package org.xipki.security.pkcs11;

import iaik.pkcs.pkcs11.constants.Functions;
import iaik.pkcs.pkcs11.constants.PKCS11Constants;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.security.interfaces.DSAPublicKey;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAPublicKey;
import java.util.Arrays;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.xipki.security.XiSecurityException;
import org.xipki.security.pkcs11.P11Params;
import org.xipki.util.Args;
import org.xipki.util.CollectionUtil;

/* loaded from: input_file:WEB-INF/lib/security-5.2.0.jar:org/xipki/security/pkcs11/P11Identity.class */
public abstract class P11Identity implements Comparable<P11Identity> {
    private static final Logger LOG = LoggerFactory.getLogger(P11Identity.class);
    protected final P11Slot slot;
    protected final P11IdentityId id;
    protected final PublicKey publicKey;
    private final int signatureKeyBitLength;
    protected X509Certificate[] certificateChain;

    /* JADX INFO: Access modifiers changed from: protected */
    public P11Identity(P11Slot p11Slot, P11IdentityId p11IdentityId, int i) {
        this.slot = (P11Slot) Args.notNull(p11Slot, "slot");
        this.id = (P11IdentityId) Args.notNull(p11IdentityId, "id");
        this.publicKey = null;
        this.signatureKeyBitLength = i;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public P11Identity(P11Slot p11Slot, P11IdentityId p11IdentityId, PublicKey publicKey, X509Certificate[] x509CertificateArr) {
        this.slot = (P11Slot) Args.notNull(p11Slot, "slot");
        this.id = (P11IdentityId) Args.notNull(p11IdentityId, "id");
        if (x509CertificateArr != null && x509CertificateArr.length > 0 && x509CertificateArr[0] != null) {
            this.publicKey = x509CertificateArr[0].getPublicKey();
            this.certificateChain = x509CertificateArr;
        } else {
            if (publicKey == null) {
                throw new IllegalArgumentException("neither certificate nor publicKey is non-null");
            }
            this.publicKey = publicKey;
            this.certificateChain = null;
        }
        if (this.publicKey instanceof RSAPublicKey) {
            this.signatureKeyBitLength = ((RSAPublicKey) this.publicKey).getModulus().bitLength();
        } else if (this.publicKey instanceof ECPublicKey) {
            this.signatureKeyBitLength = ((ECPublicKey) this.publicKey).getParams().getOrder().bitLength();
        } else {
            if (!(this.publicKey instanceof DSAPublicKey)) {
                throw new IllegalArgumentException("currently only RSA, DSA and EC public key are supported, but not " + this.publicKey.getAlgorithm() + " (class: " + this.publicKey.getClass().getName() + ")");
            }
            this.signatureKeyBitLength = ((DSAPublicKey) this.publicKey).getParams().getQ().bitLength();
        }
    }

    public byte[] sign(long j, P11Params p11Params, byte[] bArr) throws P11TokenException {
        Args.notNull(bArr, "content");
        this.slot.assertMechanismSupported(j);
        if (!supportsMechanism(j, p11Params)) {
            throw new P11UnsupportedMechanismException(j, this.id);
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("sign with mechanism {}", Functions.getMechanismDescription(j));
        }
        return sign0(j, p11Params, bArr);
    }

    protected abstract byte[] sign0(long j, P11Params p11Params, byte[] bArr) throws P11TokenException;

    public byte[] digestSecretKey(long j) throws P11TokenException, XiSecurityException {
        this.slot.assertMechanismSupported(j);
        if (LOG.isDebugEnabled()) {
            LOG.debug("digest secret with mechanism {}", Functions.getMechanismDescription(j));
        }
        return digestSecretKey0(j);
    }

    protected abstract byte[] digestSecretKey0(long j) throws P11TokenException;

    public P11IdentityId getId() {
        return this.id;
    }

    public X509Certificate getCertificate() {
        if (this.certificateChain == null || this.certificateChain.length <= 0) {
            return null;
        }
        return this.certificateChain[0];
    }

    public X509Certificate[] certificateChain() {
        if (this.certificateChain == null) {
            return null;
        }
        return (X509Certificate[]) Arrays.copyOf(this.certificateChain, this.certificateChain.length);
    }

    public PublicKey getPublicKey() {
        return this.publicKey;
    }

    public void setCertificates(X509Certificate[] x509CertificateArr) throws P11TokenException {
        if (CollectionUtil.isEmpty(x509CertificateArr)) {
            this.certificateChain = null;
            return;
        }
        if (!this.publicKey.equals(x509CertificateArr[0].getPublicKey())) {
            throw new P11TokenException("certificateChain is not for the key");
        }
        this.certificateChain = x509CertificateArr;
    }

    public boolean match(P11IdentityId p11IdentityId) {
        return this.id.equals(p11IdentityId);
    }

    public boolean match(P11SlotIdentifier p11SlotIdentifier, String str) {
        return this.id.match(p11SlotIdentifier, str);
    }

    public int getSignatureKeyBitLength() {
        return this.signatureKeyBitLength;
    }

    @Override // java.lang.Comparable
    public int compareTo(P11Identity p11Identity) {
        return this.id.compareTo(p11Identity.id);
    }

    public boolean supportsMechanism(long j, P11Params p11Params) {
        if (this.publicKey == null && (545 == j || 598 == j || 593 == j || 609 == j || 625 == j || 694 == j || 689 == j || 705 == j || 721 == j)) {
            return p11Params == null;
        }
        if (this.publicKey instanceof RSAPublicKey) {
            return (2 == j || 1 == j || 6 == j || 70 == j || 64 == j || 65 == j || 66 == j) ? p11Params == null : (13 == j || 14 == j || 71 == j || 67 == j || 68 == j || 69 == j) ? p11Params instanceof P11Params.P11RSAPkcsPssParams : 3 == j && p11Params == null;
        }
        if (this.publicKey instanceof DSAPublicKey) {
            if (p11Params != null) {
                return false;
            }
            return 17 == j || 18 == j || 19 == j || 20 == j || 21 == j || 22 == j;
        }
        if (!(this.publicKey instanceof ECPublicKey)) {
            return false;
        }
        if (PKCS11Constants.CKM_ECDSA == j || PKCS11Constants.CKM_ECDSA_SHA1 == j || PKCS11Constants.CKM_ECDSA_SHA224 == j || PKCS11Constants.CKM_ECDSA_SHA256 == j || PKCS11Constants.CKM_ECDSA_SHA384 == j || PKCS11Constants.CKM_ECDSA_SHA512 == j || PKCS11Constants.CKM_VENDOR_SM2 == j) {
            return p11Params == null;
        }
        if (PKCS11Constants.CKM_VENDOR_SM2_SM3 == j) {
            return p11Params instanceof P11Params.P11ByteArrayParams;
        }
        return false;
    }
}
