package com.ibm.crypto.pkcs11impl.provider;

import com.ibm.pkcs11.PKCS11Exception;
import com.ibm.security.util.DerInputStream;
import com.ibm.security.util.DerOutputStream;
import com.ibm.security.util.DerValue;
import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.PublicKey;
import java.security.Security;
import java.security.SignatureException;
import java.security.SignatureSpi;

/* loaded from: input_file:com/ibm/crypto/pkcs11impl/provider/PKCS11SHA1withDSASingle.class */
public final class PKCS11SHA1withDSASingle extends SignatureSpi {
    private Signature sig;
    private Hash sha;
    private PrivateKey privateKey;
    private PublicKey publicKey;
    private boolean reset;
    private SessionManager sessionManager;

    public PKCS11SHA1withDSASingle(Provider provider) throws NoSuchAlgorithmException, NoSuchProviderException {
        this.reset = false;
        this.sig = new Signature(17, provider);
        this.sha = new Hash(544, ((IBMPKCS11Impl) provider).getSessionManager());
        this.sessionManager = ((IBMPKCS11Impl) provider).getSessionManager();
    }

    public PKCS11SHA1withDSASingle() throws NoSuchAlgorithmException, NoSuchProviderException {
        this(Security.getProvider("IBMPKCS11Impl"));
    }

    @Override // java.security.SignatureSpi
    protected void engineSetParameter(String str, Object obj) {
    }

    @Override // java.security.SignatureSpi
    protected Object engineGetParameter(String str) {
        return null;
    }

    @Override // java.security.SignatureSpi
    protected void engineInitSign(PrivateKey privateKey) throws InvalidKeyException {
        this.privateKey = privateKey;
        if (this.reset) {
            this.sha.engineReset();
        }
        this.reset = false;
    }

    @Override // java.security.SignatureSpi
    protected void engineInitVerify(PublicKey publicKey) throws InvalidKeyException {
        this.publicKey = publicKey;
        if (this.reset) {
            this.sha.engineReset();
        }
        this.reset = false;
    }

    @Override // java.security.SignatureSpi
    protected void engineUpdate(byte b) {
        byte[] bArr = {b};
        if (this.reset) {
            this.sha.engineReset();
        }
        this.sha.engineUpdate(bArr, 0, 1);
    }

    @Override // java.security.SignatureSpi
    protected void engineUpdate(byte[] bArr, int i, int i2) {
        if (this.reset) {
            this.sha.engineReset();
        }
        this.sha.engineUpdate(bArr, i, i2);
    }

    /* JADX WARN: Finally extract failed */
    @Override // java.security.SignatureSpi
    protected byte[] engineSign() throws SignatureException {
        byte[] engineDigest = this.sha.engineDigest();
        Session opSession = this.sessionManager.getOpSession();
        try {
            this.sig.engineInitSign(opSession, this.privateKey);
            try {
                byte[] engineSign = this.sig.engineSign(opSession, engineDigest, engineDigest.length);
                this.sessionManager.releaseSession(opSession);
                this.reset = true;
                try {
                    byte[] bArr = new byte[20];
                    byte[] bArr2 = new byte[20];
                    System.arraycopy(engineSign, 0, bArr, 0, 20);
                    System.arraycopy(engineSign, 20, bArr2, 0, 20);
                    DerOutputStream derOutputStream = new DerOutputStream(100);
                    derOutputStream.putInteger(new BigInteger(1, bArr));
                    derOutputStream.putInteger(new BigInteger(1, bArr2));
                    return new DerValue((byte) 48, derOutputStream.toByteArray()).toByteArray();
                } catch (IOException e) {
                    throw new SignatureException("error encoding signature");
                }
            } catch (Throwable th) {
                this.sessionManager.releaseSession(opSession);
                throw th;
            }
        } catch (Exception e2) {
            this.sessionManager.releaseSession(opSession);
            throw new PKCS11Exception(e2.getMessage());
        }
    }

    @Override // java.security.SignatureSpi
    protected boolean engineVerify(byte[] bArr) throws SignatureException {
        byte[] bArr2 = new byte[40];
        try {
            DerValue[] sequence = new DerInputStream(bArr).getSequence(2);
            byte[] byteArray = sequence[0].getInteger().toByteArray();
            byte[] byteArray2 = sequence[1].getInteger().toByteArray();
            int length = byteArray.length;
            if (length > 20) {
                System.arraycopy(byteArray, length - 20, bArr2, 0, 20);
            } else {
                System.arraycopy(byteArray, 0, bArr2, 20 - length, length);
            }
            int length2 = byteArray2.length;
            if (length2 > 20) {
                System.arraycopy(byteArray2, length2 - 20, bArr2, 20, 20);
            } else {
                System.arraycopy(byteArray2, 0, bArr2, 40 - length2, length2);
            }
            byte[] engineDigest = this.sha.engineDigest();
            Session session = null;
            try {
                session = this.sessionManager.getOpSession();
                this.sig.engineInitVerify(session, this.publicKey);
                this.reset = true;
                try {
                    boolean engineVerify = this.sig.engineVerify(session, bArr2, engineDigest, engineDigest.length);
                    this.sessionManager.releaseSession(session);
                    return engineVerify;
                } catch (Throwable th) {
                    this.sessionManager.releaseSession(session);
                    throw th;
                }
            } catch (Exception e) {
                this.sessionManager.releaseSession(session);
                throw new PKCS11Exception(e.getMessage());
            }
        } catch (IOException e2) {
            throw new SignatureException("invalid encoding for signature :" + e2);
        }
    }
}
