package com.ibm.gsk.ikeyman.keystore;

import com.ibm.crypto.pkcs11impl.provider.GeneralPKCS11KeyParameterSpec;
import com.ibm.crypto.pkcs11impl.provider.PKCS11DSAKeyPairParameterSpec;
import com.ibm.crypto.pkcs11impl.provider.PKCS11RSAKeyPairParameterSpec;
import com.ibm.gsk.ikeyman.command.CommandParameters;
import com.ibm.gsk.ikeyman.command.Constants;
import com.ibm.gsk.ikeyman.error.InternalKeyManagerException;
import com.ibm.gsk.ikeyman.error.KeyManagerException;
import com.ibm.gsk.ikeyman.util.AliasRange;
import com.ibm.gsk.ikeyman.util.KeymanUtil;
import com.ibm.security.certclient.base.PkConstants;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidParameterException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SecureRandom;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Map;
import javax.crypto.KeyGenerator;

/* loaded from: input_file:jre/Home/jre/lib/ext/gskikm.jar:com/ibm/gsk/ikeyman/keystore/KeyCreatorFactory.class */
public class KeyCreatorFactory {

    /* loaded from: input_file:jre/Home/jre/lib/ext/gskikm.jar:com/ibm/gsk/ikeyman/keystore/KeyCreatorFactory$AbstractKeyCreator.class */
    abstract class AbstractKeyCreator implements KeyCreator {
        private String provider;

        public AbstractKeyCreator(String str) {
            this.provider = str;
        }

        @Override // com.ibm.gsk.ikeyman.keystore.KeyCreatorFactory.KeyCreator
        public String getProvider() {
            return this.provider;
        }

        @Override // com.ibm.gsk.ikeyman.keystore.KeyCreatorFactory.KeyCreator
        public KeyPair generateKeyPair(CommandParameters commandParameters) throws KeyManagerException {
            KeyPair generateKeyPair;
            int computeKeySize;
            int i;
            try {
                SecureRandom secureRandom = KeymanUtil.isIBMJCE() ? SecureRandom.getInstance(PkConstants.DEFAULT_RNG, this.provider) : SecureRandom.getInstance("SHA1PRNG");
                secureRandom.setSeed((long) Math.random());
                String keyType = KeymanUtil.getKeyType(commandParameters.getSigAlg().toString());
                int size = commandParameters.getSize();
                KeyPairGenerator keyPairGenerator = getKeyPairGenerator(keyType, commandParameters.getLabel(), size, secureRandom);
                int i2 = (keyType.equals("RSA") || keyType.equals("DSA")) ? 5 : 0;
                do {
                    generateKeyPair = keyPairGenerator.generateKeyPair();
                    computeKeySize = KeymanUtil.computeKeySize(generateKeyPair.getPublic());
                    if (computeKeySize >= size) {
                        break;
                    }
                    i = i2;
                    i2--;
                } while (i > 0);
                if (computeKeySize >= size || !keyType.equals("RSA")) {
                    return generateKeyPair;
                }
                throw new KeyManagerException(KeyManagerException.ExceptionReason.INVALID_KEY_SIZE, new Exception(), new String[]{computeKeySize + "", keyType});
            } catch (InvalidAlgorithmParameterException e) {
                throw new KeyManagerException(KeyManagerException.ExceptionReason.INVALID_ALGORITHM_PARAMETERS, e);
            } catch (InvalidParameterException e2) {
                if (e2.getMessage() == null || !e2.getMessage().startsWith("Modulus size")) {
                    throw new KeyManagerException(KeyManagerException.ExceptionReason.RESTRICTED_POLICY_FILES, e2);
                }
                throw new KeyManagerException(KeyManagerException.ExceptionReason.INVALID_KEY_SIZE_FOR_ALGORITHM, e2, new String[]{commandParameters.getSize() + "", KeymanUtil.getKeyType()});
            } catch (NoSuchAlgorithmException e3) {
                throw new KeyManagerException(KeyManagerException.ExceptionReason.NO_SUCH_ALGORITHM, e3, new String[]{e3.getMessage()});
            } catch (NoSuchProviderException e4) {
                throw new InternalKeyManagerException(KeyManagerException.ExceptionReason.NO_SUCH_PROVIDER, e4, new String[]{this.provider});
            }
        }

        @Override // com.ibm.gsk.ikeyman.keystore.KeyCreatorFactory.KeyCreator
        public Map generateSecretKeys(CommandParameters commandParameters) throws KeyManagerException {
            try {
                HashMap hashMap = new HashMap();
                SecureRandom secureRandom = KeymanUtil.isIBMJCE() ? SecureRandom.getInstance(PkConstants.DEFAULT_RNG, this.provider) : SecureRandom.getInstance("SHA1PRNG");
                secureRandom.setSeed((long) Math.random());
                if (commandParameters.isParameterPresent(Constants.Parameter.Label)) {
                    hashMap.put(commandParameters.getLabel(), getKeyGenerator(commandParameters.getKeyAlgorithm(), commandParameters.getLabel(), commandParameters.getKeySize(), secureRandom).generateKey());
                } else {
                    AliasRange aliasRange = new AliasRange(commandParameters.getLabelRange());
                    aliasRange.validate(AliasRange.ValidationMode.NORMAL);
                    Enumeration aliasEnumerator = aliasRange.getAliasEnumerator();
                    while (aliasEnumerator.hasMoreElements()) {
                        String str = (String) aliasEnumerator.nextElement2();
                        hashMap.put(str, getKeyGenerator(commandParameters.getKeyAlgorithm(), str, commandParameters.getKeySize(), secureRandom).generateKey());
                    }
                }
                return hashMap;
            } catch (InvalidAlgorithmParameterException e) {
                throw new KeyManagerException(KeyManagerException.ExceptionReason.INVALID_ALGORITHM_PARAMETER, e);
            } catch (InvalidParameterException e2) {
                throw new KeyManagerException(KeyManagerException.ExceptionReason.INVALID_ALGORITHM_PARAMETER, e2, new String[]{e2.getMessage()});
            } catch (NoSuchAlgorithmException e3) {
                throw new KeyManagerException(KeyManagerException.ExceptionReason.NO_SUCH_ALGORITHM, e3, new String[]{e3.getMessage()});
            } catch (NoSuchProviderException e4) {
                throw new KeyManagerException(KeyManagerException.ExceptionReason.NO_SUCH_PROVIDER, e4, new String[]{this.provider});
            }
        }

        protected abstract KeyPairGenerator getKeyPairGenerator(String str, String str2, int i, SecureRandom secureRandom) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException, KeyManagerException, NoSuchProviderException;

        protected abstract KeyGenerator getKeyGenerator(String str, String str2, int i, SecureRandom secureRandom) throws KeyManagerException, NoSuchAlgorithmException, NoSuchProviderException, InvalidAlgorithmParameterException;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:jre/Home/jre/lib/ext/gskikm.jar:com/ibm/gsk/ikeyman/keystore/KeyCreatorFactory$DefaultKeyCreator.class */
    public class DefaultKeyCreator extends AbstractKeyCreator {
        private static final Map keySizes = new HashMap();

        public DefaultKeyCreator(String str) {
            super(str);
        }

        @Override // com.ibm.gsk.ikeyman.keystore.KeyCreatorFactory.AbstractKeyCreator
        protected KeyPairGenerator getKeyPairGenerator(String str, String str2, int i, SecureRandom secureRandom) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException, KeyManagerException, NoSuchProviderException {
            KeyPairGenerator keyPairGenerator = KeymanUtil.isIBMJCE() ? KeyPairGenerator.getInstance(str, getProvider()) : KeyPairGenerator.getInstance(str);
            keyPairGenerator.initialize(i, secureRandom);
            return keyPairGenerator;
        }

        @Override // com.ibm.gsk.ikeyman.keystore.KeyCreatorFactory.AbstractKeyCreator
        protected KeyGenerator getKeyGenerator(String str, String str2, int i, SecureRandom secureRandom) throws KeyManagerException, NoSuchAlgorithmException, NoSuchProviderException {
            KeyGenerator keyGenerator = KeymanUtil.isIBMJCE() ? KeyGenerator.getInstance(str, getProvider()) : KeyGenerator.getInstance(str);
            keyGenerator.init(i, secureRandom);
            return keyGenerator;
        }

        @Override // com.ibm.gsk.ikeyman.keystore.KeyCreatorFactory.KeyCreator
        public Integer[] getKeySizes(SecretKeyTypes secretKeyTypes) {
            return (Integer[]) keySizes.get(secretKeyTypes);
        }

        static {
            keySizes.put(SecretKeyTypes.AES, new Integer[]{128, 192, 256});
            keySizes.put(SecretKeyTypes.DES, new Integer[]{56});
            keySizes.put(SecretKeyTypes.DESede, new Integer[]{112, 168});
        }
    }

    /* loaded from: input_file:jre/Home/jre/lib/ext/gskikm.jar:com/ibm/gsk/ikeyman/keystore/KeyCreatorFactory$KeyCreator.class */
    public interface KeyCreator {
        KeyPair generateKeyPair(CommandParameters commandParameters) throws KeyManagerException;

        Map generateSecretKeys(CommandParameters commandParameters) throws KeyManagerException;

        Integer[] getKeySizes(SecretKeyTypes secretKeyTypes);

        String getProvider();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:jre/Home/jre/lib/ext/gskikm.jar:com/ibm/gsk/ikeyman/keystore/KeyCreatorFactory$PKCS11KeyCreator.class */
    public class PKCS11KeyCreator extends AbstractKeyCreator {
        private static final int BITS_PER_BYTE = 8;
        private static final boolean TOKEN = true;
        private static final boolean SENSITIVE = true;
        private static final boolean SIGNING = true;
        private static final boolean ENCRYPTION = true;
        private static final boolean WRAPPING = true;
        private static final boolean EXTRACTABLE_PRIVATE = false;
        private static final boolean EXTRACTABLE_SECRET = true;
        private static final Map keySizes = new HashMap();

        public PKCS11KeyCreator(String str) {
            super(str);
        }

        @Override // com.ibm.gsk.ikeyman.keystore.KeyCreatorFactory.AbstractKeyCreator
        protected KeyGenerator getKeyGenerator(String str, String str2, int i, SecureRandom secureRandom) throws KeyManagerException, NoSuchAlgorithmException, NoSuchProviderException, InvalidAlgorithmParameterException {
            KeyGenerator keyGenerator = KeymanUtil.isIBMJCE() ? KeyGenerator.getInstance(str, getProvider()) : KeyGenerator.getInstance(str);
            keyGenerator.init(new GeneralPKCS11KeyParameterSpec(str2, str2, true, true, true, true, true, i / 8, str), secureRandom);
            return keyGenerator;
        }

        @Override // com.ibm.gsk.ikeyman.keystore.KeyCreatorFactory.AbstractKeyCreator
        protected KeyPairGenerator getKeyPairGenerator(String str, String str2, int i, SecureRandom secureRandom) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException, KeyManagerException, NoSuchProviderException {
            String keyType = KeymanUtil.getKeyType(str);
            KeyPairGenerator keyPairGenerator = KeymanUtil.isIBMJCE() ? KeyPairGenerator.getInstance(keyType, getProvider()) : KeyPairGenerator.getInstance(keyType);
            keyPairGenerator.initialize(keyType.equals("DSA") ? new PKCS11DSAKeyPairParameterSpec(i, str2, null, str2, true, true, false, null) : new PKCS11RSAKeyPairParameterSpec(i, str2, null, str2, true, true, true, true, true, false), secureRandom);
            return keyPairGenerator;
        }

        @Override // com.ibm.gsk.ikeyman.keystore.KeyCreatorFactory.KeyCreator
        public Integer[] getKeySizes(SecretKeyTypes secretKeyTypes) {
            return (Integer[]) keySizes.get(secretKeyTypes);
        }

        static {
            keySizes.put(SecretKeyTypes.AES, new Integer[]{128, 192, 256});
            keySizes.put(SecretKeyTypes.DES, new Integer[]{64});
            keySizes.put(SecretKeyTypes.DESede, new Integer[]{192});
        }
    }

    /* loaded from: input_file:jre/Home/jre/lib/ext/gskikm.jar:com/ibm/gsk/ikeyman/keystore/KeyCreatorFactory$SecretKeyTypes.class */
    public enum SecretKeyTypes {
        AES,
        DES,
        DESede
    }

    public static KeyCreator getDefaultKeyCreator(String str) {
        return new DefaultKeyCreator(str);
    }

    public static KeyCreator getPKCS11KeyCreator(String str) {
        return new PKCS11KeyCreator(str);
    }
}
