package org.wso2.carbon.crypto.provider.hsm.cryptoprovider.util;

import iaik.pkcs.pkcs11.Mechanism;
import iaik.pkcs.pkcs11.parameters.GcmParameters;
import iaik.pkcs.pkcs11.parameters.InitializationVectorParameters;
import iaik.pkcs.pkcs11.parameters.RSAPkcsOaepParameters;
import iaik.pkcs.pkcs11.parameters.RSAPkcsPssParameters;
import java.security.SecureRandom;
import java.util.HashMap;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.IvParameterSpec;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.crypto.api.CryptoException;
import org.wso2.carbon.crypto.provider.hsm.cryptoprovider.util.CryptoConstants;

/* loaded from: input_file:org/wso2/carbon/crypto/provider/hsm/cryptoprovider/util/MechanismResolver.class */
public class MechanismResolver {
    private static MechanismResolver defaultMechanismResolver = new MechanismResolver();
    private static Log log = LogFactory.getLog(MechanismResolver.class);
    private static SecureRandom random = new SecureRandom();
    private static HashMap<String, Long> mechanisms = new HashMap<String, Long>() { // from class: org.wso2.carbon.crypto.provider.hsm.cryptoprovider.util.MechanismResolver.1
        {
            put(CryptoConstants.KeyType.AES, 4224L);
            put(CryptoConstants.KeyType.DES, 288L);
            put(CryptoConstants.KeyType.DES2, 304L);
            put(CryptoConstants.KeyType.DES3, 305L);
            put(CryptoConstants.KeyType.DESede, 305L);
            put("DES/CBC/NoPadding", 290L);
            put("DES/CBC/PKCS5Padding", 293L);
            put("DES/ECB/NoPadding", 289L);
            put("DESede/CBC/NoPadding", 307L);
            put("3DES/CBC/NoPadding", 307L);
            put("DESede/CBC/PKCS5Padding", 310L);
            put("3DES/CBC/PKCS5Padding", 310L);
            put("DESede/ECB/NoPadding", 306L);
            put("3DES/ECB/NoPadding", 306L);
            put("AES/CBC/NoPadding", 4226L);
            put("AES_128/CBC/NoPadding", 4226L);
            put("AES_192/CBC/NoPadding", 4226L);
            put("AES_256/CBC/NoPadding", 4226L);
            put("AES/CBC/PKCS5Padding", 4229L);
            put("AES_128/CBC/PKCS5Padding", 4229L);
            put("AES_192/CBC/PKCS5Padding", 4229L);
            put("AES_256/CBC/PKCS5Padding", 4229L);
            put("AES/ECB/NoPadding", 4225L);
            put("AES_128/ECB/NoPadding", 4225L);
            put("AES_192/ECB/NoPadding", 4225L);
            put("AES_256/ECB/NoPadding", 4225L);
            put("AES/GCM/NoPadding", 4231L);
            put("AES_128/GCM/NoPadding", 4231L);
            put("AES_192/GCM/NoPadding", 4231L);
            put("AES_256/GCM/NoPadding", 4231L);
            put("RSA/ECB/OAEPwithMD5andMGF1Padding", 9L);
            put("RSA/ECB/OAEPwithSHA1andMGF1Padding", 9L);
            put("RSA/ECB/OAEPwithSHA256andMGF1Padding", 9L);
            put("RSA/ECB/OAEPwithSHA384andMGF1Padding", 9L);
            put("RSA/ECB/OAEPwithSHA512andMGF1Padding", 9L);
            put("RSA/ECB/PKCS1Padding", 1L);
            put("RSA/ECB/NoPadding", 3L);
            put("RSA/ECB/ISO9796Padding", 2L);
            put("Blowfish/CBC/NoPadding", 4241L);
            put("Blowfish/CBC/PKCS5Padding", 4241L);
            put("NONEwithECDSA", 4161L);
            put("SHA1withECDSA", 4162L);
            put("MD2withRSA", 4L);
            put("MD5withRSA", 5L);
            put("SHA1withRSA", 6L);
            put("SHA256withRSA", 64L);
            put("SHA384withRSA", 65L);
            put("SHA512withRSA", 66L);
            put("RipeMd128withRSA", 7L);
            put("RipeMd160withRSA", 8L);
            put("SHA1withRSAandMGF1", 14L);
            put("SHA256withRSAandMGF1", 67L);
            put("SHA384withRSAandMGF1", 68L);
            put("SHA512withRSAandMGF1", 69L);
            put("RawDSA", 17L);
            put("SHA1withDSA", 18L);
            put("SHA1", 544L);
            put("SHA256", 592L);
            put("SHA384", 608L);
            put("SHA512", 624L);
            put("MD2", 512L);
            put("MD5", 528L);
            put("RipeMd128", 560L);
            put("RipeMd160", 576L);
        }
    };
    private static HashMap<Long, String> parameterRequiredMechanisms = new HashMap<Long, String>() { // from class: org.wso2.carbon.crypto.provider.hsm.cryptoprovider.util.MechanismResolver.2
        {
            put(4226L, "IV16");
            put(4229L, "IV16");
            put(4231L, "GCM");
            put(9L, "OAEP");
            put(307L, "IV8");
            put(310L, "IV8");
            put(290L, "IV8");
            put(293L, "IV8");
            put(4241L, "IV8");
            put(14L, "PSS");
            put(67L, "PSS");
            put(68L, "PSS");
            put(69L, "PSS");
        }
    };

    protected MechanismResolver() {
    }

    public static MechanismResolver getInstance() {
        return defaultMechanismResolver;
    }

    public static HashMap<String, Long> getSupportedMechanisms() {
        return mechanisms;
    }

    public Mechanism resolveMechanism(MechanismDataHolder mechanismDataHolder) throws CryptoException {
        if (!mechanisms.containsKey(mechanismDataHolder.getJceMechanismSpecification())) {
            throw new CryptoException(String.format("Requested %s algorithm is not supported by HSM based crypto provider.", mechanismDataHolder.getJceMechanismSpecification()));
        }
        if (log.isDebugEnabled()) {
            log.debug(String.format("Resolving PKCS #11 mechanism for '%s' JCE standard algorithm.", mechanismDataHolder.getJceMechanismSpecification()));
        }
        Mechanism mechanism = Mechanism.get(mechanisms.get(mechanismDataHolder.getJceMechanismSpecification()).longValue());
        if (parameterRequiredMechanisms.containsKey(Long.valueOf(mechanism.getMechanismCode()))) {
            resolveParameters(mechanism, mechanismDataHolder);
        }
        if (log.isDebugEnabled()) {
            log.debug(String.format("Successfully resolved PKCS #11 mechanism for '%s' JCE standard algorithm.", mechanismDataHolder.getJceMechanismSpecification()));
        }
        return mechanism;
    }

    protected void resolveParameters(Mechanism mechanism, MechanismDataHolder mechanismDataHolder) throws CryptoException {
        String str = parameterRequiredMechanisms.get(Long.valueOf(mechanism.getMechanismCode()));
        if (str.equals("OAEP")) {
            String[] split = mechanismDataHolder.getJceMechanismSpecification().split("/");
            mechanism.setParameters(getOAEPParameters(split[split.length - 1]));
        } else if (str.equals("PSS")) {
            mechanism.setParameters(getRSAPSSParameters(mechanismDataHolder.getJceMechanismSpecification()));
        } else if (str.startsWith("IV")) {
            mechanism.setParameters(getInitializationVectorParameters((IvParameterSpec) mechanismDataHolder.getAlgorithmParameterSpec(), mechanismDataHolder.getOperatingMode(), Integer.parseInt(str.substring(2, str.length()))));
        } else if (str.startsWith("GCM")) {
            mechanism.setParameters(getGCMParameters((GCMParameterSpec) mechanismDataHolder.getAlgorithmParameterSpec(), mechanismDataHolder.getOperatingMode(), 12, mechanismDataHolder.getAuthData()));
        }
        if (log.isDebugEnabled()) {
            log.debug(String.format("Successfully resolved parameters for '%s' PKCS #11 mechanism.", mechanism.getName()));
        }
    }

    protected RSAPkcsOaepParameters getOAEPParameters(String str) throws CryptoException {
        if (log.isDebugEnabled()) {
            log.debug(String.format("Resolving RSA OAEP algorithm parameters.", new Object[0]));
        }
        String[] split = str.split("with")[1].split("and");
        if (mechanisms.containsKey(split[0])) {
            return new RSAPkcsOaepParameters(Mechanism.get(mechanisms.get(split[0]).longValue()), 1L, 1L, (byte[]) null);
        }
        throw new CryptoException(String.format("Invalid '%s' OAEP parameter specification", str));
    }

    protected RSAPkcsPssParameters getRSAPSSParameters(String str) throws CryptoException {
        if (log.isDebugEnabled()) {
            log.debug(String.format("Resolving RSA PSS algorithm parameters for %s algorithm.", str));
        }
        if (str.contains("SHA1")) {
            return new RSAPkcsPssParameters(Mechanism.get(mechanisms.get("SHA1").longValue()), 1L, 20L);
        }
        if (str.contains("SHA256")) {
            return new RSAPkcsPssParameters(Mechanism.get(mechanisms.get("SHA256").longValue()), 1L, 32L);
        }
        if (str.contains("SHA384")) {
            return new RSAPkcsPssParameters(Mechanism.get(mechanisms.get("SHA384").longValue()), 1L, 48L);
        }
        if (str.contains("SHA512")) {
            return new RSAPkcsPssParameters(Mechanism.get(mechanisms.get("SHA512").longValue()), 1L, 64L);
        }
        throw new CryptoException(String.format("Invalid '%s' algorithm specification", str));
    }

    protected InitializationVectorParameters getInitializationVectorParameters(IvParameterSpec ivParameterSpec, int i, int i2) throws CryptoException {
        if (log.isDebugEnabled()) {
            log.debug("Resolving initialization vector parameters.");
        }
        if (i == 1) {
            return new InitializationVectorParameters(generateIV(i2));
        }
        if (i != 2) {
            throw new CryptoException("IV vectors are not defined for sign/verify operating modes.");
        }
        if (ivParameterSpec != null) {
            return new InitializationVectorParameters(ivParameterSpec.getIV());
        }
        throw new CryptoException("Initialization vector parameters can't be null");
    }

    protected GcmParameters getGCMParameters(GCMParameterSpec gCMParameterSpec, int i, int i2, byte[] bArr) throws CryptoException {
        if (log.isDebugEnabled()) {
            log.debug("Resolving GCM parameters.");
        }
        if (i == 1) {
            return new GcmParameters(generateIV(i2), bArr, 128L);
        }
        if (i != 2) {
            throw new CryptoException("Invalid mode of operation is requested.");
        }
        if (gCMParameterSpec != null) {
            return new GcmParameters(gCMParameterSpec.getIV(), bArr, gCMParameterSpec.getTLen());
        }
        throw new CryptoException("GCM Parameters can't be null.");
    }

    protected byte[] generateIV(int i) {
        byte[] bArr = new byte[i];
        random.nextBytes(bArr);
        return bArr;
    }
}
