package org.xipki.qa.security;

import java.math.BigInteger;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.xipki.security.ConcurrentContentSigner;
import org.xipki.security.SecurityFactory;
import org.xipki.security.SignerConf;
import org.xipki.security.pkcs11.P11IdentityId;
import org.xipki.security.pkcs11.P11ObjectIdentifier;
import org.xipki.security.pkcs11.P11Slot;
import org.xipki.util.Args;
import org.xipki.util.BenchmarkExecutor;
import org.xipki.util.ConfPairs;
import org.xipki.util.Hex;
import org.xipki.util.LogUtil;
import org.xipki.util.ObjectCreationException;
import org.xipki.util.StringUtil;

/* loaded from: input_file:org/xipki/qa/security/P11SignSpeed.class */
public abstract class P11SignSpeed extends BenchmarkExecutor {
    private static final Logger LOG = LoggerFactory.getLogger(P11SignSpeed.class);
    private final P11Slot slot;
    private final ConcurrentContentSigner signer;
    private final P11ObjectIdentifier objectId;
    private final boolean deleteKeyAfterTest;

    /* loaded from: input_file:org/xipki/qa/security/P11SignSpeed$DSA.class */
    public static class DSA extends P11SignSpeed {
        public DSA(SecurityFactory securityFactory, P11Slot p11Slot, byte[] bArr, String str, int i, int i2, int i3) throws Exception {
            this(false, securityFactory, p11Slot, bArr, null, str, i, i2, i3);
        }

        public DSA(boolean z, SecurityFactory securityFactory, P11Slot p11Slot, byte[] bArr, String str, String str2, int i, int i2, int i3) throws Exception {
            super(securityFactory, p11Slot, str2, !z, generateKey(z, p11Slot, bArr, str, i2, i3), "PKCS#11 DSA signature creation\npLength: " + i2 + "\nqLength: " + i3, i);
        }

        private static P11ObjectIdentifier generateKey(boolean z, P11Slot p11Slot, byte[] bArr, String str, int i, int i2) throws Exception {
            return z ? getNonNullKeyId(p11Slot, bArr, str) : p11Slot.generateDSAKeypair(i, i2, getNewKeyControl(bArr, str)).getKeyId();
        }
    }

    /* loaded from: input_file:org/xipki/qa/security/P11SignSpeed$EC.class */
    public static class EC extends P11SignSpeed {
        public EC(SecurityFactory securityFactory, P11Slot p11Slot, byte[] bArr, String str, int i, ASN1ObjectIdentifier aSN1ObjectIdentifier) throws Exception {
            this(false, securityFactory, p11Slot, bArr, null, str, i, aSN1ObjectIdentifier);
        }

        public EC(boolean z, SecurityFactory securityFactory, P11Slot p11Slot, byte[] bArr, String str, String str2, int i, ASN1ObjectIdentifier aSN1ObjectIdentifier) throws Exception {
            super(securityFactory, p11Slot, str2, !z, generateKey(z, p11Slot, bArr, str, aSN1ObjectIdentifier), "PKCS#11 EC signature creation\ncurve: " + aSN1ObjectIdentifier, i);
        }

        private static P11ObjectIdentifier generateKey(boolean z, P11Slot p11Slot, byte[] bArr, String str, ASN1ObjectIdentifier aSN1ObjectIdentifier) throws Exception {
            return z ? getNonNullKeyId(p11Slot, bArr, str) : p11Slot.generateECKeypair(aSN1ObjectIdentifier, getNewKeyControl(bArr, str)).getKeyId();
        }
    }

    /* loaded from: input_file:org/xipki/qa/security/P11SignSpeed$HMAC.class */
    public static class HMAC extends P11SignSpeed {
        public HMAC(SecurityFactory securityFactory, P11Slot p11Slot, byte[] bArr, String str, int i) throws Exception {
            this(true, securityFactory, p11Slot, bArr, null, str, i);
        }

        public HMAC(boolean z, SecurityFactory securityFactory, P11Slot p11Slot, byte[] bArr, String str, String str2, int i) throws Exception {
            super(securityFactory, p11Slot, str2, !z, generateKey(z, p11Slot, bArr, str, str2), "PKCS#11 HMAC signature creation", i);
        }

        private static P11ObjectIdentifier generateKey(boolean z, P11Slot p11Slot, byte[] bArr, String str, String str2) throws Exception {
            if (z) {
                return getNonNullKeyId(p11Slot, bArr, str);
            }
            byte[] bArr2 = new byte[getKeysize(str2) / 8];
            new SecureRandom().nextBytes(bArr2);
            return p11Slot.importSecretKey(16L, bArr2, getNewKeyControl(bArr, str));
        }

        private static int getKeysize(String str) {
            int i;
            if ("HMACSHA1".equalsIgnoreCase(str)) {
                i = 160;
            } else if ("HMACSHA224".equalsIgnoreCase(str) || "HMACSHA3-224".equalsIgnoreCase(str)) {
                i = 224;
            } else if ("HMACSHA256".equalsIgnoreCase(str) || "HMACSHA3-256".equalsIgnoreCase(str)) {
                i = 256;
            } else if ("HMACSHA384".equalsIgnoreCase(str) || "HMACSHA3-384".equalsIgnoreCase(str)) {
                i = 384;
            } else {
                if (!"HMACSHA512".equalsIgnoreCase(str) && !"HMACSHA3-512".equalsIgnoreCase(str)) {
                    throw new IllegalArgumentException("unknown HMAC algorithm " + str);
                }
                i = 512;
            }
            return i;
        }
    }

    /* loaded from: input_file:org/xipki/qa/security/P11SignSpeed$RSA.class */
    public static class RSA extends P11SignSpeed {
        public RSA(SecurityFactory securityFactory, P11Slot p11Slot, byte[] bArr, String str, int i, int i2, BigInteger bigInteger) throws Exception {
            this(false, securityFactory, p11Slot, bArr, null, str, i, i2, bigInteger);
        }

        public RSA(boolean z, SecurityFactory securityFactory, P11Slot p11Slot, byte[] bArr, String str, String str2, int i, int i2, BigInteger bigInteger) throws Exception {
            super(securityFactory, p11Slot, str2, !z, generateKey(z, p11Slot, bArr, i2, bigInteger, str), "PKCS#11 RSA signature creation\nkeysize: " + i2 + "\npublic exponent: " + bigInteger, i);
        }

        private static P11ObjectIdentifier generateKey(boolean z, P11Slot p11Slot, byte[] bArr, int i, BigInteger bigInteger, String str) throws Exception {
            return z ? getNonNullKeyId(p11Slot, bArr, str) : p11Slot.generateRSAKeypair(i, bigInteger, getNewKeyControl(bArr, str)).getKeyId();
        }
    }

    /* loaded from: input_file:org/xipki/qa/security/P11SignSpeed$SM2.class */
    public static class SM2 extends P11SignSpeed {
        public SM2(SecurityFactory securityFactory, P11Slot p11Slot, byte[] bArr, int i) throws Exception {
            this(true, securityFactory, p11Slot, bArr, null, i);
        }

        public SM2(boolean z, SecurityFactory securityFactory, P11Slot p11Slot, byte[] bArr, String str, int i) throws Exception {
            super(securityFactory, p11Slot, "SM3WITHSM2", !z, generateKey(z, p11Slot, bArr, str), "PKCS#11 SM2 signature creation", i);
        }

        private static P11ObjectIdentifier generateKey(boolean z, P11Slot p11Slot, byte[] bArr, String str) throws Exception {
            return z ? getNonNullKeyId(p11Slot, bArr, str) : p11Slot.generateSM2Keypair(getNewKeyControl(bArr, str)).getKeyId();
        }
    }

    /* loaded from: input_file:org/xipki/qa/security/P11SignSpeed$Testor.class */
    class Testor implements Runnable {
        private static final int batch = 10;
        private final byte[][] data = new byte[batch][16];

        public Testor() {
            for (int i = 0; i < this.data.length; i++) {
                new SecureRandom().nextBytes(this.data[i]);
            }
        }

        @Override // java.lang.Runnable
        public void run() {
            while (!P11SignSpeed.this.stop() && P11SignSpeed.this.getErrorAccout() < 1) {
                try {
                    P11SignSpeed.this.signer.sign(this.data);
                    P11SignSpeed.this.account(10L, 0L);
                } catch (Exception e) {
                    P11SignSpeed.LOG.error("P11SignSpeed.Testor.run()", e);
                    P11SignSpeed.this.account(10L, 10L);
                }
            }
        }
    }

    public P11SignSpeed(SecurityFactory securityFactory, P11Slot p11Slot, String str, boolean z, P11ObjectIdentifier p11ObjectIdentifier, String str2, int i) throws ObjectCreationException {
        super(str2 + "\nsignature algorithm: " + str);
        Args.notNull(securityFactory, "securityFactory");
        this.slot = (P11Slot) Args.notNull(p11Slot, "slot");
        Args.notBlank(str, "signatureAlgorithm");
        this.objectId = (P11ObjectIdentifier) Args.notNull(p11ObjectIdentifier, "objectId");
        this.deleteKeyAfterTest = z;
        try {
            this.signer = securityFactory.createSigner("PKCS11", getPkcs11SignerConf(p11Slot.getModuleName(), Long.valueOf(p11Slot.getSlotId().getId()), p11ObjectIdentifier.getId(), str, i + Math.max(2, (i * 5) / 4)), (X509Certificate) null);
        } catch (ObjectCreationException e) {
            close();
            throw e;
        }
    }

    public final void close() {
        if (this.deleteKeyAfterTest) {
            try {
                LOG.info("delete key {}", this.objectId);
                this.slot.removeIdentityByKeyId(this.objectId);
            } catch (Exception e) {
                LogUtil.error(LOG, e, "could not delete PKCS#11 key " + this.objectId);
            }
        }
    }

    protected static P11Slot.P11NewKeyControl getNewKeyControl(byte[] bArr, String str) {
        if (StringUtil.isBlank(str)) {
            str = "speed-" + System.currentTimeMillis();
        }
        return new P11Slot.P11NewKeyControl(bArr, str);
    }

    protected static P11ObjectIdentifier getNonNullKeyId(P11Slot p11Slot, byte[] bArr, String str) {
        P11IdentityId identityId = p11Slot.getIdentityId(bArr, str);
        if (identityId == null) {
            throw new IllegalArgumentException("unknown key");
        }
        return identityId.getKeyId();
    }

    protected Runnable getTestor() throws Exception {
        return new Testor();
    }

    private static SignerConf getPkcs11SignerConf(String str, Long l, byte[] bArr, String str2, int i) {
        ConfPairs confPairs = new ConfPairs("algo", str2);
        confPairs.putPair("parallelism", Integer.toString(i));
        if (str != null && str.length() > 0) {
            confPairs.putPair("module", str);
        }
        if (l != null) {
            confPairs.putPair("slot-id", l.toString());
        }
        if (bArr != null) {
            confPairs.putPair("key-id", Hex.encode(bArr));
        }
        return new SignerConf(confPairs.getEncoded());
    }
}
