package sun.security.pkcs11;

import java.security.AlgorithmParameters;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import java.security.ProviderException;
import java.security.SecureRandom;
import java.security.spec.AlgorithmParameterSpec;
import javax.crypto.BadPaddingException;
import javax.crypto.CipherSpi;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.ShortBufferException;
import sun.security.pkcs11.wrapper.CK_MECHANISM;
import sun.security.pkcs11.wrapper.PKCS11;
import sun.security.pkcs11.wrapper.PKCS11Exception;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:118668-04/SUNWj5rt/reloc/jdk/instances/jdk1.5.0/jre/lib/ext/sunpkcs11.jar:sun/security/pkcs11/P11RSACipher.class */
public final class P11RSACipher extends CipherSpi {
    private static final int PKCS1_MIN_PADDING_LENGTH = 11;
    private static final byte[] B0 = new byte[0];
    private static final int MODE_ENCRYPT = 1;
    private static final int MODE_DECRYPT = 2;
    private static final int MODE_SIGN = 3;
    private static final int MODE_VERIFY = 4;
    private final Token token;
    private final String algorithm = "RSA";
    private final long mechanism;
    private Session session;
    private int mode;
    private byte[] buffer;
    private int bufOfs;
    private P11Key p11Key;
    private boolean initialized;
    private int maxInputSize;
    private int outputSize;

    /* JADX INFO: Access modifiers changed from: package-private */
    public P11RSACipher(Token token, String str, long j) throws PKCS11Exception {
        this.token = token;
        this.mechanism = j;
        this.session = token.getOpSession();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.crypto.CipherSpi
    public void engineSetMode(String str) throws NoSuchAlgorithmException {
        if (!str.equalsIgnoreCase("ECB")) {
            throw new NoSuchAlgorithmException("Unsupported mode " + str);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.crypto.CipherSpi
    public void engineSetPadding(String str) throws NoSuchPaddingException {
        if (!str.toLowerCase().equals("pkcs1Padding")) {
            throw new NoSuchPaddingException("Unsupported padding " + str);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.crypto.CipherSpi
    public int engineGetBlockSize() {
        return 0;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.crypto.CipherSpi
    public int engineGetOutputSize(int i) {
        return this.outputSize;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.crypto.CipherSpi
    public byte[] engineGetIV() {
        return null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.crypto.CipherSpi
    public AlgorithmParameters engineGetParameters() {
        return null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.crypto.CipherSpi
    public void engineInit(int i, Key key, SecureRandom secureRandom) throws InvalidKeyException {
        implInit(i, key);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.crypto.CipherSpi
    public void engineInit(int i, Key key, AlgorithmParameterSpec algorithmParameterSpec, SecureRandom secureRandom) throws InvalidKeyException, InvalidAlgorithmParameterException {
        if (algorithmParameterSpec != null) {
            throw new InvalidAlgorithmParameterException("Parameters not supported");
        }
        implInit(i, key);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.crypto.CipherSpi
    public void engineInit(int i, Key key, AlgorithmParameters algorithmParameters, SecureRandom secureRandom) throws InvalidKeyException, InvalidAlgorithmParameterException {
        if (algorithmParameters != null) {
            throw new InvalidAlgorithmParameterException("Parameters not supported");
        }
        implInit(i, key);
    }

    private void implInit(int i, Key key) throws InvalidKeyException {
        boolean z;
        cancelOperation();
        this.p11Key = P11KeyFactory.convertKey(this.token, key, this.algorithm);
        if (i == 1) {
            z = true;
        } else if (i == 2) {
            z = false;
        } else if (i == 3) {
            if (!this.p11Key.isPublic()) {
                throw new InvalidKeyException("Wrap has to be used with public keys");
            }
            z = true;
        } else {
            if (i != 4) {
                throw new InvalidKeyException("Unsupported mode: " + i);
            }
            if (!this.p11Key.isPrivate()) {
                throw new InvalidKeyException("Unwrap has to be used with private keys");
            }
            z = false;
        }
        if (this.p11Key.isPublic()) {
            this.mode = z ? 1 : 4;
        } else {
            if (!this.p11Key.isPrivate()) {
                throw new InvalidKeyException("Unknown key type: " + ((Object) this.p11Key));
            }
            this.mode = z ? 3 : 2;
        }
        int keyLength = (this.p11Key.keyLength() + 7) >> 3;
        this.outputSize = keyLength;
        this.buffer = new byte[keyLength];
        this.maxInputSize = z ? keyLength - 11 : keyLength;
        try {
            initialize();
        } catch (PKCS11Exception e) {
            throw new InvalidKeyException("init() failed", e);
        }
    }

    private void cancelOperation() {
        this.token.ensureValid();
        if (this.initialized) {
            this.initialized = false;
            if (this.session == null || !this.token.explicitCancel) {
                return;
            }
            if (!this.session.hasObjects()) {
                this.session = this.token.killSession(this.session);
                return;
            }
            try {
                PKCS11 pkcs11 = this.token.p11;
                int i = this.maxInputSize;
                int length = this.buffer.length;
                switch (this.mode) {
                    case 1:
                        pkcs11.C_Encrypt(this.session.id(), this.buffer, 0, i, this.buffer, 0, length);
                        break;
                    case 2:
                        pkcs11.C_Decrypt(this.session.id(), this.buffer, 0, i, this.buffer, 0, length);
                        break;
                    case 3:
                        pkcs11.C_Sign(this.session.id(), new byte[this.maxInputSize]);
                        break;
                    case 4:
                        pkcs11.C_VerifyRecover(this.session.id(), this.buffer, 0, i, this.buffer, 0, length);
                        break;
                    default:
                        throw new ProviderException("internal error");
                }
            } catch (PKCS11Exception e) {
            }
        }
    }

    private void ensureInitialized() throws PKCS11Exception {
        this.token.ensureValid();
        if (this.initialized) {
            return;
        }
        initialize();
    }

    private void initialize() throws PKCS11Exception {
        if (this.session == null) {
            this.session = this.token.getOpSession();
        }
        PKCS11 pkcs11 = this.token.p11;
        CK_MECHANISM ck_mechanism = new CK_MECHANISM(this.mechanism);
        switch (this.mode) {
            case 1:
                pkcs11.C_EncryptInit(this.session.id(), ck_mechanism, this.p11Key.keyID);
                break;
            case 2:
                pkcs11.C_DecryptInit(this.session.id(), ck_mechanism, this.p11Key.keyID);
                break;
            case 3:
                pkcs11.C_SignInit(this.session.id(), ck_mechanism, this.p11Key.keyID);
                break;
            case 4:
                pkcs11.C_VerifyRecoverInit(this.session.id(), ck_mechanism, this.p11Key.keyID);
                break;
            default:
                throw new AssertionError((Object) "internal error");
        }
        this.bufOfs = 0;
        this.initialized = true;
    }

    private void implUpdate(byte[] bArr, int i, int i2) {
        try {
            ensureInitialized();
            if (i2 == 0 || bArr == null) {
                return;
            }
            if (this.bufOfs + i2 > this.maxInputSize) {
                this.bufOfs = this.maxInputSize + 1;
            } else {
                System.arraycopy(bArr, i, this.buffer, this.bufOfs, i2);
                this.bufOfs += i2;
            }
        } catch (PKCS11Exception e) {
            throw new ProviderException("update() failed", e);
        }
    }

    private int implDoFinal(byte[] bArr, int i, int i2) throws BadPaddingException, IllegalBlockSizeException {
        int C_VerifyRecover;
        try {
            if (this.bufOfs > this.maxInputSize) {
                throw new IllegalBlockSizeException("Data must not be longer than " + this.maxInputSize + " bytes");
            }
            try {
                ensureInitialized();
                PKCS11 pkcs11 = this.token.p11;
                switch (this.mode) {
                    case 1:
                        C_VerifyRecover = pkcs11.C_Encrypt(this.session.id(), this.buffer, 0, this.bufOfs, bArr, i, i2);
                        break;
                    case 2:
                        C_VerifyRecover = pkcs11.C_Decrypt(this.session.id(), this.buffer, 0, this.bufOfs, bArr, i, i2);
                        break;
                    case 3:
                        byte[] bArr2 = new byte[this.bufOfs];
                        System.arraycopy(this.buffer, 0, bArr2, 0, this.bufOfs);
                        byte[] C_Sign = pkcs11.C_Sign(this.session.id(), bArr2);
                        if (C_Sign.length <= i2) {
                            System.arraycopy(C_Sign, 0, bArr, i, C_Sign.length);
                            C_VerifyRecover = C_Sign.length;
                            break;
                        } else {
                            throw new BadPaddingException("Output buffer too small");
                        }
                    case 4:
                        C_VerifyRecover = pkcs11.C_VerifyRecover(this.session.id(), this.buffer, 0, this.bufOfs, bArr, i, i2);
                        break;
                    default:
                        throw new ProviderException("internal error");
                }
                return C_VerifyRecover;
            } catch (PKCS11Exception e) {
                throw ((BadPaddingException) new BadPaddingException("doFinal() failed").initCause(e));
            }
        } finally {
            this.initialized = false;
            this.session = this.token.releaseSession(this.session);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.crypto.CipherSpi
    public byte[] engineUpdate(byte[] bArr, int i, int i2) {
        implUpdate(bArr, i, i2);
        return B0;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.crypto.CipherSpi
    public int engineUpdate(byte[] bArr, int i, int i2, byte[] bArr2, int i3) throws ShortBufferException {
        implUpdate(bArr, i, i2);
        return 0;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.crypto.CipherSpi
    public byte[] engineDoFinal(byte[] bArr, int i, int i2) throws IllegalBlockSizeException, BadPaddingException {
        implUpdate(bArr, i, i2);
        int implDoFinal = implDoFinal(this.buffer, 0, this.buffer.length);
        byte[] bArr2 = new byte[implDoFinal];
        System.arraycopy(this.buffer, 0, bArr2, 0, implDoFinal);
        return bArr2;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.crypto.CipherSpi
    public int engineDoFinal(byte[] bArr, int i, int i2, byte[] bArr2, int i3) throws ShortBufferException, IllegalBlockSizeException, BadPaddingException {
        implUpdate(bArr, i, i2);
        return implDoFinal(bArr2, i3, bArr2.length - i3);
    }

    private byte[] doFinal() throws BadPaddingException, IllegalBlockSizeException {
        byte[] bArr = new byte[2048];
        int implDoFinal = implDoFinal(bArr, 0, bArr.length);
        byte[] bArr2 = new byte[implDoFinal];
        System.arraycopy(bArr, 0, bArr2, 0, implDoFinal);
        return bArr2;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.crypto.CipherSpi
    public byte[] engineWrap(Key key) throws InvalidKeyException, IllegalBlockSizeException {
        byte[] encoded = key.getEncoded();
        if (encoded == null || encoded.length == 0) {
            throw new InvalidKeyException("Could not obtain encoded key");
        }
        if (encoded.length > this.maxInputSize) {
            throw new InvalidKeyException("Key is too long for wrapping");
        }
        implUpdate(encoded, 0, encoded.length);
        try {
            return doFinal();
        } catch (BadPaddingException e) {
            throw new InvalidKeyException("Wrapping failed", e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.crypto.CipherSpi
    public Key engineUnwrap(byte[] bArr, String str, int i) throws InvalidKeyException, NoSuchAlgorithmException {
        if (bArr.length > this.maxInputSize) {
            throw new InvalidKeyException("Key is too long for unwrapping");
        }
        implUpdate(bArr, 0, bArr.length);
        try {
            return ConstructKeys.constructKey(doFinal(), str, i);
        } catch (BadPaddingException e) {
            throw new InvalidKeyException("Unwrapping failed", e);
        } catch (IllegalBlockSizeException e2) {
            throw new InvalidKeyException("Unwrapping failed", e2);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.crypto.CipherSpi
    public int engineGetKeySize(Key key) throws InvalidKeyException {
        return P11KeyFactory.convertKey(this.token, key, this.algorithm).keyLength();
    }

    protected void finalize() throws Throwable {
        try {
            if (this.session != null && this.token.isValid()) {
                cancelOperation();
                this.session = this.token.releaseSession(this.session);
            }
        } finally {
            super.finalize();
        }
    }
}
