package com.ibm.crypto.pkcs11impl.provider;

import com.ibm.misc.Debug;
import com.ibm.misc.HexDumpEncoder;
import com.ibm.pkcs11.PKCS11Exception;
import com.ibm.pkcs11.PKCS11Object;
import com.ibm.pkcs11.PKCS11Session;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.PublicKey;
import java.security.SignatureException;
import java.security.interfaces.RSAPrivateCrtKey;

/* loaded from: input_file:jre/lib/ext/ibmpkcs11impl.jar:com/ibm/crypto/pkcs11impl/provider/Signature.class */
final class Signature {
    private MessageDigest msgdig;
    private PKCS11Session session;
    private PKCS11Object keyObject;
    private boolean isSign;
    private int mechanism;
    private static Debug debug = Debug.getInstance("pkcs11impl");
    private static String className = "com.ibm.crypto.pkcs11impl.provider.Signature";
    private Provider provider;
    private PKCS11Key hw_key_to_delete = null;
    private int modSize = 256;

    /* JADX INFO: Access modifiers changed from: protected */
    public Signature(int i, Provider provider) throws NoSuchAlgorithmException, NoSuchProviderException {
        if (debug != null) {
            debug.entry(16384L, className, "Signature", new Integer(i));
        }
        this.mechanism = i;
        this.session = ((IBMPKCS11Impl) provider).getSession();
        this.provider = provider;
        if (debug != null) {
            debug.exit(16384L, className, "Signature");
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void engineInitSign(PrivateKey privateKey) throws InvalidKeyException {
        if (debug != null) {
            debug.entry(16384L, className, "engineInitSign", privateKey);
        }
        this.isSign = true;
        PrivateKey privateKey2 = privateKey;
        if (!(privateKey instanceof RSAPrivateKey) && !(privateKey instanceof DSAPrivateKey)) {
            if (!(privateKey instanceof java.security.interfaces.RSAPrivateKey) && !(privateKey instanceof RSAPrivateCrtKey) && !(privateKey instanceof java.security.interfaces.DSAPrivateKey)) {
                if (debug != null) {
                    debug.exception(16384L, className, "engineInitSign_2", new InvalidKeyException("not a PKCS11 DSA or PKCS11 RSA private key"));
                    debug.exit(16384L, className, "engineInitSign");
                }
                throw new InvalidKeyException("not a DSA or RSA private key: " + privateKey);
            }
            try {
                if (privateKey.getAlgorithm().equalsIgnoreCase("DSA")) {
                    privateKey2 = (PKCS11PrivateKey) KeyFactory.getInstance("DSA", this.provider).translateKey(privateKey);
                    this.hw_key_to_delete = (PKCS11Key) privateKey2;
                } else {
                    privateKey2 = (PKCS11PrivateKey) KeyFactory.getInstance("RSA", this.provider).translateKey(privateKey);
                    this.hw_key_to_delete = (PKCS11Key) privateKey2;
                }
            } catch (Exception e) {
                if (debug != null) {
                    debug.exception(16384L, className, "engineInitSign_1", new InvalidKeyException("Cannot convert private key: " + privateKey + " with reason: " + e.getMessage()));
                    debug.exit(16384L, className, "engineInitSign");
                }
                throw new InvalidKeyException("Cannot convert private key: " + privateKey + " with reason: " + e.getMessage());
            }
        }
        if (privateKey2 instanceof RSAPrivateKey) {
            this.keyObject = ((RSAPrivateKey) privateKey2).getObject();
            this.modSize = (((RSAPrivateKey) privateKey2).getModulus().bitLength() / 8) + 10;
        }
        if (privateKey2 instanceof DSAPrivateKey) {
            this.keyObject = ((DSAPrivateKey) privateKey2).getObject();
        }
        this.session.signInit(this.mechanism, null, this.keyObject);
        if (debug != null) {
            debug.exit(16384L, className, "engineInitSign");
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void engineInitVerify(PublicKey publicKey) throws InvalidKeyException {
        if (debug != null) {
            debug.entry(16384L, className, "engineInitVerify", publicKey);
        }
        this.isSign = false;
        PublicKey publicKey2 = publicKey;
        if (!(publicKey instanceof RSAPublicKey) && !(publicKey instanceof DSAPublicKey)) {
            if (!(publicKey instanceof java.security.interfaces.RSAPublicKey) && !(publicKey instanceof java.security.interfaces.DSAPublicKey)) {
                if (debug != null) {
                    debug.exception(16384L, className, "engineInitVerify_2", new InvalidKeyException("not a DSA or RSA public key"));
                    debug.exit(16384L, className, "engineInitVerify");
                }
                throw new InvalidKeyException("not a DSA or RSA public key: " + publicKey);
            }
            try {
                if (publicKey.getAlgorithm().equalsIgnoreCase("DSA")) {
                    publicKey2 = (PKCS11PublicKey) KeyFactory.getInstance("DSA", this.provider).translateKey(publicKey);
                    this.hw_key_to_delete = (PKCS11Key) publicKey2;
                } else {
                    publicKey2 = (PKCS11PublicKey) KeyFactory.getInstance("RSA", this.provider).translateKey(publicKey);
                    this.hw_key_to_delete = (PKCS11Key) publicKey2;
                }
            } catch (Exception e) {
                if (debug != null) {
                    debug.exception(16384L, className, "engineInitVerify_1", new InvalidKeyException("Cannot convert public key: " + publicKey + " with reason: " + e.getMessage()));
                    debug.exit(16384L, className, "engineInitVerify");
                }
                throw new InvalidKeyException("Cannot convert public key: " + publicKey + " with reason: " + e.getMessage());
            }
        }
        if (publicKey2 instanceof RSAPublicKey) {
            this.keyObject = ((RSAPublicKey) publicKey2).getObject();
        }
        if (publicKey2 instanceof DSAPublicKey) {
            this.keyObject = ((DSAPublicKey) publicKey2).getObject();
        }
        this.session.verifyInit(this.mechanism, null, this.keyObject);
        if (debug != null) {
            debug.exit(16384L, className, "engineInitVerify");
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void engineUpdate(byte[] bArr, int i, int i2) {
        if (debug != null) {
            debug.entry(16384L, (Object) className, "engineUpdate", new Object[]{bArr, new Integer(i), new Integer(i2)});
        }
        if (this.isSign) {
            this.session.signUpdate(bArr, i, i2);
        } else {
            this.session.verifyUpdate(bArr, i, i2);
        }
        if (debug != null) {
            debug.exit(16384L, className, "engineUpdate");
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public byte[] engineSign() throws SignatureException {
        if (debug != null) {
            debug.entry(16384L, className, "engineSign");
        }
        byte[] bArr = new byte[this.modSize];
        int signFinal = this.session.signFinal(bArr, 0);
        byte[] bArr2 = new byte[signFinal];
        System.arraycopy(bArr, 0, bArr2, 0, signFinal);
        if (debug != null) {
            debug.text(16384L, className, "engineSign", "Sign() size = " + signFinal);
            HexDumpEncoder hexDumpEncoder = new HexDumpEncoder();
            debug.text(16384L, className, "engineSign", "outdata = " + hexDumpEncoder.encode(bArr));
            debug.text(16384L, className, "engineSign", "signature = " + hexDumpEncoder.encode(bArr2));
            debug.exit(16384L, className, "engineSign");
        }
        if (this.hw_key_to_delete != null) {
            this.hw_key_to_delete.rm();
            this.hw_key_to_delete = null;
        }
        return bArr2;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public byte[] engineSign(byte[] bArr, int i) throws SignatureException {
        if (debug != null) {
            debug.entry(16384L, className, "engineSign", bArr, new Integer(i));
        }
        byte[] bArr2 = new byte[this.modSize];
        int sign = this.session.sign(bArr, 0, i, bArr2, 0);
        byte[] bArr3 = new byte[sign];
        System.arraycopy(bArr2, 0, bArr3, 0, sign);
        if (debug != null) {
            debug.text(16384L, className, "engineSign", "Sign(data, len) size = " + sign);
            debug.text(16384L, className, "engineSign", "signature(data, len) = " + new HexDumpEncoder().encode(bArr3));
            debug.exit(16384L, className, "engineSign");
        }
        if (this.hw_key_to_delete != null) {
            this.hw_key_to_delete.rm();
            this.hw_key_to_delete = null;
        }
        return bArr3;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean engineVerify(byte[] bArr) throws SignatureException {
        boolean verifyFinal;
        if (debug != null) {
            debug.entry(16384L, className, "engineVerify", bArr);
        }
        if (debug != null) {
            debug.text(16384L, className, "engineVerify", "signature.length = " + bArr.length);
            debug.text(16384L, className, "engineVerify", "signature = " + new HexDumpEncoder().encode(bArr));
        }
        byte[] bArr2 = new byte[40];
        if (this.mechanism != 18 || bArr.length == 40) {
            try {
                verifyFinal = this.session.verifyFinal(bArr, 0, bArr.length);
            } catch (PKCS11Exception e) {
                if (debug != null) {
                    debug.exception(16384L, className, "engineVerify", e);
                    debug.exit(16384L, className, "engineVerify");
                }
                throw new SignatureException("PKCS11 Exception : " + e.getMessage());
            }
        } else {
            byte b = bArr[3];
            byte b2 = bArr[b + 3 + 2];
            int i = 4;
            int i2 = b + 6;
            if (b2 > 20) {
                b2 = 20;
                i2 = b + 6 + 1;
            }
            if (b > 20) {
                b = 20;
                i = 5;
            }
            if (debug != null) {
                debug.text(16384L, className, "engineVerify", "signature len = " + ((int) bArr[1]));
                debug.text(16384L, className, "engineVerify", "signature lenr = " + ((int) b));
                debug.text(16384L, className, "engineVerify", "signature lens = " + ((int) b2));
                debug.text(16384L, className, "engineVerify", "signature startPosR = " + i);
                debug.text(16384L, className, "engineVerify", "signature startPosS = " + i2);
            }
            System.arraycopy(bArr, i, bArr2, 0 + (20 - b), b);
            System.arraycopy(bArr, i2, bArr2, 20 + (20 - b2), b2);
            try {
                if (debug != null) {
                    debug.text(16384L, className, "engineVerify", "signingBytes = " + new HexDumpEncoder().encode(bArr2));
                }
                verifyFinal = this.session.verifyFinal(bArr2, 0, bArr2.length);
                if (debug != null) {
                    debug.text(16384L, className, "engineVerify", "signature result = " + verifyFinal);
                    debug.text(16384L, className, "engineVerify", "signingBytes = " + new HexDumpEncoder().encode(bArr2));
                }
            } catch (PKCS11Exception e2) {
                if (debug != null) {
                    debug.exception(16384L, className, "engineVerify", e2);
                    debug.exit(16384L, className, "engineVerify");
                }
                throw new SignatureException("PKCS11 Exception : " + e2.getMessage());
            }
        }
        if (debug != null) {
            debug.exit(16384L, className, "engineVerify");
        }
        if (this.hw_key_to_delete != null) {
            this.hw_key_to_delete.rm();
            this.hw_key_to_delete = null;
        }
        return verifyFinal;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean engineVerify(byte[] bArr, byte[] bArr2, int i) throws SignatureException {
        boolean verify;
        if (debug != null) {
            debug.entry(16384L, (Object) className, "engineVerify", new Object[]{bArr, bArr2, new Integer(i)});
        }
        byte[] bArr3 = new byte[40];
        if (debug != null) {
            debug.text(16384L, className, "engineVerify", "signature.length = " + bArr.length);
            debug.text(16384L, className, "engineVerify", "signature = " + new HexDumpEncoder().encode(bArr));
        }
        if (this.mechanism != 18 || bArr.length == 40) {
            try {
                verify = this.session.verify(bArr2, 0, i, bArr, 0, bArr.length);
            } catch (PKCS11Exception e) {
                if (debug != null) {
                    debug.exception(16384L, className, "engineVerify", e);
                    debug.exit(16384L, className, "engineVerify");
                }
                throw new SignatureException("PKCS11 Exception : " + e.getMessage());
            }
        } else {
            byte b = bArr[3];
            byte b2 = bArr[b + 3 + 2];
            int i2 = 4;
            int i3 = b + 6;
            if (b2 > 20) {
                b2 = 20;
                i3 = b + 6 + 1;
            }
            if (b > 20) {
                b = 20;
                i2 = 5;
            }
            if (debug != null) {
                debug.text(16384L, className, "engineVerify", "signature len = " + ((int) bArr[1]));
                debug.text(16384L, className, "engineVerify", "signature lenr = " + ((int) b));
                debug.text(16384L, className, "engineVerify", "signature lens = " + ((int) b2));
                debug.text(16384L, className, "engineVerify", "signature startPosR = " + i2);
                debug.text(16384L, className, "engineVerify", "signature startPosS = " + i3);
            }
            System.arraycopy(bArr, i2, bArr3, 0 + (20 - b), b);
            System.arraycopy(bArr, i3, bArr3, 20 + (20 - b2), b2);
            try {
                if (debug != null) {
                    debug.text(16384L, className, "engineVerify", "signingBytes = " + new HexDumpEncoder().encode(bArr3));
                }
                verify = this.session.verify(bArr2, 0, i, bArr3, 0, bArr3.length);
                if (debug != null) {
                    debug.text(16384L, className, "engineVerify", "signature result = " + verify);
                    debug.text(16384L, className, "engineVerify", "signingBytes = " + new HexDumpEncoder().encode(bArr3));
                }
            } catch (PKCS11Exception e2) {
                if (debug != null) {
                    debug.exception(16384L, className, "engineVerify", e2);
                    debug.exit(16384L, className, "engineVerify");
                }
                throw new SignatureException("PKCS11 Exception : " + e2.getMessage());
            }
        }
        if (debug != null) {
            debug.exit(16384L, className, "engineVerify");
        }
        if (this.hw_key_to_delete != null) {
            this.hw_key_to_delete.rm();
            this.hw_key_to_delete = null;
        }
        return verify;
    }
}
