package sun.security.pkcs11;

import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidParameterException;
import java.security.ProviderException;
import java.security.SecureRandom;
import java.security.spec.AlgorithmParameterSpec;
import javax.crypto.KeyGeneratorSpi;
import javax.crypto.SecretKey;
import jonelo.jacksum.adapt.gnu.crypto.hash.Haval;
import sun.security.pkcs11.wrapper.CK_ATTRIBUTE;
import sun.security.pkcs11.wrapper.CK_MECHANISM;
import sun.security.pkcs11.wrapper.CK_MECHANISM_INFO;
import sun.security.pkcs11.wrapper.PKCS11Constants;
import sun.security.pkcs11.wrapper.PKCS11Exception;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:sun/security/pkcs11/P11KeyGenerator.class */
public final class P11KeyGenerator extends KeyGeneratorSpi {
    private final Token token;
    private final String algorithm;
    private long mechanism;
    private int keySize;
    private int significantKeySize;
    private long keyType;
    private boolean supportBothKeySizes;
    private int minKeySize;
    private int maxKeySize;

    /* JADX INFO: Access modifiers changed from: package-private */
    public P11KeyGenerator(Token token, String str, long j) throws PKCS11Exception {
        this.token = token;
        this.algorithm = str;
        this.mechanism = j;
        if (this.mechanism == 305) {
            this.supportBothKeySizes = token.provider.config.isEnabled(304L) && token.getMechanismInfo(304L) != null;
        } else if (this.mechanism == 272) {
            CK_MECHANISM_INFO mechanismInfo = token.getMechanismInfo(j);
            if (mechanismInfo.ulMinKeySize < 8) {
                this.minKeySize = ((int) mechanismInfo.ulMinKeySize) << 3;
                this.maxKeySize = ((int) mechanismInfo.ulMaxKeySize) << 3;
            } else {
                this.minKeySize = (int) mechanismInfo.ulMinKeySize;
                this.maxKeySize = (int) mechanismInfo.ulMaxKeySize;
            }
            if (this.minKeySize < 40) {
                this.minKeySize = 40;
            }
        } else if (this.mechanism == PKCS11Constants.CKM_BLOWFISH_KEY_GEN) {
            CK_MECHANISM_INFO mechanismInfo2 = token.getMechanismInfo(j);
            this.maxKeySize = ((int) mechanismInfo2.ulMaxKeySize) << 3;
            this.minKeySize = ((int) mechanismInfo2.ulMinKeySize) << 3;
            if (this.minKeySize < 40) {
                this.minKeySize = 40;
            }
        }
        setDefaultKeySize();
    }

    private void setDefaultKeySize() {
        boolean z = false;
        switch ((int) this.mechanism) {
            case 272:
                this.keyType = 18L;
                this.keySize = 128;
                z = true;
                break;
            case 288:
                this.keySize = 64;
                this.significantKeySize = 56;
                this.keyType = 19L;
                break;
            case 304:
                this.keySize = 128;
                this.significantKeySize = 112;
                this.keyType = 20L;
                break;
            case 305:
                this.keySize = 192;
                this.significantKeySize = 168;
                this.keyType = 21L;
                break;
            case 4224:
                this.keyType = 31L;
                this.keySize = 128;
                this.significantKeySize = 128;
                break;
            case 4240:
                this.keyType = 32L;
                this.keySize = 128;
                z = true;
                break;
            default:
                throw new ProviderException("Unknown mechanism " + this.mechanism);
        }
        if (z) {
            if (this.keySize > this.maxKeySize || this.keySize < this.minKeySize) {
                throw new ProviderException("Unsupported key size");
            }
        }
    }

    @Override // javax.crypto.KeyGeneratorSpi
    protected void engineInit(SecureRandom secureRandom) {
        this.token.ensureValid();
        setDefaultKeySize();
    }

    @Override // javax.crypto.KeyGeneratorSpi
    protected void engineInit(AlgorithmParameterSpec algorithmParameterSpec, SecureRandom secureRandom) throws InvalidAlgorithmParameterException {
        throw new InvalidAlgorithmParameterException("AlgorithmParameterSpec not supported");
    }

    @Override // javax.crypto.KeyGeneratorSpi
    protected void engineInit(int i, SecureRandom secureRandom) {
        long j;
        this.token.ensureValid();
        switch ((int) this.mechanism) {
            case 272:
            case 4240:
                if (i < this.minKeySize || i > this.maxKeySize) {
                    throw new InvalidParameterException(String.valueOf(this.algorithm) + " key length must be between " + this.minKeySize + " and " + this.maxKeySize + " bits");
                }
                this.keySize = i;
                this.significantKeySize = i;
                return;
            case 288:
                if (i != this.keySize && i != this.significantKeySize) {
                    throw new InvalidParameterException("DES key length must be 56 bits");
                }
                return;
            case 304:
            case 305:
                if (i == 112 || i == 128) {
                    j = 304;
                } else {
                    if (i != 168 && i != 192) {
                        throw new InvalidParameterException("DESede key length must be 112, or 168 bits");
                    }
                    j = 305;
                }
                if (this.mechanism != j) {
                    if (!this.supportBothKeySizes) {
                        throw new InvalidParameterException("Only " + this.significantKeySize + "-bit DESede key length is supported");
                    }
                    this.mechanism = j;
                    setDefaultKeySize();
                    return;
                }
                return;
            case 4224:
                if (i != 128 && i != 192 && i != 256) {
                    throw new InvalidParameterException("AES key length must be 128, 192, or 256 bits");
                }
                this.keySize = i;
                this.significantKeySize = i;
                return;
            default:
                throw new ProviderException("Unknown mechanism " + this.mechanism);
        }
    }

    @Override // javax.crypto.KeyGeneratorSpi
    protected SecretKey engineGenerateKey() {
        CK_ATTRIBUTE[] ck_attributeArr;
        Session session = null;
        try {
            try {
                session = this.token.getObjSession();
                switch ((int) this.keyType) {
                    case 19:
                    case Haval.HAVAL_160_BIT /* 20 */:
                    case 21:
                        ck_attributeArr = new CK_ATTRIBUTE[]{new CK_ATTRIBUTE(0L, 4L)};
                        break;
                    default:
                        ck_attributeArr = new CK_ATTRIBUTE[]{new CK_ATTRIBUTE(0L, 4L), new CK_ATTRIBUTE(353L, this.keySize >> 3)};
                        break;
                }
                CK_ATTRIBUTE[] attributes = this.token.getAttributes("generate", 4L, this.keyType, ck_attributeArr);
                SecretKey secretKey = P11Key.secretKey(session, this.token.p11.C_GenerateKey(session.id(), new CK_MECHANISM(this.mechanism), attributes), this.algorithm, this.significantKeySize, attributes);
                this.token.releaseSession(session);
                return secretKey;
            } catch (PKCS11Exception e) {
                throw new ProviderException("Could not generate key", e);
            }
        } catch (Throwable th) {
            this.token.releaseSession(session);
            throw th;
        }
    }
}
