package com.ibm.crypto.pkcs11.provider;

import com.ibm.pkcs11.PKCS11Object;
import com.ibm.pkcs11.PKCS11Session;
import com.ibm.security.pkcs5.PKCS5;
import com.ibm.security.util.DerInputStream;
import com.ibm.security.util.DerOutputStream;
import com.ibm.security.util.DerValue;
import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.interfaces.DSAPublicKey;

/* loaded from: input_file:cxia32142-20050929-sdk.jar:sdk/jre/lib/ext/ibmpkcs11.jar:com/ibm/crypto/pkcs11/provider/PKCS11SHA1withDSA.class */
public final class PKCS11SHA1withDSA extends Signature {
    private MessageDigest dataSHA;
    private PKCS11Session session;
    private PKCS11Object keyObject;
    private boolean isSign;
    private boolean isSinglePart;

    public PKCS11SHA1withDSA() throws NoSuchAlgorithmException, NoSuchProviderException {
        super("SHA/DSA");
        this.dataSHA = MessageDigest.getInstance(PKCS5.MESSAGE_DIGEST_SHA, "IBMPKCS11");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // java.security.SignatureSpi
    public Object engineGetParameter(String str) {
        return null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // java.security.SignatureSpi
    public void engineInitSign(PrivateKey privateKey) throws InvalidKeyException {
        int i = 18;
        if (!(privateKey instanceof DSAPKCS11PrivateKey)) {
            throw new InvalidKeyException(new StringBuffer("not a DSA private key: ").append(privateKey).toString());
        }
        DSAPKCS11PrivateKey dSAPKCS11PrivateKey = (DSAPKCS11PrivateKey) privateKey;
        this.isSign = true;
        this.session = dSAPKCS11PrivateKey.getSession();
        this.keyObject = dSAPKCS11PrivateKey.getObject();
        int[] mechanismList = this.session.getSlot().getMechanismList();
        boolean z = false;
        int i2 = 0;
        while (true) {
            if (i2 >= mechanismList.length) {
                break;
            }
            if (mechanismList[i2] == 17) {
                z = true;
                i = 17;
                this.isSinglePart = true;
                break;
            }
            i2++;
        }
        if (!z) {
            int i3 = 0;
            while (true) {
                if (i3 >= mechanismList.length) {
                    break;
                }
                if (mechanismList[i3] == 18) {
                    z = true;
                    i = 18;
                    this.isSinglePart = false;
                    break;
                }
                i3++;
            }
            if (!z) {
                throw new UnsupportedOperationException("The token does not support SHA1withDSA");
            }
        }
        this.session.signInit(i, null, this.keyObject);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // java.security.SignatureSpi
    public void engineInitVerify(PublicKey publicKey) throws InvalidKeyException {
        int i = 18;
        if (!(publicKey instanceof DSAPublicKey) && !(publicKey instanceof DSAPKCS11PublicKey)) {
            throw new InvalidKeyException(new StringBuffer("not a DSA public key: ").append(publicKey).toString());
        }
        DSAPKCS11PublicKey dSAPKCS11PublicKey = (DSAPKCS11PublicKey) publicKey;
        this.isSign = false;
        this.session = dSAPKCS11PublicKey.getSession();
        this.keyObject = dSAPKCS11PublicKey.getObject();
        int[] mechanismList = this.session.getSlot().getMechanismList();
        boolean z = false;
        int i2 = 0;
        while (true) {
            if (i2 >= mechanismList.length) {
                break;
            }
            if (mechanismList[i2] == 17) {
                z = true;
                i = 17;
                this.isSinglePart = true;
                break;
            }
            i2++;
        }
        if (!z) {
            int i3 = 0;
            while (true) {
                if (i3 >= mechanismList.length) {
                    break;
                }
                if (mechanismList[i3] == 18) {
                    z = true;
                    i = 18;
                    this.isSinglePart = false;
                    break;
                }
                i3++;
            }
            if (!z) {
                throw new UnsupportedOperationException("The token does not support SHA1withDSA");
            }
        }
        this.session.verifyInit(i, null, this.keyObject);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // java.security.SignatureSpi
    public void engineSetParameter(String str, Object obj) {
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // java.security.SignatureSpi
    public byte[] engineSign() throws SignatureException {
        byte[] bArr = new byte[40];
        byte[] bArr2 = new byte[200];
        if (this.isSinglePart) {
            byte[] digest = this.dataSHA.digest();
            System.arraycopy(bArr2, 0, bArr, 0, this.session.sign(digest, 0, digest.length, bArr2, 0));
        } else {
            System.arraycopy(bArr2, 0, bArr, 0, this.session.signFinal(bArr2, 0));
        }
        try {
            byte[] bArr3 = new byte[20];
            byte[] bArr4 = new byte[20];
            System.arraycopy(bArr, 0, bArr3, 0, 20);
            System.arraycopy(bArr, 20, bArr4, 0, 20);
            DerOutputStream derOutputStream = new DerOutputStream(100);
            derOutputStream.putInteger(new BigInteger(1, bArr3));
            derOutputStream.putInteger(new BigInteger(1, bArr4));
            return new DerValue((byte) 48, derOutputStream.toByteArray()).toByteArray();
        } catch (IOException unused) {
            throw new SignatureException("error encoding signature");
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // java.security.SignatureSpi
    public void engineUpdate(byte b) {
        byte[] bArr = {b};
        if (this.isSinglePart) {
            this.dataSHA.update(b);
        } else if (this.isSign) {
            this.session.signUpdate(bArr, 0, 1);
        } else {
            this.session.verifyUpdate(bArr, 0, 1);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // java.security.SignatureSpi
    public void engineUpdate(byte[] bArr, int i, int i2) {
        if (this.isSinglePart) {
            this.dataSHA.update(bArr, i, i2);
        } else if (this.isSign) {
            this.session.signUpdate(bArr, i, i2);
        } else {
            this.session.verifyUpdate(bArr, i, i2);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // java.security.SignatureSpi
    public boolean engineVerify(byte[] bArr) throws SignatureException {
        byte[] bArr2 = new byte[40];
        try {
            DerValue[] sequence = new DerInputStream(bArr).getSequence(2);
            byte[] byteArray = sequence[0].getInteger().toByteArray();
            byte[] byteArray2 = sequence[1].getInteger().toByteArray();
            int length = byteArray.length;
            if (length > 20) {
                System.arraycopy(byteArray, length - 20, bArr2, 0, 20);
            } else {
                System.arraycopy(byteArray, 0, bArr2, 20 - length, length);
            }
            int length2 = byteArray2.length;
            if (length2 > 20) {
                System.arraycopy(byteArray2, length2 - 20, bArr2, 20, 20);
            } else {
                System.arraycopy(byteArray2, 0, bArr2, 40 - length2, length2);
            }
            if (!this.isSinglePart) {
                return this.session.verifyFinal(bArr2, 0, bArr2.length);
            }
            byte[] digest = this.dataSHA.digest();
            return this.session.verify(digest, 0, digest.length, bArr2, 0, bArr2.length);
        } catch (IOException e) {
            throw new SignatureException(new StringBuffer("invalid encoding for signature :").append(e).toString());
        }
    }
}
