package com.ibm.crypto.pkcs11impl.provider;

import com.ibm.misc.Debug;
import com.ibm.pkcs11.CK_ECDH1_DERIVE_PARAMS;
import com.ibm.pkcs11.PKCS11Mechanism;
import com.ibm.pkcs11.PKCS11Object;
import com.ibm.security.pkcs5.PKCS5;
import com.ibm.security.util.DerValue;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.interfaces.ECPublicKey;
import java.security.spec.AlgorithmParameterSpec;
import java.util.HashMap;
import java.util.Map;
import javax.crypto.KeyAgreementSpi;
import javax.crypto.SecretKey;
import javax.crypto.ShortBufferException;

/* loaded from: input_file:jre/lib/ext/ibmpkcs11impl.jar:com/ibm/crypto/pkcs11impl/provider/ECDHCofactorPKCS11KeyAgreement.class */
public class ECDHCofactorPKCS11KeyAgreement extends KeyAgreementSpi {
    private SessionManager sessionManager;
    private Provider provider;
    private Config config;
    private PKCS11ECPrivateKey privateKey;
    private byte[] publicValue;
    private int secretLen;
    AlgorithmParameterSpec params;
    int kdfAlgorithm;
    private static Debug debug = Debug.getInstance("kdf");

    public ECDHCofactorPKCS11KeyAgreement(Provider provider, String str) {
        this.sessionManager = null;
        this.provider = null;
        this.config = null;
        this.params = null;
        this.kdfAlgorithm = -1;
        if (debug != null) {
            System.out.println("ECDHCofactorPKCS11KeyAgreement.java:  CONSTRUCTOR:  The user specified algorithm is:  " + str);
        }
        IBMPKCS11Impl.verifyJceJar();
        this.provider = provider;
        this.sessionManager = ((IBMPKCS11Impl) provider).getSessionManager();
        this.config = ((IBMPKCS11Impl) provider).getConfig();
    }

    public ECDHCofactorPKCS11KeyAgreement(Provider provider) {
        this(provider, null);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.crypto.KeyAgreementSpi
    public void engineInit(Key key, java.security.SecureRandom secureRandom) throws InvalidKeyException {
        if (key == null) {
            throw new InvalidKeyException("Key must not be null");
        }
        if (!(key instanceof PrivateKey)) {
            throw new InvalidKeyException("Key must be instance of PrivateKey");
        }
        this.privateKey = (PKCS11ECPrivateKey) new PKCS11ECKeyFactory(this.provider).implTranslatePrivateKey((PrivateKey) key);
        this.publicValue = null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.crypto.KeyAgreementSpi
    public void engineInit(Key key, AlgorithmParameterSpec algorithmParameterSpec, java.security.SecureRandom secureRandom) throws InvalidKeyException, InvalidAlgorithmParameterException {
        if (algorithmParameterSpec == null) {
            this.params = null;
            this.kdfAlgorithm = 1;
            if (debug != null) {
                System.out.println("ECDHCofactorPKCS11KeyAgreement.java:  engineInit():  No KDFParameterSpec object was supplied on engineInit().  Assume CKD_NULL.");
            }
        } else {
            if (!(algorithmParameterSpec instanceof KDFParameterSpec)) {
                throw new InvalidAlgorithmParameterException("The supplied parameters are not a KDFParameterSpec object");
            }
            int kdf = ((KDFParameterSpec) algorithmParameterSpec).getKDF();
            if (kdf == 1) {
                if (debug != null) {
                    System.out.println("ECDHCofactorPKCS11KeyAgreement.java:  engineInit():  A KDFParameterSpec object was supplied on engineInit() with kdf = CKD_NULL");
                }
                if (((KDFParameterSpec) algorithmParameterSpec).getSharedInfo() != null) {
                    throw new InvalidAlgorithmParameterException("The supplied KDFParameterSpec carries both CKD_NULL and a non-null sharedInfo value");
                }
                if (debug != null) {
                    System.out.println("ECDHCofactorPKCS11KeyAgreement.java:  engineInit():  A KDFParameterSpec object carries a null sharedInfo value.");
                }
            } else {
                if (kdf != 2 && kdf != 5 && kdf != 6 && kdf != 7 && kdf != 8 && kdf != -2147483628) {
                    throw new InvalidAlgorithmParameterException("The supplied KDFParameterSpec carries an invalid key derivation function (kdf) value.");
                }
                if (debug != null) {
                    System.out.println("ECDHCofactorPKCS11KeyAgreement.java:  engineInit():  A KDFParameterSpec object was supplied on engineInit() with kdf = " + kdf);
                }
                if (((KDFParameterSpec) algorithmParameterSpec).getSharedInfo() != null) {
                    if (debug != null) {
                        System.out.println("ECDHCofactorPKCS11KeyAgreement.java:  engineInit():  A KDFParameterSpec object carries a non-null sharedInfo value.");
                    }
                } else if (debug != null) {
                    System.out.println("ECDHCofactorPKCS11KeyAgreement.java:  engineInit():  A KDFParameterSpec object carries a null sharedInfo value.");
                }
            }
            if (debug != null) {
                System.out.println("ECDHCofactorPKCS11KeyAgreement.java:  engineInit():  A KDFParameterSpec object was supplied on engineInit()");
            }
            this.kdfAlgorithm = kdf;
            this.params = algorithmParameterSpec;
        }
        engineInit(key, secureRandom);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.crypto.KeyAgreementSpi
    public Key engineDoPhase(Key key, boolean z) throws InvalidKeyException, IllegalStateException {
        if (key == null) {
            throw new InvalidKeyException("Key must not be null");
        }
        if (this.privateKey == null) {
            throw new IllegalStateException("Not initialized");
        }
        if (!z) {
            throw new IllegalStateException("Only two party agreement supported, lastPhase must be true");
        }
        if (!(key instanceof ECPublicKey)) {
            throw new InvalidKeyException("Key must be a PublicKey with algorithm EC");
        }
        if (key instanceof PKCS11ECPublicKey) {
            this.publicValue = ((PKCS11ECPublicKey) key).getEncodedW();
        } else {
            try {
                this.publicValue = PKCS11ECKeyFactory.getEncodedPublicValue((ECPublicKey) key);
                this.publicValue = new DerValue((byte) 4, this.publicValue).toByteArray();
            } catch (Exception e) {
                throw new InvalidKeyException(e.getMessage());
            }
        }
        this.secretLen = (((ECPublicKey) key).getParams().getCurve().getField().getFieldSize() + 7) >> 3;
        if (debug == null) {
            return null;
        }
        debug.text(16384L, "ECDHCofactorPKCS11KeyAgreement", "engineDoPhase", "secret len = " + this.secretLen);
        return null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.crypto.KeyAgreementSpi
    public byte[] engineGenerateSecret() throws IllegalStateException {
        Session session = null;
        try {
            session = this.sessionManager.getOpSession();
            byte[] bArr = (byte[]) session.getAttrValue(((GeneralKey) generateSecret(session, "Generic")).getObject(), 17);
            this.sessionManager.releaseSession(session);
            return bArr;
        } catch (Exception e) {
            this.sessionManager.releaseSession(session);
            throw new IllegalStateException(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.crypto.KeyAgreementSpi
    public int engineGenerateSecret(byte[] bArr, int i) throws IllegalStateException, ShortBufferException {
        Session session = null;
        try {
            session = this.sessionManager.getOpSession();
            byte[] bArr2 = (byte[]) session.getAttrValue(((GeneralKey) generateSecret(session, "Generic")).getObject(), 17);
            this.sessionManager.releaseSession(session);
            if (i + bArr2.length > bArr.length) {
                throw new ShortBufferException("Need " + bArr2.length + " bytes, only " + (bArr.length - i) + " available");
            }
            System.arraycopy(bArr2, 0, bArr, i, bArr2.length);
            return bArr2.length;
        } catch (Exception e) {
            this.sessionManager.releaseSession(session);
            throw new IllegalStateException(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.crypto.KeyAgreementSpi
    public SecretKey engineGenerateSecret(String str) throws IllegalStateException, NoSuchAlgorithmException, InvalidKeyException {
        Session session = null;
        try {
            session = this.sessionManager.getObjSession();
            SecretKey generateSecret = generateSecret(session, str);
            ((GeneralKey) generateSecret).setSession(session);
            this.sessionManager.releaseSession(session);
            return generateSecret;
        } catch (NoSuchAlgorithmException e) {
            this.sessionManager.releaseSession(session);
            throw e;
        } catch (Exception e2) {
            this.sessionManager.releaseSession(session);
            throw new IllegalStateException(e2);
        }
    }

    private SecretKey generateSecret(Session session, String str) throws IllegalStateException, NoSuchAlgorithmException, InvalidKeyException {
        Integer num;
        CK_ECDH1_DERIVE_PARAMS ck_ecdh1_derive_params;
        if (str == null) {
            throw new NoSuchAlgorithmException("Algorithm must not be null");
        }
        if (this.privateKey == null || this.publicValue == null) {
            throw new IllegalStateException("Not initialized correctly");
        }
        Integer num2 = PKCS11Object.GENERIC_SECRET;
        int chooseKeySize = chooseKeySize(this.params, 8);
        if (this.secretLen > 0) {
            chooseKeySize = chooseKeySize(this.params, this.secretLen);
        }
        if (str.equalsIgnoreCase("Generic")) {
            num = PKCS11Object.GENERIC_SECRET;
        } else if (str.equalsIgnoreCase(PKCS5.CIPHER_ALGORITHM_DES)) {
            chooseKeySize = chooseKeySize(this.params, 8);
            num = PKCS11Object.DES;
            if (debug != null) {
                System.out.println("ECDHCofactorPKCS11KeyAgreement.java:  generateSecret():  The keySize chosen for DES was = " + chooseKeySize);
            }
        } else if (str.equalsIgnoreCase(PKCS5.CIPHER_ALGORITHM_DESEDE) || str.equalsIgnoreCase(PKCS5.CIPHER_ALGORITHM_TRIPLE_DES) || str.equalsIgnoreCase(PKCS5.CIPHER_ALGORITHM_3DES)) {
            chooseKeySize = chooseKeySize(this.params, 24);
            num = PKCS11Object.DES3;
            if (debug != null) {
                System.out.println("ECDHCofactorPKCS11KeyAgreement.java:  generateSecret():  The keySize chosen for TripleDES was = " + chooseKeySize);
            }
        } else if (str.equalsIgnoreCase("Blowfish")) {
            chooseKeySize = chooseKeySize(this.params, 56);
            num = PKCS11Object.BLOWFISH;
        } else if (str.equalsIgnoreCase("AES")) {
            chooseKeySize = chooseKeySize(this.params, 16);
            if (debug != null) {
                System.out.println("ECDHCofactorPKCS11KeyAgreement.java:  generateSecret():  The keySize chosen for AES was = " + chooseKeySize);
            }
            num = PKCS11Object.AES;
        } else if (str.equalsIgnoreCase("TlsPremasterSecret")) {
            num = PKCS11Object.GENERIC_SECRET;
        } else {
            if (!str.equalsIgnoreCase("RC4")) {
                throw new NoSuchAlgorithmException("Unknown algorithm " + str);
            }
            num = PKCS11Object.RC4;
        }
        HashMap hashMap = new HashMap();
        hashMap.put(0, PKCS11Object.SECRET_KEY);
        hashMap.put(256, num);
        hashMap.put(Integer.valueOf(PKCS11Object.VALUE_LEN), Integer.valueOf(chooseKeySize));
        if (this.config != null) {
            hashMap.putAll(this.config.getAttributes("GENERATE", PKCS11Object.SECRET_KEY, num));
        }
        int[] iArr = new int[hashMap.size()];
        Object[] objArr = new Object[hashMap.size()];
        int i = 0;
        for (Map.Entry entry : hashMap.entrySet()) {
            if (debug != null) {
                debug.text(16384L, "ECDHCofactorPKCS11KeyAgreement", "generateSecret", "secret key type = " + ((Integer) entry.getKey()).intValue() + ", value = " + entry.getValue());
            }
            if (((Integer) entry.getKey()).intValue() != 353) {
                iArr[i] = ((Integer) entry.getKey()).intValue();
                int i2 = i;
                i++;
                objArr[i2] = entry.getValue();
            } else if (str.equalsIgnoreCase("Generic") || str.equalsIgnoreCase("RC4")) {
                if (((Integer) entry.getValue()).intValue() > this.secretLen) {
                    throw new IllegalStateException("Key size is out of range.");
                }
                iArr[i] = ((Integer) entry.getKey()).intValue();
                int i3 = i;
                i++;
                objArr[i3] = entry.getValue();
            } else {
                iArr[i] = Integer.valueOf(PKCS11Object.VALUE_LEN).intValue();
                int i4 = i;
                i++;
                objArr[i4] = Integer.valueOf(chooseKeySize);
            }
        }
        if (debug != null) {
            if (this.kdfAlgorithm == 1) {
                System.out.println("ECDHCofactorPKCS11KeyAgreement.java: generateSecret():  The kdfAlgorithm used is:  CKD_NULL");
            } else if (this.kdfAlgorithm == 2) {
                System.out.println("ECDHCofactorPKCS11KeyAgreement.java: generateSecret():  The kdfAlgorithm used is:  CKD_SHA1_KDF");
            } else if (this.kdfAlgorithm == 5) {
                System.out.println("ECDHCofactorPKCS11KeyAgreement.java: generateSecret():  The kdfAlgorithm used is:  CKD_SHA224_KDF");
            } else if (this.kdfAlgorithm == 6) {
                System.out.println("ECDHCofactorPKCS11KeyAgreement.java: generateSecret():  The kdfAlgorithm used is:  CKD_SHA256_KDF");
            } else if (this.kdfAlgorithm == 7) {
                System.out.println("ECDHCofactorPKCS11KeyAgreement.java: generateSecret():  The kdfAlgorithm used is:  CKD_SHA384_KDF");
            } else if (this.kdfAlgorithm == 8) {
                System.out.println("ECDHCofactorPKCS11KeyAgreement.java: generateSecret():  The kdfAlgorithm used is:  CKD_SHA521_KDF");
            } else if (this.kdfAlgorithm == -2147483628) {
                System.out.println("ECDHPKCS11KeyAgreement.java: generateSecret():  The kdfAlgorithm used is:  CKD_SHA256_NIST_KDF.  This is a Gemalto proprietary KDF value for the Luna SA.");
            }
        }
        if (this.kdfAlgorithm == 1 || this.kdfAlgorithm == -1) {
            ck_ecdh1_derive_params = new CK_ECDH1_DERIVE_PARAMS(1, null, this.publicValue);
        } else {
            if (debug != null) {
                if (((KDFParameterSpec) this.params).getSharedInfo() == null) {
                    System.out.println("ECDHCofactorPKCS11KeyAgreement.java: generateSecret():  ((KDFParameterSpec)params).getSharedInfo() is null.");
                } else {
                    System.out.println("ECDHCofactorPKCS11KeyAgreement.java: generateSecret():  ((KDFParameterSpec)params).getSharedInfo() is:");
                    System.out.println(toHexString(((KDFParameterSpec) this.params).getSharedInfo()));
                }
            }
            ck_ecdh1_derive_params = new CK_ECDH1_DERIVE_PARAMS(this.kdfAlgorithm, ((KDFParameterSpec) this.params).getSharedInfo(), this.publicValue);
        }
        if (debug != null) {
            System.out.println("ECDHCofactorPKCS11KeyAgreement.java:  generateSecret():  Calling session.deriveKey() for PKCS11Mechanism.ECDH1_COFACTOR_DERIVE");
        }
        return new GeneralKey(session, session.deriveKey(PKCS11Mechanism.ECDH1_COFACTOR_DERIVE, ck_ecdh1_derive_params, this.privateKey.getObject(), iArr, objArr), str);
    }

    protected int chooseKeySize(AlgorithmParameterSpec algorithmParameterSpec, int i) {
        int i2;
        if (algorithmParameterSpec == null) {
            i2 = i;
        } else {
            int keySize = ((KDFParameterSpec) algorithmParameterSpec).getKeySize();
            i2 = keySize == 0 ? i : keySize;
        }
        if (debug != null) {
            System.out.println("ECDHCofactorPKCS11KeyAgreement.java:  chooseKeySize():  Chose keySize = " + i2);
        }
        return i2;
    }

    public static String toHexString(byte[] bArr) {
        StringBuffer stringBuffer = new StringBuffer();
        char[] cArr = {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'A', 'B', 'C', 'D', 'E', 'F'};
        int length = bArr.length;
        for (int i = 0; i < length; i++) {
            if (i % 16 == 0) {
                stringBuffer.append('\n');
            }
            int i2 = (bArr[i] & 240) >> 4;
            int i3 = bArr[i] & 15;
            stringBuffer.append(cArr[i2]);
            stringBuffer.append(cArr[i3]);
            stringBuffer.append(' ');
        }
        return stringBuffer.toString();
    }
}
