package com.dyadicsec.provider;

import com.dyadicsec.cryptoki.CK;
import com.dyadicsec.pkcs11.CKException;
import com.dyadicsec.pkcs11.CK_MECHANISM;
import com.dyadicsec.pkcs11.DER;
import com.dyadicsec.pkcs11.Session;
import java.math.BigInteger;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.InvalidParameterException;
import java.security.KeyStoreException;
import java.security.PrivateKey;
import java.security.ProviderException;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.SignatureSpi;
import java.util.Arrays;

/* loaded from: input_file:com/dyadicsec/provider/ECDSASignature.class */
public class ECDSASignature extends SignatureSpi {
    private int mechanismType;
    protected ECPrivateKey prvKey = null;
    protected Signature pubSignature = null;
    protected Session session = null;
    private final byte[] buffer = new byte[64];
    private int bufferOffset = 0;

    /* loaded from: input_file:com/dyadicsec/provider/ECDSASignature$Raw.class */
    public static final class Raw extends ECDSASignature {
        public Raw() {
            super(CK.CKM_ECDSA);
        }
    }

    /* loaded from: input_file:com/dyadicsec/provider/ECDSASignature$SHA1.class */
    public static final class SHA1 extends ECDSASignature {
        public SHA1() {
            super(CK.CKM_ECDSA_SHA1);
        }
    }

    /* loaded from: input_file:com/dyadicsec/provider/ECDSASignature$SHA256.class */
    public static final class SHA256 extends ECDSASignature {
        public SHA256() {
            super(CK.CKM_ECDSA_SHA256);
        }
    }

    /* loaded from: input_file:com/dyadicsec/provider/ECDSASignature$SHA384.class */
    public static final class SHA384 extends ECDSASignature {
        public SHA384() {
            super(CK.CKM_ECDSA_SHA384);
        }
    }

    /* loaded from: input_file:com/dyadicsec/provider/ECDSASignature$SHA512.class */
    public static final class SHA512 extends ECDSASignature {
        public SHA512() {
            super(CK.CKM_ECDSA_SHA512);
        }
    }

    protected ECDSASignature(int i) {
        this.mechanismType = i;
    }

    static String mechanismTypeToHashName(int i) throws InvalidAlgorithmParameterException {
        switch (i) {
            case CK.CKM_ECDSA /* 4161 */:
                return "NONE";
            case CK.CKM_ECDSA_SHA1 /* 4162 */:
                return "SHA1";
            case 4163:
            default:
                throw new InvalidAlgorithmParameterException("Unsupported hash algorithm: " + i);
            case CK.CKM_ECDSA_SHA256 /* 4164 */:
                return "SHA256";
            case CK.CKM_ECDSA_SHA384 /* 4165 */:
                return "SHA384";
            case CK.CKM_ECDSA_SHA512 /* 4166 */:
                return "SHA512";
        }
    }

    @Override // java.security.SignatureSpi
    protected void engineInitVerify(PublicKey publicKey) throws InvalidKeyException {
        if (publicKey instanceof ECPublicKey) {
            publicKey = ((ECPublicKey) publicKey).getSoftwareKey();
        } else if (!(publicKey instanceof java.security.interfaces.ECPublicKey)) {
            throw new InvalidKeyException("Invalid key type");
        }
        try {
            this.pubSignature = Signature.getInstance(mechanismTypeToHashName(this.mechanismType) + "withECDSA", "SunEC");
            this.pubSignature.initVerify(publicKey);
        } catch (Exception e) {
            throw new InvalidKeyException("engineInitVerify failed");
        }
    }

    protected void checkInit() {
        if (this.session != null) {
            return;
        }
        this.bufferOffset = 0;
        try {
            this.session = this.prvKey.pkcs11Key.signInit(new CK_MECHANISM(this.mechanismType));
        } catch (CKException e) {
            throw new ProviderException(e);
        }
    }

    @Override // java.security.SignatureSpi
    protected void engineInitSign(PrivateKey privateKey) throws InvalidKeyException {
        if (!(privateKey instanceof ECPrivateKey)) {
            throw new InvalidKeyException("Invalid key type");
        }
        this.prvKey = (ECPrivateKey) privateKey;
        try {
            this.prvKey.save();
            closeSession();
            checkInit();
        } catch (KeyStoreException e) {
            throw new InvalidKeyException(e);
        }
    }

    @Override // java.security.SignatureSpi
    protected void engineUpdate(byte b) throws SignatureException {
        if (this.pubSignature != null) {
            this.pubSignature.update(b);
        } else {
            engineUpdate(new byte[]{b}, 0, 1);
        }
    }

    @Override // java.security.SignatureSpi
    protected void engineUpdate(byte[] bArr, int i, int i2) throws SignatureException {
        if (this.pubSignature != null) {
            this.pubSignature.update(bArr, i, i2);
            return;
        }
        checkInit();
        if (this.mechanismType != 4161) {
            try {
                this.session.signUpdate(bArr, i, i2);
            } catch (CKException e) {
                throw new SignatureException(e);
            }
        } else {
            if (this.bufferOffset + i2 >= this.buffer.length) {
                throw new SignatureException("Invalid input length");
            }
            System.arraycopy(bArr, i, this.buffer, this.bufferOffset, i2);
            this.bufferOffset += i2;
        }
    }

    /* JADX WARN: Type inference failed for: r1v4, types: [byte[], byte[][]] */
    private static byte[] encodeSignature(byte[] bArr) {
        int length = bArr.length / 2;
        return DER.encode((byte) 48, DER.cat(new byte[]{DER.encode(new BigInteger(1, Arrays.copyOfRange(bArr, 0, length))), DER.encode(new BigInteger(1, Arrays.copyOfRange(bArr, length, length * 2)))}));
    }

    @Override // java.security.SignatureSpi
    protected byte[] engineSign() throws SignatureException {
        try {
            try {
                int size = this.prvKey.pkcs11Key.getCurve().getSize() * 2;
                byte[] encodeSignature = encodeSignature(this.mechanismType == 4161 ? this.session.sign(this.buffer, 0, this.bufferOffset, size) : this.session.signFinal(size));
                closeSession();
                return encodeSignature;
            } catch (CKException e) {
                throw new SignatureException(e);
            }
        } catch (Throwable th) {
            closeSession();
            throw th;
        }
    }

    @Override // java.security.SignatureSpi
    protected boolean engineVerify(byte[] bArr) throws SignatureException {
        return this.pubSignature.verify(bArr);
    }

    @Override // java.security.SignatureSpi
    @Deprecated
    protected void engineSetParameter(String str, Object obj) throws InvalidParameterException {
        throw new UnsupportedOperationException("setParameter() not supported");
    }

    @Override // java.security.SignatureSpi
    @Deprecated
    protected Object engineGetParameter(String str) throws InvalidParameterException {
        throw new UnsupportedOperationException("getParameter() not supported");
    }

    private void closeSession() {
        if (this.session != null) {
            this.session.close();
        }
        this.session = null;
    }
}
