package com.dyadicsec.provider;

import com.dyadicsec.cryptoki.CK;
import com.dyadicsec.pkcs11.CKException;
import com.dyadicsec.pkcs11.CK_MECHANISM;
import com.dyadicsec.pkcs11.Session;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyStoreException;
import java.security.ProviderException;
import java.security.spec.AlgorithmParameterSpec;
import javax.crypto.MacSpi;
import javax.crypto.spec.IvParameterSpec;

/* loaded from: input_file:ekm-java-provider-2.0.jar:com/dyadicsec/provider/Mac.class */
public class Mac extends MacSpi {
    private final int mechanism;
    private SecretKey secretKey = null;
    private Session session = null;
    private AlgorithmParameterSpec paramSpec = null;
    private byte[] oneByte = null;

    /* loaded from: input_file:ekm-java-provider-2.0.jar:com/dyadicsec/provider/Mac$CMAC.class */
    public static final class CMAC extends Mac {
        public CMAC() {
            super(CK.CKM_AES_CMAC);
        }
    }

    /* loaded from: input_file:ekm-java-provider-2.0.jar:com/dyadicsec/provider/Mac$GMAC.class */
    public static final class GMAC extends Mac {
        public GMAC() {
            super(CK.CKM_AES_GMAC);
        }
    }

    /* loaded from: input_file:ekm-java-provider-2.0.jar:com/dyadicsec/provider/Mac$HmacSHA1.class */
    public static final class HmacSHA1 extends Mac {
        public HmacSHA1() {
            super(CK.CKM_SHA_1_HMAC);
        }
    }

    /* loaded from: input_file:ekm-java-provider-2.0.jar:com/dyadicsec/provider/Mac$HmacSHA256.class */
    public static final class HmacSHA256 extends Mac {
        public HmacSHA256() {
            super(CK.CKM_SHA256_HMAC);
        }
    }

    /* loaded from: input_file:ekm-java-provider-2.0.jar:com/dyadicsec/provider/Mac$HmacSHA384.class */
    public static final class HmacSHA384 extends Mac {
        public HmacSHA384() {
            super(CK.CKM_SHA384_HMAC);
        }
    }

    /* loaded from: input_file:ekm-java-provider-2.0.jar:com/dyadicsec/provider/Mac$HmacSHA512.class */
    public static final class HmacSHA512 extends Mac {
        public HmacSHA512() {
            super(CK.CKM_SHA512_HMAC);
        }
    }

    Mac(int i) {
        this.mechanism = i;
    }

    @Override // javax.crypto.MacSpi
    protected int engineGetMacLength() {
        switch (this.mechanism) {
            case CK.CKM_SHA_1_HMAC /* 545 */:
                return 20;
            case CK.CKM_SHA256_HMAC /* 593 */:
                return 32;
            case CK.CKM_SHA384_HMAC /* 609 */:
                return 48;
            case CK.CKM_SHA512_HMAC /* 625 */:
                return 64;
            case CK.CKM_AES_CMAC /* 4234 */:
                return 16;
            case CK.CKM_AES_GMAC /* 4238 */:
                return 16;
            default:
                return 0;
        }
    }

    @Override // javax.crypto.MacSpi
    protected void engineInit(Key key, AlgorithmParameterSpec algorithmParameterSpec) throws InvalidKeyException, InvalidAlgorithmParameterException {
        if (key == null) {
            throw new InvalidKeyException("Invalid key");
        }
        this.paramSpec = algorithmParameterSpec;
        if (this.mechanism == 4238) {
            if (algorithmParameterSpec != null && !(algorithmParameterSpec instanceof IvParameterSpec)) {
                throw new InvalidAlgorithmParameterException("IvParameterSpec required");
            }
        } else if (algorithmParameterSpec != null) {
            throw new InvalidAlgorithmParameterException("Parameters not supported");
        }
        if (!(key instanceof SecretKey)) {
            throw new InvalidKeyException("Invalid key type");
        }
        this.secretKey = (SecretKey) key;
        CK_MECHANISM ck_mechanism = null;
        try {
            this.secretKey.save();
            int keyType = this.secretKey.getKeyType();
            switch (this.mechanism) {
                case CK.CKM_SHA_1_HMAC /* 545 */:
                case CK.CKM_SHA256_HMAC /* 593 */:
                case CK.CKM_SHA384_HMAC /* 609 */:
                case CK.CKM_SHA512_HMAC /* 625 */:
                    if (keyType == 16) {
                        ck_mechanism = new CK_MECHANISM(this.mechanism);
                        break;
                    } else {
                        throw new InvalidKeyException("Invalid key type");
                    }
                case CK.CKM_AES_CMAC /* 4234 */:
                    if (keyType == 31) {
                        ck_mechanism = new CK_MECHANISM(this.mechanism);
                        break;
                    } else {
                        throw new InvalidKeyException("Invalid key type");
                    }
                case CK.CKM_AES_GMAC /* 4238 */:
                    if (keyType == 31) {
                        ck_mechanism = new CK_MECHANISM(this.mechanism, algorithmParameterSpec == null ? new byte[12] : ((IvParameterSpec) algorithmParameterSpec).getIV());
                        break;
                    } else {
                        throw new InvalidKeyException("Invalid key type");
                    }
            }
            try {
                this.session = this.secretKey.pkcs11Key.signInit(ck_mechanism);
            } catch (CKException e) {
                engineReset();
                if (e.getRV() != 7 && e.getRV() != 112 && e.getRV() != 113) {
                    throw new InvalidKeyException(e);
                }
                throw new InvalidAlgorithmParameterException(e);
            }
        } catch (KeyStoreException e2) {
            throw new InvalidKeyException(e2);
        }
    }

    @Override // javax.crypto.MacSpi
    protected void engineUpdate(byte b) {
        if (this.oneByte == null) {
            this.oneByte = new byte[1];
        }
        this.oneByte[0] = b;
        engineUpdate(this.oneByte, 0, 1);
    }

    private void ensureInit() {
        if (this.session == null) {
            try {
                engineInit(this.secretKey, this.paramSpec);
            } catch (InvalidAlgorithmParameterException e) {
                throw new ProviderException(e);
            } catch (InvalidKeyException e2) {
                throw new ProviderException(e2);
            }
        }
    }

    @Override // javax.crypto.MacSpi
    protected void engineUpdate(byte[] bArr, int i, int i2) {
        ensureInit();
        try {
            this.session.signUpdate(bArr, i, i2);
        } catch (CKException e) {
            throw new ProviderException(e);
        }
    }

    @Override // javax.crypto.MacSpi
    protected byte[] engineDoFinal() {
        ensureInit();
        try {
            try {
                byte[] signFinal = this.session.signFinal(engineGetMacLength());
                engineReset();
                return signFinal;
            } catch (CKException e) {
                throw new ProviderException(e);
            }
        } catch (Throwable th) {
            engineReset();
            throw th;
        }
    }

    @Override // javax.crypto.MacSpi
    protected void engineReset() {
        if (this.session != null) {
            this.session.close();
        }
        this.session = null;
    }
}
