package com.ibm.crypto.pkcs11impl.provider;

import com.ibm.misc.Debug;
import com.ibm.ras.RASITraceEvent;
import com.ibm.security.util.DerOutputStream;
import com.ibm.security.util.DerValue;
import com.ibm.security.x509.AlgorithmId;
import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.PublicKey;
import java.security.SignatureException;
import java.security.SignatureSpi;

/* loaded from: input_file:wasJars/ibmpkcs11impl.jar:com/ibm/crypto/pkcs11impl/provider/GeneralSignatureSingleRSA.class */
final class GeneralSignatureSingleRSA extends SignatureSpi {
    static final String MD2_RSA = "1.2.840.113549.2.2";
    static final String MD5_RSA = "1.2.840.113549.2.5";
    static final String SHA1_RSA = "1.3.14.3.2.26";
    static final String SHA256_RSA = "2.16.840.1.101.3.4.2.1";
    static final String SHA384_RSA = "2.16.840.1.101.3.4.2.2";
    static final String SHA512_RSA = "2.16.840.1.101.3.4.2.3";
    private Signature sig;
    private Hash hash;
    String oid;
    PrivateKey privateKey;
    PublicKey publicKey;
    private boolean reset = false;
    private boolean initialized;
    private static Debug debug = Debug.getInstance("pkcs11impl");
    private static String className = "com.ibm.crypto.pkcs11impl.provider.GeneralSignatureSingleRSA";
    private SessionManager sessionManager;

    public GeneralSignatureSingleRSA(Provider provider, String str) throws NoSuchAlgorithmException, NoSuchProviderException {
        if (debug != null) {
            debug.entry(RASITraceEvent.TYPE_PERF, className, "GeneralSignatureSingleRSA");
        }
        this.sessionManager = ((IBMPKCS11Impl) provider).getSessionManager();
        if (str.equalsIgnoreCase("MD2withRSA")) {
            this.sig = new Signature(1, provider);
            this.hash = new Hash(512, this.sessionManager);
            this.oid = MD2_RSA;
        } else if (str.equalsIgnoreCase("MD5withRSA")) {
            this.sig = new Signature(1, provider);
            this.hash = new Hash(528, this.sessionManager);
            this.oid = MD5_RSA;
        } else if (str.equalsIgnoreCase("SHA1withRSA")) {
            this.sig = new Signature(1, provider);
            this.hash = new Hash(544, this.sessionManager);
            this.oid = SHA1_RSA;
        } else if (str.equalsIgnoreCase("SHA256withRSA")) {
            this.sig = new Signature(1, provider);
            this.hash = new Hash(592, this.sessionManager);
            this.oid = SHA256_RSA;
        } else if (str.equalsIgnoreCase("SHA384withRSA")) {
            this.sig = new Signature(1, provider);
            this.hash = new Hash(608, this.sessionManager);
            this.oid = SHA384_RSA;
        } else {
            if (!str.equalsIgnoreCase("SHA512withRSA")) {
                throw new NoSuchAlgorithmException(str + " is not found");
            }
            this.sig = new Signature(1, provider);
            this.hash = new Hash(624, this.sessionManager);
            this.oid = SHA512_RSA;
        }
        if (debug != null) {
            debug.exit(RASITraceEvent.TYPE_PERF, className, "GeneralSignatureSingleRSA");
        }
    }

    @Override // java.security.SignatureSpi
    protected void engineSetParameter(String str, Object obj) {
    }

    @Override // java.security.SignatureSpi
    protected Object engineGetParameter(String str) {
        return null;
    }

    @Override // java.security.SignatureSpi
    protected void engineInitSign(PrivateKey privateKey) throws InvalidKeyException {
        this.privateKey = privateKey;
        if (this.reset) {
            this.hash.engineReset();
        }
    }

    @Override // java.security.SignatureSpi
    protected void engineInitVerify(PublicKey publicKey) throws InvalidKeyException {
        this.publicKey = publicKey;
        if (this.reset) {
            this.hash.engineReset();
        }
    }

    @Override // java.security.SignatureSpi
    protected void engineUpdate(byte b) {
        this.hash.engineUpdate(new byte[]{b}, 0, 1);
    }

    @Override // java.security.SignatureSpi
    protected void engineUpdate(byte[] bArr, int i, int i2) {
        this.hash.engineUpdate(bArr, i, i2);
    }

    @Override // java.security.SignatureSpi
    protected byte[] engineSign() throws SignatureException {
        byte[] engineDigest = this.hash.engineDigest();
        try {
            DerOutputStream derOutputStream = new DerOutputStream();
            DerOutputStream derOutputStream2 = new DerOutputStream();
            AlgorithmId.getAlgorithmId(this.oid).encode(derOutputStream2);
            derOutputStream.putSequence(new DerValue[]{new DerValue(derOutputStream2.toByteArray()), new DerValue((byte) 4, engineDigest)});
            byte[] byteArray = derOutputStream.toByteArray();
            Session session = null;
            try {
                try {
                    session = this.sessionManager.getOpSession();
                    this.sig.engineInitSign(session, this.privateKey);
                    this.reset = true;
                    byte[] engineSign = this.sig.engineSign(session, byteArray, byteArray.length);
                    if (session != null) {
                        this.sessionManager.releaseSession(session);
                    }
                    return engineSign;
                } catch (InvalidKeyException e) {
                    if (debug != null) {
                        debug.exception(RASITraceEvent.TYPE_PERF, "GeneralSignatureSingleRSA", "engineSign", e);
                    }
                    throw new SignatureException(e);
                }
            } catch (Throwable th) {
                if (session != null) {
                    this.sessionManager.releaseSession(session);
                }
                throw th;
            }
        } catch (IOException e2) {
            throw new SignatureException("error encoding signature");
        } catch (NoSuchAlgorithmException e3) {
            throw new SignatureException("error encoding signature");
        }
    }

    @Override // java.security.SignatureSpi
    protected boolean engineVerify(byte[] bArr) throws SignatureException {
        byte[] engineDigest = this.hash.engineDigest();
        try {
            DerOutputStream derOutputStream = new DerOutputStream();
            DerOutputStream derOutputStream2 = new DerOutputStream();
            AlgorithmId.getAlgorithmId(this.oid).encode(derOutputStream2);
            derOutputStream.putSequence(new DerValue[]{new DerValue(derOutputStream2.toByteArray()), new DerValue((byte) 4, engineDigest)});
            byte[] byteArray = derOutputStream.toByteArray();
            Session session = null;
            try {
                try {
                    session = this.sessionManager.getOpSession();
                    this.sig.engineInitVerify(session, this.publicKey);
                    this.reset = true;
                    boolean engineVerify = this.sig.engineVerify(session, bArr, byteArray, byteArray.length);
                    if (session != null) {
                        this.sessionManager.releaseSession(session);
                    }
                    return engineVerify;
                } catch (InvalidKeyException e) {
                    if (debug != null) {
                        debug.exception(RASITraceEvent.TYPE_PERF, "GeneralSignatureSingleRSA", "engineVerify", e);
                    }
                    throw new SignatureException(e);
                }
            } catch (Throwable th) {
                if (session != null) {
                    this.sessionManager.releaseSession(session);
                }
                throw th;
            }
        } catch (IOException e2) {
            throw new SignatureException("error encoding signature");
        } catch (NoSuchAlgorithmException e3) {
            throw new SignatureException("error encoding signature");
        }
    }
}
