package sun.security.pkcs11;

import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.InvalidParameterException;
import java.security.KeyPair;
import java.security.KeyPairGeneratorSpi;
import java.security.ProviderException;
import java.security.SecureRandom;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.DSAParameterSpec;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.ECParameterSpec;
import java.security.spec.RSAKeyGenParameterSpec;
import javax.crypto.spec.DHParameterSpec;
import sun.security.pkcs11.wrapper.CK_ATTRIBUTE;
import sun.security.pkcs11.wrapper.CK_MECHANISM;
import sun.security.pkcs11.wrapper.PKCS11Exception;
import sun.security.provider.ParameterCache;
import sun.security.rsa.RSAKeyFactory;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:sun/security/pkcs11/P11KeyPairGenerator.class */
public final class P11KeyPairGenerator extends KeyPairGeneratorSpi {
    private final Token token;
    private final String algorithm;
    private final long mechanism;
    private int keySize;
    private AlgorithmParameterSpec params;
    private BigInteger rsaPublicExponent = RSAKeyGenParameterSpec.F4;
    private SecureRandom random;

    /* JADX INFO: Access modifiers changed from: package-private */
    public P11KeyPairGenerator(Token token, String str, long j) throws PKCS11Exception {
        this.token = token;
        this.algorithm = str;
        this.mechanism = j;
        if (str.equals("EC")) {
            initialize(256, (SecureRandom) null);
        } else {
            initialize(1024, (SecureRandom) null);
        }
    }

    @Override // java.security.KeyPairGeneratorSpi
    public void initialize(int i, SecureRandom secureRandom) {
        this.token.ensureValid();
        try {
            checkKeySize(i, null);
            this.keySize = i;
            this.params = null;
            this.random = secureRandom;
            if (this.algorithm.equals("EC")) {
                this.params = P11ECKeyFactory.getECParameterSpec(i);
                if (this.params == null) {
                    throw new InvalidParameterException("No EC parameters available for key size " + i + " bits");
                }
            }
        } catch (InvalidAlgorithmParameterException e) {
            throw new InvalidParameterException(e.getMessage());
        }
    }

    @Override // java.security.KeyPairGeneratorSpi
    public void initialize(AlgorithmParameterSpec algorithmParameterSpec, SecureRandom secureRandom) throws InvalidAlgorithmParameterException {
        ECParameterSpec eCParameterSpec;
        this.token.ensureValid();
        if (this.algorithm.equals("DH")) {
            if (!(algorithmParameterSpec instanceof DHParameterSpec)) {
                throw new InvalidAlgorithmParameterException("DHParameterSpec required for Diffie-Hellman");
            }
            DHParameterSpec dHParameterSpec = (DHParameterSpec) algorithmParameterSpec;
            int bitLength = dHParameterSpec.getP().bitLength();
            checkKeySize(bitLength, dHParameterSpec);
            this.keySize = bitLength;
            this.params = dHParameterSpec;
        } else if (this.algorithm.equals("RSA")) {
            if (!(algorithmParameterSpec instanceof RSAKeyGenParameterSpec)) {
                throw new InvalidAlgorithmParameterException("RSAKeyGenParameterSpec required for RSA");
            }
            RSAKeyGenParameterSpec rSAKeyGenParameterSpec = (RSAKeyGenParameterSpec) algorithmParameterSpec;
            int keysize = rSAKeyGenParameterSpec.getKeysize();
            checkKeySize(keysize, rSAKeyGenParameterSpec);
            this.keySize = keysize;
            this.params = null;
            this.rsaPublicExponent = rSAKeyGenParameterSpec.getPublicExponent();
        } else if (this.algorithm.equals("DSA")) {
            if (!(algorithmParameterSpec instanceof DSAParameterSpec)) {
                throw new InvalidAlgorithmParameterException("DSAParameterSpec required for DSA");
            }
            DSAParameterSpec dSAParameterSpec = (DSAParameterSpec) algorithmParameterSpec;
            int bitLength2 = dSAParameterSpec.getP().bitLength();
            checkKeySize(bitLength2, dSAParameterSpec);
            this.keySize = bitLength2;
            this.params = dSAParameterSpec;
        } else {
            if (!this.algorithm.equals("EC")) {
                throw new ProviderException("Unknown algorithm: " + this.algorithm);
            }
            if (algorithmParameterSpec instanceof ECParameterSpec) {
                eCParameterSpec = P11ECKeyFactory.getECParameterSpec((ECParameterSpec) algorithmParameterSpec);
                if (eCParameterSpec == null) {
                    throw new InvalidAlgorithmParameterException("Unsupported curve: " + algorithmParameterSpec);
                }
            } else {
                if (!(algorithmParameterSpec instanceof ECGenParameterSpec)) {
                    throw new InvalidAlgorithmParameterException("ECParameterSpec or ECGenParameterSpec required for EC");
                }
                String name = ((ECGenParameterSpec) algorithmParameterSpec).getName();
                eCParameterSpec = P11ECKeyFactory.getECParameterSpec(name);
                if (eCParameterSpec == null) {
                    throw new InvalidAlgorithmParameterException("Unknown curve name: " + name);
                }
            }
            int fieldSize = eCParameterSpec.getCurve().getField().getFieldSize();
            checkKeySize(fieldSize, eCParameterSpec);
            this.keySize = fieldSize;
            this.params = eCParameterSpec;
        }
        this.random = secureRandom;
    }

    private void checkKeySize(int i, AlgorithmParameterSpec algorithmParameterSpec) throws InvalidAlgorithmParameterException {
        if (this.algorithm.equals("EC")) {
            if (i < 112) {
                throw new InvalidAlgorithmParameterException("Key size must be at least 112 bit");
            }
            if (i > 2048) {
                throw new InvalidAlgorithmParameterException("Key size must be at most 2048 bit");
            }
            return;
        }
        if (this.algorithm.equals("RSA")) {
            BigInteger bigInteger = this.rsaPublicExponent;
            if (algorithmParameterSpec != null) {
                bigInteger = ((RSAKeyGenParameterSpec) algorithmParameterSpec).getPublicExponent();
            }
            try {
                RSAKeyFactory.checkKeyLengths(i, bigInteger, 512, 65536);
                return;
            } catch (InvalidKeyException e) {
                throw new InvalidAlgorithmParameterException(e.getMessage());
            }
        }
        if (i < 512) {
            throw new InvalidAlgorithmParameterException("Key size must be at least 512 bit");
        }
        if (this.algorithm.equals("DH") && algorithmParameterSpec != null) {
            if (i > 65536) {
                throw new InvalidAlgorithmParameterException("Key size must be at most 65536 bit");
            }
        } else if (i > 1024 || (i & 63) != 0) {
            throw new InvalidAlgorithmParameterException("Key size must be a multiple of 64 and at most 1024 bit");
        }
    }

    @Override // java.security.KeyPairGeneratorSpi
    public KeyPair generateKeyPair() {
        long j;
        CK_ATTRIBUTE[] ck_attributeArr;
        CK_ATTRIBUTE[] ck_attributeArr2;
        DHParameterSpec dHParameterSpec;
        int i;
        DSAParameterSpec dSAParameterSpec;
        this.token.ensureValid();
        if (this.algorithm.equals("RSA")) {
            j = 0;
            ck_attributeArr = new CK_ATTRIBUTE[]{new CK_ATTRIBUTE(289L, this.keySize), new CK_ATTRIBUTE(290L, this.rsaPublicExponent)};
            ck_attributeArr2 = new CK_ATTRIBUTE[0];
        } else if (this.algorithm.equals("DSA")) {
            j = 1;
            if (this.params == null) {
                try {
                    dSAParameterSpec = ParameterCache.getDSAParameterSpec(this.keySize, this.random);
                } catch (GeneralSecurityException e) {
                    throw new ProviderException("Could not generate DSA parameters", e);
                }
            } else {
                dSAParameterSpec = (DSAParameterSpec) this.params;
            }
            ck_attributeArr = new CK_ATTRIBUTE[]{new CK_ATTRIBUTE(304L, dSAParameterSpec.getP()), new CK_ATTRIBUTE(305L, dSAParameterSpec.getQ()), new CK_ATTRIBUTE(306L, dSAParameterSpec.getG())};
            ck_attributeArr2 = new CK_ATTRIBUTE[0];
        } else if (this.algorithm.equals("DH")) {
            j = 2;
            if (this.params == null) {
                try {
                    dHParameterSpec = ParameterCache.getDHParameterSpec(this.keySize, this.random);
                    i = 0;
                } catch (GeneralSecurityException e2) {
                    throw new ProviderException("Could not generate DH parameters", e2);
                }
            } else {
                dHParameterSpec = (DHParameterSpec) this.params;
                i = dHParameterSpec.getL();
            }
            if (i <= 0) {
                i = this.keySize >= 1024 ? 768 : 512;
            }
            ck_attributeArr = new CK_ATTRIBUTE[]{new CK_ATTRIBUTE(304L, dHParameterSpec.getP()), new CK_ATTRIBUTE(306L, dHParameterSpec.getG())};
            ck_attributeArr2 = new CK_ATTRIBUTE[]{new CK_ATTRIBUTE(352L, i)};
        } else {
            if (!this.algorithm.equals("EC")) {
                throw new ProviderException("Unknown algorithm: " + this.algorithm);
            }
            j = 3;
            ck_attributeArr = new CK_ATTRIBUTE[]{new CK_ATTRIBUTE(384L, P11ECKeyFactory.encodeParameters((ECParameterSpec) this.params))};
            ck_attributeArr2 = new CK_ATTRIBUTE[0];
        }
        Session session = null;
        try {
            try {
                session = this.token.getObjSession();
                CK_ATTRIBUTE[] attributes = this.token.getAttributes("generate", 2L, j, ck_attributeArr);
                CK_ATTRIBUTE[] attributes2 = this.token.getAttributes("generate", 3L, j, ck_attributeArr2);
                long[] C_GenerateKeyPair = this.token.p11.C_GenerateKeyPair(session.id(), new CK_MECHANISM(this.mechanism), attributes, attributes2);
                KeyPair keyPair = new KeyPair(P11Key.publicKey(session, C_GenerateKeyPair[0], this.algorithm, this.keySize, attributes), P11Key.privateKey(session, C_GenerateKeyPair[1], this.algorithm, this.keySize, attributes2));
                this.token.releaseSession(session);
                return keyPair;
            } catch (PKCS11Exception e3) {
                throw new ProviderException(e3);
            }
        } catch (Throwable th) {
            this.token.releaseSession(session);
            throw th;
        }
    }
}
