package com.logica.security.device;

import com.logica.apps.ivs.client.manager.PKIMgrConstants;
import com.logica.apps.ivs.client.manager.PKIMgrError;
import com.logica.asn1.ASN1OctetString;
import com.logica.asn1.DERConstructedSequence;
import com.logica.asn1.DEREncodable;
import com.logica.asn1.nist.NISTObjectIdentifiers;
import com.logica.asn1.pkcs.PKCSObjectIdentifiers;
import com.logica.asn1.pkcs.RC2CBCParameter;
import com.logica.asn1.x509.X509ObjectIdentifiers;
import com.logica.security.pkcs11.provider.signatureEngines.p11RSA_Signature;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.Signature;
import java.security.cert.X509Certificate;
import java.security.spec.KeySpec;
import java.util.Comparator;
import java.util.Map;
import java.util.TreeMap;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.RC2ParameterSpec;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: input_file:com/logica/security/device/CryptoDevice.class */
public abstract class CryptoDevice {
    public static final int E_OPERATION_FAILED = 0;
    public static final int E_DEVICE_NOT_FOUND = 1;
    public static final int E_CANT_OPEN_VAULT = 2;
    protected static final int RC2_32 = 32;
    protected static final int RC2_40 = 40;
    protected static final int RC2_64 = 64;
    protected static final int RC2_128 = 128;

    /* loaded from: input_file:com/logica/security/device/CryptoDevice$DeviceVisitor.class */
    public interface DeviceVisitor {
    }

    /* loaded from: input_file:com/logica/security/device/CryptoDevice$KeyPairFinder.class */
    protected static abstract class KeyPairFinder<E, S> {
        S m_Matcher = null;

        public abstract boolean hasNext();

        public abstract E next();

        public abstract S matcher(E e) throws Exception;

        public abstract Comparator<S> getComparator();

        public abstract boolean finished(Map<S, E> map);

        public final S getMatcher() {
            return this.m_Matcher;
        }
    }

    public SecretKey generateSessionKey(String str) throws Exception {
        return generateSessionKey(str, null);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void accept(DeviceVisitor deviceVisitor) {
    }

    public SecretKey generateSessionKey(String str, KeySpec keySpec) throws Exception {
        if (str == null) {
            throw new NullPointerException("szAlgorithmOID cannot be null");
        }
        if (PKCSObjectIdentifiers.des_EDE3_CBC.getId().equals(str)) {
            return keySpec != null ? SecretKeyFactory.getInstance("DESede").generateSecret(keySpec) : KeyGenerator.getInstance("DESede").generateKey();
        }
        if (PKCSObjectIdentifiers.idea_CBC.getId().equals(str)) {
            return KeyGenerator.getInstance("IDEA").generateKey();
        }
        if (PKCSObjectIdentifiers.idea_XEX3_CBC.getId().equals(str)) {
            return KeyGenerator.getInstance("IDEA_XEX3").generateKey();
        }
        if (!str.startsWith(NISTObjectIdentifiers.aes)) {
            return KeyGenerator.getInstance(str).generateKey();
        }
        KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
        if (NISTObjectIdentifiers.id_aes128_CBC.getId().equals(str)) {
            keyGenerator.init(128);
        } else if (NISTObjectIdentifiers.id_aes192_CBC.getId().equals(str)) {
            keyGenerator.init(192);
        } else {
            if (!NISTObjectIdentifiers.id_aes256_CBC.getId().equals(str)) {
                throw new IllegalArgumentException(new StringBuffer().append("unsupported AES cipher - ").append(str).toString());
            }
            keyGenerator.init(256);
        }
        return keyGenerator.generateKey();
    }

    public byte[] generateIV() throws Exception {
        throw new UnsupportedOperationException("this method has been deprecated");
    }

    public byte[] generateIV(String str) throws CryptoDevException {
        try {
            return generateIV();
        } catch (CryptoDevException e) {
            throw e;
        } catch (Exception e2) {
            throw new CryptoDevException(e2.toString(), 0);
        }
    }

    public byte[] digestData(byte[] bArr, String str) throws Exception {
        MessageDigest messageDigest = X509ObjectIdentifiers.id_SHA1.getId().equals(str) ? MessageDigest.getInstance("SHA1") : PKCSObjectIdentifiers.md5.getId().equals(str) ? MessageDigest.getInstance("MD5") : X509ObjectIdentifiers.ripemd160.getId().equals(str) ? MessageDigest.getInstance("RIPEMD160") : NISTObjectIdentifiers.id_sha256.getId().equals(str) ? MessageDigest.getInstance("SHA-256") : NISTObjectIdentifiers.id_sha384.getId().equals(str) ? MessageDigest.getInstance("SHA-384") : NISTObjectIdentifiers.id_sha512.getId().equals(str) ? MessageDigest.getInstance("SHA-512") : MessageDigest.getInstance(str);
        messageDigest.update(bArr);
        return messageDigest.digest();
    }

    public abstract byte[] signData(byte[] bArr, String str) throws Exception;

    public boolean verifyData(byte[] bArr, PublicKey publicKey, byte[] bArr2, String str) throws Exception {
        Signature signature = PKCSObjectIdentifiers.sha1WithRSAEncryption.getId().equals(str) ? Signature.getInstance("SHA1withRSA") : PKCSObjectIdentifiers.md5WithRSAEncryption.getId().equals(str) ? Signature.getInstance("MD5withRSA") : X509ObjectIdentifiers.ripemd160WithRSAEncryption.getId().equals(str) ? Signature.getInstance("RIPEMD160withRSA") : PKCSObjectIdentifiers.sha256WithRSAEncryption.getId().equals(str) ? Signature.getInstance(p11RSA_Signature.SHA256WITHRSA) : PKCSObjectIdentifiers.sha384WithRSAEncryption.getId().equals(str) ? Signature.getInstance("SHA384withRSA") : PKCSObjectIdentifiers.sha512WithRSAEncryption.getId().equals(str) ? Signature.getInstance(p11RSA_Signature.SHA512WITHRSA) : Signature.getInstance(str);
        signature.initVerify(publicKey);
        signature.update(bArr);
        return signature.verify(bArr2);
    }

    public byte[] wrapKey(SecretKey secretKey, PublicKey publicKey, String str) throws Exception {
        Cipher cipher;
        if (!PKCSObjectIdentifiers.rsaEncryption.getId().equals(str)) {
            cipher = Cipher.getInstance(str);
        } else if (Security.getProvider(PKIMgrConstants.PKIMGR_SECURITY_PROVIDER) != null) {
            cipher = Cipher.getInstance("RSA");
        } else {
            try {
                cipher = Cipher.getInstance("RSA/NONE/PKCS1PADDING", "BC");
            } catch (Exception e) {
                try {
                    cipher = Cipher.getInstance("RSA/NONE/PKCS1PADDING");
                } catch (Exception e2) {
                    cipher = Cipher.getInstance("RSA");
                }
            }
        }
        cipher.init(1, publicKey);
        return cipher.doFinal(secretKey.getEncoded());
    }

    public abstract byte[] unwrapKey(byte[] bArr, String str) throws Exception;

    public byte[] encryptData(SecretKey secretKey, byte[] bArr, byte[] bArr2, String str) throws Exception {
        Cipher cipher;
        if (bArr == null) {
            throw new NullPointerException("iv cannot be null");
        }
        if (bArr2 == null) {
            throw new NullPointerException("data cannot be null");
        }
        if (str == null) {
            throw new NullPointerException("szAlgorithmOID cannot be null");
        }
        if (PKCSObjectIdentifiers.des_EDE3_CBC.getId().equals(str)) {
            cipher = Cipher.getInstance("DESede/CBC/PKCS5Padding");
        } else if (PKCSObjectIdentifiers.idea_CBC.getId().equals(str)) {
            cipher = Cipher.getInstance("IDEA/CBC/PKCS5Padding");
        } else if (PKCSObjectIdentifiers.idea_XEX3_CBC.getId().equals(str)) {
            cipher = Cipher.getInstance("IDEA_XEX3/CBC/PKCS5Padding", PKIMgrConstants.PKIMGR_SECURITY_PROVIDER_LC);
        } else if (!str.startsWith(NISTObjectIdentifiers.aes)) {
            cipher = Cipher.getInstance(str);
        } else {
            if (!NISTObjectIdentifiers.id_aes128_CBC.getId().equals(str) && !NISTObjectIdentifiers.id_aes192_CBC.getId().equals(str) && !NISTObjectIdentifiers.id_aes256_CBC.getId().equals(str)) {
                throw new CryptoDevException(new StringBuffer().append("unsupported AES algorithm type - ").append(str).toString());
            }
            cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
        }
        cipher.init(1, secretKey, new IvParameterSpec(bArr));
        return cipher.doFinal(bArr2);
    }

    public byte[] decryptData(byte[] bArr, DEREncodable dEREncodable, byte[] bArr2, String str) throws Exception {
        Cipher cipher = null;
        SecretKeySpec secretKeySpec = null;
        RC2ParameterSpec rC2ParameterSpec = null;
        if (PKCSObjectIdentifiers.RC2_CBC.getId().equals(str)) {
            RC2CBCParameter rC2CBCParameter = new RC2CBCParameter((DERConstructedSequence) dEREncodable);
            int intValue = rC2CBCParameter.getRC2ParameterVersion().intValue();
            switch (intValue) {
                case 58:
                    intValue = 128;
                    break;
                case 65:
                    intValue = 32;
                    break;
                case 120:
                    intValue = 64;
                    break;
                case 160:
                    intValue = RC2_40;
                    break;
                default:
                    if (intValue < 255) {
                        throw new Exception(new StringBuffer().append("decryptData: unable to decrypt RC2 with ").append(intValue).append(" (EKB). 58 (128), 65 (32), 120 (64), 160 (40) supported.").toString());
                    }
                    break;
            }
            cipher = Cipher.getInstance("RC2/CBC/PKCS5Padding");
            secretKeySpec = new SecretKeySpec(bArr, "RC2");
            rC2ParameterSpec = new RC2ParameterSpec(intValue, rC2CBCParameter.getIV());
        } else if (dEREncodable instanceof ASN1OctetString) {
            return decryptData(bArr, ((ASN1OctetString) dEREncodable).getOctets(), bArr2, str);
        }
        cipher.init(2, secretKeySpec, rC2ParameterSpec);
        return cipher.doFinal(bArr2);
    }

    public byte[] decryptData(byte[] bArr, byte[] bArr2, byte[] bArr3, String str) throws Exception {
        Cipher cipher;
        SecretKeySpec secretKeySpec;
        if (bArr == null) {
            throw new NullPointerException("secretKey cannot be null");
        }
        if (bArr3 == null) {
            throw new NullPointerException("encrData cannot be null");
        }
        if (str == null) {
            throw new NullPointerException("szAlgorithmOID cannot be null");
        }
        if (bArr2 == null) {
            throw new NullPointerException("iv cannot be null");
        }
        if (PKCSObjectIdentifiers.des_EDE3_CBC.getId().equals(str)) {
            cipher = Cipher.getInstance("DESede/CBC/PKCS5Padding");
            secretKeySpec = new SecretKeySpec(bArr, "DESede");
        } else if (PKCSObjectIdentifiers.idea_CBC.getId().equals(str)) {
            cipher = Cipher.getInstance("IDEA/CBC/PKCS5Padding");
            secretKeySpec = new SecretKeySpec(bArr, "IDEA");
        } else if (PKCSObjectIdentifiers.idea_XEX3_CBC.getId().equals(str)) {
            cipher = Cipher.getInstance("IDEA_XEX3/CBC/PKCS5Padding", PKIMgrConstants.PKIMGR_SECURITY_PROVIDER_LC);
            secretKeySpec = new SecretKeySpec(bArr, "IDEA_XEX3");
        } else if (!str.startsWith(NISTObjectIdentifiers.aes)) {
            cipher = Cipher.getInstance(str);
            secretKeySpec = new SecretKeySpec(bArr, str);
        } else {
            if (!NISTObjectIdentifiers.id_aes128_CBC.getId().equals(str) && !NISTObjectIdentifiers.id_aes192_CBC.getId().equals(str) && !NISTObjectIdentifiers.id_aes256_CBC.getId().equals(str)) {
                throw new CryptoDevException(new StringBuffer().append("unsupported AES algorithm type - ").append(str).toString());
            }
            cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
            secretKeySpec = new SecretKeySpec(bArr, "AES");
        }
        cipher.init(2, secretKeySpec, new IvParameterSpec(bArr2));
        return cipher.doFinal(bArr3);
    }

    protected SecureRandom createSecureRandom() {
        try {
            SecureRandom secureRandom = SecureRandom.getInstance("SHA1PRNG");
            secureRandom.setSeed(new String(new StringBuffer().append(PKIMgrError.NO_ERROR_MESSAGE).append(System.currentTimeMillis()).append(secureRandom).toString()).getBytes());
            return secureRandom;
        } catch (NoSuchAlgorithmException e) {
            throw new IllegalStateException(new StringBuffer().append("unable to setup random number generator due to - ").append(e).toString(), e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final <R, S> R findKeyPair(KeyPairFinder<R, S> keyPairFinder) throws Exception {
        TreeMap treeMap = new TreeMap(keyPairFinder.getComparator());
        while (keyPairFinder.hasNext() && !keyPairFinder.finished(treeMap)) {
            R next = keyPairFinder.next();
            S matcher = keyPairFinder.matcher(next);
            if (matcher != null) {
                treeMap.put(matcher, next);
            }
        }
        if (treeMap.isEmpty()) {
            return null;
        }
        keyPairFinder.m_Matcher = (S) treeMap.lastKey();
        return (R) treeMap.get(keyPairFinder.m_Matcher);
    }

    public abstract X509Certificate getCert();

    public X509Certificate[] getCertChain() {
        return new X509Certificate[]{getCert()};
    }

    public boolean isReady(boolean z) throws CryptoDevException {
        return true;
    }

    public Provider getProvider() {
        return null;
    }

    public abstract void close() throws Exception;
}
