package com.ibm.crypto.pkcs11impl.provider;

import com.ibm.misc.Debug;
import com.ibm.misc.HexDumpEncoder;
import com.ibm.pkcs11.PKCS11Exception;
import com.ibm.pkcs11.PKCS11Mechanism;
import com.ibm.security.certclient.base.PkConstants;
import com.ibm.security.util.DerOutputStream;
import com.ibm.security.util.DerValue;
import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.PublicKey;
import java.security.SignatureException;
import java.security.SignatureSpi;

/* loaded from: input_file:jre/Home/jre/lib/ext/ibmpkcs11impl.jar:com/ibm/crypto/pkcs11impl/provider/GeneralSignature.class */
final class GeneralSignature extends SignatureSpi {
    private Signature sig;
    private int mechanism;
    private SessionManager sessionManager;
    private Session session;
    private static Debug debug = Debug.getInstance("pkcs11impl");
    private static String className = "com.ibm.crypto.pkcs11impl.provider.GeneralSignature";
    private boolean isSign;
    private String algorithm;
    private boolean initialized;
    private boolean isSingle;
    private MessageDigest md;
    private static final int RAW_ECDSA_MAX = 128;
    private byte[] buffer;
    private int bytesProcessed;
    private Key sigKey;

    public GeneralSignature(Provider provider, String str, int i) throws NoSuchAlgorithmException, NoSuchProviderException {
        this.mechanism = 0;
        if (debug != null) {
            debug.entry(16384L, className, "GeneralSignature");
        }
        this.algorithm = str;
        this.mechanism = i;
        switch (i) {
            case PKCS11Mechanism.ECDSA /* 4161 */:
                this.isSingle = true;
                String str2 = null;
                if (this.algorithm.equalsIgnoreCase("NONEwithECDSA")) {
                    this.buffer = new byte[128];
                } else if (this.algorithm.equalsIgnoreCase(PkConstants.SHA1_WITH_ECDSA)) {
                    str2 = "SHA-1";
                } else if (this.algorithm.equalsIgnoreCase("SHA224withECDSA")) {
                    str2 = "SHA-224";
                } else if (this.algorithm.equalsIgnoreCase("SHA256withECDSA")) {
                    str2 = "SHA-256";
                } else if (this.algorithm.equalsIgnoreCase(PkConstants.SHA3_WITH_ECDSA)) {
                    str2 = "SHA-384";
                } else if (this.algorithm.equalsIgnoreCase(PkConstants.SHA5_WITH_ECDSA)) {
                    str2 = "SHA-512";
                }
                if (str2 != null) {
                    this.md = MessageDigest.getInstance(str2);
                    break;
                }
                break;
            case PKCS11Mechanism.ECDSA_SHA1 /* 4162 */:
                this.isSingle = false;
                this.md = null;
                break;
        }
        this.sessionManager = ((IBMPKCS11Impl) provider).getSessionManager();
        this.sig = new Signature(i, provider);
        if (debug != null) {
            debug.exit(16384L, className, "GeneralSignature");
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // java.security.SignatureSpi
    public void engineSetParameter(String str, Object obj) {
        if (debug != null) {
            debug.entry(16384L, className, "engineSetParameter");
            debug.exit(16384L, className, "engineSetParameter");
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // java.security.SignatureSpi
    public Object engineGetParameter(String str) {
        if (debug == null) {
            return null;
        }
        debug.entry(16384L, className, "engineGetParameter", str);
        debug.exit(16384L, className, "engineGetParameter");
        return null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // java.security.SignatureSpi
    public void engineInitSign(PrivateKey privateKey) throws InvalidKeyException {
        if (debug != null) {
            debug.entry(16384L, className, "engineInitSign", privateKey.toString());
        }
        cancelOperation();
        if (this.session == null) {
            this.session = this.sessionManager.getOpSession();
        }
        try {
            this.sig.engineInitSign(this.session, privateKey);
            this.isSign = true;
            this.initialized = true;
            this.sigKey = privateKey;
            if (debug != null) {
                debug.exit(16384L, className, "engineInitSign");
            }
        } catch (PKCS11Exception e) {
            cancelOperation();
            if (this.session != null) {
                this.sessionManager.releaseSession(this.session);
                this.session = null;
            }
            throw new InvalidKeyException(e);
        } catch (InvalidKeyException e2) {
            this.sessionManager.releaseSession(this.session);
            this.session = null;
            throw e2;
        }
    }

    private void cancelOperation() {
        if (this.initialized && this.session != null) {
            if (this.md != null) {
                this.md.reset();
            }
            this.bytesProcessed = 0;
            this.isSign = false;
            this.initialized = false;
            if (!this.session.hasObjects()) {
                this.sessionManager.closeSession(this.session);
                this.session = null;
            } else {
                if (!this.isSign) {
                    this.sig.engineDummyVerify(this.session, this.algorithm);
                    return;
                }
                try {
                    this.sig.engineSign(this.session);
                } catch (SignatureException e) {
                    if (debug != null) {
                        debug.exception(16384L, "GeneralSignature", "cancelOperation", e);
                    }
                }
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // java.security.SignatureSpi
    public void engineInitVerify(PublicKey publicKey) throws InvalidKeyException {
        if (debug != null) {
            debug.entry(16384L, className, "engineInitVerify", publicKey.toString());
        }
        cancelOperation();
        if (this.session == null) {
            this.session = this.sessionManager.getOpSession();
        }
        try {
            this.sig.engineInitVerify(this.session, publicKey);
            this.isSign = false;
            this.initialized = true;
            this.sigKey = publicKey;
            if (debug != null) {
                debug.exit(16384L, className, "engineInitVerify");
            }
        } catch (PKCS11Exception e) {
            cancelOperation();
            if (this.session != null) {
                this.sessionManager.releaseSession(this.session);
                this.session = null;
            }
            throw new InvalidKeyException(e);
        } catch (InvalidKeyException e2) {
            this.sessionManager.releaseSession(this.session);
            this.session = null;
            throw e2;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // java.security.SignatureSpi
    public void engineUpdate(byte b) {
        if (debug != null) {
            debug.entry(16384L, className, "engineUpdate(byte)", Byte.valueOf(b));
        }
        if (this.session == null) {
            try {
                if (this.isSign) {
                    engineInitSign((PrivateKey) this.sigKey);
                } else {
                    engineInitVerify((PublicKey) this.sigKey);
                }
            } catch (InvalidKeyException e) {
                throw new RuntimeException(e);
            }
        }
        byte[] bArr = {b};
        if (!this.initialized) {
            throw new IllegalStateException("Signature is not initialized");
        }
        if (this.isSingle) {
            singleUpdate(bArr, 0, 1);
        } else {
            try {
                this.sig.engineUpdate(this.session, bArr, 0, 1);
            } catch (PKCS11Exception e2) {
                if (debug != null) {
                    debug.exception(16384L, className, "engineUpdate(byte)", e2);
                }
                cancelOperation();
                if (this.session != null) {
                    this.sessionManager.releaseSession(this.session);
                    this.session = null;
                }
                throw e2;
            }
        }
        if (debug != null) {
            debug.exit(16384L, className, "engineUpdate(byte)");
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // java.security.SignatureSpi
    public void engineUpdate(byte[] bArr, int i, int i2) {
        if (debug != null) {
            debug.entry(16384L, className, "engineUpdate(byte[], int, int)", bArr, new Integer(i2));
        }
        if (!this.initialized) {
            throw new IllegalStateException("Signature is not initialized");
        }
        if (this.session == null) {
            try {
                if (this.isSign) {
                    engineInitSign((PrivateKey) this.sigKey);
                } else {
                    engineInitVerify((PublicKey) this.sigKey);
                }
            } catch (InvalidKeyException e) {
                throw new RuntimeException(e);
            }
        }
        if (this.isSingle) {
            singleUpdate(bArr, i, i2);
        } else {
            try {
                this.sig.engineUpdate(this.session, bArr, i, i2);
            } catch (PKCS11Exception e2) {
                if (debug != null) {
                    debug.exception(16384L, className, "engineUpdate(byte[], int, int)", e2);
                }
                cancelOperation();
                if (this.session != null) {
                    this.sessionManager.releaseSession(this.session);
                    this.session = null;
                }
                throw e2;
            }
        }
        if (debug != null) {
            debug.exit(16384L, className, "engineUpdate(byte[], int, int)");
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // java.security.SignatureSpi
    public byte[] engineSign() throws SignatureException {
        byte[] engineSign;
        if (debug != null) {
            debug.entry(16384L, className, "engineSign");
            System.out.println("GeneralSignature.java:  engineSign():  Beginning a computation which computes a signature in its ENTIRETY, rather than PIECEMEAL.");
        }
        if (!this.initialized || !this.isSign) {
            if (debug != null) {
                debug.text(16384L, "GeneralSignature", "engineSign", "Signature is initialized? " + this.initialized + " Signature is for signing? " + this.isSign);
            }
            throw new SignatureException("Signature is not initialized properly");
        }
        if (this.session == null) {
            try {
                engineInitSign((PrivateKey) this.sigKey);
            } catch (InvalidKeyException e) {
                throw new SignatureException(e);
            }
        }
        try {
            try {
                if (!this.isSingle) {
                    engineSign = this.sig.engineSign(this.session);
                } else if (this.md != null) {
                    byte[] digest = this.md.digest();
                    engineSign = this.sig.engineSign(this.session, digest, digest.length);
                } else {
                    if (this.bytesProcessed > this.buffer.length) {
                        throw new SignatureException("Data for NONEwithECDSA should not be longer than 1024 bits");
                    }
                    engineSign = this.sig.engineSign(this.session, this.buffer, this.bytesProcessed);
                }
                switch (this.mechanism) {
                    case 18:
                        return bytearrayToASN1(20, engineSign);
                    case PKCS11Mechanism.ECDSA /* 4161 */:
                    case PKCS11Mechanism.ECDSA_SHA1 /* 4162 */:
                        return bytearrayToASN1(engineSign.length >> 1, engineSign);
                    default:
                        return engineSign;
                }
            } catch (PKCS11Exception e2) {
                if (debug != null) {
                    debug.exception(16384L, "GeneralSignature", "engineSign", e2);
                }
                cancelOperation();
                throw e2;
            }
        } finally {
            if (this.session != null) {
                this.sessionManager.releaseSession(this.session);
                this.session = null;
            }
            if (this.md != null) {
                this.md.reset();
            }
            this.bytesProcessed = 0;
        }
    }

    private byte[] bytearrayToASN1(int i, byte[] bArr) throws SignatureException {
        try {
            byte[] bArr2 = new byte[i];
            byte[] bArr3 = new byte[i];
            System.arraycopy(bArr, 0, bArr2, 0, i);
            System.arraycopy(bArr, i, bArr3, 0, bArr.length - i);
            DerOutputStream derOutputStream = new DerOutputStream(100);
            derOutputStream.putInteger(new BigInteger(1, bArr2));
            derOutputStream.putInteger(new BigInteger(1, bArr3));
            DerValue derValue = new DerValue((byte) 48, derOutputStream.toByteArray());
            if (debug != null) {
                debug.text(16384L, className, "bytearrayToASN1", "Signature = " + new HexDumpEncoder().encode(bArr));
                debug.text(16384L, className, "bytearrayToASN1", "Encoded Sign len = " + derValue.toByteArray().length);
                debug.text(16384L, className, "bytearrayToASN1", "Sign len = " + bArr.length);
                debug.exit(16384L, className, "bytearrayToASN1");
            }
            return derValue.toByteArray();
        } catch (IOException e) {
            if (debug != null) {
                debug.exception(16384L, className, "bytearrayToASN1", e);
                debug.exit(16384L, className, "bytearrayToASN1");
            }
            throw new SignatureException("error encoding signature");
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // java.security.SignatureSpi
    public boolean engineVerify(byte[] bArr) throws SignatureException {
        boolean engineVerify;
        if (debug != null) {
            debug.entry(16384L, className, "engineVerify", bArr);
            System.out.println("GeneralSignature.java:  engineSign():  Beginning a computation which verifies a signature that was computed in its ENTIRETY, rather than PIECEMEAL.");
        }
        if (!this.initialized || this.isSign) {
            throw new SignatureException("Signature is not initialized properly");
        }
        if (this.session == null) {
            try {
                engineInitVerify((PublicKey) this.sigKey);
            } catch (InvalidKeyException e) {
                throw new SignatureException(e);
            }
        }
        try {
            try {
                if (!this.isSingle) {
                    engineVerify = this.sig.engineVerify(this.session, bArr);
                } else if (this.md != null) {
                    byte[] digest = this.md.digest();
                    engineVerify = this.sig.engineVerify(this.session, bArr, digest, digest.length);
                } else {
                    if (this.bytesProcessed > this.buffer.length) {
                        throw new SignatureException("Data for NONEwithECDSA algorithm should not be longer than 1024 bits");
                    }
                    engineVerify = this.sig.engineVerify(this.session, bArr, this.buffer, this.bytesProcessed);
                }
                return engineVerify;
            } finally {
                if (this.session != null) {
                    this.sessionManager.releaseSession(this.session);
                    this.session = null;
                }
                if (this.md != null) {
                    this.md.reset();
                }
                this.bytesProcessed = 0;
            }
        } catch (PKCS11Exception e2) {
            if (debug != null) {
                debug.exception(16384L, "GeneralSignature", "engineVerify", e2);
            }
            cancelOperation();
            throw e2;
        } catch (SignatureException e3) {
            if (debug != null) {
                debug.exception(16384L, "GeneralSignature", "engineVerify", e3);
            }
            cancelOperation();
            throw e3;
        }
    }

    private void singleUpdate(byte[] bArr, int i, int i2) {
        if (this.md != null) {
            this.md.update(bArr, i, i2);
            this.bytesProcessed++;
            return;
        }
        if (this.bytesProcessed >= this.buffer.length) {
            this.bytesProcessed = this.buffer.length + 1;
            if (debug != null) {
                debug.text(16384L, className, "singleUpdate", "number of bytes processed can not exceed buffer length:" + this.bytesProcessed);
                return;
            }
            return;
        }
        if (bArr.length != 1) {
            System.arraycopy(bArr, i, this.buffer, this.bytesProcessed, i2);
            this.bytesProcessed += i2;
        } else {
            byte[] bArr2 = this.buffer;
            int i3 = this.bytesProcessed;
            this.bytesProcessed = i3 + 1;
            bArr2[i3] = bArr[0];
        }
    }
}
