package com.ibm.crypto.pkcs11impl.provider;

import com.ibm.crypto.provider.ECUtils;
import com.ibm.misc.Debug;
import com.ibm.pkcs11.PKCS11Object;
import com.ibm.ras.RASFormatter;
import com.ibm.ras.RASITraceEvent;
import com.ibm.ws.ssl.core.Constants;
import com.ibm.wsspi.management.agent.AdminSubsystemExtensionHandler;
import java.math.BigInteger;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidParameterException;
import java.security.KeyPair;
import java.security.KeyPairGeneratorSpi;
import java.security.Provider;
import java.security.Security;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.ECParameterSpec;
import java.util.HashMap;

/* loaded from: input_file:wasJars/ibmpkcs11impl.jar:com/ibm/crypto/pkcs11impl/provider/ECPKCS11KeyPairGenerator.class */
public final class ECPKCS11KeyPairGenerator extends KeyPairGeneratorSpi {
    private int modlen;
    private SessionManager sessionManager;
    private Config config;
    private AlgorithmParameterSpec params;
    private Boolean isToken;
    private Boolean isSensitive;
    private Boolean sign;
    private Boolean encrypt;
    private Boolean wrapping;
    private Boolean extractable;
    private boolean paramsUsed;
    private java.security.SecureRandom random;
    private static Debug debug = Debug.getInstance("pkcs11impl");
    private static String className = "com.ibm.crypto.pkcs11impl.provider.ECPKCS11KeyPairGenerator";

    public ECPKCS11KeyPairGenerator(Provider provider) {
        this.modlen = 256;
        this.sessionManager = null;
        this.config = null;
        this.isToken = new Boolean(false);
        this.isSensitive = new Boolean(false);
        this.sign = new Boolean(true);
        this.encrypt = new Boolean(true);
        this.wrapping = new Boolean(true);
        this.extractable = null;
        this.paramsUsed = false;
        if (debug != null) {
            debug.entry(RASITraceEvent.TYPE_PERF, className, "ECPKCS11KeyPairGenerator");
        }
        this.sessionManager = ((IBMPKCS11Impl) provider).getSessionManager();
        this.config = ((IBMPKCS11Impl) provider).getConfig();
        if (debug != null) {
            debug.exit(RASITraceEvent.TYPE_PERF, className, "ECPKCS11KeyPairGenerator");
        }
    }

    public ECPKCS11KeyPairGenerator() {
        this(Security.getProvider(Constants.IBMPKCS11Impl_NAME));
    }

    @Override // java.security.KeyPairGeneratorSpi
    public void initialize(AlgorithmParameterSpec algorithmParameterSpec, java.security.SecureRandom secureRandom) throws InvalidAlgorithmParameterException {
        ECParameterSpec eCParameterSpec;
        if (debug != null) {
            debug.entry(RASITraceEvent.TYPE_PERF, className, AdminSubsystemExtensionHandler.INITIALIZE, algorithmParameterSpec, secureRandom);
        }
        if (algorithmParameterSpec == null) {
            throw new InvalidAlgorithmParameterException("ECParameterSpec must be specified");
        }
        if (algorithmParameterSpec instanceof ECParameterSpec) {
            eCParameterSpec = PKCS11ECKeyFactory.getECParameterSpec((ECParameterSpec) algorithmParameterSpec);
            if (eCParameterSpec == null) {
                throw new InvalidAlgorithmParameterException("Unsupported curve: " + algorithmParameterSpec);
            }
        } else {
            if (!(algorithmParameterSpec instanceof ECGenParameterSpec)) {
                throw new InvalidAlgorithmParameterException("ECParameterSpec or ECGenParameterSpec required for EC");
            }
            String name = ((ECGenParameterSpec) algorithmParameterSpec).getName();
            eCParameterSpec = PKCS11ECKeyFactory.getECParameterSpec(name);
            if (eCParameterSpec == null) {
                throw new InvalidAlgorithmParameterException("Unknown curve name: " + name);
            }
        }
        this.params = eCParameterSpec;
        this.random = secureRandom;
        this.modlen = eCParameterSpec.getCurve().getField().getFieldSize();
        if (this.modlen < 112) {
            throw new InvalidAlgorithmParameterException("Key size must be at least 112 bit");
        }
        if (this.modlen > 2048) {
            throw new InvalidAlgorithmParameterException("Key size must be at most 2048 bit");
        }
        if (debug != null) {
            debug.exit(RASITraceEvent.TYPE_PERF, className, AdminSubsystemExtensionHandler.INITIALIZE);
        }
    }

    @Override // java.security.KeyPairGeneratorSpi
    public void initialize(int i, java.security.SecureRandom secureRandom) {
        if (debug != null) {
            debug.entry(RASITraceEvent.TYPE_PERF, className, AdminSubsystemExtensionHandler.INITIALIZE, RASFormatter.DEFAULT_SEPARATOR + i, secureRandom);
        }
        if (i < 112) {
            throw new RuntimeException("Key size must be at least 112 bit");
        }
        if (i > 2048) {
            throw new RuntimeException("Key size must be at most 2048 bit");
        }
        this.modlen = i;
        this.random = secureRandom;
        this.params = PKCS11ECKeyFactory.getECParameterSpec(i);
        if (this.params == null) {
            throw new InvalidParameterException("No EC parameters available for key size " + i + " bits");
        }
        if (debug != null) {
            debug.exit(RASITraceEvent.TYPE_PERF, className, AdminSubsystemExtensionHandler.INITIALIZE);
        }
    }

    public void initialize(int i) {
        initialize(i, (java.security.SecureRandom) null);
    }

    @Override // java.security.KeyPairGeneratorSpi
    public KeyPair generateKeyPair() {
        KeyPair keyPair;
        PKCS11ECPrivateKey pKCS11ECPrivateKey;
        if (debug != null) {
            debug.entry(RASITraceEvent.TYPE_PERF, className, "generateKeyPair");
        }
        HashMap<Integer, Object> attributes = this.config != null ? this.config.getAttributes("GENERATE", PKCS11Object.PUBLIC_KEY, PKCS11Object.ECDSA) : new HashMap<>();
        byte[] encodeParameters = PKCS11ECKeyFactory.encodeParameters((ECParameterSpec) this.params);
        int size = attributes.size() + 1;
        int[] iArr = new int[size];
        Object[] objArr = new Object[size];
        int i = 0;
        for (Integer num : attributes.keySet()) {
            iArr[i] = num.intValue();
            int i2 = i;
            i++;
            objArr[i2] = attributes.get(num);
            if (debug != null) {
                debug.text(RASITraceEvent.TYPE_PERF, "ECPKCS11KeyPairGenerator", "generateKeyPair", "pub attribute type = " + iArr[i - 1] + " pub attribute value = " + objArr[i - 1]);
            }
        }
        iArr[i] = 384;
        objArr[i] = encodeParameters;
        HashMap<Integer, Object> attributes2 = this.config != null ? this.config.getAttributes("GENERATE", PKCS11Object.PRIVATE_KEY, PKCS11Object.ECDSA) : new HashMap<>();
        int size2 = attributes2.size();
        int[] iArr2 = new int[size2];
        Object[] objArr2 = new Object[size2];
        int i3 = 0;
        for (Integer num2 : attributes2.keySet()) {
            iArr2[i3] = num2.intValue();
            int i4 = i3;
            i3++;
            objArr2[i4] = attributes2.get(num2);
            if (debug != null) {
                debug.text(RASITraceEvent.TYPE_PERF, "ECPKCS11KeyPairGenerator", "generateKeyPair", "priv attribute type = " + iArr2[i3 - 1] + " priv attribute value = " + objArr2[i3 - 1]);
            }
        }
        Session session = null;
        int i5 = 0;
        try {
            session = this.sessionManager.getObjSession();
            PKCS11Object[] generateKeyPair = session.generateKeyPair(4160, null, iArr, objArr, iArr2, objArr2);
            for (PKCS11Object pKCS11Object : generateKeyPair) {
                if (!session.getBoolAttributeValue(pKCS11Object, 1)) {
                    session.addObject();
                    i5++;
                }
            }
            PKCS11Object[] orderObjects = orderObjects(session, generateKeyPair);
            PKCS11Object pKCS11Object2 = orderObjects[0];
            PKCS11Object pKCS11Object3 = orderObjects[1];
            try {
                PKCS11ECPublicKey pKCS11ECPublicKey = new PKCS11ECPublicKey(session, pKCS11Object2, null, null, null);
                if (!session.getBoolAttributeValue(pKCS11Object2, 1)) {
                    pKCS11ECPublicKey.setSession(session);
                    session.addObject();
                }
                if (this.isSensitive.booleanValue()) {
                    pKCS11ECPrivateKey = new PKCS11ECPrivateKey(session, pKCS11Object3, null, null, null, (byte[]) getValue(session, pKCS11Object3, ECUtils.EC_SIZE_384));
                } else {
                    try {
                        pKCS11ECPrivateKey = new PKCS11ECPrivateKey(session, pKCS11Object3, null, null, null, (byte[]) getValue(session, pKCS11Object3, ECUtils.EC_SIZE_384), (BigInteger) getValue(session, pKCS11Object3, 17));
                    } catch (Exception e) {
                        if (debug != null) {
                            debug.exception(RASITraceEvent.TYPE_PERF, className, "generateKeyPair_2", e);
                        }
                        pKCS11ECPrivateKey = new PKCS11ECPrivateKey(session, pKCS11Object3, null, null, null, (byte[]) getValue(session, pKCS11Object3, ECUtils.EC_SIZE_384));
                    }
                }
                if (!session.getBoolAttributeValue(pKCS11Object3, 1)) {
                    pKCS11ECPrivateKey.setSession(session);
                    session.addObject();
                }
                keyPair = new KeyPair(pKCS11ECPublicKey, pKCS11ECPrivateKey);
            } catch (Exception e2) {
                if (debug != null) {
                    debug.exception(RASITraceEvent.TYPE_PERF, className, "generateKeyPair_3", e2);
                }
                for (int i6 = 0; i6 < i5; i6++) {
                    session.removeObject();
                }
                keyPair = null;
            }
            this.sessionManager.releaseSession(session);
            if (debug != null) {
                debug.exit(RASITraceEvent.TYPE_PERF, className, "generateKeyPair");
            }
            return keyPair;
        } catch (Exception e3) {
            if (debug != null) {
                debug.exception(RASITraceEvent.TYPE_PERF, className, "generateKeyPair_1", e3);
            }
            this.sessionManager.releaseSession(session);
            throw new RuntimeException(e3.getMessage());
        }
    }

    private PKCS11Object[] orderObjects(Session session, PKCS11Object[] pKCS11ObjectArr) {
        PKCS11Object pKCS11Object;
        PKCS11Object pKCS11Object2;
        if (debug != null) {
            debug.entry(RASITraceEvent.TYPE_PERF, className, "orderObjects", pKCS11ObjectArr.toString());
        }
        Integer num = (Integer) getValue(session, pKCS11ObjectArr[0], 0);
        Integer num2 = (Integer) getValue(session, pKCS11ObjectArr[1], 0);
        if (num.equals(PKCS11Object.PUBLIC_KEY) && num2.equals(PKCS11Object.PRIVATE_KEY)) {
            pKCS11Object = pKCS11ObjectArr[0];
            pKCS11Object2 = pKCS11ObjectArr[1];
        } else {
            if (!num.equals(PKCS11Object.PRIVATE_KEY) || !num2.equals(PKCS11Object.PUBLIC_KEY)) {
                if (debug != null) {
                    debug.text(RASITraceEvent.TYPE_PERF, className, "orderObjects", "Token returns invalid objects");
                }
                throw new RuntimeException("Token returns invalid objects");
            }
            pKCS11Object = pKCS11ObjectArr[1];
            pKCS11Object2 = pKCS11ObjectArr[0];
        }
        pKCS11ObjectArr[0] = pKCS11Object;
        pKCS11ObjectArr[1] = pKCS11Object2;
        if (debug != null) {
            debug.exit(RASITraceEvent.TYPE_PERF, className, "orderObjects", pKCS11ObjectArr);
        }
        return pKCS11ObjectArr;
    }

    private Object getValue(Session session, PKCS11Object pKCS11Object, int i) {
        return session.getAttrValue(pKCS11Object, i);
    }
}
