package com.ibm.crypto.pkcs11impl.provider;

import com.ibm.misc.Debug;
import com.ibm.pkcs11.PKCS11Exception;
import com.ibm.ras.RASITraceEvent;
import com.ibm.ws.ssl.core.Constants;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.PublicKey;
import java.security.Security;
import java.security.SignatureException;
import java.security.SignatureSpi;

/* loaded from: input_file:wasJars/ibmpkcs11impl.jar:com/ibm/crypto/pkcs11impl/provider/PKCS11SSLHashingwithRSA.class */
public final class PKCS11SSLHashingwithRSA extends SignatureSpi {
    private Signature sig;
    private byte[] hashData;
    private int count;
    private SessionManager sessionManager;
    private Session session;
    private boolean isSign;
    private Key sigKey;
    private static Debug debug = Debug.getInstance("pkcs11impl");

    public PKCS11SSLHashingwithRSA(Provider provider) throws NoSuchAlgorithmException, NoSuchProviderException {
        this.count = 0;
        this.sig = new Signature(1, provider);
        this.hashData = new byte[128];
        this.sessionManager = ((IBMPKCS11Impl) provider).getSessionManager();
    }

    public PKCS11SSLHashingwithRSA() throws NoSuchAlgorithmException, NoSuchProviderException {
        this(Security.getProvider(Constants.IBMPKCS11Impl_NAME));
    }

    @Override // java.security.SignatureSpi
    protected void engineSetParameter(String str, Object obj) {
    }

    @Override // java.security.SignatureSpi
    protected Object engineGetParameter(String str) {
        return null;
    }

    @Override // java.security.SignatureSpi
    protected void engineInitSign(PrivateKey privateKey) throws InvalidKeyException {
        this.count = 0;
        if (this.session != null) {
            cancelOperation();
        }
        if (this.session == null) {
            this.session = this.sessionManager.getOpSession();
        }
        try {
            this.sig.engineInitSign(this.session, privateKey);
            this.isSign = true;
            this.sigKey = privateKey;
        } catch (PKCS11Exception e) {
            cancelOperation();
            if (this.session != null) {
                this.sessionManager.releaseSession(this.session);
                this.session = null;
            }
            throw new InvalidKeyException((Throwable) e);
        } catch (InvalidKeyException e2) {
            this.sessionManager.releaseSession(this.session);
            this.session = null;
            throw e2;
        }
    }

    private void cancelOperation() {
        if (this.session == null) {
            return;
        }
        if (!this.session.hasObjects()) {
            this.sessionManager.closeSession(this.session);
            this.session = null;
        } else if (!this.isSign) {
            this.sig.engineDummyVerify(this.session, Constants.RSA_CERTIFICATE_TYPE);
        } else {
            try {
                this.sig.engineSign(this.session, this.hashData, this.count);
            } catch (Exception e) {
            }
        }
    }

    protected void engineInitSign(PrivateKey privateKey, SecureRandom secureRandom) throws InvalidKeyException {
        engineInitSign(privateKey);
    }

    @Override // java.security.SignatureSpi
    protected void engineInitVerify(PublicKey publicKey) throws InvalidKeyException {
        this.count = 0;
        if (this.session != null) {
            cancelOperation();
        }
        if (this.session == null) {
            this.session = this.sessionManager.getOpSession();
        }
        try {
            this.sig.engineInitVerify(this.session, publicKey);
            this.isSign = false;
            this.sigKey = publicKey;
        } catch (PKCS11Exception e) {
            cancelOperation();
            if (this.session != null) {
                this.sessionManager.releaseSession(this.session);
                this.session = null;
            }
            throw new InvalidKeyException((Throwable) e);
        } catch (InvalidKeyException e2) {
            this.sessionManager.releaseSession(this.session);
            this.session = null;
            throw e2;
        }
    }

    protected void engineInitVerify(PublicKey publicKey, SecureRandom secureRandom) throws InvalidKeyException {
        engineInitVerify(publicKey);
    }

    @Override // java.security.SignatureSpi
    protected void engineUpdate(byte b) {
        if (this.session == null) {
            if (this.sigKey == null) {
                throw new RuntimeException("Signature is not initialized");
            }
            try {
                if (this.isSign) {
                    engineInitSign((PrivateKey) this.sigKey);
                } else {
                    engineInitVerify((PublicKey) this.sigKey);
                }
            } catch (InvalidKeyException e) {
                if (debug != null) {
                    debug.exception(RASITraceEvent.TYPE_PERF, "PKCS11SSLHashingwithRSA", "engineUpdate", e);
                }
                throw new RuntimeException(e);
            }
        }
        if (this.count + 1 > this.hashData.length) {
            byte[] bArr = new byte[this.hashData.length + 128];
            System.arraycopy(this.hashData, 0, bArr, 0, this.hashData.length);
            this.hashData = bArr;
        }
        this.hashData[this.count] = b;
        this.count++;
    }

    @Override // java.security.SignatureSpi
    protected void engineUpdate(byte[] bArr, int i, int i2) {
        if (bArr.length < i + i2) {
            throw new IllegalArgumentException("invalid parameter");
        }
        if (this.session == null) {
            if (this.sigKey == null) {
                throw new RuntimeException("Signature is not initialized");
            }
            try {
                if (this.isSign) {
                    engineInitSign((PrivateKey) this.sigKey);
                } else {
                    engineInitVerify((PublicKey) this.sigKey);
                }
            } catch (InvalidKeyException e) {
                if (debug != null) {
                    debug.exception(RASITraceEvent.TYPE_PERF, "PKCS11SSLHashingwithRSA", "engineUpdate", e);
                }
                throw new RuntimeException(e);
            }
        }
        if (this.count + i2 > this.hashData.length) {
            byte[] bArr2 = new byte[this.hashData.length + 128 + i2];
            System.arraycopy(this.hashData, 0, bArr2, 0, this.hashData.length);
            this.hashData = bArr2;
        }
        System.arraycopy(bArr, i, this.hashData, this.count, i2);
        this.count += i2;
    }

    @Override // java.security.SignatureSpi
    protected byte[] engineSign() throws SignatureException {
        if (debug != null) {
            debug.entry(RASITraceEvent.TYPE_PERF, "PKCS11SSLHashingwithRSA", "engineSign");
        }
        if (!this.isSign || this.sigKey == null) {
            throw new SignatureException("Signature object was not properly initialized");
        }
        if (this.session == null) {
            try {
                engineInitSign((PrivateKey) this.sigKey);
            } catch (InvalidKeyException e) {
                throw new SignatureException(e);
            }
        }
        try {
            try {
                byte[] engineSign = this.sig.engineSign(this.session, this.hashData, this.count);
                if (this.session != null) {
                    this.sessionManager.releaseSession(this.session);
                    this.session = null;
                }
                this.count = 0;
                if (debug != null) {
                    debug.exit(RASITraceEvent.TYPE_PERF, "PKCS11SSLHashingwithRSA", "engineSigne");
                }
                return engineSign;
            } catch (Throwable th) {
                if (this.session != null) {
                    this.sessionManager.releaseSession(this.session);
                    this.session = null;
                }
                throw th;
            }
        } catch (PKCS11Exception e2) {
            cancelOperation();
            throw e2;
        }
    }

    @Override // java.security.SignatureSpi
    protected boolean engineVerify(byte[] bArr) throws SignatureException {
        if (debug != null) {
            debug.entry(RASITraceEvent.TYPE_PERF, "PKCS11SSLHashingwithRSA", "engineVerify");
        }
        if (this.isSign || this.sigKey == null) {
            throw new SignatureException("Signature object was not properly initialized");
        }
        if (this.session == null) {
            try {
                engineInitVerify((PublicKey) this.sigKey);
            } catch (InvalidKeyException e) {
                throw new SignatureException(e);
            }
        }
        try {
            try {
                try {
                    boolean engineVerify = this.sig.engineVerify(this.session, bArr, this.hashData, this.count);
                    if (this.session != null) {
                        this.sessionManager.releaseSession(this.session);
                        this.session = null;
                    }
                    this.count = 0;
                    if (debug != null) {
                        debug.exit(RASITraceEvent.TYPE_PERF, "PKCS11SSLHashingwithRSA", "engineVerify");
                    }
                    return engineVerify;
                } catch (Exception e2) {
                    throw new SignatureException("invalid encoding for signature :" + e2);
                }
            } catch (PKCS11Exception e3) {
                cancelOperation();
                throw e3;
            }
        } catch (Throwable th) {
            if (this.session != null) {
                this.sessionManager.releaseSession(this.session);
                this.session = null;
            }
            throw th;
        }
    }
}
