package org.xipki.security.pkcs11;

import java.io.IOException;
import java.math.BigInteger;
import java.security.PublicKey;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.xipki.pkcs11.wrapper.Functions;
import org.xipki.pkcs11.wrapper.PKCS11Constants;
import org.xipki.pkcs11.wrapper.PKCS11KeyId;
import org.xipki.pkcs11.wrapper.TokenException;
import org.xipki.util.Args;
import org.xipki.util.LogUtil;

/* loaded from: input_file:WEB-INF/lib/security-6.3.1.jar:org/xipki/security/pkcs11/P11Key.class */
public abstract class P11Key {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) P11Key.class);
    protected final P11Slot slot;
    protected final PKCS11KeyId keyId;
    private boolean sign;
    private ASN1ObjectIdentifier ecParams;
    private Integer ecOrderBitSize;
    private BigInteger rsaModulus;
    private BigInteger rsaPublicExponent;
    private BigInteger dsaP;
    private BigInteger dsaQ;
    private BigInteger dsaG;
    private boolean publicKeyInitialized;
    private PublicKey publicKey;

    /* JADX INFO: Access modifiers changed from: protected */
    public P11Key(P11Slot p11Slot, PKCS11KeyId pKCS11KeyId) {
        this.slot = (P11Slot) Args.notNull(p11Slot, "slot");
        this.keyId = (PKCS11KeyId) Args.notNull(pKCS11KeyId, "keyId");
    }

    public P11Key sign(Boolean bool) {
        this.sign = bool == null || bool.booleanValue();
        return this;
    }

    public abstract void destroy() throws TokenException;

    public ASN1ObjectIdentifier getEcParams() {
        return this.ecParams;
    }

    public Integer getEcOrderBitSize() {
        return this.ecOrderBitSize;
    }

    public void setEcParams(ASN1ObjectIdentifier aSN1ObjectIdentifier) {
        if (aSN1ObjectIdentifier == null) {
            this.ecOrderBitSize = null;
        } else {
            try {
                this.ecOrderBitSize = Functions.getCurveOrderBitLength(aSN1ObjectIdentifier.getEncoded());
            } catch (IOException e) {
            }
        }
        this.ecParams = aSN1ObjectIdentifier;
    }

    public BigInteger getRsaModulus() {
        return this.rsaModulus;
    }

    public BigInteger getRsaPublicExponent() {
        return this.rsaPublicExponent;
    }

    public void setRsaMParameters(BigInteger bigInteger, BigInteger bigInteger2) {
        this.rsaModulus = bigInteger;
        this.rsaPublicExponent = bigInteger2;
    }

    public BigInteger getDsaP() {
        return this.dsaP;
    }

    public BigInteger getDsaQ() {
        return this.dsaQ;
    }

    public BigInteger getDsaG() {
        return this.dsaG;
    }

    public void setDsaParameters(BigInteger bigInteger, BigInteger bigInteger2, BigInteger bigInteger3) {
        this.dsaP = bigInteger;
        this.dsaQ = bigInteger2;
        this.dsaG = bigInteger3;
    }

    public byte[] sign(long j, P11Params p11Params, byte[] bArr) throws TokenException {
        Args.notNull(bArr, "content");
        if (!supportsSign(j)) {
            throw new TokenException("this identity is not suitable for sign with " + PKCS11Constants.ckmCodeToName(j));
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("sign with mechanism {}", PKCS11Constants.ckmCodeToName(j));
        }
        return sign0(j, p11Params, bArr);
    }

    public boolean supportsSign(long j) {
        return this.sign && this.keyId.getObjectCLass() != 2 && this.keyId.getKeyType() != 65 && this.slot.supportsMechanism(j, 2048L);
    }

    protected abstract byte[] sign0(long j, P11Params p11Params, byte[] bArr) throws TokenException;

    public byte[] digestSecretKey(long j) throws TokenException {
        if (!supportsDigest(j)) {
            throw new TokenException("cannot digest this identity with " + PKCS11Constants.ckmCodeToName(j));
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("digest secret key with mechanism {}", PKCS11Constants.ckmCodeToName(j));
        }
        return digestSecretKey0(j);
    }

    public boolean supportsDigest(long j) {
        return this.keyId.getObjectCLass() == 4 && this.slot.supportsMechanism(j, 1024L);
    }

    protected abstract byte[] digestSecretKey0(long j) throws TokenException;

    public P11SlotId getSlotId() {
        return this.slot.getSlotId();
    }

    public PKCS11KeyId getKeyId() {
        return this.keyId;
    }

    public long getKeyType() {
        return this.keyId.getKeyType();
    }

    public boolean isSecretKey() {
        return this.keyId.getObjectCLass() == 4;
    }

    public final synchronized PublicKey getPublicKey() {
        if (isSecretKey()) {
            return null;
        }
        if (this.publicKeyInitialized) {
            return this.publicKey;
        }
        try {
            this.publicKey = this.slot.getPublicKey(this);
        } catch (Exception e) {
            LogUtil.error(LOG, e, "could not initialize public key for (private) key " + this.keyId + " on slot " + this.slot.getSlotId());
        } finally {
            this.publicKeyInitialized = true;
        }
        return this.publicKey;
    }
}
