package com.ibm.crypto.pkcs11impl.provider;

import com.ibm.gsk.ikeyman.keystore.KeyStoreProxyCreatorFactory;
import com.ibm.misc.Debug;
import com.ibm.pkcs11.PKCS11Exception;
import java.math.BigInteger;
import java.security.AccessController;
import java.security.AlgorithmParameters;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PrivilegedAction;
import java.security.Provider;
import java.security.PublicKey;
import java.security.Security;
import java.security.interfaces.RSAPrivateCrtKey;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.InvalidParameterSpecException;
import java.security.spec.MGF1ParameterSpec;
import java.util.Arrays;
import java.util.Locale;
import javax.crypto.BadPaddingException;
import javax.crypto.CipherSpi;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.ShortBufferException;
import javax.crypto.spec.OAEPParameterSpec;
import javax.crypto.spec.PSource;

/* loaded from: input_file:jre/Home/jre/lib/ext/ibmpkcs11impl.jar:com/ibm/crypto/pkcs11impl/provider/RSACipher.class */
public final class RSACipher extends CipherSpi {
    private int mechanism;
    private SessionManager sessionManager;
    private Provider provider;
    private Config config;
    private static final String DEFAULT_RSA_OAEP_MGF1_IS_SHA1 = "com.ibm.crypto.provider.Default_RSA_OAEP_MGF1_is_SHA1";
    private BigInteger modulus;
    private int opmode;
    private Key key;
    private static final boolean defaultMGF1isSHA1 = ((Boolean) AccessController.doPrivileged(new PrivilegedAction<Boolean>() { // from class: com.ibm.crypto.pkcs11impl.provider.RSACipher.1
        /* JADX WARN: Can't rename method to resolve collision */
        @Override // java.security.PrivilegedAction
        /* renamed from: run */
        public Boolean run2() {
            return Boolean.valueOf("true".equalsIgnoreCase(System.getProperty(RSACipher.DEFAULT_RSA_OAEP_MGF1_IS_SHA1, "false")));
        }
    })).booleanValue();
    private static Debug debug = Debug.getInstance("pkcs11impl");
    private static String className = "com.ibm.crypto.pkcs11impl.provider.RSACipher";
    private boolean decrypting = false;
    java.security.SecureRandom random = null;
    PKCS11Cipher cipher = null;
    private PKCS11Key hw_key_to_delete = null;
    private Session session = null;
    private OAEPParameterSpec spec = null;
    private int paddingIndicator = 0;
    private String oaepHashAlgorithm = "SHA-1";
    int CKZ_DATA_SPECIFIED = 1;
    private byte[] data = null;
    private int dataUsed = 0;

    public RSACipher(Provider provider) {
        this.provider = null;
        this.config = null;
        IBMPKCS11Impl.verifyJceJar();
        if (!IBMPKCS11Impl.verifySelfIntegrity(getClass())) {
            throw new SecurityException("The IBM JCE PKCS11 provider may have been tampered.");
        }
        this.provider = provider;
        this.sessionManager = ((IBMPKCS11Impl) provider).getSessionManager();
        this.config = ((IBMPKCS11Impl) provider).getConfig();
        if (debug != null) {
            System.out.println("RSACipher.java:  CONSTRUCTOR:  Setting the mechanism to RSA_PKCS (RSA/ /PKCS1Padding) by default");
        }
        this.mechanism = 1;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.crypto.CipherSpi
    public void engineSetMode(String str) throws NoSuchAlgorithmException {
        if ((str == null || !(str.equals(" ") || str.equals("ECB") || str.equals("SSL"))) && str != null) {
            throw new NoSuchAlgorithmException("Mode: " + str + " not implemented");
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.crypto.CipherSpi
    public void engineSetPadding(String str) throws NoSuchPaddingException {
        if (debug != null) {
            System.out.println("RSACipher.java:  engineSetPadding():  The padding scheme passed in is:  " + str);
        }
        if (debug != null) {
            debug.entry(16384L, className, "engineSetPadding", "." + str + ".");
        }
        if ((str.equalsIgnoreCase("PKCS1Padding") || str.equalsIgnoreCase("PKCS")) && this.config != null && this.config.supportMechanism(1)) {
            this.paddingIndicator = 0;
            if (debug != null) {
                System.out.println("RSACipher.java:  engineSetPadding():  Setting mechanism to RSA_PKCS (RSA/ /PKCS1Padding)");
            }
            this.mechanism = 1;
            if (debug != null) {
                debug.exit(16384L, className, "engineSetPadding", "PKCS");
                return;
            }
            return;
        }
        if ((str.equals(" ") || str.equalsIgnoreCase("NoPadding") || str == null) && this.config != null && this.config.supportMechanism(3)) {
            this.paddingIndicator = 1;
            if (debug != null) {
                System.out.println("RSACipher.java:  engineSetPadding():  Setting mechanism to RSA_X_509 (RSA/ /NoPadding)");
            }
            this.mechanism = 3;
            if (debug != null) {
                debug.exit(16384L, className, "engineSetPadding", "RAW RSA");
                return;
            }
            return;
        }
        if (!str.startsWith("OAEP") && !str.startsWith("oaep")) {
            if (debug != null) {
                debug.exit(16384L, className, "engineSetPadding", "No such padding.");
            }
            throw new NoSuchPaddingException("Padding: " + str + " not implemented");
        }
        String lowerCase = str.toLowerCase(Locale.ENGLISH);
        if (debug != null) {
            System.out.println("RSACipher.java:  engineSetPadding():  The lowerpadding is:  " + lowerCase);
        }
        if (lowerCase.equals("oaeppadding")) {
            this.paddingIndicator = 2;
        } else if (lowerCase.startsWith("oaeppadding")) {
            this.paddingIndicator = 2;
            this.oaepHashAlgorithm = str.substring(11, str.length());
        } else {
            if (!lowerCase.startsWith("oaepwith") || !lowerCase.endsWith("andmgf1padding")) {
                throw new NoSuchPaddingException("Padding " + str + " not supported");
            }
            this.paddingIndicator = 2;
            this.oaepHashAlgorithm = str.substring(8, str.length() - 14);
            if (debug != null) {
                System.out.println("RSACipher.java:  engineSetPadding():  The hash algorithm lifted from the padding scheme passed in is:  " + this.oaepHashAlgorithm);
            }
        }
        if (debug != null) {
            System.out.println("RSACipher.java:  engineSetPadding():  Setting mechanism to RSA_PKCS_OAEP (RSA/ /OAEPPadding...) ");
            System.out.println("RSACipher.java:  engineSetPadding():  The oaepHashAlgorithm lifted from the paddingScheme is:  " + this.oaepHashAlgorithm);
        }
        this.mechanism = 9;
        Provider[] providers = Security.getProviders();
        boolean z = false;
        int i = 0;
        while (true) {
            if (i >= providers.length) {
                break;
            }
            if (providers[i].getService("MessageDigest", this.oaepHashAlgorithm) != null) {
                z = true;
                break;
            }
            i++;
        }
        if (!z) {
            throw new NoSuchPaddingException("MessageDigest not available for " + str);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.crypto.CipherSpi
    public int engineGetBlockSize() {
        return 0;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.crypto.CipherSpi
    public int engineGetOutputSize(int i) {
        return this.modulus.toByteArray().length;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.crypto.CipherSpi
    public byte[] engineGetIV() {
        return null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.crypto.CipherSpi
    public AlgorithmParameters engineGetParameters() {
        if (this.spec == null) {
            return null;
        }
        try {
            Provider provider = null;
            Provider[] providers = Security.getProviders();
            int length = providers.length;
            int i = 0;
            while (true) {
                if (i >= length) {
                    break;
                }
                Provider provider2 = providers[i];
                if (provider2.getName().indexOf(KeyStoreProxyCreatorFactory.PKCS11_PROVIDER) != -1) {
                    provider = provider2;
                    break;
                }
                i++;
            }
            if (provider == null) {
                throw new RuntimeException("Cannot find the IBMPKCS11Impl provider.");
            }
            AlgorithmParameters algorithmParameters = AlgorithmParameters.getInstance("OAEP", provider);
            algorithmParameters.init(this.spec);
            return algorithmParameters;
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException("Cannot find OAEP  AlgorithmParameters implementation in IBMPKCS11Impl provider");
        } catch (InvalidParameterSpecException e2) {
            throw new RuntimeException("OAEPParameterSpec not supported");
        }
    }

    private void cancelOperation() {
        if (debug != null) {
            debug.entry(16384L, "RSACipher", "cancelOperation");
        }
        if (this.session == null) {
            if (debug != null) {
                debug.text(16384L, "RSACipher", "cancelOperation", "session is null");
            }
            this.cipher = null;
            this.key = null;
            if (this.hw_key_to_delete != null) {
                this.hw_key_to_delete.rm();
                this.hw_key_to_delete = null;
                return;
            }
            return;
        }
        if (!this.session.hasObjects()) {
            if (debug != null) {
                debug.text(16384L, "RSACipher", "cancelOperation", "session has no objects, close session handle = " + this.session.getID());
            }
            this.sessionManager.closeSession(this.session);
            this.session = null;
            this.cipher = null;
            this.key = null;
            if (this.hw_key_to_delete != null) {
                this.hw_key_to_delete.rm();
                this.hw_key_to_delete = null;
                return;
            }
            return;
        }
        int engineGetBlockSize = engineGetBlockSize();
        if (engineGetBlockSize == 0) {
            engineGetBlockSize = 8;
        }
        byte[] bArr = new byte[engineGetBlockSize];
        try {
            if (debug != null) {
                debug.text(16384L, "RSACipher", "cancelOperation", "call do final to clean up buffered data");
            }
            this.cipher.engineDoFinal(this.session, bArr, 0, engineGetBlockSize);
        } catch (Exception e) {
            if (debug != null) {
                debug.exception(16384L, "RSACipher", "cancelOperation", e);
            }
        }
        this.sessionManager.releaseSession(this.session);
        this.session = null;
        this.cipher = null;
        this.key = null;
        if (this.hw_key_to_delete != null) {
            this.hw_key_to_delete.rm();
            this.hw_key_to_delete = null;
        }
        if (debug != null) {
            debug.exit(16384L, "RSACipher", "cancelOperation");
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.crypto.CipherSpi
    public byte[] engineUpdate(byte[] bArr, int i, int i2) {
        if (this.dataUsed + i2 > this.data.length) {
            cancelOperation();
            throw new IllegalArgumentException("Input data too long for RSA encryption");
        }
        if (this.session == null) {
            if (this.key == null) {
                throw new RuntimeException("Cipher engine is not initialized");
            }
            try {
                engineInit(this.opmode, this.key, null);
            } catch (Exception e) {
                cancelOperation();
                throw new IllegalArgumentException(e);
            }
        }
        System.arraycopy(bArr, i, this.data, this.dataUsed, i2);
        this.dataUsed += i2;
        if (debug != null) {
            debug.text(16384L, "RSACipher", "engineUpdate1", "dataUsed=" + this.dataUsed + ", input len= " + i2);
        }
        return new byte[0];
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.crypto.CipherSpi
    public int engineUpdate(byte[] bArr, int i, int i2, byte[] bArr2, int i3) throws ShortBufferException {
        if (this.dataUsed + i2 > this.data.length) {
            cancelOperation();
            throw new IllegalArgumentException("Input data too long for RSA encryption");
        }
        if (this.session == null) {
            if (this.key == null) {
                throw new RuntimeException("Cipher engine is not initialized");
            }
            try {
                engineInit(this.opmode, this.key, null);
            } catch (Exception e) {
                cancelOperation();
                throw new IllegalArgumentException(e);
            }
        }
        System.arraycopy(bArr, i, this.data, this.dataUsed, i2);
        this.dataUsed += i2;
        if (debug == null) {
            return 0;
        }
        debug.text(16384L, "RSACipher", "engineUpdate2", "dataUsed=" + this.dataUsed + ", input len= " + i2);
        return 0;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.crypto.CipherSpi
    public byte[] engineDoFinal(byte[] bArr, int i, int i2) throws IllegalBlockSizeException, BadPaddingException {
        byte[] bArr2 = new byte[0];
        if (this.dataUsed + i2 > this.data.length) {
            cancelOperation();
            throw new IllegalArgumentException("Input data too long for RSA encryption");
        }
        if (this.session == null) {
            if (this.key == null) {
                throw new RuntimeException("Cipher engine is not initialized");
            }
            try {
                engineInit(this.opmode, this.key, null);
            } catch (Exception e) {
                cancelOperation();
                throw new IllegalArgumentException(e);
            }
        }
        if (i2 != 0) {
            System.arraycopy(bArr, i, this.data, this.dataUsed, i2);
        }
        try {
            if (debug != null) {
                debug.text(16384L, "RSACipher", "engineDoFinal1", "dataUsed=" + this.dataUsed + ", input len= " + i2);
            }
            if (this.dataUsed + i2 == 0) {
                this.data = null;
            }
            bArr2 = this.cipher.engineDoFinal(this.session, this.data, 0, this.dataUsed + i2);
            this.dataUsed = 0;
            if (!this.decrypting && this.data != null) {
                Arrays.fill(this.data, (byte) 0);
            }
            if (this.hw_key_to_delete != null) {
                this.hw_key_to_delete.rm();
                this.hw_key_to_delete = null;
            }
            this.sessionManager.releaseSession(this.session);
            this.session = null;
            return bArr2;
        } catch (PKCS11Exception e2) {
            if (this.decrypting) {
                if (bArr2 != null) {
                    Arrays.fill(bArr2, (byte) 0);
                }
            } else if (this.data != null) {
                Arrays.fill(this.data, (byte) 0);
            }
            cancelOperation();
            throw e2;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.crypto.CipherSpi
    public int engineDoFinal(byte[] bArr, int i, int i2, byte[] bArr2, int i3) throws IllegalBlockSizeException, ShortBufferException, BadPaddingException {
        if (this.dataUsed + i2 > this.data.length) {
            cancelOperation();
            throw new IllegalArgumentException("Input data too long for RSA encryption");
        }
        if (this.session == null) {
            if (this.key == null) {
                throw new RuntimeException("Cipher engine is not initialized");
            }
            try {
                engineInit(this.opmode, this.key, null);
            } catch (Exception e) {
                cancelOperation();
                throw new IllegalArgumentException(e);
            }
        }
        if (i2 != 0) {
            System.arraycopy(bArr, i, this.data, this.dataUsed, i2);
        }
        try {
            if (debug != null) {
                debug.text(16384L, "RSACipher", "engineDoFinal2", "dataUsed=" + this.dataUsed + ", input len= " + i2);
            }
            if (this.dataUsed + i2 == 0) {
                this.data = null;
            }
            int engineDoFinal = this.cipher.engineDoFinal(this.session, this.data, 0, this.dataUsed + i2, bArr2, i3);
            this.dataUsed = 0;
            if (!this.decrypting && this.data != null) {
                Arrays.fill(this.data, (byte) 0);
            }
            if (this.hw_key_to_delete != null) {
                this.hw_key_to_delete.rm();
                this.hw_key_to_delete = null;
            }
            this.sessionManager.releaseSession(this.session);
            this.session = null;
            return engineDoFinal;
        } catch (PKCS11Exception e2) {
            if (this.decrypting) {
                if (bArr2 != null) {
                    Arrays.fill(bArr2, (byte) 0);
                }
            } else if (this.data != null) {
                Arrays.fill(this.data, (byte) 0);
            }
            cancelOperation();
            throw e2;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.crypto.CipherSpi
    public int engineGetKeySize(Key key) throws InvalidKeyException {
        if (key instanceof PublicKey) {
            try {
                return ((java.security.interfaces.RSAPublicKey) key).getModulus().bitLength();
            } catch (Exception e) {
                throw new InvalidKeyException("Bad key encoding");
            }
        }
        if (!(key instanceof PrivateKey)) {
            throw new InvalidKeyException("Must be either public key or private key.");
        }
        try {
            return ((java.security.interfaces.RSAPrivateKey) key).getModulus().bitLength();
        } catch (Exception e2) {
            throw new InvalidKeyException("Bad key encoding");
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.crypto.CipherSpi
    public byte[] engineWrap(Key key) throws IllegalBlockSizeException, InvalidKeyException {
        int bitLength = (this.modulus.bitLength() + 7) / 8;
        if (this.session == null) {
            if (this.key == null) {
                throw new RuntimeException("Cipher engine is not initialized");
            }
            engineInit(this.opmode, this.key, null);
        }
        try {
            byte[] engineWrap = this.cipher.engineWrap(this.session, ((PKCS11Key) key).getObject(), bitLength);
            if (this.hw_key_to_delete != null) {
                this.hw_key_to_delete.rm();
                this.hw_key_to_delete = null;
            }
            this.sessionManager.releaseSession(this.session);
            this.session = null;
            return engineWrap;
        } catch (PKCS11Exception e) {
            cancelOperation();
            throw e;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.crypto.CipherSpi
    public Key engineUnwrap(byte[] bArr, String str, int i) throws InvalidKeyException, NoSuchAlgorithmException {
        Key key = null;
        Object[] objArr = new Object[2];
        if (this.session == null) {
            if (this.key == null) {
                throw new RuntimeException("Cipher engine is not initialized");
            }
            engineInit(this.opmode, this.key, null);
        }
        try {
            switch (i) {
                case 1:
                    Object[] constructPublicKeyAttrs = ConstructKeys.constructPublicKeyAttrs(str, this.config);
                    key = ConstructKeys.constructPublicKey(this.cipher.engineUnwrap(this.session, bArr, (int[]) constructPublicKeyAttrs[0], (Object[]) constructPublicKeyAttrs[1]), str, this.provider);
                    break;
                case 2:
                    Object[] constructPrivateKeyAttrs = ConstructKeys.constructPrivateKeyAttrs(str, this.config);
                    key = ConstructKeys.constructPrivateKey(this.cipher.engineUnwrap(this.session, bArr, (int[]) constructPrivateKeyAttrs[0], (Object[]) constructPrivateKeyAttrs[1]), str, this.provider);
                    break;
                case 3:
                    Object[] constructSecretKeyAttrs = ConstructKeys.constructSecretKeyAttrs(str, this.config);
                    key = ConstructKeys.constructSecretKey(this.cipher.engineUnwrap(this.session, bArr, (int[]) constructSecretKeyAttrs[0], (Object[]) constructSecretKeyAttrs[1]), str, this.provider);
                    break;
            }
            if (this.hw_key_to_delete != null) {
                this.hw_key_to_delete.rm();
                this.hw_key_to_delete = null;
            }
            this.sessionManager.releaseSession(this.session);
            this.session = null;
            return key;
        } catch (PKCS11Exception e) {
            cancelOperation();
            throw e;
        } catch (NoSuchAlgorithmException e2) {
            cancelOperation();
            throw e2;
        }
    }

    private PKCS11Key translateToP11Key(Key key) throws InvalidKeyException {
        PKCS11Key pKCS11Key;
        if (key instanceof PublicKey) {
            if (this.decrypting) {
                throw new InvalidKeyException("Public Key cannot be used to decrypt.");
            }
            if (key instanceof PKCS11Key) {
                pKCS11Key = (PKCS11Key) key;
            } else {
                if (!(key instanceof java.security.interfaces.RSAPublicKey)) {
                    if (debug != null) {
                        debug.exception(16384L, className, "engineInit", new InvalidKeyException("not RSA key"));
                        debug.exit(16384L, className, "engineInit");
                    }
                    throw new InvalidKeyException("not RSA key: " + ((Object) key));
                }
                try {
                    pKCS11Key = (PKCS11Key) KeyFactory.getInstance("RSA", this.provider).translateKey(key);
                    this.hw_key_to_delete = pKCS11Key;
                } catch (Exception e) {
                    if (debug != null) {
                        debug.exception(16384L, className, "engineInit", new InvalidKeyException("Cannot convert key: " + ((Object) key) + " with reason: " + e.getMessage()));
                        debug.exit(16384L, className, "engineInit");
                    }
                    throw new InvalidKeyException("Cannot convert key: " + ((Object) key) + " with reason: " + e.getMessage());
                }
            }
            try {
                this.modulus = ((java.security.interfaces.RSAPublicKey) key).getModulus();
            } catch (Exception e2) {
                throw new InvalidKeyException("Bad key encoding");
            }
        } else {
            if (!(key instanceof PrivateKey)) {
                throw new InvalidKeyException("Must be either public key or private key.");
            }
            if (!this.decrypting) {
                throw new InvalidKeyException("Private key cannot be used to encrypt.");
            }
            if (key instanceof PKCS11Key) {
                pKCS11Key = (PKCS11Key) key;
            } else {
                if (!(key instanceof java.security.interfaces.RSAPrivateKey) && !(key instanceof RSAPrivateCrtKey)) {
                    if (debug != null) {
                        debug.exception(16384L, className, "engineInit", new InvalidKeyException("not RSA key"));
                        debug.exit(16384L, className, "engineInit");
                    }
                    throw new InvalidKeyException("not RSA key: " + ((Object) key));
                }
                try {
                    pKCS11Key = (PKCS11Key) KeyFactory.getInstance("RSA", this.provider).translateKey(key);
                    this.hw_key_to_delete = pKCS11Key;
                } catch (Exception e3) {
                    if (debug != null) {
                        debug.exception(16384L, className, "engineInit", new InvalidKeyException("Cannot convert key: " + ((Object) key) + " with reason: " + e3.getMessage()));
                        debug.exit(16384L, className, "engineInit");
                    }
                    throw new InvalidKeyException("Cannot convert key: " + ((Object) key) + " with reason: " + e3.getMessage());
                }
            }
            try {
                this.modulus = ((java.security.interfaces.RSAPrivateKey) key).getModulus();
            } catch (Exception e4) {
                throw new InvalidKeyException("Bad key encoding");
            }
        }
        return pKCS11Key;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.crypto.CipherSpi
    public void engineInit(int i, Key key, java.security.SecureRandom secureRandom) throws InvalidKeyException {
        try {
            init(i, key, secureRandom, null);
        } catch (InvalidAlgorithmParameterException e) {
            InvalidKeyException invalidKeyException = new InvalidKeyException("Wrong parameters");
            invalidKeyException.initCause(e);
            throw invalidKeyException;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.crypto.CipherSpi
    public void engineInit(int i, Key key, AlgorithmParameterSpec algorithmParameterSpec, java.security.SecureRandom secureRandom) throws InvalidKeyException, InvalidAlgorithmParameterException {
        init(i, key, secureRandom, algorithmParameterSpec);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.crypto.CipherSpi
    public void engineInit(int i, Key key, AlgorithmParameters algorithmParameters, java.security.SecureRandom secureRandom) throws InvalidKeyException, InvalidAlgorithmParameterException {
        if (algorithmParameters == null) {
            init(i, key, secureRandom, null);
            return;
        }
        try {
            init(i, key, secureRandom, (OAEPParameterSpec) algorithmParameters.getParameterSpec(OAEPParameterSpec.class));
        } catch (InvalidParameterSpecException e) {
            InvalidAlgorithmParameterException invalidAlgorithmParameterException = new InvalidAlgorithmParameterException("Wrong parameter");
            invalidAlgorithmParameterException.initCause(e);
            throw invalidAlgorithmParameterException;
        }
    }

    private void init(int i, Key key, java.security.SecureRandom secureRandom, AlgorithmParameterSpec algorithmParameterSpec) throws InvalidKeyException, InvalidAlgorithmParameterException {
        this.spec = (OAEPParameterSpec) algorithmParameterSpec;
        if (debug != null) {
            debug.entry(16384L, className, "init");
        }
        if (i == 2 || i == 4) {
            this.decrypting = true;
        } else {
            if (i != 1 && i != 3) {
                throw new InvalidKeyException("Unknown mode: " + i);
            }
            this.decrypting = false;
        }
        if (key == null) {
            throw new InvalidKeyException("No key given");
        }
        PKCS11Key translateToP11Key = translateToP11Key(key);
        String algorithm = key.getAlgorithm();
        if (!algorithm.equals("RSA")) {
            throw new InvalidKeyException("Not a RSA key.  Key algorithm is " + algorithm + ".");
        }
        if (this.decrypting) {
            if (!(key instanceof java.security.interfaces.RSAPrivateKey) && !(key instanceof RSAPrivateCrtKey)) {
                throw new InvalidKeyException("Decryption key is not an RSAPrivateKey.");
            }
        } else if (!(key instanceof java.security.interfaces.RSAPublicKey)) {
            throw new InvalidKeyException("Encryption key is not a RSAPublicKey.");
        }
        if (this.data != null && !this.decrypting) {
            Arrays.fill(this.data, (byte) 0);
        }
        this.data = new byte[(this.modulus.bitLength() + 7) / 8];
        this.dataUsed = 0;
        OAEPParameterSpec oAEPParameterSpec = null;
        if (this.mechanism == 9) {
            if (algorithmParameterSpec != null) {
                if (debug != null) {
                    System.out.println("==================================================================================");
                    System.out.println("RSACipher.java:  init( ):  An OAEPParameterSpec object was supplied by the caller.");
                    System.out.println("==================================================================================");
                }
                if (!(algorithmParameterSpec instanceof OAEPParameterSpec)) {
                    throw new InvalidAlgorithmParameterException("Wrong Parameters for OAEP Padding");
                }
                oAEPParameterSpec = (OAEPParameterSpec) algorithmParameterSpec;
            } else {
                if (debug != null) {
                    System.out.println("==================================================================================");
                    System.out.println("RSACipher.java:  init( ):  No OAEPParameterSpec object was supplied by the caller.");
                    System.out.println("                           The following OAEP parameters are inferred from the supplied RSA/OAEP cipher transformation string:");
                    System.out.println("                           hashAlg = " + this.oaepHashAlgorithm);
                }
                MGF1ParameterSpec mGF1ParameterSpec = MGF1ParameterSpec.SHA1;
                if (!defaultMGF1isSHA1) {
                    if (debug != null) {
                        System.out.println("RSACipher.java:  init():  -Dcom.ibm.crypto.provider.Default_RSA_OAEP_MGF1_is_SHA1=false");
                    }
                    if (this.oaepHashAlgorithm.equals("SHA-256") || this.oaepHashAlgorithm.equals("SHA256")) {
                        mGF1ParameterSpec = MGF1ParameterSpec.SHA256;
                        if (debug != null) {
                            System.out.println("                           mgf = SHA-256");
                        }
                    } else if (this.oaepHashAlgorithm.equals("SHA-384") || this.oaepHashAlgorithm.equals("SHA384")) {
                        mGF1ParameterSpec = MGF1ParameterSpec.SHA384;
                        if (debug != null) {
                            System.out.println("                           mgf = SHA-384");
                        }
                    } else if (this.oaepHashAlgorithm.equals("SHA-512") || this.oaepHashAlgorithm.equals("SHA512")) {
                        mGF1ParameterSpec = MGF1ParameterSpec.SHA512;
                        if (debug != null) {
                            System.out.println("                           mgf = SHA-512");
                        }
                    } else if (this.oaepHashAlgorithm.equals("SHA-224") || this.oaepHashAlgorithm.equals("SHA224")) {
                        mGF1ParameterSpec = MGF1ParameterSpec.SHA224;
                        if (debug != null) {
                            System.out.println("                           mgf = SHA-224");
                        }
                    }
                } else if (debug != null) {
                    System.out.println("                               mgf = SHA-1  (-Dcom.ibm.crypto.provider.Default_RSA_OAEP_MGF1_is_SHA1=true) ");
                }
                if (debug != null) {
                    System.out.println("                              pSrc = PSource.PSpecified.DEFAULT");
                    System.out.println("==================================================================================");
                }
                oAEPParameterSpec = new OAEPParameterSpec(this.oaepHashAlgorithm, "MGF1", mGF1ParameterSpec, PSource.PSpecified.DEFAULT);
            }
        }
        if (debug != null) {
            if (this.mechanism == 1) {
                System.out.println("RSACipher.java:  init():  Creating a PKCS11Cipher object with mechanism = RSA_PKCS (RSA/ /PKCS1Padding)");
            } else if (this.mechanism == 3) {
                System.out.println("RSACipher.java:  init():  Creating a PKCS11Cipher object with mechanism = RSA_X_509 (RSA/ /NoPadding)");
            } else if (this.mechanism == 9) {
                System.out.println("RSACipher.java:  init():  Creating a PKCS11Cipher object with mechanism = RSA_PKCS_OAEP (RSA/ /OAEPPadding...)");
            }
        }
        PKCS11Cipher pKCS11Cipher = new PKCS11Cipher(this.mechanism);
        if (this.session == null) {
            this.session = this.sessionManager.getOpSession();
        } else {
            cancelOperation();
            if (this.session == null) {
                this.session = this.sessionManager.getOpSession();
            }
        }
        try {
            pKCS11Cipher.engineInit(this.session, i, translateToP11Key.getObject(), oAEPParameterSpec, (this.modulus.bitLength() + 7) / 8);
            if (debug != null) {
                System.out.println("RSACipher.java:  init():  Returning from the PKCS11Cipher.init() call");
            }
            this.opmode = i;
            this.key = key;
            this.cipher = pKCS11Cipher;
            if (debug != null) {
                debug.exit(16384L, className, "init");
            }
        } catch (PKCS11Exception e) {
            cancelOperation();
            throw e;
        }
    }

    public static String toHexString(byte[] bArr) {
        StringBuffer stringBuffer = new StringBuffer();
        char[] cArr = {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'A', 'B', 'C', 'D', 'E', 'F'};
        int length = bArr.length;
        for (int i = 0; i < length; i++) {
            if (i % 16 == 0) {
                stringBuffer.append('\n');
            }
            int i2 = (bArr[i] & 240) >> 4;
            int i3 = bArr[i] & 15;
            stringBuffer.append(cArr[i2]);
            stringBuffer.append(cArr[i3]);
            stringBuffer.append(' ');
        }
        return stringBuffer.toString();
    }
}
