package org.xipki.security.qa;

import java.math.BigInteger;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.xipki.audit.services.MacAuditService;
import org.xipki.pkcs11.wrapper.TokenException;
import org.xipki.security.ConcurrentContentSigner;
import org.xipki.security.SecurityFactory;
import org.xipki.security.SignerConf;
import org.xipki.security.X509Cert;
import org.xipki.security.pkcs11.P11IdentityId;
import org.xipki.security.pkcs11.P11Slot;
import org.xipki.security.util.AlgorithmUtil;
import org.xipki.util.Args;
import org.xipki.util.BenchmarkExecutor;
import org.xipki.util.ConfPairs;
import org.xipki.util.Hex;
import org.xipki.util.LogUtil;
import org.xipki.util.PermissionConstants;
import org.xipki.util.RandomUtil;
import org.xipki.util.StringUtil;
import org.xipki.util.exception.ObjectCreationException;

/* loaded from: input_file:WEB-INF/lib/security-6.1.0.jar:org/xipki/security/qa/P11SignSpeed.class */
public abstract class P11SignSpeed extends BenchmarkExecutor {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) P11SignSpeed.class);
    private final P11Slot slot;
    private final ConcurrentContentSigner signer;
    private final P11IdentityId identityId;
    private final boolean deleteKeyAfterTest;

    /* loaded from: input_file:WEB-INF/lib/security-6.1.0.jar:org/xipki/security/qa/P11SignSpeed$DSA.class */
    public static class DSA extends P11SignSpeed {
        public DSA(SecurityFactory securityFactory, P11Slot p11Slot, byte[] bArr, String str, int i, int i2, int i3) throws Exception {
            this(false, securityFactory, p11Slot, bArr, null, str, i, i2, i3);
        }

        public DSA(boolean z, SecurityFactory securityFactory, P11Slot p11Slot, byte[] bArr, String str, String str2, int i, int i2, int i3) throws Exception {
            super(securityFactory, p11Slot, str2, !z, generateKey(z, p11Slot, bArr, str, i2, i3), "PKCS#11 DSA signature creation\npLength: " + i2 + "\nqLength: " + i3, i);
        }

        private static P11IdentityId generateKey(boolean z, P11Slot p11Slot, byte[] bArr, String str, int i, int i2) throws Exception {
            return z ? getNonNullKeyId(p11Slot, bArr, str) : p11Slot.generateDSAKeypair(i, i2, getNewKeyControl(bArr, str));
        }
    }

    /* loaded from: input_file:WEB-INF/lib/security-6.1.0.jar:org/xipki/security/qa/P11SignSpeed$EC.class */
    public static class EC extends P11SignSpeed {
        public EC(SecurityFactory securityFactory, P11Slot p11Slot, byte[] bArr, String str, int i, ASN1ObjectIdentifier aSN1ObjectIdentifier) throws Exception {
            this(false, securityFactory, p11Slot, bArr, null, str, i, aSN1ObjectIdentifier);
        }

        public EC(boolean z, SecurityFactory securityFactory, P11Slot p11Slot, byte[] bArr, String str, String str2, int i, ASN1ObjectIdentifier aSN1ObjectIdentifier) throws Exception {
            super(securityFactory, p11Slot, str2, !z, generateKey(z, p11Slot, bArr, str, aSN1ObjectIdentifier), "PKCS#11 EC signature creation\ncurve: " + AlgorithmUtil.getCurveName(aSN1ObjectIdentifier), i);
        }

        private static P11IdentityId generateKey(boolean z, P11Slot p11Slot, byte[] bArr, String str, ASN1ObjectIdentifier aSN1ObjectIdentifier) throws Exception {
            if (z) {
                return getNonNullKeyId(p11Slot, bArr, str);
            }
            try {
                return p11Slot.generateECKeypair(aSN1ObjectIdentifier, getNewKeyControl(bArr, str));
            } catch (Exception e) {
                throw new Exception("error generating EC keypair for curve " + AlgorithmUtil.getCurveName(aSN1ObjectIdentifier), e);
            }
        }
    }

    /* loaded from: input_file:WEB-INF/lib/security-6.1.0.jar:org/xipki/security/qa/P11SignSpeed$HMAC.class */
    public static class HMAC extends P11SignSpeed {
        public HMAC(SecurityFactory securityFactory, P11Slot p11Slot, byte[] bArr, String str, int i) throws Exception {
            this(true, securityFactory, p11Slot, bArr, null, str, i);
        }

        public HMAC(boolean z, SecurityFactory securityFactory, P11Slot p11Slot, byte[] bArr, String str, String str2, int i) throws Exception {
            super(securityFactory, p11Slot, str2, !z, generateKey(z, p11Slot, bArr, str, str2), "PKCS#11 HMAC signature creation", i);
        }

        private static P11IdentityId generateKey(boolean z, P11Slot p11Slot, byte[] bArr, String str, String str2) throws Exception {
            return z ? getNonNullKeyId(p11Slot, bArr, str) : p11Slot.importSecretKey(16L, RandomUtil.nextBytes(getKeysize(str2) / 8), getNewKeyControl(bArr, str));
        }

        private static int getKeysize(String str) {
            int i;
            String upperCase = str.toUpperCase();
            boolean z = -1;
            switch (upperCase.hashCode()) {
                case -1823053428:
                    if (upperCase.equals("HMACSHA1")) {
                        z = false;
                        break;
                    }
                    break;
                case -941610699:
                    if (upperCase.equals("HMACSHA3-224")) {
                        z = 2;
                        break;
                    }
                    break;
                case -941610604:
                    if (upperCase.equals("HMACSHA3-256")) {
                        z = 4;
                        break;
                    }
                    break;
                case -941609552:
                    if (upperCase.equals("HMACSHA3-384")) {
                        z = 6;
                        break;
                    }
                    break;
                case -941607849:
                    if (upperCase.equals("HMACSHA3-512")) {
                        z = 8;
                        break;
                    }
                    break;
                case 392315023:
                    if (upperCase.equals("HMACSHA224")) {
                        z = true;
                        break;
                    }
                    break;
                case 392315118:
                    if (upperCase.equals("HMACSHA256")) {
                        z = 3;
                        break;
                    }
                    break;
                case 392316170:
                    if (upperCase.equals("HMACSHA384")) {
                        z = 5;
                        break;
                    }
                    break;
                case 392317873:
                    if (upperCase.equals("HMACSHA512")) {
                        z = 7;
                        break;
                    }
                    break;
            }
            switch (z) {
                case false:
                    i = 160;
                    break;
                case true:
                case true:
                    i = 224;
                    break;
                case true:
                case PermissionConstants.UNSUSPEND_CERT /* 4 */:
                    i = 256;
                    break;
                case true:
                case true:
                    i = 384;
                    break;
                case true:
                case PermissionConstants.REMOVE_CERT /* 8 */:
                    i = 512;
                    break;
                default:
                    throw new IllegalArgumentException("unknown HMAC algorithm " + upperCase);
            }
            return i;
        }
    }

    /* loaded from: input_file:WEB-INF/lib/security-6.1.0.jar:org/xipki/security/qa/P11SignSpeed$RSA.class */
    public static class RSA extends P11SignSpeed {
        public RSA(SecurityFactory securityFactory, P11Slot p11Slot, byte[] bArr, String str, int i, int i2, BigInteger bigInteger) throws Exception {
            this(false, securityFactory, p11Slot, bArr, null, str, i, i2, bigInteger);
        }

        public RSA(boolean z, SecurityFactory securityFactory, P11Slot p11Slot, byte[] bArr, String str, String str2, int i, int i2, BigInteger bigInteger) throws Exception {
            super(securityFactory, p11Slot, str2, !z, generateKey(z, p11Slot, bArr, i2, bigInteger, str), "PKCS#11 RSA signature creation\nkeysize: " + i2 + "\npublic exponent: " + bigInteger, i);
        }

        private static P11IdentityId generateKey(boolean z, P11Slot p11Slot, byte[] bArr, int i, BigInteger bigInteger, String str) throws Exception {
            return z ? getNonNullKeyId(p11Slot, bArr, str) : p11Slot.generateRSAKeypair(i, bigInteger, getNewKeyControl(bArr, str));
        }
    }

    /* loaded from: input_file:WEB-INF/lib/security-6.1.0.jar:org/xipki/security/qa/P11SignSpeed$SM2.class */
    public static class SM2 extends P11SignSpeed {
        public SM2(SecurityFactory securityFactory, P11Slot p11Slot, byte[] bArr, int i) throws Exception {
            this(true, securityFactory, p11Slot, bArr, null, i);
        }

        public SM2(boolean z, SecurityFactory securityFactory, P11Slot p11Slot, byte[] bArr, String str, int i) throws Exception {
            super(securityFactory, p11Slot, "SM3WITHSM2", !z, generateKey(z, p11Slot, bArr, str), "PKCS#11 SM2 signature creation", i);
        }

        private static P11IdentityId generateKey(boolean z, P11Slot p11Slot, byte[] bArr, String str) throws Exception {
            return z ? getNonNullKeyId(p11Slot, bArr, str) : p11Slot.generateSM2Keypair(getNewKeyControl(bArr, str));
        }
    }

    /* loaded from: input_file:WEB-INF/lib/security-6.1.0.jar:org/xipki/security/qa/P11SignSpeed$Tester.class */
    private class Tester implements Runnable {
        private static final int batch = 10;
        private final byte[][] data = new byte[10][16];

        public Tester() {
            for (int i = 0; i < this.data.length; i++) {
                this.data[i] = RandomUtil.nextBytes(this.data[i].length);
            }
        }

        @Override // java.lang.Runnable
        public void run() {
            while (!P11SignSpeed.this.stop() && P11SignSpeed.this.getErrorAccout() < 1) {
                try {
                    P11SignSpeed.this.signer.sign(this.data);
                    P11SignSpeed.this.account(10L, 0L);
                } catch (Exception e) {
                    P11SignSpeed.LOG.error("P11SignSpeed.Tester.run()", (Throwable) e);
                    P11SignSpeed.this.account(10L, 10L);
                }
            }
        }
    }

    public P11SignSpeed(SecurityFactory securityFactory, P11Slot p11Slot, String str, boolean z, P11IdentityId p11IdentityId, String str2, int i) throws ObjectCreationException {
        super(str2 + "\nsignature algorithm: " + str);
        Args.notNull(securityFactory, "securityFactory");
        this.slot = (P11Slot) Args.notNull(p11Slot, "slot");
        Args.notBlank(str, "signatureAlgorithm");
        this.identityId = (P11IdentityId) Args.notNull(p11IdentityId, "identityId");
        this.deleteKeyAfterTest = z;
        try {
            this.signer = securityFactory.createSigner("PKCS11", getPkcs11SignerConf(p11Slot.getModuleName(), Long.valueOf(p11Slot.getSlotId().getId()), p11IdentityId.getKeyId().getId(), str, i + Math.max(2, (i * 5) / 4)), (X509Cert) null);
        } catch (ObjectCreationException e) {
            close();
            throw e;
        }
    }

    @Override // org.xipki.util.BenchmarkExecutor
    public final void close() {
        if (this.deleteKeyAfterTest) {
            try {
                LOG.info("delete key {}", this.identityId);
                this.slot.getIdentity(this.identityId).destroy();
            } catch (Exception e) {
                LogUtil.error(LOG, e, "could not delete PKCS#11 key " + this.identityId);
            }
        }
    }

    protected static P11Slot.P11NewKeyControl getNewKeyControl(byte[] bArr, String str) {
        if (StringUtil.isBlank(str)) {
            str = "speed-" + System.currentTimeMillis();
        }
        return new P11Slot.P11NewKeyControl(bArr, str);
    }

    protected static P11IdentityId getNonNullKeyId(P11Slot p11Slot, byte[] bArr, String str) throws TokenException {
        P11IdentityId identityId = p11Slot.getIdentityId(bArr, str);
        if (identityId == null) {
            throw new IllegalArgumentException("unknown key");
        }
        return identityId;
    }

    @Override // org.xipki.util.BenchmarkExecutor
    protected Runnable getTester() throws Exception {
        return new Tester();
    }

    private static SignerConf getPkcs11SignerConf(String str, Long l, byte[] bArr, String str2, int i) {
        ConfPairs putPair = new ConfPairs(MacAuditService.KEY_ALGO, str2).putPair("parallelism", Integer.toString(i));
        if (str != null && str.length() > 0) {
            putPair.putPair("module", str);
        }
        if (l != null) {
            putPair.putPair("slot-id", l.toString());
        }
        if (bArr != null) {
            putPair.putPair("key-id", Hex.encode(bArr));
        }
        return new SignerConf(putPair.getEncoded());
    }
}
