package iaik.pkcs.pkcs11.provider.keypairgenerators;

import iaik.pkcs.pkcs11.Mechanism;
import iaik.pkcs.pkcs11.MechanismInfo;
import iaik.pkcs.pkcs11.Session;
import iaik.pkcs.pkcs11.TokenException;
import iaik.pkcs.pkcs11.objects.Object;
import iaik.pkcs.pkcs11.objects.PrivateKey;
import iaik.pkcs.pkcs11.objects.PublicKey;
import iaik.pkcs.pkcs11.provider.IAIKPkcs11;
import iaik.pkcs.pkcs11.provider.IAIKPkcs11Exception;
import iaik.pkcs.pkcs11.provider.PKCS11EngineClass;
import iaik.pkcs.pkcs11.provider.TokenManager;
import iaik.pkcs.pkcs11.provider.keys.IAIKPKCS11PrivateKey;
import iaik.pkcs.pkcs11.provider.keys.IAIKPKCS11PublicKey;
import iaik.pkcs.pkcs11.provider.spec.PKCS11Spec;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidParameterException;
import java.security.KeyPair;
import java.security.KeyPairGeneratorSpi;
import java.security.SecureRandom;
import java.security.spec.AlgorithmParameterSpec;

/* loaded from: input_file:iaikPkcs11Provider.jar:iaik/pkcs/pkcs11/provider/keypairgenerators/PKCS11KeyPairGenerator.class */
public abstract class PKCS11KeyPairGenerator extends KeyPairGeneratorSpi implements PKCS11EngineClass {
    private static final boolean DEBUG = false;
    protected TokenManager tokenManager_;
    protected Session session_;
    protected PKCS11KeyPairGenerationSpec keyPairGenerationSpec_;
    protected boolean initialized_;
    protected boolean pkcs11OperationInitialized_;
    protected Mechanism[] usedMechanisms_;
    protected MechanismInfo[][] usedMechanismInfos_;

    protected IAIKPKCS11PrivateKey createPkcs11PrivateKey(TokenManager tokenManager, PrivateKey privateKey) {
        return IAIKPKCS11PrivateKey.create(tokenManager, privateKey);
    }

    protected IAIKPKCS11PublicKey createPkcs11PublicKey(TokenManager tokenManager, PublicKey publicKey) {
        return IAIKPKCS11PublicKey.create(tokenManager, publicKey);
    }

    protected Object createPrivateKeyCreationTemplate(PKCS11KeyPairGenerationSpec pKCS11KeyPairGenerationSpec) {
        return pKCS11KeyPairGenerationSpec.getPrivateKeyTemplate();
    }

    protected Object createPublicKeyCreationTemplate(PKCS11KeyPairGenerationSpec pKCS11KeyPairGenerationSpec) {
        return pKCS11KeyPairGenerationSpec.getPublicKeyTemplate();
    }

    protected void finalize() throws Throwable {
        if (this.session_ != null) {
            this.tokenManager_.disposeSession(this.session_);
        }
        super.finalize();
    }

    protected void finalizePkcs11Operation() {
        this.pkcs11OperationInitialized_ = false;
        this.tokenManager_.disposeSession(this.session_);
        this.session_ = null;
    }

    @Override // java.security.KeyPairGeneratorSpi
    public KeyPair generateKeyPair() {
        if (!this.initialized_) {
            initialize(-1, (SecureRandom) null);
        }
        Mechanism mechanism = getMechanism();
        Object createPrivateKeyCreationTemplate = createPrivateKeyCreationTemplate(this.keyPairGenerationSpec_);
        Object createPublicKeyCreationTemplate = createPublicKeyCreationTemplate(this.keyPairGenerationSpec_);
        if (!this.pkcs11OperationInitialized_) {
            initializePkcs11Operation();
        }
        try {
            iaik.pkcs.pkcs11.objects.KeyPair generateKeyPair = this.session_.generateKeyPair(mechanism, createPublicKeyCreationTemplate, createPrivateKeyCreationTemplate);
            PrivateKey privateKey = generateKeyPair.getPrivateKey();
            PublicKey publicKey = generateKeyPair.getPublicKey();
            IAIKPKCS11PrivateKey createPkcs11PrivateKey = createPkcs11PrivateKey(this.tokenManager_, privateKey);
            if (!privateKey.getToken().getBooleanValue().booleanValue()) {
                createPkcs11PrivateKey.setSession(this.session_);
            }
            IAIKPKCS11PublicKey createPkcs11PublicKey = createPkcs11PublicKey(this.tokenManager_, publicKey);
            if (!publicKey.getToken().getBooleanValue().booleanValue()) {
                createPkcs11PublicKey.setSession(this.session_);
            }
            finalizePkcs11Operation();
            this.tokenManager_.notifyKeyStores();
            return new KeyPair(createPkcs11PublicKey, createPkcs11PrivateKey);
        } catch (TokenException e) {
            finalizePkcs11Operation();
            throw new IAIKPkcs11Exception(e.toString());
        }
    }

    protected abstract String getAlgorithmName();

    PKCS11KeyPairGenerationSpec getDefaultPkcs11Spec(iaik.pkcs.pkcs11.objects.KeyPair keyPair) {
        IAIKPkcs11 providerInstance = IAIKPkcs11.getProviderInstance(1);
        if (providerInstance == null) {
            throw new IAIKPkcs11Exception("No IAIKPkcs11 provider available.");
        }
        return new PKCS11KeyPairGenerationSpec(providerInstance.getTokenManager(), keyPair.getPublicKey(), keyPair.getPrivateKey(), PKCS11Spec.USE_READ_WRITE_SESSION, PKCS11Spec.USE_USER_SESSION);
    }

    protected abstract Mechanism getMechanism();

    /* JADX WARN: Type inference failed for: r1v3, types: [iaik.pkcs.pkcs11.MechanismInfo[], iaik.pkcs.pkcs11.MechanismInfo[][]] */
    protected MechanismInfo[][] getUsedMechanismFeatures() {
        if (this.usedMechanismInfos_ == null) {
            MechanismInfo mechanismInfo = new MechanismInfo();
            mechanismInfo.setGenerateKeyPair(true);
            this.usedMechanismInfos_ = new MechanismInfo[]{new MechanismInfo[]{mechanismInfo}};
        }
        return this.usedMechanismInfos_;
    }

    protected Mechanism[] getUsedMechanisms() {
        if (this.usedMechanisms_ == null) {
            Mechanism mechanism = (Mechanism) getMechanism().clone();
            mechanism.setParameters(null);
            this.usedMechanisms_ = new Mechanism[]{mechanism};
        }
        return this.usedMechanisms_;
    }

    @Override // java.security.KeyPairGeneratorSpi
    public void initialize(int i, SecureRandom secureRandom) throws InvalidParameterException {
        try {
            initialize(getDefaultPkcs11Spec(IAIKPkcs11.getGlobalKeyHandler().getKeyPairGeneratorTemplate(getAlgorithmName(), i)), (SecureRandom) null);
        } catch (InvalidAlgorithmParameterException e) {
            throw new InvalidParameterException(e.toString());
        }
    }

    @Override // java.security.KeyPairGeneratorSpi
    public void initialize(AlgorithmParameterSpec algorithmParameterSpec, SecureRandom secureRandom) throws InvalidAlgorithmParameterException {
        if (algorithmParameterSpec == null || !(algorithmParameterSpec instanceof PKCS11KeyPairGenerationSpec)) {
            this.keyPairGenerationSpec_ = getDefaultPkcs11Spec(IAIKPkcs11.getGlobalKeyHandler().getKeyPairGeneratorTemplate(getAlgorithmName(), algorithmParameterSpec));
        } else {
            this.keyPairGenerationSpec_ = (PKCS11KeyPairGenerationSpec) algorithmParameterSpec;
            validateAlgorithmParameterSpec(this.keyPairGenerationSpec_.getAlgorithmParameterSpec());
        }
        this.tokenManager_ = this.keyPairGenerationSpec_.getTokenManager();
        initializePkcs11Operation();
        this.initialized_ = true;
    }

    protected void initializePkcs11Operation() {
        initializeSession();
        this.pkcs11OperationInitialized_ = true;
    }

    protected void initializeSession() {
        try {
            if (this.session_ == null) {
                this.session_ = this.keyPairGenerationSpec_.isUseROSession() ? this.tokenManager_.getSession(false) : this.tokenManager_.getSession(true);
            }
            if (this.keyPairGenerationSpec_.isUseUserSession()) {
                this.tokenManager_.makeAuthorizedSession(this.session_, null);
            }
        } catch (TokenException e) {
            throw new IAIKPkcs11Exception(e.toString());
        }
    }

    @Override // iaik.pkcs.pkcs11.provider.PKCS11EngineClass
    public boolean isSupportedBy(TokenManager tokenManager) {
        boolean z;
        try {
            z = tokenManager.isMechanismFeatureSupported(getUsedMechanisms(), getUsedMechanismFeatures());
        } catch (TokenException e) {
            z = false;
        }
        return z;
    }

    protected void validateAlgorithmParameterSpec(AlgorithmParameterSpec algorithmParameterSpec) throws InvalidAlgorithmParameterException {
        if (algorithmParameterSpec != null) {
            throw new InvalidAlgorithmParameterException("This key-pair generator does not accept parameters.");
        }
    }
}
