package com.dyadicsec.provider;

import com.dyadicsec.cryptoki.CK;
import com.dyadicsec.pkcs11.CKException;
import com.dyadicsec.pkcs11.CKRSAPublicKey;
import com.dyadicsec.pkcs11.CK_MECHANISM;
import com.dyadicsec.pkcs11.CK_RSA_PKCS_OAEP_PARAMS;
import com.dyadicsec.pkcs11.Session;
import com.dyadicsec.pkcs11.Utils;
import java.math.BigInteger;
import java.security.AlgorithmParameters;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SecureRandom;
import java.security.interfaces.RSAKey;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.InvalidParameterSpecException;
import java.security.spec.MGF1ParameterSpec;
import java.util.Arrays;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.CipherSpi;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.ShortBufferException;
import javax.crypto.spec.OAEPParameterSpec;
import javax.crypto.spec.PSource;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: input_file:ekm-java-provider-2.0.jar:com/dyadicsec/provider/RSACipher.class */
public final class RSACipher extends CipherSpi {
    private static final byte[] B0 = new byte[0];
    private RSAPrivateKey prvKey = null;
    private RSAPublicKey pubKey = null;
    private int mechanismType = 1;
    private int oaepHashType = CK.CKM_SHA_1;
    private int oaepMgfType = 1;
    private byte[] oaepSource = null;
    private byte[] buffer = null;
    private int bufferOffset = 0;
    private int opmode = 0;
    private SecureRandom secureRandom = null;
    private OAEPParameterSpec oaepSpec = null;
    private Key wrappedKey = null;

    private static int hashNameToType(String str) throws InvalidAlgorithmParameterException {
        String upperCase = str.toUpperCase();
        if (upperCase.equals("SHA1") || upperCase.equals("SHA-1")) {
            return CK.CKM_SHA_1;
        }
        if (upperCase.equals("SHA-256")) {
            return CK.CKM_SHA256;
        }
        if (upperCase.equals("SHA-384")) {
            return CK.CKM_SHA384;
        }
        if (upperCase.equals("SHA-512")) {
            return CK.CKM_SHA512;
        }
        throw new InvalidAlgorithmParameterException("OAEP hash algorithm not supported: " + upperCase);
    }

    private static int hashTypeToMgfType(int i) throws InvalidAlgorithmParameterException {
        switch (i) {
            case CK.CKM_SHA_1 /* 544 */:
                return 1;
            case CK.CKM_SHA256 /* 592 */:
                return 2;
            case CK.CKM_SHA384 /* 608 */:
                return 3;
            case CK.CKM_SHA512 /* 624 */:
                return 4;
            default:
                throw new InvalidAlgorithmParameterException("OAEP MGF hash algorithm not supported: " + i);
        }
    }

    private static String hashTypeToName(int i) throws InvalidAlgorithmParameterException {
        switch (i) {
            case CK.CKM_SHA_1 /* 544 */:
                return "SHA-1";
            case CK.CKM_SHA256 /* 592 */:
                return "SHA-256";
            case CK.CKM_SHA384 /* 608 */:
                return "SHA-384";
            case CK.CKM_SHA512 /* 624 */:
                return "SHA-512";
            default:
                throw new InvalidAlgorithmParameterException("Unsupported OAEP hash algorithm: " + i);
        }
    }

    private static int paddingToMechanismType(String str) throws NoSuchPaddingException {
        String upperCase = str.toUpperCase();
        if (upperCase.equals("NOPADDING")) {
            return 3;
        }
        if (upperCase.equals("PKCS1PADDING")) {
            return 1;
        }
        if (upperCase.equals("OAEPPADDING")) {
            return 9;
        }
        if (upperCase.startsWith("OAEPWITH") && upperCase.endsWith("ANDMGF1PADDING")) {
            return 9;
        }
        throw new NoSuchPaddingException("Unsupported padding: " + upperCase);
    }

    private static int oaepPaddingToHashType(String str) throws NoSuchPaddingException {
        String upperCase = str.toUpperCase();
        if (upperCase.equals("OAEPPADDING")) {
            return CK.CKM_SHA_1;
        }
        if (!upperCase.startsWith("OAEPWITH") || !upperCase.endsWith("ANDMGF1PADDING")) {
            throw new NoSuchPaddingException("padding not supported: " + upperCase);
        }
        try {
            return hashNameToType(upperCase.substring(8, upperCase.length() - 14));
        } catch (InvalidAlgorithmParameterException e) {
            throw new NoSuchPaddingException("padding not supported: " + upperCase);
        }
    }

    private static MGF1ParameterSpec mgfTypeToSpec(int i) throws InvalidAlgorithmParameterException {
        switch (i) {
            case 1:
                return MGF1ParameterSpec.SHA1;
            case 2:
                return MGF1ParameterSpec.SHA256;
            case 3:
                return MGF1ParameterSpec.SHA384;
            case 4:
                return MGF1ParameterSpec.SHA512;
            default:
                throw new InvalidAlgorithmParameterException("Unsupported OAEP MGF hash algorithm: " + i);
        }
    }

    private static String paddingTypeToName(int i, int i2) throws NoSuchPaddingException, InvalidAlgorithmParameterException {
        switch (i) {
            case 1:
                return "PKCS1Padding";
            case 3:
                return "NOPadding";
            case 9:
                return "OAEPWith" + hashTypeToName(i2) + "AndMGF1Padding";
            default:
                throw new NoSuchPaddingException("padding not supported");
        }
    }

    @Override // javax.crypto.CipherSpi
    protected void engineSetMode(String str) throws NoSuchAlgorithmException {
        String upperCase = str.toUpperCase();
        if (!upperCase.equals("NONE") && !upperCase.equals("ECB")) {
            throw new NoSuchAlgorithmException("Mode not supported: " + upperCase);
        }
    }

    @Override // javax.crypto.CipherSpi
    protected void engineSetPadding(String str) throws NoSuchPaddingException {
        this.mechanismType = paddingToMechanismType(str);
        if (this.mechanismType == 9) {
            this.oaepHashType = oaepPaddingToHashType(str);
            this.oaepMgfType = 1;
        }
    }

    @Override // javax.crypto.CipherSpi
    protected int engineGetBlockSize() {
        return 0;
    }

    @Override // javax.crypto.CipherSpi
    protected int engineGetOutputSize(int i) {
        if (this.buffer == null) {
            return 0;
        }
        return this.buffer.length;
    }

    @Override // javax.crypto.CipherSpi
    protected byte[] engineGetIV() {
        return null;
    }

    private AlgorithmParameterSpec getParameterSpec() throws InvalidAlgorithmParameterException {
        if (this.oaepSpec == null) {
            if (this.mechanismType != 9) {
                return null;
            }
            this.oaepSpec = new OAEPParameterSpec(hashTypeToName(this.oaepHashType), "MGF1", mgfTypeToSpec(this.oaepMgfType), PSource.PSpecified.DEFAULT);
        }
        return this.oaepSpec;
    }

    @Override // javax.crypto.CipherSpi
    protected AlgorithmParameters engineGetParameters() {
        try {
            AlgorithmParameterSpec parameterSpec = getParameterSpec();
            if (parameterSpec == null) {
                return null;
            }
            AlgorithmParameters algorithmParameters = AlgorithmParameters.getInstance("OAEP");
            algorithmParameters.init(parameterSpec);
            return algorithmParameters;
        } catch (Throwable th) {
            throw new RuntimeException("Invalid algorithm parameters not supported");
        }
    }

    void init(int i, Key key, AlgorithmParameterSpec algorithmParameterSpec) throws InvalidKeyException, InvalidAlgorithmParameterException {
        int bitSize;
        this.opmode = i;
        switch (i) {
            case 1:
            case 3:
                this.prvKey = null;
                if (key instanceof RSAPublicKey) {
                    this.pubKey = (RSAPublicKey) key;
                } else {
                    if (!(key instanceof java.security.interfaces.RSAPublicKey)) {
                        throw new InvalidKeyException("Invalid key type");
                    }
                    this.pubKey = new RSAPublicKey((java.security.interfaces.RSAPublicKey) key);
                }
                if (this.pubKey.prvKey != null) {
                    try {
                        this.pubKey.prvKey.save();
                    } catch (KeyStoreException e) {
                        throw new InvalidKeyException(e);
                    }
                }
                bitSize = this.pubKey.getBitSize() / 8;
                break;
            case 2:
            case 4:
                this.pubKey = null;
                if (!(key instanceof RSAPrivateKey)) {
                    throw new InvalidKeyException("Invalid key type");
                }
                this.prvKey = (RSAPrivateKey) key;
                try {
                    this.prvKey.save();
                    try {
                        bitSize = this.prvKey.getBitSize() / 8;
                        break;
                    } catch (KeyStoreException e2) {
                        throw new InvalidKeyException(e2);
                    }
                } catch (KeyStoreException e3) {
                    throw new InvalidKeyException(e3);
                }
            default:
                throw new InvalidKeyException("Unknown mode: " + i);
        }
        if (algorithmParameterSpec != null) {
            if (this.mechanismType != 9) {
                throw new InvalidAlgorithmParameterException("Wrong padding parameter");
            }
            if (!(algorithmParameterSpec instanceof OAEPParameterSpec)) {
                throw new InvalidAlgorithmParameterException("Wrong Parameters for OAEP Padding");
            }
            this.oaepSpec = (OAEPParameterSpec) algorithmParameterSpec;
            this.oaepHashType = hashNameToType(this.oaepSpec.getDigestAlgorithm());
            String mGFAlgorithm = this.oaepSpec.getMGFAlgorithm();
            if (!mGFAlgorithm.toUpperCase().equals("MGF1")) {
                throw new InvalidAlgorithmParameterException("Unsupported MGF algorithm: " + mGFAlgorithm);
            }
            AlgorithmParameterSpec mGFParameters = this.oaepSpec.getMGFParameters();
            if (!(mGFParameters instanceof MGF1ParameterSpec)) {
                throw new InvalidAlgorithmParameterException("Unsupported MGF hash");
            }
            this.oaepMgfType = hashTypeToMgfType(hashNameToType(((MGF1ParameterSpec) mGFParameters).getDigestAlgorithm()));
            PSource pSource = this.oaepSpec.getPSource();
            if (!pSource.getAlgorithm().equals("PSpecified")) {
                throw new InvalidAlgorithmParameterException("Unsupported pSource " + pSource.getAlgorithm() + "; PSpecified only");
            }
            this.oaepSource = ((PSource.PSpecified) pSource).getValue();
        }
        this.buffer = new byte[bitSize];
        this.bufferOffset = 0;
    }

    @Override // javax.crypto.CipherSpi
    protected void engineInit(int i, Key key, SecureRandom secureRandom) throws InvalidKeyException {
        this.secureRandom = secureRandom;
        try {
            init(i, key, null);
        } catch (InvalidAlgorithmParameterException e) {
            throw new InvalidKeyException("Wrong parameters", e);
        }
    }

    @Override // javax.crypto.CipherSpi
    protected void engineInit(int i, Key key, AlgorithmParameterSpec algorithmParameterSpec, SecureRandom secureRandom) throws InvalidKeyException, InvalidAlgorithmParameterException {
        this.secureRandom = secureRandom;
        init(i, key, algorithmParameterSpec);
    }

    @Override // javax.crypto.CipherSpi
    protected void engineInit(int i, Key key, AlgorithmParameters algorithmParameters, SecureRandom secureRandom) throws InvalidKeyException, InvalidAlgorithmParameterException {
        this.secureRandom = secureRandom;
        OAEPParameterSpec oAEPParameterSpec = null;
        if (algorithmParameters != null) {
            try {
                oAEPParameterSpec = (OAEPParameterSpec) algorithmParameters.getParameterSpec(OAEPParameterSpec.class);
            } catch (InvalidParameterSpecException e) {
                throw new InvalidKeyException("Wrong parameters", e);
            }
        }
        init(i, key, oAEPParameterSpec);
    }

    private void update(byte[] bArr, int i, int i2) {
        if (i2 == 0 || bArr == null) {
            return;
        }
        if (this.bufferOffset + i2 <= this.buffer.length) {
            System.arraycopy(bArr, i, this.buffer, this.bufferOffset, i2);
        }
        this.bufferOffset += i2;
    }

    @Override // javax.crypto.CipherSpi
    protected byte[] engineUpdate(byte[] bArr, int i, int i2) {
        update(bArr, i, i2);
        return B0;
    }

    @Override // javax.crypto.CipherSpi
    protected int engineUpdate(byte[] bArr, int i, int i2, byte[] bArr2, int i3) throws ShortBufferException {
        update(bArr, i, i2);
        return 0;
    }

    private byte[] doFinal() throws BadPaddingException, IllegalBlockSizeException, NoSuchPaddingException, NoSuchAlgorithmException, InvalidAlgorithmParameterException, InvalidKeyException, NoSuchProviderException {
        if (this.pubKey != null) {
            Cipher cipher = Cipher.getInstance("RSA/ECB/" + paddingTypeToName(this.mechanismType, this.oaepHashType), "SunJCE");
            cipher.init(this.opmode, this.pubKey.getSoftwareKey(), getParameterSpec(), this.secureRandom);
            return this.opmode == 3 ? cipher.wrap(this.wrappedKey) : cipher.doFinal(this.buffer, 0, this.bufferOffset);
        }
        Session session = null;
        try {
            try {
                session = this.prvKey.pkcs11Key.decryptInit(this.mechanismType == 9 ? new CK_RSA_PKCS_OAEP_PARAMS(this.oaepHashType, this.oaepMgfType, this.oaepSource) : new CK_MECHANISM(this.mechanismType));
                byte[] bArr = new byte[this.buffer.length];
                int decrypt = session.decrypt(this.buffer, 0, this.bufferOffset, bArr, 0);
                byte[] copyOf = decrypt == this.buffer.length ? bArr : Arrays.copyOf(bArr, decrypt);
                if (session != null) {
                    session.close();
                }
                return copyOf;
            } catch (CKException e) {
                if (e.getRV() == 7 || e.getRV() == 112 || e.getRV() == 113) {
                    throw new InvalidAlgorithmParameterException(e);
                }
                throw new InvalidKeyException(e);
            }
        } catch (Throwable th) {
            if (session != null) {
                session.close();
            }
            throw th;
        }
    }

    @Override // javax.crypto.CipherSpi
    protected byte[] engineDoFinal(byte[] bArr, int i, int i2) throws IllegalBlockSizeException, BadPaddingException {
        update(bArr, i, i2);
        if (this.bufferOffset > this.buffer.length) {
            throw new IllegalBlockSizeException("Input must be under " + this.buffer.length + " bytes");
        }
        try {
            return doFinal();
        } catch (Exception e) {
            throw new BadPaddingException("engineDoFinal failed");
        }
    }

    @Override // javax.crypto.CipherSpi
    protected int engineDoFinal(byte[] bArr, int i, int i2, byte[] bArr2, int i3) throws ShortBufferException, IllegalBlockSizeException, BadPaddingException {
        byte[] engineDoFinal = engineDoFinal(bArr, i, i2);
        if (i3 + engineDoFinal.length > bArr2.length) {
            throw new ShortBufferException("Output buffer is too small");
        }
        System.arraycopy(engineDoFinal, 0, bArr2, i3, engineDoFinal.length);
        return engineDoFinal.length;
    }

    private long getPubKeyUID() throws InvalidKeyException {
        try {
            java.security.MessageDigest messageDigest = java.security.MessageDigest.getInstance("SHA-256", "SUN");
            BigInteger modulus = this.pubKey.getModulus();
            return Utils.bytesToUID(Arrays.copyOf(messageDigest.digest(Utils.bigInt2Bytes(modulus, Utils.bigIntByteSize(modulus))), 8)) ^ 1085102592571150095L;
        } catch (NoSuchAlgorithmException e) {
            throw new InvalidKeyException(e);
        } catch (NoSuchProviderException e2) {
            throw new InvalidKeyException(e2);
        }
    }

    @Override // javax.crypto.CipherSpi
    protected byte[] engineWrap(Key key) throws InvalidKeyException, IllegalBlockSizeException {
        if (this.pubKey == null || !(key instanceof SecretKey) || this.mechanismType != 9) {
            byte[] encoded = key.getEncoded();
            if (encoded == null || encoded.length == 0) {
                throw new InvalidKeyException("Could not obtain encoded key");
            }
            if (encoded.length > this.buffer.length) {
                throw new InvalidKeyException("CKKey is too long for wrapping");
            }
            this.wrappedKey = key;
            try {
                return doFinal();
            } catch (Exception e) {
                throw new InvalidKeyException("Wrapping failed", e);
            }
        }
        try {
            ((SecretKey) key).save();
            CKRSAPublicKey cKRSAPublicKey = (CKRSAPublicKey) ((SecretKey) key).pkcs11Key.getSlot().findObject(CKRSAPublicKey.class, getPubKeyUID());
            if (cKRSAPublicKey == null) {
                throw new InvalidKeyException("Public key not found");
            }
            try {
                return cKRSAPublicKey.wrap(new CK_RSA_PKCS_OAEP_PARAMS(this.oaepHashType, this.oaepMgfType, this.oaepSource), ((SecretKey) key).pkcs11Key);
            } catch (CKException e2) {
                throw new InvalidKeyException(e2);
            }
        } catch (KeyStoreException e3) {
            throw new InvalidKeyException(e3);
        }
    }

    @Override // javax.crypto.CipherSpi
    protected Key engineUnwrap(byte[] bArr, String str, int i) throws InvalidKeyException, NoSuchAlgorithmException {
        if (i != 3) {
            throw new UnsupportedOperationException("wrappedKeyType == " + i);
        }
        if (bArr.length > this.buffer.length) {
            throw new InvalidKeyException("CKKey is too long for unwrapping");
        }
        CK_MECHANISM ck_rsa_pkcs_oaep_params = this.mechanismType == 9 ? new CK_RSA_PKCS_OAEP_PARAMS(this.oaepHashType, this.oaepMgfType, this.oaepSource) : new CK_MECHANISM(this.mechanismType);
        boolean z = false;
        try {
            z = this.prvKey.pkcs11Key.getPolicy().getDecrypt();
        } catch (CKException e) {
        }
        int algToKeyType = SecretKey.algToKeyType(str);
        if (!z) {
            return new SecretKey().initForUnwrap(new UnwrapInfo(ck_rsa_pkcs_oaep_params, this.prvKey.pkcs11Key, bArr), algToKeyType);
        }
        try {
            return new SecretKeySpec(engineDoFinal(bArr, 0, bArr.length), str);
        } catch (BadPaddingException e2) {
            throw new InvalidKeyException(e2);
        } catch (IllegalBlockSizeException e3) {
            throw new InvalidKeyException(e3);
        }
    }

    @Override // javax.crypto.CipherSpi
    protected int engineGetKeySize(Key key) throws InvalidKeyException {
        return Utils.bigIntByteSize(((RSAKey) key).getModulus()) * 8;
    }
}
