package com.ibm.crypto.pkcs11impl.provider;

import com.ibm.misc.Debug;
import com.ibm.pkcs11.CK_SSL3_MASTER_KEY_DERIVE_PARAMS;
import com.ibm.pkcs11.CK_SSL3_RANDOM_DATA;
import com.ibm.pkcs11.CK_VERSION;
import com.ibm.pkcs11.PKCS11Object;
import ibm.security.internal.spec.TlsMasterSecretParameterSpec;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.InvalidParameterException;
import java.security.Provider;
import java.security.spec.AlgorithmParameterSpec;
import java.util.HashMap;
import java.util.Map;
import javax.crypto.KeyGeneratorSpi;
import javax.crypto.SecretKey;

/* loaded from: input_file:com/ibm/crypto/pkcs11impl/provider/PKCS11TlsMasterSecretGenerator.class */
public final class PKCS11TlsMasterSecretGenerator extends KeyGeneratorSpi {
    private static Debug debug = Debug.getInstance("pkcs11impl");
    private static String className = "com.ibm.crypto.pkcs11impl.provider.PKCS11TlsMasterSecretGenerator";
    private SessionManager sessionManager;
    private Config config;
    private KeyMechanismBuilder mechanismBuilder;
    private TlsMasterSecretParameterSpec spec;
    private GeneralKey generalKey;
    private Provider provider;
    private int version;
    private int mechanism;

    public PKCS11TlsMasterSecretGenerator(Provider provider, String str, int i) {
        this.sessionManager = null;
        this.config = null;
        IBMPKCS11Impl.verifyJceJar();
        this.provider = provider;
        this.sessionManager = ((IBMPKCS11Impl) provider).getSessionManager();
        this.config = ((IBMPKCS11Impl) provider).getConfig();
        this.mechanism = i;
    }

    @Override // javax.crypto.KeyGeneratorSpi
    protected void engineInit(java.security.SecureRandom secureRandom) {
        throw new InvalidParameterException("TlsMasterSecretGenerator must be initialized using a TlsMasterSecretParameterSpec");
    }

    @Override // javax.crypto.KeyGeneratorSpi
    protected void engineInit(int i, java.security.SecureRandom secureRandom) {
        throw new InvalidParameterException("TlsMasterSecretGenerator must be initialized using a TlsMasterSecretParameterSpec");
    }

    @Override // javax.crypto.KeyGeneratorSpi
    protected void engineInit(AlgorithmParameterSpec algorithmParameterSpec, java.security.SecureRandom secureRandom) throws InvalidAlgorithmParameterException {
        if (algorithmParameterSpec == null || !(algorithmParameterSpec instanceof TlsMasterSecretParameterSpec)) {
            throw new InvalidAlgorithmParameterException("TlsMasterSecretGenerator must be initialized using a TlsMasterSecretParameterSpec");
        }
        this.spec = (TlsMasterSecretParameterSpec) algorithmParameterSpec;
        SecretKey premasterSecret = this.spec.getPremasterSecret();
        try {
            SecretKey engineTranslateKey = new GeneralPKCS11KeyFactory(this.provider, premasterSecret.getAlgorithm()).engineTranslateKey(premasterSecret);
            if (debug != null) {
                debug.text(16384L, className, "engineInit", "after translation, key from algorithm parameter spec is " + engineTranslateKey);
            }
            if (!(engineTranslateKey instanceof GeneralKey)) {
                throw new InvalidAlgorithmParameterException("cannot covert to appropriate key from AlgorithmParameterSpec");
            }
            this.generalKey = (GeneralKey) engineTranslateKey;
            this.version = (this.spec.getMajorVersion() << 8) | this.spec.getMinorVersion();
            int majorVersion = this.spec.getMajorVersion();
            int minorVersion = this.spec.getMinorVersion();
            if (majorVersion != 3) {
                throw new InvalidAlgorithmParameterException("not a supported major version " + majorVersion);
            }
            if (minorVersion == 0) {
                if (this.mechanism != 881) {
                    throw new InvalidAlgorithmParameterException("not a supported minor version " + minorVersion);
                }
            } else {
                if (minorVersion != 1) {
                    throw new InvalidAlgorithmParameterException("not a supported minor version " + minorVersion);
                }
                if (this.mechanism != 885) {
                    throw new InvalidAlgorithmParameterException("not a supported minor version " + minorVersion);
                }
            }
        } catch (InvalidKeyException e) {
            if (debug != null) {
                debug.exception(16384L, className, "engineInit", e);
            }
            throw new InvalidAlgorithmParameterException(e);
        }
    }

    @Override // javax.crypto.KeyGeneratorSpi
    protected SecretKey engineGenerateKey() {
        if (this.spec == null) {
            throw new IllegalStateException("TlsMasterSecretGenerator must be initialized");
        }
        CK_VERSION ck_version = this.generalKey.getAlgorithm().equals("TlsRsaPremasterSecret") ? new CK_VERSION((byte) this.spec.getMajorVersion(), (byte) this.spec.getMinorVersion()) : null;
        CK_SSL3_MASTER_KEY_DERIVE_PARAMS ck_ssl3_master_key_derive_params = new CK_SSL3_MASTER_KEY_DERIVE_PARAMS(new CK_SSL3_RANDOM_DATA(this.spec.getClientRandom(), this.spec.getServerRandom()), ck_version);
        HashMap hashMap = new HashMap();
        if (this.config != null) {
            hashMap.putAll(this.config.getAttributes("GENERATE", PKCS11Object.SECRET_KEY, PKCS11Object.GENERIC_SECRET));
            hashMap.put(353, 48);
        }
        hashMap.put(0, PKCS11Object.SECRET_KEY);
        hashMap.put(256, PKCS11Object.GENERIC_SECRET);
        hashMap.put(353, 48);
        int[] iArr = new int[hashMap.size()];
        Object[] objArr = new Object[hashMap.size()];
        int i = 0;
        for (Map.Entry entry : hashMap.entrySet()) {
            iArr[i] = ((Integer) entry.getKey()).intValue();
            objArr[i] = entry.getValue();
            if (debug != null) {
                debug.text(16384L, className, "engineGenerateKey", "attrType=" + iArr[i] + ", attrValue=" + objArr[i]);
            }
            i++;
        }
        Session session = null;
        try {
            session = this.sessionManager.getObjSession();
            PKCS11Object deriveKey = session.deriveKey(this.mechanism, ck_ssl3_master_key_derive_params, this.generalKey.getObject(), iArr, objArr);
            session.addObject();
            byte b = -1;
            byte b2 = -1;
            if (ck_version != null) {
                b = ck_ssl3_master_key_derive_params.version.getMajorVersion();
                b2 = ck_ssl3_master_key_derive_params.version.getMinorVersion();
            }
            if (debug != null) {
                debug.text(16384L, className, "engineGenerateKey", "major=" + ((int) b) + ", minor=" + ((int) b2));
            }
            try {
                try {
                    PKCS11TlsMasterSecretKey pKCS11TlsMasterSecretKey = new PKCS11TlsMasterSecretKey(session, deriveKey, "TlsMasterSecret", b, b2);
                    this.sessionManager.releaseSession(session);
                    return pKCS11TlsMasterSecretKey;
                } catch (InvalidKeyException e) {
                    if (debug != null) {
                        debug.exception(16384L, className, "engineGenerateKey", e);
                    }
                    this.sessionManager.releaseSession(session);
                    return null;
                }
            } catch (Throwable th) {
                this.sessionManager.releaseSession(session);
                throw th;
            }
        } catch (Exception e2) {
            if (debug != null) {
                debug.exception(16384L, className, "engineGenerateKey", e2);
            }
            this.sessionManager.releaseSession(session);
            throw new RuntimeException(e2);
        }
    }
}
