package org.mozilla.jss.pkcs11;

import java.io.ByteArrayOutputStream;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.SignatureException;
import java.security.spec.AlgorithmParameterSpec;
import org.mozilla.jss.crypto.Algorithm;
import org.mozilla.jss.crypto.NoSuchItemOnTokenException;
import org.mozilla.jss.crypto.PrivateKey;
import org.mozilla.jss.crypto.SignatureAlgorithm;
import org.mozilla.jss.crypto.SignatureSpi;
import org.mozilla.jss.crypto.TokenException;
import org.mozilla.jss.util.Assert;

/* loaded from: input_file:116286-16/SUNWascmo/reloc/$ASINSTDIR/lib/appserv-rt.jar:org/mozilla/jss/pkcs11/PK11Signature.class */
final class PK11Signature extends SignatureSpi {
    protected PK11Token token;
    protected TokenProxy tokenProxy;
    protected Algorithm algorithm;
    protected PK11Key key;
    protected int state;
    protected SigContextProxy sigContext;
    protected boolean raw;
    protected ByteArrayOutputStream rawInput;
    public static final int UNINITIALIZED = 0;
    public static final int SIGN = 1;
    public static final int VERIFY = 2;

    public PK11Signature(PK11Token pK11Token, SignatureAlgorithm signatureAlgorithm) throws NoSuchAlgorithmException, TokenException {
        this.raw = false;
        Assert.m2308assert((pK11Token == null || signatureAlgorithm == null) ? false : true);
        if (!pK11Token.doesAlgorithm(signatureAlgorithm) && !pK11Token.doesAlgorithm(signatureAlgorithm.getSigningAlg())) {
            throw new NoSuchAlgorithmException();
        }
        this.tokenProxy = pK11Token.getProxy();
        this.token = pK11Token;
        this.algorithm = signatureAlgorithm;
        if (signatureAlgorithm.getRawAlg() == signatureAlgorithm) {
            this.raw = true;
            this.rawInput = new ByteArrayOutputStream();
        }
        this.state = 0;
    }

    @Override // org.mozilla.jss.crypto.SignatureSpi
    public void engineInitSign(PrivateKey privateKey) throws InvalidKeyException, TokenException {
        Assert.m2308assert(privateKey != null);
        if (privateKey == null) {
            throw new InvalidKeyException("private key is null");
        }
        if (!(privateKey instanceof PK11PrivKey)) {
            throw new InvalidKeyException("privateKey is not a PKCS #11 private key");
        }
        PK11PrivKey pK11PrivKey = (PK11PrivKey) privateKey;
        try {
            pK11PrivKey.verifyKeyIsOnToken(this.token);
            try {
                if (KeyType.getKeyTypeFromAlgorithm(this.algorithm) != pK11PrivKey.getKeyType()) {
                    throw new InvalidKeyException("Key type is inconsistent with algorithm");
                }
                this.key = pK11PrivKey;
                if (!this.raw) {
                    this.sigContext = null;
                    initSigContext();
                }
                this.state = 1;
            } catch (NoSuchAlgorithmException unused) {
                Assert.notReached(new StringBuffer("unknown algorithm: ").append(this.algorithm).toString());
                throw new InvalidKeyException();
            }
        } catch (NoSuchItemOnTokenException e) {
            throw new InvalidKeyException(e.toString());
        }
    }

    @Override // org.mozilla.jss.crypto.SignatureSpi
    public void engineInitSign(PrivateKey privateKey, SecureRandom secureRandom) throws InvalidKeyException, TokenException {
        Assert.notReached("This function is not supported");
        engineInitSign(privateKey);
    }

    @Override // org.mozilla.jss.crypto.SignatureSpi
    public void engineInitVerify(PublicKey publicKey) throws InvalidKeyException, TokenException {
        Assert.m2308assert(publicKey != null);
        if (!(publicKey instanceof PK11PubKey)) {
            throw new InvalidKeyException("publicKey is not a PKCS #11 public key");
        }
        PK11PubKey pK11PubKey = (PK11PubKey) publicKey;
        try {
            if (KeyType.getKeyTypeFromAlgorithm(this.algorithm) != pK11PubKey.getKeyType()) {
                throw new InvalidKeyException("Key type is inconsistent with algorithm");
            }
            this.key = pK11PubKey;
            if (!this.raw) {
                this.sigContext = null;
                initVfyContext();
            }
            this.state = 2;
        } catch (NoSuchAlgorithmException unused) {
            Assert.notReached(new StringBuffer("unknown algorithm: ").append(this.algorithm).toString());
            throw new InvalidKeyException();
        }
    }

    private static native byte[] engineRawSignNative(PK11Token pK11Token, PrivateKey privateKey, byte[] bArr) throws SignatureException, TokenException;

    protected static native boolean engineRawVerifyNative(PK11Token pK11Token, PublicKey publicKey, byte[] bArr, byte[] bArr2) throws SignatureException, TokenException;

    @Override // org.mozilla.jss.crypto.SignatureSpi
    public void engineSetParameter(AlgorithmParameterSpec algorithmParameterSpec) throws InvalidAlgorithmParameterException, TokenException {
        Assert.notYetImplemented("PK11Signature.engineSetParameter");
    }

    @Override // org.mozilla.jss.crypto.SignatureSpi
    public byte[] engineSign() throws SignatureException, TokenException {
        byte[] engineSignNative;
        if (this.state != 1) {
            throw new SignatureException("Signature is not initialized");
        }
        if (!this.raw && this.sigContext == null) {
            throw new SignatureException("Signature has no context");
        }
        if (this.raw && this.rawInput == null) {
            throw new SignatureException("Signature has no input");
        }
        Assert.m2308assert(this.token != null);
        Assert.m2308assert(this.tokenProxy != null);
        Assert.m2308assert(this.algorithm != null);
        Assert.m2308assert(this.key != null);
        if (this.raw) {
            engineSignNative = engineRawSignNative(this.token, (PK11PrivKey) this.key, this.rawInput.toByteArray());
            this.rawInput.reset();
        } else {
            engineSignNative = engineSignNative();
        }
        this.state = 0;
        this.sigContext = null;
        return engineSignNative;
    }

    @Override // org.mozilla.jss.crypto.SignatureSpi
    public int engineSign(byte[] bArr, int i, int i2) throws SignatureException, TokenException {
        byte[] engineSign;
        Assert.m2308assert(bArr != null);
        if (this.raw) {
            engineSign = engineRawSignNative(this.token, (PK11PrivKey) this.key, this.rawInput.toByteArray());
            this.rawInput.reset();
        } else {
            engineSign = engineSign();
        }
        if (bArr == null || bArr.length <= i || i2 < engineSign.length || i + i2 > bArr.length) {
            throw new SignatureException("outbuf is not sufficient to hold signature");
        }
        System.arraycopy(engineSign, 0, bArr, i, engineSign.length);
        return engineSign.length;
    }

    private native byte[] engineSignNative() throws SignatureException, TokenException;

    @Override // org.mozilla.jss.crypto.SignatureSpi
    public void engineUpdate(byte b) throws SignatureException, TokenException {
        engineUpdate(new byte[]{b}, 0, 1);
    }

    @Override // org.mozilla.jss.crypto.SignatureSpi
    public void engineUpdate(byte[] bArr, int i, int i2) throws SignatureException, TokenException {
        Assert.m2308assert(bArr != null);
        if (this.state != 1 && this.state != 2) {
            Assert.m2308assert(this.state == 0);
            throw new SignatureException("Signature is not initialized");
        }
        if (!this.raw && this.sigContext == null) {
            Assert.notReached("signature has no context");
            throw new SignatureException("Signature has no context");
        }
        if (this.raw && this.rawInput == null) {
            Assert.notReached("raw signature has no input stream");
            throw new SignatureException("raw signature has no input stream");
        }
        Assert.m2308assert(this.token != null);
        Assert.m2308assert(this.tokenProxy != null);
        Assert.m2308assert(this.algorithm != null);
        Assert.m2308assert(this.key != null);
        if (this.raw) {
            this.rawInput.write(bArr, i, i2);
        } else {
            engineUpdateNative(bArr, i, i2);
        }
    }

    protected native void engineUpdateNative(byte[] bArr, int i, int i2) throws TokenException;

    @Override // org.mozilla.jss.crypto.SignatureSpi
    public boolean engineVerify(byte[] bArr) throws SignatureException, TokenException {
        boolean engineVerifyNative;
        Assert.m2308assert(bArr != null);
        if (this.state != 2) {
            throw new SignatureException("Signature is not initialized properly");
        }
        if (!this.raw && this.sigContext == null) {
            Assert.notReached("Signature has no context");
            throw new SignatureException("Signature has no context");
        }
        if (this.raw && this.rawInput == null) {
            Assert.notReached("Signature has no input");
            throw new SignatureException("Signature has no input");
        }
        Assert.m2308assert(this.token != null);
        Assert.m2308assert(this.tokenProxy != null);
        Assert.m2308assert(this.algorithm != null);
        Assert.m2308assert(this.key != null);
        if (bArr == null) {
            return false;
        }
        if (this.raw) {
            engineVerifyNative = engineRawVerifyNative(this.token, (PK11PubKey) this.key, this.rawInput.toByteArray(), bArr);
            this.rawInput.reset();
        } else {
            engineVerifyNative = engineVerifyNative(bArr);
        }
        this.state = 0;
        this.sigContext = null;
        return engineVerifyNative;
    }

    protected native boolean engineVerifyNative(byte[] bArr) throws SignatureException, TokenException;

    protected native void initSigContext() throws TokenException;

    protected native void initVfyContext() throws TokenException;
}
