package org.mozilla.jss.pkcs11;

import java.io.CharConversionException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.spec.AlgorithmParameterSpec;
import org.mozilla.jss.crypto.KeyGenAlgorithm;
import org.mozilla.jss.crypto.KeyGenerator;
import org.mozilla.jss.crypto.PBEKeyGenParams;
import org.mozilla.jss.crypto.SymmetricKey;
import org.mozilla.jss.crypto.TokenException;
import org.mozilla.jss.util.Password;
import org.mozilla.jss.util.UTF8Converter;

/* loaded from: input_file:org/mozilla/jss/pkcs11/PK11KeyGenerator.class */
public final class PK11KeyGenerator implements KeyGenerator {
    private static final int CKF_ENCRYPT = 256;
    private static final int CKF_DECRYPT = 512;
    private PK11Token token;
    private KeyGenAlgorithm algorithm;
    private AlgorithmParameterSpec parameters;
    private KeyGenerator.CharToByteConverter charToByte;
    private static final int CKF_WRAP = 131072;
    private static final int CKF_UNWRAP = 262144;
    private static final int CKF_SIGN = 2048;
    private static final int CKF_VERIFY = 8192;
    private static final int[] opFlagForUsage = {256, 512, CKF_WRAP, CKF_UNWRAP, CKF_SIGN, CKF_VERIFY};
    private int strength = 0;
    private int opFlags = 2304;
    private boolean temporaryKeyMode = true;
    private int sensitiveKeyMode = -1;

    private PK11KeyGenerator() {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public PK11KeyGenerator(PK11Token pK11Token, KeyGenAlgorithm keyGenAlgorithm) {
        if (pK11Token == null || keyGenAlgorithm == null) {
            throw new NullPointerException();
        }
        this.token = pK11Token;
        this.algorithm = keyGenAlgorithm;
        this.charToByte = new KeyGenerator.CharToByteConverter() { // from class: org.mozilla.jss.pkcs11.PK11KeyGenerator.1
            @Override // org.mozilla.jss.crypto.KeyGenerator.CharToByteConverter
            public byte[] convert(char[] cArr) throws CharConversionException {
                return UTF8Converter.UnicodeToUTF8(cArr);
            }
        };
    }

    @Override // org.mozilla.jss.crypto.KeyGenerator
    public void setCharToByteConverter(KeyGenerator.CharToByteConverter charToByteConverter) {
        if (charToByteConverter == null) {
            throw new IllegalArgumentException("CharToByteConverter is null");
        }
        this.charToByte = charToByteConverter;
    }

    @Override // org.mozilla.jss.crypto.KeyGenerator
    public void initialize(int i) throws InvalidAlgorithmParameterException {
        Class[] parameterClasses = this.algorithm.getParameterClasses();
        if (parameterClasses.length == 1 && parameterClasses[0].equals(PBEKeyGenParams.class)) {
            throw new InvalidAlgorithmParameterException("PBE keygen algorithms require PBEKeyGenParams ");
        }
        if (!this.algorithm.isValidStrength(i)) {
            throw new InvalidAlgorithmParameterException(i + " is not a valid strength for " + this.algorithm);
        }
        if (i % 8 != 0) {
            throw new InvalidAlgorithmParameterException("Key strength must be divisible by 8");
        }
        this.strength = i;
    }

    @Override // org.mozilla.jss.crypto.KeyGenerator
    public void initialize(AlgorithmParameterSpec algorithmParameterSpec) throws InvalidAlgorithmParameterException {
        if (!this.algorithm.isValidParameterObject(algorithmParameterSpec)) {
            throw new InvalidAlgorithmParameterException(this.algorithm + " cannot use a " + (algorithmParameterSpec != null ? algorithmParameterSpec.getClass().getName() : "null") + " parameter");
        }
        this.parameters = algorithmParameterSpec;
    }

    @Override // org.mozilla.jss.crypto.KeyGenerator
    public void setKeyUsages(SymmetricKey.Usage[] usageArr) {
        this.opFlags = 0;
        for (int i = 0; i < usageArr.length; i++) {
            if (usageArr[i] != null) {
                this.opFlags |= opFlagForUsage[usageArr[i].getVal()];
            }
        }
    }

    @Override // org.mozilla.jss.crypto.KeyGenerator
    public void temporaryKeys(boolean z) {
        this.temporaryKeyMode = z;
    }

    @Override // org.mozilla.jss.crypto.KeyGenerator
    public void sensitiveKeys(boolean z) {
        this.sensitiveKeyMode = z ? 1 : 0;
    }

    @Override // org.mozilla.jss.crypto.KeyGenerator
    public SymmetricKey generate() throws IllegalStateException, TokenException, CharConversionException {
        Class[] parameterClasses = this.algorithm.getParameterClasses();
        if (parameterClasses.length != 1 || !parameterClasses[0].equals(PBEKeyGenParams.class)) {
            return generateNormal(this.token, this.algorithm, this.strength, this.opFlags, this.temporaryKeyMode, this.sensitiveKeyMode);
        }
        if (this.parameters == null || !(this.parameters instanceof PBEKeyGenParams)) {
            throw new IllegalStateException("PBE keygen algorithms require PBEKeyGenParams");
        }
        PBEKeyGenParams pBEKeyGenParams = (PBEKeyGenParams) this.parameters;
        byte[] bArr = null;
        try {
            bArr = this.charToByte.convert(pBEKeyGenParams.getPassword().getChars());
            SymmetricKey generatePBE = generatePBE(this.token, this.algorithm, bArr, pBEKeyGenParams.getSalt(), pBEKeyGenParams.getIterations());
            if (bArr != null) {
                Password.wipeBytes(bArr);
            }
            return generatePBE;
        } catch (Throwable th) {
            if (bArr != null) {
                Password.wipeBytes(bArr);
            }
            throw th;
        }
    }

    @Override // org.mozilla.jss.crypto.KeyGenerator
    public byte[] generatePBE_IV() throws TokenException, CharConversionException {
        Class[] parameterClasses = this.algorithm.getParameterClasses();
        if (parameterClasses.length != 1 || !parameterClasses[0].equals(PBEKeyGenParams.class)) {
            throw new IllegalStateException("IV generation can only be performed by PBE algorithms");
        }
        if (this.parameters == null || !(this.parameters instanceof PBEKeyGenParams)) {
            throw new IllegalStateException("PBE keygen algorithms require PBEKeyGenParams");
        }
        PBEKeyGenParams pBEKeyGenParams = (PBEKeyGenParams) this.parameters;
        byte[] bArr = null;
        try {
            bArr = this.charToByte.convert(pBEKeyGenParams.getPassword().getChars());
            byte[] generatePBE_IV = generatePBE_IV(this.algorithm, bArr, pBEKeyGenParams.getSalt(), pBEKeyGenParams.getIterations());
            if (bArr != null) {
                Password.wipeBytes(bArr);
            }
            return generatePBE_IV;
        } catch (Throwable th) {
            if (bArr != null) {
                Password.wipeBytes(bArr);
            }
            throw th;
        }
    }

    private static native byte[] generatePBE_IV(KeyGenAlgorithm keyGenAlgorithm, byte[] bArr, byte[] bArr2, int i) throws TokenException;

    @Override // org.mozilla.jss.crypto.KeyGenerator
    public SymmetricKey clone(SymmetricKey symmetricKey) throws SymmetricKey.NotExtractableException, InvalidKeyException, TokenException {
        return clone(symmetricKey, this.token);
    }

    public static SymmetricKey clone(SymmetricKey symmetricKey, PK11Token pK11Token) throws SymmetricKey.NotExtractableException, InvalidKeyException, TokenException {
        if (symmetricKey instanceof PK11SymKey) {
            return nativeClone(pK11Token, symmetricKey);
        }
        throw new InvalidKeyException("Key is not a PKCS #11 key");
    }

    private static native SymmetricKey nativeClone(PK11Token pK11Token, SymmetricKey symmetricKey) throws SymmetricKey.NotExtractableException, TokenException;

    private static native SymmetricKey generateNormal(PK11Token pK11Token, KeyGenAlgorithm keyGenAlgorithm, int i, int i2, boolean z, int i3) throws TokenException;

    private static native SymmetricKey generatePBE(PK11Token pK11Token, KeyGenAlgorithm keyGenAlgorithm, byte[] bArr, byte[] bArr2, int i) throws TokenException;
}
