package org.mozilla.jss.pkcs11;

import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.interfaces.DSAPublicKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.AlgorithmParameterSpec;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.RC2ParameterSpec;
import org.mozilla.jss.crypto.Algorithm;
import org.mozilla.jss.crypto.EncryptionAlgorithm;
import org.mozilla.jss.crypto.IVParameterSpec;
import org.mozilla.jss.crypto.KeyPairAlgorithm;
import org.mozilla.jss.crypto.KeyWrapAlgorithm;
import org.mozilla.jss.crypto.KeyWrapper;
import org.mozilla.jss.crypto.PrivateKey;
import org.mozilla.jss.crypto.SymmetricKey;
import org.mozilla.jss.crypto.TokenException;
import org.mozilla.jss.util.Assert;

/* loaded from: input_file:org/mozilla/jss/pkcs11/PK11KeyWrapper.class */
final class PK11KeyWrapper implements KeyWrapper {
    private PK11Token token;
    private KeyWrapAlgorithm algorithm;
    private int state = 0;
    private AlgorithmParameterSpec parameters = null;
    private SymmetricKey symKey = null;
    private PrivateKey privKey = null;
    private PublicKey pubKey = null;
    private byte[] IV = null;
    private static final int UNINITIALIZED = 0;
    private static final int WRAP = 1;
    private static final int UNWRAP = 2;

    private PK11KeyWrapper() {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public PK11KeyWrapper(PK11Token pK11Token, KeyWrapAlgorithm keyWrapAlgorithm) {
        this.token = pK11Token;
        this.algorithm = keyWrapAlgorithm;
    }

    @Override // org.mozilla.jss.crypto.KeyWrapper
    public void initWrap(SymmetricKey symmetricKey, AlgorithmParameterSpec algorithmParameterSpec) throws InvalidKeyException, InvalidAlgorithmParameterException {
        initWrap(algorithmParameterSpec);
        checkWrapper(symmetricKey);
        this.symKey = symmetricKey;
    }

    @Override // org.mozilla.jss.crypto.KeyWrapper
    public void initWrap(PublicKey publicKey, AlgorithmParameterSpec algorithmParameterSpec) throws InvalidKeyException, InvalidAlgorithmParameterException {
        initWrap(algorithmParameterSpec);
        checkWrapper(publicKey);
        this.pubKey = publicKey;
    }

    @Override // org.mozilla.jss.crypto.KeyWrapper
    public void initWrap() throws InvalidKeyException, InvalidAlgorithmParameterException {
        if (this.algorithm != KeyWrapAlgorithm.PLAINTEXT) {
            throw new InvalidKeyException(new StringBuffer().append(this.algorithm).append(" requires a key").toString());
        }
        reset();
        this.state = 1;
    }

    private void initWrap(AlgorithmParameterSpec algorithmParameterSpec) throws InvalidAlgorithmParameterException {
        reset();
        checkParams(algorithmParameterSpec);
        this.parameters = algorithmParameterSpec;
        this.state = 1;
    }

    @Override // org.mozilla.jss.crypto.KeyWrapper
    public void initUnwrap(PrivateKey privateKey, AlgorithmParameterSpec algorithmParameterSpec) throws InvalidKeyException, InvalidAlgorithmParameterException {
        initUnwrap(algorithmParameterSpec);
        checkWrapper(privateKey);
        this.privKey = privateKey;
    }

    @Override // org.mozilla.jss.crypto.KeyWrapper
    public void initUnwrap(SymmetricKey symmetricKey, AlgorithmParameterSpec algorithmParameterSpec) throws InvalidKeyException, InvalidAlgorithmParameterException {
        initUnwrap(algorithmParameterSpec);
        checkWrapper(symmetricKey);
        this.symKey = symmetricKey;
    }

    @Override // org.mozilla.jss.crypto.KeyWrapper
    public void initUnwrap() throws InvalidKeyException, InvalidAlgorithmParameterException {
        if (this.algorithm != KeyWrapAlgorithm.PLAINTEXT) {
            throw new InvalidKeyException(new StringBuffer().append(this.algorithm).append(" requires a key").toString());
        }
        reset();
        this.state = 2;
    }

    private void initUnwrap(AlgorithmParameterSpec algorithmParameterSpec) throws InvalidAlgorithmParameterException {
        reset();
        checkParams(algorithmParameterSpec);
        this.parameters = algorithmParameterSpec;
        this.state = 2;
    }

    private void checkWrapper(PublicKey publicKey) throws InvalidKeyException {
        if (publicKey == null) {
            throw new InvalidKeyException("Key is null");
        }
        if (!(publicKey instanceof PK11PubKey)) {
            throw new InvalidKeyException("Key is not a PKCS #11 key");
        }
        try {
            KeyType keyTypeFromAlgorithm = KeyType.getKeyTypeFromAlgorithm(this.algorithm);
            if ((keyTypeFromAlgorithm != KeyType.RSA || (publicKey instanceof RSAPublicKey)) && (keyTypeFromAlgorithm != KeyType.DSA || (publicKey instanceof DSAPublicKey))) {
            } else {
                throw new InvalidKeyException("Key is not the right type for this algorithm");
            }
        } catch (NoSuchAlgorithmException e) {
            Assert.notReached("unable to find algorithm from key type");
        }
    }

    private void checkWrapper(SymmetricKey symmetricKey) throws InvalidKeyException {
        if (symmetricKey == null) {
            throw new InvalidKeyException("Key is null");
        }
        if (!symmetricKey.getOwningToken().equals(this.token)) {
            throw new InvalidKeyException("Key does not reside on the current token");
        }
        if (!(symmetricKey instanceof PK11SymKey)) {
            throw new InvalidKeyException("Key is not a PKCS #11 key");
        }
        try {
            if (((PK11SymKey) symmetricKey).getKeyType() != KeyType.getKeyTypeFromAlgorithm(this.algorithm)) {
                throw new InvalidKeyException("Key is not the right type for this algorithm");
            }
        } catch (NoSuchAlgorithmException e) {
            Assert.notReached("Unknown algorithm");
        }
    }

    private void checkWrapper(PrivateKey privateKey) throws InvalidKeyException {
        if (privateKey == null) {
            throw new InvalidKeyException("Key is null");
        }
        if (!privateKey.getOwningToken().equals(this.token)) {
            throw new InvalidKeyException("Key does not reside on the current token");
        }
        if (!(privateKey instanceof PK11PrivKey)) {
            throw new InvalidKeyException("Key is not a PKCS #11 key");
        }
        try {
            if (((PK11PrivKey) privateKey).getKeyType() != KeyType.getKeyTypeFromAlgorithm(this.algorithm)) {
                throw new InvalidKeyException("Key is not the right type for this algorithm");
            }
        } catch (NoSuchAlgorithmException e) {
            Assert.notReached("Unknown algorithm");
        }
    }

    private void checkParams(AlgorithmParameterSpec algorithmParameterSpec) throws InvalidAlgorithmParameterException {
        if (!this.algorithm.isValidParameterObject(algorithmParameterSpec)) {
            throw new InvalidAlgorithmParameterException(new StringBuffer().append(this.algorithm).append(" cannot use a ").append(algorithmParameterSpec != null ? algorithmParameterSpec.getClass().getName() : "null").append(" parameter").toString());
        }
        if (algorithmParameterSpec instanceof IVParameterSpec) {
            this.IV = ((IVParameterSpec) algorithmParameterSpec).getIV();
        } else if (algorithmParameterSpec instanceof IvParameterSpec) {
            this.IV = ((IvParameterSpec) algorithmParameterSpec).getIV();
        } else if (algorithmParameterSpec instanceof RC2ParameterSpec) {
            this.IV = ((RC2ParameterSpec) algorithmParameterSpec).getIV();
        }
    }

    @Override // org.mozilla.jss.crypto.KeyWrapper
    public byte[] wrap(PrivateKey privateKey) throws InvalidKeyException, IllegalStateException, TokenException {
        if (this.state != 1) {
            throw new IllegalStateException();
        }
        if (this.algorithm == KeyWrapAlgorithm.PLAINTEXT) {
            throw new InvalidKeyException("plaintext wrapping not supported");
        }
        checkWrappee(privateKey);
        if (this.symKey == null) {
            throw new InvalidKeyException("Wrapping a private key with a public key is not supported");
        }
        Assert._assert(this.privKey == null && this.pubKey == null);
        return nativeWrapPrivWithSym(this.token, privateKey, this.symKey, this.algorithm, this.IV);
    }

    @Override // org.mozilla.jss.crypto.KeyWrapper
    public byte[] wrap(SymmetricKey symmetricKey) throws InvalidKeyException, IllegalStateException, TokenException {
        if (this.state != 1) {
            throw new IllegalStateException();
        }
        if (this.algorithm == KeyWrapAlgorithm.PLAINTEXT) {
            throw new InvalidKeyException("plaintext wrapping not supported");
        }
        checkWrappee(symmetricKey);
        if (this.symKey != null) {
            Assert._assert(this.privKey == null && this.pubKey == null);
            return nativeWrapSymWithSym(this.token, symmetricKey, this.symKey, this.algorithm, this.IV);
        }
        Assert._assert(this.pubKey != null && this.privKey == null && this.symKey == null);
        return nativeWrapSymWithPub(this.token, symmetricKey, this.pubKey, this.algorithm, this.IV);
    }

    private void checkWrappee(SymmetricKey symmetricKey) throws InvalidKeyException {
        if (symmetricKey == null) {
            throw new InvalidKeyException("key to be wrapped is null");
        }
        if (!(symmetricKey instanceof PK11SymKey)) {
            throw new InvalidKeyException("key to be wrapped is not a PKCS #11 key");
        }
        if (!symmetricKey.getOwningToken().equals(this.token)) {
            throw new InvalidKeyException("key to be wrapped does not live on the same token as the wrapping key");
        }
    }

    private void checkWrappee(PrivateKey privateKey) throws InvalidKeyException {
        if (privateKey == null) {
            throw new InvalidKeyException("key to be wrapped is null");
        }
        if (!(privateKey instanceof PK11PrivKey)) {
            throw new InvalidKeyException("key to be wrapped is not a PKCS #11 key");
        }
        if (!privateKey.getOwningToken().equals(this.token)) {
            throw new InvalidKeyException("key to be wrapped does not live on the same token as the wrapping key");
        }
    }

    private static native byte[] nativeWrapSymWithSym(PK11Token pK11Token, SymmetricKey symmetricKey, SymmetricKey symmetricKey2, KeyWrapAlgorithm keyWrapAlgorithm, byte[] bArr) throws TokenException;

    private static native byte[] nativeWrapSymWithPub(PK11Token pK11Token, SymmetricKey symmetricKey, PublicKey publicKey, KeyWrapAlgorithm keyWrapAlgorithm, byte[] bArr) throws TokenException;

    private static native byte[] nativeWrapPrivWithSym(PK11Token pK11Token, PrivateKey privateKey, SymmetricKey symmetricKey, KeyWrapAlgorithm keyWrapAlgorithm, byte[] bArr) throws TokenException;

    @Override // org.mozilla.jss.crypto.KeyWrapper
    public PrivateKey unwrapPrivate(byte[] bArr, PrivateKey.Type type, PublicKey publicKey) throws TokenException, InvalidKeyException, IllegalStateException {
        return baseUnwrapPrivate(bArr, type, publicKey, false);
    }

    @Override // org.mozilla.jss.crypto.KeyWrapper
    public PrivateKey unwrapTemporaryPrivate(byte[] bArr, PrivateKey.Type type, PublicKey publicKey) throws TokenException, InvalidKeyException, IllegalStateException {
        return baseUnwrapPrivate(bArr, type, publicKey, true);
    }

    private PrivateKey baseUnwrapPrivate(byte[] bArr, PrivateKey.Type type, PublicKey publicKey, boolean z) throws TokenException, InvalidKeyException, IllegalStateException {
        if (this.state != 2) {
            throw new IllegalStateException();
        }
        if (this.algorithm == KeyWrapAlgorithm.PLAINTEXT) {
            throw new TokenException("plaintext unwrapping of private keys is not supported");
        }
        byte[] extractPublicValue = extractPublicValue(publicKey, type);
        if (this.symKey == null) {
            throw new InvalidKeyException("Unwrapping a private key with a private key is not supported");
        }
        Assert._assert(this.pubKey == null && this.privKey == null);
        return nativeUnwrapPrivWithSym(this.token, this.symKey, bArr, this.algorithm, algFromType(type), extractPublicValue, this.IV, z);
    }

    private static byte[] extractPublicValue(PublicKey publicKey, PrivateKey.Type type) throws InvalidKeyException {
        if (publicKey == null) {
            throw new InvalidKeyException("publicKey is null");
        }
        if (type == PrivateKey.RSA) {
            if (publicKey instanceof RSAPublicKey) {
                return ((RSAPublicKey) publicKey).getModulus().toByteArray();
            }
            throw new InvalidKeyException("Type of public key does not match type of private key");
        }
        if (type != PrivateKey.DSA) {
            Assert.notReached("Unknown private key type");
            return new byte[0];
        }
        if (publicKey instanceof DSAPublicKey) {
            return ((DSAPublicKey) publicKey).getY().toByteArray();
        }
        throw new InvalidKeyException("Type of public key does not match type of private key");
    }

    @Override // org.mozilla.jss.crypto.KeyWrapper
    public SymmetricKey unwrapSymmetric(byte[] bArr, SymmetricKey.Type type, SymmetricKey.Usage usage, int i) throws TokenException, IllegalStateException, InvalidAlgorithmParameterException {
        return unwrapSymmetric(bArr, type, usage.getVal(), i);
    }

    @Override // org.mozilla.jss.crypto.KeyWrapper
    public SymmetricKey unwrapSymmetric(byte[] bArr, SymmetricKey.Type type, int i) throws TokenException, IllegalStateException, InvalidAlgorithmParameterException {
        return unwrapSymmetric(bArr, type, -1, i);
    }

    private SymmetricKey unwrapSymmetric(byte[] bArr, SymmetricKey.Type type, int i, int i2) throws TokenException, IllegalStateException, InvalidAlgorithmParameterException {
        if (this.state != 2) {
            throw new IllegalStateException();
        }
        if (this.algorithm.isPadded() || type != SymmetricKey.RC4) {
            i2 = 0;
        } else if (i2 <= 0) {
            throw new InvalidAlgorithmParameterException("RC4 keys wrapped in unpadded algorithms need key length specified when unwrapping");
        }
        if (this.algorithm == KeyWrapAlgorithm.PLAINTEXT) {
            return nativeUnwrapSymPlaintext(this.token, bArr, algFromType(type), i);
        }
        if (this.symKey != null) {
            Assert._assert(this.pubKey == null && this.privKey == null);
            return nativeUnwrapSymWithSym(this.token, this.symKey, bArr, this.algorithm, algFromType(type), i2, this.IV, i);
        }
        Assert._assert(this.privKey != null && this.pubKey == null && this.symKey == null);
        return nativeUnwrapSymWithPriv(this.token, this.privKey, bArr, this.algorithm, algFromType(type), i2, this.IV, i);
    }

    private static Algorithm algFromType(PrivateKey.Type type) {
        if (type == PrivateKey.RSA) {
            return KeyPairAlgorithm.RSAFamily;
        }
        if (type == PrivateKey.DSA) {
            return KeyPairAlgorithm.DSAFamily;
        }
        Assert._assert(type == PrivateKey.EC);
        return KeyPairAlgorithm.ECFamily;
    }

    private static Algorithm algFromType(SymmetricKey.Type type) {
        if (type == SymmetricKey.DES) {
            return EncryptionAlgorithm.DES_ECB;
        }
        if (type == SymmetricKey.DES3) {
            return EncryptionAlgorithm.DES3_ECB;
        }
        if (type == SymmetricKey.AES) {
            return EncryptionAlgorithm.AES_128_ECB;
        }
        if (type == SymmetricKey.RC4) {
            return EncryptionAlgorithm.RC4;
        }
        Assert._assert(type == SymmetricKey.RC2);
        return EncryptionAlgorithm.RC2_CBC;
    }

    private static native PrivateKey nativeUnwrapPrivWithSym(PK11Token pK11Token, SymmetricKey symmetricKey, byte[] bArr, KeyWrapAlgorithm keyWrapAlgorithm, Algorithm algorithm, byte[] bArr2, byte[] bArr3, boolean z) throws TokenException;

    private static native SymmetricKey nativeUnwrapSymWithSym(PK11Token pK11Token, SymmetricKey symmetricKey, byte[] bArr, KeyWrapAlgorithm keyWrapAlgorithm, Algorithm algorithm, int i, byte[] bArr2, int i2) throws TokenException;

    private static native SymmetricKey nativeUnwrapSymWithPriv(PK11Token pK11Token, PrivateKey privateKey, byte[] bArr, KeyWrapAlgorithm keyWrapAlgorithm, Algorithm algorithm, int i, byte[] bArr2, int i2) throws TokenException;

    private static native SymmetricKey nativeUnwrapSymPlaintext(PK11Token pK11Token, byte[] bArr, Algorithm algorithm, int i);

    private void reset() {
        this.state = 0;
        this.symKey = null;
        this.privKey = null;
        this.pubKey = null;
        this.parameters = null;
        this.IV = null;
    }
}
