package com.logica.security.pkcs11.provider.signatureEngines;

import com.logica.apps.ivs.client.manager.PKIMgrError;
import com.logica.asn1.DERConstructedSequence;
import com.logica.asn1.DEROctetString;
import com.logica.asn1.DEROutputStream;
import com.logica.asn1.pkcs.PKCSObjectIdentifiers;
import com.logica.asn1.x509.AlgorithmIdentifier;
import com.logica.asn1.x509.X509ObjectIdentifiers;
import com.logica.security.pkcs11.ckCore.ckSession;
import com.logica.security.pkcs11.exceptions.ckException;
import com.logica.security.pkcs11.exceptions.p11Exception;
import com.logica.security.pkcs11.objects.ckObject;
import com.logica.security.pkcs11.objects.ckRSAPrivateKey;
import com.logica.security.pkcs11.provider.keys.p11RSA_PrivateKeyHolder;
import com.logica.security.pkcs11.provider.p11Session;
import com.logica.security.pkcs11.query.ckMechanism;
import com.logica.security.pkcs11.query.ckMechanismInfo;
import com.logica.security.pkcs11.templates.ckObjectTemplate;
import com.logica.security.pkcs11.templates.ckRSAPrivateKeyTemplate;
import com.logica.security.provider.LogicaProvider;
import java.io.ByteArrayOutputStream;
import java.security.InvalidKeyException;
import java.security.InvalidParameterException;
import java.security.KeyFactory;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;

/* loaded from: input_file:com/logica/security/pkcs11/provider/signatureEngines/p11RSA_Signature.class */
public class p11RSA_Signature extends Signature {
    private int m_ckMech;
    private ckRSAPrivateKey m_RSAPrivateKey;
    private ckSession m_ckSession;
    private p11Session m_Session;
    private MessageDigest m_Digger;
    public static final String SHA1WITHRSA = "SHA1WithRSA";
    public static final String SHA256WITHRSA = "SHA256withRSA";
    public static final String SHA512WITHRSA = "SHA512withRSA";
    public static final String MD5WITHRSA = "MD5WithRSA";

    /* loaded from: input_file:com/logica/security/pkcs11/provider/signatureEngines/p11RSA_Signature$MD5withRSA.class */
    public static class MD5withRSA extends p11RSA_Signature {
        public MD5withRSA() {
            super(p11RSA_Signature.MD5WITHRSA);
        }
    }

    /* loaded from: input_file:com/logica/security/pkcs11/provider/signatureEngines/p11RSA_Signature$SHA1withRSA.class */
    public static class SHA1withRSA extends p11RSA_Signature {
        public SHA1withRSA() {
            super(p11RSA_Signature.SHA1WITHRSA);
        }
    }

    /* loaded from: input_file:com/logica/security/pkcs11/provider/signatureEngines/p11RSA_Signature$SHA256withRSA.class */
    public static class SHA256withRSA extends p11RSA_Signature {
        public SHA256withRSA() {
            super(p11RSA_Signature.SHA256WITHRSA);
        }
    }

    /* loaded from: input_file:com/logica/security/pkcs11/provider/signatureEngines/p11RSA_Signature$SHA512withRSA.class */
    public static class SHA512withRSA extends p11RSA_Signature {
        public SHA512withRSA() {
            super(p11RSA_Signature.SHA512WITHRSA);
        }
    }

    public p11RSA_Signature(String str) {
        super(str);
        this.m_ckMech = -1;
        this.m_RSAPrivateKey = null;
        this.m_ckSession = null;
        this.m_Session = null;
        this.m_Digger = null;
        this.m_ckMech = 1;
        this.m_RSAPrivateKey = null;
        this.m_ckSession = null;
        this.m_Session = null;
        this.m_Digger = null;
    }

    private void mechanismsTest() throws InstantiationException, p11Exception {
        ckMechanismInfo ckmechanisminfo = new ckMechanismInfo(this.m_ckMech);
        if (!this.m_Session.getMechanismInfo().isSupported(this.m_ckMech)) {
            throw new InstantiationException(new StringBuffer().append(ckmechanisminfo.mechanismToString()).append(" is not supported !").toString());
        }
    }

    private void configureMessageDigest() throws SignatureException {
        if (getAlgorithm() == null || getAlgorithm().equalsIgnoreCase(PKIMgrError.NO_ERROR_MESSAGE)) {
            this.m_Digger = null;
            return;
        }
        if (getAlgorithm().equalsIgnoreCase(SHA1WITHRSA)) {
            try {
                this.m_Digger = MessageDigest.getInstance("SHA1");
                return;
            } catch (NoSuchAlgorithmException e) {
                throw new SignatureException("SHA1 could not be found");
            }
        }
        if (getAlgorithm().equalsIgnoreCase(SHA256WITHRSA)) {
            try {
                this.m_Digger = MessageDigest.getInstance("SHA-256");
            } catch (NoSuchAlgorithmException e2) {
                throw new SignatureException("SHA-256 could not be found");
            }
        } else if (getAlgorithm().equalsIgnoreCase(SHA512WITHRSA)) {
            try {
                this.m_Digger = MessageDigest.getInstance("SHA-512");
            } catch (NoSuchAlgorithmException e3) {
                throw new SignatureException("SHA-512 could not be found");
            }
        } else if (!getAlgorithm().equals(MD5WITHRSA)) {
            this.m_Digger = null;
        } else {
            try {
                this.m_Digger = MessageDigest.getInstance("MD5");
            } catch (NoSuchAlgorithmException e4) {
                throw new SignatureException("MD5 could not be found");
            }
        }
    }

    private byte[] digestToDigestInfoBytes(byte[] bArr, String str) throws Exception {
        DERConstructedSequence dERConstructedSequence = new DERConstructedSequence();
        DEROctetString dEROctetString = new DEROctetString(bArr);
        AlgorithmIdentifier algorithmIdentifier = null;
        if (getAlgorithm().equals(SHA1WITHRSA)) {
            algorithmIdentifier = new AlgorithmIdentifier(X509ObjectIdentifiers.id_SHA1, null);
        }
        if (getAlgorithm().equals(MD5WITHRSA)) {
            algorithmIdentifier = new AlgorithmIdentifier(PKCSObjectIdentifiers.md5, null);
        }
        dERConstructedSequence.addObject(algorithmIdentifier);
        dERConstructedSequence.addObject(dEROctetString);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        new DEROutputStream(byteArrayOutputStream).writeObject(dERConstructedSequence);
        return byteArrayOutputStream.toByteArray();
    }

    @Override // java.security.SignatureSpi
    protected boolean engineVerify(byte[] bArr) throws SignatureException {
        return true;
    }

    @Override // java.security.SignatureSpi
    protected Object engineGetParameter(String str) throws InvalidParameterException {
        throw new UnsupportedOperationException("engineGetParameter unsupported");
    }

    @Override // java.security.SignatureSpi
    protected void engineSetParameter(String str, Object obj) throws InvalidParameterException {
        throw new UnsupportedOperationException("engineSetParameter unsupported");
    }

    @Override // java.security.SignatureSpi
    protected void engineInitSign(PrivateKey privateKey) throws InvalidKeyException {
        try {
            if (!(privateKey instanceof p11RSA_PrivateKeyHolder)) {
                if (!privateKey.getClass().getName().endsWith("p11RSA_PrivateKeyHolder")) {
                    throw new InvalidKeyException("Need a H/W Key");
                }
                privateKey = (PrivateKey) KeyFactory.getInstance("RSA", LogicaProvider.PROVIDER_NAME).translateKey(privateKey);
            }
            p11RSA_PrivateKeyHolder p11rsa_privatekeyholder = (p11RSA_PrivateKeyHolder) privateKey;
            this.m_Session = p11rsa_privatekeyholder.getP11Session();
            this.m_ckSession = p11rsa_privatekeyholder.getCKKey().getSession();
            try {
                try {
                    mechanismsTest();
                    try {
                        ckRSAPrivateKeyTemplate ckrsaprivatekeytemplate = new ckRSAPrivateKeyTemplate(false);
                        ckrsaprivatekeytemplate.addSign(true);
                        ckrsaprivatekeytemplate.addID(new byte[0]);
                        this.m_ckSession.findInit(new ckObjectTemplate());
                        while (true) {
                            ckObject findNext = this.m_ckSession.findNext();
                            if (findNext != null) {
                                if (findNext instanceof ckRSAPrivateKey) {
                                    findNext.getAttributes(ckrsaprivatekeytemplate);
                                    if (ckrsaprivatekeytemplate.getSign() && MessageDigest.isEqual(ckrsaprivatekeytemplate.getID(), privateKey.getEncoded())) {
                                        this.m_RSAPrivateKey = (ckRSAPrivateKey) findNext;
                                        break;
                                    }
                                }
                            } else {
                                break;
                            }
                        }
                        this.m_ckSession.findFinal();
                    } catch (ckException e) {
                        e.printStackTrace();
                    }
                    if (this.m_RSAPrivateKey == null) {
                        throw new InvalidKeyException("Passed key does not match any found on device !");
                    }
                } catch (InstantiationException e2) {
                    throw new InvalidKeyException(e2.getMessage());
                }
            } catch (p11Exception e3) {
                throw new InvalidKeyException(e3.getCkErrorMessage());
            }
        } catch (Exception e4) {
            e4.printStackTrace();
            throw new InvalidKeyException(e4.getMessage());
        }
    }

    @Override // java.security.SignatureSpi
    protected byte[] engineSign() throws SignatureException {
        try {
            ckMechanism ckmechanism = new ckMechanism(this.m_ckMech, null);
            byte[] bArr = null;
            if (this.m_Digger != null) {
                bArr = this.m_Digger.digest();
            }
            return this.m_RSAPrivateKey.sign(ckmechanism, digestToDigestInfoBytes(bArr, getAlgorithm()));
        } catch (Exception e) {
            throw new SignatureException(e.getMessage());
        }
    }

    @Override // java.security.SignatureSpi
    protected void engineInitVerify(PublicKey publicKey) throws InvalidKeyException {
        throw new UnsupportedOperationException("engineInitVerify unsupported");
    }

    @Override // java.security.SignatureSpi
    protected void engineUpdate(byte b) throws SignatureException {
        configureMessageDigest();
        if (this.m_Digger != null) {
            this.m_Digger.update(b);
        }
    }

    @Override // java.security.SignatureSpi
    protected void engineUpdate(byte[] bArr, int i, int i2) throws SignatureException {
        configureMessageDigest();
        if (this.m_Digger != null) {
            this.m_Digger.update(bArr, i, i2);
        }
    }

    protected void engineUpdate(byte[] bArr) throws SignatureException {
        engineUpdate(bArr, 0, bArr.length);
    }
}
