package iaik.pkcs.pkcs11.provider.macs;

import iaik.pkcs.pkcs11.Mechanism;
import iaik.pkcs.pkcs11.MechanismInfo;
import iaik.pkcs.pkcs11.Session;
import iaik.pkcs.pkcs11.TokenException;
import iaik.pkcs.pkcs11.objects.Key;
import iaik.pkcs.pkcs11.objects.SecretKey;
import iaik.pkcs.pkcs11.provider.DelegateProvider;
import iaik.pkcs.pkcs11.provider.IAIKPkcs11;
import iaik.pkcs.pkcs11.provider.IAIKPkcs11Exception;
import iaik.pkcs.pkcs11.provider.PKCS11EngineClass;
import iaik.pkcs.pkcs11.provider.TokenManager;
import iaik.pkcs.pkcs11.provider.keys.IAIKPKCS11Key;
import iaik.pkcs.pkcs11.provider.keys.IAIKPKCS11SecretKey;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.spec.AlgorithmParameterSpec;
import javax.crypto.Mac;
import javax.crypto.MacSpi;

/* loaded from: input_file:iaikPkcs11Provider.jar:iaik/pkcs/pkcs11/provider/macs/PKCS11Mac.class */
public abstract class PKCS11Mac extends MacSpi implements PKCS11EngineClass {
    private static final boolean DEBUG = false;
    protected Session session_;
    protected TokenManager tokenManager_;
    protected IAIKPKCS11SecretKey key_;
    protected SecretKey keyObject_;
    protected boolean initialized_;
    protected boolean pkcs11OperationInitialized_;
    protected boolean updateUsed_;
    protected byte[] buffer_;
    protected boolean currentKeyIsSoftwareKey_;
    protected Mac softwareDelegate_;
    protected Mechanism[] usedMechanisms_;
    protected MechanismInfo[][] usedMechanismInfos_;

    protected void checkKeyObject(Key key) throws InvalidKeyException {
        if (key == null) {
            throw new NullPointerException("Argument \"keyObject\" must not be null.");
        }
        if (!(key instanceof SecretKey)) {
            throw new InvalidKeyException("PKCS#11 key object inside IAIKPKCS11SecretKey must be of type SecretKey");
        }
    }

    @Override // javax.crypto.MacSpi
    protected byte[] engineDoFinal() throws IllegalStateException {
        byte[] pkcs11DoFinal;
        if (!this.currentKeyIsSoftwareKey_) {
            pkcs11DoFinal = pkcs11DoFinal();
        } else {
            if (!IAIKPkcs11.isEnableSoftwareDelegation()) {
                throw new IAIKPkcs11Exception("The current key is not a key of this provider, but software delegation is disabled.");
            }
            pkcs11DoFinal = this.softwareDelegate_.doFinal();
        }
        return pkcs11DoFinal;
    }

    @Override // javax.crypto.MacSpi
    protected int engineGetMacLength() {
        int pkcs11GetMacLength;
        if (!this.currentKeyIsSoftwareKey_) {
            pkcs11GetMacLength = pkcs11GetMacLength();
        } else {
            if (!IAIKPkcs11.isEnableSoftwareDelegation()) {
                throw new IAIKPkcs11Exception("The current key is not a key of this provider, but software delegation is disabled.");
            }
            pkcs11GetMacLength = this.softwareDelegate_.getMacLength();
        }
        return pkcs11GetMacLength;
    }

    @Override // javax.crypto.MacSpi
    protected void engineInit(java.security.Key key, AlgorithmParameterSpec algorithmParameterSpec) throws InvalidKeyException, InvalidAlgorithmParameterException {
        java.security.Key handleMacKey = IAIKPkcs11.getGlobalKeyHandler().handleMacKey(getAlgorithmName(), key);
        if (handleMacKey instanceof IAIKPKCS11Key) {
            pkcs11Init(handleMacKey, algorithmParameterSpec);
            this.currentKeyIsSoftwareKey_ = false;
        } else {
            if (!IAIKPkcs11.isEnableSoftwareDelegation()) {
                throw new InvalidKeyException("The current key is not a key of this provider, but software delegation is disabled.");
            }
            if (this.softwareDelegate_ == null) {
                initializeSoftwareDelegate();
            }
            this.softwareDelegate_.init(handleMacKey, algorithmParameterSpec);
            this.currentKeyIsSoftwareKey_ = true;
        }
    }

    @Override // javax.crypto.MacSpi
    protected void engineReset() {
        if (!this.currentKeyIsSoftwareKey_) {
            pkcs11Reset();
        } else {
            if (!IAIKPkcs11.isEnableSoftwareDelegation()) {
                throw new IAIKPkcs11Exception("The current key is not a key of this provider, but software delegation is disabled.");
            }
            this.softwareDelegate_.reset();
        }
    }

    @Override // javax.crypto.MacSpi
    protected void engineUpdate(byte b) throws IllegalStateException {
        if (!this.currentKeyIsSoftwareKey_) {
            pkcs11Update(b);
        } else {
            if (!IAIKPkcs11.isEnableSoftwareDelegation()) {
                throw new IAIKPkcs11Exception("The current key is not a key of this provider, but software delegation is disabled.");
            }
            this.softwareDelegate_.update(b);
        }
    }

    @Override // javax.crypto.MacSpi
    protected void engineUpdate(byte[] bArr, int i, int i2) throws IllegalStateException {
        if (!this.currentKeyIsSoftwareKey_) {
            pkcs11Update(bArr, i, i2);
        } else {
            if (!IAIKPkcs11.isEnableSoftwareDelegation()) {
                throw new IAIKPkcs11Exception("The current key is not a key of this provider, but software delegation is disabled.");
            }
            this.softwareDelegate_.update(bArr, i, i2);
        }
    }

    protected void finalize() throws Throwable {
        if (this.session_ != null) {
            finalizePkcs11Operation();
        }
        super.finalize();
    }

    protected void finalizePkcs11Operation() {
        if (this.pkcs11OperationInitialized_) {
            this.pkcs11OperationInitialized_ = false;
            this.tokenManager_.closeSession(this.session_);
            this.session_ = null;
        } else {
            this.pkcs11OperationInitialized_ = false;
            this.tokenManager_.disposeSession(this.session_);
            this.session_ = null;
        }
    }

    protected abstract String getAlgorithmName();

    protected abstract Mechanism getMechanism();

    /* JADX WARN: Type inference failed for: r1v5, types: [iaik.pkcs.pkcs11.MechanismInfo[], iaik.pkcs.pkcs11.MechanismInfo[][]] */
    protected MechanismInfo[][] getUsedMechanismFeatures() {
        if (this.usedMechanismInfos_ == null) {
            MechanismInfo mechanismInfo = new MechanismInfo();
            mechanismInfo.setSign(true);
            MechanismInfo mechanismInfo2 = new MechanismInfo();
            mechanismInfo2.setVerify(true);
            this.usedMechanismInfos_ = new MechanismInfo[]{new MechanismInfo[]{mechanismInfo, mechanismInfo2}};
        }
        return this.usedMechanismInfos_;
    }

    protected Mechanism[] getUsedMechanisms() {
        if (this.usedMechanisms_ == null) {
            Mechanism mechanism = (Mechanism) getMechanism().clone();
            mechanism.setParameters(null);
            this.usedMechanisms_ = new Mechanism[]{mechanism};
        }
        return this.usedMechanisms_;
    }

    protected void initialize() throws InvalidAlgorithmParameterException, InvalidKeyException {
        try {
            initializePkcs11Operation();
            this.initialized_ = true;
            this.updateUsed_ = false;
            this.buffer_ = null;
        } catch (TokenException e) {
            throw new InvalidKeyException(e.toString());
        }
    }

    protected void initializePkcs11Operation() throws TokenException {
        initializeSession();
        this.session_.signInit(getMechanism(), this.key_.getKeyObject());
        this.pkcs11OperationInitialized_ = true;
        this.updateUsed_ = false;
        this.buffer_ = null;
    }

    protected void initializeSession() {
        this.tokenManager_ = this.key_.getTokenManager();
        try {
            if (this.session_ == null) {
                this.session_ = this.tokenManager_.getSession(false);
            }
            this.tokenManager_.makeAuthorizedSession(this.session_, null);
        } catch (TokenException e) {
            throw new IAIKPkcs11Exception(e.toString());
        }
    }

    protected void initializeSoftwareDelegate() {
        DelegateProvider delegateProvider = this.tokenManager_ != null ? this.tokenManager_.getProvider().getDelegateProvider() : IAIKPkcs11.getGlobalDelegateProvider();
        String algorithmName = getAlgorithmName();
        this.softwareDelegate_ = delegateProvider.getMac(algorithmName);
        if (this.softwareDelegate_ == null) {
            throw new IAIKPkcs11Exception(new StringBuffer("Could not get delegate MAC engine for ").append(algorithmName).toString());
        }
    }

    @Override // iaik.pkcs.pkcs11.provider.PKCS11EngineClass
    public boolean isSupportedBy(TokenManager tokenManager) {
        boolean z;
        try {
            z = tokenManager.isMechanismFeatureSupported(getUsedMechanisms(), getUsedMechanismFeatures());
        } catch (TokenException e) {
            z = false;
        }
        return z;
    }

    protected byte[] pkcs11DoFinal() throws IllegalStateException {
        byte[] signFinal;
        if (!this.initialized_) {
            throw new IllegalStateException("MAC not initialzed");
        }
        if (!this.pkcs11OperationInitialized_) {
            try {
                initializePkcs11Operation();
            } catch (TokenException e) {
                finalizePkcs11Operation();
                throw new IAIKPkcs11Exception(new StringBuffer("Could not reinitialize PKCS#11 signature for next operation: ").append(e.toString()).toString());
            }
        }
        try {
            try {
                if (this.updateUsed_ || this.buffer_ == null) {
                    signFinal = this.session_.signFinal();
                    this.pkcs11OperationInitialized_ = false;
                } else {
                    signFinal = this.session_.sign(this.buffer_);
                }
                return signFinal;
            } catch (TokenException e2) {
                throw new IAIKPkcs11Exception(e2.toString());
            }
        } finally {
            finalizePkcs11Operation();
        }
    }

    protected abstract int pkcs11GetMacLength();

    /* JADX INFO: Access modifiers changed from: protected */
    public void pkcs11Init(java.security.Key key, AlgorithmParameterSpec algorithmParameterSpec) throws InvalidKeyException, InvalidAlgorithmParameterException {
        if (!(key instanceof IAIKPKCS11SecretKey)) {
            throw new InvalidKeyException("key must be of type iaik.pkcs.pkcs11.provider.keys.IAIKPKCS11SecretKey!");
        }
        this.key_ = (IAIKPKCS11SecretKey) key;
        this.keyObject_ = (SecretKey) this.key_.getKeyObject();
        checkKeyObject(this.keyObject_);
        initialize();
    }

    protected void pkcs11Reset() {
        if (this.session_ != null) {
            finalizePkcs11Operation();
        }
        try {
            initializePkcs11Operation();
            this.initialized_ = true;
            this.updateUsed_ = false;
            this.buffer_ = null;
        } catch (TokenException e) {
            finalizePkcs11Operation();
            throw new IAIKPkcs11Exception(new StringBuffer("Error initializing the PKCS#11 MAC: ").append(e.toString()).toString());
        }
    }

    protected void pkcs11Update(byte b) throws IllegalStateException {
        if (!this.initialized_) {
            throw new IllegalStateException("MAC not initialized!");
        }
        if (!this.pkcs11OperationInitialized_) {
            try {
                initializePkcs11Operation();
            } catch (TokenException e) {
                finalizePkcs11Operation();
                throw new IAIKPkcs11Exception(new StringBuffer("Could not reinitialize PKCS#11 signature for next operation: ").append(e.toString()).toString());
            }
        }
        byte[] bArr = {b};
        if (!this.updateUsed_ && this.buffer_ == null) {
            this.buffer_ = bArr;
            return;
        }
        try {
            if (this.buffer_ != null) {
                this.session_.signUpdate(this.buffer_);
                this.buffer_ = null;
            }
            this.session_.signUpdate(bArr);
            this.updateUsed_ = true;
        } catch (TokenException e2) {
            finalizePkcs11Operation();
            throw new IAIKPkcs11Exception(new StringBuffer("Error updating digest: ").append(e2).toString());
        }
    }

    protected void pkcs11Update(byte[] bArr, int i, int i2) throws IllegalStateException {
        byte[] bArr2;
        if (!this.initialized_) {
            throw new IllegalStateException("MAC not initialized!");
        }
        if (bArr == null) {
            throw new NullPointerException("Argument \"data\" must not be null.");
        }
        if (i + i2 > bArr.length) {
            throw new IllegalArgumentException("Arguments must satisfy ((offset + length) <= data.length).");
        }
        if (!this.pkcs11OperationInitialized_) {
            try {
                initializePkcs11Operation();
            } catch (TokenException e) {
                finalizePkcs11Operation();
                throw new IAIKPkcs11Exception(new StringBuffer("Could not reinitialize PKCS#11 signature for next operation: ").append(e.toString()).toString());
            }
        }
        if (i == 0 && i2 == bArr.length) {
            bArr2 = bArr;
        } else {
            bArr2 = new byte[i2];
            System.arraycopy(bArr, i, bArr2, 0, i2);
        }
        if (!this.updateUsed_ && this.buffer_ == null) {
            this.buffer_ = bArr2;
            return;
        }
        try {
            if (this.buffer_ != null) {
                this.session_.signUpdate(this.buffer_);
                this.buffer_ = null;
            }
            this.session_.signUpdate(bArr2);
            this.updateUsed_ = true;
        } catch (TokenException e2) {
            finalizePkcs11Operation();
            throw new IAIKPkcs11Exception(new StringBuffer("Error updating MAC: ").append(e2).toString());
        }
    }
}
