package sun.security.pkcs11;

import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidParameterException;
import java.security.ProviderException;
import java.security.SecureRandom;
import java.security.spec.AlgorithmParameterSpec;
import javax.crypto.KeyGeneratorSpi;
import javax.crypto.SecretKey;
import sun.security.pkcs11.wrapper.CK_ATTRIBUTE;
import sun.security.pkcs11.wrapper.CK_MECHANISM;
import sun.security.pkcs11.wrapper.CK_MECHANISM_INFO;
import sun.security.pkcs11.wrapper.PKCS11Constants;
import sun.security.pkcs11.wrapper.PKCS11Exception;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:jre/lib/ext/sunpkcs11.jar:sun/security/pkcs11/P11KeyGenerator.class */
public final class P11KeyGenerator extends KeyGeneratorSpi {
    private final Token token;
    private final String algorithm;
    private long mechanism;
    private int keySize;
    private int significantKeySize;
    private long keyType;
    private boolean supportBothKeySizes;

    /* JADX INFO: Access modifiers changed from: package-private */
    public static int checkKeySize(long j, int i, Token token) throws InvalidAlgorithmParameterException, ProviderException {
        int i2;
        switch ((int) j) {
            case 288:
                if (i != 64 && i != 56) {
                    throw new InvalidAlgorithmParameterException("DES key length must be 56 bits");
                }
                i2 = 56;
                break;
                break;
            case 304:
            case 305:
                if (i == 112 || i == 128) {
                    i2 = 112;
                    break;
                } else {
                    if (i != 168 && i != 192) {
                        throw new InvalidAlgorithmParameterException("DESede key length must be 112, or 168 bits");
                    }
                    i2 = 168;
                    break;
                }
                break;
            default:
                try {
                    CK_MECHANISM_INFO mechanismInfo = token.getMechanismInfo(j);
                    if (mechanismInfo == null) {
                        return i;
                    }
                    int i3 = (int) mechanismInfo.ulMinKeySize;
                    int i4 = (int) mechanismInfo.ulMaxKeySize;
                    if (j != 272 || i3 < 8) {
                        i3 = ((int) mechanismInfo.ulMinKeySize) << 3;
                        i4 = ((int) mechanismInfo.ulMaxKeySize) << 3;
                    }
                    if (i3 < 40) {
                        i3 = 40;
                    }
                    if (i < i3 || i > i4) {
                        throw new InvalidAlgorithmParameterException("Key length must be between " + i3 + " and " + i4 + " bits");
                    }
                    if (j == PKCS11Constants.CKM_AES_KEY_GEN && i != 128 && i != 192 && i != 256) {
                        throw new InvalidAlgorithmParameterException("AES key length must be " + i3 + (i4 >= 192 ? ", 192" : "") + (i4 >= 256 ? ", or 256" : "") + " bits");
                    }
                    i2 = i;
                    break;
                } catch (PKCS11Exception e) {
                    throw new ProviderException("Cannot retrieve mechanism info", e);
                }
                break;
        }
        return i2;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public P11KeyGenerator(Token token, String str, long j) throws PKCS11Exception {
        this.token = token;
        this.algorithm = str;
        this.mechanism = j;
        if (this.mechanism == 305) {
            this.supportBothKeySizes = token.provider.config.isEnabled(304L) && token.getMechanismInfo(304L) != null;
        }
        setDefaultKeySize();
    }

    private void setDefaultKeySize() {
        switch ((int) this.mechanism) {
            case 272:
                this.keySize = 128;
                this.keyType = 18L;
                break;
            case 288:
                this.keySize = 64;
                this.keyType = 19L;
                break;
            case 304:
                this.keySize = 128;
                this.keyType = 20L;
                break;
            case 305:
                this.keySize = 192;
                this.keyType = 21L;
                break;
            case 4224:
                this.keySize = 128;
                this.keyType = 31L;
                break;
            case 4240:
                this.keySize = 128;
                this.keyType = 32L;
                break;
            default:
                throw new ProviderException("Unknown mechanism " + this.mechanism);
        }
        try {
            this.significantKeySize = checkKeySize(this.mechanism, this.keySize, this.token);
        } catch (InvalidAlgorithmParameterException e) {
            throw new ProviderException("Unsupported default key size", e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.crypto.KeyGeneratorSpi
    public void engineInit(SecureRandom secureRandom) {
        this.token.ensureValid();
        setDefaultKeySize();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.crypto.KeyGeneratorSpi
    public void engineInit(AlgorithmParameterSpec algorithmParameterSpec, SecureRandom secureRandom) throws InvalidAlgorithmParameterException {
        throw new InvalidAlgorithmParameterException("AlgorithmParameterSpec not supported");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.crypto.KeyGeneratorSpi
    public void engineInit(int i, SecureRandom secureRandom) {
        this.token.ensureValid();
        try {
            int checkKeySize = checkKeySize(this.mechanism, i, this.token);
            if (this.mechanism == 304 || this.mechanism == 305) {
                long j = checkKeySize == 112 ? 304L : 305L;
                if (this.mechanism != j) {
                    if (!this.supportBothKeySizes) {
                        throw new InvalidParameterException("Only " + this.significantKeySize + "-bit DESede is supported");
                    }
                    this.mechanism = j;
                    this.keyType = this.mechanism == 304 ? 20L : 21L;
                }
            }
            this.keySize = i;
            this.significantKeySize = checkKeySize;
        } catch (InvalidAlgorithmParameterException e) {
            throw ((InvalidParameterException) new InvalidParameterException().initCause(e));
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.crypto.KeyGeneratorSpi
    public SecretKey engineGenerateKey() {
        CK_ATTRIBUTE[] ck_attributeArr;
        Session session = null;
        try {
            try {
                session = this.token.getObjSession();
                switch ((int) this.keyType) {
                    case 19:
                    case 20:
                    case 21:
                        ck_attributeArr = new CK_ATTRIBUTE[]{new CK_ATTRIBUTE(0L, 4L)};
                        break;
                    default:
                        ck_attributeArr = new CK_ATTRIBUTE[]{new CK_ATTRIBUTE(0L, 4L), new CK_ATTRIBUTE(353L, this.keySize >> 3)};
                        break;
                }
                CK_ATTRIBUTE[] attributes = this.token.getAttributes("generate", 4L, this.keyType, ck_attributeArr);
                SecretKey secretKey = P11Key.secretKey(session, this.token.p11.C_GenerateKey(session.id(), new CK_MECHANISM(this.mechanism), attributes), this.algorithm, this.significantKeySize, attributes);
                this.token.releaseSession(session);
                return secretKey;
            } catch (PKCS11Exception e) {
                throw new ProviderException("Could not generate key", e);
            }
        } catch (Throwable th) {
            this.token.releaseSession(session);
            throw th;
        }
    }
}
