package com.dyadicsec.pkcs11;

import com.dyadicsec.cryptoki.CK;
import com.unbound.common.crypto.AES;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Map;
import javax.crypto.AEADBadTagException;

/* loaded from: input_file:com/dyadicsec/pkcs11/CKPRFKey.class */
public final class CKPRFKey extends CKKey {
    static final int PRF_TWEAK_LEN = 16;
    static final int PRF_GCM_TAG_LEN = 12;
    static final int AES_BLOCK_LEN = 16;

    /* JADX INFO: Access modifiers changed from: protected */
    public CKPRFKey() {
        this.keyType = CK.DYCKK_ADV_PRF;
        this.clazz = 3;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // com.dyadicsec.pkcs11.CKKey, com.dyadicsec.pkcs11.CKObject
    public void prepareReadTemplate(Map<Integer, CK_ATTRIBUTE> map) {
        super.prepareReadTemplate(map);
        addReadTemplate(map, 261);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // com.dyadicsec.pkcs11.CKKey, com.dyadicsec.pkcs11.CKObject
    public void saveReadTemplate(Map<Integer, CK_ATTRIBUTE> map) throws CKException {
        super.saveReadTemplate(map);
        this.policy.cka_decrypt = map.get(261).toBool();
        Policy policy = this.policy;
        Policy policy2 = this.policy;
        this.policy.cka_sensitive = true;
        policy2.cka_private = true;
        policy.cka_encrypt = true;
        Policy policy3 = this.policy;
        Policy policy4 = this.policy;
        Policy policy5 = this.policy;
        Policy policy6 = this.policy;
        this.policy.cka_extractable = false;
        policy6.cka_unwrap = false;
        policy5.cka_wrap = false;
        policy4.cka_verify = false;
        policy3.cka_sign = false;
    }

    public static CKPRFKey find(Slot slot, String str) {
        return (CKPRFKey) CKObject.find(slot, 3, CK.DYCKK_ADV_PRF, str);
    }

    public static CKPRFKey find(Slot slot, long j) {
        return (CKPRFKey) CKObject.find(slot, CKPRFKey.class, j);
    }

    public static ArrayList<CKPRFKey> list(Slot slot) {
        return CKObject.list(slot, CKPRFKey.class, 3, CK.DYCKK_ADV_PRF);
    }

    public static CKPRFKey generate(Slot slot, String str, Policy policy) throws CKException {
        CKPRFKey cKPRFKey = new CKPRFKey();
        if (policy == null) {
            policy = new Policy();
        }
        cKPRFKey.generateKey(slot, CK.DYCKM_PRF_KEY_GEN, new CK_ATTRIBUTE[]{new CK_ATTRIBUTE(1, policy.cka_token), new CK_ATTRIBUTE(0, 3), new CK_ATTRIBUTE(256, CK.DYCKK_ADV_PRF), new CK_ATTRIBUTE(261, policy.cka_decrypt), new CK_ATTRIBUTE(268, policy.cka_derive), new CK_ATTRIBUTE(258, Utils.name2id(str))});
        cKPRFKey.policy = policy;
        return cKPRFKey;
    }

    public byte[] prf(byte[] bArr, int i) throws CKException {
        return prf(0, bArr, i);
    }

    public CKSecretKey derive(int i, byte[] bArr, int i2, int i3) throws CKException {
        return (CKSecretKey) derive(CKSecretKey.class, new DYCK_PRF_PARAMS(i, bArr, i3 / 8), new CK_ATTRIBUTE[]{new CK_ATTRIBUTE(1, false), new CK_ATTRIBUTE(0, 4), new CK_ATTRIBUTE(256, i2), new CK_ATTRIBUTE(259, false), new CK_ATTRIBUTE(CK.CKA_VALUE_LEN, i3 / 8)});
    }

    public byte[] prf(int i, byte[] bArr, int i2) throws CKException {
        CKSecretKey derive = derive(i, bArr, 16, i2 * 8);
        try {
            byte[] value = derive.getValue();
            derive.destroy();
            return value;
        } catch (Throwable th) {
            derive.destroy();
            throw th;
        }
    }

    public static byte[] encrypt(byte[] bArr, byte[] bArr2, byte[] bArr3, byte[] bArr4) {
        byte[] bArr5 = new byte[48];
        bArr5[15] = 0;
        bArr5[31] = 1;
        bArr5[31] = 2;
        byte[] encrypt = new AES(bArr2).encrypt(bArr5);
        byte[] encrypt2 = AES.GCM.encrypt(Arrays.copyOfRange(encrypt, 0, 32), Arrays.copyOfRange(encrypt, 32, 48), bArr3, 12, bArr4);
        byte[] bArr6 = new byte[16 + encrypt2.length];
        System.arraycopy(encrypt2, 0, bArr6, 16, encrypt2.length);
        System.arraycopy(bArr, 0, bArr6, 0, 16);
        return bArr6;
    }

    public static byte[] getDecryptTweak(byte[] bArr) {
        return Arrays.copyOfRange(bArr, 0, 16);
    }

    public static byte[] decrypt(byte[] bArr, byte[] bArr2, byte[] bArr3) throws AEADBadTagException {
        byte[] bArr4 = new byte[48];
        bArr4[15] = 0;
        bArr4[31] = 1;
        bArr4[31] = 2;
        byte[] encrypt = new AES(bArr).encrypt(bArr4);
        return AES.GCM.decrypt(Arrays.copyOfRange(encrypt, 0, 32), Arrays.copyOfRange(encrypt, 32, 48), bArr2, 12, Arrays.copyOfRange(bArr3, 16, bArr3.length));
    }

    public byte[] encrypt(byte[] bArr, byte[] bArr2) throws CKException {
        byte[] generateRandom = this.slot.generateRandom(16);
        CKSecretKey derive = derive(0, generateRandom, 31, 256);
        CKSecretKey cKSecretKey = null;
        Session session = null;
        try {
            byte[] bArr3 = new byte[48];
            bArr3[15] = 0;
            bArr3[31] = 1;
            bArr3[31] = 2;
            byte[] encrypt = derive.encrypt(new CK_MECHANISM(CK.CKM_AES_ECB), bArr3, bArr3.length);
            byte[] copyOfRange = Arrays.copyOfRange(encrypt, 0, 32);
            byte[] copyOfRange2 = Arrays.copyOfRange(encrypt, 32, 48);
            cKSecretKey = CKSecretKey.create(this.slot, null, new Policy().setToken(false), 31, copyOfRange);
            byte[] bArr4 = new byte[16 + bArr2.length + 12];
            System.arraycopy(generateRandom, 0, bArr4, 0, 16);
            session = cKSecretKey.encryptInit(new CK_GCM_PARAMS(copyOfRange2, bArr, 96));
            session.encrypt(bArr2, 0, bArr2.length, bArr4, 16);
            derive.destroy();
            if (cKSecretKey != null) {
                cKSecretKey.destroy();
            }
            this.slot.releaseSession(session);
            return bArr4;
        } catch (Throwable th) {
            derive.destroy();
            if (cKSecretKey != null) {
                cKSecretKey.destroy();
            }
            this.slot.releaseSession(session);
            throw th;
        }
    }

    public byte[] decrypt(byte[] bArr, byte[] bArr2) throws CKException {
        int length = bArr2.length - 28;
        if (length < 0) {
            throw new CKException("Decrypt using PRF", 65);
        }
        CKSecretKey derive = derive(0, Arrays.copyOfRange(bArr2, 0, 16), 31, 256);
        CKSecretKey cKSecretKey = null;
        Session session = null;
        try {
            byte[] bArr3 = new byte[48];
            bArr3[15] = 0;
            bArr3[31] = 1;
            bArr3[31] = 2;
            byte[] encrypt = derive.encrypt(new CK_MECHANISM(CK.CKM_AES_ECB), bArr3, bArr3.length);
            byte[] copyOfRange = Arrays.copyOfRange(encrypt, 0, 32);
            byte[] copyOfRange2 = Arrays.copyOfRange(encrypt, 32, 48);
            cKSecretKey = CKSecretKey.create(this.slot, null, new Policy().setToken(false), 31, copyOfRange);
            byte[] bArr4 = new byte[length];
            session = cKSecretKey.decryptInit(new CK_GCM_PARAMS(copyOfRange2, bArr, 96));
            session.decrypt(bArr2, 16, bArr2.length - 16, bArr4, 0);
            derive.destroy();
            if (cKSecretKey != null) {
                cKSecretKey.destroy();
            }
            this.slot.releaseSession(session);
            return bArr4;
        } catch (Throwable th) {
            derive.destroy();
            if (cKSecretKey != null) {
                cKSecretKey.destroy();
            }
            this.slot.releaseSession(session);
            throw th;
        }
    }

    @Override // com.dyadicsec.pkcs11.CKKey
    public CKPRFKey rekey() throws CKException {
        return (CKPRFKey) super.rekey();
    }
}
