return this.usedMechanismInfos_;
    }

    protected Mechanism[] getUsedMechanisms() {
        if (this.usedMechanisms_ == null) {
            Mechanism mechanism = (Mechanism) getMechanism().clone();
            mechanism.setParameters(null);
            this.usedMechanisms_ = new Mechanism[]{mechanism};
        }
        return this.usedMechanisms_;
    }

    protected void initializePkcs11Operation() {
        initializeSession();
        this.pkcs11OperationInitialized_ = true;
    }

    protected void initializeSession() {
        try {
            if (this.session_ == null) {
                this.session_ = this.keyAgreementSpec_.isUseROSession() ? this.tokenManager_.getSession(false) : this.tokenManager_.getSession(true);
            }
            if (this.keyAgreementSpec_.isUseUserSession()) {
                this.tokenManager_.makeAuthorizedSession(this.session_, null);
            }
        } catch (TokenException e) {
            throw new IAIKPkcs11Exception(e.toString());
        }
    }

    protected void initializeSoftwareDelegate() {
        DelegateProvider delegateProvider = this.tokenManager_ != null ? this.tokenManager_.getProvider().getDelegateProvider() : IAIKPkcs11.getGlobalDelegateProvider();
        String algorithmName = getAlgorithmName();
        this.softwareDelegate_ = delegateProvider.getKeyAgreement(algorithmName);
        if (this.softwareDelegate_ == null) {
            throw new IAIKPkcs11Exception(new StringBuffer("Could not get delegate key agreement engine for ").append(algorithmName).toString());
        }
    }

    @Override // iaik.pkcs.pkcs11.provider.PKCS11EngineClass
    public boolean isSupportedBy(TokenManager tokenManager) {
        try {
            return tokenManager.isMechanismFeatureSupported(getUsedMechanisms(), getUsedMechanismFeatures());
        } catch (TokenException e) {
            return false;
        }
    }

    protected java.security.Key pkcs11DoPhase(java.security.Key key, boolean z) throws InvalidKeyException, IllegalStateException {
        if (!this.initialized_) {
            throw new IllegalStateException("Key agreement not initialized!");
        }
        if (key == null) {
            throw new NullPointerException("Argument \"key\" must not be null.");
        }
        if (!(key instanceof IAIKPKCS11Key)) {
            throw new NullPointerException("Argument \"key\" must be of type IAIKPKCS11Key.");
        }
        if (!z) {
            throw new IllegalStateException("Multiple phases are unsupported");
        }
        this.phaseKey_ = (IAIKPKCS11Key) key;
        checkPhaseKeyObject(this.phaseKey_.getKeyObject());
        this.keyAgreementSpecChanged_ = true;
        return null;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v8, types: [iaik.pkcs.pkcs11.objects.Key] */
    Key pkcs11GenerateKeyObject(String str, boolean z) {
        Mechanism mechanism = getMechanism();
        iaik.pkcs.pkcs11.objects.SecretKey keyTemplate = this.keyAgreementSpec_ != null ? this.keyAgreementSpec_.getKeyTemplate() : null;
        if (keyTemplate == null) {
            keyTemplate = getDefaultSecretTemplate(str);
            keyTemplate.getSensitive().setBooleanValue(new Boolean(z));
            keyTemplate.getToken().setBooleanValue(Boolean.FALSE);
            keyTemplate.getPrivate().setBooleanValue(Boolean.TRUE);
        }
        try {
            return this.session_.deriveKey(mechanism, this.initKeyObject_, keyTemplate);
        } catch (TokenException e) {
            finalizePkcs11Operation();
            throw new IAIKPkcs11Exception(e.toString());
        }
    }

    protected int pkcs11GenerateSecret(byte[] bArr, int i) throws IllegalStateException, ShortBufferException {
        byte[] engineGenerateSecret = engineGenerateSecret();
        int i2 = -1;
        if (engineGenerateSecret != null) {
            i2 = engineGenerateSecret.length;
            if (bArr == null) {
                throw new NullPointerException("Argument \"sharedSecret\" must not be null.");
            }
            if (i2 > bArr.length - i) {
                throw new ShortBufferException(new StringBuffer("Buffer too small. Bytes available: ").append(bArr.length - i).append(", bytes needed: ").append(i2).toString());
            }
            System.arraycopy(engineGenerateSecret, 0, bArr, i, i2);
        }
        return i2;
    }

    protected SecretKey pkcs11GenerateSecret(String str) throws IllegalStateException, NoSuchAlgorithmException, InvalidKeyException {
        if (!this.initialized_) {
            throw new IllegalStateException("Key agreement not initialized!");
        }
        Key pkcs11GenerateKeyObject = pkcs11GenerateKeyObject(str, true);
        if (!(pkcs11GenerateKeyObject instanceof iaik.pkcs.pkcs11.objects.SecretKey)) {
            finalizePkcs11Operation();
            throw new IAIKPkcs11Exception(new StringBuffer("Expected a secret key, key derivation returned key: ").append(pkcs11GenerateKeyObject).toString());
        }
        IAIKPKCS11SecretKey create = IAIKPKCS11SecretKey.create(this.tokenManager_, (iaik.pkcs.pkcs11.objects.SecretKey) pkcs11GenerateKeyObject);
        if (!pkcs11GenerateKeyObject.getToken().getBooleanValue().booleanValue()) {
            create.setSession(this.session_);
            this.session_ = null;
            this.pkcs11OperationInitialized_ = false;
        }
        this.tokenManager_.notifyKeyStores();
        return create;
    }

    protected byte[] pkcs11GenerateSecret() throws IllegalStateException {
        if (!this.initialized_) {
            throw new IllegalStateException("Key agreement not initialized!");
        }
        ByteArrayAttribute byteArrayAttribute = (ByteArrayAttribute) pkcs11GenerateKeyObject(null, false).getAttributeTable().get(Attribute.VALUE);
        if (byteArrayAttribute == null || !byteArrayAttribute.isPresent() || byteArrayAttribute.isSensitive()) {
            return null;
        }
        return byteArrayAttribute.getByteArrayValue();
    }

    protected void pkcs11Init(java.security.Key key, SecureRandom secureRandom) throws InvalidKeyException {
        if (key == null) {
            throw new NullPointerException("Argument \"key\" must not be null.");
        }
        if (!(key instanceof IAIKPKCS11Key)) {
            throw new NullPointerException("Argument \"key\" must be of type IAIKPKCS11Key.");
        }
        IAIKPkcs11 providerInstance = IAIKPkcs11.getProviderInstance(1);
        if (providerInstance == null) {
            throw new IAIKPkcs11Exception("No IAIKPkcs11 provider available.");
        }
        this.initKey_ = (IAIKPKCS11Key) key;
        Key keyObject = this.initKey_.getKeyObject();
        checkInitKeyObject(keyObject);
        this.initKeyObject_ = keyObject;
        this.tokenManager_ = providerInstance.getTokenManager();
        this.keyAgreementSpec_ = new PKCS11KeyAgreementSpec(this.tokenManager_, null, PKCS11Spec.USE_READ_ONLY_SESSION, PKCS11Spec.USE_USER_SESSION);
        initializePkcs11Operation();
        this.initialized_ = true;
    }

    protected void pkcs11Init(java.security.Key key, AlgorithmParameterSpec algorithmParameterSpec, SecureRandom secureRandom) throws InvalidKeyException, InvalidAlgorithmParameterException {
        if (key == null) {
            throw new NullPointerException("Argument \"key\" must not be null.");
        }
        if (!(key instanceof IAIKPKCS11Key)) {
            throw new NullPointerException("Argument \"key\" must be of type IAIKPKCS11Key.");
        }
        if (algorithmParameterSpec == null || !(algorithmParameterSpec instanceof PKCS11KeyAgreementSpec)) {
            throw new InvalidAlgorithmParameterException("params must be null or instance of PKCS11KeyAgreementSpec");
        }
        this.initKey_ = (IAIKPKCS11Key) key;
        Key keyObject = this.initKey_.getKeyObject();
        checkInitKeyObject(keyObject);
        this.initKeyObject_ = keyObject;
        this.keyAgreementSpec_ = (PKCS11KeyAgreementSpec) algorithmParameterSpec;
        this.tokenManager_ = this.keyAgreementSpec_.getTokenManager();
        initializePkcs11Operation();
        this.initialized_ = true;
    }
}
