package com.unbound.client.pkcs11;

import com.dyadicsec.cryptoki.CK;
import com.dyadicsec.cryptoki.CKR_Exception;
import com.dyadicsec.cryptoki.CK_ATTRIBUTE;
import com.dyadicsec.cryptoki.CK_MECHANISM;
import com.dyadicsec.cryptoki.CK_RSA_PKCS_PSS_PARAMS;
import com.dyadicsec.cryptoki.CK_SESSION_HANDLE;
import com.dyadicsec.cryptoki.Library;
import com.unbound.client.SignatureOper;
import com.unbound.common.Converter;
import java.security.ProviderException;

/* loaded from: input_file:com/unbound/client/pkcs11/PKCS11SignatureOper.class */
public final class PKCS11SignatureOper extends SignatureOper {
    private int getKeyHandle() {
        return ((PKCS11Object) this.keyObject).handle;
    }

    private CK_SESSION_HANDLE getSessionHandle() {
        return ((PKCS11Session) this.session).getHandle();
    }

    private void markOperationStarted() {
        ((PKCS11Session) this.session).setOperationInProgress(true);
    }

    private void markOperationFinished() {
        ((PKCS11Session) this.session).setOperationInProgress(false);
    }

    private CK_MECHANISM getMechanism() {
        CK_RSA_PKCS_PSS_PARAMS ck_rsa_pkcs_pss_params = null;
        int pkcs11Mech = this.mode.getPkcs11Mech();
        switch (pkcs11Mech) {
            case CK.DYCKM_EDDSA /* -2147451263 */:
            case 1:
            case CK.CKM_ECDSA /* 4161 */:
                break;
            case 13:
                CK_RSA_PKCS_PSS_PARAMS ck_rsa_pkcs_pss_params2 = new CK_RSA_PKCS_PSS_PARAMS();
                ck_rsa_pkcs_pss_params2.sLen = this.pssSaltLen;
                ck_rsa_pkcs_pss_params2.hashAlg = this.hashType.getPkcs11Mech();
                ck_rsa_pkcs_pss_params2.mgf = this.mgfHashType.getPkcs11Mgf();
                ck_rsa_pkcs_pss_params = ck_rsa_pkcs_pss_params2;
                break;
            default:
                throw new ProviderException("Unsupported signature mechanism");
        }
        return new CK_MECHANISM(pkcs11Mech, ck_rsa_pkcs_pss_params);
    }

    @Override // com.unbound.client.SignatureOper
    protected byte[] hwSign(byte[] bArr) {
        try {
            CK_MECHANISM mechanism = getMechanism();
            Library.C_SignInit(getSessionHandle(), mechanism, getKeyHandle());
            markOperationStarted();
            if (mechanism.mechanism == 1 && this.hashType != null) {
                bArr = Converter.concat(this.hashType.getOid(), bArr);
            }
            byte[] C_Sign = Library.C_Sign(getSessionHandle(), bArr);
            if (mechanism.mechanism == 4161) {
                C_Sign = ((PKCS11ECPrivateKey) this.keyObject).getCurve().sigBinToDer(C_Sign);
            }
            markOperationFinished();
            return C_Sign;
        } catch (CKR_Exception e) {
            throw new ProviderException(e);
        }
    }

    public boolean verifyEddsa(PKCS11Partition pKCS11Partition, byte[] bArr, byte[] bArr2) {
        boolean z = false;
        try {
            try {
                this.session = pKCS11Partition.acquireSession();
                CK_SESSION_HANDLE handle = ((PKCS11Session) this.session).getHandle();
                int C_CreateObject = Library.C_CreateObject(handle, new CK_ATTRIBUTE[]{new CK_ATTRIBUTE(1, false), new CK_ATTRIBUTE(0, 2), new CK_ATTRIBUTE(256, CK.DYCKM_EDDSA), new CK_ATTRIBUTE(CK.DYCKA_EDDSA_PUB_KEY, bArr)});
                markOperationStarted();
                Library.C_VerifyInit(handle, new CK_MECHANISM(CK.DYCKM_EDDSA), C_CreateObject);
                Library.C_Verify(handle, getBufferBytes(), bArr2);
                z = true;
                Library.C_DestroyObject(getSessionHandle(), C_CreateObject);
                markOperationFinished();
                reset();
            } catch (CKR_Exception e) {
                if (e.errorCode != 192) {
                    throw new ProviderException(e);
                }
                reset();
            }
            return z;
        } catch (Throwable th) {
            reset();
            throw th;
        }
    }
}
