package org.xipki.security.pkcs11;

import java.math.BigInteger;
import java.security.PublicKey;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.xipki.pkcs11.wrapper.PKCS11Constants;
import org.xipki.pkcs11.wrapper.TokenException;
import org.xipki.security.XiSecurityException;
import org.xipki.security.pkcs11.P11Params;
import org.xipki.util.Args;
import org.xipki.util.LogUtil;

/* loaded from: input_file:WEB-INF/lib/security-6.1.0.jar:org/xipki/security/pkcs11/P11Identity.class */
public abstract class P11Identity {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) P11Identity.class);
    protected final P11Slot slot;
    protected final P11IdentityId id;
    private ASN1ObjectIdentifier ecParams;
    private BigInteger rsaModulus;
    private BigInteger rsaPublicExponent;
    private BigInteger dsaQ;
    private boolean publicKeyInitialized;
    private PublicKey publicKey;

    /* JADX INFO: Access modifiers changed from: protected */
    public P11Identity(P11Slot p11Slot, P11IdentityId p11IdentityId) {
        this.slot = (P11Slot) Args.notNull(p11Slot, "slot");
        this.id = (P11IdentityId) Args.notNull(p11IdentityId, "id");
    }

    public abstract void destroy() throws TokenException;

    public ASN1ObjectIdentifier getEcParams() {
        return this.ecParams;
    }

    public void setEcParams(ASN1ObjectIdentifier aSN1ObjectIdentifier) {
        this.ecParams = aSN1ObjectIdentifier;
    }

    public BigInteger getRsaModulus() {
        return this.rsaModulus;
    }

    public BigInteger getRsaPublicExponent() {
        return this.rsaPublicExponent;
    }

    public void setRsaMParameters(BigInteger bigInteger, BigInteger bigInteger2) {
        this.rsaModulus = bigInteger;
        this.rsaPublicExponent = bigInteger2;
    }

    public BigInteger getDsaQ() {
        return this.dsaQ;
    }

    public void setDsaQ(BigInteger bigInteger) {
        this.dsaQ = bigInteger;
    }

    public byte[] sign(long j, P11Params p11Params, byte[] bArr) throws TokenException {
        if (this.id.getKeyId().getKeyType() == 65) {
            throw new TokenException("this identity is not suitable for sign");
        }
        Args.notNull(bArr, "content");
        this.slot.assertMechanismSupported(j);
        if (!supportsMechanism(j, p11Params)) {
            throw new TokenException("unsupported mechanism " + PKCS11Constants.ckmCodeToName(j));
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("sign with mechanism {}", PKCS11Constants.ckmCodeToName(j));
        }
        return sign0(j, p11Params, bArr);
    }

    protected abstract byte[] sign0(long j, P11Params p11Params, byte[] bArr) throws TokenException;

    public byte[] digestSecretKey(long j) throws TokenException, XiSecurityException {
        this.slot.assertMechanismSupported(j);
        if (LOG.isDebugEnabled()) {
            LOG.debug("digest secret with mechanism {}", PKCS11Constants.ckmCodeToName(j));
        }
        return digestSecretKey0(j);
    }

    protected abstract byte[] digestSecretKey0(long j) throws TokenException;

    public P11IdentityId getId() {
        return this.id;
    }

    public long getKeyType() {
        return this.id.getKeyId().getKeyType();
    }

    public boolean isSecretKey() {
        return this.id.getKeyId().getObjectCLass() == 4;
    }

    public final synchronized PublicKey getPublicKey() {
        if (isSecretKey()) {
            return null;
        }
        if (this.publicKeyInitialized) {
            return this.publicKey;
        }
        try {
            this.publicKey = this.slot.getPublicKey(this);
        } catch (Exception e) {
            LogUtil.error(LOG, e, "could not initialize public key for (private) key " + this.id);
        } finally {
            this.publicKeyInitialized = true;
        }
        return this.publicKey;
    }

    public boolean supportsMechanism(long j) {
        return this.slot.supportsMechanism(j);
    }

    public boolean supportsMechanism(long j, P11Params p11Params) {
        if (!supportsMechanism(j)) {
            return false;
        }
        if (isSecretKey() && (545 == j || 598 == j || 593 == j || 609 == j || 625 == j || 694 == j || 689 == j || 705 == j || 721 == j)) {
            return p11Params == null;
        }
        long keyType = getKeyType();
        if (keyType == 0) {
            return (2 == j || 1 == j || 6 == j || 70 == j || 64 == j || 65 == j || 66 == j) ? p11Params == null : (13 == j || 14 == j || 71 == j || 67 == j || 68 == j || 69 == j) ? p11Params instanceof P11Params.P11RSAPkcsPssParams : 3 == j && p11Params == null;
        }
        if (keyType == 1) {
            if (p11Params != null) {
                return false;
            }
            return 17 == j || 18 == j || 19 == j || 20 == j || 21 == j || 22 == j;
        }
        if (keyType != 3 && keyType != 4294963201L) {
            return keyType == 64 && PKCS11Constants.CKM_EDDSA == j;
        }
        if (PKCS11Constants.CKM_ECDSA == j || PKCS11Constants.CKM_ECDSA_SHA1 == j || PKCS11Constants.CKM_ECDSA_SHA224 == j || PKCS11Constants.CKM_ECDSA_SHA256 == j || PKCS11Constants.CKM_ECDSA_SHA384 == j || PKCS11Constants.CKM_ECDSA_SHA512 == j || 4294963202L == j) {
            return p11Params == null;
        }
        if (PKCS11Constants.CKM_VENDOR_SM2_SM3 == j) {
            return p11Params instanceof P11Params.P11ByteArrayParams;
        }
        return false;
    }
}
