package com.safenetinc.luna.provider.cipher;

import com.safenetinc.luna.LunaAPI;
import com.safenetinc.luna.LunaCryptokiException;
import com.safenetinc.luna.LunaException;
import com.safenetinc.luna.LunaSession;
import com.safenetinc.luna.LunaSessionManager;
import com.safenetinc.luna.LunaSlotManager;
import com.safenetinc.luna.provider.key.LunaKey;
import com.safenetinc.luna.provider.key.LunaKeyRsa;
import com.safenetinc.luna.provider.key.LunaSecretKey;
import java.io.IOException;
import java.security.AlgorithmParameters;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SecureRandom;
import java.security.interfaces.RSAKey;
import java.security.spec.InvalidParameterSpecException;
import java.util.Arrays;
import javax.crypto.BadPaddingException;
import javax.crypto.CipherSpi;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.ShortBufferException;
import javax.crypto.spec.IvParameterSpec;

/* loaded from: input_file:WEB-INF/lib/LunaProvider.jar:com/safenetinc/luna/provider/cipher/LunaCipher.class */
public abstract class LunaCipher extends CipherSpi {
    protected long mMechType;
    protected int mBlockSize;
    private final boolean mMustBeSinglePart;
    private final String keyAlgorithm;
    protected final boolean mStandardSpec;
    protected AlgorithmParameters mAlgParams;
    private byte[] encodedParams;
    protected int mOpMode;
    private int mCipherMode;
    protected LunaKey mKey;
    protected int keySizeBytes;
    private boolean mIsMultipart;
    protected byte[] mAccumulator;
    protected Padding mPadding;
    protected int bytesCached = 0;
    private LunaSession mSession;
    protected boolean mHsmOperationActive;
    protected static final SecureRandom rand;
    private static final byte[] SCRATCH_BUFFER;
    private static final LunaSlotManager lsm;
    private static final LunaAPI lunaAPI;

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: input_file:WEB-INF/lib/LunaProvider.jar:com/safenetinc/luna/provider/cipher/LunaCipher$Padding.class */
    public enum Padding {
        NONE,
        ISO10126,
        OAEP_WITH_SHA1_AND_MGF1,
        PKCS1,
        PKCS5,
        STREAM
    }

    public LunaCipher(long j, String str, String str2, int i, boolean z, boolean z2) {
        this.mMechType = j;
        this.mBlockSize = i;
        this.mMustBeSinglePart = z;
        this.mStandardSpec = z2;
        this.keyAlgorithm = str;
        try {
            engineSetPadding(str2);
        } catch (NoSuchPaddingException e) {
        }
    }

    public void finalize() throws Throwable {
        complete();
        super.finalize();
    }

    private void complete() {
        if (this.mSession != null) {
            try {
                if (this.mHsmOperationActive && !lsm.isShuttingDown()) {
                    this.mHsmOperationActive = false;
                    lunaAPI.CipherFinal(this.mCipherMode, this.mSession.GetSessionHandle(), SCRATCH_BUFFER, 0);
                }
            } finally {
                this.mSession.Free();
                this.mSession = null;
            }
        }
    }

    @Override // javax.crypto.CipherSpi
    protected void engineSetMode(String str) throws NoSuchAlgorithmException {
    }

    @Override // javax.crypto.CipherSpi
    protected void engineSetPadding(String str) throws NoSuchPaddingException {
        if (str.equalsIgnoreCase("PKCS5Padding")) {
            this.mPadding = Padding.PKCS5;
            return;
        }
        if (str.equalsIgnoreCase("PKCS1v1_5") || str.equalsIgnoreCase("PKCS1")) {
            this.mPadding = Padding.PKCS1;
            return;
        }
        if (str.equalsIgnoreCase("OAEPwithSHA1andMGF1Padding")) {
            this.mPadding = Padding.OAEP_WITH_SHA1_AND_MGF1;
            return;
        }
        if (str.equalsIgnoreCase("ISO10126Padding")) {
            this.mPadding = Padding.ISO10126;
        } else {
            if (!str.equalsIgnoreCase("NoPadding") && !str.equalsIgnoreCase("None")) {
                throw new NoSuchPaddingException("Unsupported padding: " + str);
            }
            this.mPadding = Padding.NONE;
        }
    }

    @Override // javax.crypto.CipherSpi
    protected byte[] engineGetIV() {
        if (this.mAlgParams == null) {
            return null;
        }
        try {
            return ((IvParameterSpec) this.mAlgParams.getParameterSpec(IvParameterSpec.class)).getIV();
        } catch (InvalidParameterSpecException e) {
            return null;
        }
    }

    @Override // javax.crypto.CipherSpi
    protected int engineGetOutputSize(int i) {
        return this.keyAlgorithm.equals("RSA") ? this.keySizeBytes : (this.mPadding == Padding.PKCS5 || this.mPadding == Padding.ISO10126) ? (((i + this.bytesCached) / this.mBlockSize) + 1) * this.mBlockSize : this.bytesCached + i;
    }

    @Override // javax.crypto.CipherSpi
    protected int engineGetBlockSize() {
        return this.mBlockSize;
    }

    @Override // javax.crypto.CipherSpi
    protected AlgorithmParameters engineGetParameters() {
        return this.mAlgParams;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.crypto.CipherSpi
    public void engineInit(int i, Key key, SecureRandom secureRandom) throws InvalidKeyException {
        if (key == null) {
            throw new InvalidKeyException("Key is null");
        }
        if (this.mHsmOperationActive) {
            complete();
        }
        this.mOpMode = i;
        this.mIsMultipart = false;
        this.bytesCached = 0;
        this.mCipherMode = this.mOpMode == 1 ? 1 : 0;
        try {
            if (this.keyAlgorithm.equals("RSA")) {
                this.mKey = (LunaKey) KeyFactory.getInstance("RSA", "LunaProvider").translateKey(key);
                this.keySizeBytes = this.mKey.getKeySize() / 8;
            } else if (key instanceof SecretKey) {
                this.mKey = (LunaKey) SecretKeyFactory.getInstance(this.keyAlgorithm, "LunaProvider").translateKey((SecretKey) key);
            } else {
                if (!(key instanceof LunaKey) || !checkKeyAlgorithm(key)) {
                    throw new InvalidKeyException("Key type incorrect; " + this.keyAlgorithm + " expected");
                }
                this.mKey = (LunaKey) key;
            }
            if (this.mMustBeSinglePart) {
                this.mAccumulator = new byte[this.keySizeBytes];
            } else {
                this.mAccumulator = new byte[0];
            }
            this.encodedParams = new byte[0];
            if (this.mAlgParams != null) {
                try {
                    if (this.mStandardSpec) {
                        this.encodedParams = this.mAlgParams.getEncoded();
                    } else {
                        this.encodedParams = this.mAlgParams.getEncoded("Luna");
                    }
                    if (this.encodedParams == null) {
                        throw new LunaException("Can't get encoded algorithm parameters");
                    }
                } catch (IOException e) {
                    throw new LunaException("Can't get encoded algorithm parameters", e);
                }
            }
        } catch (NoSuchAlgorithmException e2) {
            throw new LunaException(e2);
        } catch (NoSuchProviderException e3) {
            throw new LunaException(e3);
        }
    }

    private void initializeHsmOperation() {
        if (this.mOpMode == 1 || this.mOpMode == 2) {
            this.mSession = LunaSessionManager.getSession(this.mKey);
            lunaAPI.CipherInit(this.mCipherMode, this.mSession.GetSessionHandle(), this.mMechType, this.mKey.GetKeyHandle(), this.encodedParams);
            this.mHsmOperationActive = true;
        }
    }

    @Override // javax.crypto.CipherSpi
    protected byte[] engineUpdate(byte[] bArr, int i, int i2) {
        if (i2 == 0) {
            return null;
        }
        byte[] bArr2 = new byte[(!isUnpaddedBlockCipher() || this.mMechType == LunaAPI.CKM_AES_GCM) ? engineGetOutputSize(i2) : (((i2 + this.mBlockSize) - 1) / this.mBlockSize) * this.mBlockSize];
        try {
            int engineUpdate = engineUpdate(bArr, i, i2, bArr2, 0);
            if (engineUpdate == 0) {
                bArr2 = null;
            } else if (engineUpdate < bArr2.length) {
                byte[] bArr3 = new byte[engineUpdate];
                System.arraycopy(bArr2, 0, bArr3, 0, engineUpdate);
                bArr2 = bArr3;
            }
            return bArr2;
        } catch (ShortBufferException e) {
            throw new LunaException("Bad output size calculation", e);
        }
    }

    @Override // javax.crypto.CipherSpi
    protected int engineUpdate(byte[] bArr, int i, int i2, byte[] bArr2, int i3) throws IllegalStateException, ShortBufferException {
        if (this.mOpMode == 3 || this.mOpMode == 4) {
            throw new IllegalStateException("Cannot cipher data in wrap/unwrap mode");
        }
        int engineGetOutputSize = engineGetOutputSize(i2);
        if (bArr2 == null || bArr2.length - i3 < engineGetOutputSize) {
            throw new ShortBufferException("At least " + engineGetOutputSize + " bytes required in output buffer");
        }
        if (this.mMustBeSinglePart) {
            if (i2 + this.bytesCached > this.mAccumulator.length) {
                throw new LunaException("Too much data for a single-part operation");
            }
            System.arraycopy(bArr, i, this.mAccumulator, this.bytesCached, i2);
            this.bytesCached += i2;
            return 0;
        }
        if (!this.mHsmOperationActive) {
            try {
                initializeHsmOperation();
            } catch (LunaCryptokiException e) {
                throw new LunaException("Cannot open cipher operation on HSM", e);
            }
        }
        int CipherUpdate = lunaAPI.CipherUpdate(this.mCipherMode, this.mSession.GetSessionHandle(), bArr, i, i2, bArr2, i3);
        this.bytesCached += i2 - CipherUpdate;
        this.mIsMultipart = true;
        return CipherUpdate;
    }

    @Override // javax.crypto.CipherSpi
    protected byte[] engineDoFinal(byte[] bArr, int i, int i2) throws IllegalBlockSizeException, BadPaddingException {
        byte[] bArr2 = new byte[engineGetOutputSize(i2)];
        try {
            int engineDoFinal = engineDoFinal(bArr, i, i2, bArr2, 0);
            if (engineDoFinal < bArr2.length) {
                byte[] bArr3 = new byte[engineDoFinal];
                System.arraycopy(bArr2, 0, bArr3, 0, engineDoFinal);
                bArr2 = bArr3;
            }
            return bArr2;
        } catch (ShortBufferException e) {
            throw new LunaException("Bad output size calculation", e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.crypto.CipherSpi
    public int engineDoFinal(byte[] bArr, int i, int i2, byte[] bArr2, int i3) throws ShortBufferException, IllegalBlockSizeException, BadPaddingException {
        int CipherFinal;
        if (this.mOpMode == 3 || this.mOpMode == 4) {
            throw new IllegalStateException("Cannot cipher data in wrap/unwrap mode");
        }
        int engineGetOutputSize = engineGetOutputSize(i2);
        if (bArr2 == null || bArr2.length - i3 < engineGetOutputSize) {
            throw new ShortBufferException("At least " + engineGetOutputSize + " bytes required in output buffer");
        }
        if (!this.mHsmOperationActive) {
            if (i2 + this.bytesCached == 0) {
                return 0;
            }
            try {
                initializeHsmOperation();
            } catch (LunaCryptokiException e) {
                throw new LunaException("Cannot open cipher operation on HSM", e);
            }
        }
        if (bArr == null) {
            bArr = new byte[0];
        }
        if (this.mPadding == Padding.ISO10126 && this.mOpMode == 1) {
            LunaPadISO10126 lunaPadISO10126 = new LunaPadISO10126();
            bArr = lunaPadISO10126.addISO10126Padding(bArr, i, i2, this.mBlockSize, this.bytesCached);
            i2 += lunaPadISO10126.length();
            i = 0;
        }
        try {
            if (this.mMustBeSinglePart) {
                if (i2 + this.bytesCached > this.mAccumulator.length) {
                    throw new LunaException("Too much data for a single-part operation");
                }
                System.arraycopy(bArr, i, this.mAccumulator, this.bytesCached, i2);
                this.mHsmOperationActive = false;
                CipherFinal = lunaAPI.Cipher(this.mCipherMode, this.mSession.GetSessionHandle(), this.mAccumulator, 0, i2 + this.bytesCached, bArr2, i3);
            } else if (this.mIsMultipart) {
                int CipherUpdate = lunaAPI.CipherUpdate(this.mCipherMode, this.mSession.GetSessionHandle(), bArr, i, i2, bArr2, i3);
                this.mHsmOperationActive = false;
                CipherFinal = CipherUpdate + lunaAPI.CipherFinal(this.mCipherMode, this.mSession.GetSessionHandle(), bArr2, i3 + CipherUpdate);
            } else {
                this.mHsmOperationActive = false;
                CipherFinal = lunaAPI.Cipher(this.mCipherMode, this.mSession.GetSessionHandle(), bArr, i, i2, bArr2, i3);
            }
            this.mSession.Free();
            this.mSession = null;
            if (this.mPadding == Padding.ISO10126 && this.mOpMode == 2) {
                CipherFinal = new LunaPadISO10126().removeISO10126Padding(bArr2, CipherFinal, this.mBlockSize);
            }
            this.bytesCached = 0;
            Arrays.fill(this.mAccumulator, (byte) 0);
            return CipherFinal;
        } catch (LunaCryptokiException e2) {
            complete();
            if (e2.GetCKRValue() == 32) {
                throw new BadPaddingException("Bad padding in input: " + e2.getMessage());
            }
            throw new IllegalBlockSizeException("Could not process input data: " + e2.getMessage());
        } catch (RuntimeException e3) {
            complete();
            throw e3;
        }
    }

    @Override // javax.crypto.CipherSpi
    protected int engineGetKeySize(Key key) throws InvalidKeyException {
        int keySize;
        if ((key instanceof LunaSecretKey) || (key instanceof LunaKeyRsa)) {
            keySize = ((LunaKey) key).getKeySize();
        } else if ((key instanceof SecretKey) && key.getFormat().equalsIgnoreCase("RAW")) {
            keySize = key.getEncoded().length * 8;
        } else {
            if (!(key instanceof RSAKey)) {
                throw new InvalidKeyException("Unsupported key type " + key.getClass() + "; key must be a SecretKey or RSAKey");
            }
            keySize = ((RSAKey) key).getModulus().bitLength();
        }
        return keySize;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.crypto.CipherSpi
    public Key engineUnwrap(byte[] bArr, String str, int i) throws InvalidKeyException {
        long j;
        if (bArr == null) {
            throw new InvalidKeyException("Wrapped key is null");
        }
        byte[] bArr2 = new byte[0];
        if (this.mAlgParams != null) {
            try {
                bArr2 = this.mStandardSpec ? this.mAlgParams.getEncoded() : this.mAlgParams.getEncoded("Luna");
            } catch (IOException e) {
                throw new LunaException("Unexpected IOException", e);
            }
        }
        if (i == 3) {
            j = 4;
        } else if (i == 2) {
            j = 3;
        } else {
            if (i != 1) {
                throw new InvalidKeyException("Invalid key type: " + i);
            }
            j = 2;
        }
        LunaSession session = LunaSessionManager.getSession(this.mKey);
        try {
            try {
                LunaKey LocateKeyByHandle = LunaKey.LocateKeyByHandle(lunaAPI.UnwrapKey(session.GetSessionHandle(), this.mKey.GetKeyHandle(), this.mMechType, bArr2, bArr, LunaKey.GetKeyType(str), j));
                session.Free();
                return LocateKeyByHandle;
            } catch (LunaCryptokiException e2) {
                throw new InvalidKeyException(e2);
            }
        } catch (Throwable th) {
            session.Free();
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.crypto.CipherSpi
    public byte[] engineWrap(Key key) throws IllegalBlockSizeException, InvalidKeyException {
        if (!(key instanceof LunaKey)) {
            this.mOpMode = 1;
            this.mCipherMode = 1;
            this.mSession = LunaSessionManager.getSession(this.mKey);
            byte[] encoded = key.getEncoded();
            if (isUnpaddedBlockCipher() && encoded.length % this.mBlockSize != 0) {
                throw new IllegalBlockSizeException("Encoded key is not a multiple of the block size");
            }
            try {
                return engineDoFinal(encoded, 0, encoded.length);
            } catch (BadPaddingException e) {
                throw new InvalidKeyException("Encoded key is badly padded", e);
            }
        }
        byte[] bArr = new byte[0];
        if (this.mAlgParams != null) {
            try {
                bArr = this.mStandardSpec ? this.mAlgParams.getEncoded() : this.mAlgParams.getEncoded("Luna");
            } catch (IOException e2) {
                throw new LunaException("Unexpected IOException", e2);
            }
        }
        LunaSession session = LunaSessionManager.getSession(this.mKey);
        try {
            try {
                byte[] WrapKey = lunaAPI.WrapKey(session.GetSessionHandle(), this.mKey.GetKeyHandle(), this.mMechType, bArr, ((LunaKey) key).GetKeyHandle());
                session.Free();
                return WrapKey;
            } catch (LunaCryptokiException e3) {
                throw new InvalidKeyException(e3);
            }
        } catch (Throwable th) {
            session.Free();
            throw th;
        }
    }

    private boolean isUnpaddedBlockCipher() {
        return this.mPadding == Padding.NONE && this.mBlockSize > 0;
    }

    private boolean checkKeyAlgorithm(Key key) {
        return this.keyAlgorithm.equals("DESede") ? key.getAlgorithm().equals("DES3") || key.getAlgorithm().equals("DESede") : this.keyAlgorithm.equals(key.getAlgorithm());
    }

    static {
        try {
            rand = SecureRandom.getInstance("LunaRNG");
            SCRATCH_BUFFER = new byte[2048];
            lsm = LunaSlotManager.getInstance();
            lunaAPI = lsm.getLunaAPI();
        } catch (NoSuchAlgorithmException e) {
            throw new LunaException("Luna provider not configured", e);
        }
    }
}
