package com.dyadicsec.provider;

import com.dyadicsec.cryptoki.CK;
import com.dyadicsec.pkcs11.CKException;
import com.dyadicsec.pkcs11.CK_MECHANISM;
import com.dyadicsec.pkcs11.Session;
import java.io.ByteArrayOutputStream;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.InvalidParameterException;
import java.security.KeyStoreException;
import java.security.PrivateKey;
import java.security.ProviderException;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.SignatureSpi;

/* loaded from: input_file:com/dyadicsec/provider/RSASignature.class */
public class RSASignature extends SignatureSpi {
    private int mechanismType;
    private RSAPrivateKey prvKey = null;
    private Signature pubSignature = null;
    private Session session = null;
    private ByteArrayOutputStream buffer = null;

    /* loaded from: input_file:com/dyadicsec/provider/RSASignature$NONEwithRSA.class */
    public static final class NONEwithRSA extends RSASignature {
        public NONEwithRSA() {
            super(1);
        }
    }

    /* loaded from: input_file:com/dyadicsec/provider/RSASignature$SHA1withRSA.class */
    public static final class SHA1withRSA extends RSASignature {
        public SHA1withRSA() {
            super(6);
        }
    }

    /* loaded from: input_file:com/dyadicsec/provider/RSASignature$SHA256withRSA.class */
    public static final class SHA256withRSA extends RSASignature {
        public SHA256withRSA() {
            super(64);
        }
    }

    /* loaded from: input_file:com/dyadicsec/provider/RSASignature$SHA384withRSA.class */
    public static final class SHA384withRSA extends RSASignature {
        public SHA384withRSA() {
            super(65);
        }
    }

    /* loaded from: input_file:com/dyadicsec/provider/RSASignature$SHA512withRSA.class */
    public static final class SHA512withRSA extends RSASignature {
        public SHA512withRSA() {
            super(66);
        }
    }

    static String getSunProvider(int i) throws InvalidAlgorithmParameterException {
        switch (i) {
            case 1:
                return "SunJCE";
            case 6:
                return "SunRsaSign";
            case 64:
                return "SunRsaSign";
            case 65:
                return "SunRsaSign";
            case CK.CKM_SHA512_RSA_PKCS /* 66 */:
                return "SunRsaSign";
            default:
                throw new InvalidAlgorithmParameterException("Unsupported hash algorithm: " + i);
        }
    }

    static String mechanismTypeToHashName(int i) throws InvalidAlgorithmParameterException {
        switch (i) {
            case 1:
                return "NONE";
            case 6:
                return "SHA1";
            case 64:
                return "SHA256";
            case 65:
                return "SHA384";
            case CK.CKM_SHA512_RSA_PKCS /* 66 */:
                return "SHA512";
            default:
                throw new InvalidAlgorithmParameterException("Unsupported hash algorithm: " + i);
        }
    }

    RSASignature(int i) {
        this.mechanismType = i;
    }

    @Override // java.security.SignatureSpi
    protected void engineInitVerify(PublicKey publicKey) throws InvalidKeyException {
        if (publicKey instanceof RSAPublicKey) {
            publicKey = ((RSAPublicKey) publicKey).getSoftwareKey();
        } else if (!(publicKey instanceof java.security.interfaces.RSAPublicKey)) {
            throw new InvalidKeyException("Invalid key type");
        }
        try {
            this.pubSignature = Signature.getInstance(mechanismTypeToHashName(this.mechanismType) + "WithRSA", getSunProvider(this.mechanismType));
            this.pubSignature.initVerify(publicKey);
        } catch (Throwable th) {
            throw new InvalidKeyException("engineInitVerify failed");
        }
    }

    private void checkInit() {
        if (this.session != null) {
            return;
        }
        try {
            this.session = this.prvKey.pkcs11Key.signInit(new CK_MECHANISM(this.mechanismType));
            if (this.mechanismType == 1) {
                if (this.buffer == null) {
                    this.buffer = new ByteArrayOutputStream();
                }
                this.buffer.reset();
            }
        } catch (CKException e) {
            throw new ProviderException(e);
        }
    }

    @Override // java.security.SignatureSpi
    protected void engineInitSign(PrivateKey privateKey) throws InvalidKeyException {
        if (!(privateKey instanceof RSAPrivateKey)) {
            throw new InvalidKeyException("Invalid key type");
        }
        this.prvKey = (RSAPrivateKey) privateKey;
        try {
            this.prvKey.save();
            closeSession();
            checkInit();
        } catch (KeyStoreException e) {
            throw new InvalidKeyException(e);
        }
    }

    @Override // java.security.SignatureSpi
    protected void engineUpdate(byte b) throws SignatureException {
        if (this.pubSignature != null) {
            this.pubSignature.update(b);
        } else {
            engineUpdate(new byte[]{b}, 0, 1);
        }
    }

    @Override // java.security.SignatureSpi
    protected void engineUpdate(byte[] bArr, int i, int i2) throws SignatureException {
        if (this.pubSignature != null) {
            this.pubSignature.update(bArr, i, i2);
            return;
        }
        checkInit();
        if (this.mechanismType == 1) {
            this.buffer.write(bArr, i, i2);
            return;
        }
        try {
            this.session.signUpdate(bArr, i, i2);
        } catch (CKException e) {
            throw new SignatureException(e);
        }
    }

    @Override // java.security.SignatureSpi
    protected byte[] engineSign() throws SignatureException {
        checkInit();
        try {
            try {
                int bitSize = this.prvKey.pkcs11Key.getBitSize();
                return this.mechanismType == 1 ? this.session.sign(this.buffer.toByteArray(), bitSize) : this.session.signFinal(bitSize);
            } catch (CKException e) {
                throw new SignatureException(e);
            }
        } finally {
            closeSession();
        }
    }

    @Override // java.security.SignatureSpi
    protected boolean engineVerify(byte[] bArr) throws SignatureException {
        return this.pubSignature.verify(bArr);
    }

    @Override // java.security.SignatureSpi
    protected void engineSetParameter(String str, Object obj) throws InvalidParameterException {
        throw new UnsupportedOperationException("setParameter() not supported");
    }

    @Override // java.security.SignatureSpi
    protected Object engineGetParameter(String str) throws InvalidParameterException {
        throw new UnsupportedOperationException("getParameter() not supported");
    }

    private void closeSession() {
        if (this.session != null) {
            this.session.close();
        }
        this.session = null;
    }
}
