package com.ibm.crypto.pkcs11impl.provider;

import com.ibm.misc.Debug;
import com.ibm.pkcs11.CK_SSL3_KEY_MAT_OUT;
import com.ibm.pkcs11.CK_SSL3_KEY_MAT_PARAMS;
import com.ibm.pkcs11.CK_SSL3_RANDOM_DATA;
import com.ibm.pkcs11.PKCS11Object;
import com.ibm.ras.RASITraceEvent;
import ibm.security.internal.spec.TlsKeyMaterialParameterSpec;
import ibm.security.internal.spec.TlsKeyMaterialSpec;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.InvalidParameterException;
import java.security.Provider;
import java.security.ProviderException;
import java.security.spec.AlgorithmParameterSpec;
import java.util.HashMap;
import java.util.Locale;
import java.util.Map;
import javax.crypto.KeyGeneratorSpi;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;

/* loaded from: input_file:wasJars/ibmpkcs11impl.jar:com/ibm/crypto/pkcs11impl/provider/PKCS11TlsKeyMaterialGenerator.class */
public final class PKCS11TlsKeyMaterialGenerator extends KeyGeneratorSpi {
    private SessionManager sessionManager;
    private Config config;
    private Provider provider;
    private KeyMechanismBuilder mechanismBuilder;
    private TlsKeyMaterialParameterSpec spec;
    private GeneralKey generalKey;
    private int version;
    private int mechanism;
    private static Debug debug = Debug.getInstance("pkcs11impl");
    private static String className = "com.ibm.crypto.pkcs11impl.provider.PKCS11TlsKeyMaterialGenerator";
    private static final HashMap<String, Integer> keyTypes = new HashMap<>();

    private static void addKeyType(String str, Integer num) {
        keyTypes.put(str.toUpperCase(Locale.ENGLISH), num);
    }

    private int getKeyType(String str) {
        Integer num = keyTypes.get(str.toUpperCase(Locale.ENGLISH));
        if (num != null) {
            return num.intValue();
        }
        return -1;
    }

    public PKCS11TlsKeyMaterialGenerator(Provider provider, String str, int i) {
        this.sessionManager = null;
        this.config = null;
        IBMPKCS11Impl.verifyJceJar();
        this.provider = provider;
        this.sessionManager = ((IBMPKCS11Impl) provider).getSessionManager();
        this.config = ((IBMPKCS11Impl) provider).getConfig();
        this.mechanism = i;
    }

    @Override // javax.crypto.KeyGeneratorSpi
    protected void engineInit(java.security.SecureRandom secureRandom) {
        throw new InvalidParameterException("TlsKeyMaterialGenerator must be initialized with TlsKeyMaterialParameterSpec");
    }

    @Override // javax.crypto.KeyGeneratorSpi
    protected void engineInit(int i, java.security.SecureRandom secureRandom) {
        throw new InvalidParameterException("TlsKeyMaterialGenerator must be initialized with TlsKeyMaterialParameterSpec");
    }

    @Override // javax.crypto.KeyGeneratorSpi
    protected void engineInit(AlgorithmParameterSpec algorithmParameterSpec, java.security.SecureRandom secureRandom) throws InvalidAlgorithmParameterException {
        if (algorithmParameterSpec == null || !(algorithmParameterSpec instanceof TlsKeyMaterialParameterSpec)) {
            throw new InvalidAlgorithmParameterException("TlsKeyMaterialGenerator must be initialized with TlsKeyMaterialParameterSpec");
        }
        this.spec = (TlsKeyMaterialParameterSpec) algorithmParameterSpec;
        try {
            SecretKey engineTranslateKey = new GeneralPKCS11KeyFactory(this.provider, "TlsMasterSecret").engineTranslateKey(this.spec.getMasterSecret());
            if (!(engineTranslateKey instanceof GeneralKey)) {
                throw new InvalidAlgorithmParameterException("cannot covert to appropriate key from AlgorithmParameterSpec");
            }
            this.generalKey = (GeneralKey) engineTranslateKey;
            this.version = (this.spec.getMajorVersion() << 8) | this.spec.getMinorVersion();
            int majorVersion = this.spec.getMajorVersion();
            int minorVersion = this.spec.getMinorVersion();
            if (majorVersion != 3) {
                throw new InvalidAlgorithmParameterException("not a supported major version " + majorVersion);
            }
            if (minorVersion == 0) {
                if (this.mechanism != 882) {
                    throw new InvalidAlgorithmParameterException("not a supported minor version " + minorVersion);
                }
            } else {
                if (minorVersion != 1) {
                    throw new InvalidAlgorithmParameterException("not a supported minor version " + minorVersion);
                }
                if (this.mechanism != 886) {
                    throw new InvalidAlgorithmParameterException("not a supported minor version " + minorVersion);
                }
            }
        } catch (InvalidKeyException e) {
            throw new InvalidAlgorithmParameterException(e);
        }
    }

    @Override // javax.crypto.KeyGeneratorSpi
    protected SecretKey engineGenerateKey() {
        boolean z;
        GeneralKey generalKey;
        GeneralKey generalKey2;
        if (this.spec == null) {
            throw new IllegalStateException("TlsKeyMaterialGenerator must be initialized");
        }
        int macKeyLength = this.spec.getMacKeyLength() << 3;
        int ivLength = this.spec.getIvLength() << 3;
        int expandedCipherKeyLength = this.spec.getExpandedCipherKeyLength() << 3;
        int cipherKeyLength = this.spec.getCipherKeyLength() << 3;
        if (expandedCipherKeyLength != 0) {
            z = true;
        } else {
            z = false;
            expandedCipherKeyLength = cipherKeyLength;
        }
        CK_SSL3_KEY_MAT_PARAMS ck_ssl3_key_mat_params = new CK_SSL3_KEY_MAT_PARAMS(macKeyLength, cipherKeyLength, ivLength, z, new CK_SSL3_RANDOM_DATA(this.spec.getClientRandom(), this.spec.getServerRandom()));
        String cipherAlgorithm = this.spec.getCipherAlgorithm();
        int keyType = getKeyType(cipherAlgorithm);
        if (keyType < 0) {
            if (cipherKeyLength != 0) {
                throw new ProviderException("Unknown algorithm: " + this.spec.getCipherAlgorithm());
            }
            keyType = PKCS11Object.GENERIC_SECRET.intValue();
        }
        HashMap hashMap = new HashMap();
        if (this.config != null) {
            hashMap.putAll(this.config.getAttributes("GENERATE", PKCS11Object.SECRET_KEY, new Integer(keyType)));
        }
        if (cipherKeyLength != 0) {
            hashMap.put(0, PKCS11Object.SECRET_KEY);
            hashMap.put(256, new Integer(keyType));
            hashMap.put(353, Integer.valueOf(expandedCipherKeyLength >> 3));
        }
        int[] iArr = new int[hashMap.size()];
        Object[] objArr = new Object[hashMap.size()];
        int i = 0;
        for (Map.Entry entry : hashMap.entrySet()) {
            iArr[i] = ((Integer) entry.getKey()).intValue();
            objArr[i] = entry.getValue();
            if (debug != null) {
                debug.text(RASITraceEvent.TYPE_PERF, className, "engineGenerateKey", "attrType=" + iArr[i] + ", attrValue=" + objArr[i]);
            }
            i++;
        }
        Session session = null;
        try {
            session = this.sessionManager.getObjSession();
            session.deriveKey(this.mechanism, ck_ssl3_key_mat_params, this.generalKey.getObject(), iArr, objArr);
            CK_SSL3_KEY_MAT_OUT returnedKeyMaterial = ck_ssl3_key_mat_params.getReturnedKeyMaterial();
            GeneralKey generalKey3 = null;
            GeneralKey generalKey4 = null;
            try {
                try {
                    generalKey = new GeneralKey(session, returnedKeyMaterial.clientMacSecret, "MAC");
                    generalKey2 = new GeneralKey(session, returnedKeyMaterial.serverMacSecret, "MAC");
                    if (cipherKeyLength != 0) {
                        generalKey3 = new GeneralKey(session, returnedKeyMaterial.clientKey, cipherAlgorithm);
                        generalKey4 = new GeneralKey(session, returnedKeyMaterial.serverKey, cipherAlgorithm);
                    }
                    this.sessionManager.releaseSession(session);
                } catch (InvalidKeyException e) {
                    if (debug != null) {
                        debug.exception(RASITraceEvent.TYPE_PERF, className, "engineGenerateKey", e);
                        debug.text(RASITraceEvent.TYPE_PERF, className, "engineGenerateKey", "clientMacKey, serverMacKey, clientCipherKey, serverCipherKey all set to null");
                    }
                    generalKey = null;
                    generalKey2 = null;
                    generalKey3 = null;
                    generalKey4 = null;
                    this.sessionManager.releaseSession(session);
                }
                return new TlsKeyMaterialSpec(generalKey, generalKey2, generalKey3, returnedKeyMaterial.ivClient != null ? new IvParameterSpec(returnedKeyMaterial.ivClient) : null, generalKey4, returnedKeyMaterial.ivServer != null ? new IvParameterSpec(returnedKeyMaterial.ivServer) : null);
            } catch (Throwable th) {
                this.sessionManager.releaseSession(session);
                throw th;
            }
        } catch (Exception e2) {
            if (debug != null) {
                debug.exception(RASITraceEvent.TYPE_PERF, className, "engineGenerateKey", e2);
            }
            this.sessionManager.releaseSession(session);
            throw new RuntimeException(e2.getMessage());
        }
    }

    static {
        addKeyType("RC4", PKCS11Object.RC4);
        addKeyType("ARCFOUR", PKCS11Object.RC4);
        addKeyType("DES", PKCS11Object.DES);
        addKeyType("DESede", PKCS11Object.DES3);
        addKeyType("AES", PKCS11Object.AES);
        addKeyType("Blowfish", PKCS11Object.BLOWFISH);
        addKeyType("RC2", PKCS11Object.RC2);
        addKeyType("IDEA", PKCS11Object.IDEA);
        addKeyType("Generic", PKCS11Object.GENERIC_SECRET);
    }
}
