package org.mozilla.jss.provider.javax.crypto;

import java.security.AlgorithmParameters;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.InvalidParameterSpecException;
import javax.crypto.BadPaddingException;
import javax.crypto.CipherSpi;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.ShortBufferException;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.RC2ParameterSpec;
import org.mozilla.jss.asn1.ASN1Util;
import org.mozilla.jss.asn1.BIT_STRING;
import org.mozilla.jss.asn1.InvalidBERException;
import org.mozilla.jss.crypto.Algorithm;
import org.mozilla.jss.crypto.Cipher;
import org.mozilla.jss.crypto.CryptoToken;
import org.mozilla.jss.crypto.EncryptionAlgorithm;
import org.mozilla.jss.crypto.KeyWrapAlgorithm;
import org.mozilla.jss.crypto.KeyWrapper;
import org.mozilla.jss.crypto.PrivateKey;
import org.mozilla.jss.crypto.SecretKeyFacade;
import org.mozilla.jss.crypto.SymmetricKey;
import org.mozilla.jss.crypto.TokenException;
import org.mozilla.jss.crypto.TokenRuntimeException;
import org.mozilla.jss.crypto.TokenSupplierManager;
import org.mozilla.jss.pkcs11.PK11PrivKey;
import org.mozilla.jss.pkcs11.PK11PubKey;
import org.mozilla.jss.pkix.primitive.SubjectPublicKeyInfo;
import org.mozilla.jss.util.Assert;

/* loaded from: input_file:org/mozilla/jss/provider/javax/crypto/JSSCipherSpi.class */
class JSSCipherSpi extends CipherSpi {
    private String algFamily;
    private String algMode;
    private String algPadding;
    CryptoToken token;
    private Cipher cipher;
    private EncryptionAlgorithm encAlg;
    private KeyWrapper wrapper;
    private KeyWrapAlgorithm wrapAlg;
    private AlgorithmParameterSpec params;
    private int blockSize;
    private int keyStrength;
    private static final NoAlgParams noAlgParams = new NoAlgParams();

    /* loaded from: input_file:org/mozilla/jss/provider/javax/crypto/JSSCipherSpi$AES.class */
    public static class AES extends JSSCipherSpi {
        public AES() {
            super("AES");
        }
    }

    /* loaded from: input_file:org/mozilla/jss/provider/javax/crypto/JSSCipherSpi$DES.class */
    public static class DES extends JSSCipherSpi {
        public DES() {
            super("DES");
        }
    }

    /* loaded from: input_file:org/mozilla/jss/provider/javax/crypto/JSSCipherSpi$DESede.class */
    public static class DESede extends JSSCipherSpi {
        public DESede() {
            super("DESede");
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/mozilla/jss/provider/javax/crypto/JSSCipherSpi$NoAlgParams.class */
    public static class NoAlgParams implements AlgorithmParameterSpec {
        private NoAlgParams() {
        }
    }

    /* loaded from: input_file:org/mozilla/jss/provider/javax/crypto/JSSCipherSpi$RC2.class */
    public static class RC2 extends JSSCipherSpi {
        public RC2() {
            super("RC2");
        }
    }

    /* loaded from: input_file:org/mozilla/jss/provider/javax/crypto/JSSCipherSpi$RC4.class */
    public static class RC4 extends JSSCipherSpi {
        public RC4() {
            super("RC4");
        }
    }

    /* loaded from: input_file:org/mozilla/jss/provider/javax/crypto/JSSCipherSpi$RSA.class */
    public static class RSA extends JSSCipherSpi {
        public RSA() {
            super("RSA");
        }
    }

    private JSSCipherSpi() {
        this.algFamily = null;
        this.algMode = null;
        this.algPadding = null;
        this.token = null;
        this.cipher = null;
        this.encAlg = null;
        this.wrapper = null;
        this.wrapAlg = null;
        this.params = null;
    }

    protected JSSCipherSpi(String str) {
        this.algFamily = null;
        this.algMode = null;
        this.algPadding = null;
        this.token = null;
        this.cipher = null;
        this.encAlg = null;
        this.wrapper = null;
        this.wrapAlg = null;
        this.params = null;
        this.algFamily = str;
        this.token = TokenSupplierManager.getTokenSupplier().getThreadToken();
    }

    @Override // javax.crypto.CipherSpi
    public void engineSetMode(String str) {
        this.algMode = str;
    }

    @Override // javax.crypto.CipherSpi
    public void engineSetPadding(String str) {
        this.algPadding = str;
    }

    private static SecretKey importKey(Key key) throws InvalidKeyException {
        if (!(key instanceof SecretKey)) {
            throw new InvalidKeyException("Invalid key type: " + key.getClass().getName());
        }
        SecretKey secretKey = (SecretKey) key;
        try {
            return SecretKeyFactory.getInstance(secretKey.getAlgorithm(), "Mozilla-JSS").translateKey(secretKey);
        } catch (NoSuchAlgorithmException e) {
            throw new InvalidKeyException("Unable to translate key with Algorithm" + key.getAlgorithm());
        } catch (NoSuchProviderException e2) {
            throw new InvalidKeyException("Unable to find provider, this should not happen");
        }
    }

    @Override // javax.crypto.CipherSpi
    public void engineInit(int i, Key key, AlgorithmParameterSpec algorithmParameterSpec, SecureRandom secureRandom) throws InvalidKeyException, InvalidAlgorithmParameterException {
        try {
            this.cipher = null;
            this.wrapper = null;
            this.params = algorithmParameterSpec;
            if (this.algFamily == null) {
                throw new InvalidAlgorithmParameterException("incorrectly specified algorithm");
            }
            if (i != 1 && i != 2 && i != 3 && i != 4) {
                throw new InvalidKeyException("Invalid opmode");
            }
            StringBuffer stringBuffer = new StringBuffer();
            stringBuffer.append(this.algFamily);
            if (this.algMode != null) {
                stringBuffer.append('/');
                stringBuffer.append(this.algMode);
            }
            if (this.algPadding != null) {
                stringBuffer.append('/');
                stringBuffer.append(this.algPadding);
            }
            if (i == 1 || i == 2) {
                if (!(key instanceof SecretKeyFacade)) {
                    key = importKey(key);
                }
                SymmetricKey symmetricKey = ((SecretKeyFacade) key).key;
                this.keyStrength = symmetricKey.getStrength();
                this.encAlg = EncryptionAlgorithm.lookup(this.algFamily, this.algMode, this.algPadding, this.keyStrength);
                this.blockSize = this.encAlg.getBlockSize();
                if (!this.token.doesAlgorithm(this.encAlg)) {
                    throw new NoSuchAlgorithmException(this.encAlg.toString() + " is not supported by this token " + this.token.getName());
                }
                this.cipher = this.token.getCipherContext(this.encAlg);
                if (i == 1) {
                    if (this.params == noAlgParams) {
                        this.params = generateAlgParams(this.encAlg, this.blockSize);
                    }
                    this.cipher.initEncrypt(symmetricKey, this.params);
                } else if (i == 2) {
                    if (this.params == noAlgParams) {
                        this.params = null;
                    }
                    this.cipher.initDecrypt(symmetricKey, this.params);
                }
            } else {
                Assert._assert(i == 3 || i == 4);
                this.wrapAlg = KeyWrapAlgorithm.fromString(stringBuffer.toString());
                this.blockSize = this.wrapAlg.getBlockSize();
                this.wrapper = this.token.getKeyWrapper(this.wrapAlg);
                if (this.params == noAlgParams) {
                    if (i == 3) {
                        this.params = generateAlgParams(this.wrapAlg, this.blockSize);
                    } else {
                        Assert._assert(i == 4);
                        this.params = null;
                    }
                }
                if (key instanceof PrivateKey) {
                    if (i != 4) {
                        throw new InvalidKeyException("Private key can only be used for unwrapping");
                    }
                    this.wrapper.initUnwrap((PrivateKey) key, this.params);
                } else if (key instanceof PublicKey) {
                    if (i != 3) {
                        throw new InvalidKeyException("Public key can only be used for wrapping");
                    }
                    this.wrapper.initWrap((PublicKey) key, this.params);
                } else {
                    if (!(key instanceof SecretKeyFacade)) {
                        throw new InvalidKeyException("Invalid key type: " + key.getClass().getName());
                    }
                    SecretKeyFacade secretKeyFacade = (SecretKeyFacade) key;
                    if (i == 3) {
                        this.wrapper.initWrap(secretKeyFacade.key, this.params);
                    } else {
                        Assert._assert(i == 4);
                        this.wrapper.initUnwrap(secretKeyFacade.key, this.params);
                    }
                }
            }
        } catch (NoSuchAlgorithmException e) {
            throw new InvalidAlgorithmParameterException(e.getMessage());
        } catch (TokenException e2) {
            throw new TokenRuntimeException(e2.getMessage());
        }
    }

    @Override // javax.crypto.CipherSpi
    public void engineInit(int i, Key key, AlgorithmParameters algorithmParameters, SecureRandom secureRandom) throws InvalidKeyException, InvalidAlgorithmParameterException {
        try {
            AlgorithmParameterSpec algorithmParameterSpec = null;
            if (this.algFamily.compareToIgnoreCase("RC2") == 0) {
                algorithmParameterSpec = algorithmParameters.getParameterSpec(RC2ParameterSpec.class);
            } else if (this.algMode.compareToIgnoreCase("CBC") == 0) {
                algorithmParameterSpec = algorithmParameters.getParameterSpec(IvParameterSpec.class);
            }
            if (algorithmParameterSpec == null) {
                throw new InvalidAlgorithmParameterException("Unknown Parameter Spec");
            }
            engineInit(i, key, algorithmParameterSpec, secureRandom);
        } catch (Exception e) {
            throw new InvalidAlgorithmParameterException(e.getMessage());
        }
    }

    @Override // javax.crypto.CipherSpi
    public void engineInit(int i, Key key, SecureRandom secureRandom) throws InvalidKeyException {
        try {
            engineInit(i, key, noAlgParams, secureRandom);
        } catch (InvalidAlgorithmParameterException e) {
            throw new InvalidKeyException(e.getMessage());
        }
    }

    private AlgorithmParameterSpec generateAlgParams(Algorithm algorithm, int i) throws InvalidKeyException {
        Class[] parameterClasses = algorithm.getParameterClasses();
        AlgorithmParameterSpec algorithmParameterSpec = null;
        if (parameterClasses == null) {
            return null;
        }
        byte[] bArr = new byte[i];
        try {
            SecureRandom.getInstance("pkcs11prng", "Mozilla-JSS").nextBytes(bArr);
        } catch (Exception e) {
            Assert.notReached(e.getMessage());
        }
        int i2 = 0;
        while (true) {
            if (i2 >= parameterClasses.length) {
                break;
            }
            if (parameterClasses[i2].equals(IvParameterSpec.class)) {
                algorithmParameterSpec = new IvParameterSpec(bArr);
                break;
            }
            if (parameterClasses[i2].equals(RC2ParameterSpec.class)) {
                algorithmParameterSpec = new RC2ParameterSpec(this.keyStrength, bArr);
                break;
            }
            i2++;
        }
        return algorithmParameterSpec;
    }

    @Override // javax.crypto.CipherSpi
    public int engineGetBlockSize() {
        return this.blockSize;
    }

    @Override // javax.crypto.CipherSpi
    public byte[] engineGetIV() {
        if (this.params == null) {
            return null;
        }
        if (this.params instanceof IvParameterSpec) {
            return ((IvParameterSpec) this.params).getIV();
        }
        if (this.params instanceof RC2ParameterSpec) {
            return ((RC2ParameterSpec) this.params).getIV();
        }
        return null;
    }

    @Override // javax.crypto.CipherSpi
    public AlgorithmParameters engineGetParameters() {
        AlgorithmParameters algorithmParameters = null;
        try {
            if ((this.params instanceof IvParameterSpec) || (this.params instanceof RC2ParameterSpec)) {
                algorithmParameters = AlgorithmParameters.getInstance(this.algFamily);
                algorithmParameters.init(this.params);
            }
        } catch (NoSuchAlgorithmException e) {
            Assert.notReached(e.getMessage());
        } catch (InvalidParameterSpecException e2) {
            Assert.notReached(e2.getMessage());
        }
        return algorithmParameters;
    }

    @Override // javax.crypto.CipherSpi
    public int engineGetOutputSize(int i) {
        return ((((this.blockSize - 1) + i) / this.blockSize) + 1) * this.blockSize;
    }

    @Override // javax.crypto.CipherSpi
    public byte[] engineUpdate(byte[] bArr, int i, int i2) {
        if (this.cipher == null) {
            Assert.notReached();
            return null;
        }
        try {
            return this.cipher.update(bArr, i, i2);
        } catch (TokenException e) {
            throw new TokenRuntimeException(e.getMessage());
        }
    }

    @Override // javax.crypto.CipherSpi
    public int engineUpdate(byte[] bArr, int i, int i2, byte[] bArr2, int i3) throws ShortBufferException {
        byte[] engineUpdate = engineUpdate(bArr, i, i2);
        if (engineUpdate.length > bArr2.length - i3) {
            throw new ShortBufferException(engineUpdate.length + " needed, " + (bArr2.length - i3) + " supplied");
        }
        System.arraycopy(engineUpdate, 0, bArr2, i3, engineUpdate.length);
        return engineUpdate.length;
    }

    @Override // javax.crypto.CipherSpi
    public byte[] engineDoFinal(byte[] bArr, int i, int i2) throws IllegalBlockSizeException, BadPaddingException {
        if (this.cipher == null) {
            Assert.notReached();
            return null;
        }
        try {
            return (bArr == null || i2 == 0) ? this.cipher.doFinal() : this.cipher.doFinal(bArr, i, i2);
        } catch (IllegalStateException e) {
            Assert.notReached();
            return null;
        } catch (org.mozilla.jss.crypto.BadPaddingException e2) {
            throw new BadPaddingException(e2.getMessage());
        } catch (org.mozilla.jss.crypto.IllegalBlockSizeException e3) {
            throw new IllegalBlockSizeException(e3.getMessage());
        } catch (TokenException e4) {
            throw new TokenRuntimeException(e4.getMessage());
        }
    }

    @Override // javax.crypto.CipherSpi
    public int engineDoFinal(byte[] bArr, int i, int i2, byte[] bArr2, int i3) throws ShortBufferException, IllegalBlockSizeException, BadPaddingException {
        byte[] engineDoFinal = engineDoFinal(bArr, i, i2);
        if (engineDoFinal.length > bArr2.length - i3) {
            throw new ShortBufferException(engineDoFinal.length + " needed, " + (bArr2.length - i3) + " supplied");
        }
        System.arraycopy(engineDoFinal, 0, bArr2, i3, engineDoFinal.length);
        return engineDoFinal.length;
    }

    @Override // javax.crypto.CipherSpi
    public byte[] engineWrap(Key key) throws IllegalBlockSizeException, InvalidKeyException {
        if (this.wrapper == null) {
            Assert.notReached();
            return null;
        }
        try {
            if (key instanceof PrivateKey) {
                return this.wrapper.wrap((PrivateKey) key);
            }
            if (key instanceof SecretKeyFacade) {
                return this.wrapper.wrap(((SecretKeyFacade) key).key);
            }
            throw new InvalidKeyException("Unsupported key type: " + key.getClass().getName());
        } catch (IllegalStateException e) {
            Assert.notReached();
            return null;
        } catch (TokenException e2) {
            throw new TokenRuntimeException(e2.getMessage());
        }
    }

    @Override // javax.crypto.CipherSpi
    public Key engineUnwrap(byte[] bArr, String str, int i) throws InvalidKeyException, NoSuchAlgorithmException {
        if (this.wrapper == null) {
            Assert.notReached();
            return null;
        }
        try {
            switch (i) {
                case 1:
                    throw new UnsupportedOperationException("Unable to unwrap public keys");
                case 2:
                    return engineUnwrapPrivate(bArr, str);
                case 3:
                    return engineUnwrapSecret(bArr, str);
                default:
                    throw new NoSuchAlgorithmException("Invalid key type: " + i);
            }
        } catch (IllegalStateException e) {
            Assert.notReached();
            return null;
        }
    }

    private Key engineUnwrapSecret(byte[] bArr, String str) throws InvalidKeyException, NoSuchAlgorithmException {
        try {
            int indexOf = str.indexOf(47);
            if (indexOf != -1) {
                str = str.substring(0, indexOf);
            }
            return new SecretKeyFacade(this.wrapper.unwrapSymmetric(bArr, SymmetricKey.Type.fromName(str), 0));
        } catch (StringIndexOutOfBoundsException e) {
            throw new NoSuchAlgorithmException("Unknown algorithm: " + str);
        } catch (InvalidAlgorithmParameterException e2) {
            throw new NoSuchAlgorithmException("Invalid algorithm parameters" + e2.getMessage());
        } catch (TokenException e3) {
            throw new TokenRuntimeException(e3.getMessage());
        }
    }

    private Key engineUnwrapPrivate(byte[] bArr, String str) throws InvalidKeyException, NoSuchAlgorithmException {
        throw new NoSuchAlgorithmException("Unwrapping private keys via the JCA interface is not supported: http://bugzilla.mozilla.org/show_bug.cgi?id=135328");
    }

    @Override // javax.crypto.CipherSpi
    public int engineGetKeySize(Key key) throws InvalidKeyException {
        if (key instanceof PK11PrivKey) {
            return ((PK11PrivKey) key).getStrength();
        }
        if (!(key instanceof PK11PubKey)) {
            return key instanceof SecretKeyFacade ? ((SecretKeyFacade) key).key.getLength() : ((SecretKeyFacade) importKey(key)).key.getLength();
        }
        try {
            BIT_STRING subjectPublicKey = ((SubjectPublicKeyInfo) ASN1Util.decode(new SubjectPublicKeyInfo.Template(), ((PK11PubKey) key).getEncoded())).getSubjectPublicKey();
            return subjectPublicKey.getBits().length - subjectPublicKey.getPadCount();
        } catch (InvalidBERException e) {
            throw new InvalidKeyException("Exception while decoding public key: " + e.getMessage());
        }
    }
}
