package com.ibm.crypto.pkcs11impl.provider;

import com.ibm.crypto.provider.RSAKeyFactory;
import com.ibm.misc.Debug;
import com.ibm.pkcs11.PKCS11Object;
import com.ibm.security.pkcs9.UnstructuredName;
import com.ibm.security.util.DerOutputStream;
import com.ibm.security.x509.X500Name;
import java.math.BigInteger;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.InvalidParameterException;
import java.security.KeyPair;
import java.security.KeyPairGeneratorSpi;
import java.security.Provider;
import java.security.Security;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.RSAKeyGenParameterSpec;
import java.util.HashMap;

/* loaded from: input_file:com/ibm/crypto/pkcs11impl/provider/RSAPKCS11KeyPairGenerator.class */
public final class RSAPKCS11KeyPairGenerator extends KeyPairGeneratorSpi {
    private int modlen;
    private SessionManager sessionManager;
    private Config config;
    private byte[] id;
    private byte[] subject;
    private String label;
    private Boolean isToken;
    private Boolean isSensitive;
    private Boolean sign;
    private Boolean encrypt;
    private Boolean wrapping;
    private Boolean extractable;
    private boolean paramsUsed;
    private static Debug debug = Debug.getInstance("pkcs11impl");
    private static String className = "com.ibm.crypto.pkcs11impl.provider.RSAPKCS11KeyPairGenerator";

    public RSAPKCS11KeyPairGenerator(Provider provider) {
        this.modlen = 1024;
        this.sessionManager = null;
        this.config = null;
        this.id = null;
        this.subject = null;
        this.label = null;
        this.isToken = new Boolean(false);
        this.isSensitive = new Boolean(false);
        this.sign = new Boolean(true);
        this.encrypt = new Boolean(true);
        this.wrapping = new Boolean(true);
        this.extractable = null;
        this.paramsUsed = false;
        if (debug != null) {
            debug.entry(16384L, className, "RSAPKCS11KeyPairGenerator");
        }
        this.sessionManager = ((IBMPKCS11Impl) provider).getSessionManager();
        this.config = ((IBMPKCS11Impl) provider).getConfig();
        if (debug != null) {
            debug.exit(16384L, className, "RSAPKCS11KeyPairGenerator");
        }
    }

    public RSAPKCS11KeyPairGenerator() {
        this(Security.getProvider("IBMPKCS11Impl"));
    }

    @Override // java.security.KeyPairGeneratorSpi
    public void initialize(AlgorithmParameterSpec algorithmParameterSpec, java.security.SecureRandom secureRandom) throws InvalidAlgorithmParameterException {
        if (debug != null) {
            debug.entry(16384L, className, "initialize", algorithmParameterSpec, secureRandom);
        }
        if (algorithmParameterSpec == null || !(algorithmParameterSpec instanceof PKCS11RSAKeyPairParameterSpec)) {
            throw new InvalidAlgorithmParameterException("PKCS11 RSA KeyPair Parameters must be specified");
        }
        PKCS11RSAKeyPairParameterSpec pKCS11RSAKeyPairParameterSpec = (PKCS11RSAKeyPairParameterSpec) algorithmParameterSpec;
        try {
            RSAKeyFactory.checkKeyLengths(pKCS11RSAKeyPairParameterSpec.getStrength(), (BigInteger) null, 512, 65536);
            this.modlen = pKCS11RSAKeyPairParameterSpec.getStrength();
            if (pKCS11RSAKeyPairParameterSpec.getKeyID() != null) {
                try {
                    this.id = pKCS11RSAKeyPairParameterSpec.getKeyID().getBytes("8859_1");
                } catch (Exception e) {
                    this.id = pKCS11RSAKeyPairParameterSpec.getKeyID().getBytes();
                }
            }
            if (pKCS11RSAKeyPairParameterSpec.getSubject() != null) {
                try {
                    this.subject = pKCS11RSAKeyPairParameterSpec.getSubject().getBytes("8859_1");
                } catch (Exception e2) {
                    this.subject = pKCS11RSAKeyPairParameterSpec.getSubject().getBytes();
                }
            }
            this.label = pKCS11RSAKeyPairParameterSpec.getLabel();
            this.isSensitive = pKCS11RSAKeyPairParameterSpec.getSensitive();
            this.isToken = pKCS11RSAKeyPairParameterSpec.getToken();
            this.sign = pKCS11RSAKeyPairParameterSpec.getSign();
            this.encrypt = pKCS11RSAKeyPairParameterSpec.getEncrypt();
            this.wrapping = pKCS11RSAKeyPairParameterSpec.getWrap();
            this.extractable = pKCS11RSAKeyPairParameterSpec.getExtractable();
            this.paramsUsed = true;
            if (debug != null) {
                debug.exit(16384L, className, "initialize");
            }
        } catch (InvalidKeyException e3) {
            throw new InvalidAlgorithmParameterException("Invalid key sizes", e3);
        }
    }

    @Override // java.security.KeyPairGeneratorSpi
    public void initialize(int i, java.security.SecureRandom secureRandom) {
        if (debug != null) {
            debug.entry(16384L, className, "initialize", " " + i, secureRandom);
        }
        try {
            RSAKeyFactory.checkKeyLengths(i, RSAKeyGenParameterSpec.F4, 512, 65536);
            this.modlen = i;
            if (debug != null) {
                debug.exit(16384L, className, "initialize");
            }
        } catch (InvalidKeyException e) {
            throw new InvalidParameterException(e.getMessage());
        }
    }

    public void initialize(int i) {
        initialize(i, (java.security.SecureRandom) null);
    }

    @Override // java.security.KeyPairGeneratorSpi
    public KeyPair generateKeyPair() {
        KeyPair keyPair;
        RSAPrivateKey rSAPrivateKey;
        if (debug != null) {
            debug.entry(16384L, className, "generateKeyPair");
        }
        HashMap<Integer, Object> hashMap = new HashMap<>();
        HashMap<Integer, Object> hashMap2 = new HashMap<>();
        if (this.config != null) {
            hashMap = this.config.getAttributes("GENERATE", PKCS11Object.PUBLIC_KEY, PKCS11Object.RSA);
            hashMap2 = this.config.getAttributes("GENERATE", PKCS11Object.PRIVATE_KEY, PKCS11Object.RSA);
        }
        byte[] bArr = null;
        if (this.paramsUsed) {
            if (this.id != null) {
                hashMap.put(258, this.id);
                hashMap2.put(258, this.id);
            }
            if (this.subject != null) {
                bArr = encodedSubject(this.subject);
                hashMap.put(257, bArr);
                hashMap2.put(257, bArr);
            }
            if (this.label != null) {
                hashMap.put(3, this.label);
                hashMap2.put(3, this.label);
            }
            if (this.isSensitive != null) {
                hashMap2.put(259, this.isSensitive);
            }
            if (this.isToken != null) {
                hashMap.put(1, this.isToken);
                hashMap2.put(1, this.isToken);
            }
            if (this.sign != null) {
                hashMap.put(266, this.sign);
                hashMap2.put(264, this.sign);
            }
            if (this.encrypt != null) {
                hashMap.put(260, this.encrypt);
                hashMap2.put(261, this.encrypt);
            }
            if (this.wrapping != null) {
                hashMap.put(262, this.wrapping);
                hashMap2.put(263, this.wrapping);
            }
            if (this.extractable != null) {
                hashMap2.put(354, this.extractable);
            }
        }
        hashMap.put(289, new Integer(this.modlen));
        hashMap.put(290, new BigInteger("65537"));
        int size = hashMap.size();
        int[] iArr = new int[size];
        Object[] objArr = new Object[size];
        int i = 0;
        for (Integer num : hashMap.keySet()) {
            iArr[i] = num.intValue();
            int i2 = i;
            i++;
            objArr[i2] = hashMap.get(num);
        }
        int size2 = hashMap2.size();
        int[] iArr2 = new int[size2];
        Object[] objArr2 = new Object[size2];
        int i3 = 0;
        for (Integer num2 : hashMap2.keySet()) {
            iArr2[i3] = num2.intValue();
            int i4 = i3;
            i3++;
            objArr2[i4] = hashMap2.get(num2);
        }
        Session session = null;
        int i5 = 0;
        try {
            session = this.sessionManager.getObjSession();
            PKCS11Object[] generateKeyPair = session.generateKeyPair(0, null, iArr, objArr, iArr2, objArr2);
            for (PKCS11Object pKCS11Object : generateKeyPair) {
                if (!session.getBoolAttributeValue(pKCS11Object, 1)) {
                    session.addObject();
                    i5++;
                }
            }
            PKCS11Object[] orderObjects = orderObjects(session, generateKeyPair);
            PKCS11Object pKCS11Object2 = orderObjects[0];
            PKCS11Object pKCS11Object3 = orderObjects[1];
            try {
                RSAPublicKey rSAPublicKey = new RSAPublicKey(session, pKCS11Object2, this.id, bArr, this.label, this.isToken, this.sign, this.encrypt, this.wrapping, (BigInteger) getValue(session, pKCS11Object2, 288), (Integer) getValue(session, pKCS11Object2, 289), (BigInteger) getValue(session, pKCS11Object2, 290));
                if (!session.getBoolAttributeValue(pKCS11Object2, 1)) {
                    rSAPublicKey.setSession(session);
                    session.addObject();
                }
                if (this.isSensitive.booleanValue()) {
                    rSAPrivateKey = new RSAPrivateKey(session, pKCS11Object3, this.id, bArr, this.label, this.isToken, this.isSensitive, this.sign, this.encrypt, this.wrapping, this.extractable, (BigInteger) getValue(session, pKCS11Object3, 288), (BigInteger) getValue(session, pKCS11Object3, 290));
                } else {
                    try {
                        rSAPrivateKey = new RSAPrivateKey(session, pKCS11Object3, this.id, bArr, this.label, this.isToken, this.isSensitive, this.sign, this.encrypt, this.wrapping, this.extractable, (BigInteger) getValue(session, pKCS11Object3, 288), (BigInteger) getValue(session, pKCS11Object3, 290), (BigInteger) getValue(session, pKCS11Object3, 291), (BigInteger) getValue(session, pKCS11Object3, 292), (BigInteger) getValue(session, pKCS11Object3, 293), (BigInteger) getValue(session, pKCS11Object3, 294), (BigInteger) getValue(session, pKCS11Object3, 295), (BigInteger) getValue(session, pKCS11Object3, 296));
                    } catch (Exception e) {
                        if (debug != null) {
                            debug.exception(16384L, className, "generateKeyPair_2", e);
                        }
                        rSAPrivateKey = new RSAPrivateKey(session, pKCS11Object3, this.id, bArr, this.label, this.isToken, this.isSensitive, this.sign, this.encrypt, this.wrapping, this.extractable, (BigInteger) getValue(session, pKCS11Object3, 288), (BigInteger) getValue(session, pKCS11Object3, 290));
                    }
                }
                if (!session.getBoolAttributeValue(pKCS11Object3, 1)) {
                    rSAPrivateKey.setSession(session);
                    session.addObject();
                }
                keyPair = new KeyPair(rSAPublicKey, rSAPrivateKey);
            } catch (Exception e2) {
                if (debug != null) {
                    debug.exception(16384L, className, "generateKeyPair_3", e2);
                }
                for (int i6 = 0; i6 < i5; i6++) {
                    session.removeObject();
                }
                keyPair = null;
            }
            this.sessionManager.releaseSession(session);
            if (debug != null) {
                debug.exit(16384L, className, "generateKeyPair");
            }
            return keyPair;
        } catch (Exception e3) {
            if (debug != null) {
                debug.exception(16384L, className, "generateKeyPair_1", e3);
            }
            this.sessionManager.releaseSession(session);
            throw new RuntimeException(e3.getMessage());
        }
    }

    private PKCS11Object[] orderObjects(Session session, PKCS11Object[] pKCS11ObjectArr) {
        PKCS11Object pKCS11Object;
        PKCS11Object pKCS11Object2;
        if (debug != null) {
            debug.entry(16384L, className, "orderObjects", pKCS11ObjectArr.toString());
        }
        Integer num = (Integer) getValue(session, pKCS11ObjectArr[0], 0);
        Integer num2 = (Integer) getValue(session, pKCS11ObjectArr[1], 0);
        if (num.equals(PKCS11Object.PUBLIC_KEY) && num2.equals(PKCS11Object.PRIVATE_KEY)) {
            pKCS11Object = pKCS11ObjectArr[0];
            pKCS11Object2 = pKCS11ObjectArr[1];
        } else {
            if (!num.equals(PKCS11Object.PRIVATE_KEY) || !num2.equals(PKCS11Object.PUBLIC_KEY)) {
                if (debug != null) {
                    debug.text(16384L, className, "orderObjects", "Token returns invalid objects");
                }
                throw new RuntimeException("Token returns invalid objects");
            }
            pKCS11Object = pKCS11ObjectArr[1];
            pKCS11Object2 = pKCS11ObjectArr[0];
        }
        pKCS11ObjectArr[0] = pKCS11Object;
        pKCS11ObjectArr[1] = pKCS11Object2;
        if (debug != null) {
            debug.exit(16384L, className, "orderObjects", pKCS11ObjectArr);
        }
        return pKCS11ObjectArr;
    }

    private Object getValue(Session session, PKCS11Object pKCS11Object, int i) {
        return session.getAttrValue(pKCS11Object, i);
    }

    private byte[] encodedSubject(byte[] bArr) {
        byte[] byteArray;
        try {
            if (debug != null) {
                debug.text(16384L, className, "encodedSubject", "Try DER encoding public key subject name as X500 name initially");
            }
            DerOutputStream derOutputStream = new DerOutputStream();
            new X500Name(new String(bArr, "8859_1")).encode(derOutputStream);
            byteArray = derOutputStream.toByteArray();
        } catch (Exception e) {
            try {
                if (debug != null) {
                    debug.text(16384L, className, "encodedSubject", "DER encode public key subject name as UnstructuredName instead");
                }
                DerOutputStream derOutputStream2 = new DerOutputStream();
                new UnstructuredName(new String[]{new String(bArr, "8859_1")}).encode(derOutputStream2);
                byteArray = derOutputStream2.toByteArray();
            } catch (Exception e2) {
                if (debug != null) {
                    debug.exception(16384L, className, "generateKeyPair_2.3", e2);
                }
                throw new RuntimeException(e2.getMessage());
            }
        }
        return byteArray;
    }
}
